Index: branches/samhain-2_2-branch/COPYING =================================================================== --- branches/samhain-2_2-branch/COPYING (revision 66) +++ branches/samhain-2_2-branch/COPYING (revision 66) @@ -0,0 +1,332 @@ + +SAMHAIN distributed host monitoring system +------------------------------------------ + +Copyright (C) 1999-2004 Rainer Wichmann + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + +Incorporated code +----------------- + + (i) Support for the TIGER cryptographic checksum algorithm + is provided by the reference implementation, which includes + the following statement: + + * Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, + * with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + + + + (ii) Support for testing write access by untrusted users + to any element in the path of a file is provided by the + public domain trustfile library, which includes the following + statement: + + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + + (iii) Support for big integer arithmetic is provided by the bignum + package (v. 1.2) by Henrik.Johansson@Nexus.Comm.SE, + which includes the following statement: + + * Everyone is allowed to distribute this package to anyone + * else, as long as all changes are recorded and mentioned. + * If you are including this in a commercial product, be sure + * to distribute _all_ of the package with the product. + * + * (...writing more stuff here later, but I guess everyone + * knows the approximate contents of it - no warranty, no + * charge, and so on. I guess it is like the GNU concept. + * Read that for further details...) + + (iv) Support for compression is provided by the (mini) LZO library, + which includes the following statement: + + * Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + * + * The LZO library is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * The LZO library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the LZO library; see the file COPYING. + * If not, write to the Free Software Foundation, Inc., + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + * Markus F.X.J. Oberhumer + * + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + + (v) Support for determining the type of a file system is provided by + code from the GNU find(1) utility which includes the following statement: + + /* fstype.c -- determine type of filesystems that files are on + Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + /* Written by David MacKenzie . */ + + + (vi) Support for the MD5 hash algorithm is provided by code + from busybox which is distributed under the GPL. + + /* md5.c - Functions to compute MD5 message digest of files or memory blocks + * according to the definition of MD5 in RFC 1321 from April 1992. + * Copyright (C) 1995, 1996 Free Software Foundation, Inc. + * + * NOTE: The canonical source of this file is maintained with the GNU C + * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + /* Written by Ulrich Drepper , 1995. */ + + + (vi) Support for the SHA-1 hash algorithm is provided by code + from mhash which includes the following statement: + + /* sha.c - Implementation of the Secure Hash Algorithm + * + * Copyright (C) 1995, A.M. Kuchling + * + * Distribute and use freely; there are no restrictions on further + * dissemination and usage except those imposed by the laws of your + * country of residence. + * + * Adapted to pike and some cleanup by Niels Möller. + */ + + /* $Id: sha1.c,v 1.2 2001/01/24 08:20:29 nmav Exp $ */ + + /* SHA: NIST's Secure Hash Algorithm */ + + /* Based on SHA code originally posted to sci.crypt by Peter Gutmann + in message <30ajo5$oe8@ccu2.auckland.ac.nz>. + Modified to test for endianness on creation of SHA objects by AMK. + Also, the original specification of SHA was found to have a weakness + by NSA/NIST. This code implements the fixed version of SHA. + */ + + (vii) Support for AVL Trees is provided by code + from AVLTree which includes the following statement: + + /* zAVLTree.h: Header file for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.h.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to . + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + + (viii) The modules sh_userfiles.c and sh_mounts.c have been + contributed by Eircom Net Computer Incident Response Team and + are authored by Jerry Connolly and Cian Synnott, respectively. + + They are released under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version: + + "Feel free to GPL those files - + they were fully released by our company to the project. + + Cian + + -- + Cian Synnott + Eircom Net Computer Incident Response Team" + + (ix) Enhanced functionality for the SUID check has been + contributed with a patch copyright by Rob Rati . + The patch is licensed under the GPL with the following statement: + + "Here is the patch with the aforementioned feature enhancements, and I + license all changes within this patch under the GNU Public License (GPL) + GNU General Public License as published by the Free Software Foundation; + either version 2 of the License, or (at your option) any later version." + + (x) Unit testing uses the 'cutest' framework by Asim Jalis, (files + CuTest.h, CuTest.c, make-tests.sh) which is licensed under the zlib license: + + * Copyright (c) 2003 Asim Jalis + * + * This software is provided 'as-is', without any express or implied + * warranty. In no event will the authors be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; you must not + * claim that you wrote the original software. If you use this software in + * a product, an acknowledgment in the product documentation would be + * appreciated but is not required. + * + * 2. Altered source versions must be plainly marked as such, and must not + * be misrepresented as being the original software. + * + * 3. This notice may not be removed or altered from any source + * distribution. + + +Other +----- + + Depending on the compilation options used, samhain may use the + SRP authentication algorithm (in an independent implementation, + without any use of code from the SRP software). + The original SRP software contains the following license statement: + + The SRP License + --------------- + + SRP and all related technologies are free for both commercial and + non-commercial use. They are distributed under a standard + X11-style Open Source license which is shown below. + + The SRP distribution contains parts from various freeware + packages; these parts fall under both the SRP Open Source license + and any existing licenses. Care has been taken to ensure that + these licenses are compatible with Open Source distribution, + but it is the responsibility of the licensee to comply with these + licenses. The file "Copyrights" contains a list of the copyrights + incorporated by portions of the software. + + This software is covered under the following copyright: + + /* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ Index: branches/samhain-2_2-branch/Install.sh =================================================================== --- branches/samhain-2_2-branch/Install.sh (revision 66) +++ branches/samhain-2_2-branch/Install.sh (revision 66) @@ -0,0 +1,819 @@ +#! /bin/sh +# Please have a TMP or TMPDIR environment variable if you don't trust /tmp, +# or don't run this as root. +# +# -- partly taken from PureFTPd +# + +VERSION=1.6.4 + + +# exits with a custom error message +bail_error () { + echo + echo $1 + echo + exit 1 +} + +get_config() { + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --$z" + done +} + +get_error() { + ge_rval=0 + if cat $tmp 2>&1 | grep Error > /dev/null ; then + ge_rval=1 + fi + return ${ge_rval} +} + + + +#------------------------------------------------------------ +# +# Find a 'dialog' program +# +#------------------------------------------------------------ +PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH + +WELCOME=`cat < /dev/null && dialog='Xdialog' + gauge='--gauge' + fi +fi +if [ -z "$dialog" ] ; then + dialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='dialog' + +# Workaround for old versions of 'dialog' (Slackware) + + if "$dialog" 2>&1 | grep gauge > /dev/null ; then + gauge='--gauge' + elif "$dialog" 2>&1 | grep guage > /dev/null ; then + gauge='--guage' + else + gauge='' + fi +fi +if [ -z "$dialog" ] ; then + lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='lxdialog' +fi +if [ -z "$dialog" ] ; then + /usr/src/linux/scripts/lxdialog/lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='/usr/src/linux/scripts/lxdialog/lxdialog' +fi + +if [ -z "$dialog" ] ; then + bail_error "No \"dialog\" found, GUI installation impossible" +fi + +#------------------------------------------------------------ +# +# Find a writable temporary directory +# +#------------------------------------------------------------ +tempdir='' +for tmpdir in "$TMP" "$TMPDIR" /tmp /var/tmp; do + if [ -z "$tempdir" ] && [ -d "$tmpdir" ] && [ -w "$tmpdir" ]; then + tempdir="$tmpdir" + fi +done +if [ -z "$tempdir" ]; then + bail_error "Unable to find a suitable temporary directory" +fi + +# Create a temporary file +tmp=`mktemp $tempdir/build.gui.XXXXXX` +if [ $? -ne 0 ]; then + bail_error "Cannot create temp file, exiting..." +fi + +trap "rm -f $tmp; exit 1" EXIT SIGHUP SIGINT SIGQUIT SIGSEGV SIGTERM + +#------------------------------------------------------------ +# +# Build config line +# +#------------------------------------------------------------ +cfgline=''; + +$dialog \ +--title "Compile-time options" \ +--backtitle "Samhain $VERSION" \ +--radiolist "Samhain can run as standalone application on a single dektop machine, or as a client/server application for centralized monitoring of many hosts" \ +10 75 3 \ +"disable-network" "Single desktop machine" on \ +"enable-network=client" "Network (client)" off \ +"enable-network=server" "Network (server)" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + get_config +else + get_error || bail_error "Your \"dialog\" does not support --radiolist, GUI installation impossible" + cfgline="--disable-network" +fi + +cfgtest=`echo $cfgline | grep disable` + + +#------------------------------------------------------------ +# +# Server options +# +#------------------------------------------------------------ +if [ -z $cfgtest ]; then + +INET=yes +HTML="\n /usr/local/var/samhain/samhain.html" + +$dialog \ +--backtitle "Samhain $VERSION" \ +--msgbox "You have chosen to build SAMHAIN as a client/server application.\n\nThis requires some additional configuration.\nPlease read the manual if you are not sure\nwhich options are useful or neccessary for you." 10 75 + +if [ $? = -1 ]; then + exit 1 +fi + + +$dialog \ +--title 'Network options' \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--checklist 'Use SPACE to set/unset. If in doubt, read the manual.' \ +20 75 10 \ +'enable-udp' "Server listens also on 514/udp" off \ +'disable-encrypt' "Disable client/server encryption" off \ +'disable-srp' "Disable SRP client/server authentication" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + get_config +fi + +$dialog \ +--title 'Network options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Server port" 10 75 "49777" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi + +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-port=$z" + done +fi + + +$dialog \ +--title 'Network options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Server address" 10 75 "127.0.0.1" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-logserver=$z" + done +fi + +$dialog \ +--title "Network options" \ +--backtitle 'Samhain $VERSION' \ +--inputbox "Backup server address" 10 75 "none" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + if [ "x$z" != "xnone" ]; then + cfgline="$cfgline --with-altlogserver=$z" + fi + done +fi + +# if [ -z $cfgtest ]; then +fi + +os=`uname -s` +if [ x"$os" = xLinux ] +then + PROC=`uname -m` + if [ x"$PROC" = xi686 ] ; then + I386_LINUX=yes + fi + if [ x"$PROC" = xi586 ] ; then + I386_LINUX=yes + fi + if [ x"$PROC" = xi486 ] ; then + I386_LINUX=yes + fi + if [ x"$PROC" = xi386 ] ; then + I386_LINUX=yes + fi +fi + +$dialog \ +--title 'General options' \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--checklist 'Use SPACE to set/unset. If in doubt, read the MANUAL.' \ +20 75 10 \ +'enable-static' "Don't link with shared libraries" on \ +'enable-suidcheck' "Check for suid/sgid files" on \ +'enable-login-watch' "Watch for login/logout events" off \ +'enable-ptrace' "Enable anti-debugger code" off \ +'enable-db-reload' "Reload database on SIGHUP" off \ +'enable-xml-log' "Write log in XML format" off \ +'disable-mail' "Compile without built-in mailer" off \ +'disable-external-scripts' "Disable use of external scripts" off \ +'enable-debug' "Compile in debugging code" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + get_config +fi + +#------------------------------------------------------------ +# +# Kernel module +# +#------------------------------------------------------------ + +KCHECK="no" + +if [ "x$I386_LINUX" = "xyes" ]; then + +$dialog \ +--title "Kernel module rootkit detection" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--inputbox "SAMHAIN can detect kernel module rootkits if compiled with support\nfor this. If you want to enable this option, please give the path\nto your System.map file, else choose CANCEL.\n\nNOTE: this option will require root privileges for at least one\ncommand during compilation (to read from /dev/kmem)." \ +16 75 "/boot/System.map" \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-kcheck=$z" + done + KCHECK="yes" +fi + +fi + +#------------------------------------------------------------ +# +# Signature options +# +#------------------------------------------------------------ +$dialog \ +--title "Signed database and configuration" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--yesno "Samhain can be configured to support PGP signed database\nand configuration files. This requires a working installation\nof GnuPG.\n\nDo you want to use this option ?" \ +10 75 \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + + +$dialog \ +--title "Signed database and configuration" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please enter the full path to gpg (i.e. the GnuPG binary)" \ +10 75 "/usr/bin/gpg" \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ] +then + exit 1 +fi +if [ $mtest = 0 ] +then + +mfile=`cat $tmp` +for z in $mfile ; do + cfgline="$cfgline --with-gpg=$z" +done + +$dialog \ +--title "Signed database and configuration" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please enter the fingerprint of the key to use (one string, no spaces)" \ +10 75 "6BD9050FD8FC941B43412DCC68B7AB8957548DCD" \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + z=`cat $tmp` + cfgline="$cfgline --with-fp=$z" +fi + + +fi +# want signed +fi + +#------------------------------------------------------------ +# +# Stealth options +# +#------------------------------------------------------------ +$dialog \ +--title "Stealth options" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--yesno "Samhain has some stealth options to hide its presence.\nDo you want to take advantage of these ?" \ +10 75 \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + +$dialog \ +--title "Stealth options" \ +--backtitle "Samhain $VERSION" \ +--radiolist "Full stealth mode will hide ascii strings within the binary, and use a config file that is hidden by steganography within an image file. Micro stealth is just strings hiding, without the stego config file." \ +20 75 4 \ +'full' "Enable full stealth mode" off \ +'micro' "Enable micro stealth mode" on \ +'none' "None of both" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + mtest=$z + done +else + mtest="none" +fi + +if [ "x$mtest" != "xnone" ]; then + +if [ "x$mtest" = "xfull" ]; then + FULL_STEALTH="yes" +fi + +$dialog \ +--title 'Stealth options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please select a number between 128 and 255. This number will be used to obfuscate strings within the binary by xoring them." 10 75 "137" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + mnum=$z + done +else + mnum="137" +fi + +if [ "x$FULL_STEALTH" = "xyes" ]; then + cfgline="$cfgline --enable-stealth=$mnum" +else + cfgline="$cfgline --enable-micro-stealth=$mnum" +fi + +# if [ "x$mtest" != "xnone" ]; then +fi + + +$dialog \ +--title 'Stealth options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please choose a new name to replace \"samhain\" upon installation" \ +10 75 "samhain" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --enable-install-name=$z" + done +fi + +$dialog \ +--title "Stealth options" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--inputbox "You can set a magic string such that command line arguments will be ignored unless the first argument is this magic string, and read from stdin otherwise. If you do not want this, select CANCEL, otherwise choose a string and select OK." \ +10 75 "foo" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --enable-nocl=$z" + done +fi + +if [ "x$I386_LINUX" = "xyes" ]; then +$dialog \ +--title "Stealth options" \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--yesno "SAMHAIN can compile and install a kernel module to hide the SAMHAIN daemon process. Do you want that ?"\ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + cfgline="$cfgline --enable-khide" +fi + +# f [ "x$I386_LINUX" = "xyes" ]; then +fi + +# want stealth +fi + +#------------------------------------------------------------ +# +# Paths to configure +# +#------------------------------------------------------------ +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--radiolist "Do you wish to change the default paths ?\n\nThe default paths are:\n\n /usr/local/sbin all binaries\n /etc/samhainrc configuration file\n /var/lib/samhain/samhain_file data file\n /var/log/samhain_log log file\n /var/run/samhain.pid pid file $HTML" 20 76 5 \ +'usr' "Install binaries in /usr/sbin" off \ +'opt' "Use /opt/samhain, /etc/opt, /var/opt" off \ +'all' "Set paths individually" off \ +'cancel' "Don't change the paths" on \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then +# +# edit paths +# +mfile=`cat $tmp` +for z in $mfile ; do + if [ "x$z" = "xopt" ]; then + cfgline="$cfgline --prefix=OPT" + fi + if [ "x$z" = "xusr" ]; then + cfgline="$cfgline --prefix=USR" + fi + if [ "x$z" = "xall" ]; then +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Exec prefix" 10 75 "/usr/local" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --exec-prefix=$z" + done +fi + + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Configuration" 10 75 "/etc/samhainrc" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-config-file=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Man pages" 10 75 "/usr/local/share/man" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-mandir=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Database" 10 75 "/var/lib/samhain/samhain_data" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-data-file=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Log file" 10 75 "/var/log/samhain_log" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-log-file=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Lock file" 10 75 "/var/run/samhain.pid" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-pid-file=$z" + done +fi + +if [ "x$INET" = "xyes" ]; then +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Server status" 10 75 "/var/lib/samhain/samhain.html" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-html-file=$z" + done +fi +# if [ "x$INET" = "xyes" ]; then +fi + + fi + +done +# edit paths +fi + + +if [ ! -f "configure" ] ; then + bail_error "Setup problem... try to install manually" +fi + +echo "./configure $cfgline" > Install.log 2>/dev/null + +if [ $? != 0 ]; then + $dialog --infobox "ERROR writing to \"Install.log\".\n\nAborting." 10 55 + exit 1 +fi + + + +if [ "x$KCHECK" = "xyes" ]; then + if [ `id -u` != 0 ]; then +$dialog --msgbox "Compiling with --with-kcheck option (kernel rootkit detection). This\nrequires root privileges for at least one command during compilation,\nbut you are not running this as root. Please expect compilation to fail.\n\nYou need to run \"make\" manually after failure, and\nfollow the instructions to execute the one required\ncommand as root." 20 75 + fi +fi + + +if [ -n "$gauge" ] ; then +( + sfail=0 + echo 20 + rm -f config.cache 2> /dev/null + echo 30 + if [ -z "$cfgline2" ]; then + ./configure $cfgline >> Install.log 2>&1 + else + ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1 + fi + cfail=$? + echo 50 + if [ $cfail = 0 ]; then + make clean >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo 60 + if [ $cfail = 0 ]; then + make >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo 80 + if [ $cfail = 0 ]; then + make install >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo 100 + echo cfail=$cfail > $tmp + echo sfail=$sfail >> $tmp +) | $dialog \ +--title 'Compilation and installation' \ +--backtitle "Samhain $VERSION" \ +"$gauge" 'Please wait...' 10 75 10 +else + sfail=0 + rm -f config.cache 2> /dev/null + $dialog --infobox "Running configure ..." 4 44 + if [ -z "$cfgline2" ]; then + ./configure $cfgline >> Install.log 2>&1 + else + ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1 + fi + cfail=$? + if [ $cfail = 0 ]; then + $dialog --infobox "Running make clean ..." 4 44 + make clean >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + if [ $cfail = 0 ]; then + $dialog --infobox "Running make ..." 4 44 + make >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + if [ $cfail = 0 ]; then + $dialog --infobox "Running make install ..." 4 44 + make install >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo cfail=$cfail > $tmp + echo sfail=$sfail >> $tmp +fi + +. $tmp + + +echo "SAMHAIN is now installed on your system." > $tmp +echo "Please read the documentation to know how to run it." >> $tmp + + +if [ "x$sfail" = "x0" ] ; then + + if [ "x$cfail" = "x0" ] ; then + if [ "x${FULL_STEALTH}" = "xyes" ]; then + tail -21 Install.log >> $tmp + else + tail -11 Install.log >> $tmp + fi + $dialog --title "Build report (use arrow keys to scroll the text box)" \ +--backtitle "Samhain $VERSION installed. PLEASE READ THE MANUAL." \ +--textbox \ +$tmp \ +20 75 + else + $dialog --title "Problem report" \ +--backtitle "Samhain $VERSION: Build failed (see Install.log):" \ +--msgbox \ +"Compilation was successful, but you need to be root in\norder to install the files to the selected prefix.\nPlease run 'make install' as root." \ +10 75 + fi + +else + + MSG=`tail -10 Install.log` + $dialog --title "Problem report" \ +--backtitle "Samhain $VERSION: Build failed (see Install.log):" \ +--msgbox "$MSG" 20 75 + +fi + +rm -f $tmp + +exit 0 + + + + + + Index: branches/samhain-2_2-branch/LICENSE =================================================================== --- branches/samhain-2_2-branch/LICENSE (revision 66) +++ branches/samhain-2_2-branch/LICENSE (revision 66) @@ -0,0 +1,344 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. Index: branches/samhain-2_2-branch/Makefile.in =================================================================== --- branches/samhain-2_2-branch/Makefile.in (revision 66) +++ branches/samhain-2_2-branch/Makefile.in (revision 66) @@ -0,0 +1,1675 @@ +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + +# --- boiler-plate stuff --- +# +SHELL = /bin/sh + +srcdir = @srcdir@ +srcsrc = @srcdir@/src +srcinc = @srcdir@/include +top_srcdir = @top_srcdir@ + +# Don't use VPATH - it's a portability mess +# +# VPATH = $(top_srcdir)/src + +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +mandir = @mandir@ + +configfile = @myconffile@ +mydatafile = @mydatafile@ +mylockfile = @mylockfile@ +mylogfile = @mylogfile@ + +mydatadir = @mydataroot@ +mylogdir = @mylogdir@ +mylockdir = @mylockdir@ + +selectconfig = @selectconfig@ + +top_builddir = . + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL@ -s -m 700 +INSTALL_SHELL = @INSTALL@ -m 700 +INSTALL_DATA = @INSTALL@ -m 600 +INSTALL_MAN = @INSTALL@ -m 644 +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_NAME = @install_name@ +INSTALL_DSYS = @INSTALL@ -m 755 + +PACKAGE = @PACKAGE@ +VERSION = @VERSION@ + +VFLAG = @mytclient@ +SETPWD = @setpwd_prg@ +STEGIN = @stegin_prg@ +SAMHAIN = @sh_main_prg@ +YULECTL = @yulectl_prg@ +XOR_CODE = @xor_code@ +SH_LKM = @sh_lkm@ +TIGER_SRC = @tiger_src@ + +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs + + +CC = @CC@ +# DBGDEF = -pg -DSH_PROFILE=1 +DBGDEF = @mydebugdef@ +DEFS = $(DBGDEF) @DEFS@ -I. -I$(top_srcdir)/include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS_TRY = @LIBS@ +LIBS_SOCK = @sh_libsocket@ +LIBS_KVM = @sh_libkvm@ +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) +LINK = $(CC) $(DBGDEF) -O $(LDFLAGS) -o $@ + +DESTDIR = + +TAR = tar +GZIP = --best + +# For creating a packed client +# +CLIENTPASSWD = + +.SUFFIXES: # Delete the default suffixes + +# +# --- Files ------- +# + + +HEADERS = samhain.h sh_unix.h sh_utils.h sh_error.h sh_error_min.h sh_files.h \ + sh_getopt.h sh_readconf.h sh_tiger.h sh_hash.h sh_mail.h \ + sh_mem.h sh_entropy.h sh_forward.h sh_modules.h sh_utmp.h \ + sh_kern.h sh_suidchk.h sh_srp.h sh_fifo.h sh_html.h sh_tools.h \ + sh_gpg.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \ + sh_schedule.h bignum.h trustfile.h slib.h zAVLTree.h \ + lzoconf.h minilzo.h rijndael-alg-fst.h rijndael-api-fst.h \ + rijndael-boxes-fst.h sh_socket.h sh_ignore.h sh_prelude.h \ + sh_mounts.h sh_userfiles.h sh_static.h sh_prelink.h + + +SOURCES = $(srcsrc)/samhain.c $(srcsrc)/sh_unix.c \ + $(srcsrc)/sh_utils.c $(srcsrc)/sh_error.c \ + $(srcsrc)/sh_files.c $(srcsrc)/sh_getopt.c \ + $(srcsrc)/sh_readconf.c $(srcsrc)/sh_tiger0.c \ + $(srcsrc)/sh_tiger1.c $(srcsrc)/sh_tiger2.c \ + $(srcsrc)/sh_tiger1_64.c $(srcsrc)/sh_tiger2_64.c \ + $(srcsrc)/sh_hash.c $(srcsrc)/sh_mail.c \ + $(srcsrc)/sh_mem.c $(srcsrc)/sh_entropy.c \ + $(srcsrc)/sh_forward.c $(srcsrc)/sh_modules.c \ + $(srcsrc)/sh_utmp.c $(srcsrc)/sh_kern.c \ + $(srcsrc)/sh_suidchk.c $(srcsrc)/sh_srp.c \ + $(srcsrc)/sh_fifo.c $(srcsrc)/sh_tools.c \ + $(srcsrc)/sh_html.c $(srcsrc)/sh_gpg.c \ + $(srcsrc)/sh_cat.c $(srcsrc)/sh_calls.c \ + $(srcsrc)/sh_extern.c $(srcsrc)/sh_database.c \ + $(srcsrc)/sh_err_log.c $(srcsrc)/sh_err_console.c \ + $(srcsrc)/sh_err_syslog.c $(srcsrc)/sh_schedule.c \ + $(srcsrc)/bignum.c $(srcsrc)/mkhdr.c \ + $(srcsrc)/samhain_setpwd.c $(srcsrc)/samhain_stealth.c \ + $(srcsrc)/encode.c $(srcsrc)/sstrip.c \ + $(srcsrc)/trustfile.c $(srcsrc)/exepack.c \ + $(srcsrc)/exepack_fill.c $(srcsrc)/exepack_mkdata.c \ + $(srcsrc)/minilzo.c $(srcsrc)/slib.c \ + $(srcsrc)/rijndael-alg-fst.c $(srcsrc)/rijndael-api-fst.c \ + $(srcsrc)/zAVLTree.c $(srcsrc)/bignum.c \ + $(srcsrc)/sh_socket.c $(srcsrc)/sh_ignore.c \ + $(srcsrc)/yulectl.c $(srcsrc)/sh_mounts.c \ + $(srcsrc)/sh_userfiles.c $(srcsrc)/sh_prelude.c \ + $(srcsrc)/sh_prelink.c $(srcsrc)/sh_static.c \ + $(srcsrc)/sh_prelude_old.c + +OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ + samhain.o sh_unix.o sh_utils.o sh_error.o \ + sh_getopt.o sh_readconf.o \ + sh_hash.o sh_mail.o sh_mem.o \ + sh_entropy.o sh_forward.o sh_modules.o sh_utmp.o sh_kern.o \ + sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_gpg.o \ + sh_cat.o sh_calls.o sh_extern.o sh_database.o sh_err_log.o \ + sh_err_console.o sh_err_syslog.o sh_schedule.o bignum.o \ + trustfile.o rijndael-alg-fst.o rijndael-api-fst.o slib.o \ + zAVLTree.o sh_socket.o sh_ignore.o sh_prelude.o \ + sh_mounts.o sh_userfiles.o sh_prelink.o sh_static.o \ + sh_prelude_old.o + +KERN = kern_head.h kern_head.c + +TESTSUITE = test.sh testcompile.sh testhash.sh testtiger.txt \ + testtimesrv.sh \ + testext.sh testrc_1ext.in test_ext.c.in \ + testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \ + testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ + testrun_2c.sh testrun_2d.sh + +DIST_COMMON = README COPYING LICENSE samhain.jpg \ +samhainrc.linux samhainrc.solaris samhainrc.freebsd samhainrc.aix5.2.0 \ +samhainrc.netbsd yulerc.template \ +Install.sh + +DIST_NEEDED = Makefile.in deploy.sh.in samhain-install.sh.in \ +samhain.spec.in rules.deb.in rules.deb-light.in samhain.spec hp_ux.psf.in \ +stealth_template.jpg \ +config.guess config.h.in stamp-h.in config.sub configure \ +configure.ac acconfig.h aclocal.m4 install-sh missing mkinstalldirs \ +c_random.sh c_bits.sh depend.sum depend.dep stamp-hdep + +DISTFILES = $(DIST_COMMON) $(DIST_NEEDED) \ + src include man scripts init docs sql_init test dsys + +PROGRAMS = $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) + +#---------------------------------------------------------- +# +# the first target is the default one +# +#---------------------------------------------------------- + +all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) @sh_lkm@ sstrip + + +#---------------------------------------------------------- +# +# rules for automatic updating of configuration information +# after changing the configuration files +# +#---------------------------------------------------------- + +$(top_srcdir)/configure: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4 + cd $(srcdir) && autoconf + +# autoheader might not change config.h.in, so touch a stamp file. +$(top_srcdir)/config.h.in: $(top_srcdir)/stamp-h.in + touch $(top_srcdir)/config.h.in + +$(top_srcdir)/stamp-h.in: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4 + cd $(top_srcdir) && autoheader + echo timestamp > $(top_srcdir)/stamp-h.in + +config.h: stamp-h + @sleep 1; \ + touch config.h + +stamp-h: $(top_srcdir)/config.h.in config.status + ./config.status + +Makefile: $(top_srcdir)/Makefile.in config.status + ./config.status + +samhain-install.sh: $(top_srcdir)/samhain-install.sh.in config.status + ./config.status + +config.status: $(top_srcdir)/configure + ./config.status --recheck + +#---------------------------------------------------------- +# +# rules for automatic dependency tracking +# +#---------------------------------------------------------- + + +depend-gen: $(srcsrc)/depend-gen.c + @echo "$(CC) $(CFLAGS) -o depend-gen $(srcsrc)/depend-gen.c"; \ + $(CC) $(CFLAGS) -o depend-gen $(srcsrc)/depend-gen.c 2>/dev/null || \ + echo "failed to compile ... hope depend.dep is ok" + +# redo if sources change +# +$(top_srcdir)/depend.dep: depend-gen $(SOURCES) + @echo "update depend.dep ..."; \ + test -f $(srcdir)/depend.dep || echo > $(srcdir)/depend.dep; \ + if test -f depend-gen; then \ + failfiles=""; \ + for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ + ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/depend.dep $$ff || \ + failfiles="$${failfiles} $$ff"; \ + done; \ + if test x"$${failfiles}" != x; then \ + echo "--------------------------------------------------------";\ + echo " depend-gen failed to update depend.dep. You can safely"; \ + echo " ignore this error, unless you have modified the source"; \ + echo " files and changed their dependencies."; \ + echo "--------------------------------------------------------";\ + else \ + echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ + fi; \ + else \ + echo "depend-gen not found ... depend.dep not modified"; \ + fi + +# only updated if depencies change +# +$(top_srcdir)/depend.sum: $(top_srcdir)/depend.dep + @if test -f depend-gen; then \ + nsum=`./depend-gen -c $(top_srcdir)/depend.dep|awk '{print $$1}'`; \ + osum=`cat $(top_srcdir)/depend.sum 2>/dev/null`; \ + if test "x$$osum" != "x$$nsum"; then \ + echo "update $(top_srcdir)/depend.sum ..."; \ + echo $$nsum > $(top_srcdir)/depend.sum; \ + echo timestamp > $(top_srcdir)/stamp-hdep; \ + fi; \ + fi; + +$(top_srcdir)/Makefile.in: $(top_srcdir)/stamp-hdep + @echo "update Makefile.in ..."; \ + echo "cp Makefile.in Makefile.in.bak"; \ + cp $(top_srcdir)/Makefile.in $(top_srcdir)/Makefile.in.bak; \ + if test -f depend-gen; then \ + failfiles=""; \ + for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ + ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/Makefile.in $$ff || \ + failfiles="$${failfiles} $$ff"; \ + done; \ + if test x"$${failfiles}" != x; then \ + echo "--------------------------------------------------------";\ + echo " depend-gen failed to update Makefile.in. You can safely"; \ + echo " ignore this error, unless you have modified the source"; \ + echo " files and changed their dependencies."; \ + echo "--------------------------------------------------------";\ + else \ + echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ + fi; \ + fi + +# do it manually +# +depend: depend-gen + @echo "update Makefile.in ..."; \ + for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ + ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/Makefile.in $$ff; \ + echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ + done + + +#---------------------------------------------------------- +# +# CLEAN rules +# +#---------------------------------------------------------- + + +# everything created by make +# + +CLEANFILES = encode config_xor.h depend-gen sh_ks.h sh_ks_xor.h kern_head \ + internal.h sh_MK.h trustfile sstrip samhain mkhdr encode cutest \ + yule samhain_setpwd samhain_stealth samhainrc yulectl samhain_hide.ko + +clean: + -rm -f core *.o + @-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + + +# everything created by (./configure && make) +# + +DISTCLEANFILES = Makefile samhain.spec sh_gpg_checksum.h sh_gpg_fp.h \ + init/samhain.startLinux init/samhain.startGentoo \ + init/samhain.startLSB init/samhain.startFreeBSD \ + init/samhain.startSolaris init/samhain.startHPUX \ + init/samhain.startIRIX \ + deploy.sh sh_MK.h samhain-install.sh sh_gpg_chksum.h sh_gpg_fp.h \ + rules.deb rules.deb-light \ + scripts/samhainadmin.pl scripts/check_samhain.pl \ + scripts/samhain.ebuild scripts/samhain.ebuild-light + +TESTCLEANFILES = samhain.build samhain.new yule.html \ + test_ext test_ext.c test_ext.res test_log testhash.tmp \ + testrc1.signed testrc_1ext testrc_2 testrc_2.signed + +distclean: clean + -rm -f config.status config.log configure.lineno config.h config.cache + @-test -z "$(TESTCLEANFILES)" || rm -f $(TESTCLEANFILES) + @-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + + +#---------------------------------------------------------- +# +# TEST rules +# +#---------------------------------------------------------- + +test14: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 14 `hostname -f` + +test13: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 13 `hostname -f` + +test12: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 12 `hostname -f` + +test11: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 11 `hostname -f` + +test10: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 10 `hostname -f` + +test7: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 7 + +test6: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 6 + +test5: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 5 + +test4: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 4 + +test3: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 3 + +test2: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 2 + +test1: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 1 + +test: + @if test -f test; then \ + :; \ + else \ + cp -pr $(top_srcdir)/test .; \ + cat $(top_srcdir)/test/test.sh | \ + sed 's%XXXSRCXXX%$(top_srcdir)%' > test/test.sh; \ + chmod +x test/test.sh; \ + fi + +#---------------------------------------------------------- +# +# INSTALL rules +# +#---------------------------------------------------------- + +install: install-lkm install-program install-man install-data + @echo; \ + echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \ + echo " i.e. you might consider saving that script for future use";\ + echo; \ + echo " Use 'make install-boot' if you want @install_name@ to start on system boot"; \ + echo + +install-light: install-lkm install-program install-data + @echo; \ + echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \ + echo " i.e. you might consider saving that script for future use";\ + echo; \ + echo " Use 'make install-boot' if you want @install_name@ to start on system boot"; \ + echo + +purge: uninstall-lkm uninstall-program uninstall-man + @echo "./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data + +remove: uninstall + +uninstall: uninstall-lkm uninstall-program uninstall-man uninstall-data + @echo; \ + echo " Use 'make purge' if you also want to uninstall the configuration file"; \ + echo " Use 'make uninstall-boot' to uninstall the runlevel scripts"; \ + echo + +# +# --- boot --- +# +install-boot: samhain-install.sh + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-boot + + +uninstall-boot: samhain-install.sh + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-boot + +# +# --- program --- +# + +# -- NEW -- +install-lkm: @sh_lkm@ + @RVER=`uname -r`; \ + if test "x@sh_lkm@" != "x"; then \ + if test -d /lib/modules/$$RVER; then \ + MODDIR="/lib/modules/$$RVER"; \ + elif test -d /lib/modules/misc; then \ + MODDIR="/lib/modules/misc"; \ + elif test -d /lib/modules; then \ + MODDIR="/lib/modules/misc"; \ + fi; \ + $(mkinstalldirs) $(DESTDIR)$${MODDIR}; \ + list='@sh_lkm@'; for p in $$list; do \ + echo " cp $$p $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'`"; \ + cp $$p $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'` ; \ + chown root $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'`; \ + done; \ + if test "x$(DESTDIR)" = x; then \ + echo " depmod -a || /sbin/depmod -a"; \ + depmod -a || /sbin/depmod -a; \ + fi; \ + fi + +uninstall-lkm: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-lkm";\ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-lkm + + +install-program: $(PROGRAMS) sstrip + @$(mkinstalldirs) $(DESTDIR)$(sbindir) + @list='$(PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`"; \ + $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ + chmod 0700 $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ + echo " ./sstrip $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`"; \ + ./sstrip $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ + else :; fi; \ + done + +uninstall-program: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-program";\ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-program + + +# +# -- data files +# + +install-user: + @if test "x@need_user_install@" = x1; then \ + echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-user @myident@"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-user @myident@; \ + fi + @if test x"$(VFLAG)" = "x-DSH_WITH_SERVER"; then \ + echo " chown root $(DESTDIR)$(mydatadir)"; \ + chown root $(DESTDIR)$(mydatadir); \ + echo " chmod 755 $(DESTDIR)$(mydatadir)"; \ + chmod 755 $(DESTDIR)$(mydatadir); \ + echo " chown @myident@ $(DESTDIR)$(configfile)"; \ + chown @myident@ $(DESTDIR)$(configfile); \ + if test x"$(mylogdir)" = "x/var/log"; then \ + if test x"@myident@" = xroot; then \ + :; \ + else \ + echo; \ + echo " ----------------------------------------------------------------"; \ + echo " Directory $(mylogdir) (log file) looks like a system directory."; \ + echo " You may run into problems (need write access for user @myident@)."; \ + echo " ----------------------------------------------------------------"; \ + echo; \ + fi; \ + else \ + echo " chown @myident@ $(DESTDIR)$(mylogdir)"; \ + chown @myident@ $(DESTDIR)$(mylogdir); \ + fi; \ + fi + +install-data: trustfile + @$(mkinstalldirs) $(DESTDIR)$(sysconfdir) + @$(mkinstalldirs) $(DESTDIR)$(mylockdir) + @$(mkinstalldirs) $(DESTDIR)$(mylogdir) + @$(mkinstalldirs) $(DESTDIR)$(mydatadir); \ + chmod 700 $(DESTDIR)$(mydatadir) + @if test -f samhainrc.$(selectconfig); then \ + :; \ + else \ + if test -f $(srcdir)/samhainrc.$(selectconfig); then \ + cp $(srcdir)/samhainrc.$(selectconfig) . ; \ + fi; \ + fi; \ + if test -f yulerc; then \ + :; \ + else \ + if test -f $(srcdir)/yulerc.template; then \ + cp $(srcdir)/yulerc.template yulerc; \ + fi; \ + fi; \ + if test -f stealth_template.jpg; then \ + :; \ + else \ + if test -f $(srcdir)/stealth_template.jpg; then \ + cp $(srcdir)/stealth_template.jpg . ; \ + fi; \ + fi + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-data"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-data || \ + echo " ERROR: Failed to install the configuration file to $(DESTDIR)$(configfile). You need to install the configuration file manually." + @if test x"$(VFLAG)" = "x-DSH_WITH_SERVER"; then \ + echo;\ + echo " -----------------------------------------------------";\ + echo " The server will run as user @myident@ if started with";\ + echo " root privileges, otherwise as the user of the parent ";\ + echo " process (use --enable-identity=USER to change).";\ + echo;\ + echo " You may want to use: make install-user";\ + echo;\ + echo " - to add the user @myident@ (if not existing already)";\ + echo " - to chown the data directory $(mydatadir)";\ + echo " - to chown the log file directory $(mylogdir)";\ + echo " - to chown the configuration file $(configfile)";\ + echo " -----------------------------------------------------";\ + else \ + if test "x@need_user_install@" = x1; then \ + echo;\ + echo " -----------------------------------------------------";\ + echo " You may want to use: make install-user";\ + echo;\ + echo " - to add the user @myident@ (if not existing already)";\ + echo " -----------------------------------------------------";\ + fi; \ + fi + +uninstall-data: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-data"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-data + +# +# -- man files +# + +install-man: + $(mkinstalldirs) $(DESTDIR)$(mandir)/man8 + $(mkinstalldirs) $(DESTDIR)$(mandir)/man5 + @if test -f $(top_srcdir)/man/samhain.8 ; then \ + echo " $(INSTALL_MAN) $(top_srcdir)/man/samhain.8 $(DESTDIR)$(mandir)/man8/@install_name@.8"; \ + $(INSTALL_MAN) $(top_srcdir)/man/samhain.8 $(DESTDIR)$(mandir)/man8/@install_name@.8; \ + fi + @if test -f $(top_srcdir)/man/samhainrc.5 ; then \ + echo " $(INSTALL_MAN) $(top_srcdir)/man/samhainrc.5 $(DESTDIR)$(mandir)/man5/@install_name@rc.5"; \ + $(INSTALL_MAN) $(top_srcdir)/man/samhainrc.5 $(DESTDIR)$(mandir)/man5/@install_name@rc.5; \ + fi + +uninstall-man: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-man";\ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-man + + +#---------------------------------------------------------- +# +# BUILD rules +# +#---------------------------------------------------------- + +run: run-light + +run-light: all + @echo "Building $(PACKAGE)-$(VERSION).run"; \ + STAGE=$(PACKAGE)-$(VERSION); \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install-light; \ + rm -f $$STAGE/@sbindir@/@install_name@_stealth; \ + echo "#! /bin/sh" > $$STAGE/setup.sh; \ + echo "./mkinstalldirs @sbindir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @sysconfdir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @mylockdir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @mylogdir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @mydataroot@ || exit 1" >> $$STAGE/setup.sh; \ + echo "chmod 700 @mydataroot@ || exit 1" >> $$STAGE/setup.sh; \ + if test -f $$STAGE/lib/modules; then \ + RVER=`uname -r`; \ + echo "chown root:root lib/modules/$$RVER/*" >> $$STAGE/setup.sh; \ + if test -d /lib/modules/$$RVER; then \ + echo "./mkinstalldirs /lib/modules/$$RVER" >> $$STAGE/setup.sh; \ + echo "cp -p lib/modules/$$RVER/* /lib/modules/$$RVER/" >> $$STAGE/setup.sh; \ + elif test -d /lib/modules/misc; then \ + echo "./mkinstalldirs /lib/modules/misc" >> $$STAGE/setup.sh; \ + echo "cp -p lib/modules/misc/* /lib/modules/misc/" >> $$STAGE/setup.sh; \ + elif test -d /lib/modules; then \ + echo "./mkinstalldirs /lib/modules/misc" >> $$STAGE/setup.sh; \ + echo "cp -p lib/modules/misc/* /lib/modules/misc/" >> $$STAGE/setup.sh; \ + fi; \ + echo "/sbin/depmod -a" >> $$STAGE/setup.sh; \ + fi; \ + temp=`echo $(sbindir) | sed s,^/,,`; \ + echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ + echo "cp -p $$temp/* $(sbindir) || exit 1" >> $$STAGE/setup.sh; \ + temp=`echo $(sysconfdir) | sed s,^/,,`; \ + echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ + configfile=`echo @myconffile@ | sed 's%^REQ_FROM_SERVER%%'`; \ + echo "test -f $$configfile || cp -p $$temp/* $$configfile" >> $$STAGE/setup.sh; \ + echo "./samhain-install.sh --express --verbose install-boot" >> $$STAGE/setup.sh; \ + cp $(top_srcdir)/mkinstalldirs $$STAGE/; \ + cp $(top_srcdir)/install-sh $$STAGE/; \ + cp ./samhain-install.sh $$STAGE/; \ + cp -r init/ $$STAGE/; \ + chmod +x $$STAGE/setup.sh; \ + chmod +x $$STAGE/samhain-install.sh; \ + chmod +x $$STAGE/mkinstalldirs; \ + chmod +x $$STAGE/install-sh; \ + $(top_srcdir)/scripts/makeself/makeself.sh --header $(top_srcdir)/scripts/makeself/makeself-header.sh --nocomp --nomd5 --notemp $$STAGE $(PACKAGE)-$(VERSION).run "$(PACKAGE)_$(VERSION)_self_extracting_installer" ./setup.sh && \ + rm -r $(PACKAGE)-$(VERSION) + +emerge-prepare: dist + @echo "Building $(PACKAGE)-$(VERSION)"; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo "$(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz"; \ + $(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz; \ + if test "x$${PORTDIR_OVERLAY}" = "x"; then \ + COPY_TO="$${PORTDIR}"; \ + else \ + COPY_TO="$${PORTDIR_OVERLAY}"; \ + fi; \ + $(mkinstalldirs) $${COPY_TO}/app-admin/@install_name@; \ + echo "$(INSTALL_MAN) scripts/samhain.ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild";\ + $(INSTALL_MAN) scripts/samhain.ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild; \ + test -f $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION) && rm $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION);\ + ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild digest; + +emerge-prepare-light: dist + @echo "Building $(PACKAGE)-$(VERSION)"; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo "$(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz"; \ + $(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz; \ + if test "x$${PORTDIR_OVERLAY}" = "x"; then \ + COPY_TO="$${PORTDIR}"; \ + else \ + COPY_TO="$${PORTDIR_OVERLAY}"; \ + fi; \ + $(mkinstalldirs) $${COPY_TO}/app-admin/@install_name@; \ + echo "$(INSTALL_MAN) scripts/samhain.ebuild-light $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild";\ + $(INSTALL_MAN) scripts/samhain.ebuild-light $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild; \ + test -f $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION) && rm $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION);\ + ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild digest; + + +tbz2: emerge-prepare + @emerge --buildpkgonly @install_name@; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo; \ + echo "@install_name@-$(VERSION).tbz2 should be in $${PKGDIR}/All"; \ + if test -f $${PKGDIR}/All/@install_name@-$(VERSION).tbz2; then \ + echo "Package $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 built."; \ + mv $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 $(PACKAGE)-$(VERSION).tbz2; \ + rm -f $${PKGDIR}/app-admin/@install_name@-$(VERSION).tbz2; \ + rm -rf $${PORTAGE_TMPDIR}/portage/@install_name@-$(VERSION); \ + else \ + echo "Error ... cannot find package."; \ + exit 1; \ + fi; \ + echo + +tbz2-light: emerge-prepare-light + @emerge --buildpkgonly @install_name@; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo; \ + if test -f $${PKGDIR}/All/@install_name@-$(VERSION).tbz2; then \ + echo "Package $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 built."; \ + mv $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 $(PACKAGE)-$(VERSION).tbz2; \ + rm -f $${PKGDIR}/app-admin/@install_name@-$(VERSION).tbz2; \ + rm -rf $${PORTAGE_TMPDIR}/portage/@install_name@-$(VERSION); \ + else \ + echo "Error ... cannot find package."; \ + exit 1; \ + fi; \ + echo + +emerge: + emerge $(PACKAGE); + +deb-light: + @echo "creating subdirectory debian"; \ + mkdir -p debian; \ + cp rules.deb-light debian/rules; \ + chmod +x debian/rules; \ + echo $(sbindir) | sed s,^/,, > debian/dirs; \ + echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ + echo etc/init.d >> debian/dirs; \ + echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ + echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ + echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ + if test "x@sh_lkm@" != x; then \ + RVER=`uname -r`; \ + if test -d /lib/modules/$$RVER; then \ + echo "lib/modules/$$RVER" >> debian/dirs; \ + elif test -d /lib/modules/misc; then \ + echo "lib/modules/misc" >> debian/dirs; \ + elif test -d /lib/modules; then \ + echo "lib/modules/misc" >> debian/dirs; \ + fi; \ + fi; \ + $(MAKE) deb-run + +deb: + @echo "creating subdirectory debian"; \ + mkdir -p debian; \ + cp rules.deb debian/rules; \ + chmod +x debian/rules; \ + echo $(sbindir) | sed s,^/,, > debian/dirs; \ + echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ + echo etc/init.d >> debian/dirs; \ + echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ + echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ + echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ + echo $(mandir)/man5 | sed s,^/,, >> debian/dirs; \ + echo $(mandir)/man8 | sed s,^/,, >> debian/dirs; \ + echo usr/share/doc/$(PACKAGE) >> debian/dirs; \ + if test "x@sh_lkm@" != x; then \ + RVER=`uname -r`; \ + if test -d /lib/modules/$$RVER; then \ + echo "lib/modules/$$RVER" >> debian/dirs; \ + elif test -d /lib/modules/misc; then \ + echo "lib/modules/misc" >> debian/dirs; \ + elif test -d /lib/modules; then \ + echo "lib/modules/misc" >> debian/dirs; \ + fi; \ + fi; \ + echo $(top_srcdir)/README > debian/docs; \ + echo $(top_srcdir)/test/testtiger.txt >> debian/docs; \ + echo $(srcsrc)/simple-bignum.tar.bz2 >> debian/docs; \ + echo $(top_srcdir)/scripts/head.html >> debian/docs; \ + echo $(top_srcdir)/scripts/foot.html >> debian/docs; \ + echo $(top_srcdir)/samhain.jpg >> debian/docs; \ + echo $(top_srcdir)/docs/BUGS >> debian/docs; \ + echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \ + echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \ + echo $(top_srcdir)/docs/MANUAL-2_2.html.tar >> debian/docs; \ + echo $(top_srcdir)/docs/MANUAL-2_2.pdf >> debian/docs; \ + echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ + echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ + echo $(top_srcdir)/docs/README.sstrip >> debian/docs; \ + echo $(top_srcdir)/docs/README.UPGRADE >> debian/docs; \ + echo $(top_srcdir)/docs/README.win2K >> debian/docs; \ + echo $(top_srcdir)/docs/TODO >> debian/docs; \ + $(MAKE) deb-run + +deb-run: + @maintainer=`gpg --list-secret-keys | grep 'sec ' | cut -d" " -f 5- | sed 's/^ *//' | sed q1`;\ + if test "x$$maintainer" = x; then \ + maintainer="Nobody Nowhere "; \ + fi; \ + echo "$(PACKAGE) ($(VERSION)-1) stable; urgency=low" > debian/changelog; \ + echo >> debian/changelog; \ + echo " * Initial release." >> debian/changelog; \ + echo >> debian/changelog; \ + echo " -- $$maintainer `date -R`" >> debian/changelog; \ + echo >> debian/changelog; \ + echo "Local variables:" >> debian/changelog; \ + echo "mode: debian-changelog" >> debian/changelog; \ + echo "End:" >> debian/changelog; \ + cp $(top_srcdir)/COPYING debian/copyright; \ + touch debian/README.debian; \ + echo "Document: @install_name@-manual" > debian/@install_name@.doc-base; \ + echo "Title: @install_name@ Manual" >> debian/@install_name@.doc-base; \ + echo "Author: Rainer Wichmann" >> debian/@install_name@.doc-base; \ + echo "Abstract: This manual describes what @install_name@ is" >> debian/@install_name@.doc-base; \ + echo " and how it can be used to check the file integrity of your" >> debian/@install_name@.doc-base; \ + echo " server." >> debian/@install_name@.doc-base; \ + echo "Section: admin" >> debian/@install_name@.doc-base; \ + echo >> debian/@install_name@.doc-base; \ + echo >> debian/@install_name@.doc-base; \ + echo "Format: Postscript" >> debian/@install_name@.doc-base; \ + echo "Files: /usr/share/doc/@install_name@/manual.ps.gz" >> debian/@install_name@.doc-base; \ + echo >> debian/@install_name@.doc-base; \ + echo "Format: HTML" >> debian/@install_name@.doc-base; \ + echo "Index: /usr/share/doc/@install_name@/manual.html/index.html" >> debian/@install_name@.doc-base; \ + echo "Files: /usr/share/doc/@install_name@/manual.html/*.html" >> debian/@install_name@.doc-base; \ + echo $(sysconfdir)/@install_name@rc > debian/conffiles; \ + echo /etc/init.d/@install_name@ >> debian/conffiles; \ + if test -f /usr/lib/lsb/install_initd; then \ + cp init/samhain.startLSB debian/@install_name@.init; \ + else \ + cp init/samhain.startLinux debian/@install_name@.init; \ + fi; \ + echo "Source: samhain" > debian/control; \ + echo "Section: admin" >> debian/control; \ + echo "Priority: optional" >> debian/control; \ + echo "Maintainer: $$maintainer" >> debian/control; \ + echo "Standards-Version: 3.2.1" >> debian/control; \ + echo >> debian/control; \ + echo "Package: @install_name@" >> debian/control; \ + echo "Architecture: any" >> debian/control; \ + echo "Depends: \$${shlibs:Depends}" >> debian/control; \ + echo "Description: File integrity checker" >> debian/control; \ + echo " A file integrity checker" >> debian/control; \ + echo "running debuild -us -uc"; \ + debuild -us -uc; \ + DEBFILE=`find ../ -follow -maxdepth 1 -cnewer ./debian/control 2>/dev/null | grep '@install_name@_$(VERSION)' | grep '\.deb'`; \ + if test x"$$DEBFILE" = x; then \ + echo "Error ... cannot find package file"; \ + exit 1; \ + else \ + echo "Package $$DEBFILE built."; \ + cp $$DEBFILE ./$(PACKAGE)-$(VERSION).deb; \ + fi; \ + echo + +# +# Check samhain.spec +# +rpmspec-full: + @grep 'install-light' samhain.spec >/dev/null 2>&1; \ + if test x"$$?" = "x0"; then \ + echo "Your samhain.spec is from rpm-light. Please run"; \ + echo " .config.status to re-create the original samhain.spec"; \ + exit 1; \ + fi + +# when editing the spec file, make an additional blank after 'make' +# to avoid that it matches on a second processing +# +rpmspec-light: samhain.spec + @echo "Stripping docs from samhain.spec"; \ + cat samhain.spec | sed 's,make DESTDIR=$${RPM_BUILD_ROOT} install,make DESTDIR=$${RPM_BUILD_ROOT} install-light,' | sed s,shkeep=yes,shkeep=no, | sed s,%doc.*,, | sed s,%attr.*,, > samhain.spec-light; \ + mv samhain.spec-light samhain.spec + +rpm-light: rpmspec-light distrpm + rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; + @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ + if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ + echo "Searching the RPM package below $$RPMTOP ..."; \ + RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ + echo; \ + if test x"$$RPMFILE" = x; then \ + echo "Error ... cannot find package file"; \ + exit 1; \ + else \ + echo "Package $$RPMFILE built."; \ + echo "Copying it to ./$(PACKAGE)-$(VERSION).rpm"; \ + cp $$RPMFILE ./$(PACKAGE)-$(VERSION).rpm; \ + fi; \ + echo + +rpm: rpmspec-full distrpm + rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; + @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ + if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ + echo "Searching the RPM package below $$RPMTOP ..."; \ + RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ + echo; \ + if test x"$$RPMFILE" = x; then \ + echo "Error ... cannot find package file"; \ + exit 1; \ + else \ + echo "Package $$RPMFILE built."; \ + echo "Copying it to ./$(PACKAGE)-$(VERSION).rpm"; \ + cp $$RPMFILE ./$(PACKAGE)-$(VERSION).rpm; \ + fi; \ + echo + +srpm-dist: rpmspec-full samhain.spec + @cat samhain.spec | \ + sed s%\-\-with\-base=.*\,[0123456789]*%% | \ + sed s%\'\'%% > samhain.spec.m; \ + mv samhain.spec.m samhain.spec + $(MAKE) distrpm + rpmbuild -ts ./$(PACKAGE)-$(VERSION).tar.gz + + +srpm: rpmspec-full distrpm + rpmbuild -ts ./$(PACKAGE)-$(VERSION).tar.gz + +solaris-pkg-light: all + @STAGE=/tmp/samhain-pkg-staging; \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install-light; + $(MAKE) solaris-pkg-finish + +solaris-pkg: all + @STAGE=/tmp/samhain-pkg-staging; \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install; + $(MAKE) solaris-pkg-finish + +solaris-pkg-finish: + @STAGE=/tmp/samhain-pkg-staging; \ + $(mkinstalldirs) $$STAGE/etc/init.d; \ + $(INSTALL_SHELL) init/samhain.startSolaris $$STAGE/etc/init.d/@install_name@; \ + (echo 'i pkginfo'; pkgproto $$STAGE=/ ) >prototype; \ + user=`id | sed s,uid=[0123456789]*\(,, | sed s,\).*,,`; \ + group=`id | sed s,.*gid=[0123456789]*\(,, | sed s,\).*,,`; \ + cat prototype | grep -v 'none / ' | \ + sed s,$$user\ $$group,root\ sys,g > prototype.1; \ + rm -f prototype.2; \ + while read line; do \ + echo "$${line}" | egrep '^d none' >/dev/null 2>&1; \ + if [ $$? = 0 ]; then \ + dir=`echo "$${line}" | awk '{ print $$3 }'`; \ + if [ -d "$$dir" ]; then \ + echo "d none $${dir} ? ? ?" >> prototype.2; \ + else \ + echo "$${line}" >> prototype.2; \ + fi; \ + else \ + echo "$${line}" >> prototype.2; \ + fi; \ + done < prototype.1; \ + rm -f prototype && rm prototype.1 && mv prototype.2 prototype; \ + echo "d none /etc/rc0.d ? ? ?" >> prototype; \ + echo "d none /etc/rc1.d ? ? ?" >> prototype; \ + echo "d none /etc/rc3.d ? ? ?" >> prototype; \ + echo "l none /etc/rc3.d/S99@install_name@=/etc/init.d/@install_name@" >> prototype; \ + echo "l none /etc/rc0.d/K10@install_name@=/etc/init.d/@install_name@" >> prototype; \ + echo "l none /etc/rc1.d/K10@install_name@=/etc/init.d/@install_name@" >> prototype; \ + ARCH=`uname -p`; \ + PSTAMP=`date '+%cc%yy%mm%dd%HH%MM%SS'`; \ + echo "PKG=@install_name@" > pkginfo; \ + echo "NAME=file integrity check" >> pkginfo; \ + echo "VERSION=$(VERSION)" >> pkginfo; \ + echo "CATEGORY=system" >> pkginfo; \ + echo "CLASSES=none" >> pkginfo; \ + echo "VENDOR=http://la-samhna.de/samhain" >> pkginfo; \ + echo "EMAIL=support@la-samhna.de" >> pkginfo; \ + echo "ARCH=$$ARCH" >> pkginfo; \ + echo "PSTAMP=$$PSTAMP" >> pkginfo; \ + pkgmk -o; \ + pkgtrans -s /var/spool/pkg /tmp/samhain-pkg-staging/@install_name@.pkg @install_name@; \ + if test -f /tmp/samhain-pkg-staging/@install_name@.pkg; then \ + echo; \ + cp /tmp/samhain-pkg-staging/@install_name@.pkg $(PACKAGE)-$(VERSION).pkg; \ + echo "Package $(PACKAGE)-$(VERSION).pkg is ready for installation"; \ + echo "to install, use: pkgadd -n -d $(PACKAGE)-$(VERSION).pkg all"; \ + echo; \ + rm -rf /var/spool/pkg/@install_name@ /tmp/samhain-pkg-staging; \ + else \ + echo; \ + echo "Error ... cannot find /tmp/samhain-pkg-staging/@install_name@.pkg."; \ + echo "Keeping /var/spool/pkg/@install_name@ /tmp/samhain-pkg-staging"; \ + echo; \ + exit 1; \ + fi + +depot-prep: all + STAGE=/tmp/samhain-pkg-staging; \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install; \ + $(MAKE) DESTDIR=$$STAGE install-boot; \ + cp hp_ux.psf $$STAGE; \ + mkdir $$STAGE/sc; \ + echo "#!/sbin/sh" > $$STAGE/sc/configure; \ + echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/configure; \ + echo "chmod 555 /sbin/init.d/samhain; chown bin:bin /sbin/init.d/@install_name@; (cd /sbin; ln -f -s /sbin/init.d/@install_name@ rc2.d/S900@install_name@; ln -f -s /sbin/init.d/@install_name@ rc1.d/K100@install_name@; )" >> $$STAGE/sc/configure; \ + chmod +x $$STAGE/sc/configure; \ + echo "#!/sbin/sh" > $$STAGE/sc/unconfigure; \ + echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/unconfigure; \ + echo "rm -f /sbin/rc2.d/S900@install_name@; rm -f /sbin/rc1.d/K100@install_name@" >> $$STAGE/sc/unconfigure; \ + chmod +x $$STAGE/sc/unconfigure; \ + echo "#!/sbin/sh" > $$STAGE/sc/preremove; \ + echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/preremove; \ + echo "/sbin/init.d/@install_name@ stop" >> $$STAGE/sc/preremove; \ + echo "exit 0" >> $$STAGE/sc/preremove; \ + chmod +x $$STAGE/sc/preremove; + +depot: depot-prep + (cd /tmp/samhain-pkg-staging && /usr/sbin/swpackage -v -s ./hp_ux.psf -x media_type=tape @ $(PACKAGE)-$(VERSION).depot) + cp /tmp/samhain-pkg-staging/$(PACKAGE)-$(VERSION).depot . + rm -rf /tmp/samhain-pkg-staging + +depot-light: depot + +#--------------------------------------------------------------- + + +trustfile: $(srcsrc)/trustfile.c config.h + $(COMPILE) $(VFLAG) -DSH_IDENT=\"@myident@\" -DTRUST_MAIN -DSL_ALWAYS_TRUSTED=@mytrust@ -o trustfile $(srcsrc)/trustfile.c + +sh_MK.h: config.h + @echo "creating sh_MK.h"; \ + echo "#ifndef SH_MK_H" > sh_MK.h; \ + echo "#define SH_MK_H" >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_1@ MKB >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_2@ MKA >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_3@ MKC >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_4@ MKD >> sh_MK.h; \ + echo "#endif" >> sh_MK.h + + +sstrip: $(srcsrc)/sstrip.c Makefile + $(COMPILE) -o sstrip $(srcsrc)/sstrip.c + +encode: $(srcsrc)/encode.c Makefile + $(COMPILE) -o encode $(srcsrc)/encode.c + +config_xor.h: config.h encode + @echo 'encode $(XOR_CODE) config.h'; \ + sleep 1; \ + ./encode $(XOR_CODE) config.h; \ + mv x_config.h config_xor.h + +#.c.o: +# @echo "./encode $(XOR_CODE) $< --> x_`echo $< |sed 's%.*/%%'`"; \ +# ./encode $(XOR_CODE) $<; \ +# echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $< |sed 's%.*/%%'`"; \ +# $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $< |sed 's%.*/%%'`; \ +# rm x_`echo $< |sed 's%.*/%%'` + +$(OBJECTS): + @echo "./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c --> x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + ./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c; \ + echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c; \ + rm x_`echo $@ |sed 's%\.o$$%%'`.c + +sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h + @echo "$(COMPILE) $(VFLAG) -o sh_tiger_i.o -c $(srcsrc)/$(TIGER_SRC)";\ + $(COMPILE) $(VFLAG) -o sh_tiger_i.o -c $(srcsrc)/$(TIGER_SRC); + +samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c + @echo '$(COMPILE) -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \ + ./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \ + $(COMPILE) -o samhain_setpwd x_samhain_setpwd.c; \ + rm x_samhain_setpwd.c + +samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c + @echo '$(COMPILE) -o samhain_stealth $(srcsrc)/samhain_stealth.c'; \ + ./encode $(XOR_CODE) $(srcsrc)/samhain_stealth.c; \ + $(COMPILE) -o samhain_stealth x_samhain_stealth.c; \ + rm x_samhain_stealth.c + +yulectl: encode config_xor.h $(srcsrc)/yulectl.c + @echo '$(COMPILE) -o yulectl $(srcsrc)/yulectl.c $(LIBS_SOCK)'; \ + ./encode $(XOR_CODE) $(srcsrc)/yulectl.c; \ + $(COMPILE) -o yulectl x_yulectl.c $(LIBS_SOCK); \ + rm x_yulectl.c + +$(SAMHAIN): internal.h $(OBJECTS) sh_tiger_i.o + @-rm -f $(SAMHAIN) + @echo "$(LINK) sh_tiger_i.o $(OBJECTS) $(LIBS_TRY)"; \ + $(LINK) sh_tiger_i.o $(OBJECTS) $(LIBS_TRY) + + +CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \ + $(srcsrc)/cutest_sh_utils.c \ + $(srcsrc)/cutest_sh_unix.c \ + $(srcsrc)/cutest_slib.c \ + $(srcsrc)/cutest_zAVLTree.c \ + $(srcsrc)/cutest_sh_hash.c \ + $(srcsrc)/cutest_sh_tiger0.c + +CUTEST_OBJECTS = cutest_sh_tools.o \ + cutest_sh_utils.o \ + cutest_sh_unix.o \ + cutest_slib.o \ + cutest_zAVLTree.o \ + cutest_sh_hash.o \ + cutest_sh_tiger0.o + +$(CUTEST_OBJECTS): $(CUTEST_SOURCES) + @echo "./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c --> x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + ./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c; \ + echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c; \ + rm x_`echo $@ |sed 's%\.o$$%%'`.c + +cutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/make-tests.sh + cd $(srcsrc)/ && ./make-tests.sh >CuTestMain.c + @$(COMPILE) -o CuTestMain.o -c $(srcsrc)/CuTestMain.c; \ + $(COMPILE) -o CuTest.o -c $(srcsrc)/CuTest.c; \ + rm -f samhain.o; \ + ./encode $(XOR_CODE) $(srcsrc)/samhain.c; \ + $(COMPILE) $(VFLAG) -DSH_CUTEST=1 -o samhain.o -c x_samhain.c; \ + rm x_samhain.c; \ + $(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \ + ./cutest + +samhain_hide.o: $(srcsrc)/samhain_hide.c samhain_erase.o + gcc @lkm_inc@ -I. -Wall -O2 -c $(srcsrc)/samhain_hide.c + +samhain_erase.o: $(srcsrc)/samhain_erase.c + gcc @lkm_inc@ -I. -Wall -O2 -c $(srcsrc)/samhain_erase.c + +# -- NEW -- +samhain_hide.ko: $(srcsrc)/samhain_hide.c + @test -d m_comp || mkdir m_comp; \ + echo "KVERSION := \$$(shell uname -r)" > m_comp/Makefile;\ + echo "KSOURCE ?= /lib/modules/\$$(KVERSION)/build" >> m_comp/Makefile;\ + echo "obj-m := samhain_hide.o" >> m_comp/Makefile;\ + echo ".PHONY: modules install clean modules_add" >> m_comp/Makefile;\ + echo "install : modules_add" >> m_comp/Makefile;\ + echo "modules modules_install clean:" >> m_comp/Makefile;\ + echo "T\$$(MAKE) -C \$$(KSOURCE) \$$@ SUBDIRS=\$$(CURDIR) KBUILD_VERBOSE=2" | tr T '\t' >> m_comp/Makefile;\ + cp config.h m_comp/; \ + cp $(srcsrc)/samhain_hide.c m_comp/; \ + cd m_comp && $(MAKE) modules + @if test -f m_comp/samhain_hide.ko; then \ + cp -p m_comp/samhain_hide.ko samhain_hide.ko; \ + rm -rf m_comp/; \ + else \ + echo "Kernel module samhain_hide.ko not build"; \ + exit 1; \ + fi + +# -- NEW -- +lkm: @sh_lkm@ + + + +# For kernel syscall monitoring +kern_head: Makefile $(top_srcdir)/include/kern_head.h $(srcsrc)/kern_head.c + @echo "$(COMPILE) -DSYSTEMMAP=\"@systemmap@\" -o kern_head $(srcsrc)/kern_head.c $(LIBS_KVM)"; \ + $(COMPILE) -DSYSTEMMAP=\"@systemmap@\" -o kern_head $(srcsrc)/kern_head.c $(LIBS_KVM) + +sh_ks.h: kern_head + @sleep 1; \ + ./kern_head > sh_ks.h + +sh_ks_xor.h: encode sh_ks.h + @echo 'encode $(XOR_CODE) sh_ks.h'; \ + sleep 1; \ + ./encode $(XOR_CODE) sh_ks.h; \ + mv x_sh_ks.h sh_ks_xor.h + +# For bignum +internal.h: mkhdr + @sleep 1; \ + ./mkhdr + +bignum.o: internal.h + +# If your compiler can't handle long identifiers (> 6 chars), move the `#' to +# the other line. + +mkhdr: $(srcsrc)/mkhdr.c config.h + @echo "$(COMPILE) -o mkhdr $(srcsrc)/mkhdr.c"; \ + sleep 1; \ + $(COMPILE) -o mkhdr $(srcsrc)/mkhdr.c + +# $(COMPILE) -DBIG_SHORT_NAMES -o mkhdr $(srcdir)/mkhdr.c + +#---------------------------------------------------------- +# +# EXE PACKER rules +# +#---------------------------------------------------------- + +minilzo.o: $(srcsrc)/minilzo.c $(srcinc)/lzoconf.h $(srcinc)/minilzo.h config.h + @echo "$(COMPILE) -DMINILZO_HAVE_CONFIG_H -o minilzo.o -c $(srcsrc)/minilzo.c"; \ + $(COMPILE) -DMINILZO_HAVE_CONFIG_H -o minilzo.o -c $(srcsrc)/minilzo.c + +exepack_mkdata: $(srcsrc)/exepack_mkdata.c $(srcinc)/lzoconf.h $(srcinc)/minilzo.h minilzo.o + @echo "$(COMPILE) -o exepack_mkdata.o -c $(srcsrc)/exepack_mkdata.c"; \ + $(COMPILE) -o exepack_mkdata.o -c $(srcsrc)/exepack_mkdata.c; \ + echo "$(LINK) exepack_mkdata.o minilzo.o"; \ + $(LINK) exepack_mkdata.o minilzo.o + +# +# prepare the data to be packed +# +exepack.data: $(SAMHAIN) exepack_mkdata sstrip + @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ + cp ./$(SAMHAIN) ./samhain.pk.data; \ + echo "strip ./samhain.pk.data"; \ + strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ + echo "./sstrip ./samhain.pk.data"; \ + ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ + echo "./exepack_mkdata ./samhain.pk.data ./exepack.data 0"; \ + ./exepack_mkdata ./samhain.pk.data ./exepack.data 0; \ + echo "rm -f ./samhain.pk.data"; \ + rm -f ./samhain.pk.data; + +exepack: $(srcsrc)/exepack.c minilzo.o exepack.data + @echo "$(COMPILE) -o exepack.o -c $(srcsrc)/exepack.c"; \ + $(COMPILE) -o exepack.o -c $(srcsrc)/exepack.c; \ + echo "$(LINK) exepack.o minilzo.o"; \ + $(LINK) exepack.o minilzo.o; + +# +# this program fills the data section with the binary +# +exepack_fill: $(srcsrc)/exepack_fill.c minilzo.o exepack + @echo "$(COMPILE) -o exepack_fill.o -c $(srcsrc)/exepack_fill.c"; \ + $(COMPILE) -o exepack_fill.o -c $(srcsrc)/exepack_fill.c; \ + echo "$(LINK) exepack_fill.o minilzo.o"; \ + $(LINK) exepack_fill.o minilzo.o + +samhain.pk: $(SAMHAIN) exepack exepack_fill sstrip + @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ + cp ./$(SAMHAIN) ./samhain.pk.data; \ + echo "strip ./samhain.pk.data"; \ + strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ + echo "./sstrip ./samhain.pk.data"; \ + ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ + test -f exepack.out && rm exepack.out; \ + echo "./exepack_fill exepack samhain.pk.data exepack.out"; \ + ./exepack_fill exepack samhain.pk.data exepack.out; \ + chmod +x exepack.out; \ + echo "strip exepack.out"; \ + strip exepack.out > /dev/null 2>&1 || echo "... is already stripped"; \ + ./sstrip exepack.out > /dev/null 2>&1 || echo "sstrip returned false"; \ + echo "mv exepack.out samhain.pk"; \ + rm -f samhain.pk; mv exepack.out samhain.pk + +samhain-packed: $(SAMHAIN) samhain_setpwd + @echo "samhain_setpwd samhain new $(CLIENTPASSWD)"; \ + samhain_setpwd samhain new $(CLIENTPASSWD); \ + echo "rm -f samhain; mv samhain.new samhain"; \ + rm -f samhain; mv samhain.new samhain; \ + $(MAKE) samhain.pk; \ + echo "rm -f samhain; mv samhain.pk samhain"; \ + rm -f samhain; mv samhain.pk samhain + +#---------------------------------------------------------- +# +# DEPLOY rules +# +#---------------------------------------------------------- + +uninstall-deploy: + rm -rf $(mydatadir)/profiles/source + rm -rf $(mydatadir)/profiles/archpkg + rm -rf $(mydatadir)/profiles/libexec + rm -rf $(mydatadir)/profiles/tmp + rm -rf $(mydatadir)/profiles/private + @if test -f $(sbindir)/deploy.sh; then \ + old_deploy=`grep 'VERSION2' $(sbindir)/deploy.sh >/dev/null 2>&1 || echo old`; \ + if test x"$$old_deploy" = xold; then \ + echo "rm -f $(sbindir)/deploy2.sh"; \ + rm -f $(sbindir)/deploy2.sh; \ + else \ + echo "rm -f $(sbindir)/deploy.sh"; \ + rm -f $(sbindir)/deploy.sh; \ + fi; \ + fi + +EXECFILES= comCHECKSRC comDOWNLOAD comBUILD comCLEAN comINSTALL \ + funcDIALOG funcEXE funcPRINT funcSETUP funcBUILD funcINSTALL \ + funcDB comUNINSTALL \ + preinstall postinstall initscript + +# $(mydatadir)/profiles/ +# | +# | +# |-- source -------------> (tarballs) +# | +# |-- configs ------------> (default configs) +# | +# |-- archpkg +# | | +# | |-- architecture -> (package, setup script) +# | +# |-- hosts +# | | +# | |-- hostname -----> (config) +# | +# |-- libexec ------------> (scripts) +# | +# |-- private ------------> (gpg key) +# | +# |-- tmp +# +install-deploy: deploy.sh samhain_stealth + @echo "Creating directory tree under $(mydatadir)/profiles/"; \ + $(mkinstalldirs) $(sbindir); \ + $(mkinstalldirs) $(mydatadir)/profiles/source; \ + $(mkinstalldirs) $(mydatadir)/profiles/configs; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/debian_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/gentoo_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/redhat_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/linux_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/freebsd_i386;\ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/solaris; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/aix; \ + $(mkinstalldirs) $(mydatadir)/profiles/hosts; \ + $(mkinstalldirs) $(mydatadir)/profiles/libexec; \ + $(mkinstalldirs) $(mydatadir)/profiles/private; \ + $(mkinstalldirs) $(mydatadir)/profiles/tmp; \ + if test -f $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz.asc; then \ + if test -f $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz; then \ + echo "Installing source tarball"; \ + $(INSTALL_DATA) $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz.asc \ + $(mydatadir)/profiles/source/$(PACKAGE)-$(VERSION).tar.gz.asc; \ + $(INSTALL_DATA) $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz \ + $(mydatadir)/profiles/source/$(PACKAGE)-$(VERSION).tar.gz; \ + fi; \ + fi; \ + echo "Installing default configs"; \ + test -f $(mydatadir)/profiles/configs/freebsd_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.freebsd \ + $(mydatadir)/profiles/configs/freebsd_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/debian_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/debian_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/gentoo_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/gentoo_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/redhat_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/redhat_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/linux_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/linux_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/solaris.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.solaris \ + $(mydatadir)/profiles/configs/solaris.samhainrc; \ + test -f $(mydatadir)/profiles/configs/aix.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.aix5.2.0 \ + $(mydatadir)/profiles/configs/aix.samhainrc; \ + if test -f $(mydatadir)/profiles/configs/generic.configure; then \ + :; \ + else \ + SH_FQDN_SYSTEM=`uname -n`; \ + SH_FQDN_DOMAIN=`grep -i domain /etc/resolv.conf |grep -v "\#" |awk '{print $$2}' |head -1`; \ + if test -n "$${SH_FQDN_SYSTEM}" -a -n "$${SH_FQDN_DOMAIN}"; then \ + sh_thishost="$${SH_FQDN_SYSTEM}.$${SH_FQDN_DOMAIN}"; \ + else \ + sh_thishost="FQDN_MISSING"; \ + fi; \ + outfile=$(mydatadir)/profiles/configs/generic.configure; \ + echo "'--enable-network=client'" > $$outfile; \ + echo "'--with-logserver=$${sh_thishost}'" >> $$outfile; \ + echo "'--with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file'" >> $$outfile; \ + echo "'--with-config-file=REQ_FROM_SERVER/etc/samhainrc'" >> $$outfile; \ + echo "'--enable-base=@mykeybase@'" >> $$outfile; \ + fi; \ + $(INSTALL_SHELL) $(srcdir)/mkinstalldirs \ + $(mydatadir)/profiles/libexec; \ + $(INSTALL_SHELL) $(srcdir)/install-sh \ + $(mydatadir)/profiles/libexec; \ + for ff in $(EXECFILES); do \ + test -f $(srcdir)/dsys/$$ff && $(INSTALL_SHELL) $(srcdir)/dsys/$$ff \ + $(mydatadir)/profiles/libexec; \ + done; \ + $(INSTALL_SHELL) samhain_stealth $(mydatadir)/profiles/libexec; \ + test -f $(srcdir)/dsys/0F571F6C.asc && $(INSTALL_DATA) $(srcdir)/dsys/0F571F6C.asc \ + $(mydatadir)/profiles/private; \ + convert +compress $(srcdir)/stealth_template.jpg stealth_template.ps >/dev/null || \ + { echo "*"; echo "* 'convert' not found or not working, not installing"; echo "* $(mydatadir)/profiles/private/stealth_template.ps"; echo "* (only required for installing packages built with --enable-stealth)"; echo "*"; }; \ + if test -f stealth_template.ps; then \ + if test -f $(mydatadir)/profiles/private/stealth_template.ps; then \ + :; \ + else \ + $(INSTALL_DATA) stealth_template.ps $(mydatadir)/profiles/private; \ + fi; \ + fi; \ + if test -f $(sbindir)/deploy.sh; then \ + old_deploy=`grep 'VERSION2' $(sbindir)/deploy.sh >/dev/null 2>&1 || echo old`; \ + if test x"$$old_deploy" = xold; then \ + echo "*"; echo "* Version 1 of deploy.sh found"; echo "*"; \ + echo "* Installing $(sbindir)/deploy2.sh"; echo "*"; \ + $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy2.sh; \ + else \ + echo "Installing $(sbindir)/deploy.sh"; \ + $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy.sh; \ + fi; \ + else \ + echo "Installing $(sbindir)/deploy.sh"; \ + $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy.sh; \ + fi + + +#---------------------------------------------------------- +# +# DISTRIBUTION rules +# +#---------------------------------------------------------- + +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. + +# +# 1) make distribution tarfile +# 2) unpack the tarfile into distdir +# 3) create build and install directories +# 4) do the build in the build dir, with sources from distdir +# 5) check (there are no subdirs, thus does nothing) +# 6) install +# 7) installcheck (equal to check, does nothing) +# +distcheck: dist + -rm -rf $(distdir) + GZIP=$(GZIP) $(TAR) zxf $(distdir).tar.gz + mkdir $(distdir)/=build + mkdir $(distdir)/=inst + dc_install_base=`cd $(distdir)/=inst && pwd`; \ + cd $(distdir)/=build \ + && ../configure --srcdir=.. --prefix=$$dc_install_base \ + && $(MAKE) \ + && $(MAKE) install + -rm -rf $(distdir) + -rm -f $(distdir).tar.gz.asc + @gpg -a --detach-sign $(distdir).tar.gz; \ + $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc; \ + rm -f $(distdir).tar.gz; \ + rm -f $(distdir).tar.gz.asc; \ + gzip --best $(distdir).tar + mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz + @echo "========================"; \ + echo "$(PACKAGE)_signed-$(VERSION).tar.gz is ready for distribution"; \ + echo "========================" + +# +# create a tarfile for the distibution +# +distrpm: distdirrpm + -chmod -R a+r $(distdir) + -rm -rf $(distdir).tar.gz + -rm -rf $(distdir).tar + $(TAR) chof $(distdir).tar $(distdir) + gzip -c --best $(distdir).tar > $(distdir).tar.gz + -rm -rf $(distdir) + +dist: distdir + -chmod -R a+r $(distdir) + -rm -rf $(distdir).tar.gz + -rm -rf $(distdir).tar + $(TAR) chof $(distdir).tar $(distdir) + gzip -c --best $(distdir).tar > $(distdir).tar.gz + -rm -rf $(distdir) + +# +# create a tarfile for the distibution +# +dist-sign: distdir + -rm -f $(distdir)/scripts/samhain.ebuild + -rm -f $(distdir)/scripts/samhain.ebuild-light + -chmod -R a+r $(distdir) + -rm -rf $(distdir).tar.gz + -rm -rf $(distdir).tar + $(TAR) chof $(distdir).tar $(distdir) + gzip --best $(distdir).tar + -rm -rf $(distdir) + -rm -f $(distdir).tar.gz.asc + gpg -a --detach-sign $(distdir).tar.gz + $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc + -rm -f $(distdir).tar.gz + -rm -f $(distdir).tar.gz.asc + gzip --best $(distdir).tar + mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz + + +# +# same as dist +# +dist-all: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) + +# +# create distribution directory and copy files into it +# +INITFILES=samhain.startIRIX samhain.startFreeBSD samhain.startSolaris \ +samhain.startLSB samhain.startGentoo samhain.startLinux samhain.startHPUX + +SCRIPTFILES=redhat_i386.client.spec check_samhain.pl samhainadmin.pl + +distdir: distfilecheck + -rm -f $(top_srcdir)/init/*~ + -rm -f $(top_srcdir)/dsys/*~ + -rm -f $(top_srcdir)/docs/*~ + -rm -f $(top_srcdir)/include/*~ + -rm -f $(top_srcdir)/src/*~ + -rm -f $(top_srcdir)/test/*~ + -rm -f $(top_srcdir)/scripts/*~ + (cd $(top_srcdir)/init && rm -f $(INITFILES)) + (cd $(top_srcdir)/scripts && rm -f $(SCRIPTFILES)) + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + @for file in $(DISTFILES); do \ + d=$(top_srcdir); \ + if test -f $$d/$$file || test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + fi; \ + done; \ + cp scripts/samhain.spec $(distdir)/samhain.spec; \ + rm -f $(distdir)/scripts/*.spec + +# +# as distdir, but don't copy spec file from scripts +# +distdirrpm: distfilecheck + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + @if test -f ./samhain.spec; then \ + :; \ + else \ + echo "Error: ./samhain.spec not found, please run configure"; \ + exit 1; \ + fi + @cp -p samhain.spec $(distdir)/samhain.spec; \ + for file in $(DISTFILES); do \ + d=$(top_srcdir); \ + if test -f $$d/$$file || test -d $$d/$$file; then \ + if test x"$$file" = "xsamhain.spec"; then \ + :; \ + else \ + cp -pr $$d/$$file $(distdir)/$$file; \ + fi; \ + fi; \ + done; \ + rm -f $(distdir)/scripts/*.spec + + +distfilecheck: $(top_srcdir)/config.h.in $(top_srcdir)/depend.sum + @for file in $(DISTFILES); do \ + d=$(top_srcdir); \ + if test -f $$d/$$file || test -d $$d/$$file; then \ + : \ + else \ + echo "File not found: $$d/$$file"; \ + fi; \ + done + @for file in $(SOURCES); do \ + if test -f $$file; then \ + : \ + else \ + echo "File not found: $$file"; \ + fi; \ + done + + +# DO NOT DELETE THIS LINE + + +samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_forward.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h sh_MK.h $(srcinc)/sh_schedule.h +sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/sh_ignore.h +sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h +sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h +sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/zAVLTree.h +sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h +sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_database.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_files.h $(srcinc)/sh_mail.h $(srcinc)/sh_calls.h $(srcinc)/sh_tiger.h $(srcinc)/sh_forward.h $(srcinc)/sh_modules.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_extern.h $(srcinc)/sh_database.h $(srcinc)/sh_prelude.h +sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h +sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h +sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h +sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h +sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/sh_hash.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h +sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h +sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h +sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h +sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h +sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h +sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h +sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h +sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h +sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h +sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h +sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_forward.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h +sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h +sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h +sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h +sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h +sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h +bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h +mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h +samhain_setpwd.o: $(srcsrc)/samhain_setpwd.c Makefile config_xor.h +samhain_stealth.o: $(srcsrc)/samhain_stealth.c Makefile config_xor.h +encode.o: $(srcsrc)/encode.c Makefile +sstrip.o: $(srcsrc)/sstrip.c Makefile config.h +trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h +exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data +exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h +exepack_mkdata.o: $(srcsrc)/exepack_mkdata.c Makefile config.h $(srcinc)/minilzo.h +minilzo.o: $(srcsrc)/minilzo.c Makefile $(srcinc)/minilzo.h +slib.o: $(srcsrc)/slib.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +rijndael-alg-fst.o: $(srcsrc)/rijndael-alg-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-boxes-fst.h +rijndael-api-fst.o: $(srcsrc)/rijndael-api-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-api-fst.h +zAVLTree.o: $(srcsrc)/zAVLTree.c Makefile $(srcinc)/zAVLTree.h +sh_socket.o: $(srcsrc)/sh_socket.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_socket.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/zAVLTree.h $(srcinc)/sh_html.h $(srcinc)/sh_tools.h +sh_ignore.o: $(srcsrc)/sh_ignore.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h +yulectl.o: $(srcsrc)/yulectl.c Makefile config_xor.h +sh_mounts.o: $(srcsrc)/sh_mounts.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_mounts.h +sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h +sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h +kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h +sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h +sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h +sh_prelude_old.o: $(srcsrc)/sh_prelude_old.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_mem.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h +sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h Index: branches/samhain-2_2-branch/README =================================================================== --- branches/samhain-2_2-branch/README (revision 66) +++ branches/samhain-2_2-branch/README (revision 66) @@ -0,0 +1,497 @@ + +CONTENT OF THIS DOCUMENT +------------------------ + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +++ +++ + +++ NOTE: The distribution package contains a much more detailed MANUAL +++ + +++ +++ + +++ ---- See the docs/ subdirectory ---- +++ + +++ +++ + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + - INSTALL basic install procedure + + - PGP SIGNATURES signing database and config file + + - CLIENT/SERVER how to install and use with client/server mode + for distributed host monitoring + + - STEALTH how to install and use with stealth mode enabled + + - USAGE some usage examples + + - CAVEATS what the name says + + - START AT BOOT TIME how to start the daemon during the boot sequence + + - CONFIGURE OPTIONS overview of supported options, and defaults + + - TESTING test suite (also useful to see EXAMPLES) + + + + +INSTALL: +------- + + Unpack the source with: + + gunzip -c samhain-current.tar.gz | tar xvf - + + This will drop two files in your current directory: + + samhain-{version}.tar.gz + samhain-{version}.tar.gz.asc + + To check authenticity and integrity of the source code, verify + the PGP signature on samhain-{version}.tar.gz + (public PGP key for Rainer Wichmann at http://wwwkeys.pgp.net/): + + gpg --verify samhain-{version}.tar.gz.asc samhain-{version}.tar.gz + + Then unpack samhain-{version}.tar.gz: + + gunzip -c samhain-{version}.tar.gz | tar xvf - + cd samhain-{version} + + If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) + installed, you can use the GUI install tool: + + ./Install.sh + + Otherwise use the commands: + + ./configure [options] + make + su root + make install + + At least the following executable will be built: + + +++ samhain +++ the monitoring agent, without any + client/server support (i.e. local use only) + + Additional executables will be built if you compile in client/server + and/or stealth mode (see below). + + The 'make install' target will strip the executable(s), i.e. + discard symbols. + + PATHS: + ----- + For configuring the install paths/locations, + see the MANUAL. + + + WARNING: + ------- + Some versions of gcc have a bug that generates incorrect + code if strength reducing is enabled. + If you modify the compiler flags, always use the -fno-strength-reduce + option with gcc, unless you are sure that your compiler does not + suffer from the problem (see README.gcc_bug). + Also, some gcc versions generate incorrect code unless the + -fno-omit-frame-pointer option is used. + The -fno-strength-reduce and the -fno-omit-frame-pointer options are + enabled by default by the 'configure' script. + +PGP SIGNATURES: +-------------- + By default, samhain will report on the checksums of the database + and configuration files on startup. + + You can always (clear)sign the database (once initialized) + with GnuPG, as well as the configuration file + (recommended: gpg -a --clearsign --not-dash-escaped FILE). + + However, to have samhain check these signatures, rather than ignoring + them, you need GnuPG and you must compile samhain with the option + + ./configure --with-gpg=PATH + + where PATH is the path to the gpg/pgp binary. + + Samhain will invoke gpg only after checking that + only trusted users (by default: root and the effective user) + have write access to any element in the path. + + The public key for verification must be in the keyring of the + effective user (usually root) + + For more security, it is possible to compile in the checksum + of the GnuPG executable, and/or the key fingerprint. See + the MANUAL for more details. + + The public key will be searched in the gpg home directory + (~/.gnupg/) of the effective user (usually root). + The key identification and fingerprint will be reported. + +CLIENT/SERVER: +------------- + + samhain supports logging to a central server via TCP/IP. + To enable this option, use the ./configure option + + ./configure --enable-network=client|server [more options] + + NOTE: client and server are __distict__ applications, and must be + built seperately. By default, installation names and paths are + different. Do not blame us if you abuse './configure' options to + cause name clashes, if you install both on the same host. + + The following executables are built: + + +++ samhain (client) +++ the monitoring agent, + with client code included + if --enable-network=client + + +++ yule (server) +++ the log server (no monitoring, just report + collecting !!!) + if --enable-network=server + + +++ samhain_setpwd +++ a utility program to set the password of + a monitoring agent (see man page samhain.8). + Use it without options to get help. + + + To set up a monitoring agent, do the following: + + -- select a (16-digit hexadecimal) password. To generate + a random password, you can use: + + ./yule -G + + -- use 'samhain_setpwd samhain ' + to generate an agent 'samhain.suffix' with the selected password + (you can rename the agent afterwards, of course) + + -- use 'yule -P password' to compute an entry to register the agent + + -- in the servers's configuration file, insert the computed entry + (replace HOSTNAME with the host, on which the agent will run) + in the section called [Clients] + + By default, client/server authentication + is done with the SRP (Secure Remote Password) protocol. + + It is also possible to store configuration and database files + on the server. See the manual for details. + +STEALTH: +------- + + samhain supports a 'stealth' mode of operation, meaning that + the program can be run without any obvious trace of its presence + on disk. The supplied facilities are more sophisticated than + just running the program under a different name, + and might thwart efforts using 'standard' Unix commands, + but they will not resist a search using dedicated utilities. + To enable this mode, use the ./configure option + + ./configure --enable-stealth=XOR_VAL [more options] + + XOR_VAL must be a decimal number in the range 0, 128..255 + (using 0 will have no effect). + + The runtime executable will contain no printable strings revealing + its nature or purpose (strings are xor'ed with XOR_VAL at compile + time, and decoded at runtime). + + The configuration file is expected to be + a postscript file with _uncompressed_ image data, wherein + the configuration data are hidden by steganography. + To create a suitable image file from an existing image, + you may use e.g. the ImageMagick program 'convert', such as: + + convert +compress ima.jpg ima.ps + + The following additional executable will be built: + + +++ samhain_stealth +++ steganography utility program to hide/extract + the configuration file data in/from a + postscript file with + _uncompressed_ image data. + Use it without options to get help. + + Database and log file entries are xor'ed with XOR_VAL to 'mask' + printable strings as binary data. No steganography is supported + for them, as this would require image files of unreasonable large + size. + However, if the database/log file is an existing image (say, a .jpg + file), the data will be appended to the end of the image data. + The image will display normally, and on examination of the file, + the add-on data will look like binary (image) data at first sight. + The built-in utility to verify and print log file entries + will handle this situation transparently. + + To re-name samhain to something unsuspicious, use the configure option + + ./configure --enable-install-name=NAME + + 'make install' will then re-name samhain upon installation. Also, + database, log file, and pid file will have 'samhain' replaced by + NAME. + + +USAGE EXAMPLES: +-------------- + + Review the default configuration file that comes with the + source distribution. Read the man page (samhain.8). + + initialize database: samhain -t init + + check files: samhain -t check + + run as daemon: samhain -t check -D + + report to log server: samhain -t check -D -e warn + + start the log server: yule -S + + +CAVEATS: +------- + Permissions: + ----------- + samhain needs root permissions to check some system files. + The log server does not require root permissions, unless + you use a privileged port (port number below 1024). + If you use --enable-udp to listen on the syslog socket, you need + to start the log server with root permissions (it will drop them + after binding to the port). + + Trust: + ----- + samhain checks the path to critical files (database, configuration) + for write access by untrusted users. By default, only root and + the effective user are trusted. More UIDs can be added as a + compile options (some systems habe 'bin' as owner of the root + directory). + + Integrity: + --------- + On startup, samhain will report on signatures or checksums of + database and configuration files. You better check these reports. + + Both startup and exit will be reported. If you are using samhain + as daemon and start it at boot time, you may want to check that + startup/exit corresponds with scheduled reboots. + + If the path to the samhain binary is defined in the configuration + file, samhain will checksum the binary at startup and compare + at program termination. This will minimize the time available + for an intruder to modify the binary. + + Mail address: + ------------ + For offsite mail, you may have to set a mail relay host + in the configuration file. + +START AT BOOT TIME: +------------------ + the easy way (supported on Linux, FreeBSD, HP-UX, AIX): + + su root + make install-boot + + + +CONFIGURE OPTIONS: +----------------- + + ------------------- + -- basic options -- + ------------------- + + --enable-network Compile with client/server support. + + --enable-udp Enable the server to listen on + port 514/udp (syslog). + + --enable-srp Use SRP protocol to authenticate to + log server. + + --with-gpg=PATH Use GnuPG to verify database/config. + The public key of the effective + user (in ~/.gnupg/pubring.gpg) + will be used. + + --enable-login-watch Watch for login/logout events. + + --enable-stealth=XOR_VAL Enable stealth mode, and set XOR_VAL. + XOR_VAL must be decimal in + 0..32 or 127..255 + and will be used to 'mask' literal + strings as binary data. + (0 has no effect). + + --enable-micro-stealth=XOR_VAL + As --with-stealth, but without + steganographic hidden configuration + file. + + --enable-nocl=PW Enable command line parsing ONLY if + PW is the first argument on the command + line. If PW is "" (empty string), + command line parsing is completely + disabled. + + --enable-base=BASE Set base for one-time pads. Must be + ONE string (no space) made of TWO + comma-separated integers in the range + -2147483648...2147483647. + (The default is compile time.) + Binaries compiled with different + values cannot verify the audit trail(s) + of each other. + THIS IS IMPORTANT IF YOU COMPILE + MULTIPLE TIMES, E.G. ON DIFFERENT + HOSTS. + + + ------------------- + -- paths -- + ------------------- + + ${install_name} is "samhain" by default + (see --with-install-name=NAME ) + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/local/man + bindir: /usr/local/sbin/ + + + --exec-prefix=EPREFIX Set sbindir prefix (default + is /usr/local, ie. binaries + go to /usr/local/sbin) + + --prefix=PREFIX install directory + (default is NONE) + + IF PREFIX = USR; then + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/share/man + bindir: /usr/sbin/ + + IF PREFIX = OPT; then + + configuration: /etc/opt/${install_name}rc + state data: /var/opt/${install_name}/${install_name} + log file: /var/opt/${install_name}/${install_name}_log + lock/pid file: /var/opt/${install_name}/${install_name}.pid + + mandir: /opt/${install_name}/man + bindir: /opt/${install_name}/bin/ + + IF PREFIX = (something else); then + + If EPREFIX is not set, it will be set to PREFIX. + configuration: PREFIX/etc/${install_name}rc + state data: PREFIX/var/lib/${install_name} + log file: PREFIX/var/log/${install_name}_log + lock/pid file: PREFIX/var/run/${install_name}.pid + + mandir: PREFIX/share/man + bindir: PREFIX/sbin/ + + + + --with-config-file=FILE Set path of configuration file + (default is PREFIX/etc/samhainrc) + + --with-data-file=FILE Set path of data file + (PREFIX/var/lib/samhain/samhain_file) + --with-html-file=FILE Set path of server status html file + (PREFIX/var/lib/samhain/samhain.html) + + --with-log-file=FILE Set path of log file + (PREFIX/var/log/samhain_log) + --with-pid-file=FILE Set path of lock file + (PREFIX/var/run/samhain.pid) + + ------------------- + -- other -- + ------------------- + + + --with-checksum=CHECKSUM Compile in TIGER checksum of the + gpg/pgp binary. + CHECKSUM must be the full + line output by samhain or GnuPG when + computing the checksum. + + --with-fp=FINGERPRINT Compile in public key fingerprint. + FINGERPRINT must be without spaces. + Only useful in combination with + '--with-gpg'. + If used, samhain will check the + fingerprint, but still report on the + used public key. + + --enable-identity=USER Set user when dropping root privileges + (default is the user "nobody"). + Only needed if there is no user + 'nobody' on your system + (check /etc/passwd) + + --with-port=PORT Set port number for TCP/IP + (default is 49777). + Only needed if this port is already + used by some other application. + + --with-logserver=HOST Set host address for log server + (default is NULL). + You can set this in the configuration + file as well. + + --with-timeserver=HOST Set host address for time server + (default is NULL - use own clock). + You can set this in the configuration + file as well. + + --with-sender=SENDER Set sender for e-mail + (default is daemon). + + --enable-xml-log Use XML format for log file. + + --enable-debug Enable extended debugging + + --enable-ptrace Use anti-debugging code. + + --with-trusted=UID Comma-separated list of UID's of + users that are always trusted + (default is 0 = root). + You will need this only if the + path to the config file has directories + owned neither by 'root' nor by the + (effective) user of the program. + + +TESTING: +------- + For testing compilation etc., you may use the test suite: + + ./test/test.sh n [hostname] + + The argument 'n' is the number of the test to run. Some tests require + that the (fully qualified) hostname be given as second argument. + + Without options, you will get a short help/usage message, listing + each test, its purpose, and the name of the configuration file used. + You may want to review the respective configuration file before + running a test. + + Also listed are the scripts used for each test. If you have problems + getting samhain to run, you may use these scripts as examples. + Index: branches/samhain-2_2-branch/acconfig.h =================================================================== --- branches/samhain-2_2-branch/acconfig.h (revision 66) +++ branches/samhain-2_2-branch/acconfig.h (revision 66) @@ -0,0 +1,433 @@ + +#ifndef CONFIG_H +#define CONFIG_H + + +@TOP@ + +/* ---- compile options ------------ */ + +/* Define if you want database support */ +#undef WITH_DATABASE + +/* Define if the database is unixODBC */ +#undef WITH_ODBC + +/* Define if the database is oracle */ +#undef WITH_ORACLE + +/* Define if the database is mysql */ +#undef WITH_MYSQL + +/* Define if the database is postgresql */ +#undef WITH_POSTGRES + +/* Define if the server may listen on 514/udp */ +#undef INET_SYSLOG + +/* Define if you want logfile in XML format */ +#undef SH_USE_XML + +/* Define if you want external programs. */ +#undef WITH_EXTERNAL + +/* Define if you want to reload the database */ +/* on SIGHUP. */ +#undef RELOAD_DATABASE + +/* Define if you want SysV message queue. */ +#undef WITH_MESSAGE_QUEUE + +/* Define the mode of the message queue. */ +#undef MESSAGE_QUEUE_MODE + +/* Define which users are always trusted. */ +/* default = 0 ( = root) */ +#undef SL_ALWAYS_TRUSTED + +/* Define if you want network time. */ +/* default = no */ +#undef HAVE_NTIME + +/* The time server host address. */ +/* default = "NULL" */ +#undef DEFAULT_TIMESERVER +#undef ALT_TIMESERVER + +/* Define if you want to use the mail code. */ +/* default = yes */ +#undef SH_WITH_MAIL + +/* Define if you want client/server encryption*/ +#undef SH_ENCRYPT + +/* Define if you want version 2 encryption */ +#undef SH_ENCRYPT_2 + +/* Define if you want to watch for login/-out.*/ +/* default = no */ +#undef SH_USE_UTMP + +/* Define if you want to check mount options on filesystems */ +/* default = no */ +#undef SH_USE_MOUNTS + +/* Define if you want to keep an eye on */ +/* sensitive files that your users own */ +#undef SH_USE_USERFILES + +/* Define if you want to watch for suid/sgid */ +/* files */ +#undef SH_USE_SUIDCHK + +/* Define if you want to check kernel syscall */ +/* table to detect LKM rootkits. */ +/* default = no */ +#undef SH_USE_KERN + +/* Define if you want to use the Kernel */ +/* module to hide samhain. */ +#undef SH_USE_LKM + +/* Define if you have a vanilla Kernel */ +/* (2.4 or 2.2) */ +#undef SH_VANILLA_KERNEL + +/* Define to the name of the MAGIC_HIDE */ +/* string if you use the Kernel module to */ +/* hide samhain. */ +#undef SH_MAGIC_HIDE + +/* Define if you want 'micro' stealth mode. */ +/* default = no */ +#undef SH_STEALTH_MICRO + +/* Define if you want to use stealth mode. */ +/* default = no */ +#undef SH_STEALTH + +/* Define if you want stealth w/o CL parsing. */ +/* default = no */ +#undef SH_STEALTH_NOCL + +/* The magic argv[1] to re-enable CL parsing. */ +/* default = "yes" */ +#undef NOCL_CODE + +/* XOR value to hide literal strings. */ +/* default = 0 */ +#undef XOR_CODE + +/* The port number for TCP/IP connection. */ +/* default = 49777 */ +#undef SH_DEFAULT_PORT + +/* The identity to assume when dropping root */ +/* default = "nobody" */ +#undef DEFAULT_IDENT + +/* Directory for tmp files */ +#undef SH_TMPDIR + +/* The data root directory. */ +/* default="/var/lib/samhain" */ +#undef DEFAULT_DATAROOT + +/* The quarantine directory. */ +/* default="/var/lib/samhain/.quarantine */ +#undef DEFAULT_QDIR + +/* The location of the log file. */ +/* default="/var/log/samhain_log" */ +#undef DEFAULT_ERRFILE + +/* The directory of the log file. */ +/* default="/var/log" */ +#undef DEFAULT_LOGDIR + +/* The location of the pid file. */ +/* default="/var/run/samhain.pid" */ +#undef DEFAULT_ERRLOCK + +/* The location of the pid file directory. */ +/* default="/var/run " */ +#undef DEFAULT_PIDDIR + +/* The location of the configuration file. */ +/* default="/etc/samhainrc" */ +#undef DEFAULT_CONFIGFILE + +/* The location of the checksum data. */ +/* default="/var/lib/samhain/samhain_file" */ +#undef DEFAULT_DATA_FILE + +/* The location of the html report. */ +/* default="/var/log/.samhain.html" */ +#undef DEFAULT_HTML_FILE + +/* The install directory. */ +/* default="/usr/local/sbin" */ +#undef SH_INSTALL_DIR + +/* The install path. */ +/* default="/usr/local/sbin/samhain" */ +#undef SH_INSTALL_PATH +#undef SH_INSTALL_YULE_PATH + +/* The install name. */ +/* default="samhain" */ +#undef SH_INSTALL_NAME + +/* The sender name to use. */ +/* default = "daemon" */ +#undef DEFAULT_SENDER + +/* The address to send mail to. */ +/* default = "NULL" */ +#undef DEFAULT_MAILADDRESS +#undef ALT_MAILADDRESS + +/* The log server. */ +/* default = "NULL" */ +#undef DEFAULT_LOGSERVER +#undef ALT_LOGSERVER + +/* The console. */ +/* default = "NULL" */ +#undef DEFAULT_CONSOLE +#undef ALT_CONSOLE + +/* The default base for one-time pads. */ +/* default = compile_time,compile_time */ +#undef DEFKEY + +/* Define if you want more debug options. */ +/* default = no */ +#undef MEM_DEBUG + +/* Define if you want more debug output. */ +/* default = no */ +#undef WITH_TPT + +/* Define if you want tracing. */ +/* default = no */ +#undef WITH_TRACE + +/* Define if you want slib debug. */ +/* default = no */ +#undef SL_DEBUG + +/* Define if you want slib to abort on errors.*/ +/* default = no */ +#undef SL_FAIL_ON_ERROR + +/* Define if you want to use SRP authenticaton*/ +#undef USE_SRP_PROTOCOL + +/* Define if you want to use GnuPG to */ +/* verify database and configuation file. */ +#undef WITH_GPG + +/* The full path to GnuPG */ +#undef DEFAULT_GPG_PATH + +/* Define if using the gpg/pgp checksum. */ +#undef HAVE_GPG_CHECKSUM + +/* The tiger checksum of the gpg/pgp binary. */ +#undef GPG_HASH + +/* Define if you want to compile in the */ +/* public key fingerprint. */ +#undef USE_FINGERPRINT + +/* The public key fingerprint. */ +#undef SH_GPG_FP + +/* Use ptrace - screw up signal handling. */ +#undef SCREW_IT_UP + +/* ---- misc ------------ */ + +/* Define the package name. */ +#undef PACKAGE + +/* Define the package version. */ +#undef VERSION + +/* Define to the position of the key (1...8). */ +#undef POS_TF + +/* Init key for exepack. */ +#undef EXEPACK_STATE_0 +#undef EXEPACK_STATE_1 +#undef EXEPACK_STATE_2 + +/* ---- system-specific options ------------ */ + +/* Define to the address of sys_call_table */ +#undef SH_SYSCALLTABLE + +/* Define to use SVR4 statvfs to get filesystem type. */ +#undef FSTYPE_STATVFS + +/* Define to use SVR3.2 statfs to get filesystem type. */ +#undef FSTYPE_USG_STATFS + +/* Define to use AIX3 statfs to get filesystem type. */ +#undef FSTYPE_AIX_STATFS + +/* Define to use 4.3BSD getmntent to get filesystem type. */ +#undef FSTYPE_MNTENT + +/* Define to use 4.4BSD and OSF1 statfs to get filesystem type. */ +#undef FSTYPE_STATFS + +/* Define to use Ultrix getmnt to get filesystem type. */ +#undef FSTYPE_GETMNT + +/* the basic type to which we can cast a uid + */ +#undef UID_CAST + +/* for ext2fs flags */ +#undef HAVE_EXT2_IOCTLS +#undef HAVE_STAT_FLAGS + +/* obvious */ +#undef HOST_IS_LINUX +#undef HOST_IS_I86LINUX + +/* obvious */ +#undef HOST_IS_CYGWIN + +/* obvious */ +#undef HOST_IS_DARWIN + +/* obvious */ +#undef HOST_IS_FREEBSD + +/* obvious */ +#undef HOST_IS_AIX + +/* obvious */ +#undef HOST_IS_SOLARIS + +/* obvious */ +#undef HOST_IS_I86SOLARIS + +/* obvious */ +#undef HOST_IS_HPUX + +/* Define to the name of the random devices. */ +#undef NAME_OF_DEV_RANDOM + +#undef NAME_OF_DEV_URANDOM + +/* Define if you have long long. */ +#undef HAVE_LONG_LONG + +/* Define if short is 32 bits. */ +#undef HAVE_SHORT_32 + +/* Define if int is 32 bits. */ +#undef HAVE_INT_32 + +/* Define if long is 32 bits. */ +#undef HAVE_LONG_32 + +/* Define if long is 64 bits. */ +#undef HAVE_LONG_64 + +/* Define if UINT64 is 32 bits. */ +#undef UINT64_IS_32 + +/* Define if you have utmpx.h. */ +#undef HAVE_UTMPX_H + +/* Define if your struct utmpx has ut_xtime. */ +#undef HAVE_UTXTIME + +/* Define if your struct utmp has ut_type. */ +#undef HAVE_UTTYPE + +/* Define if your struct utmp has ut_host. */ +#undef HAVE_UTHOST + +/* Define if your struct utmp has ut_addr. */ +#undef HAVE_UTADDR + +/* Define if your includes are broken. */ +#undef HAVE_BROKEN_INCLUDES + +/* Define if your getcwd uses 'popen'. */ +#undef HAVE_BROKEN_GETCWD + +/* Define if your vsnprintf is broken. */ +#undef HAVE_BROKEN_VSNPRINTF + +/* Define if you have va_copy. */ +#undef VA_COPY + +/* Define if va_list may be copied as array. */ +#undef VA_COPY_AS_ARRAY + +/* Define if you need unix entropy gatherer. */ +#undef HAVE_UNIX_RANDOM + +/* Define if you have EGD. */ +#undef HAVE_EGD_RANDOM + +/* Define if you have /dev/random. */ +#undef HAVE_URANDOM + +/* Soket name for EGD. */ +#undef EGD_SOCKET_NAME + +/* Define if your mlock() is broken. */ +#undef HAVE_BROKEN_MLOCK + +/* Define the proc f_type. */ +#undef SH_PROC_MAGIC + +/* Define if you have statfs. */ +#undef HAVE_STATFS + +/* Define if statfs works. */ +#undef STATFS_WORKS + +/* Define to long if not defined. */ +#undef ptrdiff_t + +@BOTTOM@ + +/* dont modify this, unless you know what you do + */ +#define SRP_GENERATOR_1024 "2" +#define SRP_MODULUS_1024_1 \ +_("f488fd584e49dbcd20b49de49107366b336c380d451d0f7c88b31c7c5b2d8ef6") +#define SRP_MODULUS_1024_2 \ +_("f3c923c043f0a55b188d8ebb558cb85d38d334fd7c175743a31d186cde33212c") +#define SRP_MODULUS_1024_3 \ +_("b52aff3ce1b1294018118d7c84a70a72d686c40319c807297aca950cd9969fab") +#define SRP_MODULUS_1024_4 \ +_("d00a509b0246d3083d66a45d419f9c7cbd894b221926baaba25ec355e92f78c7") + +#define SDG_0RETU _("return.\n") +#define SDG_TERRO _("ERROR: file=<%s>, line=<%d>, reason=<%s>\n") +#define SDG_AERRO _("ERROR: file=<%s>, line=<%d>, failed_assertion=<%s>\n") +#define SDG_AFAIL _("FAILED: file=<%s>, line=<%d>, assertion=<%s>\n") +#define SDG_ENTER _("enter=<%s>\n") +#define SDG_RETUR _("return=<%s>.\n") +#define SDG_ERROR _("error=<%ld>.\n") + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#endif Index: branches/samhain-2_2-branch/aclocal.m4 =================================================================== --- branches/samhain-2_2-branch/aclocal.m4 (revision 66) +++ branches/samhain-2_2-branch/aclocal.m4 (revision 66) @@ -0,0 +1,1417 @@ +dnl aclocal.m4 generated automatically by aclocal 1.3 + +dnl Copyright (C) 1994, 1995, 1996, 1997, 1998 Free Software Foundation, Inc. +dnl This Makefile.in is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +# +# Check to make sure that the build environment is sane. +# +AC_DEFUN([AM_INIT_AUTOMAKE], +[ +AC_REQUIRE([AC_PROG_INSTALL]) +PACKAGE=[$1] +AC_SUBST(PACKAGE) +VERSION=[$2] +AC_SUBST(VERSION) +dnl test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi +ifelse([$3],, +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE") +AC_DEFINE_UNQUOTED(VERSION, "$VERSION")) +AC_REQUIRE([AC_PROG_MAKE_SET])]) + + +# Define a conditional. + +AC_DEFUN([AM_CONDITIONAL], +[AC_SUBST($1_TRUE) +AC_SUBST($1_FALSE) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi]) + + +AC_DEFUN([sh_run_prog], +[if test "$cross_compiling" = "yes"; then + AC_MSG_ERROR([Can not probe non-portable values when cross compiling]) +fi +cat > conftest.$ac_ext </dev/null)` +then +dnl Don't remove the temporary files here, so they can be examined. +ifelse([$3], , :, [$3]) +else +echo "configure: failed program was:" >&AC_FD_CC +cat conftest.$ac_ext >&AC_FD_CC +ifelse([$4], , , [ rm -fr conftest* + $4 +]) +fi +rm -fr conftest* ]) + +dnl fs type number of the proc filing system +AC_DEFUN([sh_procfs_id], +[AC_MSG_CHECKING([f_type of /proc]) +AC_CACHE_VAL([sh_cv_proc_fstype], +[sh_run_prog( +changequote(<<, >>)dnl +<<#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_UNISTD_H +#include +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifndef Q +#define __Q(x) #x +#define Q(x) __Q(x) +#endif +int main(void) +{ +struct statfs fsbuf; +long ft; +if (statfs("/", &fsbuf)!=0) + exit(1); +ft=fsbuf.f_type; +if (statfs("/proc/1", &fsbuf)!=0) + exit(1); +if (ft!=fsbuf.f_type) + printf("0x%08lx", fsbuf.f_type); +else + puts("statfs useless"); +exit(0); +} >> +changequote([, ]), sh_cv_proc_fstype,, sh_cv_proc_fstype="a fatal error occured")]) +AC_MSG_RESULT($sh_cv_proc_fstype) +if test "${sh_cv_proc_fstype}" = "a fatal error occured"; then + $1=$2 + $4 +else if test "${sh_cv_proc_fstype}" = "statfs useless"; then + $1=$2 + $4 +else + $1=$sh_cv_proc_fstype + $3 +fi; fi ]) + +# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock +# is not called from uid 0 (not tested whether uid 0 works) +dnl AC_CHECK_MLOCK +dnl +define([AC_CHECK_MLOCK], + [ AC_CHECK_FUNCS(mlock) + if test "$ac_cv_func_mlock" = "yes"; then + AC_MSG_CHECKING(whether mlock is broken) + AC_CACHE_VAL(ac_cv_have_broken_mlock, + AC_TRY_RUN([ + #include + #include + #include + #include + #include + #include + + int main() + { + char *pool; + int err; + long int pgsize = getpagesize(); + + pool = malloc( 4096 + pgsize ); + if( !pool ) + return 2; + pool += (pgsize - ((long int)pool % pgsize)); + + err = mlock( pool, 4096 ); + if( !err || errno == EPERM ) + return 0; /* okay */ + + return 1; /* hmmm */ + } + + ], + ac_cv_have_broken_mlock="no", + ac_cv_have_broken_mlock="yes", + ac_cv_have_broken_mlock="assume-no" + ) + ) + if test "$ac_cv_have_broken_mlock" = "yes"; then + AC_DEFINE(HAVE_BROKEN_MLOCK) + AC_MSG_RESULT(yes) + else + if test "$ac_cv_have_broken_mlock" = "no"; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(assuming no) + fi + fi + fi + ]) + +dnl @synopsis AC_FUNC_VSNPRINTF +dnl +dnl Check whether there is a reasonably sane vsnprintf() function installed. +dnl "Reasonably sane" in this context means never clobbering memory beyond +dnl the buffer supplied, and having a sensible return value. It is +dnl explicitly allowed not to NUL-terminate the return value, however. +dnl +dnl @version $Id: ac_func_vsnprintf.m4,v 1.1 2001/07/26 02:00:21 guidod Exp $ +dnl @author Gaute Strokkenes +dnl +AC_DEFUN([SL_CHECK_VSNPRINTF], +[AC_CACHE_CHECK(for working vsnprintf, + ac_cv_func_vsnprintf, +[AC_TRY_RUN( +[#include +#include + +int +doit(char * s, ...) +{ + char buffer[32]; + va_list args; + int r; + + buffer[5] = 'X'; + + va_start(args, s); + r = vsnprintf(buffer, 5, s, args); + va_end(args); + + /* -1 is pre-C99, 7 is C99. R.W. 17.01.2003 disallow -1 */ + + if (r != 7) + exit(1); + + /* We deliberately do not care if the result is NUL-terminated or + not, since this is easy to work around like this. */ + + buffer[4] = 0; + + /* Simple sanity check. */ + + if (strcmp(buffer, "1234")) + exit(1); + + if (buffer[5] != 'X') + exit(1); + + exit(0); +} + +int +main(void) +{ + doit("1234567"); + exit(1); +}], ac_cv_func_vsnprintf=yes, ac_cv_func_vsnprintf=no, ac_cv_func_vsnprintf=no)]) +dnl Note that the default is to be pessimistic in the case +dnl of cross compilation. +dnl If you know that the target has a sensible vsnprintf(), +dnl you can get around this +dnl by setting ac_func_vsnprintf to yes, as described in the Autoconf manual. +if test $ac_cv_func_vsnprintf = yes; then + : +else + AC_DEFINE(HAVE_BROKEN_VSNPRINTF, 1, + [Define if you have a broken version of the `vsnprintf' function.]) +fi +])# AC_FUNC_VSNPRINTF + +dnl SH_CHECK_TYPEDEF(TYPE, HAVE_NAME) +dnl Check whether a typedef exists and create a #define $2 if it exists +dnl +AC_DEFUN([SH_CHECK_TYPEDEF], + [ AC_MSG_CHECKING(for $1 typedef) + sh_cv_typedef_foo=`echo sh_cv_typedef_$1 | sed -e 's% %_%g'` + AC_CACHE_VAL( $sh_cv_typedef_foo, + [AC_TRY_COMPILE([#include + #include ], [ + #undef $1 + int a = sizeof($1); + ], sh_cv_typedef=yes, sh_cv_typedef=no )]) + AC_MSG_RESULT($sh_cv_typedef) + if test "$sh_cv_typedef" = yes; then + AC_DEFINE($2) + sh_$2=yes + else + sh_$2=no + fi + ]) + + + +dnl ********************** +dnl *** va_copy checks *** +dnl ********************** +AC_DEFUN([SL_CHECK_VA_COPY], +[AC_MSG_CHECKING(for va_copy()) +AC_CACHE_VAL(sh_cv_va_copy,[ + AC_TRY_RUN([ + #include + void f (int i, ...) { + va_list args1, args2; + va_start (args1, i); + va_copy (args2, args1); + if (va_arg (args2, int) != 42) + exit (1); + if (va_arg (args1, int) != 42) + exit (1); + va_end (args1); va_end (args2); + } + int main() { + f (0, 42); + return 0; + }], + sh_cv_va_copy=yes + , + sh_cv_va_copy=no + , + sh_cv_va_copy=no) +]) +AC_MSG_RESULT($sh_cv_va_copy) +AC_MSG_CHECKING(for __va_copy()) +AC_CACHE_VAL(sh_cv___va_copy,[ + AC_TRY_RUN([ + #include + void f (int i, ...) { + va_list args1, args2; + va_start (args1, i); + __va_copy (args2, args1); + if (va_arg (args2, int) != 42) + exit (1); + if (va_arg (args1, int) != 42) + exit (1); + va_end (args1); va_end (args2); + } + int main() { + f (0, 42); + return 0; + }], + sh_cv___va_copy=yes + , + sh_cv___va_copy=no + , + sh_cv___va_copy=no) +]) +AC_MSG_RESULT($sh_cv___va_copy) +AC_MSG_CHECKING(whether va_lists can be copied by value) +AC_CACHE_VAL(sh_cv_va_val_copy,[ + AC_TRY_RUN([ + #include + void f (int i, ...) { + va_list args1, args2; + va_start (args1, i); + args2 = args1; + if (va_arg (args2, int) != 42) + exit (1); + if (va_arg (args1, int) != 42) + exit (1); + va_end (args1); va_end (args2); + } + int main() { + f (0, 42); + return 0; + }], + sh_cv_va_val_copy=yes + , + sh_cv_va_val_copy=no + , + sh_cv_va_val_copy=no) +]) +if test "x$sh_cv_va_copy" = "xyes"; then + AC_DEFINE(VA_COPY, va_copy) +else if test "x$sh_cv___va_copy" = "xyes"; then + AC_DEFINE(VA_COPY, __va_copy) +fi +fi +if test "x$sh_cv_va_val_copy" = "xno"; then + AC_DEFINE(VA_COPY_AS_ARRAY) +fi +AC_MSG_RESULT($sh_cv_va_val_copy) +]) + + +dnl SH_INIT_PARSE_ARGS() +m4_define([SH_INIT_PARSE_ARGS], +[ +m4_divert_push([PARSE_ARGS])dnl + +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[[^_$as_cr_alnum]]%_%g" + +as_tr_sh="eval sed 'y%*+%pp%;s%[[^_$as_cr_alnum]]%_%g'" +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; } + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +AC_SUBST(exec_prefix, NONE)dnl +no_create= +no_recursion= +AC_SUBST(prefix, NONE)dnl +program_prefix=NONE +program_suffix=NONE +AC_SUBST(program_transform_name, [s,x,x,])dnl +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE +DESTDIR= +SH_ENABLE_OPTS="db-reload xml-log message-queue login-watch mounts-check userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp" +SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +dnl Use braces instead of parens because sh, perl, etc. also accept them. +sbindir='${exec_prefix}/sbin' +sysconfdir='${prefix}/etc' +localstatedir='${prefix}/var' +mandir='${prefix}/share/man' + +AC_SUBST([sbindir], ['${exec_prefix}/sbin'])dnl +AC_SUBST([sysconfdir], ['${prefix}/etc'])dnl +AC_SUBST([localstatedir], ['${prefix}/var'])dnl +AC_SUBST([mandir], ['${prefix}/share/man'])dnl + + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in +changequote(, )dnl + *=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; +changequote([, ])dnl + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid feature name: $ac_feature]) + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + ac_enable_check_opt=no + for f in ${SH_ENABLE_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_feature}" + then + ac_enable_check_opt=yes + fi + done + if test x${ac_enable_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([[^=]]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid feature name: $ac_feature]) + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + ac_enable_check_opt=no + for f in ${SH_ENABLE_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_feature}" + then + ac_enable_check_opt=yes + fi + done + if test x${ac_enable_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix + ac_exec_prefix_set="yes" + ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" + ac_exec_prefix_set="yes" + ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir + ac_localstatedir_set="yes" + ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" + ac_localstatedir_set="yes" + ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir + ac_mandir_set="yes" + ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" + ac_mandir_set="yes" + ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix + ac_prefix_set="yes" + ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" + ac_prefix_set="yes" + ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir + ac_sbindir_set="yes" + ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" + ac_sbindir_set="yes" + ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi | --b) + echo "WARNING: bindir will be ignored, use sbindir" + ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* \ + | --bi=* | --b=*) + echo "WARNING: bindir will be ignored, use sbindir" + ;; + + -datadir | --datadir) + echo "WARNING: datadir will be ignored" + ;; + -datadir=* | --datadir=*) + echo "WARNING: datadir will be ignored" + ;; + + -includedir | --includedir) + echo "WARNING: includedir will be ignored" + ;; + -includedir=* | --includedir=*) + echo "WARNING: includedir will be ignored" + ;; + + -infodir | --infodir) + echo "WARNING: infodir will be ignored" + ;; + -infodir=* | --infodir=*) + echo "WARNING: infodir will be ignored" + ;; + + -libdir | --libdir) + echo "WARNING: libdir will be ignored" + ;; + -libdir=* | --libdir=*) + echo "WARNING: libdir will be ignored" + ;; + + -libexecdir | --libexecdir) + echo "WARNING: libexecdir will be ignored" + ;; + -libexecdir=* | --libexecdir=*) + echo "WARNING: libexecdir will be ignored" + ;; + + -sharedstatedir | --sharedstatedir) + echo "WARNING: sharedstatedir will be ignored" + ;; + -sharedstatedir=* | --sharedstatedir=*) + echo "WARNING: sharedstatedir will be ignored" + ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir + ac_sysconfdir_set="yes" + ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" + ac_sysconfdir_set="yes" + ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + ac_init_version=: ;; + + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([[^=]]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid package name: $ac_package]) + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + ac_with_check_opt=no + for f in ${SH_WITH_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_package}" + then + ac_with_check_opt=yes + fi + done + if test x${ac_with_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid package name: $ac_package]) + ac_package=`echo $ac_package | sed 's/-/_/g'` + ac_with_check_opt=no + for f in ${SH_WITH_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_package}" + then + ac_with_check_opt=yes + fi + done + if test x${ac_with_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "with_$ac_package=no" ;; + + + -*) AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([[^=]]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : "[.*[^_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid variable name: $ac_envvar]) + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + AC_MSG_WARN([you should use --build, --host, --target]) + expr "x$ac_option" : "[.*[^-._$as_cr_alnum]]" >/dev/null && + AC_MSG_WARN([invalid host type: $ac_option]) + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + + esac +done + +if test -n "$ac_prev"; then + AC_MSG_ERROR(missing argument to --`echo $ac_prev | sed 's/_/-/g'`) +fi + +# Be sure to have absolute paths. +for ac_var in prefix exec_prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [[\\/$]]* | ?:[[\\/]]* | NONE | '' | OPT | USR ) ;; + *) AC_MSG_ERROR([expected an absolute directory name for --$ac_var: $ac_val]);; + esac +done + +# Be sure to have absolute paths. +for ac_var in sbindir sysconfdir localstatedir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [[\\/$]]* | ?:[[\\/]]* ) ;; + *) AC_MSG_ERROR([expected an absolute directory name for --$ac_var: $ac_val]);; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + AC_MSG_WARN([If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used.]) + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec AS_MESSAGE_FD>/dev/null + +m4_divert_pop([PARSE_ARGS])dnl +])# SH_INIT_PARSE_ARGS + +m4_define([SH_INIT_HELP], +[m4_divert_push([HELP_BEGIN])dnl + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures m4_ifset([AC_PACKAGE_STRING], + [AC_PACKAGE_STRING], + [this package]) to adapt to many kinds of systems. + +Usage: $[0] [[OPTION]]... [[VAR=VALUE]]... + +[To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install binaries in \`/usr/local/sbin', +the config file in \`/etc', manpage in \`/usr/local/share/man', and state +data in \`/var/lib/INSTALL_NAME' (FSH layout). You can specify other +FSH compliant layouts with \`--prefix=OPT' or \`--prefix=USR', or you +can specify a directory with \`--prefix=DIR' to install in \`DIR/sbin', +\`DIR/etc', etc. + +For better control, use the options below. + +Fine tuning of the installation directories: + --sbindir=DIR system admin executables [EPREFIX/sbin] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --mandir=DIR man documentation [PREFIX/man] + +For even finer tuning, paths can be specified for individual files (see below) + +_ACEOF + + cat <<\_ACEOF] +m4_divert_pop([HELP_BEGIN])dnl +dnl The order of the diversions here is +dnl - HELP_BEGIN +dnl which may be prolongated by extra generic options such as with X or +dnl AC_ARG_PROGRAM. Displayed only in long --help. +dnl +dnl - HELP_CANON +dnl Support for cross compilation (--build, --host and --target). +dnl Display only in long --help. +dnl +dnl - HELP_ENABLE +dnl which starts with the trailer of the HELP_BEGIN, HELP_CANON section, +dnl then implements the header of the non generic options. +dnl +dnl - HELP_WITH +dnl +dnl - HELP_VAR +dnl +dnl - HELP_VAR_END +dnl +dnl - HELP_END +dnl initialized below, in which we dump the trailer (handling of the +dnl recursion for instance). +m4_divert_push([HELP_ENABLE])dnl +_ACEOF +fi + +if test -n "$ac_init_help"; then +m4_ifset([AC_PACKAGE_STRING], +[ case $ac_init_help in + short | recursive ) echo "Configuration of AC_PACKAGE_STRING:";; + esac]) + cat <<\_ACEOF +m4_divert_pop([HELP_ENABLE])dnl +m4_divert_push([HELP_END])dnl +m4_ifset([AC_PACKAGE_BUGREPORT], [ +Report bugs to .]) +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + _AC_SRCPATHS(["$ac_dir"]) + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + AC_MSG_WARN([no configuration information is in $ac_dir]) + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +m4_divert_pop([HELP_END])dnl +])# SH_INIT_HELP + + + + + + + + +# Check whether sa_sigaction works. +# Rainer Wichmann , 2003. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License. + +# serial 1 + +AC_DEFUN([AM_SA_SIGACTION_WORKS], + [ + am_cv_val_SA_SIGACTION=no + AC_CHECK_HEADER(signal.h, + [ + AM_SI_USER + AM_SA_SIGINFO + if test $am_cv_val_SI_USER = yes && test $am_cv_val_SA_SIGINFO = yes + then + AC_TRY_RUN([ +#include +#include +#include +#include + +volatile int xnum = 0; +volatile int xcode = 0; +jmp_buf Buf; +int xsig = SIGSEGV; + +void sighandler (int xsignam, siginfo_t * xsiginfo, void * xsigadd) +{ + static sigset_t x; + + if (xsiginfo == NULL) + exit(__LINE__); + if (xsiginfo->si_signo != xsignam) + exit(__LINE__); + ++xnum; + xcode = xsiginfo->si_code; + sigemptyset (&x); + sigprocmask(SIG_SETMASK, &x, NULL); + longjmp ( Buf, 1); +} + +int main () +{ + struct sigaction newact; + + newact.sa_sigaction = sighandler; + sigemptyset (&newact.sa_mask); + newact.sa_flags = SA_SIGINFO; + if (0 != sigaction (xsig, &newact, NULL)) + exit (__LINE__); + if(setjmp ( Buf)) { + if (xnum > 1) + goto Third; + goto Second; + } + memcpy((void *) 0x0, "test", 5); + Second: + if (xcode == SI_USER) + exit (__LINE__); + raise(xsig); + Third: + if (xcode != SI_USER) + exit (__LINE__); + if (xnum != 2) + exit (__LINE__); + return (0); +}], am_cv_val_SA_SIGACTION=yes, am_cv_val_SA_SIGACTION=no, am_cv_val_SA_SIGACTION=no) + fi + ]) + AC_MSG_CHECKING([whether sa_sigaction is supported]) + if test $am_cv_val_SA_SIGACTION = yes + then + AC_MSG_RESULT(yes) + AC_DEFINE([SA_SIGACTION_WORKS], 1, [Define if sa_sigaction works]) + else + AC_MSG_RESULT(no) + fi + ]) + +# Check whether SI_USER is available in . +# Rainer Wichmann , 2003. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License. + +# serial 1 + + +AC_DEFUN([AM_SI_USER], + [if test $ac_cv_header_signal_h = yes; then + AC_CACHE_CHECK([for SI_USER in signal.h], am_cv_val_SI_USER, + [AC_TRY_LINK([#include ], [return SI_USER], + am_cv_val_SI_USER=yes, am_cv_val_SI_USER=no)]) + if test $am_cv_val_SI_USER = yes; then + AC_DEFINE([HAVE_SI_USER], 1, [Define if you have SI_USER]) + fi + fi]) + +# Check whether SA_SIGINFO is available in . +# Rainer Wichmann , 2003. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License. + +# serial 1 + + +AC_DEFUN([AM_SA_SIGINFO], + [if test $ac_cv_header_signal_h = yes; then + AC_CACHE_CHECK([for SA_SIGINFO in signal.h], am_cv_val_SA_SIGINFO, + [AC_TRY_LINK([#include ], [return SA_SIGINFO], + am_cv_val_SA_SIGINFO=yes, am_cv_val_SA_SIGINFO=no)]) + if test $am_cv_val_SA_SIGINFO = yes; then + AC_DEFINE([HAVE_SA_SIGINFO], 1, [Define if you have SA_SIGINFO]) + fi + fi]) + +dnl +dnl Useful macros for autoconf to check for ssp-patched gcc +dnl 1.0 - September 2003 - Tiago Sousa +dnl +dnl About ssp: +dnl GCC extension for protecting applications from stack-smashing attacks +dnl http://www.research.ibm.com/trl/projects/security/ssp/ +dnl +dnl Usage: +dnl After calling the correct AC_LANG_*, use the corresponding macro: +dnl +dnl GCC_STACK_PROTECT_CC +dnl checks -fstack-protector with the C compiler, if it exists then updates +dnl CFLAGS and defines ENABLE_SSP_CC +dnl +AC_DEFUN([GCC_STACK_PROTECT_CC],[ + ssp_cc=yes + if test "X$GCC" = "Xyes"; then + AC_MSG_CHECKING([whether ${CC} accepts -fstack-protector]) + ssp_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector" + AC_TRY_LINK(,,, ssp_cc=no) + # echo $ssp_cc + if test "X$ssp_cc" = "Xno"; then + CFLAGS="$ssp_old_cflags" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi + fi +]) + +AC_DEFUN([SAMHAIN_POSIX],[ + AC_MSG_CHECKING([whether _POSIX_SOURCE is necessary]) + AC_TRY_COMPILE([#include +void fileno(int);int fdopen(int, char *); ],, + [ + AC_MSG_RESULT(yes) + AC_DEFINE([_POSIX_SOURCE],1,[Define if POSIX functions are required]) + ], + [AC_MSG_RESULT(no)]) +])dnl + +dnl checks for a known 64 bit programming environment +dnl AC_RUN_IFELSE(PROGRAM, +dnl [ACTION-IF-TRUE], [ACTION-IF-FALSE], +dnl [ACTION-IF-CROSS-COMPILING = RUNTIME-ERROR]) +dnl +AC_DEFUN([SAMHAIN_PRG_ENV],[ + AC_MSG_CHECKING([for a known 64 bit programming environment]) + # Compile and run a program that determines the programming environment + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ +#include +int main(int argc,char **argv) +{ + if (argc > 1) { +#if defined(__arch64__) + printf("__arch64__\n"); +#elif defined(__ia64__) + printf("__ia64__\n"); +#elif defined(__x86_64__) + printf("__x86_64__\n"); +#elif defined(__LP64__) + printf("__LP64__\n"); +#elif defined(__64BIT__) + printf("__64BIT__\n"); +#elif defined(_LP64) + printf("_LP64\n"); +#elif defined(_M_IA64) + printf("_M_IA64\n"); +#elif defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64) + printf("_MIPS_64\n"); +#else +choke me +#endif + } + return 0; +} + ]]) + ],[ + # Program compiled and ran, so get version by adding argument. + samhain_prg_ENV=`./conftest$ac_exeext x` + samhain_64=yes + AC_MSG_RESULT([$samhain_prg_ENV]) + ],[ + AC_MSG_RESULT([none]) + ],[ + AC_MSG_RESULT([none]) + ]) +])dnl + +AC_DEFUN([SAMHAIN_X86_64],[ + AC_MSG_CHECKING([for x86_64]) + AC_TRY_RUN([ +int main() { +__asm__ volatile ( +"movq %rax, %rax" +); +return 0; +} + ], + [ + AC_MSG_RESULT(yes) + samhain_64=yes + tiger_src=sh_tiger1_64.c + AC_DEFINE([TIGER_OPT_ASM],1,[Define to use tiger x86_64 optimized assembly]) + ], + [ + AC_MSG_RESULT([no]) + ],[ + AC_MSG_RESULT([no]) + ]) +])dnl + + +AC_DEFUN([SAMHAIN_64],[ +samhain_64=no +tiger_src=sh_tiger1.c +# +# if sizeof(unsigned long) = 4, try compiler macros for 64bit +# +if test "x$ac_cv_sizeof_unsigned_long" = x4; then + if test "x$ac_cv_sizeof_unsigned_long_long" = x8; then + SAMHAIN_PRG_ENV + if test "x$samhain_64" = xyes; then + tiger_src=sh_tiger1_64.c + fi + # + # if GCC and __i386__, use precompiled assembler + # + if test "x$GCC" = xyes; then + AC_MSG_CHECKING([for non-apple non-cygwin i386]) + samhain_i386=no + $CC -E -dM - < /dev/null | egrep '__i386__' >/dev/null 2>&1 + if test $? = 0; then + # apples gcc does not understand the assembly we provide + $CC -E -dM - < /dev/null | egrep '(__sun__|__APPLE__|__CYGWIN__)' >/dev/null 2>&1 || samhain_i386=yes + fi + if test "x$samhain_i386" = xyes; then + tiger_src=sh_tiger1.s + AC_DEFINE([TIGER_32_BIT_S],1,[Define to use tiger 32 bit i386 assembler]) + fi + AC_MSG_RESULT([$samhain_i386]) + fi + # + # + # + else + samhain_64=no + tiger_src=sh_tiger1.c + fi +else + # + # sizeof(unsigned long) = 8 + # + tiger_src=sh_tiger1_64.c + samhain_64=yes + # + # check for x86_64 (enables assembly optimizations) + # + if test "x$GCC" = xyes; then + SAMHAIN_X86_64 + fi +fi +if test "x$samhain_64" = xyes; then + AC_DEFINE([TIGER_64_BIT],1,[Define to use tiger 64 bit implementation]) +fi +AC_MSG_CHECKING([for 64 bit environment]) +AC_MSG_RESULT([$samhain_64]) +AC_MSG_CHECKING([for tiger source to use]) +AC_MSG_RESULT([$tiger_src]) +AC_SUBST(tiger_src) +])dnl + + +dnl Autoconf macros for libprelude +dnl $id$ + +# Modified for LIBPRELUDE -- Yoann Vandoorselaere +# Modified for LIBGNUTLS -- nmav +# Configure paths for LIBGCRYPT +# Shamelessly stolen from the one of XDELTA by Owen Taylor +# Werner Koch 99-12-09 + +dnl AM_PATH_LIBPRELUDE([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS, +dnl LIBPRELUDE_LDFLAGS, and LIBPRELUDE_LIBS +dnl +AC_DEFUN([AM_PATH_LIBPRELUDE], +[dnl +dnl Get the cflags and libraries from the libprelude-config script +dnl +dnl AC_ARG_WITH(libprelude-prefix, +dnl [ --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional)], +dnl libprelude_config_prefix="$withval", libprelude_config_prefix="") +dnl +dnl if test x$libprelude_config_prefix != x ; then +dnl if test x${LIBPRELUDE_CONFIG+set} != xset ; then +dnl LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config +dnl fi +dnl fi +dnl +dnl AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) + min_libprelude_version=ifelse([$1], ,0.1.0,$1) + AC_MSG_CHECKING(for libprelude - version >= $min_libprelude_version) + no_libprelude="" + if test "$LIBPRELUDE_CONFIG" = "no" ; then + no_libprelude=yes + else + LIBPRELUDE_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --cflags` + LIBPRELUDE_PTHREAD_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --pthread-cflags` + LIBPRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --ldflags` + LIBPRELUDE_LIBS=`$LIBPRELUDE_CONFIG $libprelude_config_args --libs` + LIBPRELUDE_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --prefix` + LIBPRELUDE_CONFIG_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --config-prefix` + libprelude_config_version=`$LIBPRELUDE_CONFIG $libprelude_config_args --version` + + + ac_save_CFLAGS="$CFLAGS" + ac_save_LDFLAGS="$LDFLAGS" + ac_save_LIBS="$LIBS" + CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" + LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" + LIBS="$LIBS $LIBPRELUDE_LIBS" +dnl +dnl Now check if the installed libprelude is sufficiently new. Also sanity +dnl checks the results of libprelude-config to some extent +dnl + rm -f conf.libpreludetest + AC_TRY_RUN([ +#include +#include +#include +#include + +int +main () +{ + system ("touch conf.libpreludetest"); + + if( strcmp( prelude_check_version(NULL), "$libprelude_config_version" ) ) + { + printf("\n*** 'libprelude-config --version' returned %s, but LIBPRELUDE (%s)\n", + "$libprelude_config_version", prelude_check_version(NULL) ); + printf("*** was found! If libprelude-config was correct, then it is best\n"); + printf("*** to remove the old version of LIBPRELUDE. You may also be able to fix the error\n"); + printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); + printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); + printf("*** required on your system.\n"); + printf("*** If libprelude-config was wrong, set the environment variable LIBPRELUDE_CONFIG\n"); + printf("*** to point to the correct copy of libprelude-config, and remove the file config.cache\n"); + printf("*** before re-running configure\n"); + } + else if ( strcmp(prelude_check_version(NULL), LIBPRELUDE_VERSION ) ) + { + printf("\n*** LIBPRELUDE header file (version %s) does not match\n", LIBPRELUDE_VERSION); + printf("*** library (version %s)\n", prelude_check_version(NULL) ); + } + else + { + if ( prelude_check_version( "$min_libprelude_version" ) ) + { + return 0; + } + else + { + printf("no\n*** An old version of LIBPRELUDE (%s) was found.\n", + prelude_check_version(NULL) ); + printf("*** You need a version of LIBPRELUDE newer than %s. The latest version of\n", + "$min_libprelude_version" ); + printf("*** LIBPRELUDE is always available from http://www.prelude-ids.org/download/releases.\n"); + printf("*** \n"); + printf("*** If you have already installed a sufficiently new version, this error\n"); + printf("*** probably means that the wrong copy of the libprelude-config shell script is\n"); + printf("*** being found. The easiest way to fix this is to remove the old version\n"); + printf("*** of LIBPRELUDE, but you can also set the LIBPRELUDE_CONFIG environment to point to the\n"); + printf("*** correct copy of libprelude-config. (In this case, you will have to\n"); + printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); + printf("*** so that the correct libraries are found at run-time))\n"); + } + } + return 1; +} +],, no_libprelude=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) + CFLAGS="$ac_save_CFLAGS" + LIBS="$ac_save_LIBS" + LDFLAGS="$ac_save_LDFLAGS" + fi + + if test "x$no_libprelude" = x ; then + AC_MSG_RESULT(yes) + ifelse([$2], , :, [$2]) + else + if test -f conf.libpreludetest ; then + : + else + AC_MSG_RESULT(no) + fi + if test "$LIBPRELUDE_CONFIG" = "no" ; then + echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" + echo "*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in" + echo "*** your path, or set the LIBPRELUDE_CONFIG environment variable to the" + echo "*** full path to libprelude-config." + else + if test -f conf.libpreludetest ; then + : + else + echo "*** Could not run libprelude test program, checking why..." + CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" + LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" + LIBS="$LIBS $LIBPRELUDE_LIBS" + AC_TRY_LINK([ +#include +#include +#include +#include +], [ return !!prelude_check_version(NULL); ], + [ echo "*** The test program compiled, but did not run. This usually means" + echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" + echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" + echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" + echo "*** to the installed location Also, make sure you have run ldconfig if that" + echo "*** is required on your system" + echo "***" + echo "*** If you have an old version installed, it is best to remove it, although" + echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" + echo "***" ], + [ echo "*** The test program failed to compile or link. See the file config.log for the" + echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" + echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" + echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" ]) + CFLAGS="$ac_save_CFLAGS" + LDFLAGS="$ac_save_LDFLAGS" + LIBS="$ac_save_LIBS" + fi + fi + LIBPRELUDE_CFLAGS="" + LIBPRELUDE_LDFLAGS="" + LIBPRELUDE_LIBS="" + ifelse([$3], , :, [$3]) + fi + rm -f conf.libpreludetest + AC_SUBST(LIBPRELUDE_CFLAGS) + AC_SUBST(LIBPRELUDE_PTHREAD_CFLAGS) + AC_SUBST(LIBPRELUDE_LDFLAGS) + AC_SUBST(LIBPRELUDE_LIBS) + AC_SUBST(LIBPRELUDE_PREFIX) + AC_SUBST(LIBPRELUDE_CONFIG_PREFIX) +]) + +dnl *-*wedit:notab*-* Please keep this as the last line. + Index: branches/samhain-2_2-branch/c_bits.sh =================================================================== --- branches/samhain-2_2-branch/c_bits.sh (revision 66) +++ branches/samhain-2_2-branch/c_bits.sh (revision 66) @@ -0,0 +1,133 @@ +#! /bin/sh + + +# get bits of $1 + +# make sure it fits in 16 bit +ORIG=`expr $1 \% 65536` + +# 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 +# 1 2 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 + +N=0 + +N=`expr $ORIG \/ 32768` +N_16=$N +if test "x$N" = "x1"; then + echo "#define $2_16 1" +fi +ORIG=`expr $ORIG \- $N_16 \* 32768` + +N=`expr $ORIG / 16384` +N_15=$N +if test "x$N" = "x1"; then + echo "#define $2_15 1" +fi +ORIG=`expr $ORIG \- $N_15 \* 16384` + +N=`expr $ORIG \/ 8192` +N_14=$N +if test "x$N" = "x1"; then + echo "#define $2_14 1" +fi +ORIG=`expr $ORIG \- $N_14 \* 8192` + +N=`expr $ORIG \/ 4096` +N_13=$N +if test "x$N" = "x1"; then + echo "#define $2_13 1" +fi +ORIG=`expr $ORIG \- $N_13 \* 4096` + +N=`expr $ORIG \/ 2048` +N_12=$N +if test "x$N" = "x1"; then + echo "#define $2_12 1" +fi +ORIG=`expr $ORIG \- $N_12 \* 2048` + +N=`expr $ORIG \/ 1024` +N_11=$N +if test "x$N" = "x1"; then + echo "#define $2_11 1" +fi +ORIG=`expr $ORIG \- $N_11 \* 1024` + +N=`expr $ORIG \/ 512` +N_10=$N +if test "x$N" = "x1"; then + echo "#define $2_10 1" +fi +ORIG=`expr $ORIG \- $N_10 \* 512` + +N=`expr $ORIG \/ 256` +N_09=$N +if test "x$N" = "x1"; then + echo "#define $2_09 1" +fi +ORIG=`expr $ORIG \- $N_09 \* 256` + +N=`expr $ORIG \/ 128` +N_08=$N +if test "x$N" = "x1"; then + echo "#define $2_08 1" +fi +ORIG=`expr $ORIG \- $N_08 \* 128` + +N=`expr $ORIG \/ 64` +N_07=$N +if test "x$N" = "x1"; then + echo "#define $2_07 1" +fi +ORIG=`expr $ORIG \- $N_07 \* 64` + +N=`expr $ORIG \/ 32` +N_06=$N +if test "x$N" = "x1"; then + echo "#define $2_06 1" +fi +ORIG=`expr $ORIG \- $N_06 \* 32` + +N=`expr $ORIG \/ 16` +N_05=$N +if test "x$N" = "x1"; then + echo "#define $2_05 1" +fi +ORIG=`expr $ORIG \- $N_05 \* 16` + +N=`expr $ORIG \/ 8` +N_04=$N +if test "x$N" = "x1"; then + echo "#define $2_04 1" +fi +ORIG=`expr $ORIG \- $N_04 \* 8` + +N=`expr $ORIG \/ 4` +N_03=$N +if test "x$N" = "x1"; then + echo "#define $2_03 1" +fi +ORIG=`expr $ORIG \- $N_03 \* 4` + +N=`expr $ORIG \/ 2` +N_02=$N +if test "x$N" = "x1"; then + echo "#define $2_02 1" +fi +ORIG=`expr $ORIG \- $N_02 \* 2` + +N=`expr $ORIG \/ 1` +N_01=$N +if test "x$N" = "x1"; then + echo "#define $2_01 1" +fi +ORIG=`expr $ORIG \- $N_01 \* 1` + +# +# obsolete +# +# echo ${N_01} ${N_02} ${N_03} ${N_04} ${N_05} ${N_06} ${N_07} ${N_08} ${N_09} ${N_10} ${N_11} ${N_12} ${N_13} ${N_14} ${N_15} ${N_16} + +exit 0 + + Index: branches/samhain-2_2-branch/c_random.sh =================================================================== --- branches/samhain-2_2-branch/c_random.sh (revision 66) +++ branches/samhain-2_2-branch/c_random.sh (revision 66) @@ -0,0 +1,232 @@ +#! /bin/sh + +# this program collects some entropy from the system +# into the file "my_random_file" and outputs the 16-bit +# Unix 'sum' checksum (seems to be the only portable way +# to get true entropy with a shell script). + +# Apparently, on FreeBSD /dev/random does not block (???), must make sure +# we really got something rather than nothing. + +rnd_tst=no + +/bin/rm -f ./my_random_file 2>/dev/null + +if test -r "/dev/urandom"; then + if test -c "/dev/urandom"; then + dd if=/dev/urandom ibs=1 count=4 > my_random_file 2>/dev/null + nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + if test x$nsum != x; then + rnd_tst=yes + fi + fi +fi + +if test x$rnd_tst = xno; then + if test -r "/dev/srandom"; then + if test -c "/dev/srandom"; then + dd if=/dev/srandom ibs=1 count=4 > my_random_file 2>/dev/null + nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + if test x$nsum != x; then + rnd_tst=yes + fi + fi + fi +fi + +if test x$rnd_tst = xno; then +# + touch ./my_random_file +# + if test -r "/usr/ucb/vmstat"; then + /usr/ucb/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/bin/vmstat"; then + /bin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/sbin/vmstat"; then + /sbin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/vmstat"; then + /usr/bin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/vmstat"; then + /usr/sbin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/vmstat"; then + /usr/local/bin/vmstat >> my_random_file 2>/dev/null + fi +# + if test -r "/usr/ucb/netstat"; then + /usr/ucb/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/bin/netstat"; then + /bin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/sbin/netstat"; then + /sbin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/netstat"; then + /usr/bin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/netstat"; then + /usr/sbin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/netstat"; then + /usr/local/bin/netstat -n >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/ps"; then + /usr/ucb/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/bin/ps"; then + /bin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/sbin/ps"; then + /sbin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/ps"; then + /usr/bin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/ps"; then + /usr/sbin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/ps"; then + /usr/local/bin/ps -ef >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/arp"; then + /usr/ucb/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/bin/arp"; then + /bin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/sbin/arp"; then + /sbin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/arp"; then + /usr/bin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/arp"; then + /usr/sbin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/arp"; then + /usr/local/bin/arp -a >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/w"; then + /usr/ucb/w >> my_random_file 2>/dev/null + fi + if test -r "/bin/w"; then + /bin/w >> my_random_file 2>/dev/null + fi + if test -r "/sbin/w"; then + /sbin/w >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/w"; then + /usr/bin/w >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/w"; then + /usr/sbin/w >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/w"; then + /usr/local/bin/w >> my_random_file 2>/dev/null + fi +# +# Don't use (NFS problems ahead) +# +# if test -r "/usr/ucb/df"; then +# /usr/ucb/df >> my_random_file 2>/dev/null +# fi +# if test -r "/bin/df"; then +# /bin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/sbin/df"; then +# /sbin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/usr/bin/df"; then +# /usr/bin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/usr/sbin/df"; then +# /usr/sbin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/usr/local/bin/df"; then +# /usr/local/bin/df >> my_random_file 2>/dev/null +# fi +# +# + if test -r "/usr/ucb/free"; then + /usr/ucb/free >> my_random_file 2>/dev/null + fi + if test -r "/bin/free"; then + /bin/free >> my_random_file 2>/dev/null + fi + if test -r "/sbin/free"; then + /sbin/free >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/free"; then + /usr/bin/free >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/free"; then + /usr/sbin/free >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/free"; then + /usr/local/bin/free >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/uptime"; then + /usr/ucb/uptime >> my_random_file 2>/dev/null + fi + if test -r "/bin/uptime"; then + /bin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/sbin/uptime"; then + /sbin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/uptime"; then + /usr/bin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/uptime"; then + /usr/sbin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/uptime"; then + /usr/local/bin/uptime >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/procinfo"; then + /usr/ucb/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/bin/procinfo"; then + /bin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/sbin/procinfo"; then + /sbin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/procinfo"; then + /usr/bin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/procinfo"; then + /usr/sbin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/procinfo"; then + /usr/local/bin/procinfo -a >> my_random_file 2>/dev/null + fi +# + nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` +# +fi + +# +# 'sum' is portable, but only 16 bit +# + +/bin/rm -f ./my_random_file 2>/dev/null + +echo $nsum + + Index: branches/samhain-2_2-branch/config.guess =================================================================== --- branches/samhain-2_2-branch/config.guess (revision 66) +++ branches/samhain-2_2-branch/config.guess (revision 66) @@ -0,0 +1,1363 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002 Free Software Foundation, Inc. + +timestamp='2002-10-21' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# This shell variable is my proudest work .. or something. --bje + +set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; +(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) + || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; +dummy=$tmpdir/dummy ; +files="$dummy.c $dummy.o $dummy.rel $dummy" ; +trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + rm -f $files ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; +unset files' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + eval $set_cc_for_build + cat <$dummy.s + .data +\$Lformat: + .byte 37,100,45,37,120,10,0 # "%d-%x\n" + + .text + .globl main + .align 4 + .ent main +main: + .frame \$30,16,\$26,0 + ldgp \$29,0(\$27) + .prologue 1 + .long 0x47e03d80 # implver \$0 + lda \$2,-1 + .long 0x47e20c21 # amask \$2,\$1 + lda \$16,\$Lformat + mov \$0,\$17 + not \$1,\$18 + jsr \$26,printf + ldgp \$29,0(\$26) + mov 0,\$16 + jsr \$26,exit + .end main +EOF + $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null + if test "$?" = 0 ; then + case `$dummy` in + 0-0) + UNAME_MACHINE="alpha" + ;; + 1-0) + UNAME_MACHINE="alphaev5" + ;; + 1-1) + UNAME_MACHINE="alphaev56" + ;; + 1-101) + UNAME_MACHINE="alphapca56" + ;; + 2-303) + UNAME_MACHINE="alphaev6" + ;; + 2-307) + UNAME_MACHINE="alphaev67" + ;; + 2-1307) + UNAME_MACHINE="alphaev68" + ;; + 3-1307) + UNAME_MACHINE="alphaev7" + ;; + esac + fi + rm -f $dummy.s $dummy && rmdir $tmpdir + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 + rm -f $dummy.c $dummy && rmdir $tmpdir + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 + rm -f $dummy.c $dummy && rmdir $tmpdir + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi + rm -f $dummy.c $dummy && rmdir $tmpdir + fi ;; + esac + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 + rm -f $dummy.c $dummy && rmdir $tmpdir + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3D:*:*:*) + echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + # Determine whether the default compiler uses glibc. + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #if __GLIBC__ >= 2 + LIBC=gnu + #else + LIBC= + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + rm -f $dummy.c && rmdir $tmpdir + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:3*) + echo i386-pc-interix3 + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i386-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + rm -f $dummy.c && rmdir $tmpdir + test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + rm -f $dummy.c && rmdir $tmpdir + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + echo `uname -p`-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 +rm -f $dummy.c $dummy && rmdir $tmpdir + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: Index: branches/samhain-2_2-branch/config.sub =================================================================== --- branches/samhain-2_2-branch/config.sub (revision 66) +++ branches/samhain-2_2-branch/config.sub (revision 66) @@ -0,0 +1,1470 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002 Free Software Foundation, Inc. + +timestamp='2002-09-05' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ + | clipper-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* \ + | m32r-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39 | mipstx39el \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2) + basic_machine=i686-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3d) + basic_machine=alpha-cray + os=-unicos + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic4x | c4x*) + basic_machine=tic4x-unknown + os=-coff + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + windows32) + basic_machine=i386-pc + os=-windows32-msvcrt + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto*) + os=-nto-qnx + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: Index: branches/samhain-2_2-branch/configure.ac =================================================================== --- branches/samhain-2_2-branch/configure.ac (revision 66) +++ branches/samhain-2_2-branch/configure.ac (revision 66) @@ -0,0 +1,2356 @@ + +dnl We want to override the standard _AC_INIT_PARSE_ARGS +dnl +AU_ALIAS([_AC_INIT_PARSE_ARGS], [SH_INIT_PARSE_ARGS]) +AU_ALIAS([_AC_INIT_help], [SH_INIT_HELP]) + +AC_INIT(src/samhain.c) + + +AC_ARG_VAR([LIBS], [libraries to link against, e.g. -lintl]) + +dnl +dnl start +dnl +AM_INIT_AUTOMAKE(samhain, 2.2.5) +AC_CANONICAL_HOST + +dnl +dnl checks for programs +dnl + +AC_PROG_CC +AC_PROG_CPP +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_AWK +AC_PATH_PROG(cmd_hostname,hostname) +AC_SUBST(cmd_hostname) + +GCC_STACK_PROTECT_CC + +AC_HEADER_STDC +dnl +dnl first one is a dummy because of an autoconf bug +dnl (no HAVE_... for first one) +dnl +AC_CHECK_HEADERS([sys/ipc.h sys/msg.h sys/uio.h fcntl.h]) + + +AC_MSG_CHECKING([for host-specific issues]) +mydebugflag=no +myneedg3=no +uid_cast="signed long" +selectconfig=linux +mynetbsd=no +sh_use_lcaps="undef" + +case "$host_os" in + + *linux*) + sh_use_lcaps="yes" + AC_DEFINE(HOST_IS_LINUX) + AC_DEFINE(HAVE_EXT2_IOCTLS) + AC_MSG_RESULT(LINUX use ioctl to get e2fs flags) + case "$host_cpu" in + i*86*) + AC_DEFINE(HOST_IS_I86LINUX) + ;; + *) + ;; + esac + ;; + + *osf*) + AC_DEFINE([HOST_IS_OSF], 1, [Define if host OS is OSF]) + if test "x$GCC" != "xyes"; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + CFLAGS="$CFLAGS -O2 -assume noaligned_objects" + myneedg3=yes + AC_MSG_RESULT(OSF1 compiler needs assume noaligned_objects) + else + AC_MSG_RESULT(none) + fi + ;; + + *cygwin*) + AC_DEFINE(HOST_IS_CYGWIN) + AC_MSG_RESULT(CYGWIN do not check for trusted paths) + ;; + + *darwin*) + AC_DEFINE(HOST_IS_DARWIN) + AC_MSG_RESULT(DARWIN check resource forks) + ;; + + *freebsd*) + AC_DEFINE(HOST_IS_FREEBSD) + selectconfig=freebsd + AC_MSG_RESULT(none) + ;; + + *openbsd*) + selectconfig=freebsd + AC_MSG_RESULT(none) + ;; + + *netbsd*) + mynetbsd=yes + selectconfig=netbsd + AC_MSG_RESULT(NETBSD bug with libresolve) + ;; + + *solaris*) + selectconfig=solaris + AC_DEFINE(HOST_IS_SOLARIS) + case "$host_cpu" in + i*86) + AC_DEFINE(HOST_IS_I86SOLARIS) + AC_MSG_RESULT(SOLARIS I86 vsnprintf prototype) + ;; + *) + AC_MSG_RESULT(none) + ;; + esac + if test "x$GCC" != "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + if test -z "`echo "$CFLAGS" | grep "\-xO2" 2> /dev/null`"; then + CFLAGS="$CFLAGS -xO2" + fi + if test -z "`echo "$CFLAGS" | grep "\-Xa" 2> /dev/null`"; then + CFLAGS="$CFLAGS -Xa" + fi + LIBS="-lc $LIBS" + fi + ;; + + + *sun*) + selectconfig=solaris + AC_DEFINE(HOST_IS_SOLARIS) + AC_MSG_RESULT(none) + ;; + + *aix*) + AC_DEFINE(HOST_IS_AIX) + selectconfig=aix5.2.0 + uid_cast="unsigned long" + if test "x$GCC" != "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + if test -z "`echo "$CFLAGS" | grep "\-O3" 2> /dev/null`"; then + CFLAGS="$CFLAGS -O3" + fi + if test -z "`echo "$CFLAGS" | grep "\-qstrict" 2> /dev/null`"; then + CFLAGS="$CFLAGS -qstrict" + fi + AC_MSG_RESULT(AIX size_t in the accept call and optimize O3 qstrict) + else + AC_MSG_RESULT(AIX size_t in the accept call) + fi + ;; + + *hpux*) + AC_MSG_RESULT(HPUX has not always h_errno defined) + AC_DEFINE(HOST_IS_HPUX) + if test "x$GCC" != "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + if test -z "`echo "$CFLAGS" | grep "\-fast" 2> /dev/null`"; then + CFLAGS="$CFLAGS -fast" + fi + fi + ;; + + *ultrix*) + AC_MSG_RESULT(ULTRIX getcwd uses popen) + AC_DEFINE(HAVE_BROKEN_GETCWD) + ;; + + *) + AC_MSG_RESULT(none) + ;; +esac + +AC_SUBST(selectconfig) +AC_DEFINE_UNQUOTED(UID_CAST, ${uid_cast}) + + +dnl ***************************************** +dnl +dnl checks for header files +dnl +dnl ***************************************** + +AC_HEADER_DIRENT +AC_HEADER_MAJOR +AC_HEADER_TIME +dnl used in minilzo.c +AC_HEADER_STAT +AC_DECL_SYS_SIGLIST + +AC_CHECK_HEADERS(stddef.h libgen.h sched.h \ + sys/vfs.h mntent.h \ + sys/select.h sys/socket.h netinet/in.h \ + regex.h glob.h \ + linux/ext2_fs.h ext2fs/ext2_fs.h \ + elf.h linux/elf.h \ + paths.h arpa/nameser.h arpa/nameser_compat.h, + [], + [], + [#include ] +) + + +AC_CHECK_HEADER(utmpx.h, sh_utmpx="yes", sh_utmpx="no") +if test "x$sh_utmpx" = "xyes"; then + if cat "/usr/include/utmpx.h" 2>&5 | + egrep "WTMPX_FILE" >/dev/null 2>&1; then + AC_DEFINE(HAVE_UTMPX_H) + AC_EGREP_HEADER(ut_host, utmpx.h, AC_DEFINE(HAVE_UTHOST) ) + AC_EGREP_HEADER(ut_addr, utmpx.h, AC_DEFINE(HAVE_UTADDR) ) + AC_EGREP_HEADER(ut_xtime,utmpx.h, AC_DEFINE(HAVE_UTXTIME) ) + AC_EGREP_HEADER(ut_type, utmpx.h, AC_DEFINE(HAVE_UTTYPE) ) + else + AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UTADDR) ) + AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UTHOST) ) + AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UTTYPE) ) + fi +else + AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UTHOST) ) + AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UTTYPE) ) +fi + +dnl need to check because AIX 4.2 does not have it +dnl +AC_CHECK_MEMBERS([struct statfs.f_flags],[],[],[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +]) + +AC_SYS_LARGEFILE + +dnl +dnl check whether _POSIX_SOURCE is required +dnl +SAMHAIN_POSIX + + +dnl ***************************************** +dnl +dnl Checks for library functions. +dnl +dnl ***************************************** +AC_FUNC_STRFTIME +AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent \ + gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ + seteuid setreuid setresuid lstat getwd getcwd ptrace \ + usleep setpriority getpeereid nanosleep \ + strptime basename sched_yield hasmntopt \ + inet_aton gethostbyname setutent setrlimit gethostname uname \ + initgroups getpagesize \ + ttyname fchmod +) +AC_CHECK_FUNC(statfs, AC_DEFINE(HAVE_STATFS) statfs="yes", statfs="no") +SL_CHECK_VA_COPY +AC_CHECK_FUNCS(vsnprintf, [SL_CHECK_VSNPRINTF]) +AC_CHECK_MLOCK + +AC_MSG_CHECKING(how to get filesystem type) +fstype=no +# The order of these tests is important. +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_STATVFS) fstype=SVR4) +if test $fstype = no; then +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_USG_STATFS) fstype=SVR3) +fi +if test $fstype = no; then +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_AIX_STATFS) fstype=AIX) +fi +if test $fstype = no; then +AC_TRY_CPP([#include ], AC_DEFINE(FSTYPE_MNTENT) fstype=4.3BSD) +fi +if test $fstype = no; then +AC_EGREP_HEADER(f_type;, sys/mount.h, AC_DEFINE(FSTYPE_STATFS) fstype=4.4BSD/OSF) +fi +if test $fstype = no; then +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_GETMNT) fstype=Ultrix) +fi +AC_MSG_RESULT($fstype) + +sh_libsocket= + +dnl Solaris needs -lsocket and -lnsl. Unisys system includes +dnl gethostbyname in libsocket but needs libnsl for socket. +AC_CHECK_LIB(nsl, gethostbyname) +AC_CHECK_LIB(socket, socket, ac_need_libsocket=1, ac_try_nsl=1) +if test x$ac_need_libsocket = x1; then + LIBS="$LIBS -lsocket" + sh_libsocket="-lsocket" +fi +if test x$ac_try_nsl = x1; then + AC_CHECK_LIB(nsl, gethostbyname, ac_need_libnsl=1) + if test x$ac_need_libnsl = x1 + then + LIBS="$LIBS -lnsl" + fi +fi +AC_SUBST(sh_libsocket) + +AC_CHECK_LIB(socket, res_search, [ + AC_CHECK_LIB(resolv, dn_skipname) + AC_CHECK_LIB(resolv, __dn_skipname) + if test x$ac_need_libsocket = x1; then + : + else + LIBS="$LIBS -lsocket" + fi + ], [ + AC_CHECK_LIB(resolv, res_search, [ + LIBS="$LIBS -lresolv" + ], [ + AC_CHECK_LIB(resolv, dn_skipname) + AC_CHECK_LIB(resolv, __dn_skipname) + ]) + ]) + +dnl arguments for accept + +dnl check for Unix98 socklen_t (found on +dnl xemacs-patches mailing list, written +dnl by Martin Buchholz) +dnl +dnl On Darwin(MacOSX) socklen_t needs to be +dnl an int (see accept man page), on all other +dnl unix systems we need a size_t. + +AC_MSG_CHECKING(for socklen_t) +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + socklen_t x; +], [],[ + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[socklen_t], [type of arg3 of accept]) + AC_DEFINE([HAVE_SOCKLEN_T], 1, [Define if you have socklen_t]) +],[ + AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + int accept (int, struct sockaddr *, size_t *); + ],[],[ + AC_MSG_RESULT(size_t) + AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[size_t], [type of arg3 of accept]) + ], [ + AC_MSG_RESULT(int) + AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[int], [type of arg3 of accept]) + ] + ) +]) + + +dnl ***************************************** +dnl checks for typedefs +dnl ***************************************** + +AC_C_LONG_DOUBLE +SH_CHECK_TYPEDEF(long long, HAVE_LONG_LONG) +if test "$sh_HAVE_LONG_LONG" = "yes"; then + AC_CHECK_SIZEOF(unsigned long long, 4) + if test "$ac_cv_sizeof_unsigned_long_long" = "8"; then + AC_DEFINE(HAVE_LONG_LONG_64, 1, [Define if you have 64bit long long]) + fi +fi + +AC_CHECK_TYPE(ptrdiff_t, long) +AC_TYPE_SIZE_T +AC_CHECK_SIZEOF(char *, 4) +AC_CHECK_SIZEOF(size_t, 4) + +AC_CHECK_SIZEOF(unsigned long, 4) +AC_CHECK_SIZEOF(unsigned int , 4) +AC_CHECK_SIZEOF(unsigned short, 2) + + +if test "$ac_cv_sizeof_unsigned_long" = "4"; then + AC_DEFINE(HAVE_LONG_32) +fi +if test "$ac_cv_sizeof_unsigned_long" = "8"; then + AC_DEFINE(HAVE_LONG_64) +fi +if test "$ac_cv_sizeof_unsigned_int" = "4"; then + AC_DEFINE(HAVE_INT_32) +fi + +dnl +dnl For Alpha +dnl +if test "$ac_cv_sizeof_unsigned_int_" = "4"; then + AC_DEFINE(HAVE_INT_32) +fi +if test "$ac_cv_sizeof_unsigned_short" = "4"; then + AC_DEFINE(HAVE_SHORT_32) +fi + +dnl +dnl check for 64 bit programming environment +dnl +SAMHAIN_64 + + +dnl ***************************************** +dnl checks for structures +dnl ***************************************** + +AC_STRUCT_TM + +dnl +dnl from e2fsprogs +dnl +AC_MSG_CHECKING(whether struct stat has a st_flags field) +AC_CACHE_VAL(e2fsprogs_cv_struct_st_flags, + AC_TRY_COMPILE([#include ], + [struct stat stat; stat.st_flags = 0;], + [e2fsprogs_cv_struct_st_flags=yes], + [e2fsprogs_cv_struct_st_flags=no])) +AC_MSG_RESULT($e2fsprogs_cv_struct_st_flags) +if test "$e2fsprogs_cv_struct_st_flags" = yes; then + AC_MSG_CHECKING(whether st_flags field is useful) + AC_CACHE_VAL(e2fsprogs_cv_struct_st_flags_immut, + AC_TRY_COMPILE([#include ], + [struct stat stat; stat.st_flags |= UF_IMMUTABLE;], + [e2fsprogs_cv_struct_st_flags_immut=yes], + [e2fsprogs_cv_struct_st_flags_immut=no])) + AC_MSG_RESULT($e2fsprogs_cv_struct_st_flags_immut) + if test "$e2fsprogs_cv_struct_st_flags_immut" = yes; then + AC_DEFINE(HAVE_STAT_FLAGS) + fi +fi + +dnl +dnl from dbus +dnl +AC_MSG_CHECKING(for struct cmsgcred) +AC_TRY_COMPILE([ +#include +#include +],[ +struct cmsgcred cred; + +cred.cmcred_pid = 0; +],sh_have_struct_cmsgcred=yes,sh_have_struct_cmsgcred=no) +AC_MSG_RESULT($sh_have_struct_cmsgcred) + +if test x$sh_have_struct_cmsgcred = xyes; then + AC_DEFINE(HAVE_STRUCT_CMSGCRED,1,[Have cmsgcred structure]) +fi + +AC_MSG_CHECKING(for struct fcred) +AC_TRY_COMPILE([ +#include +#include +#include +],[ +struct fcred sockcred; +],sh_have_struct_fcred=yes,sh_have_struct_fcred=no) +AC_MSG_RESULT($sh_have_struct_fcred) + +if test x$sh_have_struct_fcred = xyes; then + AC_DEFINE(HAVE_STRUCT_FCRED,1,[Have fcred structure]) +fi + +AC_MSG_CHECKING(for struct sockcred) +AC_TRY_COMPILE([ +#include +#include +#include +],[ +struct sockcred sockcred; +],sh_have_struct_sockcred=yes,sh_have_struct_sockcred=no) +AC_MSG_RESULT($sh_have_struct_sockcred) + +if test x$sh_have_struct_sockcred = xyes; then + AC_DEFINE(HAVE_STRUCT_SOCKCRED,1,[Have sockcred structure]) +fi + +AC_MSG_CHECKING(for SO_PEERCRED) +AC_TRY_COMPILE([ +#include +#include +],[ +int test = SO_PEERCRED; +],sh_have_SO_PEERCRED=yes,sh_have_SO_PEERCRED=no) +AC_MSG_RESULT($sh_have_SO_PEERCRED) + +if test x$sh_have_SO_PEERCRED = xyes; then + AC_DEFINE(HAVE_SO_PEERCRED,1,[Have SO_PEERCRED define]) +fi + + +dnl ***************************************** +dnl checks for compiler characteristics +dnl ***************************************** +AC_C_INLINE +AC_C_CONST +AC_C_BIGENDIAN + +AM_SA_SIGACTION_WORKS + +dnl ***************************************** +dnl +dnl checks for system services +dnl +dnl ***************************************** + +dnl +dnl check for GNU gmp +dnl +AC_CHECK_LIB(gmp, __gmpz_init, [sh_have_gmp=yes], [sh_have_gmp=no]) +if test "x${sh_have_gmp}" = xno +then + AC_CHECK_LIB(gmp, mpz_init, [sh_have_gmp=yes], [sh_have_gmp=no]) +fi +if test "x${sh_have_gmp}" = xyes +then + # LIBS="-lgmp $LIBS" + AC_DEFINE(HAVE_LIBGMP, 1, [Have GNU gmp library]) +fi +AC_CHECK_HEADERS(gmp.h) + + +dnl ***************************************** +dnl +dnl enable features +dnl +dnl ***************************************** + +AC_ARG_ENABLE(db-reload, + [ --enable-db-reload enable database reload on SIGHUP [no]], + [ + if test "x${enable_db_reload}" = xyes; then + AC_DEFINE(RELOAD_DATABASE) + fi + ] +) + +AC_ARG_ENABLE(xml-log, + [ --enable-xml-log enable XML logfile format [[no]]], + [ + if test "x${enable_xml_log}" = xyes; then + AC_DEFINE(SH_USE_XML) + fi + ] +) + + +AC_ARG_ENABLE(mail, + [ --disable-mail disable the internal SMTP mailer], + [ + if test "x${enable_mail}" = xno; then + : + else + AC_DEFINE(SH_WITH_MAIL) + fi + ], + [AC_DEFINE(SH_WITH_MAIL)] +) + +AC_ARG_ENABLE(external-scripts, + [ --disable-external-scripts disable interface to external scripts], + [ + if test "x${enableval}" = xno; then + : + else + AC_DEFINE(WITH_EXTERNAL) + fi + ], + [AC_DEFINE(WITH_EXTERNAL)] +) + +AC_ARG_ENABLE(message-queue, + [ --enable-message-queue[[=MODE]] enable SysV message queue [[MODE=0700]]], + [ + if test "x${ac_cv_header_sys_msg_h}" = "xyes"; then + if test "x${enable_message_queue}" = xyes; then + AC_DEFINE(WITH_MESSAGE_QUEUE) + AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, 0700) + elif test "x${enable_message_queue}" != xno; then + echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--enable-message-queue: MODE must be numeric]) + echo "${enableval}" | \ + grep ['0[0123456789][0123456789][0123456789]'] >/dev/null 2>&1 || + AC_MSG_ERROR([--enable-message-queue: MODE must be an octal (0nnn) number]) + AC_DEFINE(WITH_MESSAGE_QUEUE) + AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, ${enable_message_queue}) + fi + else + echo + echo "**********************************************" + echo + AC_MSG_WARN([sys/msg.h missing, --enable-message-queue disabled]) + echo + echo "**********************************************" + echo + fi + ] +) + +AC_ARG_WITH(cflags, + [ --with-cflags additional flags to pass to compiler], + [ + if test "x$withval" != "xno" ; then + CFLAGS="$CFLAGS $withval" + fi + ] +) +AC_ARG_WITH(libs, + [ --with-libs additional libraries to link with], + [ + if test "x$withval" != "xno" ; then + LIBS="$LIBS $withval" + fi + ] +) + + +# +# this is from ssh +# +AC_MSG_CHECKING(whether to use libwrap) +LIBWRAP_LIB="" +LIBWRAP_INC="" +AC_ARG_WITH(libwrap, +[ --with-libwrap[=PATH] Compile in libwrap (TCP Wrappers) support], +[ AC_MSG_RESULT($withval) + case "$withval" in + no) + ;; + ""|yes) + LIBWRAP_LIB="-lwrap" + ;; + *) + if test -d "$withval"; then + LIBWRAP_LIB="-L$withval -lwrap" + changequote(<<, >>)dnl + sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + LIBWRAP_INC="-I${sh_libwrap_inc}/include" + changequote([, ])dnl + else + LIBWRAP_LIB="-lwrap" + changequote(<<, >>)dnl + sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + LIBWRAP_INC="-I${sh_libwrap_inc}" + changequote([, ])dnl + fi + ;; + esac + if test -n "$LIBWRAP_LIB"; then + # OLDLIBS="$LIBS" + LIBS="$LIBWRAP_LIB $LIBS" + # OLDCFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $LIBWRAP_INC" + AC_CHECK_HEADER(tcpd.h, + [], + [ AC_MSG_ERROR([Could not find tcpd.h for libwrap. You must first install tcp_wrappers]) ]) + AC_TRY_LINK([ #include + int allow_severity; int deny_severity; ], + [ hosts_access((struct request_info *) 0); ], + [ AC_DEFINE(SH_USE_LIBWRAP,1,[Build with tcp wrapper support]) ], + [ AC_MSG_ERROR([Could not find the libwrap library.]) ]) + fi ], + AC_MSG_RESULT(no) +) + + +# +# this is from the snort configure.in +# +AC_DEFUN(FAIL_MESSAGE,[ + echo + echo + echo "**********************************************" + echo " ERROR: unable to find" $1 + echo " checked in the following places" + for i in `echo $2`; do + echo " $i" + done + echo "**********************************************" + echo + exit +]) + +AC_ARG_WITH(libprelude-prefix, + [ --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional)], + libprelude_config_prefix="$withval", libprelude_config_prefix="") + +AC_MSG_CHECKING(whether to use prelude) +AC_ARG_WITH(prelude, + [ --with-prelude Prelude IDS support [[no]]], + [ + if test "x${withval}" = "xno"; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + if test x$libprelude_config_prefix != x ; then + if test x${LIBPRELUDE_CONFIG+set} != xset ; then + LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config + fi + fi + + AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) + if test x"$LIBPRELUDE_CONFIG" = "xno" ; then + HAVE_PRELUDE_CONFIG=no + else + HAVE_PRELUDE_CONFIG=yes + fi +dnl AC_CHECK_PROG(HAVE_PRELUDE_CONFIG, libprelude-config, yes, no) + if test "$HAVE_PRELUDE_CONFIG" = "yes"; then + sh_libprelude_version=`$LIBPRELUDE_CONFIG --version` + case "$sh_libprelude_version" in + 0.8*) + sh_prelude_libs=`$LIBPRELUDE_CONFIG --libs | sed 's,\(.*\)\( -L.* -lprelude$\),\2 \1,'` + sh_prelude_cflags=`$LIBPRELUDE_CONFIG --cflags` + LIBS="$LIBS ${sh_prelude_libs}" + CFLAGS="$CFLAGS ${sh_prelude_cflags}" + AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) + AC_DEFINE(HAVE_LIBPRELUDE_8,1,[Have libprelude 0.8]) + ;; + *) + AM_PATH_LIBPRELUDE([0.9.6], + [ + AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) + AC_DEFINE(HAVE_LIBPRELUDE_9,1,[Have libprelude 0.9]) + CFLAGS="$CFLAGS $LIBPRELUDE_PTHREAD_CFLAGS" + LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" + LIBS="$LIBS $LIBPRELUDE_LIBS" + ], + [ + AC_MSG_ERROR([Could not find libprelude.]) + ]) + ;; + esac + else + AC_MSG_ERROR([Could not find libprelude.]) + fi + fi + ], + [ + AC_MSG_RESULT(no) + ] +) + +dnl AC_MSG_CHECKING(whether to use prelude) +dnl AC_ARG_WITH(prelude, +dnl [ --with-prelude Prelude IDS support [[no]]], +dnl [ +dnl if test "x${withval}" = "xno"; then +dnl AC_MSG_RESULT(no) +dnl else +dnl AC_CHECK_PROG(HAVE_PRELUDE_CONFIG, libprelude-config, yes, no) +dnl if test "$HAVE_PRELUDE_CONFIG" = "yes"; then +dnl sh_prelude_libs=`libprelude-config --libs | sed 's,\(.*\)\( -L.* -lprelude$\),\2 \1,'` +dnl sh_prelude_cflags=`libprelude-config --cflags` +dnl LIBS="$LIBS ${sh_prelude_libs}" +dnl CFLAGS="$CFLAGS ${sh_prelude_cflags}" +dnl AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) +dnl else +dnl AC_MSG_ERROR([Could not find libprelude-config. Did you specify a valid path?]) +dnl fi +dnl fi +dnl ], +dnl AC_MSG_RESULT(no) +dnl ) + +AC_ARG_ENABLE(static, + [ --enable-static enable static linking (recommended) [[no]]], + [ + if test x$enable_static = xyes; then + if test x"$mynetbsd" = xyes + then + tmp_LIBS=`echo $LIBS | sed 's%\-lresolv%%' ` + LIBS="${tmp_LIBS}" + fi + AC_DEFINE(SH_COMPILE_STATIC, 1, [Define if compiling static]) + if test "x$GCC" = "xyes"; then + LDFLAGS="$LDFLAGS -static" + else + case "$host_os" in + + *aix*) + LDFLAGS="$LDFLAGS -bnso -bI:/lib/syscalls.exp" + ;; + + *hpux*) + LDFLAGS="$LDFLAGS -Wl,-a,archive" + ;; + + *osf*) + LDFLAGS="$LDFLAGS -non_shared" + ;; + + *irix*) + LDFLAGS="$LDFLAGS -non_shared" + ;; + + *sco*) + LDFLAGS="$LDFLAGS -dn" + ;; + + *sun*) + LDFLAGS="$LDFLAGS -Bstatic" + ;; + + *solaris*) + LDFLAGS="$LDFLAGS -Bstatic" + ;; + + *) + echo "***********************************************" + echo "*" + echo "* Don't know how to enable static linking" + echo "* with your compiler. Please set the environment" + echo "* variable LDFLAGS to:" + echo "* ${LDFLAGS} + the static linking flag" + echo "* and run configure again" + echo "*" + echo "***********************************************" + ;; + + esac + fi + fi + ] +) + +# +# partly based on the snort configure.in +# +AC_ARG_WITH(database, + [ --with-database=[[mysql|postgresql|oracle|odbc]] database support [[no]]], + [ + if test x"$enable_xml_log" != xyes; then + AC_MSG_ERROR([--with-database: --enable-xml-log required]) + fi + if test "x${withval}" = "xmysql"; then + AC_CHECK_PROG(HAVE_MYSQL_CONFIG, mysql_config, yes, no) + if test "$HAVE_MYSQL_CONFIG" = "yes"; then + # echo "mysql_config found" + sh_mysql_libs="`mysql_config --libs`" + # echo ${sh_mysql_libs} + sh_mysql_libs="`eval echo ${sh_mysql_libs}`" + # echo $mysql_libs + # save_libs="$LIBS" + # LIBS="$LIBS `mysql_config --libs`" + # echo $LIBS + LIBS="$LIBS ${sh_mysql_libs}" + # echo $LIBS + sh_mysql_cflags="`mysql_config --cflags`" + sh_mysql_cflags="`eval echo ${sh_mysql_cflags}`" + # CFLAGS="$CFLAGS `mysql_config --cflags`" + # CFLAGS="$CFLAGS ${sh_mysql_cflags}" + CPPFLAGS="$CPPFLAGS ${sh_mysql_cflags}" + else + AC_MSG_CHECKING(for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME) + mysql_directory="/usr /usr/local /usr/local/mysql ${MYSQL_HOME}" + + for i in $mysql_directory; do + if test -r $i/include/mysql/mysql.h; then + MYSQL_DIR=$i + MYSQL_INC_DIR=$i/include + # we use AC_CHECK_HEADERS to check for mysql/mysql.h + fi + done + if test -z "$MYSQL_DIR"; then + for i in $mysql_directory; do + if test -r $i/include/mysql.h; then + MYSQL_DIR=$i + MYSQL_INC_DIR=$i/include + fi + done + fi + + if test -z "$MYSQL_DIR"; then + tmp="" + for i in $mysql_directory; do + tmp="$tmp $i/include $i/include/mysql" + done + FAIL_MESSAGE("mysql headers (mysql.h)", $tmp) + fi + + for i in lib lib/mysql; do + str="$MYSQL_DIR/$i/libmysqlclient.*" + for j in `echo $str`; do + if test -r $j; then + MYSQL_LIB_DIR="$MYSQL_DIR/$i" + break 2 + fi + done + done + + if test -z "$MYSQL_LIB_DIR"; then + for ff in $mysql_directory; do + for i in lib lib/mysql; do + str="$ff/$i/libmysqlclient.*" + for j in `echo $str`; do + if test -r $j; then + MYSQL_LIB_DIR="$ff/$i" + break 3 + fi + done + done + done + fi + + if test -z "$MYSQL_LIB_DIR"; then + tmp="" + for i in $mysql_directory; do + tmp="$i/lib $i/lib/mysql" + done + FAIL_MESSAGE("mysql library libmysqlclient", $tmp) + fi + + AC_MSG_RESULT(yes) + LIBS="$LIBS -L${MYSQL_LIB_DIR} -lmysqlclient" + # CFLAGS="$CFLAGS -I${MYSQL_INC_DIR}" + CPPFLAGS="$CPPFLAGS -I${MYSQL_INC_DIR}" + fi + AC_DEFINE(WITH_MYSQL) + AC_DEFINE(WITH_DATABASE) + AC_CHECK_LIB(z, inflateEnd, [zlib_cv_libz=yes], [zlib_cv_libz=no]) + AC_MSG_CHECKING(for zlib) + if test "$zlib_cv_libz" = "yes" + then + LIBS="$LIBS -lz -lm" + AC_MSG_RESULT(ok) + else + AC_MSG_RESULT(failed) + echo + echo " Either the mysql or the zlib library was not found" + echo " or was unusable, maybe because an old, incompatible" + echo " version is installed on your system, eg compiled from" + echo " source long time ago. See config.log for the error" + echo " message from the compiler." + echo " Please review your installed mysql and zlib libraries" + echo " and/or use --with-libs=-L/path/to/libdirectory" + echo " where libdirectory is the directory holding libmysql" + echo " or libz." + if test x"$enable_static" = xyes; then + echo " Note that for compiling a static binary, you need" + echo " the static libraries, rather than the shared ones." + fi + echo + AC_MSG_ERROR([libmysql or zlib not found or unuseable]) + fi + AC_CHECK_HEADERS(mysql/mysql.h) + elif test "x${withval}" = "xpostgresql"; then + AC_DEFINE(WITH_POSTGRES) + AC_DEFINE(WITH_DATABASE) + # + PGCONF="no" + MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin" + OLD_IFS="$IFS" + IFS=":" + for ff in ${MY_PATH} + do + if test -f "$ff/pg_config" + then + PGCONF="$ff/pg_config" + fi + done + IFS="${OLD_IFS}" + # + # + if test "x${PGCONF}" = "xno" + then + AC_MSG_CHECKING(for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME) + pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}" + for i in $pgsql_directory; do + if test -r $i/include/pgsql/libpq-fe.h; then + PGSQL_INC_DIR=$i/include + PGSQL_DIR=$i + # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h + fi + done + if test -z "$PGSQL_DIR"; then + for i in $pgsql_directory; do + if test -r $i/include/libpq-fe.h; then + PGSQL_INC_DIR=$i/include + PGSQL_DIR=$i + fi + done + fi + + if test -z "$PGSQL_DIR"; then + tmp="" + for i in $pgsql_directory; do + tmp="$tmp $i/include $i/include/pgsql" + done + FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp) + fi + + for i in lib lib/pgsql; do + str="$PGSQL_DIR/$i/libpq.*" + for j in `echo $str`; do + if test -r $j; then + PGSQL_LIB_DIR="$PGSQL_DIR/$i" + break 2 + fi + done + done + + if test -z "$PGSQL_LIB_DIR"; then + for ff in $pgsql_directory; do + for i in lib lib/pgsql; do + str="$ff/$i/libpq.*" + for j in `echo $str`; do + if test -r $j; then + PGSQL_LIB_DIR="$ff/$i" + break 3 + fi + done + done + done + fi + + if test -z "$PGSQL_LIB_DIR"; then + tmp="" + for i in $pgsql_directory; do + tmp="$i/lib $i/lib/pgsql" + done + FAIL_MESSAGE("postgresql library libpq", $tmp) + fi + + AC_MSG_RESULT(yes) + + LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" + if test x"$enable_static" = xyes; then + LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" + else + LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" + fi + # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" + CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" + AC_CHECK_HEADERS(pgsql/libpq-fe.h) + else + pg_lib_dir=`${PGCONF} --libdir` + if test x"$enable_static" = xyes; then + LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm" + else + LIBS="$LIBS -L${pg_lib_dir} -lpq -lm" + fi + pg_inc_dir=`${PGCONF} --includedir` + # CFLAGS="$CFLAGS -I${pg_inc_dir}" + CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}" + fi + elif test "x${withval}" = "xodbc"; then + AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME) + odbc_directory="/usr /usr/local" + + for i in $odbc_directory; do + if test -r $i/include/sql.h; then + if test -r $i/include/sqlext.h; then + if test -r $i/include/sqltypes.h; then + ODBC_DIR=$i + ODBC_INC_DIR=$i/include + fi + fi + fi + done + + if test -z "$ODBC_DIR"; then + tmp="" + for i in $odbc_directory; do + tmp="$tmp $i/include" + done + FAIL_MESSAGE("odbc headers (sql.h sqlext.h sqltypes.h)", $tmp) + fi + + str="$ODBC_DIR/lib/libodbc.*" + for j in `echo $str`; do + if test -r $j; then + ODBC_LIB_DIR="$ODBC_DIR/lib" + ODBC_LIB="odbc" + fi + done + + if test -z "$ODBC_LIB_DIR"; then + FAIL_MESSAGE("odbc library (libodbc)", "$ODBC_DIR/lib") + fi + + AC_MSG_RESULT(yes) + CPPFLAGS="${CPPFLAGS} -I${ODBC_INC_DIR}" + LIBS="${LIBS} -L${ODBC_LIB_DIR} -l$ODBC_LIB" + AC_DEFINE(WITH_ODBC) + AC_DEFINE(WITH_DATABASE) + + elif test "x${withval}" = "xoracle"; then + AC_MSG_CHECKING(for oracle in /usr /usr/local ORACLE_HOME) + oracle_directory="/usr /usr/local ${ORACLE_HOME}" + for i in $oracle_directory; do + if test -r $i/rdbms/demo/oci.h; then + ORACLE_DIR=$i + fi + done + + if test -z "$ORACLE_DIR"; then + tmp="" + for i in $oracle_directory; do + tmp="$tmp $i/rdbms/demo" + done + FAIL_MESSAGE("OCI header file (oci.h)", $tmp) + else + for i in rdbms/demo rdbms/public network/public; do + ORACLE_CPP_FLAGS="$ORACLE_CPP_FLAGS -I$ORACLE_DIR/$i" + done + ORACLE_LIB_DIR="$ORACLE_DIR/lib" + AC_MSG_RESULT(yes) + + CPPFLAGS="${CPPFLAGS} ${ORACLE_CPP_FLAGS}" + + ORACLE_LIBS="-lclntsh" + if test -r $ORACLE_LIB_DIR/libwtc9.so; then + ORACLE_LIBS="${ORACLE_LIBS} -lwtc9" + elif test -r $ORACLE_LIB_DIR/libwtc8.so; then + ORACLE_LIBS="${ORACLE_LIBS} -lwtc8" + fi + LIBS="${LIBS} -L${ORACLE_LIB_DIR} ${ORACLE_LIBS}" + if test "x$GCC" != "xyes"; then + CFLAGS="${CFLAGS} -fno-strict-aliasing" + fi + fi + AC_DEFINE(WITH_ORACLE) + AC_DEFINE(WITH_DATABASE) + + else + AC_MSG_ERROR([--with-database: unsupported database ${withval}]) + fi + ] +) + +AC_ARG_WITH(console, + [ --with-console=PATH set path to console device [[/dev/console]]], + [ + if test "x${withval}" != xno; then + mycons="$withval" + AC_DEFINE_UNQUOTED(DEFAULT_CONSOLE, _("${mycons}") ) + fi + ]) + +AC_ARG_WITH(altconsole, + [ --with-altconsole=PATH set path to second console device [[none]]], + [ + if test "x${withval}" != xno; then + myaltcons="$withval" + else + myaltcons="NULL" + fi + ], + [myaltcons="NULL"]) +AC_DEFINE_UNQUOTED(ALT_CONSOLE, _("${myaltcons}") ) + +AC_ARG_WITH(timeserver, + [ --with-timeserver=HOST set host address for time server [[none]]], + [ + if test "x${withval}" != xno; then + mytimeserv="$withval" + AC_DEFINE(HAVE_NTIME) + else + mytimeserv="NULL" + fi + ], + mytimeserv="NULL") +AC_DEFINE_UNQUOTED(DEFAULT_TIMESERVER, _("${mytimeserv}") ) + +AC_ARG_WITH(alttimeserver, + [ --with-alttimeserver=HOST set address for backup time server [[none]]], + [ + if test "x${withval}" != xno; then + myalttimeserv="$withval" + AC_DEFINE(HAVE_NTIME) + else + myalttimeserv="NULL" + fi + ], + myalttimeserv="NULL") +AC_DEFINE_UNQUOTED(ALT_TIMESERVER, _("${myalttimeserv}") ) + +AC_ARG_ENABLE(login-watch, + [ --enable-login-watch watch for login/logout [[no]]], + [ + if test "x${enable_login_watch}" = xyes; then + AC_DEFINE(SH_USE_UTMP) + fi + ] +) + +AC_ARG_ENABLE(mounts-check, + [ --enable-mounts-check check mount options on filesystems [[no]]], + [ + if test "x${enable_mounts_check}" = xyes; then + AC_DEFINE(SH_USE_MOUNTS) + fi + ] +) + +AC_ARG_ENABLE(userfiles, + [ --enable-userfiles check for users' config files [[no]]], + [ + if test "x${enableval}" = "xyes"; then + AC_DEFINE(SH_USE_USERFILES) + fi + ] +) + +AC_ARG_ENABLE(debug, + [ --enable-debug enable debug options [[no]]], + [ + if test "x${enable_debug}" = "xyes"; then + if test "x${mydebugflag}" != "xyes"; then + AC_DEFINE(MEM_DEBUG) + fi + AC_DEFINE(WITH_TPT) + AC_DEFINE(SL_DEBUG) + AC_DEFINE(SL_FAIL_ON_ERROR) + if test "x${myneedg3}" = "xyes"; then + mydebugdef="-g3" + else + mydebugdef="-g" + fi + mydebugit="yes" + fi + ] +) +AC_SUBST(mydebugdef) + +AC_ARG_ENABLE(ptrace, + [ --enable-ptrace use anti-debugger options [[no]]], + [ + if test "x${enable_ptrace}" = xyes; then + if test "x$mydebugit" != "xyes"; then + AC_DEFINE(SCREW_IT_UP) + fi + fi + ] +) + +dnl +if test "x$GCC" = "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g\ " 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + +dnl if test ! -z "`echo "$CFLAGS" | grep "\-O2" 2> /dev/null`" ; then +dnl CFLAGS=`echo $CFLAGS | sed 's%\-O2%\-O3%' ` +dnl fi + + if test -z "`echo "$CFLAGS" | grep "\-Wall" 2> /dev/null`" ; then + CFLAGS="$CFLAGS -Wall -W " + fi + + if test -z "`echo "$CFLAGS" | grep "\-fstrength\-reduce" 2> /dev/null`" + then + if test -z "`echo "$CFLAGS" | grep "\-fno\-strength\-reduce" 2> /dev/null`" + then + CFLAGS="$CFLAGS -fno-strength-reduce" + fi + fi + + if test -z "`echo "$CFLAGS" | grep "\-fomit\-frame\-pointer" 2> /dev/null`" + then + if test -z "`echo "$CFLAGS" | grep "\-fno\-omit\-frame\-pointer" 2> /dev/null`" + then + CFLAGS="$CFLAGS -fno-omit-frame-pointer" + fi + fi + +fi + +AC_MSG_CHECKING([which random module to use]) +AC_ARG_WITH(rnd, + [ --with-rnd=[[egd|unix|dev|default]] random number generator [[default]]], +[use_static_rnd=$withval], [use_static_rnd=default] ) + +if test "$use_static_rnd" = no; then + use_static_rnd=default +fi + +case "$use_static_rnd" in + egd | dev | unix | default ) + AC_MSG_RESULT($use_static_rnd) + ;; + * ) + AC_MSG_RESULT([invalid argument]) + AC_MSG_ERROR([--with-rnd: there is no random module ${use_static_rnd}]) + ;; +esac + +AC_ARG_WITH(egd-socket, + [ --with-egd-socket=NAME EGD socket name], + egd_socket_name="$withval", egd_socket_name="" ) +AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, _("$egd_socket_name") ) + +dnl +dnl See whether the user wants to disable checking for /dev/random + +try_dev_random=yes + +case "$use_static_rnd" in +dev | default ) + try_dev_random=yes + ;; +egd) + AC_DEFINE(HAVE_EGD_RANDOM) + try_dev_random=no + ;; +unix) + AC_DEFINE(HAVE_UNIX_RANDOM) + try_dev_random=no + ;; +esac + + +if test "x$try_dev_random" = "xyes"; then + AC_MSG_CHECKING(whether /dev/random exists) + if test -r "/dev/srandom" && test -c "/dev/srandom"; then + AC_DEFINE(HAVE_URANDOM) + AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, _("/dev/srandom") ) + AC_MSG_RESULT(yes) + if test -r "/dev/urandom" && test -c "/dev/urandom"; then + AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, _("/dev/urandom") ) + fi + else + if test -r "/dev/random" && test -c "/dev/random"; then + AC_DEFINE(HAVE_URANDOM) + AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, _("/dev/random") ) + AC_MSG_RESULT(yes) + if test -r "/dev/urandom" && test -c "/dev/urandom"; then + AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, _("/dev/urandom") ) + fi + else + AC_MSG_RESULT(no) + AC_DEFINE(HAVE_UNIX_RANDOM) + fi + fi +fi + + +dnl +dnl NETWORK OPTIONS +dnl + + +AC_ARG_ENABLE(network, + [ --enable-network=[[client|server]] compile client or server [[no]]], + [ + if test "x$enable_network" = xclient; then + mytclient="-DSH_WITH_CLIENT" + yulectl_prg= + setpwd_prg="samhain_setpwd" + sh_main_prg="samhain" + if test "x${sh_have_gmp}" = xyes + then + LIBS="-lgmp $LIBS" + fi +dnl AC_CHECK_HEADER(sys/capability.h, +dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], +dnl [sh_use_lcaps="no"]) + elif test "x$enable_network" = xserver; then + mytclient="-DSH_WITH_SERVER" + yulectl_prg="yulectl" + setpwd_prg="samhain_setpwd" + sh_main_prg="yule" + if test "x${sh_have_gmp}" = xyes + then + LIBS="-lgmp $LIBS" + fi + sh_use_lcaps="undef" + elif test "x$enable_network" = xno; then + mytclient="-DSH_STANDALONE" + yulectl_prg= + setpwd_prg= + sh_main_prg="samhain" +dnl AC_CHECK_HEADER(sys/capability.h, +dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], +dnl [sh_use_lcaps="no"]) + else + AC_MSG_ERROR([--enable-network=WHAT: WHAT must be client, server, or no]) + fi + ], + [ + mytclient="-DSH_STANDALONE" + setpwd_prg= + yulectl_prg= + sh_main_prg="samhain" +dnl AC_CHECK_HEADER(sys/capability.h, +dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], +dnl [sh_use_lcaps="no"]) + ], +) +AC_SUBST(setpwd_prg) +AC_SUBST(yulectl_prg) +AC_SUBST(sh_main_prg) +AC_SUBST(mytclient) + +# needed for the rpm spec +clmytclient=`echo ${mytclient} | sed s%\-%%` +AC_SUBST(clmytclient) + +AC_ARG_ENABLE(udp, + [ --enable-udp server can listen on port 514/udp [[no]]], + [ + if test "x${enable_udp}" = xyes; then + AC_DEFINE(INET_SYSLOG) + fi + ] +) + +myencrypt=yes +AC_ARG_ENABLE(encrypt, + [ --disable-encrypt disable client/server encryption], + [ + if test "x${enable_encrypt}" = xno; then + myencrypt=no + elif test "x${enable_encrypt}" = "x1"; then + myencrypt=1 + fi + ] +) +if test "x${myencrypt}" = "xyes"; then + AC_DEFINE(SH_ENCRYPT) + AC_DEFINE(SH_ENCRYPT_2) +elif test "x${myencrypt}" = "x1"; then + AC_DEFINE(SH_ENCRYPT) +fi + +sh_use_srp_proto=yes +AC_ARG_ENABLE(srp, + [ --disable-srp disable SRP for authentication], + [ + if test "x${enable_srp}" = xno; then + sh_use_srp_proto=no + fi + ] +) +if test "x${sh_use_srp_proto}" = xyes; then + AC_DEFINE(USE_SRP_PROTOCOL) +fi + +AC_ARG_WITH(port, + [ --with-port=PORT set port to use for TCP/IP connection [[49777]]], + [ + echo "${withval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--with-port: PORT must be numeric]) + myport=${withval} + ], + [myport="49777"]) +AC_DEFINE_UNQUOTED(SH_DEFAULT_PORT, ${myport}) +AC_SUBST(myport) + +AC_ARG_WITH(logserver, + [ --with-logserver=HOST set host address for log server [[none]]], + [ + case "$withval" in + *.* | localhost) + mylogsrv="$withval" + ;; + *) + mylogsrv="$withval" + ;; + esac + ], + [mylogsrv="NULL"]) +AC_DEFINE_UNQUOTED(DEFAULT_LOGSERVER, _("${mylogsrv}") ) +AC_SUBST(mylogsrv) + +AC_ARG_WITH(altlogserver, + [ --with-altlogserver=HOST set address for backup log server [[none]]], + [ + case "$withval" in + *.* | localhost) + myaltlogsrv="$withval" + ;; + *) + myaltlogsrv="$withval" + ;; + esac + ], + [myaltlogsrv="NULL"]) +AC_DEFINE_UNQUOTED(ALT_LOGSERVER, _("${myaltlogsrv}")) + + + +dnl +dnl STEALTH OPTIONS +dnl +nocl_code= +xor_code=0 +AC_ARG_ENABLE(nocl, + [ --enable-nocl=PW no CL parsing unless first CL argument is PW], + [ + if test "x${enableval}" != "x"; then + AC_DEFINE(SH_STEALTH_NOCL) + fi + if test "x${enableval}" = "xstop" || test "x${enableval}" = "xstart"; then + AC_MSG_ERROR([--enable-nocl: start/stop/reload/restart/status are reserved words]) + fi + if test "x${enableval}" = "xreload" || test "x${enableval}" = "xrestart"; then + AC_MSG_ERROR([--enable-nocl: start/stop/reload/restart/status are reserved words]) + fi + if test "x${enableval}" = "xstatus"; then + AC_MSG_ERROR([--enable-nocl: start/stop/reload/restart/status are reserved words]) + fi + if test "x${enableval}" = "xno"; then + AC_MSG_ERROR([--enable-nocl: use of --enable-nocl=no is ambiguous]) + fi + nocl_code="${enable_nocl}" + ] +) +AC_DEFINE_UNQUOTED(NOCL_CODE, _("${nocl_code}") ) +AC_SUBST(nocl_code) +AC_ARG_ENABLE(stealth, + [ --enable-stealth=XOR_VAL enable stealth mode [[no]]], + [AC_DEFINE(SH_STEALTH) + if test "x${enableval}" != "xyes"; then + echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--enable-stealth: XOR_VAL must be numeric]) + if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then + if test x"${enableval}" = x0 + then + : + else + AC_MSG_ERROR([--enable-stealth: XOR_VAL must be in the range 127 to 255]) + fi + fi + xor_code="${enable_stealth}" + else + xor_code=0 + fi + stegin_prg="samhain_stealth" + ], + [ + stegin_prg= + ] +) +AC_ARG_ENABLE(micro-stealth, + [ --enable-micro-stealth=XOR_VAL enable micro stealth mode [[no]]], + [ + AC_DEFINE(SH_STEALTH) + AC_DEFINE(SH_STEALTH_MICRO) + if test "x${enableval}" != "xyes"; then + echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--enable-micro-stealth: XOR_VAL must be numeric]) + if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then + if test x"${enableval}" = x0 + then + : + else + AC_MSG_ERROR([--enable-micro-stealth: XOR_VAL must be in the range 127 to 255]) + fi + fi + xor_code="${enable_micro_stealth}" + else + xor_code=0 + fi + ] +) +install_name="samhain" +INSTALL_NAME="SAMHAIN" +AC_ARG_ENABLE(install-name, + [ --enable-install-name=NAME name under which to install [[samhain|yule]]], + [ + if test "x${enableval}" != "xyes"; then + install_name="${enableval}" + INSTALL_NAME=`echo "${enableval}" | tr [a-z] [A-Z]` + else + install_name="${sh_main_prg}" + INSTALL_NAME=`echo "${sh_main_prg}" | tr [a-z] [A-Z]` + fi + ], + [ + install_name="${sh_main_prg}" + INSTALL_NAME=`echo "${sh_main_prg}" | tr [a-z] [A-Z]` + ] +) + + +need_user_install=0 + +AC_ARG_ENABLE(identity, + [ --enable-identity=USER user if dropping root [[daemon]]], + [ + if test x"$enableval" = xno; then + myident="daemon" + else + myident="$enableval" + fi + echo "${myident}" | grep ['[^0123456789]'] >/dev/null 2>&1 || \ + AC_MSG_ERROR([--enable-identity: need username, not UID]) + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${myident}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" = x; then + AC_MSG_WARN([--enable-identity: user ${myident} will be added upon install]) + need_user_install=1 + fi + ], + [ + for myident in ${install_name} daemon nobody; do + AC_MSG_CHECKING(for user ${myident}) + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${myident}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" != x; then + AC_MSG_RESULT(yes) + break; + else + AC_MSG_RESULT(no) + fi + done + if test x"${myident_uid}" = x; then + myident=${install_name} + AC_MSG_WARN([--enable-identity: user ${myident} will be added upon install]) + need_user_install=1 + fi + ]) +AC_DEFINE_UNQUOTED(DEFAULT_IDENT, _("${myident}") ) +AC_SUBST(myident) +AC_SUBST(need_user_install) + +sh_insmod_cmd=": # no kernel module" +sh_lkm="" +lkm_inc="" +khidemap="/boot/System.map" +sh_syscalltable="0x0" +AC_ARG_ENABLE(khide, + [ --enable-khide=SYSTEM_MAP use kernel module to hide (Linux only)[[/boot/System.map]]], + [ + if test "x${enable_khide}" != xno; then + if test "x${enableval}" != "xyes"; then + khidemap="${enableval}" + fi + sh_syscalltable=`egrep '(D|d|R|r) sys_call_table' ${khidemap} | awk '{print $1}'` + if test x"$sh_syscalltable" = x; then + AC_MSG_ERROR([--enable-khide: symbol sys_call_table not found in ${khidemap}]) + fi + sh_syscalltable="0x${sh_syscalltable}" + install_name_len=`echo ${install_name} | awk '{ print(length()); }'` + if test "${install_name_len}" -gt 15 ; then + AC_MSG_ERROR([--enable-khide: install_name exceeds 15 char length limit]) + fi + AC_DEFINE(SH_USE_LKM) + AC_DEFINE_UNQUOTED(SH_MAGIC_HIDE, "${install_name}") + + # -- NEW -- + kernel_version=`uname -r | sed s,2.6.*,LINUX26,` + if test x"$kernel_version" = xLINUX26 + then + sh_modlist_lock=`egrep ['[bd] modlist_lock$'] ${khidemap} | awk '{print $1}'` + if test x"$sh_modlist_lock" = x; then + AC_MSG_ERROR([--enable-khide: symbol modlist_lock not found in ${khidemap}]) + fi + sh_modlist_lock="0x${sh_modlist_lock}" + AC_DEFINE_UNQUOTED(SH_MODLIST_LOCK, ${sh_modlist_lock}, [The address of the modules list spinlock]) + + sh_list_modules=`egrep 'd modules$' ${khidemap} | awk '{print $1}'` + if test x"$sh_list_modules" = x; then + AC_MSG_ERROR([--enable-khide: symbol modules not found in ${khidemap}]) + fi + sh_list_modules="0x${sh_list_modules}" + AC_DEFINE_UNQUOTED(SH_LIST_MODULES, ${sh_list_modules}, [The address of the modules list]) + + AC_DEFINE(LINUX26, 1, [Define if kernel is 2.6]) + sh_insmod_cmd="modprobe ${install_name}_hide" + sh_lkm="samhain_hide.ko" + else + sh_insmod_cmd="insmod ${install_name}_hide; insmod ${install_name}_erase; rmmod ${install_name}_erase" + sh_lkm="samhain_hide.o samhain_erase.o" + fi + # -- END NEW -- + + kvers=`uname -r` + if test -f /lib/modules/${kvers}/build/include/linux/kernel.h; then + lkm_inc="-I/lib/modules/${kvers}/build/include" + else + AC_MSG_WARN([--enable-khide: /lib/modules/${kvers}/build/include/linux not found]) + AC_MSG_WARN([--enable-khide: You may need to install the kernel-source]) + AC_MSG_WARN([--enable-khide: headers for the currently-running kernel.]) + fi + sh_is_vanilla_kernel=yes + if test -f /lib/modules/${kvers}/build/include/linux/sched.h; then + grep 'next_task,' /lib/modules/${kvers}/build/include/linux/sched.h >/dev/null 2>&1 || sh_is_vanilla_kernel=no + fi + if test x"${sh_is_vanilla_kernel}" = xno; then + echo "This is not a 2.4 vanilla kernel" + else + AC_DEFINE(SH_VANILLA_KERNEL) + fi + fi + ] +) +AC_SUBST(lkm_inc) +AC_SUBST(sh_lkm) +AC_SUBST(sh_insmod_cmd) +AC_SUBST(install_name) +AC_SUBST(INSTALL_NAME) +AC_SUBST(stegin_prg) +AC_SUBST(xor_code) + +AC_DEFINE_UNQUOTED(XOR_CODE, ${xor_code}) +AC_DEFINE_UNQUOTED(SH_SYSCALLTABLE, ${sh_syscalltable}) + + +exepack_state0=`${srcdir}/c_random.sh 2>/dev/null` +exepack_state1=`${srcdir}/c_random.sh 2>/dev/null` +exepack_state2=`${srcdir}/c_random.sh 2>/dev/null` + +AC_DEFINE_UNQUOTED(EXEPACK_STATE_0, ${exepack_state0}) +AC_DEFINE_UNQUOTED(EXEPACK_STATE_1, ${exepack_state1}) +AC_DEFINE_UNQUOTED(EXEPACK_STATE_2, ${exepack_state2}) + + +AC_ARG_ENABLE(suidcheck, + [ --enable-suidcheck check for suid/sgid files [[no]]], + [ + if test "x${enableval}" = "xyes"; then + AC_DEFINE(SH_USE_SUIDCHK) + fi + ] +) + + +systemmap="/boot/System.map" +sh_libkvm="" +AC_ARG_WITH(kcheck, + [ --with-kcheck[[=SYSTEM_MAP]] check Linux/FreeBSD/OpenBSD kernel integrity [[/boot/System.map]]], + [ + if test "x${withval}" != "xno"; then + AC_DEFINE(SH_USE_KERN) + kernelversion=`uname -r` + AC_DEFINE_UNQUOTED(SH_KERNEL_VERSION, _("${kernelversion}"), [Define the kernel version]) + if test "x${withval}" != "xyes"; then + systemmap="${withval}" + fi + if test "x${cross_compiling}" = xyes; then + : + elif test "x$selectconfig" = "xfreebsd"; then + LIBS="$LIBS -lkvm" + sh_libkvm="-lkvm" + elif test -f "${systemmap}"; then + : + else + AC_MSG_ERROR([--with-kcheck: cannot find system map ${systemmap}]) + fi + fi + ] +) +AC_SUBST(systemmap) +AC_SUBST(sh_libkvm) + +AC_ARG_ENABLE(base, + [ --enable-base=B1,B2 base key (0...2147483647)], + [ + AC_MSG_CHECKING(base key setting) + my_key_A=`echo ${enableval} | awk 'BEGIN{FS=","}{print $1}'` + my_key_B=`echo ${enableval} | awk 'BEGIN{FS=","}{print $2}'` + AC_MSG_RESULT(${my_key_A} ${my_key_B}) + if test "x${my_key_A}" = x; then + AC_MSG_ERROR([--enable-base: first base key has zero length]) + fi + if test "x${my_key_B}" = x; then + AC_MSG_ERROR([--enable-base: second base key has zero length]) + fi + echo "${my_key_A}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--enable-base: base key must be numeric in the range 0 to 2147483647]) + echo "${my_key_B}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--enable-base: base key must be numeric in the range 0 to 2147483647]) + ], + [ + AC_MSG_CHECKING(base key setting .. collecting entropy) + my_key_1=`${srcdir}/c_random.sh 2>/dev/null` + my_key_2=`${srcdir}/c_random.sh 2>/dev/null` + my_key_3=`${srcdir}/c_random.sh 2>/dev/null` + my_key_4=`${srcdir}/c_random.sh 2>/dev/null` + my_key_A=`expr $my_key_1 \* 32767` + my_key_A=`echo ${my_key_A} | sed 's%^0*%%g' 2>/dev/null` + my_key_A=`expr $my_key_A \+ $my_key_2` + my_key_B=`expr $my_key_3 \* 32767` + my_key_B=`echo ${my_key_B} | sed 's%^0*%%g' 2>/dev/null` + my_key_B=`expr $my_key_B \+ $my_key_4` + AC_MSG_RESULT(${my_key_A} ${my_key_B}) + ] + ) +AC_SUBST(my_key_A) +AC_SUBST(my_key_B) + +dnl low bytes +my_key_1=`expr $my_key_A \% 65536` +dnl high bytes +my_key_2=`expr $my_key_A \/ 65536` +dnl low bytes +my_key_3=`expr $my_key_B \% 65536` +dnl high bytes +my_key_4=`expr $my_key_B \/ 65536` + +dnl echo ${my_key_1} ${my_key_2} ${my_key_3} ${my_key_4} + +dnl touch ./sh_MK.h +dnl echo "#ifndef SH_MK_H" >> ./sh_MK.h +dnl echo "#define SH_MK_H" >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_1} MKB >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_2} MKA >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_3} MKC >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_4} MKD >> ./sh_MK.h +dnl echo "#endif" >> ./sh_MK.h +AC_SUBST(my_key_1) +AC_SUBST(my_key_2) +AC_SUBST(my_key_3) +AC_SUBST(my_key_4) + +AC_MSG_CHECKING(key position) +pos_tf_1=`${srcdir}/c_random.sh 2>/dev/null` +pos_tf_2=`expr $pos_tf_1 \% 8` +pos_tf=`expr $pos_tf_2 + 1` +AC_MSG_RESULT(${pos_tf}) +AC_DEFINE_UNQUOTED(POS_TF, ${pos_tf} ) + +mykeybase=`echo ${my_key_A},${my_key_B}` +AC_DEFINE_UNQUOTED(DEFKEY, ${mykeybase} ) +AC_SUBST(mykeybase) + + +dnl +dnl GPG/PGP options +dnl + +AC_ARG_WITH(gpg, + [ --with-gpg=PATH use GnuPG to verify database/config [[no]]], + [ + if test "x${withval}" != "xno"; then + if test "x${cross_compiling}" = xyes; then + mygpg="${withval}" + else + if test -f "${withval}"; then + mygpg="${withval}" + mychk0=`${withval} --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + mychktest=no + for sampre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do + if test x"${mychktest}" = xyes + then + : + else + if test -f ${sampre} + then + echo "use existing ${sampre} for gpg checksum" + mychk0=`${sampre} -H ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + : + else + mychk="${mychk0}" + mychktest=yes + fi + fi + fi + done + if test x${mychktest} = xno; then + AC_MSG_WARN([--with-gpg: cannot determine TIGER192 checksum of ${withval}]) + echo "-------------------------------------------------------------" + echo " Your gpg binary does not support the TIGER192 checksum, " + echo " and I cannot find an existing samhain binary to use instead." + echo " You can:" + echo " (a) run make to compile a samhain binary, then repeat" + echo " ./configure and make" + echo " (b) ignore the failure. The checksum of the gpg binary" + echo " will not get compiled in, thus allowing an attacker" + echo " to replace gpg with a trojan and subverting the gpg" + echo " signature verification of configure and database files." + echo + echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" + echo "-------------------------------------------------------------" + fi + else + mychk="${mychk0}" + fi + else + AC_MSG_WARN([--with-gpg: cannot find GnuPG PATH=${withval}]) + fi + fi + AC_DEFINE(WITH_GPG) + AC_DEFINE_UNQUOTED(DEFAULT_GPG_PATH, _("${mygpg}") ) + AC_SUBST(mygpg) + fi + ] +) + +dnl AC_ARG_WITH(pgp, +dnl [ --with-pgp=PATH Use PGP to verify database/config (no).], +dnl [myppg="$withval" +dnl AC_DEFINE(WITH_PGP) +dnl AC_DEFINE_UNQUOTED(DEFAULT_PGP_PATH, _("${myppg}") ) +dnl ]) + +AC_ARG_WITH(checksum, + [ --with-checksum=CHKSUM compile in gpg/pgp checksum [[yes]]], + [ + if test "x${withval}" != "xno"; then + if test "x${withval}" != "xyes"; then + if test "x${mychk}" != "x"; then + if test "x${mychk}" != "x${withval}"; then + AC_MSG_WARN([--with-checksum: possible gpg CHKSUM problem]) + AC_MSG_WARN([--with-checksum: CHKSUM=${withval}]) + AC_MSG_WARN([--with-checksum: autodetected=${mychk}]) + fi + fi + mychk="${withval}" + else + if test "x${mychk}" = "x"; then + AC_MSG_ERROR([--with-checksum: gpg CHKSUM not specified]) + fi + fi + AC_DEFINE(HAVE_GPG_CHECKSUM) + AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + fi + ], + [ + if test "x${mygpg}" != "x"; then + if test "x${mychk}" != "x"; then + AC_DEFINE(HAVE_GPG_CHECKSUM) + AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + fi + fi + ] +) + +AC_ARG_WITH(fp, + [ --with-fp=FINGERPRINT compile in public key fingerprint [[no]]], + [ + if test "x${withval}" != "xno"; then + if test "x${withval}" != "xyes"; then + withval0=`echo ${withval} | sed 's% %%g'` + echo "${withval0}" | \ + grep ['[^0123456789abcdefABCDEF]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--with-fp: invalid character(s) in FINGERPRINT=${withval0}]) + sh_len=`echo ${withval0} | wc -c | sed 's% %%g'` + sh_len0=`expr ${sh_len} \- 1` + if test "x${sh_len0}" = "x40" || test "x${sh_len0}" = "x32" + then + myfp="${withval0}" + AC_DEFINE(USE_FINGERPRINT) + AC_DEFINE_UNQUOTED(SH_GPG_FP, _("${myfp}") ) + echo "${myfp}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef FINGERPRINT_H"; print "#define FINGERPRINT_H"; printf "char gpgfp[%d];\n", m+1; for (i=1; i <= m; i++) printf "gpgfp[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgfp[%d] = %c%c0%c;\n", m, 39, 92, 39; print "#endif"; }' > sh_gpg_fp.h + else + AC_MSG_ERROR([--with-fp: length (${sh_len0}) of FINGERPRINT ${withval0} incorrect]) + fi + else + AC_MSG_ERROR([--with-fp: usage error ... FINGERPRINT=yes]) + fi + fi + ]) + + +dnl +dnl MAIL OPTIONS +dnl + +AC_ARG_WITH(recipient, + [ --with-recipient=ADDR set recipient(s) for e-mail [[none]]], + [ + withval0=`echo ${withval} | sed 's%,% %g'` + for sh_item in ${withval0} + do + case ${sh_item} in + *@localhost) + ;; + *@*.*) + sh_tmp=`echo ${sh_item} | awk '{ if ($1 ~ [/^[a-zA-Z0-9][a-zA-Z0-9\-_\.]*@[a-zA-Z0-9\-\.]+\.([a-zA-Z]+|[0-9]+)$/]) {print 1; } else { print 0}}'` + if test "x${sh_tmp}" != "x1" + then + AC_MSG_ERROR([--with-recipient: invalid mail address ${sh_item}]) + fi + ;; + *) + AC_MSG_ERROR([--with-recipient: invalid mail address ${sh_item}]) + ;; + esac + done + myrcp="$withval0" + ], + [myrcp="NULL"]) +AC_DEFINE_UNQUOTED(DEFAULT_MAILADDRESS, _("${myrcp}") ) + + +AC_ARG_WITH(sender, + [ --with-sender=SENDER set sender for e-mail [[daemon]]], + [ + mysender="${withval}" + ], + [ + mysender="daemon" + ]) +AC_DEFINE_UNQUOTED(DEFAULT_SENDER, _("${mysender}") ) + + +dnl +dnl PATHS +dnl + +AC_ARG_WITH(trusted, + [ --with-trusted=UID Set uid(s) of trusted users [[0]]], + [ + sh_tmp_test=no + sh_tmp=`echo ${withval} | sed 's%,% %g'` + for sh_tmp1 in ${sh_tmp} + do + echo "${sh_tmp1}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([--with-trusted: non-numeric UID in ${withval}]) + if test "x${sh_tmp1}" = "x0" + then + sh_tmp_test=yes + fi + done + if test "x${sh_tmp_test}" = "xno" + then + withval="0,${withval}" + fi + mytrust="${withval}" + ], + [mytrust="0"] ) +AC_DEFINE_UNQUOTED(SL_ALWAYS_TRUSTED, ${mytrust} ) +AC_SUBST(mytrust) + +AC_ARG_WITH(tmp-dir, + [ --with-tmp-dir=PFX set directory for temporary files [[HOME]]], + [ + if test "x${cross_compiling}" = xyes; then + : + else + if test -d "${withval}"; then + my_tmp_dir="$withval" + AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${my_tmp_dir}") ) + else + AC_MSG_ERROR([--with-tmp-dir: tmp directory ${withval} does not exist]) + fi + fi + ] +) + +dnl +dnl PATH DEFAULTS +dnl + +if test "x${ac_prefix_set}" = xyes +then + if test "x${exec_prefix}" = xNONE + then + exec_prefix="${prefix}" + fi + + if test "x${prefix}" = xOPT + then + tmp_sbindir="/opt/${install_name}/bin" + tmp_sysconfdir="/etc/opt" + tmp_mandir="/opt/${install_name}/man" + tmp_localstatedir="/var/opt/${install_name}" + elif test "x${prefix}" = xUSR + then + tmp_sbindir="/usr/sbin" + tmp_sysconfdir="/etc" + tmp_mandir="/usr/share/man" + tmp_localstatedir="/var" + else + tmp_sbindir=`eval echo ${sbindir}` + tmp_sysconfdir=`eval echo ${sysconfdir}` + tmp_mandir=`eval echo ${mandir}` + tmp_localstatedir=`eval echo ${localstatedir}` + fi +else + prefix="" + if test "x${ac_exec_prefix_set}" = xyes + then + tmp_sbindir=`eval echo ${sbindir}` + else + tmp_sbindir="/usr/local/sbin" + fi + tmp_sysconfdir="/etc" + # share/man -> man (FHS) 11.10.2002 + tmp_mandir="/usr/local/man" + tmp_localstatedir="/var" +fi + + +if test "x${ac_sbindir_set}" = xyes +then + : +else + sbindir=`eval echo ${tmp_sbindir}` +fi + + +if test "x${ac_sysconfdir_set}" = xyes +then + : +else + sysconfdir=`eval echo ${tmp_sysconfdir}` +fi + +if test "x${ac_mandir_set}" = xyes +then + : +else + mandir=`eval echo ${tmp_mandir}` +fi + +if test "x${ac_localstatedir_set}" = xyes +then + : +else + localstatedir=`eval echo ${tmp_localstatedir}` +fi + + + +AC_ARG_WITH(config-file, + [ --with-config-file=FILE configuration file [[/etc/{install_name}rc]]], + [ + myconffile="${withval}" + changequote(<<, >>)dnl + tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` + sysconfdir=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` + myrpmconffile="${tmp}" + changequote([, ])dnl + ], + [ + myconffile="${sysconfdir}/${install_name}rc" + myrpmconffile="${myconffile}" + ] +) +AC_DEFINE_UNQUOTED(DEFAULT_CONFIGFILE, _("${myconffile}") ) +AC_SUBST(myconffile) +AC_SUBST(myrpmconffile) + +AC_ARG_WITH(log-file, + [ --with-log-file=FILE path of log file [[/var/log/{install_name}_log]]], + [ + mylogfile="$withval" + changequote(<<, >>)dnl + mylogdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + changequote([, ])dnl + ], + [ + if test "x${mytclient}" = "x-DSH_WITH_SERVER"; then + mylogfile="${localstatedir}/log/${install_name}/${install_name}_log" + mylogdir="${localstatedir}/log/${install_name}" + else + mylogfile="${localstatedir}/log/${install_name}_log" + mylogdir="${localstatedir}/log" + fi + ] +) +AC_DEFINE_UNQUOTED(DEFAULT_ERRFILE, _("${mylogfile}") ) +AC_DEFINE_UNQUOTED(DEFAULT_LOGDIR, _("${mylogdir}") ) +AC_SUBST(mylogfile) +AC_SUBST(mylogdir) + +AC_ARG_WITH(pid-file, + [ --with-pid-file=FILE set path of pid file [[/var/run/{install_name}.pid]]], + [ + mylockfile="$withval" + changequote(<<, >>)dnl + mylockdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + changequote([, ])dnl + ], + [ + mylockfile="${localstatedir}/run/${install_name}.pid" + mylockdir="${localstatedir}/run" + ] +) +AC_DEFINE_UNQUOTED(DEFAULT_ERRLOCK, _("${mylockfile}") ) +AC_DEFINE_UNQUOTED(DEFAULT_PIDDIR, _("${mylockdir}") ) +AC_SUBST(mylockfile) +AC_SUBST(mylockdir) + +AC_ARG_WITH(state-dir, + [ --with-state-dir=PFX set state data directory [[/var/lib/{install_name}]]], + [ + mydataroot="$withval" + ], + [ + mydataroot="${localstatedir}/lib/${install_name}" + ] + ) +AC_ARG_WITH(data-file, + [ --with-data-file=FILE set path of data file], + [ + mydatafile="$withval" + changequote(<<, >>)dnl + tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` + mydataroot=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` + myrpmdatafile="${tmp}" + changequote([, ])dnl + if test x"${tmp}" = x + then + echo "No local path in data file ${withval}" + echo "This will not work for initializing the database." + if test x"${withval}" = xREQ_FROM_SERVER + then + echo "It should be REQ_FROM_SERVER/some/local/path" + fi + AC_MSG_ERROR([--with-data-file: invalid path ${withval}]) + fi + ], + [ + mydatafile="${mydataroot}/${install_name}_file" + myrpmdatafile="${mydatafile}" + ]) +AC_DEFINE_UNQUOTED(DEFAULT_DATA_FILE, _("${mydatafile}") ) +AC_SUBST(mydatafile) +AC_SUBST(myrpmdatafile) + +AC_DEFINE_UNQUOTED(DEFAULT_DATAROOT, _("${mydataroot}") ) +AC_SUBST(mydataroot) + +AC_DEFINE_UNQUOTED(DEFAULT_QDIR, _("${mydataroot}/.quarantine") ) +AC_SUBST(myqdir) + + +AC_ARG_WITH(html-file, + [ --with-html-file=FILE set path of html file,], + [ + myhtmlfile="$withval" + ], + [ + myhtmlfile="${mylogdir}/${install_name}.html" + ]) +AC_DEFINE_UNQUOTED(DEFAULT_HTML_FILE, _("${myhtmlfile}") ) +AC_SUBST(myhtmlfile) + + +mydefargs=$ac_configure_args +# if test -z "`echo "$mydefargs" | grep "\-\-enable\-static" 2> /dev/null`" +# then +# mydefargs="--enable-static $mydefargs" +# fi +if test -z "`echo "$mydefargs" | grep "\-\-enable\-base" 2> /dev/null`" +then + mydefargs="--enable-base=${mykeybase} $mydefargs" +fi +AC_SUBST(mydefargs) + + +AC_DEFINE_UNQUOTED(SH_INSTALL_DIR, _("${sbindir}")) +AC_DEFINE_UNQUOTED(SH_INSTALL_PATH, _("${sbindir}/${install_name}")) +AC_DEFINE_UNQUOTED(SH_INSTALL_NAME, _("${install_name}")) + +AC_CONFIG_HEADER(config.h) + +AC_OUTPUT( +[ +Makefile +samhain-install.sh +init/samhain.startLSB +init/samhain.startLinux +init/samhain.startGentoo +init/samhain.startFreeBSD +init/samhain.startSolaris +init/samhain.startHPUX +init/samhain.startIRIX +samhain.spec +rules.deb +rules.deb-light +hp_ux.psf +scripts/samhain.spec +scripts/redhat_i386.client.spec +scripts/samhain.ebuild +scripts/samhain.ebuild-light +scripts/samhainadmin.pl +scripts/check_samhain.pl +deploy.sh +], +[ +echo timestamp > stamp-h +chmod +x samhain-install.sh +chmod +x scripts/samhainadmin.pl +chmod +x scripts/check_samhain.pl +] +) + +chmod +x deploy.sh + +if test "x${cross_compiling}" = xyes +then + +echo "--------------------------------------------------------------" +echo +echo "You are using a cross-compiler. The following system dependent" +echo "values may have been set to default values that may be" +echo "incorrect for your target system: " +echo +echo "ac_cv_c_bigendian bigendian byte order ${ac_cv_c_bigendian}" +echo "ac_cv_c_long_double long double exists ${ac_cv_c_long_double}" +echo "ac_cv_sizeof_char_p size of pointer to char ${ac_cv_sizeof_char_p}" +echo "ac_cv_sizeof_char_p size of size_t ${ac_cv_sizeof_size_t}" +echo "ac_cv_sizeof_unsigned_int_ size of unsigned int ${ac_cv_sizeof_unsigned_int_}" +echo "ac_cv_sizeof_unsigned_long size of unsigned long ${ac_cv_sizeof_unsigned_long}" +echo "ac_cv_sizeof_unsigned_short size of unsigned short ${ac_cv_sizeof_unsigned_short}" +echo +echo "If these values are incorrect, change them in the file " +echo "config.cache and run configure again." +echo +echo "--------------------------------------------------------------" + +fi + +if test x${silent} != xyes +then + + # A=`eval echo ${sbindir}` ; A=`eval echo ${A}` + # B=`eval echo ${myconffile}` ; B=`eval echo ${B}` + # C=`eval echo ${mandir}` ; C=`eval echo ${C}` + # D=`eval echo ${mylockfile}` ; D=`eval echo ${D}` + # E=`eval echo ${mylogfile}` ; E=`eval echo ${E}` + # F=`eval echo ${mydataroot}` ; F=`eval echo ${F}` + + echo + echo " samhain has been configured as follows:" + echo " System binaries: ${sbindir}" + echo " Configuration file: ${myconffile}" + echo " Manual pages: ${mandir}" + echo " Data: ${mydataroot}" + echo " PID file: ${mylockfile}" + echo " Log file: ${mylogfile}" + echo " Base key: ${mykeybase}" + echo + if test x"$mytclient" = x"-DSH_WITH_SERVER" + then + echo " Selected rc file: yulerc" + else + echo " Selected rc file: samhainrc.${selectconfig}" + fi + +fi + Index: branches/samhain-2_2-branch/depend.dep =================================================================== --- branches/samhain-2_2-branch/depend.dep (revision 66) +++ branches/samhain-2_2-branch/depend.dep (revision 66) @@ -0,0 +1,62 @@ + +# DO NOT DELETE THIS LINE +samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_forward.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h sh_MK.h $(srcinc)/sh_schedule.h +sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/sh_ignore.h +sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h +sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h +sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/zAVLTree.h +sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h +sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_database.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_files.h $(srcinc)/sh_mail.h $(srcinc)/sh_calls.h $(srcinc)/sh_tiger.h $(srcinc)/sh_forward.h $(srcinc)/sh_modules.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_extern.h $(srcinc)/sh_database.h $(srcinc)/sh_prelude.h +sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h +sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h +sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h +sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h +sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/sh_hash.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h +sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h +sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h +sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h +sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h +sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h +sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h +sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h +sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h +sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h +sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h +sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_forward.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h +sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h +sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h +sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h +sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h +sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h +bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h +mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h +samhain_setpwd.o: $(srcsrc)/samhain_setpwd.c Makefile config_xor.h +samhain_stealth.o: $(srcsrc)/samhain_stealth.c Makefile config_xor.h +encode.o: $(srcsrc)/encode.c Makefile +sstrip.o: $(srcsrc)/sstrip.c Makefile config.h +trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h +exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data +exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h +exepack_mkdata.o: $(srcsrc)/exepack_mkdata.c Makefile config.h $(srcinc)/minilzo.h +minilzo.o: $(srcsrc)/minilzo.c Makefile $(srcinc)/minilzo.h +slib.o: $(srcsrc)/slib.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +rijndael-alg-fst.o: $(srcsrc)/rijndael-alg-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-boxes-fst.h +rijndael-api-fst.o: $(srcsrc)/rijndael-api-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-api-fst.h +zAVLTree.o: $(srcsrc)/zAVLTree.c Makefile $(srcinc)/zAVLTree.h +sh_socket.o: $(srcsrc)/sh_socket.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_socket.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/zAVLTree.h $(srcinc)/sh_html.h $(srcinc)/sh_tools.h +sh_ignore.o: $(srcsrc)/sh_ignore.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h +yulectl.o: $(srcsrc)/yulectl.c Makefile config_xor.h +sh_mounts.o: $(srcsrc)/sh_mounts.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_mounts.h +sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h +sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h +sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h +sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h +sh_prelude_old.o: $(srcsrc)/sh_prelude_old.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_mem.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h +kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h +sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h Index: branches/samhain-2_2-branch/depend.sum =================================================================== --- branches/samhain-2_2-branch/depend.sum (revision 66) +++ branches/samhain-2_2-branch/depend.sum (revision 66) @@ -0,0 +1,1 @@ +896592903 Index: branches/samhain-2_2-branch/deploy.sh.in =================================================================== --- branches/samhain-2_2-branch/deploy.sh.in (revision 66) +++ branches/samhain-2_2-branch/deploy.sh.in (revision 66) @@ -0,0 +1,1078 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +#VERSION2.0 + +# ----------------------------------------------------------------------- +# Be Bourne compatible +# ----------------------------------------------------------------------- + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# ----------------------------------------------------------------------- +# Make sure we support functions (from the autoconf manual) +# ----------------------------------------------------------------------- + +SHELL="${SHELL-/bin/sh}" +if test x"$1" = "x--re-executed" +then + shift +elif "$SHELL" -c 'foo () { (exit 0); exit 0; }; foo' 2>/dev/null +then + : +else + for cmd in sh bash ash bsh ksh zsh sh5; do + X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + shell="$dir/$cmd" + if (test -f "$shell" || test -f "$shell.exe") + then + if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' 2>/dev/null + then + SHELL="$shell"; export SHELL + IFS=${OLD_IFS}; export IFS + exec "$shell" "$0" --re-executed ${1+"$@"} + fi + fi + done + IFS=${OLD_IFS}; export IFS + done + echo "-----------------------------------------------------------------" + echo "ERROR: Unable to locate a shell interpreter with function support" >&2 + echo "-----------------------------------------------------------------" + { (exit 1); exit 1; } +fi + +# ----------------------------------------------------------------------- +# Test for 'echo -n' +# ----------------------------------------------------------------------- + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,* ) ECHO_N=-n ECHO_C= ;; + *) ECHO_N= ECHO_C='\c' ;; +esac + +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + +######################################################################### +# +# Configuration section +# +######################################################################### + +# ----------------------------------------------------------------------- +# The following part will be cut and saved to ~/.deploy.conf +# ----------------------------------------------------------------------- + +#__BEGIN_CUT__ + +######################################################################### +# +# This file is sourced by a Bourne shell script. +# Thus you need to take care of proper shell syntax. +# +######################################################################### + +# if you need, you can expand your PATH environment variable here +# just uncomment and replace /opt/contrib/bin with whatever you need +# +# PATH="/opt/contrib/bin:${PATH}"; export PATH + +# the base directory of the deployment system +# CLI option: --basedir=... +# +defbasedir="@mydataroot@/profiles" + +# the name of the database of installed clients +# no CLI option +# +defdatabase="yulerc.install.db" + +# be quiet; 0 = false, 1 = true, 2 = very quiet +# CLI option: --quiet | --quiet=2 +# +silent=0; + +# assume yes as answer to all prompts and run non-interactively +# 0 = false, 1 = true +# CLI option: --yes +# +assumeyes=0; + +# which 'dialog' to use (e.g. "Xdialog") +# "no" for plain text; empty ("") lets the program search for dialog +# CLI option: --dialog=... +# +prefdialog="" + +# operating system; no default +# CLI option: --arch=... +# +arch="" + +# Format for binary packages (run | deb | rpm | tbz2 | solaris-pkg | depot) +# CLI option: --format=... +# +format="" + +# logfile; default is none +# CLI option: --logfile=... +# +logfile="" + +# The path to the yule (samhain server) executable. +# CLI option: --yule_exec=... +# +yule_exec="@sbindir@/yule" + +# The path to the yule (samhain server) configuration file. +# CLI option: --yule_conf=... +# +yule_conf="@sysconfdir@/yulerc" + +# The path to the data directory of yule (samhain server). +# This is the directory where client configuration/database files +# are stored. +# CLI option: --yule_data=... +# +yule_data="@mydataroot@" + +#__END_CUT__ + +# ----------------------------------------------------------------------- +# Write configuration file to user home directory/Read configuration file +# ----------------------------------------------------------------------- + +if test -f ~/.deploy.conf +then + . ~/.deploy.conf +else + # + # From the autoconf configure script - search ourselves + # + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) old_IFS=$IFS; IFS=: + for as_dir in $PATH + do + IFS=$old_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "ERROR: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + cat "$as_myself" | sed -n -e '/^#__BEGIN_CUT__/,/^#__END_CUT__/ p ' >~/.deploy.conf && { + echo + echo "-----------------------------------------------------" + echo " Configuration file ~/.deploy.conf created" + echo " You may want to edit it to adapt it to your needs" + echo "-----------------------------------------------------" + echo + } +fi + +export silent +export assumeyes +export arch +export logfile +export format +export yule_exec +export yule_conf +export yule_data + +# dialog +# +DIALOG="${prefdialog}"; +export DIALOG + +# base directory +# +basedir="$defbasedir"; +export basedir + +# simulate only; 0 = false, 1 = true +# +simulate=0; +export simulate + +# version +# +version=2.0; +export version + +# host; no default +# +host= +export host + +# hostgroup; empty default +# +hostgroup= +export hostgroup + + +# action; no default +# +action= +export action + +# the 'log.lastrun' logfile +# +logOpen=0 +export logOpen + + +# source version; default = current +# +src_version="" +export src_version + +# checksrc; do you want to delete if PGP signature check fails ? +# +cs_delete=0 +export cs_delete + +# build; do you want to pack the executable ? +# +bd_packed='' +export bd_packed + +bd_user='root' +export bd_user + +# addpath +# +bd_addpath="" +export bd_addpath + +# Install; do you want to initialize the database ? +# +is_init=y +export is_init + +# Install; do you want to replace the rc.host file ? +# +is_rcfile=y +export is_rcfile + +# Install; do you want to start the client ? +# +is_startup=y +export is_startup + +# Install; optional local command ? +# +local_command=""; export local_command + +# Info on packages ? +# +showpkg=n +export showpkg + +######################################################################### +# +# Help Subroutines +# +######################################################################### + +# ----------------------------------------------------------------------- +# We cannot source these, because we don't know yet the base directory +# ----------------------------------------------------------------------- + +showUNINSTALL() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] uninstall" + echo + echo "Uninstall the samhain client from the specified host. Can only be" + echo "used if the client has been installed with deploy.sh version 2." + echo + echo "Options:" + echo + echo " --host= The host where you want to uninstall." + echo + { (exit 0); exit 0; } +} + +showINFO() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] info" + echo + echo "Show info for hosts in client database (default), or for available" + echo "binary installer packages." + echo + echo "Options:" + echo + echo " --packages Show info on packages." + echo + { (exit 0); exit 0; } +} + +showCLEAN() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] clean" + echo + echo "Remove all files that are no longer needed:" + echo " - Source tarballs in ${basedir}/source" + echo " - Unused installer packages in ${basedir}/archpkg" + echo + { (exit 0); exit 0; } +} + +showCHECKSRC() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] checksrc" + echo + echo "Check PGP signatures of source tarballs in the source/ subdirectory" + echo "of the deploy system." + echo "You must have gpg (GnuPG) in your PATH, and you should have imported" + echo "the samhain release PGP key (Key ID 0F571F6C, Rainer Wichmann)." + echo "To import the key, simply execute the command" + echo "\"gpg --keyserver blackhole.pca.dfn.de --recv-keys 0F571F6C\"" + echo + echo "Options:" + echo + echo " --delete Delete source tarballs if PGP signature" + echo " cannot be verified." + echo + { (exit 0); exit 0; } +} + +showDOWNLOAD() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] download" + echo + echo "Download a samhain source tarball from http://www.la-samhna.de," + echo "check its PGP signature, and install it into the source/ subdirectory" + echo "of the deploy system." + echo "You must have gpg (GnuPG) in your PATH, and you should have imported" + echo "the samhain release PGP key (Key ID 0F571F6C, Rainer Wichmann)." + echo "To import the key, simply execute the command" + echo "\"gpg --keyserver blackhole.pca.dfn.de --recv-keys 0F571F6C\"" + echo + echo "Options:" + echo + echo " --version= Version of samhain to download. The" + echo " default is \"current\" to download the current version." + echo + { (exit 0); exit 0; } +} + +showBUILD() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] build" + echo + echo "Copy a source tarball to a build machine, build a binary package, and fetch" + echo "the package. Will bail out if not running under ssh-agent. If you are sure" + echo "that you don't need ssh-agent, set the environment variable SSH_AGENT_PID" + echo "to some arbitrary string before launching the deploy.sh command." + echo + echo "Options:" + echo + echo " --host= The build host." + echo " --arch= The architecture/operating system to build for." + echo " This is used to get the \"./configure\" options from the file" + echo " \${basedir}/configs/\${arch}.configure." + echo " --version= The version of samhain you want to build." + echo " --format=" + echo " The format of the package. \"run\" is a portable tar" + echo " package, \"deb\" is for Debian, \"tbz2\" for Gentoo," + echo " \"rpm\" for any RPM-based Linux, \"solaris-pkg\"" + echo " for Sun Solaris, and \"depot\" for HP-UX" + echo " --packed= The client password, if you want to" + echo " create a packed executable. Defaults to empty (don't pack)" + echo " --user= Login as to the build host (root)." + echo " --add-path= Append 'path' to the PATH variable on the build host." + { (exit 0); exit 0; } +} + +showINSTALL() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] install" + echo + echo "Copy a pre-built binary installer package to a remote host, stop the client" + echo "running there (if any), install the (new) client, optionally initialize" + echo "the file signature database and fetch it from the remote host, update" + echo "the server configuration file and reload the server." + echo + echo "Options:" + echo + echo " --host= The host where you want to install." + echo " --group= Optional group the host belongs to." + echo " --arch= The architecture/operating system of this host." + echo " This is used to get the correct binary package." + echo " --version= The version of samhain you want to install." + echo " --format=" + echo " The format of the binary package." + echo " --yule_exec= The path to the 'yule' executable." + echo " --yule_conf= The path to the 'yule' configuration file." + echo " --yule_data= The path to the 'yule' data directory." + echo " --no-init Do not initialize the file signature database." + echo " --no-rcfile Do not replace the rc.host file on server." + echo " --no-start Do not start the client after installation." + echo " --local= Local command (executed twice: " + echo " after config installation and before client startup)." + { (exit 0); exit 0; } +} + +showUSAGE() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] command" + echo + echo "Commands: info | clean | download | checksrc | build | install | uninstall" + echo + echo "Options:" + echo " -h | --help Print general usage information." + echo " -h | --help Print usage information for \"command\"." + echo " --basedir= Set the basedir for the deployment system." + echo " The default is ${defbasedir}." + echo " -q | --quiet Produce output suitable for logging." + echo " You can also use -q=# to set the quiet level up to" + echo " a maximum of 2. Note that -q=2 implies --yes (see below)." + echo " -s | --simulate Perform a simulation of events that" + echo " would occur but do not actually change the system." + echo " -y | --yes Assume "yes" as answer to" + echo " all prompts and run non-interactively." + echo " -o | --logfile=" + echo " Specify an output file for messages that would go to stdout" + echo " otherwise. Has no effect on stderr (error messages)." + echo " -d | --dialog= Specify your preferred \"dialog\"" + echo " clone (e.g. Xdialog). Use \"no\" to force plain text." + if test x"$1" = x + then + { (exit 0); exit 0; } + else + { (exit $1); exit $1; } + fi +} + +######################################################################### +# +# Command line +# +######################################################################### + +for option +do + + # If the previous option needs an argument, assign it. + # + if test -n "$opt_prev"; then + eval "$opt_prev=\$option" + eval export "$opt_prev" + opt_prev= + continue + fi + + case "$option" in + -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case "$option" in + + # Info + + --packages | -packages) + showpkg=y; export showpkg; + ;; + + # Install + + --yule_exec | -yule_exec | --yule-exec | -yule-exec) + opt_prev=yule_exec + ;; + + --yule_exec=* | -yule_exec=* | --yule-exec=* | -yule-exec=*) + yule_exec="$optarg"; export yule_exec + ;; + + --yule_conf | -yule_conf | --yule-conf | -yule-conf) + opt_prev=yule_conf + ;; + + --yule_conf=* | -yule_conf=* | --yule-conf=* | -yule-conf=*) + yule_conf="$optarg"; export yule_conf + ;; + + --yule_data | -yule_data | --yule-data | -yule-data) + opt_prev=yule_data + ;; + + --yule_data=* | -yule_data=* | --yule-data=* | -yule-data=*) + yule_data="$optarg"; export yule_data + ;; + + --no-init | -no-init) + is_init=n; export is_init + ;; + + --no-rcfile | -no-rcfile) + is_rcfile=n; export is_rcfile + ;; + + --no-start | -no-start) + is_startup=n; export is_startup + ;; + + --local | -local) + opt_prev=local_command + ;; + + --local=* | -local=*) + local_command="$optarg"; export local_command + ;; + + --group | -group) + opt_prev=hostgroup + ;; + + --group=* | -group=*) + hostgroup="$optarg"; export hostgroup + ;; + + # Build + + --format | -format) + opt_prev=format + ;; + + --format=* | -format=*) + format="$optarg"; export format + ;; + + --packed | --pack | -packed | -pack) + opt_prev=bd_packed + ;; + + --packed=* | -packed=*) + bd_packed="$optarg"; export bd_packed + ;; + + --user | -user) + opt_prev=bd_user + ;; + + --user=* | -user=*) + bd_user="$optarg"; export bd_user + ;; + + --add-path | -add-path | --addpath | -addpath) + opt_prev=bd_addpath + ;; + + --add-path=* | -add-path=* | --addpath=* | -addpath=*) + bd_addpath="$optarg"; export bd_addpath + ;; + + # Checksource + + --delete | -delete) + cs_delete=1; export cs_delete + ;; + + # Download + + --version | -version) + opt_prev=src_version + ;; + --version=* | -version=*) + src_version="$optarg"; export src_version + ;; + + # Generic + + --basedir | -basedir) + opt_prev=basedir + ;; + --basedir=* | -basedir=*) + basedir="$optarg"; export basedir + ;; + + --host | -host) + opt_prev=host + ;; + --host=* | -host=*) + host="$optarg"; export host + ;; + + --arch | -arch) + opt_prev=arch + ;; + --arch=* | -arch=*) + arch="$optarg"; export arch + ;; + + -o | --logfile | -logfile) + opt_prev=logfile + ;; + -o=* | --logfile=* | -logfile=*) + logfile="$optarg"; export logfile + ;; + + -h | --h | --help | -help | help) + if test $# -gt 1 + then + if test x"$2" = xdownload + then + showDOWNLOAD + elif test x"$2" = xinfo + then + showINFO + elif test x"$2" = xchecksrc + then + showCHECKSRC + elif test x"$2" = xclean + then + showCLEAN + elif test x"$2" = xbuild + then + showBUILD + elif test x"$2" = xinstall + then + showINSTALL + elif test x"$2" = xuninstall + then + showUNINSTALL + else + showUSAGE 1 + fi + fi + showUSAGE + ;; + + -q | --quiet | -quiet | --silent | -silent) + if test x"$silent" = x0 + then + silent=1; export silent + else + silent=2; export silent + fi + ;; + -q=* | --quiet=* | --silent=* | -silent=*) + silent="$optarg"; export silent + ;; + + -s | --simulate | -simulate | --dry-run | -dry-run | --recon | -recon | --just-print | -just-print | --no-act | -no-act) + simulate=1; export simulate + ;; + + -y | --yes | -yes) + assumeyes=1; export assumeyes + ;; + + -d | --dialog | -dialog) + opt_prev=DIALOG + ;; + -d=* | --dialog=* | -dialog=*) + DIALOG="$optarg"; export DIALOG + ;; + + -*) + showUSAGE 1 + ;; + + clean | download | checksrc | build | install | info | uninstall) + action="$option"; export action + break ;; + esac + +done + +######################################################################### +# +# Subroutines +# +######################################################################### + +# ----------------------------------------------------------------------- +# Printing/logging Subroutines +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcPRINT + +# ----------------------------------------------------------------------- +# Interaction Subroutines +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcDIALOG + +# ----------------------------------------------------------------------- +# Setup test Subroutines +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcSETUP + +# ----------------------------------------------------------------------- +# Subroutines for determining existence of / path to executables +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcEXE + +# ----------------------------------------------------------------------- +# Subroutines for building +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcBUILD + +# ----------------------------------------------------------------------- +# Subroutines for installing +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcINSTALL + +# ----------------------------------------------------------------------- +# Subroutines for client database +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcDB + +# ----------------------------------------------------------------------- +# Subroutine for the 'download' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comDOWNLOAD + +# ----------------------------------------------------------------------- +# Subroutine for the 'checksrc' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comCHECKSRC + +# ----------------------------------------------------------------------- +# Subroutine for the 'clean' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comCLEAN + +# ----------------------------------------------------------------------- +# Subroutine for the 'build' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comBUILD + +# ----------------------------------------------------------------------- +# Subroutine for the 'install' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comINSTALL + +# ----------------------------------------------------------------------- +# Subroutine for the 'install' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comUNINSTALL + + +######################################################################### +# +# Main +# +######################################################################### + +main_exit_status=0 + +tmpdir= + +# Find a dialog clone +# +findDIALOG + +# Check for basedir and tmpdir +# +testSETUP1 + +# Logfile setup +# +exec 5>${basedir}/tmp/logfile.lastrun +now=`date` +echo "$now: $0 " ${1+"$@"} >&5 +lastlog="${basedir}/tmp/logfile.lastrun"; export lastlog +logOpen=1 + +# Temporary directory/file setup +# +tmpD="$tmpdir/build.gui.$$" +mkdir "$tmpD" || printFATAL "Cannot create temporary directory $tmpD" +export tmpD +tmpF="$tmpD/tmpF.$$" +touch $tmpF || printFATAL "Cannot create temporary file $tmpF" +export tmpF +tmpERR="$tmpD/tmpERR.$$" +echo '0' > $tmpERR || printFATAL "Cannot create temporary file $tmpERR" +export tmpERR + +# Trap exit and cleanup +# +trap "exit_status=$?; rm -rf $tmpD; exit ${exit_status};" 0 +trap "(exit 1); exit 1;" 1 2 13 15 + +# Check for action to perform, and host, if required +# +testSETUP2 + +if test x"$action" = xdownload +then + if test x"$src_version" = x + then + src_version="current"; export src_version + fi + #--------------------------------------------------------------------- + # Vodoo code to tee both stdout and stderr, but keep them seperate. + #--------------------------------------------------------------------- + if test x"$DIALOG" = x + then + ((commandDOWNLOAD | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandDOWNLOAD 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version DOWNLOAD logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi +elif test x"$action" = xinfo +then + if test x"${showpkg}" = xn + then + if test x"$DIALOG" = x + then + ((dbSHOWHOSTS "${host}" | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + dbSHOWHOSTS "${host}" 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version INFO logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + else + if test x"$DIALOG" = x + then + ((dbSHOWPKG show | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + dbSHOWPKG show 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version INFO logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + fi +elif test x"$action" = xchecksrc +then + if test x"$DIALOG" = x + then + ((commandCHECKSRC | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandCHECKSRC 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version CHECKSRC logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi +elif test x"$action" = xclean +then + if test x"$DIALOG" = x + then + ((commandCLEAN | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandCLEAN 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version CLEAN logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi +elif test x"$action" = xbuild +then + + #--------------------------------------------------------------------- + # Make sure we are running under ssh-agent. + #--------------------------------------------------------------------- + if test x"$SSH_AGENT_PID" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." + else + promptYESNO "Not running under ssh-agent, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + fi + fi + + #--------------------------------------------------------------------- + # Setup. + #--------------------------------------------------------------------- + selBVERSION + selBARCH + selBFORMAT + + if test x"$DIALOG" = x + then + ((commandBUILD | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandBUILD 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version BUILD logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + +elif test x"$action" = xinstall +then + + needEXE ssh scp ssh-agent + + #--------------------------------------------------------------------- + # Make sure we are running under ssh-agent. + #--------------------------------------------------------------------- + if test x"$SSH_AGENT_PID" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." + else + promptYESNO "Not running under ssh-agent, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + fi + fi + + #--------------------------------------------------------------------- + # Setup. + #--------------------------------------------------------------------- + is_root=`id -u 2>/dev/null` + if test "x$?" = x0 && test "x${is_root}" != x0 + then + promptYESNO "You are not root, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + else + is_root=0 + fi + pathYULE + pathYDATA + selbinARCH + selbinVERSION + if test "x${is_init}" = xy + then + promptYESNO "Initialize database" "yes" + is_init=$YESNO + fi + if test "x${is_rcfile}" = xy + then + promptYESNO "Replace rc.host file on server" "yes" + is_rcfile=$YESNO + fi + if test "x${is_startup}" = xy + then + promptYESNO "Start client after installation" "yes" + is_startup=$YESNO + fi + if test -f "${yule_conf}" + then + : + else + promptINPUT "Please enter the path to the yule configuration file" + yule_conf="$INPUT"; export yule_conf + if test -f "${yule_conf}" + then + : + else + printFATAL "Cannot find ${yule_conf}" + fi + fi + + if test x"$DIALOG" = x + then + ((commandINSTALL | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandINSTALL 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version INSTALL logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + +elif test x"$action" = xuninstall +then + + needEXE ssh scp ssh-agent + + #--------------------------------------------------------------------- + # Make sure we are running under ssh-agent. + #--------------------------------------------------------------------- + if test x"$SSH_AGENT_PID" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." + else + promptYESNO "Not running under ssh-agent, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + fi + fi + + #--------------------------------------------------------------------- + # Setup. + #--------------------------------------------------------------------- + + dbINFO "$host" + + if test x"$?" = x0 + then + if test x"${DB_status}" = "xD2_installed" + then + : + else + if test x"${DB_status}" = "xD2_removed" + then + promptYESNO "Already uninstalled on host $host, continue" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + else + printFATAL "No deploy version 2 installation on host $host: ${DB_status}" + fi + fi + else + printFATAL "Cannot uninstall on host $host" + fi + + if test x"$DIALOG" = x + then + ((commandUNINSTALL | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandUNINSTALL 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version UNINSTALL logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + +fi + +if test x"${main_exit_status}" = x0 +then + test -f "$tmpERR" && main_exit_status=`cat "$tmpERR" | tr -d '\n'` +fi + +(exit ${main_exit_status}); exit ${main_exit_status}; Index: branches/samhain-2_2-branch/docs/BUGS =================================================================== --- branches/samhain-2_2-branch/docs/BUGS (revision 66) +++ branches/samhain-2_2-branch/docs/BUGS (revision 66) @@ -0,0 +1,33 @@ + +MacOS X: +------- + +(1) Pointed out by David: static linking is not supported on MacOS X, + see http://developer.apple.com/qa/qa2001/qa1118.html + +Solaris: +------- + +(1) This was pointed out by rog [at] iis dot fhg dot de (Ingo Rogalsky): + "It isn't possible, to link samhain statically with Solaris. + This is a Solaris issue (see Sun Infodoc ID12624) and + not a samhain problem." + +Linux, maybe others: +------------------- + +(1) With gdm (the GNOME display manager), GNOME version 1.2, using the + file hiding kernel module (configure option --enable-khide) + at system boot may cause problems (keyboard locked up). + No problem observed with kdm (the KDE display manager). + + In case of problems, you may need to reboot into single-user mode and + edit the boot init script ... it should be noted that on the test + system, gdm sometimes locked up the keyboard on other occasions + (e.g. after a fsck). + +(2) With gcc 2.95.2 (and glibc 2.1.3), it is not possible to use + --with-database and --enable-debug at the same time (the code will + segfault). This is apparently a compiler bug, and it does not happen + with gcc 3.0. + Index: branches/samhain-2_2-branch/docs/Changelog =================================================================== --- branches/samhain-2_2-branch/docs/Changelog (revision 66) +++ branches/samhain-2_2-branch/docs/Changelog (revision 66) @@ -0,0 +1,1665 @@ +2.2.6: + * fix error about non-readable file with no checksum required + * fix server warning about 'no server name known' + * fix 'make deb' makefile target + * fix default export severity for server + +2.2.5 (05-10-2006): + * fix broken Install.sh, reported by Alexander Kraemer + * workaround for glob(3) sillyness on MacOS X (reported by David) + * fix for broken resorce fork check (reported by David) + * fix for broken compilation on cygwin (reported by Elias) + +2.2.4 (03-09-2006): + * add regression test for the GrowingLogFiles issue to test suite + * fixed sh_unix.c: bug in database init if GrowingLogFiles used + with signed database (reported by Timothy Stotts) + * bug in manual fixed (incorrect documentation of --enable-user, + noticed by M. Brown) + * rc.subr compatible init script for FreeBSD/NetBSD + * improve routine to find rpm after build + * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip) + * fix error in manual (location of lock file) + * fix bug with SuidExclude (files in directory were still checked) + +2.2.3 (31-07-2006): + * fix samhainadmin.pl: check for gpg-agent running if use-agent is set + (ticket #28 by anonymous) + * fix stealth mode (regression in parser), problem reported by + Joschi Kuphal + * fix minor typo in sh_database.c (compile problem reported by + Joschi Kuphal) + +2.2.2 (17-07-2006) + * minor fixes for regression test scripts + * minor updates to the manual (suggested by Brian A. Seklecki) + * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+ + (problem reported by Leonhard Maylein) + * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM + is not defined + +2.2.1c (11-07-2006) + * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early + (Solaris 8 build failure reported by Jesse) + * fix sh_unix.c: wrong prototype for sh_unix_mlock() + if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by + Jonathan Kaufman) + +2.2.1b (20-06-2006): + * fix compile error on SuSE 10.1 (reported by Leonhard Maylein) + +2.2.1a (15-06-2006): + * fix compile error on i686/MacOS X (reported by Andreas Neth) + +2.2.1 (13-06-2006): + * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808) + * fix compiling with Oracle (noticed by Colapinto Giovanni) + * fix configure.ac for most recent autoconf version + (debian bug #369503) + * fix a regression that would make impossible local updates w/clients + * fix a few missing '\n' in sh_getopt.c + * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem + * fix Solaris package creation + * recognize Solaris doors and event ports + * fix the idmef_inode_t patch: provide required info to avoid stat() + * fix bug on database update: fill in dev and rdev fields + * fix get_file_infos() in sh_prelude.c: avoid premature return + * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK + * deploy.sh: allow to set a group for hosts upon installation + * patch by Yoann: fix an issue when setting the idmef_inode_t object + * fix memory leaks in error paths in sh_prelude.c + * fix concurrent inserts with postgres in sh_database.c + * code cleanup + * fix manual version in spec file, first noticed by Imre Gergely + +2.2.0 (01-05-2006): + * patch by Jim Simmons for samhainadmin.pl.in + * fix testsuite portability problems + * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700 + * fix potential NULL dereference in sh_utmp_endutent() + * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs) + * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve) + * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD) + * fix bug in sh_utils_obscurename (check isascii) + * scan h_aliases for FQDN if h_name is not + * add copyright/license info to test scripts + * add copyright/license info to deployment system scripts + * support server-to-server relay + * new CL option --server-port + * minor improvements in manual + * patch by Yoann Vandoorselaere for sh_prelude.c + * allow --longopt arg as well as --longopt=arg + * verify checksum of growing log files (up to previous size) + * rewrite of the test suite + * added a bit of unit testing + * minor optimizations in various places + * optimized implementation of tiger checksum algorithm + * read in 64k blocks (faster than 4k) + * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux + file attribute code + * kern_head: fix compilation of kernel check module on OpenBSD + * updated samhainrc.linux, samhainrc.freebsd + * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..) + * sh_files.c: fix missing use of flag_err_info + * sh_tiger0.c: remove repetitive use of mlock + * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), + add function sl_read_timeout_prep + +2.1.3 (13-03-2006): + * fix compile problem in slib.c (reported by Lawrence Bowie) + * fix bug with combination of one-shot update mode and file check + schedule (reportedby Dan Track) + * improved the windows howto according to suggestions by + Jorge Morgado + * fix samhain_hide kernel module for new linux kernel versions + * fix minor problem with dead client detection (problem reported + by Michal Kustosik) + +2.1.2 (10-01-2006): + * fix startup error with combination of gpg+prelude + +2.1.1a (22-12-2005): + * fixed a stupid bug in sh_files.c (break if file = dir) + +2.1.1 (21-12-2005): + * sh_calls.c: protect sh_calls_set_bind_addr against overriding + * comINSTALL, updateDB: use locking + * samhainadmin.pl: use locking + * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) + * improve zAVLSearch (remove redundant strcmp) + * use AVL tree in sh_files.c instead of linked list (better scaling) + * fix bug with suidcheck (no update/check in one-shot mode with + schedule instead of check interval; noticed by R. Rati) + * fix for problem with '-t update -i' if daemon mode (problem report + by Peter van der Does) + * fix for bug in sh_util_ask_update (two returns were required ...) + +2.1.0 (31-10-2005): + * minor fix for cross-compiling with --with-kcheck + * sh_forward.c: handle bad fds in the select() fd sets + (reported by hmy) + * sh_extern.c: fix debugging code + * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME + (reported by Gabor Kiss) + * makefile.in: fix for solaris package creation + * sh_mail.c, sh_readconf.c: mail filtering options + * sh_database.c: Oracle reconnect on connection failure + (bug report by Alexander A. Sobyanin) + * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable + (problem reported by Peter) + * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix + * fixes for gcc 4.0.2 compiler warnings + * ability to use daemon mode together with update + (wishlist Yoan Vandoorselaere) + * fixes for debugging + +2.0.10a (22-08-2005): + * fix for overlapping directory check specification (reported by Bub) + +2.0.10 (21-08-2005): + * fix for segfault (free() on a constant string) with libprelude + (problem reported by Grae Noble) + * upgrade FreeBSD kernel check to 5.4, minor fixes + * useful script for users of Linux kernel check + (contributed by marc heisterkamp) + * documentation improvements (suggested by Brian Seklecki and Robby) + +2.0.9 (25-08-2005): + * samhain_erase.c: add #define for NULL + * sh_suidchk.c: fix incorrect use of escaped filename + * sh_prelude.[ch], sh_readconf.c: configurable mapping from + samhain severity to prelude severity + * sh_unix.h: second arg of gettimeofday should be NULL + * sh_files.c: fix checking of directory special file (use specified + policy, not that of parent dir, problem found by Brian A. Seklecki) + * sh_entropy.c: longer timeout for entropy collector + * sh_socket.c, sh_forward.c: allow probing of clients for + necessity of configuration reload + * yulectl: minor fixes, option -v (verbose), new command PROBE + * fix 'File not found' messages for files flagged with IgnoreMissing + * sh_database.c: strip newline from oracle error messages + * sh_files.c: fix rsrc fork issue with MacOS X Tiger + (reported by A. Koren) + * never compute checksum if not checked (problem report by D.Hughes) + * sh_prelude.c: cleanup and bugfix by Yoann + * sh_hash.c: for prelude, make sure mode is supplied with user/group + and vice versa + * sh_prelude.c: provide proper FileAccess objects (bug + report by Mihai Ilinca) + +2.0.8 (03-07-2005): + * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than + $LIBPRELUDE_CFLAGS (bugfix by Yoann) + * samhain.spec.in: remove support for chkconfig (it's too buggy). + Strangely, if invoked as install_initd it behaves sanely ... + * src/sh_err_log.c: fix key input (this time for real) + * fix --with-altlogserver (bug from 2.0.7b) + * remove server socket in start/stop script + +2.0.7e (not released): + * Makefile.in: introduce a total of 6 sec delay for 'make' utilities + that use 1 sec resolution, and consider target out-of-date if + timestamp(target) = timestamp(dependency) ... + * src/sh_err_log.c: fix key input + * another fix for yulectl (use pwent->pw_dir) + * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH + +2.0.7d (not released): + * one more fix for the spec file (stupid rpm finds tags in comments!!!) + +2.0.7c (not released): + * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH + * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes + * samhain-install.sh.in: fix test -z $verbose + * sh_hash.c: speedup database reading + * Makefile.in: fix the problem that BSD make would make too much + * deploy: yulerc.clients -> yulerc.install.db, provide + $defdatabase for backward compatibility + * deploy: allow for comma in client_install_date + +2.0.7b (not released): + * hp_ux.psf.in: fix psf file + * dsys/comINSTALL: fix $yule_date -> $yule_data + * Makefile.in: fix 'make depot' + * sh_tools.c, sh_unix.c: fix detection of open file limit + * sh_readconf.c: reset read_mode after reading conf file + * yulectl.c: better error messages, use homedir from getpwuid(geteuid) + * init/samhain.startLSB.in: fix misleading message in lsb init script + * sh_forward.c: better display for nonce u in debug mode + * sh_tiger*.c: fix checksum for HP-UX 64bit + * samhain.c: don't fetch database twice + * configure.ac: accept nodename for --with-logserver=... + * samhain_setpwd.c: return proper exit status for samhain_setpwd + * respond to SIGTERM on initializing + * fix problems with samhainadmin.pl + * sh_utils.c: fix bug with AddOKChars (found by Karol) + +2.0.7a (not released): + * remove 'df' from entropy gatherer (NFS may hang) + * modify va_copy check (doesn't work with HP-UX PA64 compiler) + * fix compile warnings in sh_database.c + * samhain-install.sh.in: check for /usr/bin/false in /etc/shells + * fix install-boot on HP-UX + * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE + +2.0.7 (11-06-2005): + * yet another fix for the spec file (use internal dependency generator) + * sh_error.c, sh_prelude.c: init libprelude after open fds are closed + * error message if queue is full + * fix two compiler warnings on HP-UX + * fix sh_mail.c for Interix (no resolver routines) + * fix sh_unix_initgroups2() if no initgroups() function (bug reported + by Geries Handal) + * remove references to 'struct timezone' (Interix; problem + reported by Geries Handal) + * init/stop for prelude on SIGHUP + * sh_cat.h: fix a stupid bug with messages classes + * manual: new section on nagios (with help from kiarna), + more on prelude + * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere) + * default prelude profile name now is 'samhain' (lowercase) + * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere) + * remove obsolete check for linux/module.h, linux/unistd.h + * remove dependency on virtual/glibc in gentoo ebuild + (problem reported by Willis Sarka) + +2.0.6 (01-03-2005): + * sh_prelude.c, configure.ac, aclocal.m4: support for + libprelude 0.9 (Yoann Vandoorselaere) + * sh_html.c: fix bug with entry.html template (reported by + Stephane Sanchez) + * Install.sh: fix mandir option (reported by Rodney Smith) + * Fixed Linux/64bit bug in definition of EUIDSLOT + * New targets 'make depot', 'make depot-light' (HP-UX, untested) + * Use sstrip for RPMs and DEBs (automatic stripping disabled) + * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al., + problem noticed by Yoann Vandoorselaere) + * Modify samhain.spec.in to disable automatic stripping upon install + * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb' + for '--with-khide' (problems reported by Mark) + * Fix compile error in sh_tools.c on HP-UX 10.20 + (problem reported by Dennis Boylan) + * Runtime configuration of server listening port (wishlist) + * Runtime configuration of server listening interface (wishlist) + * Ignore SIGTTIN (consistency) + * Use SIGTTOU to force file check (wishlist) + +2.0.5b (01-04-2005): + * Fix build problem b/o timestamp on stamp file + +2.0.5a (16-03-2005): + * Fix problem with 'make rpm' (reported by Dirk Brümmer) + +2.0.5 (02-03-2005): + * Fix bug with partial reads from clients in server + (bug report by Brian) + * Support gpg checksum bootstrap with yule + * Support mount option check on HP-UX + * For MAIL FROM, use 'example.com' as domain part if + hostname is numeric (problem reported by Eric Raymond) + * The HOWTO-write-modules has been updated. + * Convenience functions to insert data in database have been + added. + * Use int0x03 only on i386 in sh_derr() (portability problem + reported by John Mandeville) + +2.0.4 (09-02-2005): + * Fixed broken 'make deb' (problem report by olfi) + * Fixed minor bug in test scripts (detection of gmake vs. make) + * Fixed Tru64/OSF compile warnings (reported by B. Terp) + * Normalize list parsing to allow comma, space, and tab as separators + * Some more descriptive error messages in kern_head.c + * Absolute path to utilities in init/samhain.startLinux.in + * Fixed is_root variable in deploy.sh + * Fixed 'deploy.sh info' + * Fixed 'deploy.sh install' client startup + * Fixed 'make tbz': don't remove ebuild scripts in 'make dist' + (issue reported by W. Sarky) + +2.0.3 (14-12-2004): + * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith) + * Fix missing sys/time.h include in slib.c (reported by Jonas) + * Workaround for file closing problem with Prelude+GPG + * Fixed memory leak with Prelude. + * Fixed bug in samhain_stealth (PGP signature not correctly + retrieved from hidden configuration; report and patch by V. Tuska) + * Added Perl script to concatenate file signature database files + * Fix compile error with combination of --enable-nocl and + --enable-stealth (reported by Zdenek Polach) + * Fix bug in dsys/initscript with --enable-nocl + * Fix declaration of sh_kern_timer() + * Fix missing Mounts+Userfiles options in appendix of manual + * Updated the README (bug report by H. Franzke) + * Fix some compiler warnings + +2.0.2a (09-11-2004): + * Fixed OoM condition when client rc file not found (reported by Eilko) + +2.0.2 (08-11-2004): + * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code) + * Fixed uninitialized variable in sh_mail_msg() (problem reported + by Michael Milvich) + * Fixed potential NULL pointer dereference in sh_hash_compdata() + +2.0.1 (01-11-2004): + * Fixed compilation bug reported by jue (--with-kcheck broken). + * Fixed start option (bug reported by sanek). Behaviour wrt. + environment variables depended on the way the daemon was started. + +2.0.0 (31-10-2004): + * The deployment system has been rewritten from scratch in + a cleaner and more modular and extensible way. Deployment + of native packages is supported now. + * The build system has been revised. Building outside the source + directory is supported now. + * Support for checksumming of prelinked executables / libraries + has been added. + * The configure script now checks for the SSP/ProPolice patch in GCC, + and enables it if present. + * The install-boot option in samhain-install.sh has been fixed + (use absolute paths for sbin utilities). + * A nagios plugin (scripts/check_samhain.pl) has been added. + * The LSB (Linux Standard Base) init script has been fixed (the output + was incorrect). + * Fetching of built binary packages has been + fixed ($(PACKAGE)->@install_name@). + * For files in proc, the timeout has been reduced, and no error + messages are issued upon timeout. + * A function has been added to print out full details for missing + files if encountered while in sh_files(). + * The reporting for SuidCheck has been fixed (incorrect policy + noticed by JiM). + * On Linux, SuidCheck does not report on files marked as candidates + for mandatory locking (group-id bit set, group-execute bit cleared). + * Fix for oracle init script (by Matt Warner) + +1.8.12b (11-10-2004): + * fix bug in MSG_MSTAMP (%ld -> %lu) + * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL, + mkdir mode for quarantine directory + * fix the fix for modlist_lock search in System.map + +1.8.12a (01-10-2004): + * fix bug in samhain-install.sh.in (only occurs on Solaris), reported + by J. Roland + +1.8.12 (27-09-2004): + * fix compile bug with --enable-static + --with-database=postgresql + * fix search for modlist_lock in System.map + * password auth for yule command socket (request by D. Kocic) + * more info about pending/sent commands to clients + +1.8.11 (30-08-2004): + * fix static linking on Linux by use of replacement routines from + uClib - however, this means, there is no NIS support anymore + * new option AddOKChars=... to modify the set of characters for + filenames considered 'obscure' + * new option HardlinkOffset=... to specify an offset from the canonical + hardlink count for a directory + * fix some warning with HP 11.23 native compiler + * fix minor OpenBSD portability problems (EIDRM, compiler warning) + * samhainrc.5, samhain.8: updated the man pages + * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name' + for AllIgnore + * sh_kern.c: fix 'update' to display modifications + * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized + fields) + * stealth kernel modules: fix for linux 2.6, fix + redefine of KERNEL_VERSION + * warn about stealth kernel module problem with 2.6 in manual + * sh_unix.c: remove some cruft + * fix a typo in the manual (noticed by J. Rubin) + * configure.ac: re-order output from libprelude-config (required + for static linking - problem reported by E. Neber) + * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel + +1.8.10b (13-07-2004): + * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported + by Pat Smith) + +1.8.10a (13-07-2004): + * depend-gen.c: fix for FreeBSD 'make' which does not understand + the dependencies ... (problem reported by David Thiel) + +1.8.10 (13-07-2004): + * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy + (bug report by VZoubkov) + * fix some warnings (unreachable statement) with HP-UX native compiler + * kern_check.c: silence warning about 'sendfile' for 4.10 + (noticed by Ryan Beasley) + * modify depend-gen.c to ignore sh_gpg_chksum.h + * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h) + * .. and for fingerprint + * sh_suidchk.c: fix some compiler warnings on solaris + * allow commas to separate multiple entries in a RedefXXX= directive + * replace sleep/usleep with nanosleep wrapper function + * replace alarm() for read timeout with select() in sl_read_timeout + (should fix bug reported by Scott Kelley) + * increase lstat/open timeout to 6 sec + +1.8.9 (16-06-2004): + * made 'no action specified' error message more informative + (suggested by Stephen Gill) + * fix memory leak in mysql sh_database_query() (bug report by Dejan) + * remove some cruft from the code + * sh_files.c: check MacOS X resource forks (idea from Osiris) + * sh_files.c: no hardlink check for MacOS X + * sh_util_ask_update: fix bug with no terminal in non-interactive mode + (report and debug data by Kris Dom) + * manual refactored + * fix redundant messages when updating with suidcheck + * allow interactive update for suid files + * don't remove the TZ environment variable to guard against + misconfigured hosts + * also use gethostname if uname returns possibly truncated name + * fix improper file descriptor handling in sh_mail.c (bug report + by Alex Weiss) + * cleanup MBLK cruft + * use SH_ALLOC/SH_FREE in sh_prelude.c + * update sstrip to Version 2.0 + +1.8.8 (25-05-2004): + * fix compilation problem on AIX 5.2 (nameser_compat.h; report by + Tim Evans and Ian McCulloch) + * don't check for trusted paths on Cygwin + * add Windows HOWTO written by Kris Dom + * kern_check.h: extend FreeBSD syscall table for 5.x + +1.8.7a (03-05-2004): + * sh_mail.c: fix subject length + * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom) + * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug + (compile problem reported by Kris Dom) + +1.8.7 (01-05-2004): + * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing + empty mails (introduced with segfault fix in 1.8.6, report + by Kris Dom) + * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal, + try to reopen on controlling terminal if not + * sh_utmp.c: fix order of options (problem report by Uri) + * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop + (may cause segfault on null dereference for missing files) + * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type, + sh_unix_getinfo_attr) + * don't use dh_installmanpages in 'make deb' (samhain/yule conflict + reported by xavier) + * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c + (suggested by Kris) + * include nameser_compat.h in sh_mail.c (for MacOS X, + suggestion by jna) + * sh_utmp.c: fix time for logout events (reported by Erich + van der Velde) + +1.8.6 (15-04-2004): + * add CL option to set threshold for prelude and RDBMS + * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer + dereference; reported by Micha Silver) + * fix compiling with --disable-encrypt (reported by Pat Smith) + * fix minor problem in scheduler (don't return before all schedules + are tested, to set last_exec correctly) + +1.8.5 (05-04-2004): + * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD + problem (endless loop; report and debugging aid by Joe MacDonald) + * fix hardlink check (null dereference in error message, segfaults + on solaris - noticed by Bob Bloom) + * sh_suidcheck: don't truncate quarantined file if nlink > 1 + * fix Install.sh (no --seperate-output with --radiolist); patch by + Greg Kimberly + +1.8.4 (17-03-2004): + * add Prelude patch by Patrice Bourgin + * add license statement to sh_mounts.c, sh_userfiles.c after + receiving a clarifying e-mail from Cian Synnott + * support UsePersistent = no for Oracle (problem spotted and fix + tested by Michael Somers) + * fix bug in samhainadmin.pl + * sh_gpg.c: describe type of gpg error (if any) + * fix persistent connections with postgresql (reported by + Erwin Van de Velde) + * prelude: local 'meaning' shadows global in sh_prelude_alert + (spotted by David Maciejak) + * uname: workaround for cases where nodename would be a possibly + truncated FQDN (problem reported by Cian Synnott) + * re-write parts of sh_kern.c, store kernel info in baseline database + -> no need to recompile after kernel upgrade + * modify timeouts in sh_unix_getinfo, add timeout warning + * change handling of dangling symlinks (store in db) + * fix typo with MSG_FI_OBSC2 (double slash) + * remove redundant operation in sh_utils_safe_name + * fix occasional random start bytes of long messages in + sh_error_string (sl_strlcat -> sl_strlcpy) + * provide details for missing files (as for added files) + * remove duplicate message for no such group/user + * add fixes for samhain.oracle.init (supplied by Michael Somers) + * fix date insertion for Oracle (fix by Michael Somers) + * manual: fix incorrect statement about RPM (noticed by + Lars Kellogg-Stedman) + +1.8.3 (02-02-2004): + * add a HOWTO-client+server-troubleshooting document + * fix another bug with SIGUSR2 (suspend mode) + * new option SetBindAddress (--bind-address=...) to force + interface for outgoing connections on multi-interface box + * don't link against libgmp if not required (i.e. standalone) + * test for ext2fs/ext2_fs.h or linux/ext2_fs.h + * new make targets 'emerge' and 'tbz2' for gentoo + * update rules.deb.in based on the Debian package + by Javier Fernandez-Sanguino + * updated config.guess, config.sub to version 2002-09-05 + * external command: report failure only once + * console: reset failure status after success + * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility + * use persistent connection to database by default + * option UsePersistent=no to switch off persistent connection + +1.8.2 (19-01-2004): + * sh_userfiles.c: new option UserfilesCheckUids (requested) + * sh_error.c: server: don't log to logfile before dropping root + * new script scripts/samhainadmin.pl (administrative tasks for + signed config/database files) + * add changes code to log_msg for reports on modified files + * change default log threshold to 'mark', as 'none' tends + to confuse new users + * faster response time for SIGUSR2 + * revised (mostly backward-compatible) message classes + * fix missing check of mailTime in server select loop + * add support for libprelude (version 0.8.10) + * fix format for MSG_E_GRNULL (reported by Stefan Hudson) + * fix Bourne shell incompatibility (export) in samhain-install.sh + (first reported by David Thiel) + * fix typo in spec file (first reported by Christian Vanguers) + * remove some cruft (signal handler, memory handling) + * return from sigterm handler, rather than exit directly + (re-entrancy problem causes more problems than it's worth) + +1.8.1 (03-12-2003): + * fix gmp detection (problem pointed out by Nix) + * fix/improve the error message if test compiling with mysql fails + * new CL option --interactive for interactive db update + * fix some compiler warnings from IRIX MIPS compiler + * kern_head.h, kern_head.c: option to disable IDT check + * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6) + * sh_utmp.c: count number of logins (request by Erwin Van De Velde) + * change username -> userid, remove (long) userid (bug noticed + by Erwin Van De Velde) + * emit ADDED message for new SUID/SGID files + * add trailing slash to excluded directory if there is none + +1.8.0a (04-11-2003): + * sh_error.c: remove two debug printf's + +1.8.0 (31-10-2003): + * manual: make ps file fit on both a4 and letter paper + * sh_socket.c, sh_socket.h, sh_forward.c: socket interface + to send (quit/reload) commands to clients + * sh_forward.c, configure.ac: enable build with libwrap + (Wietse Venema's TCP Wrappers library) + * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c: + new option to suppress messages for new and/or deleted files + * samhainrc.aix5.2.0: contributed by Christoph Kiefer + * samhain.c: fix compile warning on solaris (noticed by Ian Hunt) + * sh_database.c: undef debug code for oracle + * samhain.oracle.init: contributed by Joern Michael Krueger + * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c, + sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h: + check-mounts and userfiles modules contributed by eircom.net + * sh_utils.c: fix off-by-one bug in sh_util_compress() + * sh_forward.c, sh_tools.c, configure.ac: + version 2 client/server protocol + * sh_mail.c: add %S to include severity in subject (user request) + * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD + * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline + for --enable-ptrace + * samhain.c: lower priority for 'uninitialized module' message + * sh_entropy.c: lower priority for message if /dev/random blocks and + /dev/urandom is available + * improved error messages in sh_readconf.c + * print system error message for getpwuid, getgrgid + * fix missing module init after SIGHUP (noticed by Cian Synnott) + +1.7.12 (13-10-2003): + * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10) + thanks to bug reports by Jason Martin and Matthew P. Cox + +1.7.11 (01-09-2003): + * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h: + - change SIG_USR1 to switch between dbg on/off + - change SIG_USR2 to switch between suspend on/off + - fix CLT_ILLEGAL to actually work + - introduce new state CLT_SUSPEND + - force reauthentication after suspend + * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024 + * sh_suidchk.c: better AIX fs detection (Christoph) + * sh_entropy.c: increase buffer size for unix entropy gatherer + (problem reported by D. Danielson) + * default config files: add lots of comments, list more options + * sh_error.c: set default severities to 'crit' + * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config + file syntax, issue warnings (triggered by C. Kiefer) + * Makefile.in: handle depend-gen errors more gracefully + * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens) + * configure.ac: workaround for mysql_config weird output + (reported by G. Faron) + * sh_unix.c, sh_tiger0.c: check IO limit during read of large files + * depend-gen.c: close streams before attempting to rename (Cygwin) + * Makefile.in: fail gracefully if depend-gen fails + * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER + +1.7.10 (27-07-2003): + * FreeBSD init script: define $pidfile (reported by D. Thiel) + * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2 + * sh_schedule.c: fix bad array size + * samhain.c: fix pid_t <> int casts + * sh_kern.c: fix repetitive messages + * configure.ac: try to bootstrap if TIGER192 not supported by gpg, + provide a detailed error message + * configure.ac: try harder to locate mysql + * docs/Changelog: retroactively add release dates, if known + * sh_mail.c: fix potential message truncation in mailer + * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable + * sh_readconf.c: fix segfault (dereference of uninitialized pointer) + if --with-gpg and --enable-stealth are used together (reported + by Anthony Caetano) + * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive + error messages (larger GLOB_LEN, stat fills aud_err_message) + +1.7.9 (30-06-2003): + * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory), + problems with SIGABRT noticed by Brian and Alf B Lervåg + * deploy.sh.in: fix some bugs (found by Alf B Lervåg) + * scripts/chroot.sh: fix typo (found by Alf B Lervåg) + * configure.ac (khide): search also for 'd sys_call_table' (noted by + cuek_saja) + * strip whitespace before checking gpg checksum (noted by D. Thiel) + * manual (faq section): explain how to stop console output + * Makefile.in: fix re-naming of yule with --enable-install-name + * HOWTO-client+server.html: fix typo (noted by xavier renaut) + * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1) + +1.7.8 (28-05-2003): + * sh_unix.c: new mlock implementation with reference count + and page alignment (fix for solaris problem) + * kern_head.c: search also for 'xxxxxxxx d sys_call_table' + * sh_html.c: write status comment (for Beltane 2) + * add CL option --delimited for comma-delimited signature database dump + * sh_mail.c: check exit status of push_list to fix counting bug + (bug reported by Alan Moore) + * configure.ac: add error message to --with-libs + * fix spelling of $DAEMON in init script (noted by C. Grigoriu) + * fix missing initgroups() + +1.7.7 (06-05-2003): + * sh_forward.c: fix bug if compiled with --enable-udp, but disabled + in config file (found by Andy OBrien) + * sh_database.c: sh_database_entry(): size -> c_size (two places) + to fix writing of '\0' to arbitrary places :( + (problem pointed out by Stefan Giesen) + * profiles/*/configopts: fix --with-base -> --enable-base + +1.7.6 (24-04-2003): + * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen + * fix samhain_hide for the O(1) scheduler used by RedHat: + configure.ac, acconfig.h: check for next_task in struct task_struct + samhain_hide.c: use find_task_by_pid if no next_task in task_struct + * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning + +1.7.5 (15-04-2003): + * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag + * manual: point out the bmaxdata problem on AIX in faq section + * trustfile.c: don't check symlinks (permissions of directory count) + * sh_schedule.c: fix problem with daylight saving switchover + * sh_samhain.c: close all open fd's >2 before reading the conf file + * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing + user + * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error + * sh_forward.c: place timestamp code before select() timeout handler + * fix incorrect class of timestamp messages (conflict with manual) + * sh_readconf.c, sh_forward.c: new config option SetStripDomain + * configure.ac: add warning if /lib/modules/`uname -r`/build/include + not found + * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table + address from System.map) + * sh_err_syslog.c: fix for Solaris + * samhain.spec.in: strip REQ_FROM_SERVER from config file install path + +1.7.4 (21-03-2003): + * configure.ac: fix bug in defargs (--with-base > --enable-base) + * aclocal.ac: detect unsupported options + * kern_check: add syscalls, skip unused syscalls + * fix Manual (--enable.../--with... inconsistency) + * add two HOWTOs (signed files, server/client) + * moved manual into new subdirectory docs/ + * add admin scripts by S.Bailey/M.Redinger + * option to have a version string in db file + +1.7.3 (23-02-2003): + * samhain-install.sh: use yule user key for signing on install + * fix a bug in sh_err_console.c (attempted write to const char) + * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg + * Makefile.in: make target 'trustfile' depend on config.h + * configure.ac: don't use install_name before it is defined ... + * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2 + * samhain.c: make sure daemon cannot be forced into 'update' mode + * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile) + +1.7.2 (04-02-2003): + * sh_kern.c: use sys_call_table address from System.map + * fix for reserved SQL keyword 'group' + * add AC_SYS_LARGEFILE to configure.ac + * allow separate client-specific log files for server + * sstrip.c: compile sstrip code only for i386 + * sh_unix.c: closeall: don't close trace file + * slib.c: don't trace sl_is_suid (leads to recursion in trace handler) + * samhain-install.sh.in: fix detection of LSB compliant systems + * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks + * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd + (may block otherwise, for no good reason apparently ...) + * samhain.spec.in: replace %configure with ./configure + * sh_unix.c: re-write signal handling (use __malloc_hook et al. to + check whether we are in the middle of a free/malloc/realloc/memalign) + * sh_unix.c: use new safe_logger() function to log from signal handler + * sh_err_log.c: fix xml + * + * fix Makefile.in to exit non-zero on compile failure + * database init: create index on log_host, entry_status + * sh_suidchk.c: fix path building + * sh_tiger0.c: read larger blocks + * sh_hash.c: cast inode to UINT32 + * sh_tools.c: check that config/database files size fits in uint + * sh_error.c: export flag_err_debug to avoid unnecessary calls + * sh_unix.c: save the open() call in sh_unix_getinfo_attr() + * profiles/redhat_i386/bootscript: add # description field + * deploy.sh.in: set owner + permissions for files in yule_filedir + * profiles/debianlinux_i386: fix bootscript + * Makefile.in: fix deploy file lists and targets (include init+scripts) + * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE + * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h) + * sh_err_syslog.c: split long messages rather than truncating + * sh_error.c: allocate msg to fix truncation limit + * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited + filedescriptors may exceed FOPEN_MAX, causing problems in + sl_open_file) + * sh_err_console.c: avoid stdio + * trustfile: dirz: make swp[] static + * slib.c: speed up sl_strlcat + * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX) + * remove some unused code + * slib.c: support long long int in the snprintf replacement + * configure.ac: new configure macro to check whether sa_sigaction works + * Makefile.in: make sstrip, encode dependent on config.h + +1.7.1a (08-01-2003): + * fix a syntax error in samhain-install.sh.in + +1.7.1 (07-01-2003): + * search runlevel scripts in ./init or ./ + * handle all distro-specific Linux runlevel script issues + within a single script + * support install-boot on Yellow Dog Linux and Slackware + * samhain-install.sh: fix a bug for unknown Linux + ('"' not closed, DVER not set) + * samhain-install.sh: check for /etc/yellowdog-release + * sh_database.c: fix missing entry for 'userid' in attr_tab[] + * fix debian.rules.in (disable sstrip) + * update make targets: 'srpm', 'srpm-dist', 'rpm' + * check for zlib if mysql is used + * workaround for NetBSD bug with libresolve + * fixed problems with spec files + +1.7.0 (22-12-2002): + * improved spec files (Andre Oliveira da Costa ) + * sh_unix.c: fix a dereferenced static pointer in tf_trust_check + * runlevel scripts: remove pid file after stop + * make the data directory read-only for the daemon + * treat 'localhost' specially in MX resolver + * sh_err_log.c: set sh.flag.log_start == TRUE after writing + * deploy.sh.in: fix quoting (fix by Simon Bailey) + * slib.c: make sl_get_euid et al. behave well if uids not stored + * trustfile.c: use euid = uid(SH_IDENT) if server + * sh_mail.c: include an MX resolver + * Makefile.in: install-user routine for user installation + * have yule drop root + * sh_tools.c: open_temp use logdir if server + * unified options for runlevel script + * HP-UX, IRIX runlevel scripts + * AIX inittab entry + +1.6.6 (13-12-2002): + * configure.ac: solaris cc -O2 -> -xO2 + * sstrip.c: avoid alpha architecture + * profiles/solaris/configopts: no --enable-static + * sh_forward.c: sh_forward_req_file: copy argument to local array + +1.6.5 (04-12-2002): + * sh_utmp.c: set userlist = NULL in sh_utmp_end () + * sh_unix.c: do not assume that environ is sane + * exit handler: write + * sh_log_file(NULL): test sh.flag.log_start != S_TRUE + * FreeBSD rc script does not blindly accept content of pid file + * configure.ac: allow 'localhost' for log server + * sh_calls.c: retry_connect: ntohs (port) + * testrun_2[abc].sh: --with-logserver=localhost for client + +1.6.4 (12-11-2002): + * sh_tools.c: fix error when escaping '=<' + * fix the 'make srpm' target + * deploy.sh.in: avoid that client is named 'yule' + * define memset to sl_memset + * fix type cast of uid_t, gid_t + +1.6.3 (31-10-2002): + * fix options for Sun/Solaris native compiler + * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error + * test sstrip on freebsd + * default config file for freebsd + * make target to build .deb packages + * sh_readconf.c: fix bug in error message + * samhain.c, sh_suidchk.c: fix initialization of suidchk + * samhain-install.sh.in: don't remove config file by default + * samhain-install.sh.in: support complete de-installation + * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris + * samhain-install.sh.in: check more paths + * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue] + * sh_calls.c: save error message in retry_lstat() + +1.6.2 (04-10-2002): + * make target to build rpms + * update samhain.spec.in, samhain.startRedHat + * support DESTDIR, as in 'make DESTDIR=/what/ever install' + * explicitely set -fno-omit-frame-pointer b/o gcc bug + * mv configure.in to configure.ac to benefit from autoconf wrapper + * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP + * slib.c: fix debug messages (no msgs for dlogActive <= 1) + * sh_schedule.c, samhain.c, sh_suidchk.c: + scheduler may accept multiple schedules + +1.6.1 (04-09-2002): + * sh_schedule.c: bugfix (executes only after first day) + * rm obsolete WITH_TRACE stuff + * new dlog() function for debug logging + * some more descriptive error messages + +1.6.0 (27-08-2002): + * omit the -fomit-frame-pointer option (bugs in some gcc versions ?) + * sh_error.c: fix escape mode when logging to database + * sh_forward.c: fix error (twice escape) in recv_syslog_socket + * sh_tools.c: change escape mode for server-received data + * sh_mem.c: change ulong -> size_t in sh_mem_malloc() + * configure.in: fix localstatedir if --prefix=USR + * sh_hash.c: snprintf() -> sl_snprintf() + +1.5.5 (07-08-2002): + * sh_err_log.c: fix incorrect xml syntax for client messages + logged by server + * sh_err_log.c: fix incorrect '' entries on client EXIT + * sh_files.c: introduce file_class_next + this fixes the problem that a policy for the directory + inode erroneously becomes a policy for the directory itself. + +1.5.4 (17-07-2002): + * sh_hash.c: fix buffer overflow with (micro-)stealth + * sh_database.c: set path[] 1024 -> 12288 + * sh_database.c: set query[] 2048 -> 16383 + * sh_database.c: set values[] 1024 -> 16383 + * sh_forward.c: larger limit for message size (16 kB) + * trustfile.c: set MAXFILENAME 2048 -> 4096 + * fixed a bug in the handling of filenames with embedded newlines + * sh_files.c: fix missing sh_util_safe_name() in debug output + * --with-sender can specify a full address + * fix xml log in a backwards compatible way + +1.5.3 (03-07-2002): + * fix combination of stealth and sql logging + * fix some more places where invalid UIDs/GIDs trigger errors + +1.5.2 (01-07-2002): + * include solaris config file from (sean [at] boran d.o.t com) + * test for files/dirz defined twice in the configuration file + * option to disable reverse lookup on outbound connections + * option to use socket peer as client name (with name resolving) + * sh_html.c: fix an HTML bug (twice ) + * sh_suidchk.c: fix warning on AIX b/o dirname() + * allow logging server -> syslog if yule is NOT configured to + receive syslog messages + * define PRIi64 to "lld" if undefined + * invalid UIDs: use gid/uid as name, error level SeverityNames + * minor fixes for connect_port + * sh_hash.c: flush output of db listing before _exit() + * configure.in: fix incorrect default ${install_name} for server + * configure.in: try harder to find mysql.h / libpq-fe.h + * sh_files.c: sh_files_checkdir: + closedir() early to not exhaust OPEN_MAX + +1.5.1a (30-05-2002): + * fix missing LSB init script + +1.5.1 (27-05-2002): + * fix '-t update' option + +1.5.0a (23-05-2002): + * fix configure.in + +1.5.0 (22-05-2002): + * include solaris nosuid patch from (nathoo [at] co d.o.t ru) + * similar fix for bsd nosuid + * speed up -t update + * convert manual to DocBook, distribute html and ps + * fix some more problems with configure.in, Makefile.in + * fix testsuite, add tests for udp, mysql + * MSG_TCP_MSG: host -> remote_host + * convert to autoconf 2.53 + * make c_bits.sh exit with status 0 + * sh_database.c #include "mysql.h" --> , ditto libpq-fe.h + to avoid dependency tracking problems + * samhain.c remove *YULE* #ifdefs + * acconfig.h remove *YULE* #undefs + * samhain.c: procdirSamhain: lstat --> stat (allow symlink) + * configure.in: add checks for correct user input + * Makefile.in: add automatic dependency tracking + * depend-gen: tool to figure out dependencies + * chkconfig comments in redhat start scripts + +1.4.8: + * sh_database.c: fix missing attr_old, attr_new, (from)host columns + * configure.in, Makefile.in: fix an error in the configfile + definition with REQ_FROM_SERVER + * sh_err_console, sh_err_log: avoid recurrent failure messages + * timeout on read from files (/proc) + * fix errrors with setjmp/longjmp/alarm + * fix memory leak in server (~20 byte/file download in sh_tools, 930) + * check gpg signature for files downloaded from server, add a + regression test + * fix chown in solaris bootscript + * provide second scheduler for file check + * provide scheduler for file check + * provide scheduler for SUID check + +1.4.7 (08-04-2002): + * make daemon control LSB-compliant (arguments, exit status) + * set log_ref = 0 for server messages + * boolean option SetDBServerTstamp to disable entering server + timestamps for received client messages into database + * sh_suidcheck: check for "nosuid" mount option if getmntent is used + * fix logrotate script in manual (reported by Scott Worthington) + * don't strip numerical IP addresses + * check item->status_now != CLT_TOOLONG in client_time_check() + * set log_host to client in db client message + +1.4.6a (20-03-2002): + * define prefix in deploy.sh + +1.4.6 (19-03-2002): + * modify samhain_hide.c to hide processes on new Linux kernels + * better error diagnostics in kern_head.c + * fix compile error in all_items () + * check length of install-name in enable-khide (max is 15) + * define exec_prefix in deploy.sh.in + * make configure a bit more cross-compiler friendly + +1.4.5 (07-03-2002): + * Make sure missing file is reported even if ptr->reported == S_TRUE + because the file has been added. + * propagate 'reported' flag from sh_files_checkdir() into file list + * close checkfd in sh_gpg_check_file_sign() + * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...) + * use sh.srvcons.name in dbg() to get debugging info from daemon + * option to log file timestamps with localtime instead of GMT + * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory + sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c + * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk() + to make sure re-disappearing will get reported + * new function sh_hash_set_missing() to remove file record + without (duplicate) 'missing' message + * make sure all items are reported for added files + * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h) + * clarify in the documentation which gpg options to use for signing + +1.4.4 (11-02-2002): + * check that parent process has exited before writing PID file + * promote MGG_W_CHDIR to SH_ERR_ERR + * add error message to sh_unix_testlock + * fix missing _() macro in sh_aud_set_functions + +1.4.3 (05-02-2002): + * don't check attributes for symlinks (may cause device access) + * add USE mysql; USE samhain; to samhain.mysql.init + * point out the MessageHeader/mysql problem in manual + * add -lz to LIBS for mysql + * strip after install, avoid double strip + +1.4.2 (27-01-2002): + * support for EGD + * fix some more problems with install-deploy / deploy.sh + * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_) + * fixed the 'external logging' test (init rather than none in rc file) + +1.4.1: + * SuSE: include run level 4+5 + * install location of hiding kernel modules changed - some insmod + variants do not test for /lib/modules/$(uname -r)/module_name.o + * new make targets 'install-deploy', 'uninstall-deploy' + * fixed make targets 'deploydir', 'deploydirfast' + * bail on unsupported CL option in deploy.sh + * fix various bugs in deploy.sh + +1.4.0 (16-01-2002): + * fixed missing 'dirname' on Mac OS X + * fixed && tested for/with postgres + * 'user=' -> 'userid=' (reserved word in sql) + * fix the endianess + size of file database; this changes db format + for any non-Linux OS + * --enable-old-format for old (V1.3) database format + * getopt, samhain.c, samhain.h: option -f to loop if not daemon + * sh_hash: list numeric + char data to allow file db update on + server side + * sh_database: modify handling of integer (long) data + * sh_database: datetime in database + * sh_database: hash field in database + * sh_database: rewrite database insert string construction + [use INSERT INTO log (fields) VALUES (values);] + * makefile suse 7.x runlevel entries + +1.3.7 (06-01-2002): + * fix incorrect escape in sh_tools_safe_name + * fix sh_error_handle (4. argument) in sh_extern.c + +1.3.6c: + * fix segfault in sh_database (mysql logging) on solaris + +1.3.6b (03-01-2002): + * fix syntax error ('==') in Makefile.in + * fix configure.in (path for /lib/modules/$(uname -r)/build/include) + * fix sh_kern.c (redeclaration of 'j') + +1.3.6 (03-01-2002): + * sh_kern.c: check integrity of int 80h vector + (SucKIT rootkit - Phrack 58) + * make sure childs in sh_kern are wait()'ed for + * provide start/stop/restart/reload/status interface + * fix a potential segfault (dereferenced NULL pointer) in the server + * use sh_util_flagval for sh_unix_setdaemon + * documentation for logging to SQL database + * configure.in: check for -I/lib/modules/$(uname -r)/build/include + * fix trustfile.c to ignore invalid users + * separate 'make install-samhain' and 'make install-yule' + * separate default log/pid/config files for server/client + - less problems running server and client on same host + * rewrite deploy.sh(.in): + - don't use (make|install) if deploying + - use command line options + - better integrate into server environment + - write install db + * always write a pidfile if daemon + * don't use server's config file as fallback for downloading client + * don't overwrite config file when doing 'make install' + +1.3.5 (28-12-2001): + * fix --enable-message-queue for newer glibc versions + * log to SQL database: implemented, but undocumented yet, + needs to be tested further + * xml: escape received syslog messages + * xml: rename 'time' to 'tstamp' + * make targets: make [un]install-[boot-]yule + (for server-only installation) + * fix samhain_hide.c for 2.4 kernel + * fix sh_kern for updated samhain_hide.c + * new option -j to just list the logfile + * sh_getopt.c: recognize -Dt check for -D -t check + * sh_tiger0.c: fix compiler warning (memmove) on Solaris + +1.3.4 (12-12-2001): + * sh_suidchk.c: option to limit files per second + * sh_unix.c: option to limit (kilo)bytes per second + * sh_hash.c: fix potential problem with '\n' in filename + (not backward compatible if there are filenames with '=') + +1.3.3 (03-12-2001): + * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c: + option SetNiceLevel to set scheduling priority + * sh_hash.c: bugfix for database listing on Solaris + * taus_seed: bugfix for emergency backup rng seed + * sh_util_safe_name: fix for XML + * sh_utmp_set_login_activate: use sh_util_flagval + * sh_utils.c: sh_util_obscurename: rm 'space' from list + * more backtrace macros + * sh_util_flagval: fix bug to recognize 1/0 + * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5) + * rm stray debug fprintf in sh_srp.c + +1.3.2 (27-11-2001): + * sh_hash.c: fix an error introduced in 1.3.1 + * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug + +1.3.1 (25-11-2001): + * slib.c: get backtrace with --enable-debug + * sh_unix.c: allow core dumps when --enable-debug + * configure.in: fix default message queue permissions + * sh_suidchk.c: automatically include suid/sgid files in database + * sh_suidchk.c: check all suid/sgid files + * sh_hash.c: don't insert duplicates when reading the database + * sh_utmp, sh_kern, samhain: fix 1sec offset in timer + * sh_unix.c: don't require /dev/random to be non-world-writeable + * server: fix segfault in zAVLTree.c if avltree == NULL (no clients) + * client: fix segfault on Solaris if path_conf == NULL + * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed + +1.3.0 (31-10-2001): + * support compiling with GNU gmp library + * set 3 sec timer on client_time_check to avoid excessive (and + unnecessary) calls under heavy load + * replace sl_strlen with a macro + * store client_t structure in AVL tree + * database format incompatible with previous format, up the magic# + * sh_html.c: cache entry template for speedup + * slib.c: reset islong(double) in sl_printf_count + * sh_hash.c: report on rdev change + * sh_hash.c: print size in 64 bit + * sh_hash.c: save in absolute size types + * sh_unix.c: get values as appropriate type (time_t, dev_t, ...) + +1.2.10: + * update MANUAL + * sh_unix.c: tiger_hash -> tiger_generic_hash + * sh_readcon.c: DigestAlgo option + * sh_tiger0.c: add MD5 and SHA1 + * sh_unix.c: fix minor problem with win2k/cygwin + +1.2.9 (17-10-2001): + * fix problem with entry template/empty hostname + * fix MASK_USER_ (MTM -> ATM) + * typo fixed in configure.in (${install_name} -> {install_name}) + * bugfix group_old -> size_old in XML code + * skip armor header in signed files + +1.2.8 (29-09-2001): + * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid + obscure compiler warning + * Mac OS X: fix test scripts + * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org + * implement deadtime in syslog recv code to protect against flooding + * sh_err_log: sl_close(fd) if lock|forward fails + * compliance with Filesystem Hierarchy Standard -- Version 2.2 final + * add policies User0, User1 + * fix compile problem (FreeBSD) in sh_suidchk.c + * macro to check for debugger breakpoints (linux/i386) + * check for solaris (does not work) in sh_derr (--enable-ptrace) + * option to listen on 514/udp for syslog, drop root + irrevocably if compiled thus + * use (check_mask & MODI_ATM) to decide whether to reset utime + * reset the policy masks on sighup + * option to write XML log messages + * cleanup of message catalog + * modified error messages for BADCONN + * error messages for Rijndael + * block recursive error messages within sh_error_handler() + - would hang the machine ... - + +1.2.7: + * sh_files, sh_utils: check top level directory + * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess + for reading from /dev/kmem + * include /boot in default samhainrc + * change source distribution signing/packaging system + * Makefile, README, MANUAL: adhere to file system standard, + document new locations + * fix a bug in samhain_hide.c + +1.2.6: + * reset list of trusted users before config file re-read + * TrustedUser=... can be a list + * fix severity for files missing from IgnoreAll + +1.2.5: + * include example_pager.pl, example_sms.pl scripts + * explain paging/sms setup in docs + * allow manual exclusion of a directory in suidcheck + * automatically track all file changes + * remove missing files from in-memory database + * add $(KERN) to DEPLOYFILES + +1.2.4: + * log IP address for login/logout events, if supported by the OS + * release block in globerr (callback) + +------------- + +1.2.3: + * fix problem with reading stealth configuration + * fix a few formats in sh_cat.c + * always use strncmp for file system type check in sh_suidchk.c + (trailing 'fs' may be system specific for some types) + * no bare LF in messages (RFC 2822) + * no lines longer than 998 chars (RFC 2822) + * fix error in testrc_1 + +1.2.2: + * make tmp file directory a compile time option + * fix minor bugs in tmp file allocator (potential memory leak, + double slash if root directory) + * obsolete testpipe script removed + +1.2.1: + * fix memory alignment in rijndael-api-fst.c: blockEncrypt() + * fix byte order in HMAC code (compatibility fix for Linux/HP-UX) + * removed a debug fprintf() + +1.2.0: + * fix a bug in the HMAC implementation (thanks to Cesar Tascon + for help in tracking down this one) + * module to check the file system for SUID/SGID files + +1.1.16 (never released): + * fix the recursion depth -1 option as described in the manual + * optional database reload on SIGHUP + * fix a race condition when checking that /dev/random is a charakter + device + * redirect stderr to /dev/null for c_random + (AIX may segfault in netstat...) + * check whether /dev/random is a charakter device in c_random.sh + (we know at least one sysadmin who has set up a fake /dev/random ...) + * don't give NULL as 2. and 3. arg to execve if not Linux - some + Unices (notably Solaris) don't like it + * init ptr = NULL in my_malloc (compiler warning) + * make the bitmask for tests configureable (suggestion by A. Dunkel) + * make the bitmask for tests a static variable + * make (database/logfile/lockfile) path configurable + (to run multiple instances of samhain from an NFS share - on the + wishlist of J. Patton) + +1.1.15 (never released): + * fix minor error in testcompile.sh (rm test_log only at start) + * return from subroutines on sig_terminate == 1 + (faster exit on SIGTERM) + * fix re-configuration of addresses + * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate + * SysV message queue as compile option + * config file option to set console device + * removed the pre 1.1.9 code bloat + * don't print the LOGKEY to the console + +1.1.14: + * fix an error in the setup consistency check + * make target to uninstall runtime files + * trustfile.c: check return code of readlink(), fix off-by-one error + * sh_files.c: fix placement of terminator after readlink() call + * sh_files.c: fix a missing set_suid()/unset_suid() + - suid should work, but is not recommended - + * more debug statements in c/s code + * avoid re-entry in sh_unix_sigexit + * put a block around free() and malloc() in wrapper functions + * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose() + - i.e. avoid corrupting the heap from a signal handler - + +1.1.13: + * optimized the size of the configure script somewhat + * modify the compile and hash test scripts + * read '\0's in sh_unix_getline + * exponential schedule for connection attempts + * make stealth working properly with signed files + - config file should be signed now before embedding in picture - + * fix a race in using signed files + * updated err messages for PWNULL, GRNULL + * add missing shell script for test 11 + * add mandatory source file/line info with -p debug + * add mandatory source line info with BADCONN + * fix a latex error in the manual + +1.1.12: + * debug output to console if compiled with --enable-debug and + running as daemon + * make reportonlyonce=true the default + * make sure state changes of a file are always reported, even + with reportonlyonce=true + * Linux kernel modules (samhain_hide, samhain_erase) + * fixed incorrect return value of sh_util_flagval + * fixed an error in sh_files.c: happens with -t init and first + file that is checked does not exist + * revised install/uninstall targets in the Makefile + * module to check for clobbered kernel syscalls (tested on Linux 2.2) + * more diagnostic error messages in sh_gpg.c + * more diagnostic error messages in sh_mail.c + * error in mail.c fixed + (address -> address_list[i] for multiple recipients) + * docs updated, better(?) explanation of signed files + * skip over path in gpg checksum output + * check client name against IP address and FQDN + * fix for --disable-* in config file + * fixed a server crash (MSG_TCP_OKMSG without arg) + if the server is run with debug level output threshold + * catch EAGAIN in sh_gpg.c pipe reader + * fix the 'external logging' test to make it work on BSD + * error message if no local path to init DB + * check for i86/Solaris in configure (vsnprintf prototype) + * make SRP the default + +1.1.11: + * make log file verification more convenient + * fix problem with message classes in stealth mode + * linux: do not try to read file attributes for devices + * handle the root directory correctly (avoid "//" in listing) + * fix problems with blockin on FIFOs/char dev + pointed out by I. Rogalsky (rog@iis.fhg.de) + - open in nonblocking mode for read, then set to blocking + - open file only if regular + * fix alignment in memory profiler + +1.1.10: + * minor code cleanup + * fix an error in trustfile.c (handling of empty/incomplete + group entries in /etc/group, bug report by A. Capriotti ) + +1.1.9: + * compatibility option for old behaviour (plain hash instead + of HMAC, ECB instead of CBC mode) + * use CBC rather than ECB mode for encryption + * use HMAC-TIGER for message authentication codes + * handle NULL data in sh_tiger_hash + * option to set syslog facility (default is LOG_AUTHPRIV) + * longer timeout (300 sec) on /dev/random if no /dev/urandom + * fix minor output error with stealth option + * option not to log names of config/database files on startup + +1.1.8: + * fix error in syslog routine + * fix missing 'test' in configure.in + * fix error in replace_tab() in sh_html.c + * fix minor memory leak in sh_util_regcmp() + +1.1.7: + * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom) + * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c + * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in + * fix for Alpha: format string in sh_tiger0.sh + * on Linux, now compiles cleanly with + -Wall -W -Wstrict-prototypes -Wcast-align + * fix problem with recursion depth + (pointed out by Vic ) + * #include "sh_tools.h" in sh_unix.c and fix the + --with-timeserver option (reported by Vic ) + * place read_port(), MSG_TCP_NETRP outside ifdefs + * close fd/zero skey before execve + * verify client name against socket peer + * ... with configureable error priority + * use strcmp() rather than strncmp() in search_register() + * fix race between lstat() and open() for checksum + (reported by dynamo , + JJohnson ) + * enable globbing for filenames + * fix Solaris problem: siginfo_t may be NULL + * fix missing SL_EBADGID in tf_trust_check + * test case for external scripts, fix flushing pipe + * fix a typo in sh_ext_type + * do an fdexec w/checksum on Linux if calling external program + * even safer tmp file creation + * allow db update + * fix compile options for --enable-debug + * fixed a spelling error in the output + * test program for full CS support (config/database download) + * tell which file is searched for cs download + +1.1.6: + * fix bug in sh_readconf_line (segfault on erroneous config lines) + +1.1.5: + * sh_unix.c: sh_unix_getinfo_attr: f -> flags + * use gettimeofday as last resort +1.1.4: + * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash + to (char *) + * configure: add static link flags for some more os (from tar) + * don't strip twice (some stupid systems abort) + * fix for reading from /dev/random on non-Linux systems (untested) + * sh_mail.c: end all message lines with \r\n + * stealth: ignore \r, \" + * take out tracing from --enable-debug (presently useless anyway) + * fix some remaining cleartext with debug && stealth combined + * fixed a small memory leak in sh_err_log.c + +1.1.3: + * fixed circular logic in taus_seed() (fallback method only) + * fix for missing _SC_OPEN_MAX (runaway close()) + +1.1.2: + * implement message classes + * let server recognize client message severity and class + * secondary log server + * keep database in memory (allows to close file + if retrieved from server) + * encrypt client/server communication + +1.1.1: + * Compilation problems with native Solaris compiler fixed + * fill in euid/ruid variable + * manual.pdf --> MANUAL.pdf + * debug sh_util_formatted() + * http refresh 120sec for server stat page + * trace/debug options + * fixed problem with utmp.c options + * fixed problem with sh_mail_setaddress + * option for custom message header + * fixed problem in compdata + * fixed problem in mail verification + * remove eventual trailing '/' in file names + * fixed problem with report string for modified files + * option to report in full detail + +1.1.0: + * Move error messages to catalog + * Make error message format more uniform + * Wrap sytem calls that could be interrupted by signals + * Warn on append to database + * Option for full details on mod. files + * Option to report only once on mod. files + * Generally speaking, major modifications with potential new bugs + +0.9.5: + * sh_hash.c: fixed erroneous checksum for config file + * sh_html.c: fixed erroneous timestamp (last) + * sh_tools.c: fixed connect_port (set port for cached address) + * sh_srp.c: fix for '00' (='\0') in pw + (last two fixes by Andreas Piesk) + +0.9.4: + * samhain.c: fcntl(1, ..) -> fcntl(2, ..) + * sh_hash.c: copy 12 instead of 10 byte for c_attributes + * 'empty directory' WARN -> INFO + +0.9.3: + * FreeBSD fixes: + - c_random.sh: make sure /dev/random provides something + rather than nothing + - check for and include it + - include early + - sh_utmp.c: fixed an occurence of ut_user + - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif + - sh_forward.c: EBADMSG -> ENOMSG + * sh_unix.c: check return value of gethostbyname + * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for + more than 30 sec + * ... and fix the timestamp format ... + +0.9.2: + * ISO 8601 timestamps + * Bugfix in sh_utmp (timestring overwrite) + * don't use siginfo_t on Linux (garbage as of 2.2.14) + * check for Linux capabilities bug when dropping root + * include README for gcc compiler bug (pointed out by A. Piesk) + * explicitely set -fno-strength-reduce with gcc + * fixed ignoring missing files with the IgnoreAll policy + +0.9.1: + * more ext2flags (breaks backward database compatibility on Linux) + * IgnoreAll policy modified - missing/added files reported with + SeverityIgnoreAll (to handle files that may or may not be present) + * Check all files, not only regular ones + (bug in sh_files, originally introduced because checksum of + regular files only is computed) + +0.9: + * use O_NOATIME if supported + * --with-nocl takes argument (PW to re-enable CL parsing) + * no daemon mode if initializing database + * fixed segfault in yule with 'unknown file type' request + * enlarged MAX_GLOBS 24 -> 32 and made the array linear + * server uses last registry entry for any given client now + * deploy.sh script to deploy clients to remote hosts + * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP + * allow y/Y/n/N for login monitoring (in addition to 0/1) + * external logging scripts/programs + * trustfile.c: define STICKY on Linux + * reset signal mask when initializing + * EINTR_RETRY wrapper + * slib: sl_read, sl_write EINTR update + * use sstrip when installing + * more compact database format (breaks backward database compatibility) + * larger download packets + * TcpFlags unsigned char + * cast to (char *) head in write_port + * m(un)lock cast to (char *) + * (1 << 31) --> (1UL << 31) + * support e2fs attributes on Linux + * fixes for AIX and Solaris native compilers + * fixed Makefile for non-GNU make (pattern rule --> suffix rule) + +0.8.1: + * fixed 'is_numeric()' return value + +0.8: + * added option for static compilation + * added option for stealth with non-hidden config file + * added option for disabling command line parsing + * all options can be set in the configuration file now + * stealth: xor strings in database file + * fixed bug in mailer code ([] in HELO) + * print timestamp when asking for key + * 'micro' stealth mode (no hidden configuration file) + * simplified slib + * int->long for uids/gids in trustfile + * moved mailkey from data to code + * shell script for entropy (stronger default key) + * general code cleanup + * better error checking in client/server code + * detect out-of-sync messages + * check state across protocol passes in server + * make sure authentication is mutual + * file download to client + * reserve six file descriptors in server + * mlock queue buffer if LOG_KEY + * improved robustness in bignum (don't fail on free()) + * per-directory recursion depths + * RFC821 compliance: empty line at end of header, To field, Date field + * RFC821 compliance: make e-mail transfer relieable + * fix detection of hardlink changes + * checksum verification for calling gpg/pgp + * CL option '-S' not required for server-only binary + * eliminate CL options that may leak privileged information + if the program is SUID + * skip leading white space in configuration file + * allow nested conditionals in configuration file + * allow whitespace before and after '=' in configuration file + * don't leak file descriptors to child processes + * make message transfer relieable + * always report error on abnormal termination of connection + +0.7: + * support for alpha machines + * stop TCP logging after exit message + * limit connections in server (DoS attacks) + * move string handling to slib + * move file handling to slib + * timestring without space + * changed report format + * SUID bugfix - use euid when checking logfile ownership + * SUID bugfix - get root for lstat() + * SUID bugfix - get root for opendir() + * store number of hardlinks + * send no message if polling empty queue + * include tiger 64-bit implementation (portability) + * codes for error conditions + * mail check: handle multiple, overlapping audit trails + * security fix: no append to database if SUID + * fix sh_entropy.c (BUFSIZ -> BUF_ENT) + * read command line before config file + * PGP signing of config/database files + * checksum of config file reported + * checking for attributes only + +0.6: + * more syslogish priority specification + * fixed segfault in sh_mem_check, apparently this was also + the reason for the segfault in atexit() + * allow for compilation with SRP authentication + * fixed tiger checksum computation + * fixed broken logfile verification for second and further audit trails + * test program added + * documentation improved + * sh_forward_make_client: bug fixed in[8]->in[i] + * sh_error.h: fixed missing #include + * configure.in: fixed missing strerror() test + * sh_utmp.c: check logins/logouts + * check for missing files + * only reset access time if necessary + * O_EXCL in open() + * limit environment to TZ in execve (sh_entropy.c, not used on Linux) + * use trustfile() to determine whether logfile dir is trustworthy + * strip head instead of tail for numerical address + * store messages in fifo during log server outage + * re-init session key after server outage + +0.5 (21-12-1999): + * added option for mail relay server + * own popen() implementation in sh_entropy() (portability) + * fixed error in sh_util_basename() (returned NULL for base == "/") + * fixed segfault in strlcpy/strlcat (check for src == NULL) + * FILENAME_MAX -> PATH_MAX (HP-UX 10.20) + * use TIGER for 32-byte compilers (portability) + * fixed hash function (do not include stdlib.h) + * flush buffer before write in mailer code (IBM AIX 4.1) + * make mailer code non-forking + * cast argument of is...() to int (portability) + * return() after _exit() for braindead compilers (portability) + * optionally use inet_addr (portability) + * check for broken mlock() (HP-UX 10.20) + * minor code cleanups + * fixed incorrect size of munlock()'ed memory in sh_error_string() + * fixed a buffer overflow in the error printing routine + * fixed a buffer overflow in sh_util_safe_name () + * implement SRP session key exchange + * implement client/server facility + * implement @host/@end construct in configuration file + * preferably use uname(), and do gethostbyname() for FQDN + * make vernam cipher base numeric + * make OnlyStderr private in sh_error + * test -e "/dev/random" --> test -r "/dev/random" (portability) + * check for libsocket (portability) + * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability) + * eliminate superfluous /proc test + * some unreachable code removed + * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash() + * check for setresuid() if no seteuid() (HP-UX 10.20) + +0.4 (09-11-1999): + * make sure output from /dev/random has no NULL's + * one-time pad encryption for emailed keys + (better than nothing ...) + +0.3 (04-11-1999): + * logfile readable for group + * verify signatures for any file + * signature block in tarball + * use select() in time server routine + * better protection for session keys (mlock) + +0.2: + * fixed incorrect man page + * fixed incorrect example rc file + * recursive error logging should work now + +0.1: + * initial release -- on Samhain 1999, of course + +development start: + * probably 29-06-1999 + Index: branches/samhain-2_2-branch/docs/FAQ.html =================================================================== --- branches/samhain-2_2-branch/docs/FAQ.html (revision 66) +++ branches/samhain-2_2-branch/docs/FAQ.html (revision 66) @@ -0,0 +1,837 @@ + + +Frequently Asked Questions for Samhain + + + + +
+

samhain file integrity + scanner | online + documentation

+

Frequently Asked Questions for Samhain

+

Rainer Wichmann

+
+

FAQ Revised: Monday 11 September 2006 22:18:54

+

Table of Contents

+
+
1. Most frequently
+
+
2. Build and install
+
+
3. File checking
+
+
4. Client/Server
+
+
5. Email
+
+
6. Misc
+
+
7. Database
+
+
+

1. Most frequently

+
+
1.1. Owner not trustworthy / Group writeable and member not trustworthy
+
An untrusted user (might be an untrusted group member + for group writeable files/directories) owns or can write to an + element in the path listed in the error message. This concerns + the configuration file, the log file, and the database file. + The offending element in the path is identified as obj=/xxx in the + error message. + To fix the problem, see next entry.

+
1.2. samhain exits with the message "Untrusted path" for config/log/pid/database files
+
Paths to critical + files (e.g. the configuration file) must be writeable by trusted users + only. + If a path element is group writeable, all group members must be trusted. + By default, only root and the (effective) user of + the program are trusted. To add trusted users, use the compile time + option +
+$ ./configure --with-trusted=0,...
+
+ or the configure file option: +
+[Misc]
+TrustedUser=username
+
+If the path to the configuration file itself is writeable + by other users than root and the + effective user + these must be defined as trusted already + at compile time.

+
1.3. It does not log anything / Can't stop logging to console
+
(1) There is a section in the manual dealing with +logging and filtering.
+ +(2) To log to the console: +
+$ samhain -p info ...
+
+or in the configuration file: +
+[Log]
+PrintSeverity=info
+
+ +To stop logging to the console: +
+$ samhain -p none ...
+
+or in the configuration file: +
+[Log]
+PrintSeverity=none
+
+Defining /dev/null as console device works as well, but +is a bad idea, because samhain will open the device and write (i.e. it is +a very inefficient method).

+
1.4. Client cannot self-resolve, but nslookup works fine
+
    +
  • Nslookup is a program to query Internet domain name servers. +
    • +
  • Applications (like samhain) are not supposed to query DNS servers + directly. Rather, they are supposed to query the resolver library that: +
      +
    • is provided by the operating system,
      • +
    • configured by the system administrator,
      • +
    • may use several different method to determine host names, as + configured in /etc/nsswitch.conf, and
      • +
    • usually is configured to give precedence to + the /etc/hosts file.
      • +
    +
    • +
  • Therefore, whether nslookup gives correct answers may be completely + irrelevant. For self-resolving the own hostname, the resolver + library probably will use /etc/hosts, rather than + querying a DNS server. +
    • +
+

+Below you can find some examples of good and bad /etc/hosts files: +

+
+        # CORRECT
+	#
+        127.0.0.1  localhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+
+ +
+        # CORRECT
+	#
+        127.0.0.1  localhost.localdomain localhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+
+ +
+        # BAD
+	#
+        127.0.0.1  myhost.mydomain.tld  localhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+
+ +
+        # BAD
+	#
+        127.0.0.1  localhost myhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+


+
+

2. Build and install

+
+
2.1. [Fedora Core] Cannot compile with --enable-khide
+
The Fedora Core kernel is patched to unconditionally deny reading +from /dev/kmem. Compiling the stealth kernel modules is not possible +under these circumstances.

+
2.2. [Fedora Core] Cannot compile with --with-kcheck
+
The Fedora Core kernel is patched to unconditionally deny reading +from /dev/kmem. Checking the kernel for the presence of rootkits is +not possible under these circumstances.

+
2.3. "make" loops infinitely !
+
This may happen (e.g. when building via NFS for multiple architectures) + if the relative timestamps in the source directory are + wrong (time not in sync on different machines) or some intermediate + target is unusable (up-to-date, but built for a different OS). Use + "touch * && make distclean" in the source directory + to recover.

+
2.4. Why does static compiling (--enable-static) on Solaris fail ?
+
Ingo Rogalsky has provided the following information: It isn't possible + to link Samhain statically with Solaris. This + is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.

+
2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'
+
For Linux, this is a known problem with --enable-static if you compile + in MySQL support. The problem is that the + mysql_config that comes as part of the MySQL + distribution script incorrectly lists dependencies on + the libnss_files and libnss_dns libraries which are only available as + shared libraries, so the linker cannot find the static libraries. + + You can check this by inspecting the output of + mysql_config --libs. The version of + mysql_config that comes with the RedHat mysql + RPM (RedHat 9) does not have this bug; the one distributed by the MySQL + people has. You can fix the problem by editing + mysql_config: search for the + client_libs variable, and remove all instances + of -lnss_files and -lnss_dns.

+
2.6. The executable is corrupted after installation
+
The executable will get stripped during the installation. On + suitable systems (i386 Linux/FreeBSD currently), additionally + the "sstrip" + utility (copyright 1999 by Brian Raiter, under the GNU GPL) + will be used to strip the executable even more, to prevent + debugging with the GNU "gdb" debugger. + The "strip" utility cannot handle the resulting + executable, therefore trying to strip manually after installation + will corrupt the executable.

+
2.7. --enable-xml-log has no effect
+
If you have compiled for stealth, you won't see much, because if + obfuscated, then both a 'normal' and an XML logfile look, + well ... obfuscated. Use samhain -jL /path/to/logfile + to view the logfile.

+
2.8. ./install-sh: strip: not found (Solaris)
+
Install the SUNWbtool package.

+
2.9. What is sh_tiger1.s?
+
This is a precompiled assembly file for the i386 architecture +generated from sh_tiger1.c using gcc 3.4.0 with the following options, +that were found to generate the fastest code: +
+ -O1 -fno-delayed-branch -fexpensive-optimizations -fstrength-reduce 
+     -fpeephole2 -fschedule-insns2 -fregmove -frename-registers -fweb 
+     -momit-leaf-frame-pointer -funroll-loops
+
+These options were determined using +acovea 5.1.1 +by Scott Robert Ladd. The file is provided as precompiled assembly +because different versions of gcc can have very different performance, +require different options to compile optimal code, and +it would be impossible to maintain a library of optimal compile options +for every version of gcc.

+
2.10. Why does static compiling (--enable-static) on MaxOS X fail ?
+
Static linking is not supported on MacOS X, see +Technical Q&A QA1118. +This is a MacOS X issue and not a bug in samhain.

+
+

3. File checking

+
+
3.1. How can I exclude a (sub-)directory ?
+
+[IgnoreAll]
+dir=-1/ignore/this/subdirectory
+


+
3.2. In messages about policy violations, what does the code after POLICY [XYZ] +mean ?
+
This code indicates which items are modified (e.g. C = checksum). You can +find a description in section 5.4.9 in the user manual. It is there because +then you can see in the message list of the Beltane web console what has been +modified, without the need to look at the message in detail.

+
3.3. Does samhain support prelink ?
+
Yes. There is a special checking policy [Prelink]. Directories with +prelinked executables / shared libraries (see /etc/prelink.conf) should be +placed under this policy, rather than under the [ReadOnly] policy.

+
3.4. I get error messages about 'subdirectory count != hardlinks'
+
Some filesystems do not always follow the rule that the number +of directory +hardlinks equals the number of subdirectories. E.g. the root directory of +reiserfs partitions generally seems to have two additional hardlinks. +To account for such exceptions, you can either switch off the +hardlink check globally, or specify exceptions: +
+[Misc]
+# Switch off hardlink check
+#
+UseHardlinkCheck=no
+
+
+[Misc]
+# Specify exceptions for the hardlink check
+#
+HardlinkOffset=N:/path
+
+Here, N is the numerical offset (actual - expected hardlinks) for +'/path'. For multiple exceptions, use +this options multiple times (note that '/path N:/path2' would itself be a valid +path, so using the option only once with multiple exceptions on the same line +would be ambiguous).

+
+

4. Client/Server

+
+
4.1. I don't want to poke a hole into my firewall to let the client connect to the server !
+
Pat Smith has posted the following solution. On the client, create +an iptable rule as follows (note: you probably don't need this if you +configure / compile in 127.0.0.1 as the server address): +
+iptables -t nat -A OUTPUT -p tcp -m tcp --dport 49777 -d server-ip -j REDIRECT
+
+ +On the server, create an ssh tunnel for each client outside the firewall: + +
+ssh -f -C -R 49777:localhost:49777 -N client-ip
+
+ +It is necessary that each client has a distinct name, and that the server +knows the name of the client. With the setup above, each client will appear +as "localhost" to the server, thus the server +needs to trust the client name +as reported by the client itself, and suppress all eroors on resolving +this name to the apparent address. In the server configuration: + +
+[Misc]
+SetClientFromAccept = false
+SeverityLookup = debug
+
+ +Obviously, self-resolving must work on the client machine, otherwise +you are in trouble (see next issue).

+
4.2. The client sends 127.0.0.1 (or some other numerical address) as its name to the log server
+
See 'Client cannot self-resolve' in the 'Most frequently' section

+
4.3. The server wants to send rc.ip-adress rather than rc.fqdn to the client
+
The client self-resolves to its ip address. +See 'Client cannot self-resolve' in the 'Most frequently' section

+
4.4. Cannot resolve client name host=XXX
+
+The server must be able to determine the client name.
+This is because only authenticated connections from registered 
+clients are allowed, and
+the server must be able to check the client hostname against the list of
+allowed hosts, and look up the password verifier for that
+host.
+
+There are two different ways to accomplish this. Unfortunately, judging +from customer feedback as well from common sense, both do not work very well +with a messed up local DNS (including /etc/hosts files) and/or +überparanoid or misconfigured firewalls (in case of connections +across one). +
    +
  • +

    + First method: Determine client name on client, and + try to cross-check on server +

    +

    + This does not work for a number of people because (1) the + /etc/hosts file on the client machine has errors + (yes, there are plenty machines with a completely + messed up /etc/hosts file), (2) the + server cannot resolve the client address because the local DNS is + f***ed up, or (3) the client machine has multiple network interfaces, and + the interface used is not the one the client name resolves to. +

    +

    + If the client uses the wrong interface on a multi-interface machine, + there is a config file option + SetBindAddress=IP address + that allows to choose the interface the client will use for + outgoing connections. +

    +

    + If you want to download the config file from the server, you + should instead use the corresponding command line + --bind-address=IP address + to select the interface. +

    + +

    + If you encounter problems, you may (1) fix your + /etc/hosts file(s), (2) fix your local DNS, or + (3) switch to the second method. +

    +

    + Errors in name resolving/cross-checking can be avoided by setting a + very low severity (lower than the logging threshold), e.g. +

    +

    + SeverityLookup=debug +

    +

    + in the Misc section of the server configuration, + if you prefer running unsafe at any speed + instead of fixing the problem (you have been warned). Doing so will + allow an attacker to pose as the client. +

    +
    • +
  • +

    Second method: Use address of connecting entity as + known to the communication layer

    +

    + This has been dropped as default + long ago because it may not always be the + address of the client machine. + To enable this method, use +

    +

    + SetClientFromAccept=true +

    +

    + in the Misc section of the server configuration + file. If the address cannot be resolved, or reverse lookup of the + resolved name fails, no error message will be issued, + but the numerical address will be used. +

    +
    • +


+
4.5. Cannot resolve socket peer IP for client host=XXX peer=YYY
+
See above

+
4.6. Reverse lookup of socket peer failed host=XXX peer=YYY obj=ZZZ
+
See above

+
4.7. No socket peer alias matches client name host=XXX peer=YYY
+
See above

+
4.8. Session key negotiation failed
+
See the document HOWTO client+server troubleshooting

+
4.9. Invalid connection attempt: Not in client list
+
See the document HOWTO client+server troubleshooting

+
4.10. Invalid connection attempt: Session key mismatch
+
See the document HOWTO client+server troubleshooting

+
4.11. How do I update the file signature database ?
+
If you keep the file signature database on the server, + the database is supposed to be updated on the server, using the + beltane + web-based console (currently in beta) and the + log messages from the client. +

+ Alternatively, you can scp the database + to the client, run samhain -t update -l none (you + need to avoid logging because otherwise you will get in conflict with + the running samhain daemon), and then scp the + database back to the server. Actually, with a properly set up + "ssh", using RSA/DSA authentication + and ssh-agent you could write a script to automate this.

+
4.12. Time limit exceeded
+
The respective client for that this message is generated has not + sent anything for some interval of time (default 84600 sec = 1 day). + The interval can be set as follows: +
+        [Misc]
+	# unit is seconds
+        SetClientTimeLimit=NNN
+
+ + This feature has the purpose to detect if a client is dead. You + might want to ensure that timestamps are sent to the server: +
+        [Log]
+	ExportSeverity=mark
+
+ If you don't want to use this feature, set the time limit to some + very large value.

+
4.13. Invalid connection attempt: Signature mismatch
+
Clients sign their messages using a session key negotiated + with the server. The message indicates that the server could + not verify the signature. This may be caused by a running two + instances of samhain on the same client machine, both of them + accessing the server (and negotiating different session keys + ...). The system will recover automatically from the problem + by forcing the failed client to negotiate a fresh session key.

+
4.14. [Server] PANIC .. Address already in use   subroutine=bind
+
The server cannot bind to its port because the port is already used. + Maybe you have accidentially already an instance of the + server running.

+
+

5. Email

+
+
5.1. Reverse lookup failed
+
Fix your DNS (reverse lookup: numerical IP address to FQDN, to verify + FQDN to numerical IP address). +
+Whether "nslookup" works is not very informative, because 
+"nslookup" does not use the resolver library of the operating
+system. Therefore,
+it is not exactly the
+best tool for debugging name resolving problems (see the book
+"DNS and bind").
+


+
5.2. From daemon@example.com
+
samhain fails to resolve the + self-address of the host. +See 'Client cannot self-resolve' in the 'Most frequently' section.

+
5.3. How do I define more than one email addresses ?
+
Use SetMailAddress=... multiple times (upt to eight addresses +are possible, with at most 63 characters per address): +
+[Misc]
+SetMailAddress=aaa@foo.com
+SetMailAddress=bbb@foo.com
+


+
+

6. Misc

+
+
6.1. Error message: "Invalid line XYZ in configuration file"
+
This message indicates that line XYZ in the configuration file contains +an unrecognized directive. The primary reasons are:
+ +(a) The directive should be placed into a particular section of the +configuration file, but the section header is not present (or you forgot +to uncomment it).
+ +(b) Samhain is compiled without support for this directive.
+ +(c) You have a typo in the directive.


+
6.2. Why do I get a local logfile if I log to the server ?
+
Because you can use all log facilities in parallel. You should + switch off in the config file what you don't want/need: +
+        [Log]
+        # local log file
+        LogSeverity=none
+


+
6.3. Why is there no NIS support with a static samhain executable on Linux ?
+
Some functions (including NIS) require + libraries that are only available as shared libraries + with modern GLIBC versions. While you can always compile a static + executable, normally it would still open the shared library at runtime. + As of version 1.8.11, samhain avoids this by providing replacement + functions from uClibc. However, these do not include NIS support.

+
6.4. Why do I get hundreds of messages about modified CTIME ?
+
This happens because some + backup applications reset the atime/mtime timestamps, which causes + the ctime timestamp to be modified (rootkits avoid this by + temporarily resetting the system clock to the original ctime ...). +

+ To fix this problem, read the manual of your backup application, or + redefine the ReadOnly policy to not check + the ctime timestamp: +

+        [Misc]
+        RedefReadOnly=-CTM
+
+
+        Order matters - you must first redefine 
+        ReadOnly before you use it
+


+
6.5. PANIC — File not accessible
+
Most likely permission denied because of unsufficient privileges.

+
6.6. How can I avoid error messages for invalid UIDs (no such user) ?
+
Set SeverityNames to a low value +
+[EventSeverity]
+SeverityNames=debug
+


+
6.7. [Redhat] The /etc/init.d/(samhain|yule) init script hangs
+
Redhat uses "initlog" (see + man initlog) in initscripts. If it hangs, most probably + samhain/yule runs in the foreground rather than as daemon. Set + daemon mode in the configuration file: +
+[Misc]
+Daemon=yes
+


+
6.8. The /etc/init.d/(samhain|yule) init script exits with: execvp: No such file or directory
+
Either the program is not installed, or it is not in the PATH (the one + used by the init script, which may be different from your PATH).

+
6.9. Why am I not receiving the "BEGIN LOGKEY" message by email ?
+
This message (which contains the key to verify the log file) is generated + when logging to the log file starts. It has the severity "ALRT", + thus you should make sure that you have set the logging threshold for + email correctly to receive it.

+
6.10. Why does console logging fail if I compile with + --enable-(micro-)stealth ?
+
The default logging options are more "stealthy". Set the + threshold explicitely rather than relying on the default.

+
6.11. I need a list for my schedule !
+
You can have the same effect with a list of schedules. See the section +"Timing file checks" in the manual.

+
6.12. The hiding kernel module has no effect !
+
Most probably you compiled using the wrong "System.map" file.

+
6.13. What does the message "Large lstat/open overhead" mean ?
+
Your system needs several seconds to proceed from an lstat() system call + to an open() system call. This is a tremenduous overhead, and + indicates that either your system has a really severe performance problem, + or someone tries to slow down samhain.

+
6.14. What does the message "Device not available path=/dev/random" mean ? I have /dev/random !
+
/dev/random blocks unless there is some entropy it can deliver. Samhain + will time out and fall back on /dev/urandom after some seconds to avoid + hanging for a potentially long time. It will try /dev/random again next + time it needs entropy.

+
6.15. Logging to an external program fails; the program receives no data + on stdin !
+
Probably your program is not designed to wait for input, but exits + if reading fails (because there is no data yet). You may want to + let your program wait for the terminating "[EOF]" line.

+
6.16. SIGILL on AIX
+
For each scanned file, samhain needs to + store some information in memory (e.g. to recognize changes that have + already been reported, and avoid duplicate reports). On AIX, if you are + checking a really huge number of files, + memory usage may exceed the default limit of 256 MB, and the process may + terminate with SIGILL. +

+ The problem can be solved by linking with the flag + -bmaxdata:0x80000000. This allows the application to + access up to 8 segments (where each segment is 256MB). +

+ If you are using gcc, you need to use instead + the flag -Wl,bmaxdata:0x80000000, which tells + gcc to pass on the + bmaxdata + flag to the AIX linker. You can use the LDFLAGS environment variable to + pass linker flags to the configure script: +

+     export LDFLAGS="-Wl,bmaxdata:0x80000000"
+


+
+

7. Database

+
+
7.1. Why are client messages corrupted / incompletely stored in the DB ?
+
Because the messages are not in XML format, and therefore incorrectly + parsed. The most frequent reasons are: +
+        1.) Your server is compiled with --enable-xml-log, but your client(s)
+        is/are not.
+
+        2.) In your client or server configuration file, you are using
+        the option for a custom message header, but without paying attention
+        to preserving the XML format.
+


+
7.2. I want / don't want the server timestamps (for client messages) in the SQL database
+
+[Database]
+SetDBServerTstamp = true/false
+
+ + This will enable/disable logging of the server timestamp for client + messages. The server timestamp will be written to a seperate record, + with log_ref set to the value of + log_index of the corresponding client message.

+
7.3. I don't want the client TIMESTAMP messages in the SQL database
+
+     Sending timestamps from the client allows the server to detect if
+     a client is not running anymore (use SetClientTimeLimit=NNN in the
+     [Misc] section of the server config file to set the number of seconds
+     after which the server will issue an error message if no timestamp has
+     been received).
+
+ + However, you might not want to log these timestamps to the database + (or other log facilities). To filter them, you can use two methods + (examples are for the SQL database). + The first + one has the disadvantage that only messages of + severity err or higher will be logged: +
+     [Misc]
+     UseClientSeverity=yes
+
+     [Log]
+     DatabaseSeverity=err
+
+ + The second method is more specific — log everything not + belonging to the STAMP class of messages: +
+     [Misc]
+     UseClientClass=yes
+
+     [Log]
+     DatabaseClass=PANIC RUN FIL TCP ERR ENET EINPUT
+


+
7.4. What does the log_ref field mean ?
+
NULL are client messages. Nonzero integer is a server timestamp + for a client message (where log_ref indicates the log_index entry + number of the corresponding client message). Zero indicates a message + by the server itself (e.g. the server's start message).

+
7.5. How can I check what is in the database ?
+
Use a command line client to login to the database and query it: +
+     sh$ mysql -u <user_name> -p <database_name>
+     Enter password: ****
+     mysql> SELECT log_index,log_ref,log_host,log_sev,log_msg,path FROM <table_name> WHERE entry_status = 'NEW' ORDER BY log_index;
+     ....
+     mysql> \q 
+


+
+
+ +

Copyright (c) 2004 Rainer Wichmann

+ +

This list of questions and answers was generated by +makefaq. + +

+ + Index: branches/samhain-2_2-branch/docs/HOWTO-client+server-troubleshooting.html =================================================================== --- branches/samhain-2_2-branch/docs/HOWTO-client+server-troubleshooting.html (revision 66) +++ branches/samhain-2_2-branch/docs/HOWTO-client+server-troubleshooting.html (revision 66) @@ -0,0 +1,401 @@ + + + +HOWTO client+server troubleshooting + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Samhain client/server: What can go wrong, and how can you fix it ?

+
+
+
+

+This document aims to explain how to diagnose and fix common problems that +may result from misunderstanding or misconfiguration when setting up +a client/server samhain system. This document is divided in several sections +more or less corresponding to the different stages when a client +connects to a server. Each section starts with a brief explanation that +should provide a basic understanding of what is going on. +

+

+This document does not discuss how to setup a client/server (for +this, look into the manual and/or the HOWTO-client+server). +

+ +

Table of Contents

+

+Connecting to the server
+Authentication
+Downloading config/database files
+Other connection problems
+

+ +

Connecting to the server

+ +

+Client/server connections are always initiated from the client. The port +is compiled in (there is a configure option to change the default). +The default port is 49777. +

+ +

Problem #1

+

+The client reports: Connection refused. The server reports nothing. +

+

+The server is down, listens on the wrong port, or network failure. +

+ +

Problem #2

+

+The client reports: Connection error: Connection reset by peer, and +later also Session key negotiation failed. The server reports: +msg="Refused connection from ..." subroutine="libwrap". +

+

+The server is compiled with libwrap (TCP Wrapper) support, and the +client is either in /etc/hosts.deny, or you have set yule: ALL +in /etc/hosts.deny, and forgot to put the client in +/etc/hosts.allow. +

+

+To fix: make proper entries in /etc/hosts.allow and/or +/etc/hosts.deny. There is no need to restart/reload the server. +

+ + +

Authentication

+

+The client has a password that is used to authenticate to the server. +This password is located within the binary, and is set with the +samhain_setpwd helper application, as explained e.g. in the +manual or in the Client+Server HOWTO. +

+The server has a list of clients that are allowed to connect, and the +verifiers corresponding to the passwords of these clients. +

+

+Upon successful authentication, client and server will negotiate +a session key that is used for signing further messages +from the client. +

+ +

Problem #1

+ +

+If the password is wrong, the client will report +Session key negotiation failed. The server will +report: Invalid connection attempt: Session key mismatch +

+

+To fix: make sure that the password has in fact been set, that you are +using the correct executable for the client (the one where the password is +set), and that the entry in the server config file is the one generated +for this password (also look out for double entries for this client). +

+ +

Problem #2

+ +

+If the client name (as resolved on the server) is wrong, the client +will report +Session key negotiation failed. The server will +report: Invalid connection attempt: Not in client list, +and it will tell you in the same error message +what name it has inferred for the connecting +client (example): client="client.mydomain.com". +

+

+The fix depends on the nature of the problem. In principle, it should be +sufficient to change the name of the client in the config file entry, which +isn't really a solution if e.g. the server thinks the client is 'localhost'. +

+

+There are two different ways to determine the client name. +Unfortunately, judging +from customer feedback as well from common sense, both do not work very well +with a messed up local DNS (including /etc/hosts files) and/or +überparanoid or misconfigured firewalls (in case of connections +across one). +

+
    +
  • +

    + First method: Determine client name on client, and + try to cross-check on server +

    +

    + This does not work for a number of people because (1) the + /etc/hosts file on the client machine has errors + (yes, there are plenty machines with a completely + messed up /etc/hosts file), (2) the + server cannot resolve the client address because the local DNS is + f***ed up, or (3) the client machine has multiple network interfaces, and + the interface used is not the one the client name resolves to. +

    +

    + If the client uses the wrong interface on a multi-interface machine, + there is a config file option + SetBindAddress=IP address + that allows to choose the interface the client will use for + outgoing connections. +

    +

    + If you want to download the config file from the server, you + should instead use the corresponding command line + --bind-address=IP address + to select the interface. +

    + +

    + If you encounter problems, you may (1) fix your + /etc/hosts file(s), (2) fix your local DNS, or + (3) switch to the second method. +

    +

    + Errors in name resolving/cross-checking can be avoided by setting a + very low severity (lower than the logging threshold), e.g. +

    +

    + SeverityLookup=debug +

    +

    + in the Misc section of the server configuration, + if you prefer running unsafe at any speed + instead of fixing the problem (you have been warned). Doing so will + allow an attacker to pose as the client. +

    +
    • +
  • +

    Second method: Use address of connecting entity as + known to the communication layer

    +

    + This has been dropped as default + long ago because it may not always be the + address of the client machine. + To enable this method, use +

    +

    + SetClientFromAccept=true +

    +

    + in the Misc section of the server configuration + file. If the address cannot be resolved, or reverse lookup of the + resolved name fails, no error message will be issued, + but the numerical address will be used. +

    +
    • +
+ + +

Downloading config/database files

+ +

+The client does not tell the server the path to the requested +file - it just requests a config or a database file. It's entirely the +responsibility of the server to locate the correct file and send it. +

+

+The server has a data directory, which by default would be +/var/lib/yule. Here the config/database files should be placed. +

+

+Configuration files: rc.client.mydomain.tld or +simply rc +(this can be used as a catchall file). +

+

+Database files: file.client.mydomain.tld or +simply file +(this can be used as a catchall file). +

+ +

Problem #1

+ +

+If the server cannot access the configuration (or database) file, either +because it does not exist or the server has no read permission, the +client will report File download failed. The server will +report: File not accessible, and it will tell you in the +same report the path where it would have expected the file (example): +path="/var/lib/yule/rc.client.mydomain.com" +

+

+To fix: put the file in the correct location, make sure the permissions +are ok. +

+ + +

Other connection problems

+ +

+The server has a table with client names and their session keys. If +another client process accesses the server from the same host, +it will negotiate a fresh session key for that host. As a consequence, +the session key of the first client process will become invalid. +

+

+Also, the server keeps track of the status of a client. If a client +process does not announce its termination to the server, the server +will not expect a startup message, and issue a warning for any +such message. +

+ +

Problem #1

+ +

+The client reports: Invalid connection state. The server reports: +Invalid connection attempt: Signature mismatch. This is a sign that +a client has tried to connect using an invalid session key. Most probably, +another instance of the client is/was started on the respective host. +

+

+To fix: if you need to have concurrent access to the server, +suspend the first process with SIGUSR2 before starting the second. Use +SIGUSR2 again to wake up the first process. Give the process a second or two +to return into the main event loop and go into suspend mode. Do not just use +SIGSTOP/SIGCONT: it is important that the client tells the server that +it will go into suspend. +

+ +

Problem #2

+ +

+The server reports: +Restart without prior exit for a client. +This is a sign that +a client has re-started without informing the server about a previous +termination. +

+

+This would happen if the client was killed with SIGKILL, or if it terminated +within the routine to send a message to the server (the routine is +not re-entrant). You may want to investigate messages logged via another +logging facility (e.g. the client's local logfile). Of course it may +also be a segfault, which would be reported via syslog. +

+ +
+ + Index: branches/samhain-2_2-branch/docs/HOWTO-client+server.html =================================================================== --- branches/samhain-2_2-branch/docs/HOWTO-client+server.html (revision 66) +++ branches/samhain-2_2-branch/docs/HOWTO-client+server.html (revision 66) @@ -0,0 +1,441 @@ + + + +HOWTO client+server + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Setting up a client/server samhain system

+
+
+
+

+This document aims to explain how to set up a client/server +samhain system, where the client (samhain) runs on one machine to be +monitored, and sends reports via TCP/IP to a remote server (yule). +

+

+Please note: the server (yule) does not perform any filesystem and/or +kernel checks. If you want to perform such checks on the log server host, +you need to run a samhain client on this host as well. +

+

+Client and server are +distict applications, and must be +built seperately. By default, installation names and paths (e.g. +the configuration file) are +different. Do not blame us if you abuse './configure' options to +cause name clashes, if you install both on the same host. +

+ +

Introduction

+

+Samhain can be compiled for remote logging to a central server via a +secure (AES-encrypted, signed, and authenticated) TCP/IP connection. +

+In addition, both the client configuration file and the file signature +database can be stored on the server. The client will then pull them from +the server upon startup. +

+This requires three basic steps: +

+
    +
  1. +compile and install server and client, +
    2. +
  2. +establish trust between client and server, and +
    3. +
  3. +enable remote logging in the client's configuration file. +
    4. +
+ + +

Compiling

+ +

The server - yule

+ +

+Note: the server can be started with root privileges (e.g. to use +a privileged port < 1024), but it will always +drop root privileges irrevocably +before accepting any connections, and run as a non-root user. This user +can be specified explicitely with the configure +option --enable-identity=USER. The default is +the first existing user +out of the list yule, daemon, nobody. +

+ +
+
+bash$ ./configure --enable-network=server
+bash$ make
+bash$ make install
+
+
+ +

The client - samhain

+ + +
    +
  • +

    + If you just want remote logging: +

    +    ./configure --enable-network=client + --with-logserver=server.example.com +

    +
    • +
  • +

    + If you want configuration and database files on the server: +

    +    ./configure --enable-network=client + --with-logserver=server.example.com \
    +         --with-config-file=REQ_FROM_SERVER/etc/samhainrc \
    +         --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file     +

    +
    • +
+

+The path after the keyword REQ_FROM_SERVER has the following meaning: +

    +
  • for the configuration file: +
      +
    • if initializing, and the connection to the server + fails, samhain will fall back on the local file (if given); +
      • +
    • if in check mode, it is ignored. Samhain will + abort if the connection to the server fails. +
      • +
    + Thus, the local path allows you to initialize the database from a local + configuration file before the client is known to the server. +
    • +
  • for the database file: +
      +
    • if initializing, the database is written to the local file; +
      • +
    • if in check mode, the local path is ignored. Samhain will + abort if the connection to the server fails. +
      • +
    + Thus, init (or update) always requires a local file that + must be uploaded to the server thereafter. Note that if you + use the Beltane web-based frontend, database updates can be performed + on the server without ever running an update on the client. +
    • +
+ +

Establishing trust between client and server

+ +

+By default, samhain uses the SRP (Secure Remote Password) protocol, +with a password that is embedded in the client binary, and a +corresponding verifier that is in the server configuration file. +

+ +

Embedding the password in the client, and register it with the server

+ +

+To embed the password in the binary, there is a dummy password compiled +in as placeholder, and a utility samhain_setpwd is provided that +

+ +
    +
  1. + takes a password as input, +
    2. +
  2. + searches the original binary for the + correct place (i.e. the placeholder), and +
    3. +
  3. + writes a copy of the original binary, with the placeholder replaced + by the password. The original is left untouched. The copy cannot + be changed to another password anymore. +
    4. +
+ + +

+For convenience, the server has functions to +

+ +
    +
  • +

    +generate a random password in the correct format: +

    +   sh$ yule -G +

    +
    • +
  • +

    +and generate a corresponding entry for the +server configuration file: +

    +    sh$ yule -P PASSWORD. +

    +

    • +
  • +The generated entry has a string 'HOSTNAME' that you should +replace with the fully qualified name of the client. This entry must +then be placed in the [Clients] section of the yule configuration +file (e.g. /etc/yulerc). +
    • +
  • +Finally, you need to tell yule to reload the configuration (send SIGHUP, +or use /etc/init.d/yule reload). +
    • +
+ + +

Example

+ +
+
+rainer$ ./samhain_setpwd
+
+Usage: samhain_setpwd <filename> <suffix> <new_password>
+
+   This program is a utility that will:
+    - search in the binary executable <filename> for samhain's
+      compiled-in default password,
+    - change it to <new_password>,
+    - and output the modified binary to <filename>.<suffix>
+
+   To allow for non-printable chars, <new_password> must be
+   a 16-digit hexadecimal number (only 0-9,A-F allowed in input),
+   thus corresponding   to an 8-byte password.
+
+   Example: 'samhain_setpwd samhain new 4142434445464748'
+   takes the file 'samhain', sets the password to 'ABCDEFGH'
+   ('A' = 41 hex, 'B' = 42 hex, ...) and outputs the result
+   to 'samhain.new'.
+
+rainer$ yule -G
+5B5CDF18CE8D66A3
+
+rainer$ ./samhain_setpwd samhain new 5B5CDF18CE8D66A3
+INFO   old password found
+INFO   replaced:  f7c312aaaa12c3f7  by:  5b5cdf18ce8d66a3
+INFO   finished
+
+rainer$ scp ./samhain.new root@client.example.com:/usr/local/sbin/samhain
+samhain              100% |********************************|   592 KB    00:00
+
+rainer$ yule -P 5B5CDF18CE8D66A3
+Client=HOSTNAME@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F6B4116E964\
+A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393295E05DF6A\
+6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB0D03586143\
+977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0
+
+rainer$ yule -P 5B5CDF18CE8D66A3 | sed s%HOSTNAME%client.example.com% >> /etc/yulerc
+
+rainer$ tail -2 /etc/yulerc
+[Clients]
+Client=client.example.com@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F
+6B4116E964A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393
+295E05DF6A6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB
+0D03586143977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0
+
+rainer$ /etc/init.d/yule reload
+
+
+ +

+Note 1: the verifier Client=client.example.com@..... must be +in the [Clients] section of the server configuration file. It is +convenient if this is the last section in the config file, because then +you can just concatenate the output of yule -P PASSWORD to the +configuration file. This allows for better automatisation with a simple +script. +

+

+Note 2: samhain comes with a deploy system that handles +the deployment of clients, including password embedding and server +configuration, in a semi-automatic way. +This deploy system is tested and used in a production system +of more than 50 machines, and described in detail in Chapt. 10 of the MANUAL. +

+ +

Enabling remote logging

+

+Samhain has multiple independent logging facilities (such as a local logfile, +syslog, e-mail, TCP/IP, etc.) that can be used +in parallel. You therefore have to specify in the client's configuration +file, which logging facility you want to use. +

+

+Selecting logging facilities is done by setting appropriate thresholds +in the [Log] section of the configuration file: each +message with a priority exceeding +the threshold will be logged via the respective facility. Setting +the threshold to none will disable a facility. For details, +refer to Chapt. 4 in the MANUAL. +

+

Example

+

+To enable remote logging to the server for all messages of +priority error or higher, use the following directive in the +client configuration file: +

+
+
+[Log]
+ExportSeverity=err
+
+
+ + +

Databases and config files on the server

+ +

+The client does not tell the server the path to the requested +file - it just requests a config or a database file. It's entirely the +responsibility of the server to locate the correct file and send it. +

+

+The server has a data directory, which by default would be +/var/lib/yule, but depends on your compile options. +

+

+Config files and baseline databases for clients must be located +in this directory, and they must be named as follows: +

+

+Configuration files: rc.client.mydomain.tld or +simply rc +(this can be used as a catchall file). +

+

+Database files: file.client.mydomain.tld or +simply file +(this can be used as a catchall file). +

+
+ + Index: branches/samhain-2_2-branch/docs/HOWTO-samhain+GnuPG.html =================================================================== --- branches/samhain-2_2-branch/docs/HOWTO-samhain+GnuPG.html (revision 66) +++ branches/samhain-2_2-branch/docs/HOWTO-samhain+GnuPG.html (revision 66) @@ -0,0 +1,415 @@ + + + +HOWTO samhain+GnuPG + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Using samhain with GnuPG

+
+
+
+

+This document aims to explain how to use samhain with signed configuration +and database files which are checked by invoking GnuPG. +

+

Introduction

+

+Samhain can be compiled to recognize PGP signatures on configuration and +database files and to invoke GnuPG in order to check such signatures. +(Note: while the application usually is referred to as GnuPG, +the executable itself is called gpg). +

+

+If samhain is compiled with this option, then +

+ +
    +
  1. +both the configuration file +and the file signature database must be signed, and +
    2. +
  2. +for both files the signatures must verify correctly, +
    3. +
  3. +otherwise samhain will abort. +
    4. +
+ + +

Prerequisites

+
    +
  • +

    +Obviously you need gpg (GnuPG), and you must +have created a key pair with: +

    +   gpg --gen-key +

    +(it does not really matter which type of key, the defaults are ok). +

    +GnuPG uses a public-key algorithm: the key pair consists of +

    +
      +
    • +a secret key that is +used for signing and stored in ~user/.gnupg/secring.gpg, and +
    • +a public key used for verifying the signature, and stored in +~user/.gnupg/pubring.gpg. +
      • +
    +

    +The secret key obviously should be +kept secret, while the public key can be published. +

    +
    • +
  • +

    +You need to compile samhain with support for GnuPG: +

    +   ./configure --with-gpg=/path/to/gpg [more options] +

    +

    • +
+ +

+Note 1: If compiled with support for GnuPG, +the TIGER192 checksum of the gpg +executable will be compiled into samhain, and the gpg executable will +be checksummed (to verify its integrity) before invoking it. If you +don't like this, you should add the configure option: +

+   --with-checksum=no +

+
+

+Compiling in the GnuPG checksum will tie the samhain executable to +the gpg executable. If you upgrade GnuPG, you will need to re-compile +samhain. If you don't like this, use '--with-checksum=no'. +

+
+

+Note 2: The mere fact that the signature +is correct does not prove that it has been signed by you with +your key - it just proves that it has been signed by somebody. +Samhain can optionally check the fingerprint of the key that has been +used to sign the files, to verify that your key has been used +to sign the file(s). To enable this, use the configure option +

+   --with-fingerprint=FINGERPRINT +

+where FINGERPRINT is the hexadecimal fingerprint of the key as listed +with +

+   gpg --fingerprint +

+ +

Example

+ +
+
+rainer$ gpg --fingerprint rainer
+pub  1024D/0F571F6C 1999-10-31 Rainer Wichmann
+     Key fingerprint = EF6C EF54 701A 0AFD B86A  F4C3 1AAD 26C8 0F57 1F6C
+uid                            Rainer Wichmann
+sub  1024g/9DACAC30 1999-10-31
+
+rainer$ which gpg
+/usr/bin/gpg
+
+rainer$ ./configure --with-gpg=/usr/bin/gpg --with-fingerprint=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C
+
+
+ +

Signing the files

+

+The configuration file and the +file signature database +(created by running samhain -t init) must be signed manually +using the command: +

+   gpg -a --clearsign --not-dash-escaped /etc/samhainrc
+   mv /etc/samhainrc.asc /etc/samhainrc +

+Gpg will create a signed copy of the file, +named file.asc. +You need to rename (cp/mv) this signed copy +to the original filename. +After signing the configuration file, you can initialize the database +and sign it likewise. +

+

+Note 1: The installation script will ask you to +sign the configuration file upon installation. +

+Note 2: The gpg option --not-dash-escaped +does not harm if used with the +configuration file, but is only required for the +file signature database. +

+ +

TIP

+

+ In the subdirectory scripts/ of the source directory you will find + a Perl script samhainadmin.pl to facilitate some + tasks related to the administration of signed configuration and + database files (e.g. examine/create/remove signatures). + Use with --help to get usage + information. +

+ +

CAVEAT

+

+ When signing, the option --not-dash-escaped is + recommended, because otherwise the database might get corrupted. + However, this implies that after a database update, + you must remove the old signature first, before + re-signing the database. Without 'dash escaping', + gpg will not properly handle the old signature. + See the tip just above. +

+ +

Example

+ +
+
+root# gpg -a --clearsign --not-dash-escaped /etc/samhainrc
+
+You need a passphrase to unlock the secret key for
+user: "Rainer Wichmann"
+1024-bit DSA key, ID 0F571F6C, created 1999-10-31
+
+root# mv  /etc/samhainrc.asc /etc/samhainrc
+root# samhain -t init
+root# gpg -a --clearsign --not-dash-escaped /var/lib/samhain/samhain_file
+
+You need a passphrase to unlock the secret key for
+user: "Rainer Wichmann"
+1024-bit DSA key, ID 0F571F6C, created 1999-10-31
+
+root# mv /var/lib/samhain/samhain_file.asc /var/lib/samhain/samhain_file
+root# samhain -D -t check
+
+
+ +

Make samhain verify the signature

+

+This is the part where some people run into problems. The point is, +when gpg is invoked by samhain, it must find the public key +needed for verification. Gpg expects public keys in a file +located at ~user/.gnupg/pubring.gpg where ~user +is the home directory of the user as that gpg is running. +

+It is therefore crucial to include the public key corresponding +to te secret key used for signing into the correct pubring.gpg +file (this file can hold many public keys, e.g. of people sending you +emails signed by them). +

+So which is the correct file? Here we have to consider two seperate +cases: +

+
    +
  1. The client (or standalone) samhain daemon runs with UID 0 (i.e. root), +thus the public key must be in ~root/.gnupg/pubring.gpg +
    2. +
  2. +The server (yule) always drops root privileges (if started with), and +runs as a non-root user. The username to use is compiled in, +either with the configure option --enable-identity=USER, +or by default as determined by configure (the first existing user +out of the list yule, daemon, nobody). Thus, the public key +must be in ~root/.gnupg/pubring.gpg (for startup) and +in ~non_root_user/.gnupg/pubring.gpg (for reload with SIGHUP). +
    3. +
+

+To import a public key into the public +keyring (pubring.gpg) of another user, you can do: +

+   gpg --export KEY-ID > filename
+   su another_user
+   gpg --import filename +

+

+Note: samhain will invoke gpg with the options: +

+   --status-fd 1 --verify --homedir /homedir/.gnupg --no-tty - +

+and pipe the configuration/database file into gpg, similar to: +

+cat filename | /usr/bin/gpg --status-fd 1 --verify --homedir /root/.gnupg --no-tty - +

+(of course samhain does not invoke cat, or the shell; the example above +just shows how to do the same from the shell command prompt). +

+ +

Example for signature check

+

+If you want to check the signature the same way samhain does, it should look +like (note the GOODSIG and VALIDSIG keywords in the output): +

+
+
+root# cat /etc/samhainrc | gpg --status-fd 1 --verify --homedir /root/.gnupg --no-tty -
+gpg: Signature made Sat Mar 15 16:08:21 2003 CET using DSA key ID 0F571F6C
+[GNUPG:] SIG_ID 9hQvRhgjWLqyFzVOHi2b0uDmBFo 2003-03-15 1047740901
+[GNUPG:] GOODSIG 1AAD26C80F571F6C Rainer Wichmann
+gpg: Good signature from "Rainer Wichmann"
+gpg:                 aka "Rainer Wichmann"
+[GNUPG:] VALIDSIG EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C 2003-03-15 1047740901
+[GNUPG:] TRUST_ULTIMATE
+
+
+ +

Troubleshooting

+

+First and foremost, run samhain (or yule) from the command line, in non-daemon +mode, and with the command-line option -p debug for debug-level +output. This will print +descriptive information on setup errors and/or relevant output from +the GnuPG subprocess. +

+

+Output from the GnuPG subprocess is marked by [GNUPG:], and +may show the following errors: +

+ +
    +
  • ERRSIG and/or NO_PUBKEY indicates that gpg did not find + the public key to verify the signature. You should import that key + into the keyrings of root and (for yule additionaly) the yule user. +
    • +
  • BADSIG indicates that the public key was found by gpg, but + the signature is invalid. Either the file has been modified after + signing, or a previous signature has not been removed. +
    • +
  • NODATA indicates that there is no signed data, i.e. the + configuration or database file is not signed at all. +
    • +
+
+ + Index: branches/samhain-2_2-branch/docs/HOWTO-samhain-on-windows.html =================================================================== --- branches/samhain-2_2-branch/docs/HOWTO-samhain-on-windows.html (revision 66) +++ branches/samhain-2_2-branch/docs/HOWTO-samhain-on-windows.html (revision 66) @@ -0,0 +1,445 @@ + + + +HOWTO Samhain on Windows + + +
+

samhain file integrity + scanner | online + documentation

+
+

Using Samhain on Windows

+
+
+
+

+This document aims to explain how to compile and run +samhain on Windows with the +Cygwin POSIX emulation layer, and how to install it as a service. +These instructions have been written by Kris Dom, +who has tested this on WinXP Professional, with additions by Geries Handal +and Jorge Morgado. +

+
+

Interix / Services For UNIX

+

+Samhain can also be used with Interix/SFU 3.5. Note that in Interix, +the Windows +filesystem is referred as /dev/fs/C, while in Cygwin it +is /cygdrive/c (both refers to the C: drive; other drives +are analogous). +

+Older versions of samhain would need to be built with +./configure --disable-mail (i.e. without support for email +logging) because Interix does not provide some of the required functionality +to build the email module. This issue should be fixed as of samhain +version 2.0.7 (not tested).
+[Based on information kindly provided by Geries Handal]. +

+
+ +

Cygwin installation procedure to compile samhain

+ +

Cygwin download

+ +
    +
  • +Make a temporary directory to store cygwin installer (e.g. c:\temp\cygwin) +
    • +
  • +Surf to http://www.cygwin.com +to download cygwin +
    • +
  • +Use the "install or update now (using setup.exe)" to +download the installer in c:\temp\cygwin +
    • +
  • +Execute "setup.exe" in c:\temp\cygwin +
    • +
  • +Choose the "download from the Internet" option +
    • +
  • +Choose "c:\temp\cygwin" as 'Local Package Directory' +
    • +
  • +Choose an FTP site +
    • +
  • +Click on 'Default' just after 'All' to change the installation type +from 'Default' to 'Install'. This will most likely install way too much +stuff but I am not familiar with Cygwin, so this way I know that all libs and +compilers are installed. +
    • +
  • +Let it download the stuff (there is a lot to download so be patient). +
    • +
+
+

+You don't need to download and install All packages. It is enough to keep +the Default and then add the following additional packages: +

+

+ Category Devel -> gcc: C compiler upgrade helper
+ Category Devel -> make: The GNU version of the 'make' utility
+ Category Libs -> minires: A simple synchronous non caching stub resolver
+

+

+When selecting these packages, Cygwin installer will automatically add +other packages based on their dependencies. +The package minires is only necessary for a minimal Cygwin installation +(below). [Kindly pointed out by Jorge Morgado]. +

+
+ +

Cygwin installation

+ +
    +
  • +When the download is complete you have the Cygwin software in the +temporary directory, however, it still needs to be installed. +
    • +
  • +To install, execute the "setup.exe" in "c:\temp\cygwin" +
    • +
  • +Choose the "Install from local directory" option. +
    • +
  • +Choose "C:\Cygwin" as root directory (this will be the Unix '/') +
    • +
  • +Choose the Local Package Directory: "c:\temp\cygwin" +
    • +
  • +Click on 'Default' just after 'All' to change the installation type +from 'Default' to 'Install'. +
    • +
  • +Let it install Cygwin (this will take some time so be patient). +
    • +
+ +

Samhain install procedure (used 'samhain 1.8.7a' in this procedure)

+

+(in the following procedure I use my personal preferences) +

+ +
    +
  • +Start up Cygwin using the "Cygwin" icon on the desktop (a classic +Unix environment will be started). +
    • +
  • +Download the 'samhain' gzip/tar (I always put in my home directory) +
    • +
  • +Make directories to install samhain (taking into account the configure +options):
    +   $ mkdir /usr/local/sbin
    +   $ mkdir /usr/local/var
    +   $ mkdir /usr/local/log
    +   $ mkdir /usr/local/tmp
    +
    • +
  • Go to the home directory:
    +   $ cd $HOME +
    • +
  • Un-gzip and untar the samhain package:
    +   $ gunzip samhain-1.8.7a.tar.gz
    +   $ tar xvf samhain-1.8.7a.tar
    +
    • +
  • Go to the samhain directory:
    +   $ cd samhain-1.8.7a
    +
    • +
  • Configure:
    +   $ ./configure --enable-xml-log=yes --with-tmp-dir=/usr/local/tmp --with-config-file=/usr/local/etc/samhainrc --with-log-file=/usr/local/log/samhain.log --with-pid-file=/usr/local/var/samhain.pid --with-state-dir=/usr/local/var
    +
    • +
  • Make the binary:
    +   $ make
    +
    • +
  • Install samhain:
    +   $ make install
    +
    • +
  • Now configure the "/usr/local/etc/samhainrc" file.
    +Remember: "C:\" -> "/cygdrive/c/" +
    • +
  • Initialize the samhain local baseline database:
    +   $ /usr/local/sbin/samhain -t init
    +
    • +
  • Start it up:
    +   $ /usr/local/sbin/samhain -t check
    +
    • +
+ + +

Cygwin minimal installation procedure to run samhain

+ +
    +
  • +Files needed to create a service (from NT/W2K Resource Kit): +
      +
    • + instsrv.exe +
      • +
    • + srvany.exe +
      • +
    +
    • +
  • +First copy these files to the "%winnt%\system32" directory. +
    • +
  • +Files needed to run the 'samhain.exe'. Copy the following .dll from the +Cygwin setup (c:\Cygwin\bin) to the "%winnt%\system32" directory: +
      +
    • + cygwin1.dll +
      • +
    • + cygminires.dll +
      • +
    +
    • +
  • +Files needed from c:\Cygwin\bin to create the /etc/passwd and /etc/group files: +
      +
    • + mkpasswd.exe +
      • +
    • + mkgroup.exe +
      • +
    +

    +To generate these files on a minimal Cygwin installation execute - on a +Windows Command Prompt: +

    +   mkdir c:\etc
    +   path\to\mkpasswd.exe -l > c:\etc\passwd
    +   path\to\mkgroup.exe -l > c:\etc\group +

    +IMPORTANT NOTE: You should re-create these two files, each time the +Windows users and groups accounts database changes. Failing to do this +might generate critical log messages (depending on your configuration +file). +

    +
    • +
  • +Create a directory structure for samhain (following the compilation options +you used)
    +   - in a DOS box (or via Windows Explorer)
    +   mkdir c:\usr
    +   mkdir c:\usr\local
    +   mkdir c:\usr\local\sbin
    +   mkdir c:\usr\local\var
    +   mkdir c:\usr\local\tmp
    +   mkdir c:\usr\local\log
    +   mkdir c:\usr\local\etc
    +
    • +
  • +Use the "instsrv.exe" binary to create a new service:
    +   instsrv.exe samhain c:\windows\system32\srvany.exe
    +   (this will create a service called "Samhain" that will +start the "srvany.exe" process). +
    • +
  • Now edit the registry to change the startup parameters for the newly +created service: +
      +
    • regedit
      • +
    • HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Samhain
      • +
    • Add a String value (type: REG_SZ called: "Description") under the 'Samhain' key
      • +
    • Open the newly created "Description" value and fill in a description for the 'Samhain' service
      • +
    • Add a key to specify what file the "srvany.exe" process must start:
      +    Edit->New->Key called "Parameters" +
      • +
    • Under the newly created "Parameters" key, add a new String + value called "Application".
      +    The value for "Application" + should be "c:\usr\local\sbin\samhain.exe".
      • +
    +
    • +
  • +Make sure that in the "samhainrc" file, you have used +"/cygdrive/c" to refer to "c:" +
    • +
  • +Initialize the samhain baseline database first:
    +   c:\usr\local\sbin\samhain -t init
    +
    • +
  • +Reboot (it is Windows so ...) +
    • +
+

+Also see http://support.microsoft.com/kb/q137890/ for information regarding the creation of a +user-defined service. +

+

+Note: the first time I tried to install samhain as an NT service, I first +installed a default Cygwin on the system. This however made things much more +complex. I think when there is no Cygwin installed, it is more easy to install +Samhain as a service. +

+ + +

Troubleshooting samhain

+ +

+[Tip from Jorge Morgado] If you, like me, have a Windows server not part of any domain and (for +security reasons) you even turn off DNS resolution, you might probably get +the following error when initializing the baseline database: +

+
+  ---------   sh_unix.c  ---   1487 ---------
+  According to uname, your nodename is yourcomputername, but your resolver
+  library cannot resolve this nodename to a FQDN.
+  Rather, it resolves this to yourcomputername.
+  For more information, see the entry about self-resolving under
+  'Most frequently' in the FAQ that you will find in the docs/ subdirectory
+  ----------------------------------------------
+
+

+To fix this problem open the Registry Editor and create the following +entries under the key +HKLM\System\CurrentControlSet\Services\Tcpip\Parameters +

+

+ +Name: Domain
+Type: REG_SZ
+Data: your.domain.name + +

+ +Name: NV Domain
+Type: REG_SZ
+Data: your.domain.name + +

+The NV Domain registry value contains the computer's primary DNS suffix +while the Domain registry value contains the computer's primary DNS +domain. This will make the warning message go away. +

+
+ + Index: branches/samhain-2_2-branch/docs/HOWTO-write-modules.html =================================================================== --- branches/samhain-2_2-branch/docs/HOWTO-write-modules.html (revision 66) +++ branches/samhain-2_2-branch/docs/HOWTO-write-modules.html (revision 66) @@ -0,0 +1,770 @@ + + +HOWTO Write Samhain Modules + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Writing modules for samhain

+
+
+
+

+This document should help anyone who is sitting down to write a module +for the samhain host intrusion detection system. We give an overview +of samhain's structure from the point of view of the module author, +and describe some of the samhain utility and interface functions +available. Lastly, we explain how to integrate your module into the +samhain autoconf build tools. +

+

Introduction

+

+Samhain is a rather useful file integrity and host intrusion detection +system. It is written entirely in C, and much care has been given to +making it robust and secure. Additionally, it has been written with +extensibility in mind, and so interfaces for adding user-contributed +modules have been provided. A module author can easily extend the +configuration file syntax and have his checking code run on a regular +basis as one of samhain's internal checks. +

+ +

Prerequisites

+

+You'll need to know how to read and write C. You'll need the latest +source for samhain. You'll need to have read all of samhain's other +documentation. Finally, if you want to make your module build as part +of the samhain tree (you do), you'll need GNU's autoconf package. +

+

An overview of samhain's execution

+

+Here's what happens when samhain starts: +

    +
  • + Check if samhain has been called with one of the "init.d" type + commands - start, stop, reload, status. If so, these are handled + as you might expect. Nice feature. +
    • +
  • + Initialise all global structures and parse command-line options. +
    • +
  • + Read the configuration file. This is handled in sh_readconf_read(). + This includes attempting to download the file if samhain has been + compiled to do so. +
    • +
  • + Drop privileges if server. +
    • +
  • + Test the checksum on the database if client or standalone. +
    • +
  • + Now test if samhain has been compiled as a client or a server. +
      +
    • + If server, enter server main loop sh_receive() in + sh_forward.c. This is simple enough; apart from checks for + signals received, the server just accepts incoming + connections, verifies that they are from an authorised + client, and logs the message received. +
      • +
    • + If client or standalone, we run the rest of main() in + samhain.c, which follows: +
      • +
    +
    • +
  • + Initialise modules - that is, call the mod_init() function on each + module. Note that if the module intialisation routine returns a + nonzero value, you should also have it free anything that's been + allocated by the configuration file reading functions, since this + method is always called after an sh_readconf_read(), i.e. when the + configuration file is re-read after a SIGHUP. +
    • +
  • + Test the setup that's been read from the configuration - for example, + check if any files or directories have been defined twice. +
    • +
  • + Enter the main loop (which runs just once if samhain is not + configured as a daemon). Test if any signals have been received, + and handle them appropriately: +
      +
    • + On reconfiguration (SIGHUP), clear internal file lists etc. + and call the mod_reconf() function on each module. This should + clean up anything internal to the module before the + configuration file is re-read. Then read the configuration + file again and set things up as before, including a new call + to mod_init(). +
      • +
    • + On SIGIOT (SIGABRT), shut down the log-file for a moment + to allow for rotation. +
      • +
    • + On SIGQUIT, terminate. Note that any call to exit() will + invoke the exit_handler() defined in samhain.c; the first + thing this does is to call mod_cleanup() on all modules. + Then it cleans up everything else in samhain and exits. +
      • +
    • + On SIGUSR1 turn toggle debugging on/off. +
      • +
    • + On SIGUSR2 suspend the daemon an notify the server to + allow a second instance of samhain downloading its + configuration file without triggering an alert (restart + without exit) on the server. +
      • +
    +
    • +
  • + If it's time to check files, check directories and then files, and + then flush the mail queue. +
    • +
  • + Execute modules. For each module, if mod_timer(tcurrent) returns a + nonzero value, then execute mod_check(). +
    • +
  • + Do various maintenance operations such as logging a timestamp/sending + some mail if it's time, seeding/re-seeding the PRNG, etc. +
    • +
+You'll note that in the text above I refer to a couple of module +functions - mod_init(), mod_check(), etc. These are function pointers +that act as hooks for attaching modules to samhain. Next we'll +describe how they are used. +

+ +

Samhain's module interface

+

+Here we'll describe the interface samhain provides to module authors. +

+ +

The module list

+

+In sh_modules.h, the following structure is defined: +

+
+
+typedef struct mod_type
+{
+  /* The name of the module                                    */
+  char * name;      
+
+  /* Set by samhain to 1 on successful initialization, else 0  */
+  int    initval; 
+
+  /* The initialization function. Return 0 on success.         */
+  int (* mod_init)    (void);  
+                             
+  /* The timer function. Return 0 if NOT time to check.        */
+  int (* mod_timer)   (unsigned long tcurrent); 
+
+  /* The check function. Return 0 on success.                  */
+  int (* mod_check)   (void); 
+
+  /* The cleanup function. Return 0 on success.                */
+  int (* mod_cleanup) (void);
+
+  /* The preparation for reconfiguration. Return 0 on success. */
+  int (* mod_reconf) (void);
+
+  /* Section header in config file                             */
+  char * conf_section; 
+
+  /* A table of key/handler_function for config file entries   */
+  sh_rconf * conf_table; 
+
+} sh_mtype;
+
+ +

+This is the structure used to hook modules into samhain. There is a +list of these structures (modList), defined in sh_modules.c, +containing pointers to the functions to be used for each module +compiled into samhain. For example, +

+ +
+
+sh_mtype modList[] = {
+#ifdef SH_USE_UTMP
+  {
+    N_("UTMP"),
+    0,
+    sh_utmp_init,
+    sh_utmp_timer,
+    sh_utmp_check,
+    sh_utmp_end,
+    sh_utmp_null,
+
+    N_("[Utmp]"),
+    sh_utmp_table,
+  },
+#endif
+
+

+is the beginning of that table. The author of the sh_utmp module has +initialised the structure with the name of the module (note that N_() +is just a macro used to delimit strings here), a 0 to signify that the +module has not yet been initialised, and then pointers to _init(), +_timer(), _check(), _cleanup() and _reconf() functions for the +module. Finally, the last two structure elements are for configuration +file parsing: the first is the section heading in the configuration +file for this module, and the second is a table of type +

+ +
+
+typedef struct rconf
+{
+  char * the_opt;
+  int (*func)(char * opt);
+} sh_rconf;
+
+ +

+(also defined in sh_modules.h). This structure is for storing options +for this module to be found in the configuration file, as well as the +functions that will be used to parse them when found. In the sh_utmp +example above, we can see that this table has been set to +sh_utmp_table - this is a reference to a list of the Utmp module's +configuration options declared in sh_utmp.h. It should be clear now +that one of the changes you will need to make to samhain's source +files is to include your header file in sh_modules.c and add a modList +entry like the above. +

+ +

+For a description of when during samhain's execution these various +module hooks are called, see the overview above. It would likely be +helpful to you now to read through the source for one of the modules +provided with samhain and see the above actually implemented. You +should also be able to use one of these modules as a template for your +own. +

+ +

The message catalogue

+ +

+Most module authors will want to log messages in their own specified +format; samhain stores all of its message formats in a "messages +catalogue" found in sh_cat.h and sh_cat.c. For example, for the +sh_suidchk module we find the following entries in sh_cat.h, as part +of an enum: +

+ +
+
+#ifdef SH_USE_SUIDCHK
+ MSG_SUID_POLICY,
+ MSG_SUID_FOUND,
+ MSG_SUID_STAT,
+ MSG_SUID_SUMMARY,
+#endif
+
+ +

+Correspondingly in sh_cat.c we find +

+ +
+
+#ifdef SH_USE_SUIDCHK
+  { MSG_SUID_POLICY, SH_ERR_SEVERE,  RUN,   N_("msg=\"POLICY SUIDCHK  %s\" path=\"%s\"") },
+  { MSG_SUID_FOUND,  SH_ERR_INFO,    RUN,   N_("msg=\"Found suid/sgid file\" path=\"%s\"") },
+  { MSG_SUID_STAT,   SH_ERR_ERR,     ERR,   N_("msg=\"stat: %s\" path=\"%s\"") },
+  { MSG_SUID_SUMMARY,SH_ERR_INFO,    RUN,   N_("msg=\"Checked for SUID programs: %ld files, %ld seconds\"") },
+#endif
+
+

+as part of the table msg_cat[] of type cat_entry: +

+
+
+typedef struct foo_cat_entry {
+  unsigned long id;
+  unsigned long priority;
+  unsigned long class;
+  char *        format;
+} cat_entry;
+
+

+The first member of this structure is the message type's ID, as +defined in the enum in sh_cat.h. The second is the default priority of +such messages, defined as in the samhain documentation. The third is +the class of the message, again defined as in the samhain +documentation. Finally we have the message format itself, which is a +printf() style format string. +

+

+This catalogue is used by the logging functions in samhain; you will +need to add your own message types and formats to sh_cat.h and +sh_cat.c. Note that because samhain can be compiled for XML style +logging, you will actually need to make two entries in sh_cat.c for +each message; see the file itself for details. +

+

+Note that there is a generic message format with the ID 'MSG_E_SUBGEN' +and the default priority 'SH_ERR_ERR'. If you are using this message +format, then you can log (a) a string, and (b) the name of the subroutine. +

+

+This completes our description of samhain's module interface. +

+ +

Samhain's utility functions

+

+Here we'll describe the main utility functions available to samhain module +authors. +

+ +

String wrapping macros

+ +

+Constant strings should be wrapped in the _(string) macro. Initialisation +strings that cannot be replaced with a function should be wrapped +in a N_(string) macro, and the variable thus initialized should be +wrapped in a _(var) macro whereever used. This is important for the +'stealth' functionality of samhain. +

+ +

Logging messages

+ +
+#include "sh_error.h"
+
+void sh_error_handle(int severity, char * file, long line, long status,
+                     unsigned long msg_id, ...)
+
+

+This is samhain's logging/reporting function, so the name is a little +misleading - errors are not the only thing we should handle with +this. The first four arguments are simple enough: severity is the +logging severity, defined in the enum ShErrLevel from sh_error.h; file +and line are the current file and line - usually you'll be using FIL__ +and __LINE__ for these; status is not very important - for module +authors it'll do to always pass 0 to this. The final named argument is +msg_id, which should be one of the message IDs defined in sh_cat.h; +these correspond to message format strings in printf() format, which +will be interpolated with the following arguments to form the log +message. +

+

+The '__LINE__' macro is provided by the C preprocessor. The FIL__ macro +should be #defined to '_("sourcefile_name")' (see 'String wrapping macros' +above). +

+Example of use: +

+
+#undef
+#define FIL__ _("sh_mounts.c")
+
+sh_error_handle(ShMountsSevMnt, FIL__, __LINE__, 0, MSG_MNT_MNTMISS,
+                 cfgmnt->path);
+
+

+See cat.c for the definition of MSG_MNT_MNTMISS: +

+
+
+{ MSG_MNT_MNTMISS, SH_ERR_WARN,    RUN,   N_("msg=\"Mount missing\" path=\"%s\"")},
+
+

+So we print this out at severity ShMountsSevMnt, which in this case is +a configured value read from the samhain configuration file (see +sh_mounts.c). If we wanted to print it at the default severity +(SH_ERR_WARN), we could pass -1 as the severity. +

+ +

Checking files for modification

+ +
+#include "sh_files.h"
+
+int  sh_files_pushdir_?? (char * dirName);
+int  sh_files_pushfile_?? (char * fileName);
+
+

+These functions push directories and files onto the stack of those to check +for the specified policy (see the samhain documentation for further +information): + + + + + + + + + +
sh_files_pushdir_user0 pushes the directory at USER0
... _user1USER1
... _attrATTR
... _roREADONLY
... _logLOGFILE
... _glogGROWING LOGFILE
... _noigIGNORE NONE
... _alligIGNORE ALL
+So if you're writing a module that adds particular files to check, like the +sh_userfiles module for example, these are the functions to use. +

+ +

Managing memory

+ +
+#include "sh_mem.h"
+
+#define SH_FREE(a)  ...
+#define SH_ALLOC(a) ...
+
+

+These are the macros to use when you're allocating/freeing memory in +samhain. They do all the error checking/reporting you need, so when +you get memory from SH_ALLOC you can just get to using it right away. +

+ +

Parsing strings

+ +
+#include "sh_utils.h"
+
+char * sh_util_strdup    (const char * str);
+char * sh_util_strsep    (char **str, const char *delim);
+char * sh_util_strconcat (const char * arg1, ...);
+
+int sh_util_flagval(char * c, int * fval);
+int sh_util_isnum (char *str);
+
+#include "slib.h"
+
+int sl_strlcpy (char * dst, const char * src, size_t siz);
+int sl_strlcat (char * dst, const char * src, size_t siz);
+int sl_snprintf(char *str, size_t n, const char *format, ... );
+
+

+These functions are the samhain internal functions for string +handling. The first three act like their C library counterparts, +except using samhain's memory management functions and error +checking. sh_util_flagval converts the passed string into a truth +value - the value is stored in fval as 1 or 0 - and returns 0 +on success, -1 on failure. sh_util_isnum just checks if the passed +string is all numeric. +

+

+The functions sl_strlcpy and sl_strlcat work similar to the C library +strncpy/strncat functions, except that the destination string is always +null terminated, and the third argument must be the full length of the +destination buffer, not the remaining space. On success, the +return value is 0. +

+

+The function sl_snprintf provides either the system snprintf, or a replacement, +if the system has no or a buggy snprintf. +

+ +

Tracing execution

+ +
+#include "slib.h"
+
+#define SL_ENTER(s) ...
+#define SL_RETURN(retval, s) ...
+
+

+These macros are for tracing execution through samhain functions. You +should use SL_ENTER with the name of the function for each function +entered, and SL_RETURN with the return value and the name of the +function for each exit if you want to maintain compatibility with the +rest of samhain. +

+ +

Executing external programs (popen)

+ +
+#include "sh_extern.h"
+
+
+sh_tas_t task;
+/* Prepare task */
+sh_ext_tas_init(&task);
+sh_ext_tas_command(&task, char * command);
+sh_ext_tas_add_argv(&task, char * val);
+sh_ext_tas_add_envv (&task, char * environment_variable, char * value);
+
+int sh_ext_popen(&task);
+int sh_ext_pclose(&task);
+
+

+To prepare a task to run, use 'sh_ext_tas_init' to initialise the task +structure. With 'sh_ext_tas_command' the command (absolute path) is set, +with 'sh_ext_tas_add_argv' command line options are added. Environment +variables can be set with 'sh_ext_tas_add_envv'. +

+

+To open for read, set "task.rw = 'r';", to open for write +use "task.rw = 'w';". +

+

+To run the task with privileges dropped to another UID, set +"task.privileged = 0;" and task.run_user_uid, task.run_user_gid +to the desired UID/GID. +

+

+To verify the checksum of the called executable, set +task.checksum[KEY_LEN+1] to the TIGER192 checksum of the executable. +

+

+After successful execution of sh_ext_popen (return status 0), +task.pipe is the stream opened for read or write, and task.pipeFD +its associated file descriptor. +

+ +

Inserting arbitrary data into the baseline database

+
+
+#include "sh_hash.c"
+
+void sh_hash_push2db (char * key, unsigned long val1, 
+		      unsigned long val2, unsigned long val3,
+		      unsigned char * str, int size);
+
+char * sh_hash_db2pop (char * key, unsigned long * val1, 
+		       unsigned long * val2, unsigned long * val3,
+		       int * size);
+
+

+The baseline database has a fixed record format. To enter data, these need +to be prepared in the required format. To retrieve the data, the +'filepath' is used as key (if your data is not a file, you would provide +a dummy pathname as key). For convenience, the two functions noted below +are provided. +

+

+When checking files, samhain will walk the database to find files that +are in the database, but have been deleted from the disk. If you enter +non-file data, you need to mark it as such by using a key that +starts with a 'K'. +

+
+
+#include "sh_hash.c"
+
+void sh_hash_push2db (char * key, unsigned long val1, 
+		      unsigned long val2, unsigned long val3,
+		      unsigned char * str, int size);
+
+char * sh_hash_db2pop (char * key, unsigned long * val1, 
+		       unsigned long * val2, unsigned long * val3,
+		       int * size);
+
+

+To insert data, use 'sh_hash_push2db'. You can insert up to three long +integers (val1, val2, val3) and/or a binary string of length size +(max. (PATH_MAX-1)/2). As noted +above, you need to supply a key (stored as the 'filepath', which should +start with the character 'K'). To retrieve data, you can use +'sh_hash_db2pop'. The return value is either NULL (if no string was +stored under this key), or the stored string (length returned in 'size'). +

+

+A string to store may consist of any characters, including NULLs, and +need not be NULL terminated. The returned string is +always NULL terminated (the terminating NULL is not included in 'size'), +and should be freed with SH_FREE() if not required anymore. +

+

+If the key is not found in the database, size is set to -1. +

+ +

Incorporating modules into the samhain build

+

+This is a somewhat secondary but important part of writing a module +for samhain: +how to incorporate it into the samhain configuration and build process. +This just involves hacking the autoconf and makefile setup to include your +module. We'll present this file-by-file. +

+

Makefile.in

+

+You need to add a few bits to this file. First, add your header, +source and object filenames to the HEADERS, SOURCES and OBJECTS +variables. Then add your header to the dependencies for sh_modules.o +and ./sh_modules.o. Finally add dependency lines for your module +object file sh_whatever.o and ./sh_whatever.o, modelling them on the +other module object dependency lines. +

+

acconfig.h

+

+The config.h.in will be generated from this file by 'autoheader'. +You just need to add a line like +

+#undef SH_USE_MOUNTS
+
+that will be defined by the ./configure code if the user specifies +the module as enabled. +

+

aclocal.m4

+

+This file is used by 'autoconf' to help generate ./configure. You need to add +your module's ./configure option to the SH_ENABLE_OPTS variable; for example, +to add the option --enable-mounts-check, we added the string 'mounts-check' to +this variable. +

+

configure.ac

+This is the other file used by 'autoconf' to generate ./configure. You need to +add an AC_ARG_ENABLE call to this file, along the lines of those for other +modules. For example, we added +
+AC_ARG_ENABLE(mounts-check,
+        [  --enable-mounts-check        check mount options on filesystems [[no]
+]],
+        [
+        if test "x${enable_mounts_check}" = xyes; then
+                AC_DEFINE(SH_USE_MOUNTS)
+        fi
+        ]
+)
+
+for the sh_mounts module. This causes the #undef from acconfig.h above +to be defined when ./configure is run with the --enable-mounts-check argument. +

+This is all that you need. Once you've done the above, you'll need to +run 'autoheader' and 'autoconfig' to generate config.h.in and the +./configure script. Then your module will build as part of the samhain +source. +

+ +

Conclusion

+

+Armed with the above information, any proficient C programmer should +be able to adapt and extend samhain to do whatever it is they need. We +hope that this document has been reasonably clear, easy to follow and +useful; please feel free to update it for clarity, accuracy and +completeness and resubmit it to the samhain project. +

+

+This document was written by the eircom.net Computer Incident Response Team. +Updated with CSS by Rainer Wichmann. +

+
+ + Index: branches/samhain-2_2-branch/docs/MANUAL-2_2.pdf =================================================================== --- branches/samhain-2_2-branch/docs/MANUAL-2_2.pdf (revision 66) +++ branches/samhain-2_2-branch/docs/MANUAL-2_2.pdf (revision 66) @@ -0,0 +1,38634 @@ +%PDF-1.4 +1 0 obj +<< /S /GoTo /D (1.0) >> +endobj +4 0 obj +(Samhain) +endobj +5 0 obj +<< /S /GoTo /D (2.0) >> +endobj +8 0 obj +(Table of Contents) +endobj +9 0 obj +<< /S /GoTo /D (3.0) >> +endobj +12 0 obj +(Chapter 1. Introduction) +endobj +13 0 obj +<< /S /GoTo /D (4.0) >> +endobj +16 0 obj +(Chapter 2. Compiling and installing) +endobj +17 0 obj +<< /S /GoTo /D (4.1.1) >> +endobj +20 0 obj +(2.1. Overview) +endobj +21 0 obj +<< /S /GoTo /D (4.2.1) >> +endobj +24 0 obj +(2.2. Requirements) +endobj +25 0 obj +<< /S /GoTo /D (4.3.1) >> +endobj +28 0 obj +(2.3. Download and extract) +endobj +29 0 obj +<< /S /GoTo /D (4.4.1) >> +endobj +32 0 obj +(2.4. Configuring the source) +endobj +33 0 obj +<< /S /GoTo /D (4.4.1.2) >> +endobj +36 0 obj +(2.4.1. Some more configuration options) +endobj +37 0 obj +<< /S /GoTo /D (4.5.1) >> +endobj +40 0 obj +(2.5. Build) +endobj +41 0 obj +<< /S /GoTo /D (4.6.1) >> +endobj +44 0 obj +(2.6. Install) +endobj +45 0 obj +<< /S /GoTo /D (4.6.2.2) >> +endobj +48 0 obj +(2.6.1. Important make targets) +endobj +49 0 obj +<< /S /GoTo /D (4.7.1) >> +endobj +52 0 obj +(2.7. Customize) +endobj +53 0 obj +<< /S /GoTo /D (4.8.1) >> +endobj +56 0 obj +(2.8. Initialize the baseline database) +endobj +57 0 obj +<< /S /GoTo /D (4.9.1) >> +endobj +60 0 obj +(2.9. Run samhain) +endobj +61 0 obj +<< /S /GoTo /D (4.10.1) >> +endobj +64 0 obj +(2.10. Files and directory layout) +endobj +65 0 obj +<< /S /GoTo /D (4.10.3.2) >> +endobj +68 0 obj +(2.10.1. Trusted users and trusted paths) +endobj +69 0 obj +<< /S /GoTo /D (4.10.4.2) >> +endobj +72 0 obj +(2.10.2. Directory layout) +endobj +73 0 obj +<< /S /GoTo /D (4.10.5.2) >> +endobj +76 0 obj +(2.10.3. Runtime files) +endobj +77 0 obj +<< /S /GoTo /D (4.10.5.1.3) >> +endobj +80 0 obj +(2.10.3.1. Standalone or client) +endobj +81 0 obj +<< /S /GoTo /D (4.10.5.2.3) >> +endobj +84 0 obj +(2.10.3.2. Server) +endobj +85 0 obj +<< /S /GoTo /D (4.10.6.2) >> +endobj +88 0 obj +(2.10.4. Installed files) +endobj +89 0 obj +<< /S /GoTo /D (4.10.6.3.3) >> +endobj +92 0 obj +(2.10.4.1. Standalone or client) +endobj +93 0 obj +<< /S /GoTo /D (4.10.6.4.3) >> +endobj +96 0 obj +(2.10.4.2. Server) +endobj +97 0 obj +<< /S /GoTo /D (4.11.1) >> +endobj +100 0 obj +(2.11. The testsuite) +endobj +101 0 obj +<< /S /GoTo /D (5.0) >> +endobj +104 0 obj +(Chapter 3. General usage notes) +endobj +105 0 obj +<< /S /GoTo /D (5.12.1) >> +endobj +108 0 obj +(3.1. How to invoke) +endobj +109 0 obj +<< /S /GoTo /D (5.13.1) >> +endobj +112 0 obj +(3.2. Using daemontool \(or similar utilities\)) +endobj +113 0 obj +<< /S /GoTo /D (5.14.1) >> +endobj +116 0 obj +(3.3. Controlling the daemon) +endobj +117 0 obj +<< /S /GoTo /D (5.15.1) >> +endobj +120 0 obj +(3.4. Signals) +endobj +121 0 obj +<< /S /GoTo /D (5.16.1) >> +endobj +124 0 obj +(3.5. PID file) +endobj +125 0 obj +<< /S /GoTo /D (5.17.1) >> +endobj +128 0 obj +(3.6. Log file rotation) +endobj +129 0 obj +<< /S /GoTo /D (5.18.1) >> +endobj +132 0 obj +(3.7. Updating the file signature database) +endobj +133 0 obj +<< /S /GoTo /D (5.19.1) >> +endobj +136 0 obj +(3.8. Improving the signaltonoise ratio) +endobj +137 0 obj +<< /S /GoTo /D (5.20.1) >> +endobj +140 0 obj +(3.9. Runtime options: commandline configuration file) +endobj +141 0 obj +<< /S /GoTo /D (5.21.1) >> +endobj +144 0 obj +(3.10. Support / Bugs / Problems) +endobj +145 0 obj +<< /S /GoTo /D (6.0) >> +endobj +148 0 obj +(Chapter 4. Configuration of logging facilities) +endobj +149 0 obj +<< /S /GoTo /D (6.22.1) >> +endobj +152 0 obj +(4.1. General) +endobj +153 0 obj +<< /S /GoTo /D (6.22.7.2) >> +endobj +156 0 obj +(4.1.1. Severity levels) +endobj +157 0 obj +<< /S /GoTo /D (6.22.8.2) >> +endobj +160 0 obj +(4.1.2. Classes) +endobj +161 0 obj +<< /S /GoTo /D (6.23.1) >> +endobj +164 0 obj +(4.2. Available logging facilities) +endobj +165 0 obj +<< /S /GoTo /D (6.24.1) >> +endobj +168 0 obj +(4.3. Activating logging facilities and filtering messages) +endobj +169 0 obj +<< /S /GoTo /D (6.25.1) >> +endobj +172 0 obj +(4.4. Email) +endobj +173 0 obj +<< /S /GoTo /D (6.25.9.2) >> +endobj +176 0 obj +(4.4.1. Email reports and their integrity) +endobj +177 0 obj +<< /S /GoTo /D (6.26.1) >> +endobj +180 0 obj +(4.5. Log file) +endobj +181 0 obj +<< /S /GoTo /D (6.26.10.2) >> +endobj +184 0 obj +(4.5.1. The log file and its integrity) +endobj +185 0 obj +<< /S /GoTo /D (6.27.1) >> +endobj +188 0 obj +(4.6. Log server) +endobj +189 0 obj +<< /S /GoTo /D (6.27.11.2) >> +endobj +192 0 obj +(4.6.1. Details) +endobj +193 0 obj +<< /S /GoTo /D (6.28.1) >> +endobj +196 0 obj +(4.7. External facilities) +endobj +197 0 obj +<< /S /GoTo /D (6.29.1) >> +endobj +200 0 obj +(4.8. Console) +endobj +201 0 obj +<< /S /GoTo /D (6.30.1) >> +endobj +204 0 obj +(4.9. Prelude) +endobj +205 0 obj +<< /S /GoTo /D (6.30.12.2) >> +endobj +208 0 obj +(4.9.1. Preludespecific commandline options) +endobj +209 0 obj +<< /S /GoTo /D (6.30.13.2) >> +endobj +212 0 obj +(4.9.2. Registering to a Prelude 0.9 manager) +endobj +213 0 obj +<< /S /GoTo /D (6.30.14.2) >> +endobj +216 0 obj +(4.9.3. Registering to a Prelude 0.8 manager) +endobj +217 0 obj +<< /S /GoTo /D (6.31.1) >> +endobj +220 0 obj +(4.10. Using samhain with nagios) +endobj +221 0 obj +<< /S /GoTo /D (6.32.1) >> +endobj +224 0 obj +(4.11. Syslog) +endobj +225 0 obj +<< /S /GoTo /D (6.33.1) >> +endobj +228 0 obj +(4.12. SQL Database) +endobj +229 0 obj +<< /S /GoTo /D (6.33.15.2) >> +endobj +232 0 obj +(4.12.1. MySQL configuration details) +endobj +233 0 obj +<< /S /GoTo /D (7.0) >> +endobj +236 0 obj +(Chapter 5. Configuration samhain, the file monitor) +endobj +237 0 obj +<< /S /GoTo /D (7.34.1) >> +endobj +240 0 obj +(5.1. Usage overview) +endobj +241 0 obj +<< /S /GoTo /D (7.35.1) >> +endobj +244 0 obj +(5.2. Available checksum functions) +endobj +245 0 obj +<< /S /GoTo /D (7.36.1) >> +endobj +248 0 obj +(5.3. File signatures) +endobj +249 0 obj +<< /S /GoTo /D (7.37.1) >> +endobj +252 0 obj +(5.4. Defining which files/directories to monitor) +endobj +253 0 obj +<< /S /GoTo /D (7.37.16.2) >> +endobj +256 0 obj +(5.4.1. Monitoring policies) +endobj +257 0 obj +<< /S /GoTo /D (7.37.17.2) >> +endobj +260 0 obj +(5.4.2. File/directory specification) +endobj +261 0 obj +<< /S /GoTo /D (7.37.17.5.3) >> +endobj +264 0 obj +(5.4.2.1. Rules) +endobj +265 0 obj +<< /S /GoTo /D (7.37.18.2) >> +endobj +268 0 obj +(5.4.3. Suppress messages about new/deleted files) +endobj +269 0 obj +<< /S /GoTo /D (7.37.19.2) >> +endobj +272 0 obj +(5.4.4. Dynamic database update \(modified/disappeared/new files\)) +endobj +273 0 obj +<< /S /GoTo /D (7.37.20.2) >> +endobj +276 0 obj +(5.4.5. Recursion depth\(s\)) +endobj +277 0 obj +<< /S /GoTo /D (7.37.21.2) >> +endobj +280 0 obj +(5.4.6. Hardlink check) +endobj +281 0 obj +<< /S /GoTo /D (7.37.21.6.3) >> +endobj +284 0 obj +(5.4.6.1. Specify exceptions for the hardlink check) +endobj +285 0 obj +<< /S /GoTo /D (7.37.22.2) >> +endobj +288 0 obj +(5.4.7. Check for weird filenames) +endobj +289 0 obj +<< /S /GoTo /D (7.37.23.2) >> +endobj +292 0 obj +(5.4.8. Support for prelink) +endobj +293 0 obj +<< /S /GoTo /D (7.37.24.2) >> +endobj +296 0 obj +(5.4.9. Codes in messages about reported files) +endobj +297 0 obj +<< /S /GoTo /D (7.38.1) >> +endobj +300 0 obj +(5.5. Excluding files and/or subdirectories \(All except \)) +endobj +301 0 obj +<< /S /GoTo /D (7.39.1) >> +endobj +304 0 obj +(5.6. Timing file checks) +endobj +305 0 obj +<< /S /GoTo /D (7.39.25.2) >> +endobj +308 0 obj +(5.6.1. Using a second schedule) +endobj +309 0 obj +<< /S /GoTo /D (7.40.1) >> +endobj +312 0 obj +(5.7. Initializing, updating, or checking) +endobj +313 0 obj +<< /S /GoTo /D (7.41.1) >> +endobj +316 0 obj +(5.8. The file signature database) +endobj +317 0 obj +<< /S /GoTo /D (7.42.1) >> +endobj +320 0 obj +(5.9. Checking the file system for SUID/SGID binaries) +endobj +321 0 obj +<< /S /GoTo /D (7.42.26.2) >> +endobj +324 0 obj +(5.9.1. Quarantine SUID/SGID files) +endobj +325 0 obj +<< /S /GoTo /D (7.42.27.2) >> +endobj +328 0 obj +(5.9.2. Configuration) +endobj +329 0 obj +<< /S /GoTo /D (7.43.1) >> +endobj +332 0 obj +(5.10. Detecting Kernel rootkits) +endobj +333 0 obj +<< /S /GoTo /D (7.43.28.2) >> +endobj +336 0 obj +(5.10.1. Configuration) +endobj +337 0 obj +<< /S /GoTo /D (7.43.29.2) >> +endobj +340 0 obj +(5.10.2. What is a kernel rootkit ?) +endobj +341 0 obj +<< /S /GoTo /D (7.43.30.2) >> +endobj +344 0 obj +(5.10.3. Implemented integrity checks) +endobj +345 0 obj +<< /S /GoTo /D (7.43.31.2) >> +endobj +348 0 obj +(5.10.4. Error messages) +endobj +349 0 obj +<< /S /GoTo /D (7.44.1) >> +endobj +352 0 obj +(5.11. Monitoring login/logout events) +endobj +353 0 obj +<< /S /GoTo /D (7.45.1) >> +endobj +356 0 obj +(5.12. Checking mounted filesystem policies) +endobj +357 0 obj +<< /S /GoTo /D (7.46.1) >> +endobj +360 0 obj +(5.13. Checking sensitive files owned by users) +endobj +361 0 obj +<< /S /GoTo /D (7.47.1) >> +endobj +364 0 obj +(5.14. Modules) +endobj +365 0 obj +<< /S /GoTo /D (7.48.1) >> +endobj +368 0 obj +(5.15. Performance tuning) +endobj +369 0 obj +<< /S /GoTo /D (8.0) >> +endobj +372 0 obj +(Chapter 6. yule, the log server) +endobj +373 0 obj +<< /S /GoTo /D (8.49.1) >> +endobj +376 0 obj +(6.1. General) +endobj +377 0 obj +<< /S /GoTo /D (8.50.1) >> +endobj +380 0 obj +(6.2. Important installation notes) +endobj +381 0 obj +<< /S /GoTo /D (8.51.1) >> +endobj +384 0 obj +(6.3. Registering a client) +endobj +385 0 obj +<< /S /GoTo /D (8.52.1) >> +endobj +388 0 obj +(6.4. Enabling logging to the server) +endobj +389 0 obj +<< /S /GoTo /D (8.53.1) >> +endobj +392 0 obj +(6.5. Enabling baseline database / configuration file download from the server) +endobj +393 0 obj +<< /S /GoTo /D (8.53.32.2) >> +endobj +396 0 obj +(6.5.1. Configuration file) +endobj +397 0 obj +<< /S /GoTo /D (8.53.33.2) >> +endobj +400 0 obj +(6.5.2. Database file) +endobj +401 0 obj +<< /S /GoTo /D (8.54.1) >> +endobj +404 0 obj +(6.6. Rules for logging of client messages) +endobj +405 0 obj +<< /S /GoTo /D (8.55.1) >> +endobj +408 0 obj +(6.7. Detecting 'dead' clients) +endobj +409 0 obj +<< /S /GoTo /D (8.56.1) >> +endobj +412 0 obj +(6.8. The HTML server status page) +endobj +413 0 obj +<< /S /GoTo /D (8.57.1) >> +endobj +416 0 obj +(6.9. Chroot) +endobj +417 0 obj +<< /S /GoTo /D (8.58.1) >> +endobj +420 0 obj +(6.10. Restrict access with libwrap \(tcp wrappers\)) +endobj +421 0 obj +<< /S /GoTo /D (8.59.1) >> +endobj +424 0 obj +(6.11. Sending commands to clients) +endobj +425 0 obj +<< /S /GoTo /D (8.59.34.2) >> +endobj +428 0 obj +(6.11.1. Communicating with the server) +endobj +429 0 obj +<< /S /GoTo /D (8.59.35.2) >> +endobj +432 0 obj +(6.11.2. Authenticating to the server) +endobj +433 0 obj +<< /S /GoTo /D (8.60.1) >> +endobj +436 0 obj +(6.12. Syslog logging) +endobj +437 0 obj +<< /S /GoTo /D (8.61.1) >> +endobj +440 0 obj +(6.13. Servertoserver relay) +endobj +441 0 obj +<< /S /GoTo /D (8.62.1) >> +endobj +444 0 obj +(6.14. Performance tuning) +endobj +445 0 obj +<< /S /GoTo /D (9.0) >> +endobj +448 0 obj +(Chapter 7. Hooks for External Programs) +endobj +449 0 obj +<< /S /GoTo /D (9.63.1) >> +endobj +452 0 obj +(7.1. Pipes) +endobj +453 0 obj +<< /S /GoTo /D (9.64.1) >> +endobj +456 0 obj +(7.2. System V message queue) +endobj +457 0 obj +<< /S /GoTo /D (9.65.1) >> +endobj +460 0 obj +(7.3. Calling external programs) +endobj +461 0 obj +<< /S /GoTo /D (9.65.36.2) >> +endobj +464 0 obj +(7.3.1. Example setup for paging) +endobj +465 0 obj +<< /S /GoTo /D (10.0) >> +endobj +468 0 obj +(Chapter 8. Additional Features Signed Configuration/Database Files) +endobj +469 0 obj +<< /S /GoTo /D (10.66.1) >> +endobj +472 0 obj +(8.1. The samhainadmin script) +endobj +473 0 obj +<< /S /GoTo /D (11.0) >> +endobj +476 0 obj +(Chapter 9. Additional Features Stealth) +endobj +477 0 obj +<< /S /GoTo /D (11.67.1) >> +endobj +480 0 obj +(9.1. Hiding the executable) +endobj +481 0 obj +<< /S /GoTo /D (11.67.37.2) >> +endobj +484 0 obj +(9.1.1. Using kernel modules to hide samhain \(Linux/ix86 only\)) +endobj +485 0 obj +<< /S /GoTo /D (11.68.1) >> +endobj +488 0 obj +(9.2. Packing the executable) +endobj +489 0 obj +<< /S /GoTo /D (12.0) >> +endobj +492 0 obj +(Chapter 10. Deployment to remote hosts) +endobj +493 0 obj +<< /S /GoTo /D (12.69.1) >> +endobj +496 0 obj +(10.1. Method A: The deployment system) +endobj +497 0 obj +<< /S /GoTo /D (12.69.38.2) >> +endobj +500 0 obj +(10.1.1. Requirements) +endobj +501 0 obj +<< /S /GoTo /D (12.69.39.2) >> +endobj +504 0 obj +(10.1.2. Layout of the deployment system) +endobj +505 0 obj +<< /S /GoTo /D (12.69.39.7.3) >> +endobj +508 0 obj +(10.1.2.1. The configs subdirectory) +endobj +509 0 obj +<< /S /GoTo /D (12.69.39.8.3) >> +endobj +512 0 obj +(10.1.2.2. The archpkg subdirectory) +endobj +513 0 obj +<< /S /GoTo /D (12.69.40.2) >> +endobj +516 0 obj +(10.1.3. Customizing the system) +endobj +517 0 obj +<< /S /GoTo /D (12.69.40.9.3) >> +endobj +520 0 obj +(10.1.3.1. Setting default options) +endobj +521 0 obj +<< /S /GoTo /D (12.69.40.10.3) >> +endobj +524 0 obj +(10.1.3.2. Adding support for an architecture) +endobj +525 0 obj +<< /S /GoTo /D (12.69.40.11.3) >> +endobj +528 0 obj +(10.1.3.3. Perarchitecture pre/postinstallation scripts) +endobj +529 0 obj +<< /S /GoTo /D (12.69.40.12.3) >> +endobj +532 0 obj +(10.1.3.4. Perhost runtime configuration) +endobj +533 0 obj +<< /S /GoTo /D (12.69.41.2) >> +endobj +536 0 obj +(10.1.4. Using the deploy.sh script) +endobj +537 0 obj +<< /S /GoTo /D (12.69.41.13.3) >> +endobj +540 0 obj +(10.1.4.1. General options) +endobj +541 0 obj +<< /S /GoTo /D (12.69.42.2) >> +endobj +544 0 obj +(10.1.5. deploy.sh info) +endobj +545 0 obj +<< /S /GoTo /D (12.69.42.14.3) >> +endobj +548 0 obj +(10.1.5.1. Specific options) +endobj +549 0 obj +<< /S /GoTo /D (12.69.43.2) >> +endobj +552 0 obj +(10.1.6. deploy.sh clean) +endobj +553 0 obj +<< /S /GoTo /D (12.69.43.15.3) >> +endobj +556 0 obj +(10.1.6.1. Specific options) +endobj +557 0 obj +<< /S /GoTo /D (12.69.44.2) >> +endobj +560 0 obj +(10.1.7. deploy.sh download) +endobj +561 0 obj +<< /S /GoTo /D (12.69.44.16.3) >> +endobj +564 0 obj +(10.1.7.1. Specific options) +endobj +565 0 obj +<< /S /GoTo /D (12.69.45.2) >> +endobj +568 0 obj +(10.1.8. deploy.sh checksrc) +endobj +569 0 obj +<< /S /GoTo /D (12.69.45.17.3) >> +endobj +572 0 obj +(10.1.8.1. Specific options) +endobj +573 0 obj +<< /S /GoTo /D (12.69.46.2) >> +endobj +576 0 obj +(10.1.9. deploy.sh build) +endobj +577 0 obj +<< /S /GoTo /D (12.69.46.18.3) >> +endobj +580 0 obj +(10.1.9.1. Specific options) +endobj +581 0 obj +<< /S /GoTo /D (12.69.47.2) >> +endobj +584 0 obj +(10.1.10. deploy.sh install) +endobj +585 0 obj +<< /S /GoTo /D (12.69.47.19.3) >> +endobj +588 0 obj +(10.1.10.1. Specific options) +endobj +589 0 obj +<< /S /GoTo /D (12.69.48.2) >> +endobj +592 0 obj +(10.1.11. deploy.sh uninstall) +endobj +593 0 obj +<< /S /GoTo /D (12.69.48.20.3) >> +endobj +596 0 obj +(10.1.11.1. Specific options) +endobj +597 0 obj +<< /S /GoTo /D (12.69.49.2) >> +endobj +600 0 obj +(10.1.12. Usage notes) +endobj +601 0 obj +<< /S /GoTo /D (12.70.1) >> +endobj +604 0 obj +(10.2. Method B: The native package manager) +endobj +605 0 obj +<< /S /GoTo /D (12.70.50.2) >> +endobj +608 0 obj +(10.2.1. Building an RPM) +endobj +609 0 obj +<< /S /GoTo /D (12.70.50.21.3) >> +endobj +612 0 obj +(10.2.1.1. Custom RPM) +endobj +613 0 obj +<< /S /GoTo /D (12.70.50.22.3) >> +endobj +616 0 obj +(10.2.1.2. Singlehost) +endobj +617 0 obj +<< /S /GoTo /D (12.70.51.2) >> +endobj +620 0 obj +(10.2.2. Building an HPUX package) +endobj +621 0 obj +<< /S /GoTo /D (12.70.52.2) >> +endobj +624 0 obj +(10.2.3. Building a Solaris package) +endobj +625 0 obj +<< /S /GoTo /D (12.70.53.2) >> +endobj +628 0 obj +(10.2.4. Building a Gentoo Linux package) +endobj +629 0 obj +<< /S /GoTo /D (12.70.54.2) >> +endobj +632 0 obj +(10.2.5. Building a Debian package) +endobj +633 0 obj +<< /S /GoTo /D (13.0) >> +endobj +636 0 obj +(Chapter 11. Security Design) +endobj +637 0 obj +<< /S /GoTo /D (13.71.1) >> +endobj +640 0 obj +(11.1. Usage) +endobj +641 0 obj +<< /S /GoTo /D (13.72.1) >> +endobj +644 0 obj +(11.2. Integrity of the executable) +endobj +645 0 obj +<< /S /GoTo /D (13.73.1) >> +endobj +648 0 obj +(11.3. Client executable integrity) +endobj +649 0 obj +<< /S /GoTo /D (13.74.1) >> +endobj +652 0 obj +(11.4. The server) +endobj +653 0 obj +<< /S /GoTo /D (13.75.1) >> +endobj +656 0 obj +(11.5. General) +endobj +657 0 obj +<< /S /GoTo /D (14.0) >> +endobj +660 0 obj +(Appendix A. List of options for the ./configure script) +endobj +661 0 obj +<< /S /GoTo /D (14.76.1) >> +endobj +664 0 obj +(A.1. General) +endobj +665 0 obj +<< /S /GoTo /D (14.77.1) >> +endobj +668 0 obj +(A.2. Optional modules to perfor additional checks) +endobj +669 0 obj +<< /S /GoTo /D (14.78.1) >> +endobj +672 0 obj +(A.3. OpenPGP Signatures on Configuration/Database Files) +endobj +673 0 obj +<< /S /GoTo /D (14.79.1) >> +endobj +676 0 obj +(A.4. Client/Server Connectivity) +endobj +677 0 obj +<< /S /GoTo /D (14.80.1) >> +endobj +680 0 obj +(A.5. Paths) +endobj +681 0 obj +<< /S /GoTo /D (15.0) >> +endobj +684 0 obj +(Appendix B. List of command line options) +endobj +685 0 obj +<< /S /GoTo /D (15.81.1) >> +endobj +688 0 obj +(B.1. General) +endobj +689 0 obj +<< /S /GoTo /D (15.82.1) >> +endobj +692 0 obj +(B.2. samhain) +endobj +693 0 obj +<< /S /GoTo /D (15.83.1) >> +endobj +696 0 obj +(B.3. yule) +endobj +697 0 obj +<< /S /GoTo /D (16.0) >> +endobj +700 0 obj +(Appendix C. List of configuration file options) +endobj +701 0 obj +<< /S /GoTo /D (16.84.1) >> +endobj +704 0 obj +(C.1. General) +endobj +705 0 obj +<< /S /GoTo /D (16.84.55.2) >> +endobj +708 0 obj +(C.1.1. Conditionals) +endobj +709 0 obj +<< /S /GoTo /D (16.85.1) >> +endobj +712 0 obj +(C.2. Files to check) +endobj +713 0 obj +<< /S /GoTo /D (16.86.1) >> +endobj +716 0 obj +(C.3. Severity of events) +endobj +717 0 obj +<< /S /GoTo /D (16.87.1) >> +endobj +720 0 obj +(C.4. Logging thresholds) +endobj +721 0 obj +<< /S /GoTo /D (16.88.1) >> +endobj +724 0 obj +(C.5. Watching login/logout events) +endobj +725 0 obj +<< /S /GoTo /D (16.89.1) >> +endobj +728 0 obj +(C.6. Checking for kernel module rootkits) +endobj +729 0 obj +<< /S /GoTo /D (16.90.1) >> +endobj +732 0 obj +(C.7. Checking for SUID/SGID files) +endobj +733 0 obj +<< /S /GoTo /D (16.91.1) >> +endobj +736 0 obj +(C.8. Checking for mount options) +endobj +737 0 obj +<< /S /GoTo /D (16.92.1) >> +endobj +740 0 obj +(C.9. Checking for user files) +endobj +741 0 obj +<< /S /GoTo /D (16.93.1) >> +endobj +744 0 obj +(C.10. Database) +endobj +745 0 obj +<< /S /GoTo /D (16.94.1) >> +endobj +748 0 obj +(C.11. Miscellaneous) +endobj +749 0 obj +<< /S /GoTo /D (16.95.1) >> +endobj +752 0 obj +(C.12. External) +endobj +753 0 obj +<< /S /GoTo /D (16.96.1) >> +endobj +756 0 obj +(C.13. Clients) +endobj +757 0 obj +<< /S /GoTo /D (17.0) >> +endobj +760 0 obj +(Appendix D. List of database fields) +endobj +761 0 obj +<< /S /GoTo /D (17.97.1) >> +endobj +764 0 obj +(D.1. General) +endobj +765 0 obj +<< /S /GoTo /D (17.98.1) >> +endobj +768 0 obj +(D.2. Modules) +endobj +769 0 obj +<< /S /GoTo /D (17.99.1) >> +endobj +772 0 obj +(D.3. Syslog) +endobj +773 0 obj +<< /S /GoTo /D [774 0 R /Fit ] >> +endobj +776 0 obj << +/Length 125 +/Filter /FlateDecode +>> +stream +xڍŽ±Â@ +C÷û +04\Ò\s·"+ÙC‚2”ÿÉP!äÁ–že™‘C +c²>LÉPpSÆ#È!ñÒPmTj‹üvE˜zA÷5°õŽÙ +C”¬Áï”ê °œIDà·óê4ÎÓø|­/~L;ÿì-wŽReûûÍX)Zendstream +endobj +774 0 obj << +/Type /Page +/Contents 776 0 R +/Resources 775 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 782 0 R +>> endobj +777 0 obj << +/D [774 0 R /XYZ 71.731 729.265 null] +>> endobj +778 0 obj << +/D [774 0 R /XYZ 71.731 718.306 null] +>> endobj +779 0 obj << +/D [774 0 R /XYZ 71.731 718.306 null] +>> endobj +2 0 obj << +/D [774 0 R /XYZ 348.187 700.222 null] +>> endobj +775 0 obj << +/Font << /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +785 0 obj << +/Length 630 +/Filter /FlateDecode +>> +stream +xÚ­TßoÓ0~ï_‘ÇDZ\ۉãdolÐ h¢ +b<ž‰ÓX4våž+ûïqj»?Ò@ JõÅw÷¿»ÏFŽ?Qhf\\šî'0ZYÏÍùˆ<¯)+kÿƙŒ@†£ôàj1™Î0Š*PYŽh5` ²<Í×xÎúŽ ™|[Œ³±ô +£aPŒ»V›ÁøI‹Ug’?`‚œ +!Ä©ý+Üç'‹Çµµó*ŸOr‹ºë™<Ö  ¢Ÿ¶%;É-ל¡€ƒƒ[WšIÃ÷a”[kž€ ñ +ÛjÄ`ŽX&Æ[ÃÝ +“ÍTig÷ª퓇éz£êmϥ玕 +×!Äc{.¬Ú£Ï‘©dpE@Y––ÔHææ㝠+%„Ä:ÉhÌ=Þk_‘™Õ÷¢ærà¿4! +0=ÏÏ B(æúØ)И¥9,@^~rhŸè3™ {þkfÏÇqûm³]®ÅÐ +Ž/ŸžõcŠ“¹jÍn +ÓÁ7‚)ÛÅr;a:gI?Œ·rTÅc‚‰Í,4Îë1kž8ži%Mz­FhXçX$Æ|ÜùaB’ +øyö«¿¿˜ +öí;WüÛf;ñ­ómPK3^Wì™_Ԉ•¥Å–¶A +³ÕªÿÇq +y?ŠA!W8á;wŸ”¶sK÷acžÓ + +JÏŽ÷ ìŒÙ\N§»ÝnŒ«  +Z`%‰Êxeœþ  +µwúŽŽºü[&Ag5ð&©NÇÞoÖ>ïvÍjoŠ +{+Âë‘eЧ_©Á +`?Œr+Äö"Š(ƒÔ;îæ¯öJšŒY +Þeÿäæ%(ýãWý'£FŠ‹endstream +endobj +784 0 obj << +/Type /Page +/Contents 785 0 R +/Resources 783 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 782 0 R +>> endobj +786 0 obj << +/D [784 0 R /XYZ 71.731 729.265 null] +>> endobj +783 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +793 0 obj << +/Length 48649 +/Filter /FlateDecode +>> +stream +xڔÝM“dWzeç9F2`PÑáñ +š‰ÕjŠ2™©]=5HV%QiÊÊ€€[Ý¿^7òž}Â÷‰žË¬¬bÝޏ#£ˆàïr?ýpœý¿Ó§«ÇÛíÜ<_Ý<Üÿðç¿ýÝõ?oÿÉ?üÝi}ýòæE<Ýn¿'z×ÛäÁ¯ÖËÿï§Ó齿Œ«·¯ãáêöúÝ×ñŽº?{AíÁõéêñùFªû³Ô +|_}>]Ý<Ý:u<Ëê2x Þ^=>Zuö‚ÚƒêÃöGwRݟœ öàºýî梁?{AíÁw՛ëíÇpçÔ<‹ê:x n?†íÏBNݟœ öàºýn +¥º?{AíÁuû1œ¬º?{AíÁ÷ÕÓöcž~rêx–Õeð@œœzx~–êþìµÔí?|²êþìµÔ§«û +üýÑ +fÍœOn¿ÑŸ +Ýo8y–Ñeð@Ý~Vݟœ öàúòÞHuö‚ÚƒêöSž»•êþìµßWo·íTdz¬.ƒêöcž¹“êþìµÔí?<ÉßpƳÔ +\]?Zuö‚ÚƒêÓÕœý³ðxö‚Úƒï«÷ۏá^þ†3žeuXuö‚ÚƒêöSž¿•êþìµÔíÇpw'ÕýÙ +jŸ¯ž¶íTdz¬.ƒêöcž¹—êþìµÔíÇpzêþìµÔíÇpmÕýÙ +jŸ¯Þ\_=>»ßàò,«Ëàz{µýî ÕýÙ +j +š÷WVݟœ öàútuóð,ÕýÙ +jŸ¯Þn?ù_ŠýQ6{î€Ü~òÿV÷G/5w@n?€»“4÷g/ =x n?€[ù»Íxö‚Úƒï«wۏàFªãYV—Áuû)œäïqãÙ +j +šÛAþcˆ<{AíÁõéêôlÕýÙ +jŸ¯Þ__=<Éÿ»ϲº + +š·W'û'ˆñìµÔû«‡«îÏ^P{ð@Ý~ +÷ò÷žñìµßW¶ÝüÝf<Ëê2x n?†[«îÏ^P{ð@Ý~ +7ò÷žñìµÔíÇ ÿ„ž?zÁ¬¹÷ÉÇíg ¿Ùe²çÈípmÍýÙ +h +š÷W÷òì$Ï^P{ð@}ºº~²êþìµßWŸ®¯îåÙIžeu¹ßæò,«Ëàzsõ$ÏNòìµÔû«Û«îÏ^P{ð@Ý~ +÷ò·¹ñìµßWﶃ<;ɳ¬.ƒêöcžµêþìµÔíÇ ÿÔŽ?zÁ¬¹rûȳ“<{íÁ÷Õûígp’êx–Õeð@Ý~òì$Ï^P{ð@œ¿º‘g'yö‚ÚƒêãÕã“U÷g/š=øŸúp}u#ÏNò,«Ëàzsõ(ÏNòìµÔíÇpoÕýÙ +j +šÛAžäÙ +jŸ¯>ŸMò7œñ,«Ëàºýn¬º?{AíÁuû1ȳ“<{AíÁuû1ȳ“<{AíÁ÷է뫓 +&ò,«Ëàzsõ`Ñï^0k¿:Éã“<{íÁõñêáѪû³Ô +|_}Þ~òø$ϲº + +šÛOA +ŸäÙ +j +šÛáΪû³Ô +ɳÔ +|Wœ¿Þ~ +ò +í<‹ê:x n?†“U÷g/š=x n?y|’g/š=x >^ÝËΔg/š=øŸzºŸº–ÁDžeumžýQo¯ùöîæBlŸýÍK±±ùxæå݌Øü_ÿöoŸ>úòóþo?|ùËþ/>}ùõۇϟ?ýtúqûÏÞäDwÛïíO?œ¡oï®~_»&xѳk:{ÑÇ]ÓÛ]ª=È]“Qg×Dê2È]“RÓ5¡ÚƒÜ5)5]ª=È]“RÓ5¡ÚƒÜ5uvM€.ƒÜ5)5]ª=ˆ]“BGׄfÍq×€ÌtMˆö wMF]©Ë wMJMׄjr×€ÔtMšö wMJMׄjr×dÔÙ5‘º +r×€ÔtMšö wMJMׄjr×€ÔtMšö wMF]©Ë wMJMׄjr×€ÔtMšö wMJMׄjr×dÔÙ5‘º +R׀̜kBñ| +»&Ž® Śã®I™éšíAúÚ5ºr×€ÔtMšö wMJMׄjr×€ÔtMšö wMF]©Ë wMJMׄjr×€ÔtMšö wMJMׄjr×dÔÙ5‘º +r×€ÔtMšö wMJMׄjr×€ÔtMšö vMM×DfÏa×€ÈÑ5!YsÜ5)3]¢=È]“RÓ5¡ÚƒÜ5uvM€.ƒÜ5)5]ª=È]“RÓ5¡ÚƒÜ5)5]ª=È]“Qg×Dê2È]“RÓ5¡ÚƒÜ5)5]ª=È]“RÓ5¡ÚƒÜ5uvM€.ƒÜ5)5]ª=È]“RÓ5¡ÚƒØ5)ttMhÖ +vM†L×DdÏq×€ÌtMˆö wMJMׄjr×€ÔtMšö wMF]©Ë wMJMׄjr×€ÔtMšö wMJMׄjr×dÔÙ5‘º +r×€ÔtMšö wMJMׄjr×€ÔtMšö wMB}íš@]¹kRjº&T{»&¥ŠkBµ±kRèèšÐ¬99»&B—Aš® Õ +ä®I©éšPíAš® Õ +ä®Éš³k"uä®I©éšPíAš® Õ +ä®I©éšPíA:»&R—Aš® Õ +ä®I©éšPíAš® Õ +ä®Éš³k"uä®I©éšPíAìš:º&4kŽ»&eŠkBŽ¹k2êìšH]¹kRjº&T{»&¥ŠkBµ¹kRjº&T{»&£Î®‰Ôe»&¥ŠkBµ¹kRjº&T{»&¥ŠkBµ¹k2êìšH]¹kRjº&T{»&¥ŠkBµ¹kRjº&T{»&£Î®‰Ôe»& +Ž® ͚ã®I™éšíAš® Õ +ä®Éš³k"uä®I©éšPíAš® Õ +ä®I©éšPíAúÚ5ºr×€ÔtMšö wMJMׄjr×€ÔtMšö wMF]©Ë wMJMׄjr×DEŽéšð +Œ®é<#:Ꚏ_ÇnÇßÃ~DóîöêîûŸ?·¿(¿ÛþÀæ—z>žuMã¡<³wMùÍÿóß:Ýÿøñ—ÿôñ§›ûÿÛÛ/ +|ÞþÂûôÙðNÄôpw1Ío„W8¿ +ðì +àÛ߈jò·*5߈jò·*5߈jò·u~ ©Ë  Róm€šö  Róm€šö ~ BÇ·¢Ysüm€ÆœßHè2ÈßšÔ| ª=ÈßšÔ| ª=ÈßšÔ| ª=ÈßhÔùm€€.ƒüm€JÍ·¢Úƒüm€JM5‹jr5«ÔT³šö W³FÕ,©Ë W³JM5‹jr5«ÔT³šö W³JM5‹jr5kÔY͒º +r5«ÔT³šö V³ + +Õ,š5ÇÕ¬2SÍ"ڃ\ÍuV³€.ƒ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬Qg5Kê2ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\ÍuV³€.ƒ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬Qg5Kê2HÕ¬2÷jÅó1¬f8ªYkŽ«YeŠšEŽ¹šêk5 +ê:ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\ÍuV³€.ƒ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬Qg5Kê2ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬RS͢ڃXÍ4Õ,™=‡Õ¬"G5‹dÍq5«ÌT³ˆö W³JM5‹jr5kÔY͒º +r5«ÔT³šö W³JM5‹jr5«ÔT³šö W³FÕ,©Ë W³JM5‹jr5«ÔT³šö W³JM5‹jr5kÔY͒º +r5«ÔT³šö W³JM5‹jb5«ÐQÍ¢YsXÍ2Õ,‘=ÇÕ¬2SÍ"ڃ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\ÍuV³€.ƒ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬Qg5Kê2ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\Í +õµšu +äjV©©fQíA®f•šjÕ +ÄjV¡£šE³æžš5æ¬f ]¹šUjªYT{«Y¥ŠšEµ¹šUjªYT{«Y£Îj–Ôe«Y¥ŠšEµ¹šUjªYT{«Y¥ŠšEµ¹š5ê¬fI]¹šUjªYT{«Y¥ŠšEµ¹šUjªYT{«Y£Îj–Ôe«Y¥ŠšEµ±šUèšfѬ9®f•™jÑ +äjÖš³š%uäjV©©fQíA®f•šjÕ +äjV©©fQíA®f:«YR—A®f•šjÕ +äjV©©fQíA®f•šjÕ +äjÖš³š%uäjV©©fQíA®f•šjÕ +äjV©©fQíA®f:«YR—A¬f:ªY4kŽ«YeŠšEŽ¹šUjªYT{«Y£Îj–Ôe«Y¥ŠšEµ¹šUjªYT{«Y¥ŠšEµ¹šêk5 +ê:ÈÕ¬RS͢ڃ\Í*5Õ,ª=ÈÕ¬RS͢ڃ\ÍuV³€.ƒ\Í*5Õ,ª=ÈÕ,% ŠšÅ2ªÙóHõšš=~ +gÕìþÐžšÝþþîåOc5;žÙ«Ù|à?}üûôËÇ¿}üòí×÷Ò›—7;_×חpóýŽ +³ ÿàÅ%ü;{mÇáßۗá¡Ë ‡JMø‡jrø§Ô„šö ‡JMø‡jrøgÔþ‘º +rø§Ô„šö ‡JMø‡jrø§Ô„šö ‡Fá©Ë ‡JMø‡jrø§Ô„šö ‡JMø‡jrøgÔþ‘º +rø§Ô„šö † + +áš5ÇáŸ2þ!ڃ +þu†€.ƒ +þ)5áª=ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸQgøGê2ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸRþ¡Úƒ +þu†€.ƒ +þ)5áª=ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸQgøGê2HáŸ2÷ðÅó1 +ÿ8Â?kŽÃ?e&üCŽ9üêkøê:ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸRþ¡Úƒ +þu†€.ƒ +þ)5áª=ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸQgøGê2ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸRþ¡Úƒþ4á™=‡áŸ"Gø‡dÍqø§Ì„ˆö ‡JMø‡jrøgÔþ‘º +rø§Ô„šö ‡JMø‡jrø§Ô„šö ‡Fá©Ë ‡JMø‡jrø§Ô„šö ‡JMø‡jrøgÔþ‘º +rø§Ô„šö ‡JMø‡jbø§Ðþ¡Ysþ2á‘=ÇáŸ2þ!ڃ +þ)5áª=ÈáŸRþ¡Úƒ +þu†€.ƒ +þ)5áª=ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸQgøGê2ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸRþ¡Úƒ +þ õ5üu +äðO© ÿPíAÿ”šðÕ +ÄðO¡#üC³æ8ü3æ +ÿ]9üSjÂ?T{Ã?¥&üCµ9üSjÂ?T{Ã?£ÎðÔeÃ?¥&üCµ9üSjÂ?T{Ã?¥&üCµ9ü3ê +ÿH]9üSjÂ?T{Ã?¥&üCµ9üSjÂ?T{Ã?£ÎðÔeÃ?¥&üCµ1üSèÿЬ9ÿ”™ðÑ +äðÏš3ü#uäðO© ÿPíAÿ”šðÕ +äðO© ÿPíAÿŒ:Ã?R—Aÿ”šðÕ +äðO© ÿPíAÿ”šðÕ +äðÏš3ü#uäðO© ÿPíAÿ”šðÕ +äðO© ÿPíAÿŒ:Ã?R—A +ÿ:Â?4kŽÃ?e&üCŽ9üSjÂ?T{Ã?£ÎðÔeÃ?¥&üCµ9üSjÂ?T{Ã?¥&üCµ9üêkøê:ÈáŸRþ¡Úƒ +þ)5áª=ÈáŸRþ¡Úƒ +þu†€.ƒ +þ)5áª=ÈáßqÉæÂ?|!#ü;{!·GáßñëX¿› +áßÍóÕýö—Œþgöðïv„ÿñë÷oÉüòù뇿ìÿ›_Æ¿øøòEšÿß·_>üùÛ{åÉÝ˯ö«»Ÿží¿ÏGEàlQàeÏåìe·(o_Ž(€.ƒÜ¢(5- +ª=ˆ-ŠBG‹‚fÍq‹¢ÌŽ(ˆö ·(F- +©Ë ·(JM‹‚jr‹¢ÔŽ(šö ·(JM‹‚jr‹bÔÙ¢º +r‹¢ÔŽ(šö ·(JM‹‚jr‹¢ÔŽ(šö ·(F- +©Ë ·(JM‹‚jr‹¢ÔŽ(šö ·(JM‹‚jr‹bÔÙ¢º +R‹¢ÌœEAñ| +[ŽŚãE™iQíAnQ„úÚ¢€ºr‹¢ÔŽ(šö ·(JM‹‚jr‹¢ÔŽ(šö ·(F- +©Ë ·(JM‹‚jr‹¢ÔŽ(šö ·(JM‹‚jr‹bÔÙ¢º +r‹¢ÔŽ(šö ·(JM‹‚jr‹¢ÔŽ(šö ¶(M‹BfÏa‹¢ÈÑ¢ YsÜ¢(3- +¢=È-ŠRÓ¢ ÚƒÜ¢u¶(€.ƒÜ¢(5- +ª=È-ŠRÓ¢ ÚƒÜ¢(5- +ª=È-ŠQg‹Bê2È-ŠRÓ¢ ÚƒÜ¢(5- +ª=È-ŠRÓ¢ ÚƒÜ¢u¶(€.ƒÜ¢(5- +ª=È-ŠRÓ¢ ÚƒØ¢(tŽ(hÖ +¶(†L‹BdÏq‹¢ÌŽ(ˆö ·(JM‹‚jr‹¢ÔŽ(šö ·(F- +©Ë ·(JM‹‚jr‹¢ÔŽ(šö ·(JM‹‚jr‹bÔÙ¢º +r‹¢ÔŽ(šö ·(JM‹‚jr‹¢ÔŽ(šö ·(B}mQ@]¹EQjZT{[¥ŠEAµ±EQèhQЬ9nQŒ9[B—AnQ”šÕ +äE©iQPíAnQ”šÕ +äÅš³E!uäE©iQPíAnQ”šÕ +äE©iQPíAnQŒ:[R—AnQ”šÕ +äE©iQPíAnQ”šÕ +äÅš³E!uäE©iQPíAlQ:Z4kŽ[eŠEAŽ¹E1êlQH]¹EQjZT{[¥ŠEAµ¹EQjZT{[£Î +Ôe[¥ŠEAµ¹EQjZT{[¥ŠEAµ¹E1êlQH]¹EQjZT{[¥ŠEAµ¹EQjZT{[£Î +Ôe[ +Ž͚ãE™iQíAnQ”šÕ +äÅš³E!uäE©iQPíAnQ”šÕ +äE©iQPíAnQ„úÚ¢€ºr‹¢ÔŽ(šö ·(JM‹‚jr‹¢ÔŽ(šö ·(F- +©Ë ·(JM‹‚jr‹rœPž_ÈhQÎ^Èa‹rü:~ç—PmèÃéŽ[”ñÌޢ܍å_¿üóõõÍÏ¿ýòéËÏûÿêÛ_?îÿâׯ¿ýòço +›ýdáÕ|û‹x{ûp¢Ì8^óŒ3Î^óaœñöu +ÇhÖ +Ä’üþè²æžÌ0æ,3]¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹ÌPjÊ +T{Ë +£Î2ƒÔeË +¥ŠÌ@µ¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹Ì0ê,3H]¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹ÌPjÊ +T{Ë +£Î2ƒÔeÊ +eîeŠçcXf(p”(Ö +—ÊL™hr™!Ô×2ÔuË +¥ŠÌ@µ¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹Ì0ê,3H]¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹ÌPjÊ +T{Ë +£Î2ƒÔeË +¥ŠÌ@µ¹ÌPjÊ +T{Ë +¥ŠÌ@µ±Ì0hÊ +2{Ë +EŽ2ɚã2C™)3íA.3”š2Õ +ä2Ú³Ì uä2C©)3PíA.3”š2Õ +ä2C©)3PíA.3Œ:Ë +R—A.3”š2Õ +ä2C©)3PíA.3”š2Õ +ä2Ú³Ì uä2C©)3PíA.3”š2Õ +Ä2C¡£Ì@³æ°Ì0dÊ +"{ŽË +eŠÌ@Ž¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹Ì0ê,3H]¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹ÌPjÊ +T{Ë +£Î2ƒÔeË +¥ŠÌ@µ¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹Ìêk™ê:Èe†RSf Úƒ\f(5eª=ˆe†BG™fÍq™aÌYfº +r™¡Ô”šö —JM™jr™¡Ô”šö —Fe©Ë —JM™jr™¡Ô”šö —JM™jr™aÔYfº +r™¡Ô”šö —JM™jr™¡Ô”šö —Fe©Ë —JM™jb™¡ÐQf Ys\f(3e¢=Èe†Qg™Aê2Èe†RSf Úƒ\f(5eª=Èe†RSf Úƒ\fu–€.ƒ\f(5eª=Èe†RSf Úƒ\f(5eª=Èe†Qg™Aê2Èe†RSf Úƒ\f(5eª=Èe†RSf Úƒ\fu–€.ƒXf(t”hÖ +—ÊL™hr™¡Ô”šö —Fe©Ë —JM™jr™¡Ô”šö —JM™jr™!Ô×2ÔuË +¥ŠÌ@µ¹ÌPjÊ +T{Ë +¥ŠÌ@µ¹Ì0ê,3H]¹ÌPjÊ +T{Ë +Š +L™/d”g/äîšÌ8~ +¿ó[B®o¯ + +nžÌÏìeÆý(3þþ·OŸÿ²ŸŒÓË{'/z}û% Û/äû¿N/ÿߟŸÿ=œ¬ñÐù˺zûB¶_ÌëÓ{/ä +uö‚ÚƒêÓÕãóT÷g/š=øŸúŒýwïéÖ©ãYV—ÁõöêñѪû³Ô +¹ýÆ|zt¿áäYF—Áõå?ŽêþìµÔígp#ÕýÙ +j +šÛOáîVªû³Ô +|_œÝ~ +·R +ϲº + +šÛxs'ÕýÙ +j +šÛá$ÃÏ^P{ð@Ý~ +×Vݟœ öàûêÝéêúYþ67žeupïœ?²çޏ#÷þão¿~ûú·Oÿãã{êýËÖ +~Û{ßÜ +ü:œF«Ç/k6«¯/ë8Y}ó" X%²æžW5drU"kŽcUAÎVȞãRՐ U‰¬9ÎT +™J•ÈšÃFՈ#Q%ð|ŒUÎ>Ğã:Ր‰S‰¬9NS +™2•Èšã.ՐÉR‰¬9ŽR9›T {Ž‹TC&H%²æ8G5djT"kŽ[TC&E%²æ8DäìPì9®P +™•ÈšãՐ)P‰¬9îO +™ü”ÈšãøT³=²çž<5dÂS"k³S#Žê”Àó1nN +˜ä”ÄšãàT³7²çž65dbS"kŽSSCŠ4%²æž35d2S"kŽ#SAÎÆȞãÂԐ L‰¬9ÎK +™º”Èšã¶ÔIK‰¬9K9»R {Ž«RC&*%²æ8)5dŠR"kŽ{RC&'%²æ8&älIì9*I +ž‡€ÄMaFjŽQ‘w>Æ +©“’Xs +^&_ûÑcr™ãzԐ‰G‰¬9NG +™r”ÈšãnԐÉF‰¬9ŽF9›Q {Ž‹QC&%²æ85djQ"kŽ[QC&%²æ8äìDì9®D +™H”ÈšãDԐ)D‰¬9îC +™<”ÈšÃ8TˆiC¬1,C7ÂPòÎÇ8 +5`ªPkŽ›PC& %²æ8äìAì9®A +™”ÈšãԐ)A‰¬9î@ +™ +”ÈšãT³²çž5dP"kŽóOCŠþ$²æžý4dÒO"kŽÃOAÎîȞãêӐ‰>‰¬9N> +™â“ÈšÃÞӈ#÷$ð| +cOá¥õ¯Æžô4`BOkŽ3OCŠò$²æžñ4dO"kŽOAΟȞãºÓ‰;‰¬9N; +™²“Èšã®ÓÉ:‰¬9Ž:9›N {Ž‹NC&è$²æ8ç4djN"kŽ[NC&å$²æ8äŒLŸvœÇä2ǧ!qYsœp2'‘5‡ýŠGŸIàùǛœí&ˆ=ÇåŠ!nYsœm2Õ&‘5ÇÍŠ!“lYs +l +röš@ö +ך†L¬IdÍqªiȔšDÖ +wš†LŠIdÍq€)ÈÙhÙs\h2&‘5ÇyŠ!SgYsÜf2i&‘5ÇaŠ g— dÏq•iÈD™DÖ +&™F +E&çcÜc09&‰5Ç1Š g‹ dÏq‰iȄ˜DÖ +g˜†L +IdÍqƒiÈ$˜DÖ +˜‚œý%=Çõ¥!_Ysœ^2å%‘5ÇÝ¥!“]Ys +] +r6—@ö +—†LpIdÍqniÈԖDÖ +·–†LjIdÍqh)ÈÙYÙsXYqD–žqbiÀ–$Ö +÷•†L^IdÍq\)ÈÙVÙs\V2a%‘5ÇY¥!SUYsÜT2I%‘5ÇAåeòµ§<&—9®) +™˜’Èšã”Ґ))‰¬9î( +™Œ’ÈšãˆR³¡²çž 4dJ"kŽóÉÃ(ÐՓô*F<ùú*žŽÚÉñ€“7Òɇ»í¯ÞŸž +ÏìñäÓü®ÜOß>}øüRO~ÿ÷ßþ:þÅ¿|øõãçO_Æ¿ûËO§?|ûðò¿|{ºœÀ—*üúÞf–ÛŸ,2Ëy + +óöìáø +öíë€{XT{/b•š“XT{b:¯bI]é.V™ûa,Šçcx«Àq‹bÍñu¬2s +‹hò¬P_/dA]ùFV©9’EµùLV©¹“EµùRV©9•EµùXÖšóZ–Ôeïe•šƒYT{Of•š›YT{¯f•š³YT{g:/gI]ùvV©9žEµù|V©¹ŸEµù‚V©9¡EµñˆÖ ¹¢%³çðŽV‘ãɚãSZeæ–Ñ +äkZ¥æœÕ +äƒZ£Î‹ZR—AŸ©UjŽjQíA>«UjîjQíAŸ¬UjNkQíA>®5ꌮ%uäûZ¥æÀÕ +ä[¥æÆÕ +ä+[¥æÌÕ +äC[£ÎK[R—AŸµUjŽmQíA>·UjîmQíAŒžUè8¹E³æðè֐¹º%²çøîV™9ŒEŽùôV©¹œEµùúV©9¿Eµùךó—Ôeop•š#\T{Ïp•š;\T{/q•šS\T{q:¯qI]ù +W©9ÈEµù$W©¹ÉEµù*W©9ËEµù0Wš¯—¹ ®ƒ|›«Ô +ç¢Úƒ|ž«ÔÜç¢Úƒx¡«Ðq¢‹fÍñ‘®1ç•.¡Ë ßé*5‡ºšö Ÿê*5·ºšö _ë*5纚ö ìu^쒺 +òÍ®RsŽ‹jòÙ®Rs·‹jòå®Rsº‹jòñ®Qçõ.©Ë ßï*5Œšö Ÿð*57Œšö _ñ*5gŒšö òu^ò’º +ò-¯Rs̋jâ9¯BÇ=/š5ÇœÊÌI/¢=ÈGœFWœ€.ƒ|×«Ô +ö¢Úƒ|Ú«ÔÜö¢Úƒ|ݫԜ÷¢Úƒ|àkÔyáKê2È7ŸJ͑/ª=ÈgŸJ͝/ª=ȗŸJÍ©/ª=ÈÇŸF×Ÿ€.ƒ|ï«Ô +ü¢Úƒ|ò«ÔÜü¢Úƒ|õ«Ôœý¢Úƒ|økÔyùKê2ˆ·¿ + +Ç¿hÖ +Ÿÿ*3÷¿ˆö _+5'Àšö u^“º +ò +°RsŒjò)°Rs +Œjò5°RsŒjòA°P_/‚A]ù&X©9 +Fµù,X©¹ +Fµù2X©9 +Fµù8Øšó:˜Ôeïƒ•šaT{O„/Zݍ0Ÿq$|öBž®„_Çïü†•ûÓöð#Ÿ gö3áçq&üO¿}ÙÿůþöןŸŒ÷e +¯ÿß=ŸÛ~Ç=žž_ϯo~?ÇÙë;þ‚Ž·/Ÿ¡Õ +ÄïèPèø’4kŽ¿ŠÃ˜ó{:]ù›:”š¯ê@µùË:”šoë@µùû:”š/ì@µù+;Œ:¿³ƒÔe¿µC©ùÚT{¿žC©ùæT{¿»C©ùòT{¿ŸÃšóû;H]ù<”š¯ð@µùK<”šoñ@µù{<”š/ò@µù«<Œ:¿ËƒÔe¿ÍC©ù:T{¿ÐC¡ã=Ь9þNeæK=íAþZ£Îïõ uäoöPjŸÚÕ +ä/÷PjŸÝÕ +äï÷PjŸàÕ +ä¯ø0êüŽR—Aþ–¥æk>PíAþ¢¥æ›>PíAþ®¥æË>PíAþº£Îïû uäoüPj*GT{+G¥ŠrDµ¹rTj*GT{+G£ÎʑÔe*Geî•#ŠçcX9*pTŽ(Ö +WŽÊLåˆhrå(Ô×ÊÔu+G¥ŠrDµ¹rTj*GT{+G¥ŠrDµ¹r4ê¬ +I]¹rTj*GT{+G¥ŠrDµ¹rTj*GT{+G£ÎʑÔe+G¥ŠrDµ¹rTj*GT{+G¥ŠrDµ±r4h*G2{+GEŽÊɚãÊQ™© +íA® +•šÊÕ +äÊÑš³r$uäÊQ©© +QíA® +•šÊÕ +äÊQ©© +QíA® +:+GR—A® +•šÊÕ +äÊQ©© +QíA® +•šÊÕ +äÊÑš³r$uäÊQ©© +QíA® +•šÊÕ +ÄÊQ¡£rD³æ°r4d*G"{Ž+GeŠrDŽ¹rTj*GT{+G¥ŠrDµ¹r4ê¬ +I]¹rTj*GT{+G¥ŠrDµ¹rTj*GT{+G£ÎʑÔe+G¥ŠrDµ¹rTj*GT{+G¥ŠrDµ¹rêkåê:ȕ£RS9¢Úƒ\9*5•#ª=ˆ•£BGåˆfÍqåhÌY9º +råšÔTŽšö WŽJMåˆjråšÔTŽšö WŽF•#©Ë WŽJMåˆjråšÔTŽšö WŽJMåˆjråhÔY9’º +råšÔTŽšö WŽJMåˆjråšÔTŽšö WŽF•#©Ë WŽJMåˆjbåšÐQ9¢Ys\9*3•#¢=ȕ£QgåHê2ȕ£RS9¢Úƒ\9*5•#ª=ȕ£RS9¢Úƒ\9uVŽ€.ƒ\9*5•#ª=ȕ£RS9¢Úƒ\9*5•#ª=ȕ£QgåHê2ȕ£RS9¢Úƒ\9*5•#ª=ȕ£RS9¢Úƒ\9uVŽ€.ƒX9*tTŽhÖ +WŽÊLåˆhråšÔTŽšö WŽF•#©Ë WŽJMåˆjråšÔTŽšö WŽJMåˆjrå(Ô×ÊÔu+G¥ŠrDµ¹rTj*GT{+G¥ŠrDµ¹r4ê¬ +I]¹rTj*GT{+ÇãhÏUŽøBFåxöB+Çã×ñ;¿ +åöéêùúž+ÇñÌ^9n?€œnüOŸ>üuÿ—Ÿüe|õɧ_>þùÛ×_þûþo?øï_ûéôã··7íû1ø+ÿÎ÷ \FóÌ +^þsWjÎÜQíA>sWjÎÜQíA>sWjÎÜQíA>s7êsWjÎÜQíA>sWjÎÜQíA>sWjÎÜQíA>s7êsWfÎÜíA>sWjÎÜQíA>s7êý +όÓïÓ8ýþÓ_?îÿâÛÇ_¿ýúÛ§oßûr™ïÿ<øY_ɶ·aGßr3Ÿú^cŸúåì% +õËۗ_ýBè2È_ý¢Ô|õ +ª=È_ý¢Ô|õ +ª=È_ý¢Ô|õ +ª=È_ýbÔùÕ/€.ƒüÕ/JÍW¿ ÚƒüÕ/JÍW¿ ÚƒüÕ/JÍW¿ ÚƒüÕ/F_ýBê2È_ý¢Ô|õ +ª=È_ý¢Ô|õ +ª=È_ý¢Ô|õ +ª=È_ýbÔùÕ/€.ƒüÕ/JÍW¿ ÚƒøÕ/ + +_ý‚fÍñW¿(3_ý‚hòW¿u~õ +©Ë õ‹RóÕ/šö õ‹RóÕ/šö õ‹RÓġڃÜÄu6q€.ƒÜÄ)5M +ª=ÈMœRÓġڃÜÄ)5M +ª=ÈMœQgGê2ÈMœRÓġڃÜÄ)5M +ª=ÈMœRÓġڃÜÄu6q€.ƒÔÄ)soâP<Ã&N£‰C±æž‰Sfš8D{›8¡Ÿ6q ®ƒÜÄ)5M +ª=ÈMœRÓġڃÜÄ)5M +ª=ÈMœQgGê2ÈMœRÓġڃÜÄ)5M +ª=ÈMœRÓġڃÜÄu6q€.ƒÜÄ)5M +ª=ÈMœRÓġڃÜÄ)5M +ª=ˆMœAÓđÙsØÄ)r4qHÖ +7qÊL‡hr§Ô4qšö 7qFM +©Ë 7qJM‡jr§Ô4qšö 7qJM‡jrgÔÙđº +r§Ô4qšö 7qJM‡jr§Ô4qšö 7qFM +©Ë 7qJM‡jr§Ô4qšö 6q + +M +š5‡Mœ!ÓÄÙsÜÄ)3M +¢=ÈMœRÓġڃÜÄ)5M +ª=ÈMœQgGê2ÈMœRÓġڃÜÄ)5M +ª=ÈMœRÓġڃÜÄu6q€.ƒÜÄ)5M +ª=ÈMœRÓġڃÜÄ)5M +ª=ÈMœP_›8P×An┚&Õ +ä&N©iâPíAlâ:š84kŽ›8cÎ&ŽÐe›8¥Š‰Cµ¹‰Sjš8T{›8¥Š‰Cµ¹‰3êlâH]¹‰Sjš8T{›8¥Š‰Cµ¹‰Sjš8T{›8£Î&ŽÔe›8¥Š‰Cµ¹‰Sjš8T{›8¥Š‰Cµ¹‰3êlâH]¹‰Sjš8T{›8 +Ž&͚ã&N™iâíAnâŒ:›8R—An┚&Õ +ä&N©iâPíAn┚&Õ +ä&Κ³‰#uä&N©iâPíAn┚&Õ +ä&N©iâPíAnâŒ:›8R—An┚&Õ +ä&N©iâPíAn┚&Õ +ä&Κ³‰#uÄ&N¡£‰C³æž‰Sfš8D{›8¥Š‰Cµ¹‰3êlâH]¹‰Sjš8T{›8¥Š‰Cµ¹‰Sjš8T{›8¡Ÿ6q ®ƒÜÄ)5M +ª=ÈMœRÓġڃÜÄ)5M +ª=ÈMÜqÝ¥š8z +iâÎ^Çé暉;~ +ž»>meôÒÄmk±ýŸÉ»MÜéùêþ{uzy7é4_Ñö_ð×&n<”g^^Ñíâþá㗏¿|øŒÿ›ß~ýðóèãŸ|ýöñ×·mÜÝö×/w?œaoõ¶¿:lã +¶??ó‹ÍCç/öí}ã(èÞŸŽã ͚ã Ϙ3È#tä O© òPíAò”š Õ +ä O© òPíAòŒ:ƒ†AžG‡bÍq§Ìyˆö yB} +ò@]9ÈSj‚þº=tz{Ïtwuóòâë«zûËüp}ôëüzXTó°êìêø°êí +Ã*T{«Œ:«H]ù°J©9¬Bµù°J©9¬Bµù°J©9¬Bµñ°Ê 9¬"³çð°J‘ã° +ɚãÃ*eæ° +Ñ +äÃ*¥æ° +Õ +äÃ*£ÎÃ*R—A>¬Rj«PíA>¬Rj«PíA>¬Rj«PíA>¬2ê<¬"uäÃ*¥æ° +Õ +äÃ*¥æ° +Õ +äÃ*¥æ° +Õ +äÃ*£ÎÃ*R—A>¬Rj«PíA>¬Rj«PíA<¬Rè8¬B³æð°Ê9¬"²çø°J™9¬BŽù°J©9¬Bµù°J©9¬Bµù°Êšó°ŠÔe«”šÃ*T{«”šÃ*T{«”šÃ*T{«Œ:«H]ù°J©9¬Bµù°J©9¬Bµù°J©9¬Bµù°Jš¯‡U ®ƒ|X¥Ô +V¡Úƒ|X¥Ô +V¡ÚƒxX¥ÐqX +fÍña•1ça¡Ë V)5‡Ušö V)5‡Ušö V)5‡Ušö Vu +V‘º +òa•RsX +jòa•RsX +jòa•RsX +jòa•Qça©Ë V)5‡Ušö V)5‡Ušö V)5‡Ušö Vu +V‘º +òa•RsX +jâa•BÇaš5LJUÊÌa¢=ȇUF‡U€.ƒ|X¥Ô +V¡Úƒ|X¥Ô +V¡Úƒ|X¥Ô +V¡Úƒ|XeÔyXEê2ȇUJÍaª=ȇUJÍaª=ȇUJÍaª=ȇUF‡U€.ƒ|X¥Ô +V¡Úƒ|X¥Ô +V¡Úƒ|X¥Ô +V¡Úƒ|XeÔyXEê2ˆ‡U + +‡UhÖ +V)3‡Uˆö V)5‡Ušö Vu +V‘º +òa•RsX +jòa•RsX +jòa•RsX +jòa•P_«@]ù°J©9¬Bµù°J©9¬Bµù°J©9¬Bµù°Š.~ÄaœŽ +VœŽãêã×± +V. +V=} +x>’^p>’õìõ +$ëۗɊhòG²u~$+©Ë $«R󑬚ö $«R󑬚ö $«R󑬚ö $«QçG²’º +òG²*5ɊjòG²*5ɊjòG²*5ɊjòG²u~$+©Ë $«R󑬚ö $«R󑬚ö $«R󑬚ö $«QçG²’º +ÒG²*sÿHVÏÇð#Y8>’ŚãdUf>’Ñ +ädêëG²‚ºòG²*5ɊjòG²*5ɊjòG²*5ɊjòG²u~$+©Ë $«R󑬚ö $«RS Úƒ\(5åª=Èå€Qg9@ê2Èå€RS Úƒ\(5åª=Èå€RS ÚƒX4å™=‡å€"G9€dÍq9 Ì”ˆö —JM9€jr9`ÔYº +r9 Ô”šö —JM9€jr9 Ô”šö —Få©Ë —JM9€jr9 Ô”šö —JM9€jr9`ÔYº +r9 Ô”šö —JM9€jb9 ÐQ YsX2å‘=Çå€2S ڃ\(5åª=Èå€RS Úƒ\u–€.ƒ\(5åª=Èå€RS Úƒ\(5åª=Èå€Qg9@ê2Èå€RS Úƒ\(5åª=Èå€RS Úƒ\õµ +u +är@©)PíA.”šrÕ +Är@¡£ +@³æž +0æ,]¹ +PjÊT{Ë¥Š +@µ¹ +PjÊT{Ë£Îr€ÔeË¥Š +@µ¹ +PjÊT{Ë¥Š +@µ¹ +0ê,H]¹ +PjÊT{Ë¥Š +@µ¹ +PjÊT{Ë£Îr€ÔeË¥Š +@µ± +Pè(Ь9.”™rÑ +ärÀš³ + uär@©)PíA.”šrÕ +är@©)PíA.Œ:ËR—A.”šrÕ +är@©)PíA.”šrÕ +ärÀš³ + uär@©)PíA.”šrÕ +är@©)PíA.Œ:ËR—A,:Ê4kŽËeŠ +@Ž¹ +PjÊT{Ë£Îr€ÔeË¥Š +@µ¹ +PjÊT{Ë¥Š +@µ¹ +êk9ê:Èå€RS Úƒ\(5åª=Èå€RS Úƒ\ +Ÿœ«r€^Gʁ³×q\ +¿ŽßYÜ?\Ým?i,Æ3{9p7ʁÿòéç/>ÿºŸÀÓóË_5<üp6üöWêúîè—êôŒý:~ÿë\zaã¡óvõö +Ü^=>ÞŸ÷BÞQ÷g/š=x >\ÝŒŒ¡¢ÔýÙ +j +šOW/YªÔýÙ +jŸ-zœýgQ]ÔíÇðþÁÞQ÷g/š=x n?†—¿,UêþìµÔíÇp²êþìµßW·?m:u<Ëê2x Þn‰ø,ÕýÙ +j +šÛ_#Zuö‚ÚƒêÓՃýþþè³æÞ'·ß8N/YjÌñ,£Ëàºý + +¬º?{AíÁuûÜßHuö‚ÚƒêöSž»•êþìµßWo·íTdz¬.ƒêöcž¹“êþìµÔíÇp’¿áŒg/š=x n?†k«îÏ^P{ð}õnûË€gùÛÜx–Õeð@œœº’¿áŒg/š=x >\]?Zuö‚ÚƒêÓÕœý³ðxö‚Úƒåêöcž—¿áŒgY]ÔíÇpgÕýÙ +j +š{ɫУYs ++3a0¢=Èa°QgLê2Èa°R£Úƒ ++5a0ª=Èa°R£Úƒ +u†Á€.ƒ ++5a0ª=Èa°R£Úƒ ++5a0ª=Èa°QgLê2Èa°R£Úƒ ++5a0ª=Èa°R£Úƒ +u†Á€.ƒ+sƒQ<Ã0X# +F±æ8 +VfÂ`D{Ã`¡Ÿ†Á ®ƒ ++5a0ª=Èa°R£Úƒ ++5a0ª=Èa°QgLê2Èa°R£Úƒ ++5a0ª=Èa°R£Úƒ +u†Á€.ƒ ++5a0ª=Èa°R£Úƒ ++5a0ª=ˆa°A“Ùs+r„ÁHÖ +‡ÁÊLŒhr¬Ô„Ášö ‡ÁFa0©Ë ‡ÁJMŒjr¬Ô„Ášö ‡ÁJMŒjrlÔ“º +r¬Ô„Ášö ‡ÁJMŒjr¬Ô„Ášö ‡ÁFa0©Ë ‡ÁJMŒjr¬Ô„Ášö †Á + +a0š5‡a°!Ùs ++3a0¢=Èa°R£Úƒ ++5a0ª=Èa°QgLê2Èa°R£Úƒ ++5a0ª=Èa°R£Úƒ +u†Á€.ƒ ++5a0ª=Èa°R£Úƒ ++5a0ª=Èa°P_Ã`P×Aƒ•š0Õ +ä0X© ƒQíA +ƒ:Â`4kŽÃ`cÎ0˜ÐeÃ`¥& +Fµ9 +VjÂ`T{Ã`¥& +Fµ9 +6ê +ƒI]9 +VjÂ`T{Ã`¥& +Fµ9 +VjÂ`T{Ã`£Î0˜ÔeÃ`¥& +Fµ9 +VjÂ`T{Ã`¥& +Fµ9 +6ê +ƒI]9 +VjÂ`T{Ã` +Ž0͚ã0X™ ƒíAƒ:Ã`R—Aƒ•š0Õ +ä0X© ƒQíAƒ•š0Õ +ä0Øš3 +&uä0X© ƒQíAƒ•š0Õ +ä0X© ƒQíAƒ:Ã`R—Aƒ•š0Õ +ä0X© ƒQíAƒ•š0Õ +ä0Øš3 +&uÄ0X¡# +F³æ8 +VfÂ`D{Ã`¥& +Fµ9 +6ê +ƒI]9 +VjÂ`T{Ã`¥& +Fµ9 +VjÂ`T{Ã`¡Ÿ†Á ®ƒ ++5a0ª=Èa°R£Úƒ ++5a0ª=Èa0å®" +Š×‘0øìuœ +ŽÂàã×±„Á7Âàïÿâ–ÃàñÌ +ߏ0ø?ÿãÜÿÅ?__ß|þø¶UœÙþ„ôüÃðöWìáúî0NªK/0©îÙ +ŒT÷ÿøús¥ºßÿõ/_¿}øöé뗷ÑÔýþ'ŠWn}M/ÿ8õùàðµÞ‚—;ë­³—{\oœ}!Po¡Úƒ\ouÖ[€.ƒ\o)5õª=Èõ–RSo¡Úƒ\o)5õª=Èõ–QgœEê2Èõ–RSo¡Úƒ\o)5õª=Èõ–RSo¡Úƒ\ouÖ[€.ƒ\o)5õª=ˆõ–BGœ +fÍqœ¥ÌÔ[ˆö ×[Fõ©Ë ×[JMœ +jrœ¥ÔÔ[šö ×[JMœ +jrœeÔYo‘º +rœ¥ÔÔ[šö ×[JMœ +jrœ¥ÔÔ[šö ×[Fõ©Ë ×[JMœ +jrœ¥ÔÔ[šö ×[JMœ +jrœeÔYo‘º +Rœ¥ÌœÞBñ| +ë-Žz +ŚãzK™©·íA®·„úZoºrœ¥ÔÔ[šö ×[JMœ +jrœ¥ÔÔ[šö ×[Fõ©Ë ×[JMœ +jrœ¥ÔÔ[šö ×[JMœ +jrœeÔYo‘º +rœ¥ÔÔ[šö ×[JMœ +jrœ¥ÔÔ[šö Ö[MœEfÏaœ¥ÈQo!Ys\o)3õ¢=Èõ–RSo¡Úƒ\ouÖ[€.ƒ\o)5õª=Èõ–RSo¡Úƒ\o)5õª=Èõ–QgœEê2Èõ–RSo¡Úƒ\o)5õª=Èõ–RSo¡Úƒ\ouÖ[€.ƒ\o)5õª=Èõ–RSo¡ÚƒXo)tÔ[hÖ +Ö[†LœEdÏqœ¥ÌÔ[ˆö ×[JMœ +jrœ¥ÔÔ[šö ×[Fõ©Ë ×[JMœ +jrœ¥ÔÔ[šö ×[JMœ +jrœeÔYo‘º +rœ¥ÔÔ[šö ×[JMœ +jrœ¥ÔÔ[šö ×[B}­·@]¹ÞRjê-T{ë-¥ŠÞBµ±ÞR蚷Ь9®·Œ9ë-B—A®·”šz +Õ +äzK©©·PíA®·”šz +Õ +äzËš³Þ"uäzK©©·PíA®·”šz +Õ +äzK©©·PíA®·Œ:ë-R—A®·”šz +Õ +äzK©©·PíA®·”šz +Õ +äzËš³Þ"uäzK©©·PíA¬·:ê-4kŽë-eŠÞBŽ¹Þ2ꬷH]¹ÞRjê-T{ë-¥ŠÞBµ¹ÞRjê-T{ë-£Îz‹Ôeë-¥ŠÞBµ¹ÞRjê-T{ë-¥ŠÞBµ¹Þ2ꬷH]¹ÞRjê-T{ë-¥ŠÞBµ¹ÞRjê-T{ë-£Îz‹Ôeë- +Žz +͚ãzK™©·íA®·”šz +Õ +äzËš³Þ"uäzK©©·PíA®·”šz +Õ +äzK©©·PíA®·„úZoºrœ¥ÔÔ[šö ×[JMœ +jrœ¥ÔÔ[šö ×[Çõ‘ª·èu€Þ:{ +ÇõÖñëø_ŽxÚþè8ÞÚÙÛ­ÇÑný×ûˇoŸŸŒ€ëÛ_?Ÿ-¹~ýôó—ß~ûå§Óã³ýùð/~ýøÞ)ÞËßÙÎײŸÞ›íÏã·¿ž¯WrÇ(óHîõåøFîÍ«€9"kŽä9ïã€ì9ŸŽ3dŽãˆ¬9>3d.㈬9Ÿ‹3dÎ∬9>Š䌉²çø"ΐ9ˆ#²æø +ΐ¹†#²æøΐ9 +#²æðNˆ¹ƒ°Æð +Îx㎌ó1>3`.àH¬9Ÿ3dÎ߈¬9>~äŒ}²çøò͐9|#²æøì͐¹z#²æøæ͐9y#²æøàMóÞ +Ȟãk7Cæ؍ȚãS7CæҍȚã;7Cæ̍Țã#7AÎ7 {Ž/Ü +™7"kŽÏÛ +™ë6"koی8NÛ<ÃÃ6áå® +Œã«6暍Ěã“6C梍Țã{6C服Țãc6AÎ[6 {Ž/Ù +™C6"kŽÏØ +™+6"kŽoØ +™6"kŽØ9ï׀ì9Ÿ^3dŽ×ˆ¬9>]3d.׈¬9Ÿ[3dÎֈ¬9>Z»LŸÞ¬ +“Ë +_¬2kDÖ +Ÿ«2×jDÖ +Þªqœªx>Ƈjœwj ö +_©2GjDÖ +Ÿš2jDÖ +ߧ2çiDÖ +§ rÞŠÙs|™fÈ +ŠYs|–fÈ\¥Ys|“fȜ€Ys|&ÈydÏñ5š!sŒFdÍñ)š!s‰FdÍñ +š!s†FdÍñš ç +=Çh†Ì‘5‡çgF +×gžñí™szFbÍñᙠçݐ=ÇWg†ÌÑ‘5Ç'g†ÌÅ‘5Ç÷f†Ì¹‘5ÇÇf‚œ·f@ö +_š2‡fDÖ +Ÿ™2WfDÖ +ߘ2'fDÖ +˜ rޗÙs|]fÈ +—Ys|ZfÈ\–Ys|WfȜ•Ys|T&ÈySdÏáE™ÇAçc|NfÀ\“‘Xs|KfȜ’Ys|H&ÈyGdÏñ™!sDFdÍñ ™!sAFdÍñý˜!s>FdÍññØeòõvì˜\æør̐9 +#²æøl̐¹#²æøf̐9#²æø`ìðŠI݋Á‹È¹Øë‹8= +]‹ +ŸˆßùQß×wWÛï,x-6žÙÏŞƹØ?þíß~ùúÓéþÇ{3öýNìóŸ}ý×í‘?ýšOù +ð·ŸP·‰/ÿwôúRÞ~ +øóíÓá±X>>þPæÇǝý¡ +|ÜÛ‡jòÇÇ)5‡qšö ŸÆ)5·qšö _ÇužÇ‘º +òœRs!‡jòœRs$‡jò™œRs'‡jò¥œQç© +©Ë Ë)5×ršö ßË)5sšö ŸÌ)57sšö ^Í4gsdö + +Î)r\Î!Ys|;§Ì +Ï!ڃ|>§ÔÜϡڃ|AgÔyBGê2ÈGtJÍ +ª=ÈwtJÍ! +ª=ȧtJÍ- +ª=È×tFçt€.ƒ|P§Ô\ԡڃ|S§Ô +աڃ|V§ÔÜաڃ|YgÔyZGê2ÈÇuJÍu +ª=È÷uJ́ +ª=ˆ'v + +7vhÖ +^Ù2gvDö +Ú)3—vˆö ßÚ)5Çvšö ŸÛ)5÷všö _ÜužÜ‘º +òѝRsu‡jòݝRsx‡jòéRs{‡jòõQçù +©Ë à)5xšö ßà)5Gxšö Ÿá)5wxšö _â õõÔuñ”škÕ +ä +=£Î=R—A>ÒSj®ôPíAŸÓSjõPíA>ÕSjnõPíAŸÖ3ê<×#uäƒ=¥æbÕ +ä›=¥æhÕ +ä³=¥ænÕ +äË=£ÎÓ=R—A>ÞSj®÷PíAŒßSè8àC³æø„O™¹áCŽùŠÏšóŒÔeù”šK>T{où”šc>T{Ïù”š{>T{/úŒ:OúH]ùšO©¹êCµù®O©9ìCµùŽO©¹íCµùºÏšóŒÔeü”š +?T{oü”š#?T{Ïü”š;?T{/ýŒ:OýH]ñØO¡ãÚ͚ã{?eæàÑ +ä“?¥ææÕ +ä«?£Î³?R—A>üSj.ÿPíAŸýSjŽÿPíA>ÿSjîÿPíAŸêë šë *5W€šö ß*5‡€šö Ÿ*5·€šö _ +_­©s@z +¹<{ +§ç£ƒÀã×ñû>>îöùŽý_ð#^æ™ý"ðy\þÓo_Ÿ}úÛ8õûúoß>}ýòëÿŒÿ»?ýÛß>ütúñË_þðùӗñÈÿ”ÿìËËgÌýüÛ÷ëÀ/õ©sïŒqö|÷øÃÙk|çsåîïŽNóÆý1æ¡ó?ÆÃ7¶Þy!Çol±ÚƒøƖSÇ[¬ö Ÿ±¥ÔŒ± +ê2ˆol9uŒ±Åjâ +ol±ÚƒøƖSÇ[¬ö Ÿ±¥ÔŒ± +ê2ˆol9uŒ±Åjâ +ol±ÚƒøƖSÇ[¬ö Ÿ±eÔùÆ©ë Ÿ±åÔñÆ«=ˆol9uŒ±ÅjÒ[ÝßØb³æð-eæ-D—A|cË©ã-V{ßØrêxc‹Õ +Ä7¶œ:ÞØbµñ-¥æ-T—A|cË©ã-V{ßØrêxc‹Õ +Ä7¶œ:ÞØbµñ-¥æ-T—A|cË©ã-V{ßØrêxc‹Õ +Ä7¶œ:þˆÕ +Ä7¶”š7¶P]ñ-§Ž7¶XíAzcË¡ûÖ +Ÿ±åÌñÆ£=ˆol)5ol¡º +â +ol±ÚƒøƖSÇ[¬ö Ÿ±åÔñÆ«=ˆol)5ol¡º +â +ol±ÚƒøƖSÇ[¬ö Ÿ±åÔñÆ«=ˆol)5ol¡º +â +ol±ÚƒøƖSÇ[¬ö Ÿ±åÔñÆ«=ˆol)5ol¡º +Ò[ÝßØb³æð-gŽ7¶íA|cË©ã-V{ßØRjÞØBuÄ7¶œ:ÞØbµñ-§Ž7¶XíA|cË©ã-V{ßØ2ê|c‹ÔußØrêxc‹Õ +Ä7¶œ:ÞØbµñ-§Ž7¶XíA|c +Þc1olá띿ŽÃ7¶àuüŸºxy³ãñš¿)Ïìolm¿û»Qÿå·û·¯¿|ÛÿÍØÿÇßÿöó¯õ¿øÏ¿|ý—ÏÿöÓéÇ_ß|ÄÅãéêúþuþÝ÷­înn~Qo +·W÷ý¯Má!ÿ!\œ}!÷Ûó÷wÔýÙ +j +šOWw÷Rݟœ öàûêÓ˛ +R +ϲº + +šÛáå/%•º?{AíÁuû1܉fÿh +£ÎÏú!u +ÄÏúqêø¬V{?ëÇ©ã³~XíAü¬§ŽÏúaµñ³~”šÏúAuÄÏúqêø¬V{?ëÇ©ã³~XíAü¬§ŽÏúaµñ³~”šÏúAuÄÏúqêø¬V{?ëÇ©ã³~XíAü¬§ŽÏúaµé³~:>ë͞£ÏúqäþY?LÖ +~֏3Çgý0ڃøY?N +ŸõÃjâgý(5Ÿõƒê2ˆŸõãÔñY?¬ö ~֏SÇgý°ÚƒøY?N +ŸõÃjâgý(5Ÿõƒê2ˆŸõãÔñY?¬ö ~֏SÇgý°ÚƒøY?N +ŸõÃjâgý(5Ÿõƒê2ˆŸõãÔñY?¬ö ~֏SÇgý°ÚƒôY?Ý?ë‡Íš£ÏúQäø¬${?ëǙ9‰FŽù$Z©9‰Fµù$Z©9‰Fµù$Úšó$šÔeO¢•š“hT{O¢•š“hT{O¢•š“hT{O¢:O¢I]ù$Z©9‰Fµù$Z©9‰Fµù$Z©9‰Fµù$Zš¯'Ñ ®ƒ|­ÔœD£Úƒ|­ÔœD£Úƒx­ÐqfÍñIŽ1çI4¡Ë ŸD+5'Ñšö ŸD+5'Ñšö ŸD+5'Ñšö ŸDužD“º +òIŽRsjòIŽRsjòIŽRsjòIŽQçI4©Ë ŸD+5'Ñšö ŸD+5'Ñšö ŸD+5'Ñšö ŸDužD“º +òIŽRsjâIŽBÇI4š5Ç'ÑÊÌI4¢=È'ÑF'Ñ€.ƒ|­ÔœD£Úƒ|­ÔœD£Úƒ|­ÔœD£Úƒ|mÔyMê2È'ÑJÍI4ª=È'ÑJÍI4ª=È'ÑJÍI4ª=È'ÑF'Ñ€.ƒ|­ÔœD£Úƒ|­ÔœD£Úƒ|­ÔœD£Úƒ|mÔyMê2ˆ'Ñ + +'ÑhÖ +ŸD+3'шö ŸD+5'Ñšö ŸDužD“º +òIŽRsjòIŽRsjòIŽRsjòIŽP_O¢A]ù$Z©9‰Fµù$Z©9‰Fµù$Z©9‰Fµù$úø|WDÓëÈIôÙë8>‰>~ +ž»>meôrœý­ÅÝÁgýœž¯îïoö÷ónîæ+Úþ +þz= +Ê3/¯ènÜCÿñœìùú¯ûÿüüõçŸçWþëO§?üùÓçOß>}|÷,úåïó^_ÅÛ_Ö移‹WÑðG1¯¢Ïþ(Ž¯¢ßŸžŠFµù*Z©¹ŠFµù*Úšó*šÔe¯¢•š«hT{¯¢•š«hT{¯¢•š«hT{¯¢:¯¢I]é*Z™ûU4Šçcx­ÀqbÍñUŽ2shòUŽP_¯¢A]ù*Z©¹ŠFµù*Z©¹ŠFµù*Z©¹ŠFµù*Úšó*šÔe¯¢•š«hT{¯¢•š«hT{¯¢•š«hT{¯¢:¯¢I]ù*Z©¹ŠFµù*Z©¹ŠFµù*Z©¹ŠFµñ*Ú ¹Š&³çð*Z‘ã*ɚã«heæ*Ñ +ä«h¥æ*Õ +ä«h£Î«hR—AŸŠVj®¢QíAŸŠVj®¢QíAŸŠVj®¢QíAŸŠ6ꌊ&uä«h¥æ*Õ +ä«h¥æ*Õ +ä«h¥æ*Õ +ä«h£Î«hR—AŸŠVj®¢QíAŸŠVj®¢QíAŒŠV螊F³æð*ڐ¹Š&²çø*Z™¹ŠFŽù*Z©¹ŠFµù*Z©¹ŠFµù*Úšó*šÔe¯¢•š«hT{¯¢•š«hT{¯¢•š«hT{¯¢:¯¢I]ù*Z©¹ŠFµù*Z©¹ŠFµù*Z©¹ŠFµù*Zš¯WÑ ®ƒ|­Ô\E£Úƒ|­Ô\E£Úƒx­ÐqfÍñUŽ1çU4¡Ë _E+5WÑšö _E+5WÑšö _E+5WÑšö _Eu^E“º +òUŽRsjòUŽRsjòUŽRsjòUŽQçU4©Ë _E+5WÑšö _E+5WÑšö _E+5WÑšö _Eu^E“º +òUŽRsjâUŽBÇU4š5ÇWÑÊÌU4¢=ÈWÑFWÑ€.ƒ|­Ô\E£Úƒ|­Ô\E£Úƒ|­Ô\E£Úƒ|mÔyMê2ÈWÑJÍU4ª=ÈWÑJÍU4ª=ÈWÑJÍU4ª=ÈWÑFWÑ€.ƒ|­Ô\E£Úƒ|­Ô\E£Úƒ|­Ô\E£Úƒ|mÔyMê2ˆWÑ + +WÑhÖ +_E+3Wшö _E+5WÑšö _Eu^E“º +òUŽRsjòUŽRsjòUŽRsjòUŽP_¯¢A]ù*Z©¹ŠFµù*Z©¹ŠFµù*Z©¹ŠFµù*šÎwÅU4œŽ\EŸœŽ›ÓÑUôñë8û è—«èÛ +}÷tu}s⊠+ÏìWѧqý¿|üåÃçõžž_>Ýù釳᷿R·w÷¿T§çÛ«Çïï•Ð +¿°«·/äáêæ孍·/ä +uö‚ÚƒêÓÕãË_ *uö‚Úƒïßm^oÿí»sjžEu +î6àÿ_ÙÙôÈu$Vö¯hIv¹²>ø±4ì60€3˜ñ®7lª,L‘Iu÷̯Ÿ,œž‘y£ê<Üž%uêœÇ*Yd3îy‘m7 +ÇËîËÊÓ°{_¹àxÖm”Yu“²pŒé6ÊLºIY8 +teöÜ€, +¯¹ +rŽ¹AÙ8žre–Ü€, +23nRŽGÜF™ +7) +Ç +n¡œnP6ŽçÛF™õ6) +ÇÛm£Ìt›” +ãá¶Qf·MÊÂáj[3ÚaÁp²m|c±MŸs﵍0sm2ŽÇÚF™­6) +ÇKm¡œCmP6ŽgÚF™•6) +Çm£ÌD›” +ぶQfŸMÊÂñ:[(ç8”ãi¶Qf™MÊÂñ.Û(3Ë&eáx”m”Ùd“²pŒÈÊ9ÈeãxŽm”Yc“²pŒÅ6ÊL±IY8 +bãØa“ð +†+láË|ã ¶fMÆÂñþÚ(3¿&eáx|m”Ù^“²pŒŒÊ9Œeãxvm”Y]“²pŒ¹6ÊL®IY8 +\eöÖ€, +¯­ +rŽ­AÙ8žZe–Ö€, +﬍23kRŽGÖF™5) +Ç +ëËÊÓÀz_¹àx^m”YW“²pŒ­6ÊL«IY8 +VãØU“ð +Æ«j!œ£j06Ž'ÕF™E5) +Ç{j£Ìœš” +ã1µQfKMÊÂñ’Z(琔ãµQfEMÊÂñ†Ú(3¡&eáx@m”ÙO“²pŒžÊ9žeãx:m”YN“²pŒ›6ÊÌŠIY8 +Me6Ó€, +/Š +rŠAÙ8žKeÖÒ€, +n¥qL¥Ixã¡Žf'MÆÂñJZ(çH”ã‰ŽQf!MÊÂñ>Ú(3&eáx +m”ÙF“²pŒŒÊ9Œeãxm”YE“²pŒ‰6ÊL¢IY8 +DeöЀ, +¯¡ +rŽ¡AÙ8žBe–Ѐ, +23hRŽGÐF™ +4) +Ç +h¡œhP6çÏÆ8ÖÏ$<‡ñöÙ3}&cáxøl”Ù=“²pŒzÊ9zeãxòl”Y<“²pŒw6Ê̝IY8 +;e¶Î€, +//+OCç}å‚㙳QfåLÊÂñÆÙ(3q&eáxàl”Ù7“²pŒnÞÝáªq3IJlŸ¹°lŸ¹¹: +2Ãióø̶mŸÍ¶ùã÷ǧeó6oþ>÷Ì;ãæׇWߟÆÍüåŸÞþàÏ××7ŸŸ?|Ãoߟ}øåùz;Ÿ»ÿéìyŸ¯ ¯¯owŸü§#@øñÎ3À³ïþ!àóS@Ž6Ï•t +¢³pxh”9 +$eãø4P9s +ˆÒò ²æD­ +ä3AeÍ¡ ZÈǂÆ:ÏɺùdPYs4ˆÖòá ²æt­ +äóAeÍ!ZÈG„Æ:Ïɺù”PYsLˆÖòA¡²æ€­ +ä³BeÍa!ZÈÇ +Âz:/ë +äCe͑!Zȇ†ÊšSCŽ6Ï +•t + +¢³p|thœó쐀 +O•5LJhm  *kNÑÚ@>CTÖ +"¢µ|Œh¬ó +‘¬ +O•5G‰hm &*kNÑÚ@>OTÖ +(¢µ|€h¬óL‘¬ +O•5NJhm ,*kNÑÚ@>[TÖ +.¢µ|Œh¬ó|‘¬ +O•5GŒhm +2*é8eDgáøœQ9sЈÒòQ£±Î³F².@>mTÖ +7¢µ|àš¬9qDkùÌQYsèˆÖò±£±ÎsG².@>yTÖ +=¢µ|øš¬9}DkùüQYs‰Öò€±Î3H².@> +TÖ +C¢µ|©¬9‰Dkù,RYs‰Öòq€±ÎóH².@<‘TÒq$‰ÎÂñ¡€ræT¥ +äsIeÍÁ$ZÈG“Æ:Ï&ɺùtRYs<‰Öò¥²æ„­ +ä3JeÍ!%ZÈǔÂz:§ë +ä“JeÍQ%Zȇ•ÊšÓJŽ6Ï+•5–hm Y©3KzŽ +Zž=ÇÍÝÞ©åþsüà +™®ßÿœqáLã3Û±åÝ8¶üÓ?þöáñÓú|‡§ßdú=÷ùñâSÖþòWêéoûþÒs?׳ïØáýñòôkáçòÜ:>ËÖžcœ=þè¬uûìkw¬o®nÞÜIëöÙ +ÖîXß†§_ ++ëöÙ +ÖŸüZ™ëã·áÎYóYŽ®À +ëñÛpûFZ·Ï^°6pÇzü6<ýZXY·Ï^°6pÇzü6 +¬uûìk_¶ +ÿõwü ³ŽÏ²uîXo¿.}/­Ûg/Xžc}sü +©µnŸœ`màŽõÝÕûþ㣜 +{YyüÙêðôkaã +Ÿeéܱ +¿o¬uûìkw¬ÇïÁýŽnŸœ`màŽõø]ž»•Öí³¬ +|Ùz{ü6ÜJëø,[àŽõømž¹“Öí³¬ +ܱ +¿ +ùÎøìkw¬ÇoõµnŸœ`màËÖ»ÃÕõ{ùÓÜø,[àŽõöêþü g|ö‚µ;Ö7W×o­uûìkw¬ï®îí¿ +Çg/Xø²õþømž—?áŒÏ²uîXß†;kÝ>{ÁÚÀ +ëñÛ ÿ%±}ô‚³p;Êã÷àVþ„3>{AÚÀ—­oŒ”WYÇgÙºw¬ÇïÁAþ47>{ÁÚÀ +ëñ»pm­Ûg/Xžc +¯óUÖŒ +­ +äë|C0Y ¿#XYó’`Ž6_¬¬yO0ZÈo +VÖŒ*­ +ä—ë|[0Y ¿/XYóÂ`Ž6_¬¬yg0ZÈo +VÖŒ6­ +äë|s0Y œ;X9·—£ñ +†¯VÂñþ`4Žß ¬œy +0JÈ/ÖÓ[„Áºù=Âʚ £µü*aeÍ»„ÑÚ@~›°²æuÂhm ¿PØXç +ɺùÂʚ— +£µüZaeÍ{ +ÑÚ@~³°²æÕÂhm ¿\ØXçÛ +ɺùýÂʚ +£µüŠaeÍ;†ÑÚ@~Ë°²æ5Ãhm ŸhØHóŠar6ß5¬”ãeÚ, +¿nX9óŸa”6ß8¬¬yå0ZÈ/ +6ÖùÖa².@~ï°²æÅÃhm ¿zXYóîaŽ6ß>¬¬yý0ZÈ/ 6Öùb².@~±²æ%Ähm ¿†XYó +bŽ6ßD¬¬y1ZÈ/#6Öù6b².@~±²ŠFFk¹FVÖÔÈhm ÖÈJ:jdtkd£LLÊÆq¬œ©‘QÚ@®‘•552ZÈ5²²ŠFFk¹F6ÖY#“ur¬¬©‘ÑÚ@®‘•552ZÈ5²²ŠFFk¹F6ÖY#“ur¬¬©‘ÑÚ@®‘•552ZÈ5²²ŠFFk¹FÖS +ÖÈ5²²ŠFFk¹FVÖÔÈhm ÖÈJ:jdtŽkdãœ52I ×Èʚ­ +äYYS#£µ\#+kjdŽ6kdc52Y ×Èʚ­ +äYYS#£µ\#+kjdŽ6kdc52Y ×Èʚ­ +äYYS#£µ\#+kjdŽ6kdc52Y ×Èʚ­ +ÄYIGŒÎÂq¬œ©‘QÚ@®‘uÖÈd]€\#+kjdŽ6kdeMŒÖr¬¬©‘ÑÚ@®‘uÖÈd]€\#+kjdŽ6kdeMŒÖr¬¬©‘ÑÚ@®‘uÖÈd]€\#+kjdŽ6kdeMŒÖr¬¬©‘ÑÚ@®‘uÖÈd]€X#+鹑ÑY8®‘•352JÈ5²²ŠFFk¹F6ÖY#“ur¬¬©‘ÑÚ@®‘•552ZÈ5²²ŠFFk¹FÖS +ÖÈ5²²ŠFFk¹FVÖÔÈhm ×Èʚ­ +äy?²U52=Gjä³çžy³W#ï?ǏœDùæ©;=~§©FÎg¶ù~ÔÈÿþ嗳!?àøÐù/<È~ªËÖbªë¬#Õek1Õ5֙ê’ubªë¬#Õek1Õu֑겵˜ê:ëHuÙÚ@Lu•5©.Z ŠºÎ:R]¶6S]g +©.[H©®“n©.; +‡©®r&ÕEéÄT×YGªËÖbªë¬#Õek1Õu֑겵˜ê*kR]Ž.@Luu€ºlm ŠºÎ:R]¶6S]g +©.[ˆ©®²&ÕEëÄT×YGªËÖbªë¬#Õek1Õu֑겵˜ê*kR]Ž.@Luu€ºlm ¥ºNº¥ºì, +ŠºÎ9R]–6S]eMª‹Öˆ©®³ŽT—­ +ÄT×YGªËÖbªë¬#Õek1ÕUÖ€ºh]€˜ê:ëHuÙÚ@Luu€ºlm ŠºÎ:R]¶6S]eMª‹Öˆ©®³ŽT—­ +ÄT×YGªËÖbªë¬#Õek1ÕUÖ€ºh]€ê:ç©.Ïa”ê:á–ê²±p˜ê:çHuYÚ@LuuŠºd]˜ê:ëHuÙÚ@Luu€ºlm ŠºÎ:R]¶6S]eMª‹Öˆ©®³ŽT—­ +ÄT×YGªËÖbªë¬#Õek1ÕUÖ€ºh]€˜ê:ëHuÙÚ@Luu€ºlm ŠºÎ:R]¶6R]% +©.:G©®Sn©.+ +‡©®sŽT—¥ +ÄT×YGªËÖbª«¬IuѺ1Õu֑겵˜ê:ëHuÙÚ@Luu€ºlm ŠºÊšT­ +S]g +©.[ˆ©®³ŽT—­ +ÄT×YGªËÖbª«¬IuѺ1Õu֑겵˜ê:ëHuÙÚ@JutKuÙY8Ju•r€ºšl +ŠºÎ9R]–6S]g +©.[ˆ©®³ŽT—­ +ÄTWY“ê¢ubªë¬#Õek1Õu֑겵˜ê:ëHuÙÚ@Lu•5©.Z ŠºÎ:R]¶6S]g +©.[ˆ©®³ŽT—­ +ÄT×XgªKÖˆ©®³ŽT—­ +ÄT×YGªËÖRªë€[ªËÎÂaª«œIuQº1Õu֑겵˜ê:ëHuÙÚ@Luu€ºlm ŠºÊšT­ +S]g +©.[ˆ©®³ŽT—­ +ÄT×YGªËÖbª«¬IuѺ1Õu֑겵˜ê:ëHuÙÚ@LuuLºÙÚ@Lu•5©.Z ŠºÎ:R]¶6R]'ÝR]vS]ç +©.Kˆ©®²&ÕEëÄT×YGªËÖbªë¬#Õek1Õu֑겵˜ê*kR]Ž.@Luu€ºlm ŠºÎ:R]¶6S]g +©.[ˆ©®²&ÕEëÄT×YGªËÖbªë¬#Õek1Õu֑겵˜ê*kR]Ž.@JutKuÙY8Lus€º,m ŠºÎ:R]¶6S]eMª‹Öˆ©®³ŽT—­ +ÄT×YGªËÖbªë¬#Õek1Õ5֙ê’ubªë¬#Õek1Õu֑겵˜ê:ëHuÙÚ@Lu1<œœêâsŒ?ÇíõNª +Ïñc?mKŸºSLuÇg¶T÷͚ê~{øú×ׇûW__j8ß<ý.ôIòüáÃaç«vª:ágÕyöŒûUçó瀪­ +äªSYSu¢µ\uë¬:ɺ¹êTÖThm WÊšª­ +ĪSIGՉÎÂqÕiœ³ê$éäªSYSu¢µ\u*kªNŽ6«NeMՉÖrÕi¬³ê$ëäªSYSu¢µ\u*kªNŽ6«NeMՉÖrÕi¬³ê$ëäªSYSu¢µ\u*kªNŽ6«NeMՉÖrÕi¬³ê$ëäªSYSu¢µXu*éš:ÑY8®:•3U'JÈU§±Îª“¬ +«NeMՉÖrÕ©¬©:ÑÚ@®:•5U'ZÈU§±Îª“¬ +«NeMՉÖrÕ©¬©:ÑÚ@®:•5U'ZÈU§±Îª“¬ +«NeMՉÖrÕ©¬©:ÑÚ@®:•5U'ZÈU§±Îª“¬ +ªNåܪN4žÃ°êTÂQu¢±p\u*gªN”6«Na=U`]\u*kªNŽ6«NeMՉÖrÕ©¬©:ÑÚ@®:uVd]€\u*kªNŽ6«NeMՉÖrÕ©¬©:ÑÚ@®:uVd]€\u*kªNŽ6«NeMՉÖrÕ©¬©:ÑÚ@¬:4U'9‡U§RŽª• +ãªS9Su¢Ž\u*kªNŽ6«NcU'Y WÊšª­ +äªSYSu¢µ\u*kªNŽ6«NcU'Y WÊšª­ +äªSYSu¢µ\u*kªNŽ6«NcU'Y WÊšª­ +äªSYSu¢µXu*éš:ÑY8¬:2U')ÇU§rŠêDi¹êTÖThm WÊšª­ +äªÓXgÕIÖÈU§²ŠêDk¹êTÖThm WÊšª­ +äªÓXgÕIÖÈU§²ŠêDk¹êTÖThm WÊšª­ +äªSXOU'XW WÊšª­ +äªSYSu¢µXu*éš:ÑY8®:sV$]€\u*kªNŽ6«NeMՉÖrÕ©¬©:ÑÚ@®:uVd]€\u*kªNŽ6«NeMՉÖrÕ©¬©:ÑÚ@®:uVd]€\u*kªNŽ6«NeMՉÖrÕ©¬©:ÑÚ@®:uVd]€\u*kªNŽ6«N% +U': +ÇU§rŠêDi¹ê4ÖYu’urÕ©¬©:ÑÚ@®:•5U'ZÈU§²ŠêDk¹ê4ÖYu’urÕ©¬©:ÑÚ@®:•5U'ZÈU§²ŠêDk¹ê4ÖYu’urÕ©¬©:ÑÚ@®:•5U'ZÈU§²ŠêDk¹ê4ÖYu’ubÕ©€£êDgážêTÎT(m WÊšª­ +äªÓXgÕIÖÈU§²ŠêDk¹êTÖThm WÊšª­ +äªSXOU'XW WÊšª­ +äªSYSu¢µ\u*kªNŽ6«Îý>QUô +©:Ϟãöf¯êÜŽŒ€õíÓ/Êožê +ŸÙªÎ·£êüÓß¿?|ýüáÓögÿùúpýêÃÇÇOßŸœT/ÝÞ~:³­tsüòÝîõ3-‚§iÑÙÓî§EÏÒ"Ž6Ó"eMZ„ÖrZd¬3-"ëäŽHY“¡µœ)kÒ"Ž6Ó"eMZ„ÖrZd¬3-"ëäŽHY“¡µ˜)éH‹ÐY8N‹”3iJÈi‘±ÎŽˆ¬ +Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹”5iZÈi‘±ÎŽˆ¬ +Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹”5iZÈi‘±ÎŽˆ¬ +Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹”5iZÈi‘±ÎŽˆ¬ +Ò"åÜÒ"4žÃ0-R‘¡±pœ)gÒ"”6Ó"a=¥E`]œ)kÒ"Ž6Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹ŒuŠEd]€œ)kÒ"Ž6Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹ŒuŠEd]€œ)kÒ"Ž6Ó"eMZ„ÖrZ€¬I‹ÐÚ@L‹Œ4i9‡i‘RŽŽ• +ãŽH9“¡Žœ)kÒ"Ž6Ó"ciY §EʚŽ­ +äŽHY“¡µœ)kÒ"Ž6Ó"ciY §EʚŽ­ +äŽHY“¡µœ)kÒ"Ž6Ó"ciY §EʚŽ­ +äŽHY“¡µ˜)éH‹ÐY8L‹Œ2i)Çi‘r&-Bi9-RÖ€Ehm §EʚŽ­ +äŽÈXgZDÖÈi‘²&-Bk9-RÖ€Ehm §EʚŽ­ +äŽÈXgZDÖÈi‘²&-Bk9-RÖ€Ehm §EʚŽ­ +äŽHXOiXW §EʚŽ­ +äŽHY“¡µ˜)éH‹ÐY8N‹ŒsŠE$]€œ)kÒ"Ž6Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹ŒuŠEd]€œ)kÒ"Ž6Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹ŒuŠEd]€œ)kÒ"Ž6Ó"eMZ„ÖrZ€¬I‹ÐÚ@N‹ŒuŠEd]€œ)kÒ"Ž6Ó"% +i: +Çi‘r&-Bi9-2֙‘urZ€¬I‹ÐÚ@N‹”5iZÈi‘²&-Bk9-2֙‘urZ€¬I‹ÐÚ@N‹”5iZÈi‘²&-Bk9-2֙‘urZ€¬I‹ÐÚ@N‹”5iZÈi‘²&-Bk9-2֙‘ubZ€€#-Bgá8-R΀E(m §EʚŽ­ +äŽÈXgZDÖÈi‘²&-Bk9-RÖ€Ehm §EʚŽ­ +äŽHXOiXW §EʚŽ­ +äŽHY“¡µœ)kÒ"Ž6Ó¢ý6F¥Eô +I‹Îžc?-ÚŽŒ0îøKÆÛ7N‹Æg¶ŽèÝH‹þåËço_>=¬xx»ýÞþ üü’ž›Ãû/ÕÓßþö³z°ñ¡ó»zþ oþš¯^x¬Ûg/Xžc}wõöéˆÊº}ö‚µ;wÓ +ÿé»sÖ|­+pÇ:.ëSÖÜþ‡ÖòíʚÛÿÐÚ@ŸýOYsûZÈ·ÿëŒý¬ +oÿSÖÜþ‡ÖòíʚÛÿÐÚ@ŒýOIÇíè, +ßþgœóö?’.@ŸýOYsûZÈ·ÿ)knÿCkùö?eÍíhm ßþg¬óö?².@ŸýOY“袵œè*k]Ž6]eM¢‹Ör¢k¬3Ñ%ëäDWY“袵œè*k]Ž6]eM¢‹Ör¢k¬3Ñ%ëäDWY“袵˜è*éHtÑY8Nt•3‰.Jȉ®±ÎD—¬ +]eM¢‹Ör¢«¬ItÑÚ@Nt•5‰.Zȉ®±ÎD—¬ +]eM¢‹Ör¢«¬ItÑÚ@Nt•5‰.Zȉ®±ÎD—¬ +]eM¢‹Ör¢«¬ItÑÚ@Nt•5‰.Zȉ®±ÎD—¬ +]åÜ]4žÃ0ÑU‘袱pœè*g]”6]a=%º`]œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Lt4‰.9‡‰®RŽD• +ãDW9“袎œè*k]Ž6]c‰.Y 'ºÊšD­ +äDWY“袵œè*k]Ž6]c‰.Y 'ºÊšD­ +äDWY“袵œè*k]Ž6]c‰.Y 'ºÊšD­ +äDWY“袵˜è*éHtÑY8Lt2‰.)lj®r&ÑEi9ÑUÖ$ºhm 'ºÊšD­ +äD×Xg¢KÖȉ®²&ÑEk9ÑUÖ$ºhm 'ºÊšD­ +äD×Xg¢KÖȉ®²&ÑEk9ÑUÖ$ºhm 'ºÊšD­ +äDWXO‰.XW 'ºÊšD­ +äDWY“袵˜è*éHtÑY8Nts&º$]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]% +‰.: +lj®r&ÑEi9Ñ5֙è’ur¢«¬ItÑÚ@Nt•5‰.Zȉ®²&ÑEk9Ñ5֙è’ur¢«¬ItÑÚ@Nt•5‰.Zȉ®²&ÑEk9Ñ5֙è’ur¢«¬ItÑÚ@Nt•5‰.Zȉ®²&ÑEk9Ñ5֙è’ub¢«€#ÑEgá8ÑUÎ$º(m 'ºÊšD­ +äD×Xg¢KÖȉ®²&ÑEk9ÑUÖ$ºhm 'ºÊšD­ +äDWXO‰.XW 'ºÊšD­ +äDWY“袵œè*k]Ž6ÝýðT%ºô +ItϞãöv/ÑÝŽLtïî®î.ºÛG¶@÷ýtÿçׇO¿ÿüB {|ŒÛù÷ŒxËßÝÝábŸ +O•<÷ôTûu€8—” +ã4×(S撲pÜå^Vž²Ü}å‚ã(×(Ó䒲p\äe‚\RŽs\£LKÊÂq‹+”3Åeã8Ä5Êtž€, +WžF™—” +Ã×GKÂs÷·B8ó[06Žã[£L{KÊÂqyk” oIY8În2Õ-) +ÇÍ­PÎ䔍ãàÖ(Óے²p\Ûeb[RŽS[£LiKÊÂqg+”3³eã8²5Ê4¶€, +¶F™À–” +ãŒÖ(Sג²pÜÖ +åLkAÙ8k2]-) +‡U­1Žš–„ç0Nj0E- +Ç=­PΜ”ã˜Ö(ÓҒ²p\ÒeBZRŽ3Z£LEKÊÂqC+”3¡eã8 5Êô³€, +׳F™x–” +ãtÖ(SΒ²pÜÍ +åÌfAÙ8Žf2Í,) +ÇŬQ&˜%eá8—5ÊÔ²€, +·²B9SYP6ŽBY#Ü:Yҝ¡°’5¶ɒî +Ɖ¬Š%cតœ¬<å±ûÊÇq¬QŠ%eᾌ5ʄ±€, +g±F™*–” +ã&V(g +ÊÆqk”éaIY8®a21,) +Ç)¬QŠ„%eឃʙÁ‚²q +ÁeXRŽ +X£LKÊÂqþj”©_IY8l_ +1é+ +†á«ñî•|ç0®^0Ñ+ +ÇÉ«QŠx%eážwʙ»‚²q +»eZWRŽKW£LèJÊÂqæj”©\IY8n\ +r&® l +®F™Ÿ•” +ãºÕ(·’²pœ¶eÊVRŽ»V¡œY+(ÇQ«QŠi%eážh5Ê­€, +æ¬Æ8jVžÃ°eŸ€¬à+‡¬F˜Ž•Œ +ãŠÕ(±’²pœ°e +VRŽûU¡œù*(ÇñªQŠ]%eáž\5ʄ«€, +g«F™j•” +ãfU(g² +ÊÆq°j”éUIY8®U2±*) +Ç©ªQŠT%eážSœ¬5Êħ€, +§§F™ò”” +ãîT(gv +ÊÆqtj”iNIY8,Nq§$<‡qnj„©MÉX8nM +rŠŠ l +‡ŠF™Î”” +ãÊÔ(™’²pœ˜e +SRŽûR¡œy)(Çq©QŠ-%eáž,5ʄ¥€, +g¥F™ª”” +ãŠT(gR +ÊÆqPj”éIIY8®I21)) +Ç)©QŠ$%eáž#ʙ‘‚²q‘ãhHIxã‚Ԑ’±pœeêQRŽÛQ¡œé((ÇášQŠ%eáž5ÊD£€, +'£F™b”” +ã^ô²ò”‹î+ +Ç¢F™V”” +ãRÔ(Š’²pœ‰e*QRŽÑÝöQ%¢ð)DO±ˆî>Ä҇Þ\èCoWwÇc :>³¢Ç¯Â–ˆþÇ·ÇÏ¿løíÃo¿~xüŒýÉß +¿ÿºýÑç¿<Ÿ>Œúòíùæõîø¥<ütfþµ|÷înç‹yšÞÂÓÏííÙÓïoŸ?¬oÑÚ@Þßë +à’uòWY³ÁEky +«¬™á¢µ<ÄUÖ,qÑÚ@Þâë +ã’uÒ +W9·=.ÏažÈUÂ1ÉEcáx”«œY墎ŒËÖÓ0¬+§¹Êšm.ZÈë\eÍ<­ +䁮²f¡‹ÖòF×XçH—¬ +gºÊš.ZÈK]eÍT­ +ä±®²f­‹Öò^×Xç`—¬ +'»ÊšÍ.ZÈ«]eÍl­ +ä᮲f¹‹Öâv×H3Þ%gãpŸ«”c¿‹ÊÂñ‚W93áEiyÄ«¬Yñ¢µŒã5Ö9ä%ëä)¯²fˋÖòšWY3çEkyЫ¬Yô¢µŒé5Ö9ê%ëäY¯²f׋Öò²WY3íEkyÜ«¬Y÷¢µŒï5Ö9ð%ë䉯²fã‹ÖòÊWY3óEkqè«€cé‹ÎÂáÖ×(3ö%eãxÙû¢ŽŒøUÖL~ÑÚ@ +ý*kV¿hm ï~uɺyú«¬Ùþ¢µŒþUÖÌÑÚ@ ++kÀhm o€uŽ€Éºy¬¬Ù£µŒVÖLÑÚ@ ++kÖÀhm ï +õ4ë +äI°²fŒÖò*XY3 +Fkq¬€cŒÎÂñ6Ø8ç8˜€ +çÁʚ}0ZÈ +aeÍD­ +䑰²f%ŒÖòNØXçP˜¬ +§Âʚ­0ZÈkaeÍ\­ +äÁ°²f1ŒÖòfØXçh˜¬ +gÃʚÝ0ZÈËaeÍt­ +äñ°²f=ŒÖò~ØX瀘¬ +'Äʚ +1Zˆ+b% +3btŽ‡Äʙ%1JÈ[bccb².@ž+köÄhm /Š•5“bŽ6GÅʚU1ZÈ»bcÃb².@ž+k¶Åhm ¯‹•5óbŽ6Æʚ +1ZÈcc#c².@ž+kvÆhm /•5ScŽ6ÇÆʚµ1ZÈ{ccƒc².@œ ++éØ +£³pŒ:VÎ̎QÚ@ + ++k–Çhm ouŽÉºy~¬¬Ù£µŒ@VÖLÑÚ@ +!+kVÈhm ï +õ4Dë +ä)²²f‹ŒÖòYY3GFky¬¬Y$£µŒIŠ!­%Ósd•|ö +·o÷fÉûÏñƒ÷Ö +Þ] +¿ŒK +Ÿ»äÃØ%ÿïÿûíӗ_ž_àr{uýôM<WûÓ,äíÅ«kèÁrwÍكí_^óüAàöŽ6ï¯QÖ\`ƒÖò6ÂzºÃ¬+o±QÖ\cƒÖòE6ʚ›lÐÚ@ŸËFYs™ +ZÈ×ÙëŒÏ†¬ +oŽQÖ\iƒÖò¥6ʚ[mÐÚ@Œ×FIÇÅ6è, +_mcœón’.@ŸÝFYsœ +ZÈÜ(knžAkùŽeÍ%7hm _sc¬óž².@ŸéFYsÕ +ZȗÝ(kn»AkùŸeÍ +7hm _yc¬óβ.@ŸõFYsí +ZÈß(knŸAkùîeÍå7hm _c¬óþ².@ŸGYsZˆ—à(鞝 +ã{p”3á Ž|Ž±Î»pȺù6 +eÍu8hm _ˆ£¬¹­ +ä;q”5—â µ|-Ž±Î{qȺùf +eÍÕ8hm _Ž£¬ItÑÚ@Nt•5‰.Zȉ®±ÎD—¬ +]eM¢‹Ör¢«¬ItÑÚ@Nt•5‰.Zȉ®±ÎD—¬ +]åÜ]4žÃ0ÑU‘袱pœè*g]”6]a=%º`]œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Lt4‰.9‡‰®RŽD• +ãDW9“袎œè*k]Ž6]c‰.Y 'ºÊšD­ +äDWY“袵œè*k]Ž6]c‰.Y 'ºÊšD­ +äDWY“袵œè*k]Ž6]c‰.Y 'ºÊšD­ +äDWY“袵˜è*éHtÑY8Lt2‰.)lj®r&ÑEi9ÑUÖ$ºhm 'ºÊšD­ +äD×Xg¢KÖȉ®²&ÑEk9ÑUÖ$ºhm 'ºÊšD­ +äD×Xg¢KÖȉ®²&ÑEk9ÑUÖ$ºhm 'ºÊšD­ +äDWXO‰.XW 'ºÊšD­ +äDWY“袵˜è*éHtÑY8Nts&º$]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]eM¢‹Ör¢«¬ItÑÚ@Ntu&ºd]€œè*k]Ž6]% +‰.: +lj®r&ÑEi9Ñ5֙è’ur¢«¬ItÑÚ@Nt•5‰.Zȉ®²&ÑEk9Ñ5֙è’ur¢«¬ItÑÚ@Nt•5‰.Zȉ®²&ÑEk9Ñ5֙è’ur¢«¬ItÑÚ@Nt•5‰.Zȉ®²&ÑEk9Ñ5֙è’ub¢«€#ÑEgá8ÑUÎ$º(m 'ºÊšD­ +äD×Xg¢KÖȉ®²&ÑEk9ÑUÖ$ºhm 'ºÊšD­ +äDWXO‰.XW 'ºÊšD­ +äDWY“袵œè*k]Ž6ÝýðT%ºô +ItϞãöÝ^¢»ÿ +?xuÐõÓoÅßs¢;>3ݛ$ºÿëß·?ø×ß?üå÷‡—ª°·O‡F'Çú 7Ww÷‡œ +‚f²Ï8“­³gÜO¶ž?$[hm '[Æ:“-².@N¶”5ÉZÈɖ²&ÙBk9ÙRÖ$[hm '[Æ:“-².@N¶”5ÉZÈɖ²&ÙBk9ÙRÖ$[hm '[Æ:“-².@N¶”5ÉZˆÉ–’Žd + +ãdK9“l¡ŽœlëL¶Èº9ÙRÖ$[hm '[ʚd +­ +ädKY“l¡µœlëL¶Èº9ÙRÖ$[hm '[ʚd +­ +ädKY“l¡µœlëL¶Èº9ÙRÖ$[hm '[ʚd +­ +ädKY“l¡µœlëL¶Èº)ÙRÎ-ÙBã9 +“-% +É +Çɖr&ÙBi9ÙÖS²ÖÈɖ²&ÙBk9ÙRÖ$[hm '[ʚd +­ +ädËXg²EÖÈɖ²&ÙBk9ÙRÖ$[hm '[ʚd +­ +ädËXg²EÖÈɖ²&ÙBk9ÙRÖ$[hm '[ʚd +­ +ÄdËH“l‘³q˜l)åH¶PY8N¶”3ÉJÈɖ²&ÙBk9Ù2֙l‘ur²¥¬I¶ÐÚ@N¶”5ÉZÈɖ²&ÙBk9Ù2֙l‘ur²¥¬I¶ÐÚ@N¶”5ÉZÈɖ²&ÙBk9Ù2֙l‘ur²¥¬I¶ÐÚ@N¶”5ÉZˆÉ–’Žd + +ÃdË(“l‘²qœl)g’-”6“-eM² +Ör²¥¬I¶ÐÚ@N¶Œu&[d]€œl)k’-Ž6“-eM² +Ör²¥¬I¶ÐÚ@N¶Œu&[d]€œl)k’-Ž6“-eM² +Ör²¥¬I¶ÐÚ@N¶„õ”lur²¥¬I¶ÐÚ@N¶”5ÉZˆÉ–’Žd + +ãdË8g²EÒÈɖ²&ÙBk9ÙRÖ$[hm '[ʚd +­ +ädËXg²EÖÈɖ²&ÙBk9ÙRÖ$[hm '[ʚd +­ +ädËXg²EÖÈɖ²&ÙBk9ÙRÖ$[hm '[ʚd +­ +ädËXg²EÖÈɖ²&ÙBk1ÙRґl¡³pœl)g’-”6“-cÉY '[ʚd +­ +ädKY“l¡µœl)k’-Ž6“-cÉY '[ʚd +­ +ädKY“l¡µœl)k’-Ž6“-cÉY '[ʚd +­ +ädKY“l¡µœl)k’-Ž6“-cÉY &[J:’-tŽ“-åL² +Òr²¥¬I¶ÐÚ@N¶Œu&[d]€œl)k’-Ž6“-eM² +Ör²¥¬I¶ÐÚ@N¶„õ”lur²¥¬I¶ÐÚ@N¶”5ÉZÈɖ²&ÙBk9ÙÚ¯T²Eϑdëì9ö“­ýçøÇ»ëÃñWFOÉÖñZÜí$[‡÷Ç¿ÿæéf¿ë?ŽÖóDÇÀOÉÖøP>óôD÷£×ú—/Ÿÿ|}}óËï_?|üòyû‹Ÿ¹y»ýÑ·¿ýúáñóëëØþÂ÷_ÆgŽקñÇ¿}ùüøýËחvc÷‡»ŸÎžíùŌÇ/ÂË_ì¹$£Z>tþCÛ]’œð +ûK2¶6—dÎ:–dlm .ɜu,ÉØÚ@\’)k–dh]€ž$sÖ±$ckqIæ¬cIÆÖâ’ÌYǒŒ­ +€%™’Ž%:GK2§Ü–d¬, +.ɜs,ÉXÚ@\’9ëX’±µž$SÖ,ÉкqIæ¬cIÆÖâ’ÌYǒŒ­ +Ä%™³Ž%[ˆK2e͒ +­ +—dÎ:–dlm .ɜu,ÉØÚ@\’9ëX’±µž$SÖ,ÉкqIæ¬cIÆÖâ’ÌYǒŒ­ +€%™“nK2vŽ–dJ9–dšl +.ɜs,ÉXÚ@\’9ëX’±µž$sÖ±$ckqIŠ¬Y’¡uâ’ÌYǒŒ­ +Ä%™³Ž%[ˆK2g +K2¶6—dʚ%Z .ɜu,ÉØÚ@\’9ëX’±µž$sÖ±$ckqIf¬sIFÖˆK2g +K2¶6—dÎ:–dlm -ɜt[’±³pž$SÎ,ÉPºqIæ¬cIÆÖâ’ÌYǒŒ­ +Ä%™³Ž%[ˆK2e͒ +­ +—dÎ:–dlm .ɜu,ÉØÚ@\’9ëX’±µž$SÖ,ÉкqIæ¬cIÆÖâ’ÌYǒŒ­ +Ä%™³æ%qhm .ɔ5K2Ž.@\’9ëX’±µŽ$sÒmIÆÎÂá’Ì9ǒŒ¥ +Ä%™²fI†ÖˆK2g +K2¶6—dÎ:–dlm .ɜu,ÉØÚ@\’)k–dh]€ž$sÖ±$ckqIæ¬cIÆÖâ’ÌYǒŒ­ +Ä%™²fI†ÖˆK2g +K2¶6—dÎ:–dlm .ɜu,ÉØÚ@\’)k–dh]€Ž$sÒmIÆÎÂá’Ì9ǒŒ¥ +Ä%™³Ž%[ˆK2e͒ +­ +—dÎ:–dlm .ɜu,ÉØÚ@\’9ëX’±µž$3Ö¹$#ë +Ä%™³Ž%[ˆK2g +K2¶6—dÎ:–dlm .É`Üd–dø +ãCçÏqw³³$ƒç8{ù÷Ӓì–_þ}x{wüß²øîïñ‘mGvK²ÿøöᗱûòúpÿê¯Oÿçáë_^ßÜ¿úÛó×oO¿G;uÏ¿|·w÷—^O›Ïœ=íîKÀŸ?Åþ;ÀQY8|žQæà€l +Ÿþ[)ÇÛ¿QY8|÷·RŽW£²pøâo¥ +ïýFeáð­ßF™—~“²qøÊo¥ +oüFeáð}ßJ9^÷ÊÂáËŸ•rŒë• +Ã7}e^ôMÊÆákŸ•rŒå• +£w|+ãöŠožÃðßJ8ÞïÆÂáÛœ2/÷&eãðÕÞJ9ÞìÊÂá{œ•rŒÖ• +×z+åx§7* +‡oô6ʌЛ”Ã×y+åx›7* +‡ïòVÊñ*oT_䭔ã=Þš, +ŸÅÛ(óoR6_᭔ã +Þš, +Ÿ¿[)Çë»QY8|y·RŽww£²pøæn£Ì‹»IÙ8xm·þñÖnԝ¡èÝʶœ²uç0|a·Ž÷u£±pø¶n¡œ/ëå‚ÃWu+åxS7* +‡ïéVÊñšnT_Ò­”ã +Ýš, +Ÿ¡Û(gVÊÆqTe”iªHY8.ªŒ2A) +Ç9•QŠŠ"eឥʙR²q +Re:*RŽ+*£LDEÊÂqBe”)šHY8진1ù +†ñ”ñvŠ|ç0.§Œ0á +ÇٔQŠš"eᾙʙL²q +Lez)RŽk)£L,EÊÂq*e”)¥HY8rfR l +GRF™FŠ” +ãBÊ(H‘²pœGeê(RŽÛ(¡œi(Ça”QŠ‹"eᾊ2ÊDQ€, +&QÆ8Š(žÃ°‡ŸäPà+ÇPF˜ŠŒ +ãÊ(B‘²pœAe*(RŽ(¡œ (Ç”QŠ"eáž~2ÊÄO€, +§OF™ò‰” +ãîI(göÊÆqôd”ižHY8.žŒ2Á) +ǹ“QŠv"eážuº¬<¥NûÊÇ¡“QŠs"eážr2ÊDN€, +&NÆ8 +'žÃžo™7±q +7eÚ&RŽË&£LØDÊÂqÖd”©šHY8nš„r&M l +MF™ž‰” +ãšÉ(3‘²pœ2eJ&RŽ;&¡œ(Ç“QŠa"eáž`2ÊL€, +çKF™•) +Çí’PÎt ”ãpÉ(Ó-‘²pX-㈖HxãdÉS,‘±pÜ+ å̕@Ù8Ž•Œ2­) +Ç¥’Q&T"eá8S2ÊTJ€, +7JB9%P6Ž%£LŸDÊÂqd”‰“HY8N“Œ2e) +Ç]’PÎ, ”ã(É(Ó$‘²p\$e‚$RŽs$£LDÊÂq‹$”3Eeã0D2ÆÑ!‘ð +Æ’&B"cá8A2ÊH€, +÷GB9ó#P6Žã#£L{DÊÂqyd” HY8ΎŒ2Õ) +ÇÍÑeå)9ÚW.8ŽŒ2œ) +ǵ‘Q&6"eá852ʔF€, +wFÐɈÌ +"•Ñé!ö#£Ý‡8kŒ¶ßßáÆèÍáêýá=GFã3[et3*£~ýöîÕ_ŸŠ¢Ÿ>ü%o þøëÃÇÿúöûo۟ýçïŸ?~}xõøåó·—Vš÷wo:{„^J}ü)h'<šËTø!ÌiêÙa›úüA`œŠÖòVY3Eky"«¬ÙÈ¢µŒ’UÖÌdÑÚ@ +Ê +ëi) +ÖÈ[YeÍX­ +乬²f/‹ÖâbVIÇd +ãѬqÎÕ,I ïf•5ÃYŽ6§³Êší,ZÈëYeÍ|­ +ä­±Î-Y oh•5#ZŽ6gŽÊš +-ZÈKZe͔­ +ä1­±Î5-Y ïi•5ƒZŽ6'µÊšM-ZÈ«ZeÍÁ.ZÈÃZcËZ².@ÞÖ*kƵhm Îk•tìkÑY8^Ø*g&¶(m lu®lɺyg«¬Ú¢µ<µUÖlmÑÚ@^Û*kæ¶hm nu.nɺys«¬Ý¢µ<»UÖìnÑÚ@^Þ*kŠ·hm ou®oɺy«¬ࢵ<ÁUÖlpÑÚ@^á*kfžhm qu.qɺq‹«€cŒ‹ÎÂñ +W9³ÇEiy‘«¬™ä¢µ<Ê5Ö¹Ê%ëä]®²f˜‹Öò4WY³ÍEky«¬™ç¢µ<ÐÖÓB¬+7ºÊš‘.ZÈ3]eÍN­ +䥮²fª‹ÖòXw\ªÖºô +™ëž=ÇÝíÞ^wÿ9~p°{÷îøïx°;>³ +voÇ`÷ß +³ÑýöøËçßÿúð|“{xuóôe;YžÙÞœ»Ûœ +àpuøãß·ð”ùÐùSŸp +Àí՛7‡— +äëöÙ +ÖîXÇEʚ‹ÐÚ@Ÿú@Ys÷ZÈ·ëŒþ€¬ +/@PÖ܀€Öò +ʚKÐÚ@ŸAYsZÈ7!ëŒ +¬ +/CPÖ܆€Öò}ʚ +ÐÚ@ŸAYs'ZÈ·"댁¬ +/FPÖ܌€ÖâÝJ:.G@gáøzåÌý(m ߐ`¬óŠ².@Ÿ$AYsKZÈ÷$(k.J@kùªeÍ] hm ߖ`¬óº².@Ÿ0AYscZÈw&(k.M@kùÚeÍœ hm ߜ`¬3P#ëä@MYš¡µ +š)k5Ž65eM †Ör f¬3P#ë€@M9·@ +ç0 +Ԕpjh, +jʙ@ +¥ +ä@MXOXW jʚ@ +­ +ä@MYš¡µ +š)k5Ž65cY jʚ@ +­ +ä@MYš¡µ +š)k5Ž65cY jʚ@ +­ +ä@MYš¡µ +š)k5Ž65#M FÎÆa Š”#PCeá8PSÎj(m jʚ@ +­ +ä@ÍXg FÖȁš²&PCk9PSÖjhm jʚ@ +­ +ä@ÍXg FÖȁš²&PCk9PSÖjhm jʚ@ +­ +ä@ÍXg FÖȁš²&PCk9PSÖjhm jJ:5t5£L FÊÆq Šœ ÔPÚ@Ԕ5Zȁš²&PCk9P3Öš‘ur Š¬ ÔÐÚ@Ԕ5Zȁš²&PCk9P3Öš‘ur Š¬ ÔÐÚ@Ԕ5Zȁš²&PCk9PÖS Öȁš²&PCk9PSÖjhm jJ:5tŽ5㜁I jʚ@ +­ +ä@MYš¡µ +š)k5Ž65cY jʚ@ +­ +ä@MYš¡µ +š)k5Ž65cY jʚ@ +­ +ä@MYš¡µ +š)k†Œhm jÆ:5².@Ԕ5Zˆš’Ž@ + +ã@M9š¡Ž +šë +ÔȺ9PSÖjhm jʚ@ +­ +ä@MYš¡µ +šë +ÔȺ9PSÖjhm jʚ@ +­ +ä@MYš¡µ +šë +ÔȺ9PSÖjhm jʚ@ +­ +ä@MYš¡µ +šë +ÔȺ1PSÒš¡³p +š)g5”65eM †Ör f¬3P#ëä@MYš¡µ +š)k5Ž65eM †Ör &¬§@ +¬+5eM †Ör Š¬ ÔÐÚ@Ԕ5Zȁ•V"P£çH vö +ûÚþs,ÚÍ +@íöÍÕõá +jã3[ v7µ}øóõõÍçÇÏ¿lþ·_?þºýáÓñéáÛ?ýüøõáãëëï_Ÿ>>|Ûþ»ï_¶ÿüíËçÇã_iƒòîé7sOϵ>üÍÕÝñÿù_þJϑü°29ûQíDž?ŒDPÚ@ +‰(kF"hm DŒuŽDȺy$¢¬‰ µ<Q֌DÐÚ@ +‰(kF"hm DŒuŽDȺy$¢¬‰ µ<Q֌DÐÚ@ +‰(kF"hm DŒuŽDȺy$¢¬‰ µ<Q֌DÐÚ@ +‰(鉠³p81ʌDHÙ8 +‰(gF"(m D”5#Ž6G"ʚ‘ZÈ#c#².@ +‰(kF"hm D”5#Ž6G"ʚ‘ZÈ#c#².@ +‰(kF"hm D”5#Ž6G"ʚ‘ZÈ#a=DÀºy$¢¬‰ µ<Q֌DÐÚ@ +‰(鉠³p<1Î9!é䑈²f$‚ÖòHDY3Aky$¢¬‰ µ<1Ö9!ë䑈²f$‚ÖòHDY3Aky$¢¬‰ µ<1Ö9!ë䑈²f$‚ÖòHDY3Aky$¢¬ùÍDŽ6G"Æ:G"d]€<Q֌DÐÚ@ +‰(鉠³p<QΌDPÚ@ +‰ë +‰uòHDY3Aky$¢¬‰ µ<Q֌DÐÚ@ +‰ë +‰uòHDY3Aky$¢¬‰ µ<Q֌DÐÚ@ +‰ë +‰uòHDY3Aky$¢¬‰ µ<Q֌DÐÚ@ +‰ë +‰uâHDIÇH +㑈rf$‚ÒòHDY3Aky$b¬s$BÖÈ#eÍH­ +䑈²f$‚ÖòHDY3Aky$"¬§‘XW D”5#Ž6G"ʚ‘ZÈ#eÍH­ +ä‘ÈþvADè929{Ž»»œ‘Èþsüà[Œožîy$2>³DîÇHäOÿøé÷ŸçFd +C¶?ùðùçúòuŒãø÷¿üüúðêi/r>ùóõýõ?úŽýÉÃëÃý«¿|øïï۟‡gÿqü;ÏWïŸ~cçôÃxþ}9Œ}··)™g_ðe˜g_g_†ý³¯çg_hm Ÿ})kΟÐÚ@>û2ÖyöEÖÈg_ʚ³/Ž6ÏŸ”5g_hm Ÿ})kΟÐÚ@>û2ÖyöEÖÈg_ʚ³/Ž6ÏŸ”5g_hm Ÿ})kΟÐÚ@>ûÖÓÙXW Ÿ})kΟÐÚ@>ûR֜}¡µxö¥€ãì + +ã³/ãœg_$]€|ö¥¬9ûBkùìKYsö +Öòٗ²æì +­ +ä³/cg_d]€|ö¥¬9ûBkùìKYsö +Öòٗ²æì +­ +ä³/cg_d]€|ö¥¬9ûBkùìKYsö +Öòٗ²ÎÿDÖòٗ±Î³/².@>ûR֜}¡µxö¥€ãì + +ã³/åÌÙJÈg_Æ:ϟȺùìKYsö +Öòٗ²æì +­ +ä³/eÍÙZÈg_Æ:ϟȺùìKYsö +Öòٗ²æì +­ +ä³/eÍÙZÈg_Æ:ϟȺùìKYsö +Öòٗ²æì +­ +ä³/eÍÙZÈg_Æ:ϟȺñìKIÇÙ: +Çg_ʙ³/”6ÏŸ”5g_hm Ÿ}ë<û"ëä³/eÍÙZÈg_ʚ³/Ž6ÏŸ”5g_hm Ÿ} ëéì +¬+ÏŸ”5g_hm Ÿ})kΟÐÚ@>ûR֜}¡µ|öEg,â싞#g_ç'M7{g_ûÏñƒôñv8ÜòÙ×øÌvöõfœ}ýŸ×·÷¯ +[¿¶?þøëÃÇÿz~ŸçíÝöÓÝÉùü‹xwü`ç>Ïy"<óŒ +ñì™÷ïB|þ p"ZÈw!ëŒ +‘¬ +ïBTÖÜ +ˆÖò]ˆÊš»ÑÚ@Ÿ +QYs"ZÈw!ëŒ +‘¬ +ïBTÖÜ +ˆÖâ]ˆJ:îBDgáø.DåÌ]ˆ(m ß +h¬ó.D².@Ÿ +QYs"ZÈw!*kîBDkù.DeÍ]ˆhm ß +h¬ó.D².@Ÿ +QYs"ZÈw!*kîBDkù.DeÍ]ˆhm ß +h¬ó.D².@Ÿ +QYs"ZÈw!*kîBDkù.DeÍ]ˆhm ß +h¬ó.D².@º +Q9·»Ñxû•pÜ +ˆÆÂñ]ˆÊ™»QÚ@Ÿ +QXOw!‚uò]ˆÊš»ÑÚ@Ÿ +QYs"ZÈw!*kîBDkù.Dcw!’uò]ˆÊš»ÑÚ@Ÿ +QYs"ZÈw!*kîBDkù.Dcw!’uò]ˆÊš»ÑÚ@Ÿ +QYs"ZÈw!*kîBDkñ.D#Í]ˆäl +Þ +š”ã5wš, +¿æN9óš;”6_s§¬yÍ +Zȯ¹3Öùš;².@~͝²æ5whm ¿æNYóš;Ž6_s§¬yÍ +Zȯ¹3Öùš;².@~͝²æ5whm ¿æNYóš;Ž6_s§¬yÍ +Zȯ¹3Öùš;².@~͝²æ5whm ¿æNYóš;Ž6_s§€ã5wè, +ŸæÎ(óš;R6Ž_s§œI}PÚ@N}”5©ZÈ©²&õAk9õ1֙úur꣬I}ÐÚ@N}”5©ZÈ©²&õAk9õ1֙úur꣬I}ÐÚ@N}”5©ZÈ©²&õAk9õÖSêÖÈ©²&õAk9õQÖ€>hm Š>J:RtŽS㜩I §>ʚÔ­ +äÔGY“ú µœú(kRŽ6Sc©Y §>ʚÔ­ +äÔGY“ú µœú(kRŽ6Sc©Y §>ʚÔ­ +äÔGY“ú µœú(k&ahm §>Æ:S².@N}”5©Zˆ©’ŽÔ +ãÔG9“ú ŽœúëL}Ⱥ9õQÖ€>hm §>ʚÔ­ +äÔGY“ú µœúëL}Ⱥ9õQÖ€>hm §>ʚÔ­ +äÔGY“ú µœúëL}Ⱥ9õQÖ€>hm §>ʚÔ­ +äÔGY“ú µœúëL}Ⱥ1õQґú ³pœú(gR”6SeMêƒÖrêc¬3õ!ëäÔGY“ú µœú(kRŽ6SeMêƒÖrê#¬§Ô¬+SeMêƒÖr꣬I}ÐÚ@N}”5©ZÈ©U*"õ¡çHês +ÖìÞ +žÿ +?öš»ã?ÔOÿÚ Òg|d +}ގÐç|~üþøáÓãÿ{üüË?lé÷ÿþùÃ÷ӟþñš»»÷[öó=ÛŸ¹º¹~÷Óé ž_zxx»wéá\ Ÿ9ûìnŸ?Åþô” +‡‡J9v‡š, +®•rŒQY8œ +*åX +¢²pž74ÊÌ +IÙ8 +*åØ¢²pž4TÊ14Deápfš”ceˆÊÂáÆÐ(31$eãp`š”c_ˆÊÂáºP)Çž• +Ãi¡RŽe!* +G»Bc +³BŒF +Ê·m +ÑwÃE¡ŽA! +‡sB¥ +kBT·„F™)!)‡CB¥ +;BTW„J9F„š, +N•r,QY8Üe惀l +Ž•rlQY8\*墲p8TʱDeáp3h”™ +’²q8TʱDeáp-š”c,ˆÊÂÑTP·¥ +ÏaŽ4Ÿ1$_Áp$š„c#ˆÆÂáBP)Ç@• +Ãy RŽu * +‡Û@£Ì4”Ãa RŽ] * +‡«@¥ +£@T'J9š, +î2s@R6ǀJ9¶€š, +.•r +QY8œ*åX¢²pžÊ9å‚àRŽý* +‡ë?¥ +ã?TŽŠÊž-ÿPxÃݟföGÆÆáèO)Çæ• +ÃşRŽÁ* +‡s?¥ +k?T·~F™©)‡C?¥ +;?TW~J9F~š, +Nü”r,üPY8Ü÷eæ}€l +Žû”rlûPY8\ö)åö¡²p8ëSÊqúƒÊÂáŠÏ(3é#eãpЧ”cχÊÂњO·1 +Ïa8åS±äCcápÇg”™ñ‘²q8âSʱáCeápÁ§”cÀ‡ÊÂá|O)Çz• +ÃížQfºGÊÆápO)Çn• +Ã՞RŽÑ +* +‡“=¥ +‹=T÷zF™¹ +)‡c=¥ +[=T—zJ9†zš, +Îô”r¬ôPY8Üèe&z€l + +ô”qÛç¡ð +†ë<% +ã<4§yJ9–yš, +îòŒ2³s>vÛ»cvÿ!Ž¿huÿô›xwOs¥—_Åýöpõöög]œ;Œ==Íû󧹜º>Üü4>òô4;sâDõÿŽ +mÊendstream +endobj +792 0 obj << +/Type /Page +/Contents 793 0 R +/Resources 791 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 782 0 R +/Annots [ 795 0 R 798 0 R 799 0 R 800 0 R 801 0 R 802 0 R 803 0 R 804 0 R 805 0 R 806 0 R 807 0 R 808 0 R 809 0 R 810 0 R 811 0 R 812 0 R 813 0 R 814 0 R 815 0 R 816 0 R 817 0 R 818 0 R 819 0 R 820 0 R 821 0 R 822 0 R 823 0 R 824 0 R 825 0 R 826 0 R 827 0 R 828 0 R 829 0 R 830 0 R 831 0 R 832 0 R 833 0 R 834 0 R 835 0 R 836 0 R 837 0 R 838 0 R 839 0 R 840 0 R 841 0 R 842 0 R 843 0 R 844 0 R 845 0 R 846 0 R 847 0 R 848 0 R 849 0 R 850 0 R 851 0 R 852 0 R 853 0 R 854 0 R 855 0 R 856 0 R 857 0 R 858 0 R 859 0 R 860 0 R 861 0 R 862 0 R 863 0 R 864 0 R 865 0 R 866 0 R 867 0 R 868 0 R 869 0 R 870 0 R 871 0 R 872 0 R 873 0 R 874 0 R 875 0 R 876 0 R 877 0 R 878 0 R 879 0 R 880 0 R 881 0 R 882 0 R 883 0 R 884 0 R 885 0 R 886 0 R ] +>> endobj +795 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 686.034 183.581 693.017] +/Subtype /Link +/A << /S /GoTo /D (0:INTRO) >> +>> endobj +798 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 686.034 521.32 693.017] +/Subtype /Link +/A << /S /GoTo /D (0:INTRO) >> +>> endobj +799 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 668.788 234.708 677.675] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION) >> +>> endobj +800 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 668.788 521.32 677.675] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION) >> +>> endobj +801 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 655.369 199.781 662.223] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-OVERVIEW) >> +>> endobj +802 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 655.369 521.32 662.223] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-OVERVIEW) >> +>> endobj +803 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 640.36 216.238 649.271] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-REQUIREMENTS) >> +>> endobj +804 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 640.36 521.32 649.271] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-REQUIREMENTS) >> +>> endobj +805 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 629.466 248.478 636.32] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-DOWNLOAD) >> +>> endobj +806 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 629.466 521.32 636.32] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-DOWNLOAD) >> +>> endobj +807 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 614.457 252.213 623.368] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> +>> endobj +808 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 614.457 521.32 623.368] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> +>> endobj +809 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 603.563 183.043 610.417] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-BUILD) >> +>> endobj +810 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 603.563 521.32 610.417] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-BUILD) >> +>> endobj +811 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 590.611 185.803 597.466] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INSTALL) >> +>> endobj +812 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 590.611 521.32 597.466] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INSTALL) >> +>> endobj +813 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 577.66 203.516 584.514] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CUSTOMIZE) >> +>> endobj +814 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 577.66 521.32 584.514] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CUSTOMIZE) >> +>> endobj +815 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 564.589 282.907 571.563] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INITIALIZE) >> +>> endobj +816 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 564.589 521.32 571.563] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INITIALIZE) >> +>> endobj +817 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 551.638 213.2 558.611] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-RUNNING) >> +>> endobj +818 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [516.339 551.638 521.32 558.611] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-RUNNING) >> +>> endobj +819 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 536.748 267.984 545.66] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +820 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 536.748 521.32 545.66] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +821 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 525.854 216.517 532.708] +/Subtype /Link +/A << /S /GoTo /D (0:TESTSUITE) >> +>> endobj +822 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 525.854 521.32 532.708] +/Subtype /Link +/A << /S /GoTo /D (0:TESTSUITE) >> +>> endobj +823 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 508.589 214.744 517.476] +/Subtype /Link +/A << /S /GoTo /D (0:USAGE) >> +>> endobj +824 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 508.589 521.32 517.476] +/Subtype /Link +/A << /S /GoTo /D (0:USAGE) >> +>> endobj +825 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 495.169 219.168 502.023] +/Subtype /Link +/A << /S /GoTo /D (0:HOW-TO-INVOKE) >> +>> endobj +826 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 495.169 521.32 502.023] +/Subtype /Link +/A << /S /GoTo /D (0:HOW-TO-INVOKE) >> +>> endobj +827 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 480.161 314.209 489.072] +/Subtype /Link +/A << /S /GoTo /D (0:DAEMONTOOL) >> +>> endobj +828 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 480.161 521.32 489.072] +/Subtype /Link +/A << /S /GoTo /D (0:DAEMONTOOL) >> +>> endobj +829 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 467.209 255.541 476.121] +/Subtype /Link +/A << /S /GoTo /D (0:CONTROLLING-THE-DAEMON) >> +>> endobj +830 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 467.209 521.32 476.121] +/Subtype /Link +/A << /S /GoTo /D (0:CONTROLLING-THE-DAEMON) >> +>> endobj +831 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 454.258 190.236 463.169] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNALS) >> +>> endobj +832 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 454.258 521.32 463.169] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNALS) >> +>> endobj +833 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 443.364 192.169 450.218] +/Subtype /Link +/A << /S /GoTo /D (0:PID-FILE) >> +>> endobj +834 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 443.364 521.32 450.218] +/Subtype /Link +/A << /S /GoTo /D (0:PID-FILE) >> +>> endobj +835 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 428.355 225.653 437.266] +/Subtype /Link +/A << /S /GoTo /D (0:LOG-FILE-ROTATION) >> +>> endobj +836 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 428.355 521.32 437.266] +/Subtype /Link +/A << /S /GoTo /D (0:LOG-FILE-ROTATION) >> +>> endobj +837 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 415.403 303.67 424.315] +/Subtype /Link +/A << /S /GoTo /D (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) >> +>> endobj +838 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 415.403 521.32 424.315] +/Subtype /Link +/A << /S /GoTo /D (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) >> +>> endobj +839 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 402.452 299.934 411.363] +/Subtype /Link +/A << /S /GoTo /D (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) >> +>> endobj +840 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 402.452 521.32 411.363] +/Subtype /Link +/A << /S /GoTo /D (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) >> +>> endobj +841 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 389.501 370.947 398.412] +/Subtype /Link +/A << /S /GoTo /D (0:OPTIONS-CONFIGURATION-FILE) >> +>> endobj +842 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 389.501 521.32 398.412] +/Subtype /Link +/A << /S /GoTo /D (0:OPTIONS-CONFIGURATION-FILE) >> +>> endobj +843 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 376.549 271.052 385.461] +/Subtype /Link +/A << /S /GoTo /D (0:SUPPORT) >> +>> endobj +844 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 376.549 521.32 385.461] +/Subtype /Link +/A << /S /GoTo /D (0:SUPPORT) >> +>> endobj +845 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 361.341 271.49 370.228] +/Subtype /Link +/A << /S /GoTo /D (0:BASIC-CONFIGURATION) >> +>> endobj +846 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 361.341 521.32 370.228] +/Subtype /Link +/A << /S /GoTo /D (0:BASIC-CONFIGURATION) >> +>> endobj +847 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 347.922 192.428 354.776] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +848 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 347.922 521.32 354.776] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +849 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 332.913 268.282 341.824] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFACILITY) >> +>> endobj +850 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 332.913 521.32 341.824] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFACILITY) >> +>> endobj +851 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 319.961 363.135 328.873] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +852 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 319.961 521.32 328.873] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +853 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 309.067 188.015 315.921] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> +>> endobj +854 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 309.067 521.32 315.921] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> +>> endobj +855 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 294.059 192.169 302.97] +/Subtype /Link +/A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> +>> endobj +856 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 294.059 521.32 302.97] +/Subtype /Link +/A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> +>> endobj +857 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 281.107 203.626 290.018] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-LOGSERVER) >> +>> endobj +858 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 281.107 521.32 290.018] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-LOGSERVER) >> +>> endobj +859 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 270.213 231.351 277.067] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EXTERNAL) >> +>> endobj +860 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 270.213 521.32 277.067] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EXTERNAL) >> +>> endobj +861 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 257.262 193.554 264.116] +/Subtype /Link +/A << /S /GoTo /D (0:CONSOLEDETAILS) >> +>> endobj +862 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 257.262 521.32 264.116] +/Subtype /Link +/A << /S /GoTo /D (0:CONSOLEDETAILS) >> +>> endobj +863 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 244.19 191.332 251.164] +/Subtype /Link +/A << /S /GoTo /D (0:PRELUDEDETAILS) >> +>> endobj +864 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 244.19 521.32 251.164] +/Subtype /Link +/A << /S /GoTo /D (0:PRELUDEDETAILS) >> +>> endobj +865 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 229.301 274.081 238.213] +/Subtype /Link +/A << /S /GoTo /D (0:NAGIOS) >> +>> endobj +866 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 229.301 521.32 238.213] +/Subtype /Link +/A << /S /GoTo /D (0:NAGIOS) >> +>> endobj +867 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 216.35 193.006 225.261] +/Subtype /Link +/A << /S /GoTo /D (0:SYSLOGDETAILS) >> +>> endobj +868 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 216.35 521.32 225.261] +/Subtype /Link +/A << /S /GoTo /D (0:SYSLOGDETAILS) >> +>> endobj +869 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 203.772 223.701 212.31] +/Subtype /Link +/A << /S /GoTo /D (0:SQLDETAILS) >> +>> endobj +870 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 203.772 521.32 212.31] +/Subtype /Link +/A << /S /GoTo /D (0:SQLDETAILS) >> +>> endobj +871 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 188.19 310.514 197.077] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-MONITOR) >> +>> endobj +872 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 188.19 521.32 197.077] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-MONITOR) >> +>> endobj +873 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 172.714 224.807 181.625] +/Subtype /Link +/A << /S /GoTo /D (0:BASCLT) >> +>> endobj +874 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 172.714 521.32 181.625] +/Subtype /Link +/A << /S /GoTo /D (0:BASCLT) >> +>> endobj +875 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 161.819 280.547 168.674] +/Subtype /Link +/A << /S /GoTo /D (0:HASH-FUNCTION) >> +>> endobj +876 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 161.819 521.32 168.674] +/Subtype /Link +/A << /S /GoTo /D (0:HASH-FUNCTION) >> +>> endobj +877 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 146.811 219.287 155.722] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-SIGNATURES) >> +>> endobj +878 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 146.811 521.32 155.722] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-SIGNATURES) >> +>> endobj +879 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 133.859 330.807 142.771] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +880 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 133.859 521.32 142.771] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +881 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 120.908 371.923 129.819] +/Subtype /Link +/A << /S /GoTo /D (0:ALL-EXCEPT) >> +>> endobj +882 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 120.908 521.32 129.819] +/Subtype /Link +/A << /S /GoTo /D (0:ALL-EXCEPT) >> +>> endobj +883 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 107.956 234.709 116.868] +/Subtype /Link +/A << /S /GoTo /D (0:TIMING-FILE-CHECKS) >> +>> endobj +884 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 107.956 521.32 116.868] +/Subtype /Link +/A << /S /GoTo /D (0:TIMING-FILE-CHECKS) >> +>> endobj +885 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 95.005 296.208 103.916] +/Subtype /Link +/A << /S /GoTo /D (0:INITIALIZING-UPDATING-CHECKING) >> +>> endobj +886 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 95.005 521.32 103.916] +/Subtype /Link +/A << /S /GoTo /D (0:INITIALIZING-UPDATING-CHECKING) >> +>> endobj +794 0 obj << +/D [792 0 R /XYZ 71.731 729.265 null] +>> endobj +6 0 obj << +/D [792 0 R /XYZ 244.332 703.236 null] +>> endobj +791 0 obj << +/Font << /F21 781 0 R /F34 797 0 R /F27 788 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +934 0 obj << +/Length 41711 +/Filter /FlateDecode +>> +stream +xÚ€Ý˒ +W‚¥çy=g"͔§â~J]}“Ôfm])MT ™H&¬I €Uo/}¯ +gíÿÏO“µYW’µk} +&Ÿ–ûõwWÛÿ»þîñúôx»ý›çÓÍÃýw?þòWßýŽýoþã?\wwϧû§çí?¿ñ¿üÃíããééþé»?Ü\žo®ß†›'©îg/š +x nõU÷³Ô|[}Þ>†«g§Ž³¬.êö1HóÛÉ +ây؁·ý›Öþ";zA¬žrû_>]Ks?{íÀ7ÕÛ««ÓÓãRsÕ5ð@œ=Ý>Xu?{AíÀuûîo¥ºŸœ vàºÿ/ºŸ¹ vàÛêõö1ÜJuœeu >»/p9Ëêx Þž¶¯RÝÏ^P;ð@œ?=>Zu?{AíÀõiûƒÿ³T÷³Ô|[œÝ>ùÓ~”ÍŽ; ·Ï@þwu?z¬žrû¹Ÿœ€vàº}·ò«Í8{AíÀ·Õ»í#ž‘ê8Ëêx nŸÂµü7Î^P;ð@Ý>†+ùÕfœœ vàútº~¶ê~ö‚ځo«÷W§‡'ùߛq–Õ%ð@œ=]ÛAŒ³Ô†{ù5nœœ vàÛêÃö1Üɯ6ã,«Kàº} +·VÝÏ^P;ð@Ý>†ù5nœœ vàº} +ò_ˆûÑ +fÅœM>nŸüz³e²ãÈíž²æ~öځêýéþYþ掳Ôƒ{«îg/š +x nŸÁݍT÷³Ôƒùgœœ€vàÛêýö\Kuœeu Yu?{AíÀ·Õ‡«Ó¬ä,«Kàzsz”µ“œœ vàº} +÷VÝÏ^P;ð@Ý>Y;ÉÙ +jŸ­>nƒ¬ä,«Kàº} +7VÝÏ^P;ð@Ý>Y;ÉÙ +j +šÛÇ k'9{AíÀ·Õ§«Óõ³TÇYV—Àõæô`Ñߎ^0+?]ËòIÎ^@;ð@}<=Ý^ºA˜CUµŸu!7Û©ºŽ—ò÷o?Vºáò÷ÃöߥÛç,çÌ^þ~ +åï÷×÷?þ÷Úÿêë›Uð¿ùúþ—í?ß=ÿ—OŸ÷¿ùÏÿçþ§üçÿøŸÿiÿË?}øøîó‡÷_^߀}>]mߣœ]àëßñ‡Ãßòyw”~9tþ +<Œ;úÆ + +ß +eµñîšSÇÝQV;îŽ:t¿;ÊfÅÑÝQEŽ»£Hv +Þ +uæž;ÊhâÝQ§Ž»£¬v Þ +uêž;ÊjâÝQ¥æî(ªK Þ +uêž;ÊjâÝQ§Ž»£¬v Þ +uêž;ÊjâÝQ¥æî(ªK Þ +uêž;ÊjâÝQ§Ž»£¬v Þ +uêž;ÊjâÝQ£Î»£€®xwÔ©ãî(« +ˆwG:ځtwÔ¡ûÝQ6+ïŽ*3wG]ñîšSÇÝQV;ïŽ:uÜ +eµñîšSÇÝQV;ïŽ*5wGQ]ñîšSÇÝQV;ïŽ:uÜ +eµñîšSÇÝQV;ïŽ*5wGQ]ñîšSÇÝQV;ïŽ:uÜ +eµñîšSÇwѬv Þ +UjºâÝQ§Ž»£¬v Ý +uè~w”͊û£Î +wGí@Œ;ªÔÜ +Eu Ä»£N +wGYí@Œ;êÔqw”ÕÄ»£N +wGYí@Œ;ªÔÜ +Eu Ä»£N +wGYí@Œ;êÔqw”ÕÄ»£N +wGYí@Œ;ªÔÜ +Eu Ä»£N +wGYí@Œ;êÔqw”ÕÄ»£N +wGYí@Œ;ªÔÜ +Eu €»£ÝYqxwԙãî(£ +ˆwG:ځxwT©¹;ŠêˆwG:ځxwÔ©ãî(« +ˆwG:ځxwÔšóî(©k Þ +uêž;ÊjâÝQ§Ž»£¬v Þ +uêž;ÊjâÝQŒWwùî(^Ç8T÷"îŽÂu,wG/<ëaûóÝÝ5ß + +gö»£ÛïÄ~_óŸÞ}ÿã×yôÿáæþû÷Ÿ?Ÿÿyÿëϟ>}ýïŸþpýý—׏Åz8=}ûÙé +þúwóþùþÒc±èâsèüâ‹õÆ + +? +Õ%‹åÔñX,V;‹åÔñX,V;‹åÔñX,V;‹¥Ô< +Õ%‹åÔñX,V;‹åÔñX,V;‹åÔñX,V;‹¥Ô< +Õ% +‹åÌß +‹Åây=ˁûc±X¬8|,–3Çc±í@|,–Qçc±H]ñ±XN +Åbµñ±XN +Åbµñ±XN +Åbµñ±XJÍc±P]ñ±XN +Åbµñ±XN +Åbµñ±XN +Åbµñ±XJÍc±P]ñ±XN +Åbµñ±XN +Åbµñ±XN +Åbµé±X + +ÅB³ãè±XŽÜ‹ÅdÅác±œ9 +‹Åhâc±œ: +‹Åjâc±”šÇb¡ºâc±œ: +‹Åjâc±œ: +‹Åjâc±œ: +‹Åjâc±”šÇb¡ºâc±œ: +‹Åjâc±œ: +‹Åjâc±œ: +‹Åjâc±”:‹ß€.\üVjŠßšv ¿•šâ7ª +ˆÅo +Žâ7š‡ÅoCŠøMdÇqñ[™)~#ځ\üVjŠßšv ¿•šâ7ª +ÈÅo£Îâ7©K ¿•šâ7ª +ÈÅo¥Šøjrñ[©)~£Ú\ü6ê,~“ºrñ[©)~£Ú\üVjŠßšv ¿•šâ7ª +ÈÅo¡Ÿ¿A]¹ø­Ô¿Qí@.~+5ÅoT;‹ß + +Åo4+Ž‹ßƜÅoB—@.~+5ÅoT;‹ßJMñÕäâ·RSüFµ¹ømÔYü&u äâ·RSüFµ¹ø­Ô¿Qí@.~+5ÅoT;‹ßFÅoR—@.~+5ÅoT;‹ßJMñÕäâ·RSüFµ¹ømÔYü&u äâ·RSüFµ±ø­ÐQüF³âžø­Ì¿í@.~u¿I]¹ø­Ô¿Qí@.~+5ÅoT;‹ßJMñÕäâ·Qgñ›Ô%‹ßJMñÕäâ·RSüFµ¹ø­Ô¿Qí@.~u¿I]¹ø­Ô¿Qí@.~+5ÅoT;‹ßJMñÕäâ·Qgñ›Ô%‹ß + +Åo4+Ž‹ßÊLñÑäâ·RSüFµ¹ømÔYü&u äâ·RSüFµ¹ø­Ô¿Qí@.~+5ÅoT;‹ßB})~ƒºrñ[©)~£Ú\üVjŠßšv ¿•šâ7ª +ÈÅoª*‹â7]GŠßç5맣â÷ñuüÎÇb=<Ÿîžž¹ø=Όâ÷õ(~ÿ—O?|ýôy6¿þôӇÿžýÿŸ~ýº? +ëý·.ø¿þp}ÿýû_¿ŒÕâüíÁW/—°^çÕééééšþ=‹ðK˜Åγ_ÂQ±óõe +;Q<Ãb§G±Ŋãb§2SìDŽ¹Ø)ԗb'šk ;•šb'ª +ÈÅN¥ŠØ‰jr±S©)v¢Ú\ì4ê,v’ºr±S©)v¢Ú\ìTjŠšv ;•šb'ª +ÈÅN£Îb'©K ;•šb'ª +ÈÅN¥ŠØ‰jr±S©)v¢ÚXì4hŠdv +;9ŠHV +;•™b'¢ +ÈÅN¥ŠØ‰jr±Óš³ØIêÈÅN¥ŠØ‰jr±S©)v¢Ú\ìTjŠšv ;:‹€.\ìTjŠšv ;•šb'ª +ÈÅN¥ŠØ‰jr±Óš³ØIêÈÅN¥ŠØ‰jr±S©)v¢ÚXìTè(v¢YqXì4dŠDv +;•™b'¢ +ÈÅN¥ŠØ‰jr±S©)v¢Ú\ì4ê,v’ºr±S©)v¢Ú\ìTjŠšv ;•šb'ª +ÈÅN£Îb'©K ;•šb'ª +ÈÅN¥ŠØ‰jr±S©)v¢Ú\ìêK±Ô5‹JM±Õäb§RSìDµ±Ø©ÐQìD³âžØiÌYì$t äb§RSìDµ¹Ø©Ô;Qí@.v*5ÅNT;‹FÅNR—@.v*5ÅNT;‹JM±Õäb§RSìDµ¹ØiÔYì$u äb§RSìDµ¹Ø©Ô;Qí@.v*5ÅNT;‹FÅNR—@.v*5ÅNT;‹ + +ÅN4+Ž‹ÊL±Ñäb§Qg±“Ô%‹JM±Õäb§RSìDµ¹Ø©Ô;Qí@.vu;I]¹Ø©Ô;Qí@.v*5ÅNT;‹JM±Õäb§Qg±“Ô%‹JM±Õäb§RSìDµ¹Ø©Ô;Qí@.vu;I]±Ø©ÐQìD³âžØ©Ì;í@.v*5ÅNT;‹FÅNR—@.v*5ÅNT;‹JM±Õäb§RSìDµ¹Ø)ԗb'šk ;•šb'ª +ÈÅN¥ŠØ‰jr±S©)v¢Ú\ì<.!ªb']GŠg×ñp}Tì<ŸŽßùDßû‡Óýí;ǙQìŒyó +§¿|úõã×÷>é闿ùáúûý§ÛßüÛ§Ÿ?üø֛M¯·ëýö±¿\Êë‚çÑÓ}_ZMð +™­Š³_Èq«éõe@«‰Ô%[MJM« ÕäV“RÓjBµ¹Õ€ÔŽšPí@l54­&2;[MŠ +­&$+Ž[MÊL« ÑäV“RÓjBµ¹ÕdÔÙj"u äV“RÓjBµ¹Õ€ÔŽšPí@n5)5­&T;[MF­&R—@n5)5­&T;[MJM« ÕäV“RÓjBµ¹ÕdÔÙj"u äV“RÓjBµ¹Õ€ÔŽšPí@l5)tŽšÐ¬8l52­&";Ž[MÊL« ÑäV“RÓjBµ¹Õ€ÔŽšPí@n5u¶šH]¹Õ€ÔŽšPí@n5)5­&T;[MJM« ÕäV“Qg«‰Ô%[MJM« ÕäV“RÓjBµ¹Õ€ÔŽšPí@n5 õ¥ÕêÈ­&¥ŠÕ„jr«I©i5¡ÚØjRèh5¡YqÜj2æl5ºr«I©i5¡ÚÜjRjZMšv ·š”šVª +È­&£ÎV©K ·š”šVª +È­&¥ŠÕ„jr«I©i5¡ÚÜj2êl5‘ºr«I©i5¡ÚÜjRjZMšv ·š”šVª +È­&£ÎV©K ·š”šVª +ˆ­& +ŽVšÇ­&eŠÕ„hr«Éš³ÕDêÈ­&¥ŠÕ„jr«I©i5¡ÚÜjRjZMšv ·šŒ:[M€.ÜjRjZMšv ·š”šVª +È­&¥ŠÕ„jr«Éš³ÕDêÈ­&¥ŠÕ„jr«I©i5¡ÚÜjRjZMšv ·šŒ:[M€.ØjRèh5¡YqÜjRfZMˆv ·š”šVª +È­&£ÎV©K ·š”šVª +È­&¥ŠÕ„jr«I©i5¡ÚÜjêK« Ô5[MJM« ÕäV“RÓjBµ¹Õ€ÔŽšPí@n5 +7oT«‰®#­Š³ëxž9j5 +_Çïl5mÿá~û +a«iœ­ŠÛ7[M_Þüòá뇗ÔU¿i|ݧoÿÛû˜îӟþŸÿÏ_¿Œÿüºëts·} +ø‚¿ù;~wûpÔvš] +øÎ.ÎÙ/ðž‹óúB ‹ƒjbÇ éâÙqØÅQäèâ YqÜÅQfº8ˆv wq”š.ª +È] +£Î.©K wq”š.ª +È] +¥Š‹ƒjrG©éâ ÚÜÅ1êì␺rG©éâ ÚÜÅQjº8šv wq”š.ª +È] +£Î.©K wq”š.ª +È] +¥Š‹ƒjbG¡£‹ƒfÅaǐéâÙqÜÅQfº8ˆv wq”š.ª +È] +¥Š‹ƒjrÇš³‹CêÈ] +¥Š‹ƒjrG©éâ ÚÜÅQjº8šv wqŒ:»8€.ÜÅQjº8šv wq”š.ª +È] +¥Š‹ƒjrGš/] +P×@îâ(5] +T;»8JMÕÄ.ŽBG͊ã.Ž1g‡Ð%»8JMÕä.ŽRÓÅAµ¹‹£ÔtqPí@îâuvqH]¹‹£ÔtqPí@îâ(5] +T;»8JMÕä.ŽQg‡Ô%»8JMÕä.ŽRÓÅAµ¹‹£ÔtqPí@îâuvqH]¹‹£ÔtqPí@ìâ(ttqЬ8îâ(3] +D;»8F] +R—@îâ(5] +T;»8JMÕä.ŽRÓÅAµ¹‹cÔÙÅ!u ä.ŽRÓÅAµ¹‹£ÔtqPí@îâ(5] +T;»8F] +R—@îâ(5] +T;»8JMÕä.ŽRÓÅAµ¹‹cÔÙÅ!u Ä.ŽBG͊ã.Ž2ÓÅAŽ¹‹£ÔtqPí@îâuvqH]¹‹£ÔtqPí@îâ(5] +T;»8JMÕä.ŽP_º8 ®ÜÅQjº8šv wq”š.ª +È] +¥Š‹ƒjr‡š!¢‹Cב.ÎÙu<Ü +uqŽ¯ãwŸ:rûúáöž»8ãÌèâÜÍWGþùן_?0èfû'öñîñ»³ä× +úö“Óƒ7B^m¿‘¿ý(®,‡Î¯ìõë¯nO·o]Èê~ö‚ځêÃéææQªûÙ +j +šO§Çk«îg/š +ø¶ºý#» +tê8Ëêx Þn–x–ê~ö‚ځêÃö‡ «îg/š +x > +ìoðoG/˜÷6¹ýæú۟_Œ9Î2º +šÛgð`ÕýìµÔí3ž¿‘ê~ö‚ځêö)|ûó‹R÷³Ô|[œÝ>†[©Ž³¬.êö1ÜÜIu?{AíÀuû®ï¥ºŸœ vàº} +WVÝÏ^P;ðmõîútõ,¿Ì³¬.êþ§îg/š +x >œ® +­ºŸœ vàútº·ÿ +g/š +ø¶z¿} +÷ò +Î8Ëêx nÝU÷³Ô†;©Ž³¬.êö1ÜÊ/sãìµÔícž‘_æÆÙ +j +šÛÇpmÕýìµßVŸ·áJ~™gY]Ôícæ·“Äó°ïþd¿eݏ^+î€|:Ý>É/pãìŽßî^]ž +ݗšœEu + +û[©îg/š +x nÃݝT÷³Ô|[œÞ>†[©Ž³¬.êö1ÜÜKu?{AíÀuû®€ºŸœ và: +Ÿ®Ô<Í +Õ䧹u>͝Ô%Ÿæ®Ô<Í +Õ䧹+5 +RT;€J͂ÕÄ©A³ %³ãpAªÈ± E²âxAªÌ,Hí@^*5 +RT;€F +RR—@^*5 +RT;€J͂Õä©R³ EµyAjÔ¹ %u ä©R³ EµyAªÔ,HQí@^*5 +RT;€F +RR—@^*5 +RT;€J͂ÕÄ©Bǂ͊é!³ %²ãxAªÌ,Hí@^*5 +RT;€J͂Õä©Q炔Ô%€J͂Õä©R³ EµyAªÔ,HQí@^u.HI]yAªÔ,HQí@^*5 +RT;€J͂Õä©P_€ ®Œ Uj€šv /H•š)ª +ˆ +R +Ž)šÇ +RcÎ)¡K /H•š)ª +È +R¥fAŠjò‚T©Y¢ÚŒ 5ê\’ºò‚T©Y¢ÚŒ Uj€šv /H•š)ª +È +R£Î)©K /H•š)ª +È +R¥fAŠjò‚T©Y¢ÚŒ 5ê\’ºò‚T©Y¢Úž UèX¢YqŒ Uf€ˆv /H:€€.Œ Uj€šv /H•š)ª +È +R¥fAŠjò‚ÔšsAJêÈ +R¥fAŠjò‚T©Y¢ÚŒ Uj€šv /H:€€.Œ Uj€šv /H•š)ª +È +R¥fAŠjò‚ÔšsAJêˆ +R +Ž)šÇ +RefAŠhò‚T©Y¢ÚŒ 5ê\’ºò‚T©Y¢ÚŒ Uj€šv /H•š)ª +È +R¡Ÿ,HA]yAªÔ,HQí@^*5 +RT;€J͂Õäéñ,R-Hé:² =»Ž‡»£éñuüΧ¹_oÿT?Ýñ‚tœ +Òû± ý¯ï?ÿåÓç_Þ}üq<¹ý믿=ÜýÕþâîôø­Yÿ"œþ­»œ;z,ûË®tAήôxòúB`‚jòÄšsBêÈC¥f‚jâD¡c‚fÅñD™‚ ځ<1ê +‚ºòD©‚ Ú<Qj† šv A”š!ª +ÈC£Î!©K A”š!ª +ÈC¥f‚jòD©‚ Ú<1ê +‚ºòD©‚ Ú<Qj† šv A”š!ª +ÈC£Î!©K +A”¹AP<Ã!ˆÇŊã!ˆ23AŽy"ԗ!šk A”š!ª +ÈC¥f‚jòD©‚ Ú<1ê +‚ºòD©‚ Ú<Qj† šv A”š!ª +ÈC£Î!©K A”š!ª +ÈC¥f‚jòD©‚ Ú81h† dv +A9† HV +A”™!¢ +ÈC¥f‚jòÄšsBêÈC¥f‚jòD©‚ Ú<Qj† šv AŒ:‡ €.<Qj† šv A”š!ª +ÈC¥f‚jòÄšsBêÈC¥f‚jòD©‚ Ú8Qè‚ Yq81d† Dv +A”™!¢ +ÈC¥f‚jòD©‚ Ú<1ê +‚ºòD©‚ Ú<Qj† šv A”š!ª +ÈC£Î!©K A”š!ª +ÈC¥f‚jòD©‚ Ú<êËÔ5‡ JÍÕä!ˆR3Aµq¢Ð1A³âxbÌ9!t ä!ˆR3Aµy¢Ô +APí@ +‚(5CT;‡ FCR—@ +‚(5CT;‡ JÍÕä!ˆR3AµybÔ9!u ä!ˆR3Aµy¢Ô +APí@ +‚(5CT;‡ FCR—@ +‚(5CT;‡ + +C4+Ž‡ ÊÌÑä!ˆQç„Ô%‡ JÍÕä!ˆR3Aµy¢Ô +APí@ +‚uAH]y¢Ô +APí@ +‚(5CT;‡ JÍÕä!ˆQç„Ô%‡ JÍÕä!ˆR3Aµy¢Ô +APí@ +‚uAH]q¢Ð1A³âx¢Ì +Aí@ +‚(5CT;‡ FCR—@ +‚(5CT;‡ JÍÕä!ˆR3Aµy"ԗ!šk A”š!ª +ÈC¥f‚jòD©‚ Ú<¡5ƒ‚Ðudrv +ÇCãëøÃÝÕõö'£oCí[‹í¿&oA®ŸO÷¿œgû€oï®çmÿ€¿ +AÆ¡œùíŠÆ +äï¿þüþ +û¿Ž!Èϟ~Úÿ×÷ŸžŸúþ_¿ýÛ|õÚ«o±·ßÑ¯/¶?d +,Cæ;©àÒç;©Î.ýøT¯/ÞI +jò;©”šwR¡ÚøN* +ŽwR¡YqüN*cÎwRºò;©”šwR¡ÚüN*¥æTšv ¿“J©y'ª +Èï€2ê|'©K ¿“J©y'ª +Èï€RjÞI +jò;©”šwR¡ÚüN*£ÎwR‘ºò;©”šwR¡ÚüN*¥fŠˆjòQ©™"¢Ú'Šˆt +™"žÿ +ŽŠˆÇ×qöNªoSÄ~'ÕýÓÃéyûb@ï€Ê™}Šx=ƈÿñýÇ÷ŸßýŒ^àõö¯„»›§ï΂ßzÕÑÐðúùöôøí^ ^Ø8t~a§×òpºyž{ëBÞP÷³Ô†íÿÊ©ûÙ +j +šÛÇpmÕýìµ€û¢V©™è¢ºâDשc¢ËjâDשc¢ËjÒDסûD—͊É®23ÑEt ĉ®SÇD—Õĉ®SÇD—Õĉ®SÇD—Õĉ®R3ÑEu ĉ®SÇD—Õĉ®SÇD—Õĉ®SÇD—Õĉ®R3ÑEu ĉ®SÇD—Õĉ®SÇD—Õĉ®SÇD—Õĉ®R3ÑEu ĉ®SÇD—Õ€‰®C÷‰.›‡]gŽ‰.£ +ˆ]¥f¢‹êˆ]§Ž‰.« +ˆ]§Ž‰.« +ˆ]§Ž‰.« +ˆ]¥f¢‹êˆ]§Ž‰.« +ˆ]§Ž‰.« +ˆ]§Ž‰.« +ˆ]¥f¢‹êˆ]§Ž‰.« +ˆ]§Ž‰.« +ˆ]§Ž‰.« +ˆ]¥f¢‹ê]gþ6Ñeñ<Œ&ºÜ'º,V +Nt9&ºŒv Nt:'º€®8Ñuê˜è²Ú8Ñuê˜è²Ú8Ñuê˜è²Ú8ÑUj&ºš.8Ñuê˜è²Ú8Ñuê˜è²Ú8Ñuê˜è²Ú8ÑUj&ºš.8Ñuê˜è²Ú8Ñuê˜è²Ú8Ñuê˜è²Ú4ÑUè˜è¢Ùq4Ñuä>Ñe²âp¢ëÌ1ÑeŽq¢ëÔ1Ñeµq¢«ÔLtQ]q¢ëÔ1Ñeµq¢ëÔ1Ñeµq¢ëÔ1Ñeµq¢«ÔLtQ]q¢ëÔ1Ñeµq¢ëÔ1Ñeµq¢ëÔ1Ñeµq¢«ÔLtQ]q¢ëÔ1Ñeµq¢ëÔ1Ñeµi¢ëÐ}¢ËfÅÑDW‘c¢‹dÇáDיc¢ËhâDשc¢ËjâDשc¢ËjâDW©™è¢ºâDשc¢ËjâDשc¢ËjâDשc¢ËjâDW©™è¢ºâDשc¢ËjâDשc¢ËjâDשc¢ËjâDךs¢Kêˆ]§Ž‰.« +ˆ]§Ž‰.« +H]‡î]6+'ºÊÌDÑ%'ºN +]V;'ºN +]V;'ºN +]V;'ºJÍDÕ%'ºN +]V;'ºN +]V;'ºN +]V;'ºJÍDÕ%'ºN +]V;'ºN +]V;'ºN +UnV;'ºJÍDÕ%'ºN +]V;&ºÝ'ºlV +Nt9&ºŒv Nt•š‰.ªK Nt:&º¬v Nt:&º¬v Nt:&º¬v Nt•š‰.ªK Nt:&º¬v Nt:&º¬v Nt:&º¬v Nt•š‰.ªK Nt:&º¬v Nt:&º¬v Nt:&º¬v Nt•š‰.ªK Mt +ºOtÙ¬8œè:sLtí@œè:uLtYí@œè*5]T—@œè:uLtYí@œè:uLtYí@œè:uLtYí@œèuNtI]q¢ëÔ1Ñeµq¢ëÔ1Ñeµq¢ëÔ1Ñeµq¢‹ÃÓË]ŒŽqš±G]žŽ³‰î·+]šè>ޝ®î +y¢;Îìݛ1ÑýÏ¿üíÓç¯ï>~ÝÿòÃÇ/_ßýüó»¯>}ÜÿÎÇ®¿ÿôõý—·ÚÖwßÊÑ/ôz}W§Ãw +Îú5\ø¬_Ÿ]øqýúõe@ýÕäúµRS¿Fµ¹~­ÔÔ¯Qí@®_uÖ¯I]¹~­ÔÔ¯Qí@®_+5õkT;ë×JMýÕäúµQgýšÔ%ê×ÊÜë×(ž‡aýZ£~bÅqýZ™©_#ځ\¿êKýÔ5ë×JMýÕäúµRS¿Fµ¹~­ÔÔ¯Qí@®_uÖ¯I]¹~­ÔÔ¯Qí@®_+5õkT;ë×JMýÕäúµQgýšÔ%ë×JMýÕäúµRS¿Fµ¹~­ÔÔ¯Qí@¬_4õk2;ë׊ +õk$+Žë×ÊLýÑäúµRS¿Fµ¹~mÔY¿&u äúµRS¿Fµ¹~­ÔÔ¯Qí@®_+5õkT;ë×FõkR—@®_+5õkT;ë×JMýÕäúµRS¿Fµ¹~mÔY¿&u äúµRS¿Fµ¹~­ÔÔ¯Qí@¬_+tԯѬ8¬_2õk";Žë×ÊLýÑäúµRS¿Fµ¹~­ÔÔ¯Qí@®_uÖ¯I]¹~­ÔÔ¯Qí@®_+5õkT;ë×JMýÕäúµQgýšÔ%ë×JMýÕäúµRS¿Fµ¹~­ÔÔ¯Qí@®_ +õ¥~ +êÈõk¥Š~jrýZ©©_£ÚX¿Vèš_£Yq\¿6æ¬_ºrýZ©©_£Ú\¿Vjêךv ׯ•šú5ª +Èõk£Îú5©K ׯ•šú5ª +Èõk¥Š~jrýZ©©_£Ú\¿6ê¬_“ºrýZ©©_£Ú\¿Vjêךv ׯ•šú5ª +Èõk£Îú5©K ׯ•šú5ª +ˆõk +Žú5šÇõkeŠ~hrýÚš³~MêÈõk¥Š~jrýZ©©_£Ú\¿Vjêךv ׯ:ë×€.\¿Vjêךv ׯ•šú5ª +Èõk¥Š~jrýÚš³~MêÈõk¥Š~jrýZ©©_£Ú\¿Vjêךv ׯ:ë×€.X¿Vèš_£Yq\¿Vfê׈v ׯ•šú5ª +Èõk£Îú5©K ׯ•šú5ª +Èõk¥Š~jrýZ©©_£Ú\¿êKýÔ5ë×JMýÕäúµRS¿Fµ¹~­ÔÔ¯Qí@®_W†Uýš®#õëó²óãQýúø:–úõõ +úõÃþŽ~¬_3{ýúvÔ¯ÿÛû®ï¿ÿéׯï?øøÓþ7ßíÿãǟ?Œÿøõ­ +Ü|û¡ô‹ùºw}ûø|ÔŒžï<€kžï<8»æãw +ŒŸxç©K ¿ó@©yçª +ÈïºAñ< +G7 + +£+ŽG7ÊÌèÑäэP_F7 ®<ºQjF7šv n”šÑ +ª +È£¥ftƒjòèÆšstCêÈ£¥ftƒjòèF©ݠځ<ºQjF7šv nŒ:G7€.<ºQjF7šv n”šÑ +ª +È£¥ftƒjâèÆ ݐÙq8ºQäÝ Yq<ºQfF7ˆv n”šÑ +ª +È££ÎÑ +©K n”šÑ +ª +È£¥ftƒjòèF©ݠځ<º1ê +ݐºòèF©ݠځ<ºQjF7šv n”šÑ +ª +È££ÎÑ +©K n”šÑ +ª +È£¥ftƒjâèF¡ctƒfÅáèƐÝÙq<ºQfF7ˆv n”šÑ +ª +È£¥ftƒjòèÆšstCêÈ£¥ftƒjòèF©ݠځ<ºQjF7šv nŒ:G7€.<ºQjF7šv n”šÑ +ª +È£¥ftƒjòèFš/£P×@ +Ý(5£T;G7JÍèÕÄэBÇè͊ãэ1çè†Ð%G7JÍèÕäэR3ºAµyt£ÔŒnPí@ +ÝuŽnH]yt£ÔŒnPí@ +Ý(5£T;G7JÍèÕäэQçè†Ô%G7JÍèÕäэR3ºAµyt£ÔŒnPí@ +ÝuŽnH]yt£ÔŒnPí@ +Ý(tŒnЬ8 +Ý(3£D;G7F£R—@ +Ý(5£T;G7JÍèÕäэR3ºAµytcÔ9º!u äэR3ºAµyt£ÔŒnPí@ +Ý(5£T;G7F£R—@ +Ý(5£T;G7JÍèÕäэR3ºAµytcÔ9º!u ÄэBÇè͊ãэ23ºAŽyt£ÔŒnPí@ +ÝuŽnH]yt£ÔŒnPí@ +Ý(5£T;G7JÍèÕäэP_F7 ®<ºQjF7šv n”šÑ +ª +È£¥ftƒjòèæx/¢F7t +ݜO\žŽF7Ç×ñ;ßyðívóÝ +nƙ}ts7F7ÿþã»?ý<×6?úé§ù_?ÿù×÷ûøòþ‡ëï?ÿ뷕Îûϯ;€Û/éÛ +ï—KY¯÷ætµý÷ý`‹3+ŽðK™Ú³_Êq +öõ +@ +Õä +­RS¡Eµ¹BkÔY¡%u € +­2÷ +-ŠçaX¡UàšÐ¢Xq\¡Uf*Žˆv Wh +úR¡u +ä +­RS¡Eµ¹B«ÔThQí@®Ð*5ZT;+ŽFZR—@®Ð*5ZT;+ŽJM +Õä +­RS¡Eµ¹BkÔY¡%u ä +­RS¡Eµ¹B«ÔThQí@®Ð*5ZT;+ŽM +–ÌŽÃ +­"G +Ɋã +­2S¡EŽ¹B«ÔThQí@®ÐuVhI]¹B«ÔThQí@®Ð*5ZT;+ŽJM +Õä +­Qg +–Ô%+ŽJM +Õä +­RS¡Eµ¹B«ÔThQí@®ÐuVhI]¹B«ÔThQí@®Ð*5ZT;+Ž + +Z4++Ž†L +–ÈŽã +­2S¡EŽ¹B«ÔThQí@®Ð*5ZT;+ŽFZR—@®Ð*5ZT;+ŽJM +Õä +­RS¡Eµ¹BkÔY¡%u ä +­RS¡Eµ¹B«ÔThQí@®Ð*5ZT;+ŽB}©Ð‚ºr +V©©Ð¢Ú\¡Uj*Žšv Vh:*ŽhV +Wh9+Ž„.\¡Uj*Žšv Wh•š +-ª +ÈZ¥ŠB‹jr +Öš³BKêÈZ¥ŠB‹jr +V©©Ð¢Ú\¡Uj*Žšv Wh:+Ž€.\¡Uj*Žšv Wh•š +-ª +ÈZ¥ŠB‹jr +Öš³BKêÈZ¥ŠB‹jb +V¡£B‹fÅq +V™©Ð"ځ\¡5ê¬Ð’ºr +V©©Ð¢Ú\¡Uj*Žšv Wh•š +-ª +ÈZ£Î +-©K Wh•š +-ª +ÈZ¥ŠB‹jr +V©©Ð¢Ú\¡5ê¬Ð’ºr +V©©Ð¢Ú\¡Uj*Žšv Wh•š +-ª +ÈZ£Î +-©K Vh:*ŽhV +Wh•™ +-¢ +ÈZ¥ŠB‹jr +Öš³BKêÈZ¥ŠB‹jr +V©©Ð¢Ú\¡Uj*Žšv Wh +úR¡u +ä +­RS¡Eµ¹B«ÔThQí@®Ð*5ZT;+ŽÇ5OU¡¥ëH +öŒ°ú|T¡=ŸŽßùÜúí»ÊëíªX¡ +gö +íý›Ú?œûò~û«Q™ýó»¯ïþôî‡ëoÝÙßþÆ?ŽçÙúø/WW7?ýúùÝן>îóÛßù9ÿ‡Ÿ~ž¹ÿþß>þüéݟ÷¿ó—ÏŸ~yUÈ=jãÞÝ=Ÿ +ŸU1^~U¯ŸŒÿpô1œ|¿)󻘳ߔãïb^_|ƒjòw1JÍw1šv £Ô|ƒjòw1FßŐºòw1JÍw1šv £Ô|ƒjòw1JÍw1šv cÔù] +©K £Ô|ƒjòw1JÍw1šv £Ô|ƒjòw1FßŐºâw1 + +ßÅ Yqü]Œ2ó] +¢ +ÈßÅ(5ߊځü]ŒQçw1€.ü]ŒRó] +ª +ÈßÅ(5ߊځü]ŒRó] +ª +ÈßÅõå»P×@þ.F©ù.Õäïb”šïbPí@þ.F©ù.ÕäïbŽÿx¬Ÿ‹¡ëÈw1g×ñxuô]ÌñuüÎïbnnN7w7ü]Ì8³ó·oýúóû/ã;OŸß˜~úËÙ«ž¶ïhŸîùËû/_ÞýŽýŸŸZÚ<œŸ5`^.èõ +ðzûcæÛ¿Å/ÛøÍíÍÙ/èx{óúB`{CêÈÛ¥f{ƒjòöF©ÙޠځŒœQj¶7šv ooŒ:·7€.ŒœQj¶7šv oo”ší +ª +ÈÛ¥f{ƒjâöÆ ÙސÙqžœQäØÞ YqŒœQf¶7ˆv oo”ší +ª +ÈÛ£Îí +©K oo”ší +ª +ÈÛ¥f{ƒjòöF©ÙޠځŒœ1êÜސºòöF©ÙޠځŒœQj¶7šv oo”ší +ª +ÈÛ£Îí +©K oo”ší +ª +ÈÛ¥f{ƒjâöF¡c{ƒfÅáöƐÙÞÙqŒœQf¶7ˆv oo”ší +ª +ÈÛ¥f{ƒjòöÆšs{CêÈÛ¥f{ƒjòöF©ÙޠځŒœQj¶7šv ooŒ:·7€.ŒœQj¶7šv oo”ší +ª +ÈÛ¥f{ƒjòöFš/ÛP×@ÞÞ(5ÛT;·7JÍöÕÄíBÇö͊ãí1çö†Ð%·7JÍöÕäíR³œAµy{£ÔloPí@ÞÞunoH]y{£ÔloPí@ÞÞ(5ÛT;·7JÍöÕäíQçö†Ô%·7JÍöÕäíR³œAµy{£ÔloPí@ÞÞunoH]y{£ÔloPí@ÜÞ(tloЬ8ÞÞ(3ÛD;·7F­5R—@n­)5­5T;[kJMk +Õä֚RÓZCµ¹µfÔÙZ#u ä֚RÓZCµ¹µŠÔŽÖPí@n­)5­5T;[kF­5R—@n­)5­5T;[kJMk +Õä֚RÓZCµ¹µfÔÙZ#u Ä֚BGk +͊ã֚2ÓZCŽ¹µŠÔŽÖPí@n­u¶ÖH]¹µŠÔŽÖPí@n­)5­5T;[kJMk +Õä֚P_Zk ®ÜZSjZkšv ·Ö”šÖª +È­5¥Šµ†jrkížS¥Zkt +i­]ÇãÍQkíø:~çã믞·?šrim?²wÖ +GgíŸÞ}ÿã×ÙPûŸ~ø6œyÿîÏÿÓYSíë«fÚöG§Ó·_âD_/cîŽ~oîN¿Ý²?Ÿâqäì‚_?]üþéôí_X¯®à +﷓읇œí}{ÏÀ·oµ8Ž¢ØqäíéþúƑûQ&+î€Ü~ã¯$¹e²âȧÓݳû$ÇQ&+îmrûñóӝ"ÇQ$;î€Üþ;ø(Éý(“w@ÞoÇï +¹e²âÈí7ÿþÁ‘ûQ&+îà¥Ûoþ#ÇQ$;î€ +¯Ð0d^ÉAdÅñ +9 +™÷qYqü6Cæe +DV +¿ŠCóM +@v +œ‡Ã€ûk8ˆ;‹Â—pmŒƒƒžó0~‡ó+Ž_¿q™|yûÆ1¹Äñ»7 +™WoYqüâ +CæœDV +¿uÐ)þYq\ûälýÙqÜù7d*ÿDV +þ +™Ÿ?‘ÇmCŠìOdÅqÕ_³édÇqÏߐ©ùYq\ò7d:þDV +7ü +™‚?‘‡õ~!ŠÝ` +a·ßx£ÚOÞyû +˜^?‰Ç­~CŠÔOdÅq¥_³ÑdÇqŸß©óYq\æ7dºüDV +7ù +™"?‘Ç5~AÎ? +Ç +~CŠÂOdÅqßéïYqÜÞ7dÊûDV +W÷9›û@v +÷ö +™Ú>‘Ç¥}CŠ³OdÅac߈£°OàyÖõ +—¶>xÆ]}ŠªObÅqQߐééYqÜÒ7dJúDV +Wô9ú@v +÷ó +™z>‘Çå|CŠ›OdÅq3ߐ)æYq\ËälåÙqÜÉ7d*ùDV +ò +™>>‘Çm|CŠŒOdÅqÿ2ùÒÄ?&—8îá25|"+ŽKø†LŸÈŠÃŸGŸÀó0®ß +p¶ïAì8îÞ2Õ{"+Ž‹÷†LïžÈŠãÖœ!Sº'²âžr/ÈÙž²ãžooÈÔ퉬8.Û2]{"+Ž›ö†LўȊ㚜 gË +Ȏ㎜!S±'²âž`oÈô뉬8n×2åz"+Ž«õ‚œÍz ;Ž{õ†L­žÈŠÃRœG§žÀó0nÔ0 +z+Žëô‚œmz ;Ž»ô†L•žÈŠã"œ!Ó£'²âžEoȔ艬8®Ð +r6èì8îÏ2õy"+ŽËó†LwžÈŠãæŒ!Sœ'²âž6/Èٚ²ãž3oÈT扬8.Ì2}y"+ŽÛò†LYžÈŠãªŒ gS +ȎÞŒGMžÀó0.É0 +y+Žò†LAžÈŠãzŒ g; +ȎãnŒ!S'²âžoÈô≬8nÅ2¥x"+Ž+ñ—É—Fü1¹Äqސ©ÃYq\†7dºðDV +7á +™"<‘Ç5ø÷jÁÃE€ÿrÇ +øËø}nœ{~ØŸ_à|Îì%ø§Q‚ÿcÞñŸþø_þWï +Øÿú뻯¿Ž‡»þí‡ëïßýôþ­*êÍÃÓwg×ñÖ +#žŽzñ©§Ò¯#‡Î +‡Õ7.äž¡ÊjbGÕ©£€ÊjbMÕ©£§ÊjbSU©©ª¢ºBYՙ¿µUY<£Ÿª÷Â*‹‡•UgŽÎ*£ +ˆ­U£ÎÚ*©k W:š«¬v vW:Ê«¬v ÖW:ú«¬v 6X•š ++ªK –X:Z¬¬v öX:Š¬¬v VY:º¬¬v ¶Y•š:+ªK Z:­¬v vZ:J­¬v ÖZ:z­¬v 5[:ª­hv +•[ +¹·[™¬8ì·:s\í@¬ž:ut\Yí@l¹*55WT—@,º:u4]Yí@ìº:u”]Yí@¬»:uô]Yí@lŒ*5•WT—@,œ:uŽ^Yí@ìœ:u_Yí@¬Ÿ:ut_Yí@l¿*5õWT—@,À:u4`Yí@ìÀ:u”`Yí@ªÁ:tïÁ²YqԄUäšÂ"ÙqX†uæhÃ2ځ؇uê(IJځX‰uêèIJځ؊Ujj±š.XŒuêhƲځ؍uê(DzځXuêèDzځؐUj*²š.X’uêhɲځؓuê(ʲځX•uêèʲځؖ5ê¬Ë’ºbaÖ©£1ËjbgÖ©£4ËjRmÖ¡{o–ÍŠÃæ¬2SEt Äò¬SG{–ÕÄþ¬SG–ÕÄ +­SG‡–ÕÄ­RS£Eu Ä"­SG“–ÕÄ.­SG™–ÕÄ:­SGŸ–ÕÄF­RS©Eu ÄR­SG«–ÕÄ^­SG±–ÕÄj­SÇÝ]V;ÛµJMœÕ% +¶N + +[V;:¶ÝK¶lV +Öl9z¶Œv 6m•šª-ªK –m:Ú¶¬v öm: +·¬v Vn::·¬v ¶n•šÚ-ªK o:š·¬v vo:Ê·¬v Öo:ú·¬v 6p•š +.ªK –p:Zž¬v öp:Šž¬v Vq:ºž¬v ¶q•š:.ªK r +º7rÙ¬8ìä:s”rí@¬å:uôrYí@læ*5Õ\T—@,ç:uŽsYí@ìç:utYí@¬è:uttYí@léuÖtI]±šëÔÑÔeµ±«ëÔQÖeµ±®ëÔÑ×eµ±± +åRSÙÅë‡Î¯ãñö Ž +×ñû +\}÷t»}ýÈ­Ýqfoí>Öî¿ûëçOŸŸ®×wýôŽßÆxÉ}ÝÂœ¹~>øúöþø|éºÆ¡óëzõ‰]?oÈӛòZ +gY]ÔÛÓã£U÷³Ô†;§æ,ªkàº} +·RÝÏ^P;ð@Ý>†oVê~ö‚ځêö1\[u?{AíÀ·Õí_ÛA§Ž³¬.êíöçÒg©îg/š +x >l0µê~ö‚ځêÓéÁþÿvô‚Yqo“ÛW«ëo6æ8Ëèx nŸÁƒU÷³Ô†kùgœœ vàº} +WVÝÏ^P;ðmõîútõ,¿Ì³¬.êíéþI~Ág/š +x >œ® +­ºŸœ vàºýùØþ[xœœ vàÁëZ¶á^~ÁgY]Ôícž³ê~ö‚ځêoo¯qèþ. +6+ކ#¿àŒ³ÐÄwâ(5/ÅAu Ä×â8uŒ‡ÕÄ7ã8uŒ‡Õėã8uŒ +‡ÕÄ÷ã(5/ÈAu ÄWä8uŒ#‡ÕÄ·ä8uŒ&‡ÕÄå8uŒ)‡ÕÄwå(u®‘I]y¬Ô¬‘Qí@^#+5kdT;×ÈJÍÕä5²Qç™Ô%ÖÈÊÜ×È(ž‡áYcŒbÅñY™Y##ځŒFêËÔ5×ÈJÍÕä5²R³FFµy¬Ô¬‘Qí@^#u®‘I]y¬Ô¬‘Qí@^#+5kdT;×ÈJÍÕä5²Qç™Ô%×ÈJÍÕä5²R³FFµy¬Ô¬‘Qí@\#4kd2;×Ȋ +kd$+Ž×ÈÊÌÑä5²R³FFµylÔ¹F&u ä5²R³FFµy¬Ô¬‘Qí@^#+5kdT;×ÈFkdR—@^#+5kdT;×ÈJÍÕä5²R³FFµylÔ¹F&u ä5²R³FFµy¬Ô¬‘Qí@\#+t¬‘Ѭ8\#2kd";Ž×ÈÊÌÑä5²R³FFµy¬Ô¬‘Qí@^#u®‘I]y¬Ô¬‘Qí@^#+5kdT;×ÈJÍÕä5²Qç™Ô%×ÈJÍÕä5²R³FFµy¬Ô¬‘Qí@^# +õe +êÈkd¥fŒjòY©Y#£ÚžFVèX#£YqŒF6æ\#ºòY©Y#£ÚŒFVjÖÈšv ¯‘•š52ª +Èkd£Î52©K ¯‘•š52ª +Èkd¥fŒjòY©Y#£ÚŒF6ê\#“ºòY©Y#£ÚŒFVjÖÈšv ¯‘•š52ª +Èkd£Î52©K ¯‘•š52ª +ˆkd +Ž52šÇkdefŒhòÙšsLêÈkd¥fŒjòY©Y#£ÚŒFVjÖÈšv ¯‘:×È€.ŒFVjÖÈšv ¯‘•š52ª +Èkd¥fŒjòÙšsLêÈkd¥fŒjòY©Y#£ÚŒFVjÖÈšv ¯‘:×È€.žFVèX#£YqŒFVfÖȈv ¯‘•š52ª +Èkd£Î52©K ¯‘•š52ª +Èkd¥fŒjòY©Y#£ÚŒFêËÔ5×ÈJÍÕä5²R³FFµy¬Ô¬‘Qí@^#lÕ™®#kä³ëxŒ;Z#_Çï|‡ÐöEþîö×ÈãÌŸFÞ~'ö9ò{ÿåëç?~Ýÿêݏ?Ÿÿ2ÞôoŸþuÿO?ÿpýý‡?ýÛçwÛÿú_®î¯Ÿþ8þâÛßþÛûÏ_¶¿yýv_âù»³ë[7§íwáàwü¥Ì¿ŸYf8ûõ +—^_”Pí@.3(5eT;Ë +JM™Õä2ƒQg™Ô%Ë +JM™Õä2ƒRSf@µ¹Ì Ô”Pí@.3u–H]¹Ì Ô”Pí@.3(5eT;Ë + + +e4+Ë +†L™ÈŽã2ƒ2Sf@Ž¹Ì Ô”Pí@.3(5eT;Ë +FeR—@.3(5eT;Ë +JM™Õä2ƒRSf@µ¹Ì`ÔYf u ä2ƒRSf@µ¹Ì Ô”Pí@.3(5eT;Ë +B})3€ºr™A©)3 Ú\fPjÊ +šv –:Ê +hV +—Œ9Ë +„.\fPjÊ +šv —”š2ª +Èe¥ŠÌ€jr™Áš³Ì@êÈe¥ŠÌ€jr™A©)3 Ú\fPjÊ +šv —Œ:Ë +€.\fPjÊ +šv —”š2ª +Èe¥ŠÌ€jr™Áš³Ì@êÈe¥ŠÌ€jb™A¡£Ì€fÅq™A™)3 ځ\f0ê,3ºr™A©)3 Ú\fPjÊ +šv —”š2ª +Èe£Î2©K —”š2ª +Èe¥ŠÌ€jr™A©)3 Ú\f0ê,3ºr™A©)3 Ú\fPjÊ +šv —”š2ª +Èe£Î2©K –:Ê +hV +—”™2¢ +Èe¥ŠÌ€jr™Áš³Ì@êÈe¥ŠÌ€jr™A©)3 Ú\fPjÊ +šv —„úRfu +ä2ƒRSf@µ¹Ì Ô”Pí@.3(5eT;Ë +Ç÷ÖU™®#e†³ëx|8*3 +_Çï|ŽúöGÆ»§;.3Œ3£Ìp=Ê +ÿüþãŸ?|üiÿ‹?ýòË» +m†¯ŸÆßýùÃ×ß¿ÿøõËë§`m÷íá‹ÿúìwÏG`y\ÿ|ØÙõ?ìõ +ÀCÀPí@~˜Ró0T;fÔù0R—@z˜2÷‡€¡x +†SàxŠÇSf +†hòCÀ„úò0P×@~˜Ró0T;ŠÔ< +Õ䇀)5Cµù!`F#u 䇀)5Cµù!`JÍCÀPí@~˜Ró0T;fÔù0R—@~˜Ró0T;ŠÔ< +Õ䇀)5Cµñ!`ÍCÀÈì8|˜"ÇCÀ¬8~˜2ó0D;ŠÔ< +Õ䇀uöfI]¹7«ÔôfQí@îÍ*5œYT;{³JMoÕäÞ¬Qgo–Ô%{³JMoÕäÞ¬RӛEµ¹7«ÔôfQí@îÍuöfI]¹7«ÔôfQí@îÍ*5œYT;{³ + +œY4+{³†Lo–ÈŽãÞ¬2ӛEŽ¹7«ÔôfQí@îÍ*5œYT;{³FœYR—@îÍ*5œYT;{³JMoÕäÞ¬RӛEµ¹7kÔٛ%u äÞ¬RӛEµ¹7«ÔôfQí@îÍ*5œYT;{³B}é͂ºroV©é͢ځܛUjz³šv öf:z³hV +÷f9{³„.Ü›Ujz³šv ÷f•šÞ,ª +ÈœY¥Š7‹jroÖš³7KêÈœY¥Š7‹jroV©é͢ځܛUjz³šv ÷f:{³€.Ü›Ujz³šv ÷f•šÞ,ª +ÈœY¥Š7‹jroÖš³7KêÈœY¥Š7‹jboV¡£7‹fÅqoV™éÍ"ځܛ5êì͒ºroV©é͢ځܛUjz³šv ÷f•šÞ,ª +ÈœY£ÎÞ,©K ÷f•šÞ,ª +ÈœY¥Š7‹jroV©é͢ځܛ5êì͒ºroV©é͢ځܛUjz³šv ÷f•šÞ,ª +ÈœY£ÎÞ,©K öf:z³hV +÷f•™Þ,¢ +ÈœY¥Š7‹jroÖš³7KêÈœY¥Š7‹jroV©é͢ځܛUjz³šv ÷f +úқu +äÞ¬RӛEµ¹7«ÔôfQí@îÍ*5œYT;{³Ç5O՛¥ëHoöì:Ž{³Ç×ñ;vwwºßŸÁÞì83z³7éÍþýËϟFmvû?}ëЮ}›ûÓóÝK›í؛ë£rìÍŠÝ_žÈ +:¿Èלƛ§Ó÷cŒŸŽ7ÔýìµßVo¯O×·R +gY]ÔÛÓÃ͝T÷³Ô†;©Ž³¬.ê˜X)5›-T;7[JÍf +Õä͖R³ÙBµy³eÔ¹Ù"u €Í–2÷ÍŠçažÙRàØl¡XqŒÙRf6[ˆv o¶„ú²Ùu +ä͖R³ÙBµy³¥Ôl¶Pí@Þl)5›-T;7[F›-R—@Þl)5›-T;7[JÍf +Õä͖R³ÙBµy³eÔ¹Ù"u ä͖R³ÙBµy³¥Ôl¶Pí@Þl)5›-T;7[Íf‹ÌŽÃ͖"Çf +Ɋã͖2³ÙBŽy³¥Ôl¶Pí@Þlun¶H]y³¥Ôl¶Pí@Þl)5›-T;7[JÍf +Õä͖Qçf‹Ô%7[JÍf +Õä͖R³ÙBµy³¥Ôl¶Pí@Þlun¶H]y³¥Ôl¶Pí@Þl)5›-T;7[ + +›-4+7[†Ìf‹ÈŽã͖2³ÙBŽy³¥Ôl¶Pí@Þl)5›-T;7[F›-R—@Þl)5›-T;7[JÍf +Õä͖R³ÙBµy³eÔ¹Ù"u ä͖R³ÙBµy³¥Ôl¶Pí@Þl)5›-T;7[B}ÙlºòfK©Ùl¡ÚŒÙRj6[šv n¶:6[hV +o¶Œ97[„.ŒÙRj6[šv o¶”šÍª +ț-¥f³ +jòfËšs³Eêț-¥f³ +jòfK©Ùl¡ÚŒÙRj6[šv o¶Œ:7[€.ŒÙRj6[šv o¶”šÍª +ț-¥f³ +jòfËšs³Eêț-¥f³ +jâfK¡c³ +fÅñfK™Ùl!ځŒÙ2êÜl‘ºòfK©Ùl¡ÚŒÙRj6[šv o¶”šÍª +ț-£ÎÍ©K o¶”šÍª +ț-¥f³ +jòfK©Ùl¡ÚŒÙ2êÜl‘ºòfK©Ùl¡ÚŒÙRj6[šv o¶”šÍª +ț-£ÎÍ©K n¶:6[hV +o¶”™Í¢ +ț-¥f³ +jòfËšs³Eêț-¥f³ +jòfK©Ùl¡ÚŒÙRj6[šv o¶„ú²Ùu +ä͖R³ÙBµy³¥Ôl¶Pí@Þl)5›-T;7[Çã#µÙ¢ëÈfëì: +6[Ç×ñ;7[·×§û§Þl3c³u;ßuðù_žŸÿþýçn®ŸÿÃ×Oøòòw~;ñùýÏïþþºº³·Ï_ä׿•W·G¿—/³žò9[8»òÃÙÂëë8ž- Yq<[Pff +ˆv ÏŒ:g +€.<[Pjf +šv Ï”šÙª +ȳ¥f¶€jòlÁšs¶@êȳ¥f¶€jòlA©™- Ú<[Pjf +šv ÏŒ:g +€.<[Pjf +šv Ï”šÙª +ȳ¥f¶€jòlÁšs¶@êH³eî³ÏÃp¶ À1[@±âx¶ ÌÌí@ž-õe¶êȳ¥f¶€jòlA©™- Ú<[Pjf +šv ÏŒ:g +€.<[Pjf +šv Ï”šÙª +ȳ¥f¶€jòlÁšs¶@êȳ¥f¶€jòlA©™- Ú<[Pjf +šv Î +šÙ™ +‡³EŽÙ’dzef¶€hòlA©™- Ú<[0êœ-ºòlA©™- Ú<[Pjf +šv Ï”šÙª +ȳ£ÎÙ©K Ï”šÙª +ȳ¥f¶€jòlA©™- Ú<[0êœ-ºòlA©™- Ú<[Pjf +šv Î:f +hV +Î +™Ù‘ +dzef¶€hòlA©™- Ú<[Pjf +šv ÏŒ:g +€.<[Pjf +šv Ï”šÙª +ȳ¥f¶€jòlÁšs¶@êȳ¥f¶€jòlA©™- Ú<[Pjf +šv Ï„ú2[u +äقR3[@µy¶ ÔÌPí@œ-(tÌЬ8ž-sÎ]y¶ ÔÌPí@ž-(5³T;g +JÍlÕäقQçlÔ%g +JÍlÕäقR3[@µy¶ ÔÌPí@ž-uÎH]y¶ ÔÌPí@ž-(5³T;g +JÍlÕäقQçlÔ%g +JÍlÕÄقBÇl͊ãق23[@Žy¶`Ô9[ u äقR3[@µy¶ ÔÌPí@ž-(5³T;g +F³R—@ž-(5³T;g +JÍlÕäقR3[@µy¶`Ô9[ u äقR3[@µy¶ ÔÌPí@ž-(5³T;g +F³R—@œ-(tÌЬ8ž-(3³D;g +JÍlÕäقQçlÔ%g +JÍlÕäقR3[@µy¶ ÔÌPí@ž-õe¶êȳ¥f¶€jòlA©™- Ú<[Pjf +šv Ïšk/f +t +™-œ]ÇãÓÑláø:–ÙÂÍ +ÙÂõÓöO5¯ö#cŽp7F +ÿõýç¿|úüË»?ŸßÿÆ×_?Ÿõ²™»»Óã·^ýt^ÿŸÝnŽ9Ø(̗W +_æ|wÅËe +¿ºâÕUÀ›+ˆ¬8~o + çk+€ì8~i +!3þ ²âpúaıü ð<ŒwÌìƒÄŠãч çæȎãŇ!3ø ²âxîaȬ=ˆ¬8Þz2S"+Ž‡ +‚œ; ;ŽW +†ÌȃȊ㉇!³ð ²âxßaÈÌ;ˆ¬8 +wrn;€ì8^v2Ã"+Žg +†ÌªƒÈŠãM‡!3é ²âxÐ!ȹç²ãhÍaÀ}ÌAÜYN9Œ6– +ĝ‡ñŽÃ€™qXq<âžLŸl8ŽÉ%Ž +†Ì€ƒÈŠãù†!³Þ ²âx»aÈL7ˆ¬8 +nrî6€ì8^m2£ +"+Ž'†ÌbƒÈŠãœ†!3× ²âx¬!ȹղãx©aÈ +5ˆ¬8ži2+ +"+Ž7†ÌDƒÈŠÃ†³Ï°ÂpaŒ1Î ï<Œ§Ì2ƒÄŠã]†!3Ë ²âx”!ȹɲãx‘aÈ +2ˆ¬8žc2k +"+Ž·†ÌƒÈŠã!† çȎã†!3 ²âx‚aÈ,0ˆ¬8Þ_2ó +"+ŽÇ‚œÛ + ;Ž—†Ìð‚ÈŠãÙ +!³º ²âpsaÄ1¹ ð< +ÂËÞŒ +ãµ +3¶ ±âxjaÈ,-ˆ¬8ÞY23 +"+ŽG‚œ + ;Ž†ÌÀ‚ÈŠãy +!³® ²âx[aÈL+ˆ¬8 +Vrî*€ì8^U2£ +"+Ž'†Ì¢‚ÈŠã= +!3§ ²âxLq™|ÙR +“K +/) +™!‘Ç3 +CfEAdÅá†ÂˆcBAày(8÷ v +¯' +™ñ‘ÇÓ Cf9AdÅñn™MYq<šäÜLÙqŒ˜0dDV +Ï% +™µ‘Ç[ Cf*AdÅñPBs'dÇñJIYq<‘0dDV +ï# +™y‘ÇãAÎm +ÇËCfAdÅá,ˆcAàyo" +˜I‰ǃAÎ= +ÇkCf +AdÅñYBYqŒƒ0dfDV + 97@v +/ +™‘ÇóCfý@dÅñöÁ™>Yq<|äÜ=ÙqŒz0dFDV +O + +™Å‘Ç{Cfî@dÅñØAsëdÇáÒÁˆcè@àyÏ + +˜•‰ÇCfâ@dÅñÀAsßdÇñºÁ7Yqý÷/ûüË7÷߯[ø÷ÿãëûÏßÞ¿ðñÝÏcí°ýåÓ÷Ÿ~ÚþÇ÷ï~ùòº–Ÿ]åóõwg²^í·›Ï‡¯bÝxøu€ +öË8nÇ¿Ÿ +šÇ#ځ\7êlȓºrG^©)ɣځ\“Wjzòšv 7啚ª<ª +Èey£Î¶<©K ÷啚Â<ª +ȕy¥Š3jrk^©©Í£Ú\œ7êlΓºrw^©)ϣځ\ŸWjúóšv 7蕚 +=ª +È%z£Î=©K õ蕹éQ<Ã*œG— +Ŋã6œ2S§GŽ¹P/ԗF=šk wꕚR=ª +ȵz¥ŠWjr³^©©Ö£Ú\®7êlדºr¿^©)أځ\±Wj:öšv ·ì•šš=ª +ÈE{£ÎŠ=©K w핚²=ª +Èu{¥Šojrã^©©Ü£ÚXº7hZ÷dv +öî9Š÷HV +Wî=¢ +Èí{¥Š~jrßš³OêÈ +|¥Š„jr +_©éá£ÚÜÄWjªøšv —ñ:Ûø€.ÜÇWj +ùšv Wò•šN>ª +È­|¥Š–jr1ßš³™OêÈÝ|¥Šœjr=_©éç£ÚØÐWèšè£YqXÒ7dZúDv +÷ô•™¢>¢ +ÈU}¥Š«jr[_©©ë£Ú\Ø7êl쓺rg_©)í£Ú\ÛWjzûšv 7÷•šê>ª +Èå}£Îö>©K ÷÷•š?ª +È~¥ŠÃjr‹_©©ñ£Ú\äêK“Ô5»üJM™Õä:¿RÓçGµ±Ñ¯ÐQéG³âžÔoÌÙê't ä^¿RSìGµ¹Ú¯ÔtûQí@n÷+5õ~T; +þF +R—@îø+5%T;kþJMÏÕ䊿RSõGµ¹ìoÔÙö'u 䟿RSøGµ¹ò¯ÔtþQí@ný+5µT;‹ÿFÍR—@îþ+5åT;ëÿ + +ý4+ŽÊÌÑä€Qç +€Ô%wJÍÕä)€R³@µy + ÔÌPí@ +u.H]y ÔŒPí@ž(5»T;—JÍ4Õäq€Qç:€Ô%÷JÍ@Õ䉀R³@µy% ÔÌPí@ + +u.H]q+ Ð1@³âx. Ììí@^ +(5“T;GF«R—@Þ +(5ÃT;§JÍvÕäõ€R3@µy@ ԗšk o”šª +È3¥fG€jò’@©™ Ú<&8®œ«5]Gæg×ñtuŽ'8ŸŽ³·"|Üò[n·[=ßÝãkrf\çµþöþÕ<àzû÷üö¯ÝïÎbßx +ÂÍÑ[®ŸnOO××.k +:¿¬Óë +y8Ý^]¿u!ošûÙ +j +šO§Çç©îg/š +ø¶úŒý³·ý±_©ã,«Kàz{z|Žê~ö‚ځêÃéæáNªûÙ +j +šÛÇp/Õýìµßnã^mÝSsÕ5ð@Ý>†Û©îg/š +x nÃöåÔýìµÔícž¶ê~ö‚ځo«Û¿é·ƒN +gY]ÔÛíàÏRÝÏ^P;ð@}Øþ +nÕýìµԧӃý +þíè³âÞ&·/Ì׏î +NÎ2º +šÛgð`ÕýìµÔí3ž¿‘ê~ö‚ځêö)ÜÝJu?{AíÀ·ÕÛícž•ê8Ëêx nÃ͝T÷³Ô||÷ç_>| +çÇÏþöõõÃS®·|žŸ;#_ÿî==ß]|M)\ò|MéÙ%¿Šôõ +À³cPí@~vŒRóìT;Ÿ +cÔùìR—@~vŒRóìT;Ÿ +£Ô<;ÕägÇ(5ώAµùÙ1FÏŽ!u ägÇ(5ώAµùÙ1JͳcPí@~vŒRóìT;Ÿ +cÔùìR—@zvŒ2÷gÇ x +†ÏŽQàxv +ŠÇώQfž +ƒhò³c„úòìP×@~vŒRóìT;Ÿ +£Ô<;ÕägÇ(5ώAµùÙ1FÏŽ!u ägÇ(5ώAµùÙ1JͳcPí@~vŒRóìT;Ÿ +cÔùìR—@~vŒRóìT;Ÿ +£Ô<;ÕägÇ(5ώAµñÙ1ͳcÈì8|vŒ"dzc¬8~vŒ2óìD;Ÿ +£Ô<;ÕägÇu>;†Ô%Ÿ +£Ô<;ÕägÇ(5ώAµùÙ1JͳcPí@~vŒQç³cH]ùÙ1JͳcPí@~vŒRóìT;Ÿ +£Ô<;ÕägÇu>;†Ô%Ÿ +£Ô<;ÕägÇ(5ώAµñÙ1 + +ώA³âðÙ1†Ì³cˆì8~vŒ2óìD;Ÿ +£Ô<;ÕägÇ(5ώAµùÙ1FÏŽ!u ägÇ(5ώAµùÙ1JMQÕ䲶RS×Fµ¹²mÔYÚ&u äâ¶RSÝFµ¹Ÿ­ÔžQí@.q+55nT;«ÜB})sƒºr¡[©©t£Ú\ëVjŠÝšv –»:êÝhV +WŒ9Kބ.\ôVjªÞšv ל•šÂ7ª +È¥o¥ŠöjrõÛš³üMêÈp¥ŠŽjr +\©)‚£Ú\Wjêàšv W:Ká€.\ +Wjªášv ×՚‚8ª +È%q¥Š&ŽjrUÜš³,NêÈ +q¥Š2Žjbm\¡£8ŽfÅqy\™©#ځ\!7ê,‘“ºr‘\©©’£Ú\'Wj +åšv —Ê•šZ9ª +ÈÕr£Îr9©K ̕šŠ9ª +È5s¥ŠhŽjrÙ\©©›£Ú\97ê,“ºrñ\©©ž£Ú\?Wj +èšv —Еš:ª +ÈUt£Î2:©K Ò:*éhV +×ҕ™b:¢ +Èåt¥ŠžŽjrEÝš³€NêÈEu¥ŠªŽjr]]©)¬£Ú\ZWjjëšv W× +úR^u +ä»RSaGµ¹Æ®ÔÙQí@.³+5uvT;+íTË¥vºŽÔÚϋäwGÅöãëøÏŽ¹~8]mŸ4>=fœùvEÏÿ?žóõý»Ÿ¿þõUçðþiûnú黳+Y/÷æ·ÿº5Þ¯OW¿}ÿ’ +:ÿ•ŒÑ=µø×={T;{öJMÏ +Õ䞜RÓ³Gµ¹goÔÙ³'u 䞜RÓ³Gµ¹g¯ÔôìQí@îÙ+5={T;{öF={R—@îÙ+5={T;{öJMÏ +Õ䞜RÓ³Gµ¹goÔÙ³'u €žœ2÷ž=ŠçaسWàèÙ£XqܳWfzöˆv ÷ì +úÒ³u +䞜RÓ³Gµ¹g¯ÔôìQí@îÙ+5={T;{öF={R—@îÙ+5={T;{öJMÏ +Õ䞜RÓ³Gµ¹goÔÙ³'u 䞜RÓ³Gµ¹g¯ÔôìQí@îÙ+5={T;{öMϞ̎Þœ"GÏ +ÉŠãžœ2Ó³GŽÿ¿ÎÎeIŽ+ÁŽ¿ÒK`¡²ÊzC;=Ì$-d&3>€Ó +uӆ1Ý6ü{e"ï¹çV +‡6$›}é +UT€ã‘Œ³WÖììÑÚ@ÞÙëÜٓuòÎ^Y³³Gkyg¯¬ÙÙ£µŒ³WÖììÑÚ@ÞÙëÜٓuòÎ^Y³³Gkyg¯¬ÙÙ£µŒ³WÖììÑÚ@ÞÙëÜٓuòÎ^Y³³Gkyg¯¬ÙÙ£µž³WÒ±³Ggápgo”Ùٓ²qŒ³WÎììQÚ@ÞÙ+kvöhm ïì•5;{Ž6wöÆ:wöd]€Œ³WÖììÑÚ@ÞÙ+kvöhm ïì•5;{Ž6wöÆ:wöd]€Œ³WÖììÑÚ@ÞÙ+kvöhm ïì•5;{Ž6wöÂzÛكuòÎ^Y³³Gkyg¯¬ÙÙ£µž³WÒ±³GgáxgoœsgOÒÈ;{eÍÎ +­ +䝜²fgÖòÎ^Y³³Gkygo¬sgOÖÈ;{eÍÎ +­ +䝜²fgÖòÎ^Y³³Gkygo¬sgOÖÈ;{eÍÎ +­ +䝜²fgÖòÎ^Y³³Gkygo¬sgOÖÈ;{eÍÎ +­ +ĝœ’Ž=: +Ç;{åÌÎ +¥ +䝜±Î=Y ïì•5;{Ž6wöʚ=ZÈ;{eÍÎ +­ +䝜±Î=Y ïì•5;{Ž6wöʚ=ZÈ;{eÍÎ +­ +䝜±Î=Y ïì•5;{Ž6wöʚ=ZÈ;{eÍÎ +­ +䝜±Î=Y îì•tììÑY8ÞÙ+gvö(m ïì•5;{Ž6wöÆ:wöd]€Œ³WÖììÑÚ@ÞÙ+kvöhm ïì•5;{Ž6wöÂzÛكuòÎ^Y³³Gkyg¯¬ÙÙ£µŒ³WÖììÑÚ@ÞÙïÁÕΞ®#;ûÍuŒœìíì÷¯cy„üÃÁ#äÏ?Ÿ^^ùòãÌugŸGÈÿ÷ÿòã/œþó·ŸÞ>}ýù×o#bøÛçÓ§_ÿöûGo±pù¥›ÿßõ³\€ëŸåÂæúwË +÷×±_. ³pøŠ +Î9Þt¥ +äxÁXgŒ@ÖÈñ‚²&^@k9^PÖÄ +hm Ç +ʚx­ +äxÁXgŒ@ÖÈñ‚²&^@k9^PÖÄ +hm Ç +ʚx­ +äxÁXgŒ@ÖÈñ‚²&^@k9^PÖÄ +hm Ç +ʚx­ +äxÁXgŒ@ÖHñ‚r^ã4na/(áˆÐX8Ž”3ñJÈñ‚°Þâ°®@Ž”5ñZÈñ‚²&^@k9^PÖÄ +hm Ç +Æ:ã².@Ž”5ñZÈñ‚²&^@k9^PÖÄ +hm Ç +Æ:ã².@Ž”5ñZÈñ‚²&^@k9^PÖÄ +hm Æ +FšxœÃxA)GŒ€ÊÂqŒ œ‰PÚ@Ž”5ñZÈñ‚±Îx¬ +ãeMŒ€ÖrŒ ¬‰ÐÚ@Ž”5ñZÈñ‚±Îx¬ +ãeMŒ€ÖrŒ ¬‰ÐÚ@Ž”5ñZÈñ‚±Îx¬ +ãeMŒ€ÖrŒ ¬‰ÐÚ@Œ”tÄ +è, +Æ +F™x”ãxA9/ Ž +/(kâŽ6ãeMŒ€ÖrŒ`¬3^ ëäxAY/ µ +/(kâŽ6ãeMŒ€ÖrŒ`¬3^ ëäxAY/ µ +/(kâŽ6ãeMŒ€ÖrŒ ¬·x¬+ãeMŒ€ÖrŒ ¬‰ÐÚ@Œ”tÄ +è, +Ç +Æ9ã’.@Ž”5ñZÈñ‚²&^@k9^PÖÄ +hm Ç +Æ:ã².@Ž”5ñZÈñ‚²&^@k9^PÖÄ +hm Ç +Æ:ã².@Ž”5ñZÈñ‚²&^@k9^PÖÄ +hm Ç +Æ:ã².@Ž”5ñZˆñ‚’Žx +ãxA9/ Ž +/ëŒȺ9^PÖÄ +hm Ç +ʚx­ +äxAY/ µ +/ëŒȺ9^PÖÄ +hm Ç +ʚx­ +äxAY/ µ +/ëŒȺ9^PÖÄ +hm Ç +ʚx­ +äxAY/ µ +/ëŒȺ1^PÒ/ ³p +/(gâ”6ãeMŒ€ÖrŒ`¬3^ ëäxAY/ µ +/(kâŽ6ãeMŒ€ÖrŒ ¬·x¬+ãeMŒ€ÖrŒ ¬‰ÐÚ@Ž”5ñZÈñÂþÖ^Å +t +‰6×ñåŽ/ì_ÇæM.ñÂãÁ›.œ¿eŒ|á7]gFŒpùÂÿüúío¿þåúÏÿé?^ÿþOyã +¿\چϧûOüüõóéS‡ßÿøýÛןßÏÓ^îŸÜ¿ýis1ï?»O{ïÁp[¬Á3k›f±öþB`±FÖȋ5eÍb +­ +äŚ²f±†ÖòbMY³XCky±f¬s±FÖȋ5eÍb +­ +äŚ²f±†ÖòbMY³XCkq±f€Y¬‘³qžXSʱXCeáx±ŠœY¬¡ŽŒXSÖ,ÖÐÚ@^¬ë\¬‘uòbMY³XCky±Š¬Y¬¡µŒXSÖ,ÖÐÚ@^¬ë\¬‘uòbMY³XCky±Š¬Y¬¡µŒXSÖ,ÖÐÚ@^¬ë\¬‘uòbMY³XCky±Š¬Y¬¡µžXSÒ±XCgáp±f”Y¬‘²qŒXSÎ,ÖPÚ@^¬)kkhm /֔5‹5Ž6kÆ:kd]€ŒXSÖ,ÖÐÚ@^¬)kkhm /֔5‹5Ž6kÆ:kd]€ŒXSÖ,ÖÐÚ@^¬)kkhm /֔5‹5Ž6kÂz[¬uòbMY³XCky±Š¬Y¬¡µžXSÒ±XCgáx±fœs±FÒȋ5eÍb +­ +äŚ²f±†ÖòbMY³XCky±f¬s±FÖȋ5eÍb +­ +äŚ²f±†ÖòbMY³XCky±f¬s±FÖȋ5eÍb +­ +äŚ²f±†ÖòbMY³XCky±f¬s±FÖȋ5eÍb +­ +ÄŚ’ŽÅ: +Nj5åÌb +¥ +䌱ÎÅY /֔5‹5Ž6kʚÅZȋ5eÍb +­ +䌱ÎÅY /֔5‹5Ž6kʚÅZȋ5eÍb +­ +䌱ÎÅY /֔5‹5Ž6kʚÅZȋ5eÍb +­ +䌱ÎÅY .֔t,ÖÐY8^¬)gk(m /֔5‹5Ž6kÆ:kd]€ŒXSÖ,ÖÐÚ@^¬)kkhm /֔5‹5Ž6kÂz[¬uòbMY³XCky±Š¬Y¬¡µŒXSÖ,ÖÐÚ@^¬ÑŠJ,Öè:²XÛ\Çþbmÿ:6‹µëo+ñbíééü=óbmœ‹µ‡kÿy]¬ýò÷??<úÇçÓó§ñïþõ‡?>}ú—þ:þ÷Ï?ürþçß>šÜœN_þŽ¹Ž÷Oâ}yÞ{ïm +Ú\ál>ŽýÎû +Zˆ+ +#Í +‡œÃŽRŽ* +Ç+ +åÌ +¥ +䎲f +ƒÖò +ÇXç +‡¬ +W8ʚZÈ+ +eÍ +­ +䎲f +ƒÖò +ÇXç +‡¬ +W8ʚZÈ+ +eÍ +­ +䎲f +ƒÖò +ÇXç +‡¬ +W8ʚZÈ+ +eÍ +­ +ÄŽ’Ž: +‡+ +£Ì +‡”ãŽrf +ƒÒò +GY³ÂAky +£¬Yá µŒÂ1Ö¹Â!ë䎲f +ƒÖò +GY³ÂAky +£¬Yá µŒÂ1Ö¹Â!ë䎲f +ƒÖò +GY³ÂAky +£¬Yá µŒÂÖÛ +¬+W8ʚZÈ+ +eÍ +­ +ÄŽ’Ž: +Ç+ +ãœ+ +’.@^á(kV8hm ¯p”5+ +Ž6W8ʚZÈ+ +c+ +².@^á(kV8hm ¯p”5+ +Ž6W8ʚZÈ+ +c+ +².@^á(kV8hm ¯p”5+ +Ž6W8ʚZÈ+ +c+ +².@^á(kV8hm ®p”t¬pÐY8^á(gV8(m ¯pŒu®pȺy +£¬Yá µŒÂQÖ¬pÐÚ@^á(kV8hm ¯pŒu®pȺy +£¬Yá µŒÂQÖ¬pÐÚ@^á(kV8hm ¯pŒu®pȺy +£¬Yá µŒÂQÖ¬pÐÚ@^á(kV8hm ¯pŒu®pȺq +£€c +ƒÎÂñ +G9³ÂAiy +£¬Yá µŒÂ1Ö¹Â!ë䎲f +ƒÖò +GY³ÂAky +£¬Yá µŒÂÖÛ +¬+W8ʚZÈ+œýµ-Sî_î +þ€0‡z²;MÙ¿å Þ úáíüzûÀï=Î|¿€/_æÆÙkw¬çÛð,_æÆÙk?¶ŸoÓŽŽ³l]€;Öómx”/sã쁵;Öómx/sã쁵;Öóm8Yëõ쁵[¿œoÃœ|™gÙºw¬çÛ —“Æ-lÇ÷|gÉz=z`,܎òíîñMŸÀ³Ò~<¹»¿¿{{u/59‹Öžc}Œ{|±ÖëÙkw¬ç»ðü(­×³ÖîXÇSɕ59Gkù1çÆ:sNÖȏ9WÖ<æ +­ +äǜ+k +sŽÖòcΕ59Gkù1çÆ:sNÖȏ9WÖ<æ +­ +äǜ+kKŽ6KeM`‰Öb`i€ ,ÉÙ8 +,•r–š, +–Ê™À¥ +äÀRYX¢µ +Xë +,ɺ9°TÖ–hm –ÊšÀ­ +äÀRYX¢µ +Xë +,ɺ9°TÖ–hm –ÊšÀ­ +äÀRYX¢µ +Xë +,ɺ9°TÖ–hm –ÊšÀ­ +ÄÀRIG`‰ÎÂa`i” ,IÙ8,•3%Jȁ¥²&°Dk9°TÖ–hm –Æ:K².@,•5%Zȁ¥²&°Dk9°TÖ–hm –Æ:K².@,•5%Zȁ¥²&°Dk9°TÖ–hm –Âz +,Áº9°TÖ–hm –ÊšÀ­ +ÄÀRIG`‰ÎÂq`iœ3°$éäÀRYX¢µ +X*kKŽ6KeM`‰Ör`i¬3°$ëäÀRYX¢µ +X*kKŽ6KeM`‰Ör`i¬3°$ëäÀRYX¢µ +X*kKŽ6KeM`‰Ör`i¬3°$ëäÀRYX¢µX*é,ÑY8,•3%Jȁ¥±ÎÀ’¬ +KeM`‰Ör`©¬ ,ÑÚ@,•5%Zȁ¥±ÎÀ’¬ +KeM`‰Ör`©¬ ,ÑÚ@,•5%Zȁ¥±ÎÀ’¬ +KeM`‰Ör`©¬ ,ÑÚ@,•5%Zȁ¥±ÎÀ’¬ +K% +%: +ǁ¥r&°Di9°TÖ–hm –Æ:K².@,•5%Zȁ¥²&°Dk9°TÖ–hm –Âz +,Áº9°TÖ–hm –û¥  +,ñ:F`¹­ïŸ÷Ëý +Ù<ûûX> +<ûûtçᓿ¿ŸqeòÊÿóûå Þ˵Î?1_/ß + +ùŸŠ|Ÿß{d÷éËù3øý»Ÿý+GnWt÷þ +ϗðøþ>ð]O¢o +ÛñœÜ=Œ<)ßõ$ú¶° +ßùŸ_Ÿ)ŸëIôma;¹æèW}· +v××0Na +/!,ø¶0Ž` +/ ,ø¶0Î_ +/ñ+ø¶0_}3{Ý÷Œ“WáKð +Ÿ-ŒcWáKê +Ÿ- +3W¡‘+Ø6(\m3oÝ׌ÓVáKØ +Ÿ-Œ£VáKÒ +Ÿ-ŒsVáKÌ +Ÿ-ŒCÖcßÌX÷}ã„Uø°‚o +ãxUø’®‚o +ãlUø­‚o +ã`õØ7sÕ}_Á8UŸ„ªàÛÂ8RŸ$ªàÛÂ8OŸÄ©àÛÂ8L=öÍ,ußW0NR +/A*ø¶0ŒQ +n€š`Û 8C¶Dš ÛÂ8@=öÍütßW0NO +/á)ø¶0ŽN +/É)ø¶0ÎM +/±)ø¶0M}33Ý÷ŒSáK` +Ÿ-ŒãRáKZ +Ÿ-Œ³RáKT +Ÿ-ŒƒÒcßÌI÷}ã”Tø’‚o +ãˆTø’‚o +ã|Tø‚o +ãpôØ7³Ñ}_Á(¶k0 +®cQ¡©(ž6(ÎD +-‘(è¶0D}·Ÿ€‡àÛÂ8;ŸD‡àÛÂ88<öÍÜpßW0L + +n„†`Û 82¶$† ÛÂ8/ŸÄ +àÛÂ8,<öͬpßW0N + +/A!ø¶0Ž +/)!ø¶0Î +/!ø¶0}·|p××0N +/á ø¶0Ž÷r8• +ÂŒ`ðÖçíç‚{—°‰/¿q +^~oëésÁqfƒ#ü¿|ûúùôü鯷7eüõÿ^ÿþío_¯ÿðýÀ¿]þòõÏÿöÃ?ÿôõ£QéÃåׇ· +yߟ|yÛ{Ëƹ4 +dnM7ÈþÚôý +ÀÞ­ +äÍ©²fuŠÖòòTY³=Ekyj¬sJÖÈ+TeÍ­ +ä-ª²fŠÖò"UY³IEky—j¬s™JÖHëTåŒîSÑž +áFU ÇJ +㥪rf«ŠÒò^UXo‹U°®@^­*kv«hm oW•5ëUŽ6¬Êš ++ZÈ;VcKV².@^³*kö¬hm oZ•5«VŽ6—­Êšm+ZÈûVc +W².@^¹*kv®hm o]•5kWŽ6¯ÊšÍ+Zˆ»W#Íò•œÃõ«RŽý+* +ÇXåÌ +¥ +ä%¬²f +‹Öò +ÖXç"–¬ +W±Êš],ZÈÛXeÍ:­ +ä +¬²f#‹ÖòNÖXçR–¬ +×²Êšœ,ZțYeÍj­ +ä嬲f;‹Öò~ÖX炖¬ +WŽÊš +-ZÈ[Ze͚­ +ÄE­’ŽM-: +‡»Z£Ì²–”ãu­rf_‹ÒòÆVY³²Ekyi«¬ÙÚ¢µŒ·5Ö¹ž%ëäÕ­²fw‹ÖòöVY³ŸEky«¬ÙࢵŒÃ5Ö¹Ä%ëä5®²f‹Öò&WY³ÊEky™«¬Ù梵ŒÏÖÛB¬+WºÊš.ZÈ[]eÍZ­ +ÄÅ®’ŽÍ.: +Ç»]ãœË]’.@^ï*kö»hm ox•5+^Ž6—ŒÊš-/ZÈ{^c‹^².@^õ*kvœhm o{•5ë^Ž6ŸÊš/ZÈ;_cK_².@^û*köŸhm o~•5«_Ž6—¿Êší/ZÈû_c +`².@^+kvÀhm n•t¬ÑY8^+g6Á(m u.ƒÉºy +¬¬Ù£µŒVÖ¬„ÑÚ@^ ++k¶Âhm ï +u.†Éºy5¬¬Ù +£µŒ +VÖ¬‡ÑÚ@^+k6Ähm u.‰ÉºyM¬¬Ù£µŒ)VÖ¬ŠÑÚ@^+k¶Åhm u.ŒÉºqe¬€cgŒÎÂñÖX9³6Fiyq¬¬Ù +£µŒ;6Ö¹<&ëäõ±²fŒÖòYY³BFky‰¬¬Ù"£µŒGÖÛ"¬+WÉʚ]2ZÈÛäý!­Z'ãuŒ}òvŒ¿PÞ¿e£|âòéüSø|»q£œ3c£ü86Êÿ姿þòmw‹üýßÿxÛ1>}úöÇû±ìå1í7Å×úðý]YöÊc+LFm?ŒÝ­ð²¿fkq+ì¬c+ÌÖâVXY³FëÄ­°³Ž­0[ˆ[ag +[a¶6·ÂÎ:¶Âlm n +•5[aŽ.@Ø +;ç÷­0·0Ú +;áu+ÌÆÂáVØ9ÇV˜¥ +Ä­°±Î­0YW n +ul +ÙÚ@Ü +;ëØ +³µžvÖ±fkq+¬¬Ù +£uâVØYÇV˜­ +Ä­°³Ž­0[ˆ[ag +[a¶6·Âʚ­0Z n +ul +ÙÚ@Ü +;ëØ +³µžvÖ±fki+¬€c+ŒÎÆÑVØ)¯[aV·ÂÎ9¶Â,m n +ul +ÙÚ@Ü ++k¶Âh]€žvÖ±fkq+ì¬c+ÌÖâVØYÇV˜­ +Ä­°²f+ŒÖˆ[ag +[a¶6·ÂÎ:¶Âlm n +ul +ÙÚ@Ü ++k¶Âh]€žvÖ±fkq+ì¬c+ÌÖÒVØI¯[avŽ¶ÂJ9¶Âšl +n +sl +YÚ@Ü +;ëØ +³µžvÖ±fkq+¬¬Ù +£uâVØYÇV˜­ +Ä­°³Ž­0[ˆ[ag +[a¶6·Âʚ­0Z n +ul +ÙÚ@Ü +;ëØ +³µžvÖ±fkq+l¬s+LÖˆ[ag +[a¶6·ÂÎ:¶Âlm m +ôºfgáp+¬œÙ +£tâVØYÇV˜­ +Ä­°³Ž­0[ˆ[ag +[a¶6·Âʚ­0Z n +ul +ÙÚ@Ü +;ëØ +³µžvÖ±fkq+¬¬Ù +£uâVØYÇV˜­ +Ä­°³Ž­0[ˆ[agÍŸ£µžVÖl +Ѻq+ì¬c+ÌÖÒVØI¯[av·ÂÎ9¶Â,m n +•5[aŽ.@Ü +;ëØ +³µžvÖ±fkq+ì¬c+ÌÖâVXY³FëÄ­°³Ž­0[ˆ[ag +[a¶6·ÂÎ:¶Âlm n +•5[aŽ.@Ü +;ëØ +³µžvÖ±fkq+ì¬c+ÌÖâVXY³F뀭°“^·Âì, +n +sl +YÚ@Ü +;ëØ +³µžVÖl +Ѻq+ì¬c+ÌÖâVØYÇV˜­ +Ä­°³Ž­0[ˆ[ac[a²®@Ü +;ëØ +³µž†I«Ù +óu\Õ0÷þug+ +òïÜ +¿>Ý=Ÿ_oq+<Ό­ðÓØ +ÿS +Züû×ßþñ}&üÛ»‘ÝýÛÝå×ç7ÉÏ*~ÙûŒ]þë×ï¿ +™Cۋ|?ö»<†ùþí£ +yo +gÙºw¬çW‚/Òz={`màŽõåüR`­×³ÖîXßî^ì'øûÑgá>Vž*œ.¯>Æ9βtîXÏ÷àÅZ¯g¬ +ܱžïÁóƒŽ^Ï +Xžc=ß +Ë«²^Ï +Xø±õñÒHë8ËÖžc=߆‡'iœž=°6pÇzŸ +§giœž=°6pÇzŸ +÷Öz={`màÇÖ§ÓÝý—g +gÙºw¬wÏo¯Òz={`màŽõåîþÕZ¯g¬ +ܱŸÝ=Û¯Âã쁵[ŸÏ·áYŸàŒ³l]€;Öómx²ÖëÙkw¬çÛ ¿H\ +8 +·£<߃Gù‚3Î +Hø±õå| +€uœeëܱžïÁIŸÌ³ÖîXÏwáÞZ¯g¬ +ܱŸ¿ +—/sã쁵;uÚõ­=”5ï‚Öˆïâ¬éÿÐÚ@îÿ”5ýZÈýŸ²ŠÿCk¹ÿ3ÖÙÿ‘urÿ§¬éÿÐÚ@îÿ”5ýZÈýŸ²ŠÿCk¹ÿ3ÖÙÿ‘uRÿ§œ×þ[öJ8ú?4Žû?åLÿ‡Òrÿ'¬·þ¬+û?eMÿ‡Örÿ§¬éÿÐÚ@îÿ”5ýZÈýŸ±Îþ¬ +û?eMÿ‡Örÿ§¬éÿÐÚ@îÿ”5ýZÈýŸ±Îþ¬ +û?eMÿ‡Örÿ§¬éÿÐÚ@îÿ”5ýZˆýŸ‘Šÿ#gã°ÿSÊÑÿ¡²pÜÿ)gú?”6û?eMÿ‡Örÿg¬³ÿ#ëäþOYÓÿ¡µÜÿ)kú?Ž6û?eMÿ‡Örÿg¬³ÿ#ëäþOYÓÿ¡µÜÿ)kú?Ž6û?eMÿ‡Örÿg¬³ÿ#ëäþOYÓÿ¡µÜÿ)kú?Ž6û?% +ý: +‡ýŸQŠÿ#eãžÿSÎô(m ÷ʚþ­ +äþOYÓÿ¡µÜÿëìÿȺ¹ÿSÖôhm ÷ʚþ­ +äþOYÓÿ¡µÜÿëìÿȺ¹ÿSÖôhm ÷ʚþ­ +äþOYÓÿ¡µÜÿ ë­ÿë +äþOYÓÿ¡µÜÿ)kú?Ž6û?% +ý: +ÇýŸqÎþ€ +û?eMÿ‡Örÿ§¬éÿÐÚ@îÿ”5ýZÈýŸ±Îþ¬ +û?eMÿ‡Örÿ§¬éÿÐÚ@îÿ”5ýZÈýŸ±Îþ¬ +û?eMÿ‡Örÿ§¬éÿÐÚ@îÿ”5“XŽ6û?cýY ÷ʚþ­ +ÄþOIGÿ‡ÎÂqÿ§œéÿPÚ@îÿŒuöd]€Üÿ)kú?Ž6û?eMÿ‡Örÿ§¬éÿÐÚ@îÿŒuöd]€Üÿ)kú?Ž6û?eMÿ‡Örÿ§¬éÿÐÚ@îÿŒuöd]€Üÿ)kú?Ž6û?eMÿ‡Örÿ§¬éÿÐÚ@îÿŒuöd]€Øÿ)éèÿÐY8îÿ”3ýJÈýŸ²ŠÿCk¹ÿ3ÖÙÿ‘urÿ§¬éÿÐÚ@îÿ”5ýZÈýŸ²ŠÿCk¹ÿÖ[ÿÖÈýŸ²ŠÿCk¹ÿÛÙTÿ‡×1ú¿ml·ßÿí_ÈÒÿ= +ô/§»ç/OÜÿ3£ÿ{ +ýßûúË×ß~øiœÂÓùÏÓå+ýüþsõxŸö?Y§/ow¯ß¿7¡+‡¶Wö~áwŸ'OÏ]È©áõ,ZWàŽõñîõñEZ¯g¬ +ܱŸÜ=\Ÿ•PÖëÙkw¬£œTÖĜhm ǜÆ:cN².@Ž9•51'ZÈ1§²&æDk1æTÒs¢³p +sçŒ9Iº9æTÖĜhm ǜʚ˜­ +ä˜SYs¢µ +sëŒ9ɺ9æTÖĜhm ǜʚ˜­ +ä˜SYs¢µ +sëŒ9ɺ9æTÖĜhm ǜʚ˜­ +ä˜SYs¢µ +sëŒ9ɺ9æTÖĜhm ƜJ:bNtŽcNåL̉ÒrÌi¬3æ$ëä˜SYs¢µ +s*kbNŽ6cNeM̉ÖrÌi¬3æ$ëä˜SYs¢µ +s*kbNŽ6cNeM̉ÖrÌi¬3æ$ëä˜SYs¢µ +s*kbNŽ6cNeM̉ÖrÌi¬3æ$뀘S9¯1'·0Œ9•pĜh, +ǜʙ˜¥ +ä˜SXo1'XW ǜʚ˜­ +ä˜SYs¢µ +s*kbNŽ6cNc1'Y ǜʚ˜­ +ä˜SYs¢µ +s*kbNŽ6cNc1'Y ǜʚ˜­ +ä˜SYs¢µ +s*kbNŽ6cN#MÌIÎÆaÌ©”#æDeá8æTÎĜ(m ǜʚ˜­ +ä˜ÓXgÌIÖÈ1§²&æDk9æTÖĜhm ǜʚ˜­ +ä˜ÓXgÌIÖÈ1§²&æDk9æTÖĜhm ǜʚ˜­ +ä˜ÓXgÌIÖÈ1§²&æDk9æTÖĜhm ƜJ:bNtcN£LÌIÊÆqÌ©œ‰9QÚ@Ž9•51'ZÈ1§²&æDk9æ4Ös’urÌ©¬‰9ÑÚ@Ž9•51'ZÈ1§²&æDk9æ4Ös’urÌ©¬‰9ÑÚ@Ž9•51'ZÈ1§²&æDk9æÖ[Ì ÖÈ1§²&æDk9æTÖĜhm ƜJ:bNtŽcNãœ1'I ǜʚ˜­ +ä˜SYs¢µ +s*kbNŽ6cNc1'Y ǜʚ˜­ +ä˜SYs¢µ +s*kbNŽ6cNc1'Y ǜʚ˜­ +ä˜SYs¢µ +s*köÍhm ǜÆ:cN².@Ž9•51'Zˆ1§’Ž˜ +ã˜S9s¢Ž +sëŒ9ɺ9æTÖĜhm ǜʚ˜­ +ä˜SYs¢µ +sëŒ9ɺ9æTÖĜhm ǜʚ˜­ +ä˜SYs¢µ +sëŒ9ɺ9æTÖĜhm ǜʚ˜­ +ä˜SYs¢µ +sëŒ9ɺ1æTÒs¢³p +s*gbN”6cNeM̉ÖrÌi¬3æ$ëä˜SYs¢µ +s*kbNŽ6cNeM̉ÖrÌ)¬·˜¬+cNeM̉ÖrÌI¢ˆ9ñ:F̹-'÷cÎý +9_üåîùûﮝί/¯¿ããëéîõñûÏó»·Óæí%¿l®èôtŸ¯G.ôã?v®ç†‰éÿOꂱendstream +endobj +933 0 obj << +/Type /Page +/Contents 934 0 R +/Resources 932 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 782 0 R +/Annots [ 936 0 R 937 0 R 938 0 R 939 0 R 940 0 R 941 0 R 942 0 R 943 0 R 944 0 R 945 0 R 946 0 R 947 0 R 948 0 R 949 0 R 950 0 R 951 0 R 952 0 R 953 0 R 954 0 R 955 0 R 956 0 R 957 0 R 958 0 R 959 0 R 960 0 R 961 0 R 962 0 R 963 0 R 964 0 R 965 0 R 966 0 R 967 0 R 968 0 R 969 0 R 970 0 R 971 0 R 972 0 R 973 0 R 974 0 R 975 0 R 976 0 R 977 0 R 978 0 R 979 0 R 980 0 R 981 0 R 982 0 R 983 0 R 984 0 R 985 0 R 986 0 R 987 0 R 988 0 R 989 0 R 990 0 R 991 0 R 992 0 R 993 0 R 994 0 R 995 0 R 996 0 R 997 0 R 998 0 R 999 0 R 1000 0 R 1001 0 R 1002 0 R 1003 0 R 1004 0 R 1005 0 R 1006 0 R 1007 0 R 1008 0 R 1009 0 R 1010 0 R 1011 0 R 1012 0 R 1013 0 R 1014 0 R 1015 0 R 1016 0 R 1017 0 R ] +>> endobj +936 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 706.187 267.416 715.098] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASEFILE) >> +>> endobj +937 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 706.187 521.32 715.098] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASEFILE) >> +>> endobj +938 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 693.235 359.021 702.147] +/Subtype /Link +/A << /S /GoTo /D (0:SUIDCHK) >> +>> endobj +939 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 693.235 521.32 702.147] +/Subtype /Link +/A << /S /GoTo /D (0:SUIDCHK) >> +>> endobj +940 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 680.284 266.898 689.195] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +941 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 680.284 521.32 689.195] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +942 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 667.333 290.021 676.244] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +943 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 667.333 521.32 676.244] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +944 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 654.381 317.806 663.293] +/Subtype /Link +/A << /S /GoTo /D (0:MOUNTCHECK) >> +>> endobj +945 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 654.381 521.32 663.293] +/Subtype /Link +/A << /S /GoTo /D (0:MOUNTCHECK) >> +>> endobj +946 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 641.43 324.342 650.341] +/Subtype /Link +/A << /S /GoTo /D (0:USERCHECK) >> +>> endobj +947 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 641.43 521.32 650.341] +/Subtype /Link +/A << /S /GoTo /D (0:USERCHECK) >> +>> endobj +948 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 630.536 200.747 637.39] +/Subtype /Link +/A << /S /GoTo /D (0:MODULES) >> +>> endobj +949 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 630.536 521.32 637.39] +/Subtype /Link +/A << /S /GoTo /D (0:MODULES) >> +>> endobj +950 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 615.527 244.732 624.438] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING) >> +>> endobj +951 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 615.527 521.32 624.438] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING) >> +>> endobj +952 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 600.319 209.553 609.205] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +953 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 600.319 521.32 609.205] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +954 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 586.899 192.428 593.753] +/Subtype /Link +/A << /S /GoTo /D (0:GENERAL) >> +>> endobj +955 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 586.899 521.32 593.753] +/Subtype /Link +/A << /S /GoTo /D (0:GENERAL) >> +>> endobj +956 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 571.891 270.484 580.802] +/Subtype /Link +/A << /S /GoTo /D (0:DROPROOT) >> +>> endobj +957 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 571.891 521.32 580.802] +/Subtype /Link +/A << /S /GoTo /D (0:DROPROOT) >> +>> endobj +958 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 558.939 238.226 567.85] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +959 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 558.939 521.32 567.85] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +960 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 545.988 281.394 554.899] +/Subtype /Link +/A << /S /GoTo /D (0:ENABLING-LOGGING-TO-THE-SERVER) >> +>> endobj +961 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 545.988 521.32 554.899] +/Subtype /Link +/A << /S /GoTo /D (0:ENABLING-LOGGING-TO-THE-SERVER) >> +>> endobj +962 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 533.036 449.641 541.948] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> +>> endobj +963 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 533.036 521.32 541.948] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> +>> endobj +964 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 520.085 306.17 528.996] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-LOGGING) >> +>> endobj +965 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 520.085 521.32 528.996] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-LOGGING) >> +>> endobj +966 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 507.133 255.57 516.045] +/Subtype /Link +/A << /S /GoTo /D (0:GCM) >> +>> endobj +967 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 507.133 521.32 516.045] +/Subtype /Link +/A << /S /GoTo /D (0:GCM) >> +>> endobj +968 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 494.182 280.268 503.093] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-STATUS-INFORMATION) >> +>> endobj +969 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 494.182 521.32 503.093] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-STATUS-INFORMATION) >> +>> endobj +970 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 483.168 188.573 490.142] +/Subtype /Link +/A << /S /GoTo /D (0:CHROOT) >> +>> endobj +971 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 483.168 521.32 490.142] +/Subtype /Link +/A << /S /GoTo /D (0:CHROOT) >> +>> endobj +972 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 468.279 338.239 477.19] +/Subtype /Link +/A << /S /GoTo /D (0:LIBWRAP) >> +>> endobj +973 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 468.279 521.32 477.19] +/Subtype /Link +/A << /S /GoTo /D (0:LIBWRAP) >> +>> endobj +974 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 455.328 282.938 464.239] +/Subtype /Link +/A << /S /GoTo /D (0:SEND-COMMANDS) >> +>> endobj +975 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 455.328 521.32 464.239] +/Subtype /Link +/A << /S /GoTo /D (0:SEND-COMMANDS) >> +>> endobj +976 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 442.376 225.942 451.288] +/Subtype /Link +/A << /S /GoTo /D (0:UDP) >> +>> endobj +977 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 442.376 521.32 451.288] +/Subtype /Link +/A << /S /GoTo /D (0:UDP) >> +>> endobj +978 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 429.425 252.512 438.336] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-TO-SERVER) >> +>> endobj +979 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 429.425 521.32 438.336] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-TO-SERVER) >> +>> endobj +980 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 416.473 244.732 425.385] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING-SERVER) >> +>> endobj +981 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 416.473 521.32 425.385] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING-SERVER) >> +>> endobj +982 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 401.265 255.391 410.152] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +983 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 401.265 521.32 410.152] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +984 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 385.788 182.485 394.7] +/Subtype /Link +/A << /S /GoTo /D (0:PIPES) >> +>> endobj +985 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 385.788 521.32 394.7] +/Subtype /Link +/A << /S /GoTo /D (0:PIPES) >> +>> endobj +986 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 372.837 262.445 381.748] +/Subtype /Link +/A << /S /GoTo /D (0:SYSTEM-V-MESSAGE-QUEUE) >> +>> endobj +987 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 372.837 521.32 381.748] +/Subtype /Link +/A << /S /GoTo /D (0:SYSTEM-V-MESSAGE-QUEUE) >> +>> endobj +988 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 359.886 264.786 368.797] +/Subtype /Link +/A << /S /GoTo /D (0:CALLING-EXTERNAL-PROGRAMS) >> +>> endobj +989 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 359.886 521.32 368.797] +/Subtype /Link +/A << /S /GoTo /D (0:CALLING-EXTERNAL-PROGRAMS) >> +>> endobj +990 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 344.678 384.535 353.564] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +991 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 344.678 521.32 353.564] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +992 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 329.201 261.618 338.112] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAINADMIN) >> +>> endobj +993 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 329.201 521.32 338.112] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAINADMIN) >> +>> endobj +994 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 315.896 258.878 322.879] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +995 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 315.896 521.32 322.879] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +996 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 298.516 248.029 307.427] +/Subtype /Link +/A << /S /GoTo /D (0:HIDING-THE-EXECUTABLE) >> +>> endobj +997 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 298.516 521.32 307.427] +/Subtype /Link +/A << /S /GoTo /D (0:HIDING-THE-EXECUTABLE) >> +>> endobj +998 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 285.564 252.303 294.476] +/Subtype /Link +/A << /S /GoTo /D (0:PACKING-THE-EXECUTABLE) >> +>> endobj +999 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 285.564 521.32 294.476] +/Subtype /Link +/A << /S /GoTo /D (0:PACKING-THE-EXECUTABLE) >> +>> endobj +1000 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 270.356 253.01 279.243] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOYMENT) >> +>> endobj +1001 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 270.356 521.32 279.243] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOYMENT) >> +>> endobj +1002 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 254.879 306.908 263.791] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY.SH) >> +>> endobj +1003 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [511.357 254.879 521.32 263.791] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY.SH) >> +>> endobj +1004 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 241.928 325.119 250.839] +/Subtype /Link +/A << /S /GoTo /D (0:NATIVE-PACKAGES) >> +>> endobj +1005 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 241.928 521.32 250.839] +/Subtype /Link +/A << /S /GoTo /D (0:NATIVE-PACKAGES) >> +>> endobj +1006 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 226.72 201.185 235.606] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-DESIGN) >> +>> endobj +1007 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 226.72 521.32 235.606] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-DESIGN) >> +>> endobj +1008 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 211.243 190.774 220.154] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-USAGE) >> +>> endobj +1009 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 211.243 521.32 220.154] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-USAGE) >> +>> endobj +1010 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 198.292 270.286 207.203] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +1011 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 198.292 521.32 207.203] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +1012 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 185.34 271.132 194.252] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-INTEGRITY) >> +>> endobj +1013 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 185.34 521.32 194.252] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-INTEGRITY) >> +>> endobj +1014 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 174.446 208.05 181.3] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-SECURITY) >> +>> endobj +1015 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 174.446 521.32 181.3] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-SECURITY) >> +>> endobj +1016 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 161.495 197.409 168.349] +/Subtype /Link +/A << /S /GoTo /D (0:DESIGN) >> +>> endobj +1017 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 161.495 521.32 168.349] +/Subtype /Link +/A << /S /GoTo /D (0:DESIGN) >> +>> endobj +935 0 obj << +/D [933 0 R /XYZ 71.731 729.265 null] +>> endobj +932 0 obj << +/Font << /F27 788 0 R /F34 797 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1061 0 obj << +/Length 30402 +/Filter /FlateDecode +>> +stream +xڔÝMdÙyeé¹~E34ºù·»šQ +ZYèA«¡d +(AdFZÿŸÍóž}Ìöq¿ËÑ@“,÷cN¥ÃÞå÷øÝÍéÿ;~÷t<<ݝþáöåpûøðݏû§›ïþrúw~ÿOÇñŠûû—ÃÃóË響óoþæþæ4ðøüÝono/·Çw_s<ž +n¿ûÍÓÍóáîþþõEÿíÿôÛ¹»ÿîåðòx÷Ýÿü]^”×üñOÿÏ÷ÿÇá‡ßÜ>Ü|ÿ¯Ÿ~þ¶ý³¯ +ÿø÷oŸŸ~ùyûþáöáû¯?mÿâÛ_?nÿäðÛŽßÿøõË¿ßÜÜþ嗟~8>?þŸüéÓß¿ýðÿþñÿü§ÿþÇù6o_žÇóxç¯äæô—º÷ +qûrú=ù/2/ºü‹<¬oäîææðüôîy£æµš®ƒ;êÝáîѪÛk¯š=ž£> +žœöŠÚƒ;êöo:u{͵ßW§/ÝTÇkY]wÔӗáöAªÛk¯š=ž£žŸ +ÇG©n¯œ¢öàŽzú7o¬ºœöŠÚƒï«§¿õ=œ<9uŒ–ÕepGœ;Ü>?Ku{íµwԇÃӓU·×^Q{pG}>}wz‘êöÚ+jŸ¯ÞœþýÞ¡ÛKÙì¹ +òô5ÿ·ºœô +Ys;äé +p”æöÚ+h/Àün3^{EíÁ÷ÕûӗàVªãµ¬.ƒ;êé«p”ßãÆk¯š=ž£žŸ +7ò»ÍxíµwÔçÃñŪÛk¯š=øŸúpsx|–ÿw3^Ëê2ž£Þ +ŽöoãµWÔ +ÜQVÝ^{EíÁ +õôexßãÆk¯š=øŸúxú2ÜËï6㵬.ƒ;êéËpgÕíµWÔ +ÜQO_†[ù=nŒöŠÚƒ;êéË ÿ†žœôŠYsï“O§¯ü~³œ”ÉžÛ!O_€kn¯œ‚öàŽúpxx‘¿žãµWÔ +ÜQŸ7ÏVÝ^{EíÁ÷Õç›ÃÓü +7^Ëê2ž£Þ +n +åw›ñÚ+j/ÃU·×^Q{pG=}îå÷žñÚ+jŸ¯ŸœŸ +wR +¯euÜQO_†[ù=nŒöŠÚƒ;êéËp”ßãÆk¯š=ž£žŸ +7VÝ^{EíÁwÕû››Ãý‹û +—×¢ºîš·‡—ç©n¯œ¢öàŽúpž²êöÚ+jîšOù‡ã¥W̚{Ÿ<žŸò[k^Ëè2ž£žŸVÝ^{EíÁ +õô5ž¿•êöÚ+j¯ÂݝT·×^Q{ð}õöôež•êx-«ËàŽzú2 +梁œöŠÚƒ;êéËpó ÕíµWÔ +ÜQŸÏ/VÝ^{EíÁ÷Õ»›Ãݳû6—ײº +îš·‡ç'ùwŠñÚ+j»G«n¯œ¢öàŽzú2<ÈosãµWÔ +|_œ?}îå7œñZV—Á +õôež³êöÚ+j/ƒü[ÓöÒ+fÍ퐧¯Á­ü†3^{íÁ÷ՇÓ×à(ÕñZV—Á +õô5ž‘ßæÆk¯š=ž£> +n_äWuŒöŠÚƒ;êÓáéÙªÛk¯š=øŸúxsž}’ßæÆkY]wÔÛÃÓ£ü†3^{EíÁ +õôex°êöÚ+j/Ãœü67^{EíÁ÷էӗáN~ïeuÜQO_†[«n¯œ¢öàŽzú2 +å·¹ñÚ+j/Íü†3^{EíÁ÷Õç›ÃñEªãµ¬.ƒ;êíáÑ¢¿ŸôŠYs;äÃáø,¿áŒ×^A{pG}:<>Yu{íµßW_N_y|’ײº +¯‚<>Ék¯š=ž£žŸ +÷VÝ^{EíÁ +õôeÇ'yíµßUnN_ùv^‹ê:ž£žŸ +G«n¯œ¢öàŽzú2Œ|’— +O¿1Ø9{žy<Ü]û€0/º|Ǜ—7ïäöxžÃC¶ßÜ=ÿ±s<ý~ûôߝwÏöîï÷¯ÿ‡öøú§§7Çù–N糜ñ¢Œf;Û;ŽÃœßüòñ§Ÿ×7x|¹?<Þw±ûöWêñö~ç—êøòxž}ý“||_ãE—ïëðö}<žN¿}y獌£n¯œ¢öà»êíÍé¿÷NÍkQ]wÔ»ÃÓÝ£T·×^Q{pG=}Nÿ)§n¯œ¢öàŽzú2 +­ºœöŠÚƒï«Çӗáæ٩㵬.ƒ;êÝé·/RÝ^{EíÁ +õñô{ «n¯œ¢öàŽú|xŽ¿À¿ŸôŠYs¿— +O¿}Qæx-£ËàŽzú<Ø¿ +×^Q{ð}õáôexßpÆkY]wÔӗáÞªÛk¯š=ž£žŸ +òoÛK¯˜5·CžŸwòÎxíŽßWO_ƒ[©Ž×²º +¯ÁQ~›¯œ¢öàŽzú*ÜXu{íµwÔçÃý‹ü67^{EíÁ÷Õ§›Ã˳üoðx-«ËàŽzúŸ¢OVÝ^{EíÁ +õáôzùmnŒöŠÚƒ;êéËð ¿Í×^Q{ð}õùôež—êx-«ËàŽzú2ÜÉosãµWÔ +ÜQO_†[ùmnŒöŠÚƒ;êéËpŽêöÚ+jŸ¯ŸœŸ +7òÛÜx-«ËàŽzú2Hóõ•WÄ˱ +ïá`ÿ'ëöÒ+bÍí[ïé̐2ڃu€€®ƒ:u€¬ö €N +)«=ˆ©SG@Êjb@ªÔ€š.ƒ:u€¬ö €N +)«=ˆ©SG@Êjb@ªÔ€š.ƒ:u€¬ö €N +)«=ˆ©SG@ÊjR@ªÐ¢Ùs:r +H™¬9 +H9RF{R§Ž€”Õ +ĀT© HQ]1 uêHYíA +H:RV{R§Ž€”Õ +ĀT© HQ]1 uêHYíA +H:RV{R§Ž€”Õ +ĀT© HQ]1 uêHYíA +H:RV{R‡n)›5G©"G@ŠdÏa@ê̐2ڃ:u€¬ö €N +)«=ˆ©R¢º +b@êԐ²Úƒ:u€¬ö €N +)«=ˆ©R¢º +b@êԐ²Úƒ:u€¬ö €N +)«=ˆ©Qg@Jê:ˆ©SG@Êjb@êԐ²Úƒ:t +HÙ¬9 +H•™€ÑeR§Ž€”Õ +Āԩ# eµ1 uêHYíA +H•š€ÕeR§Ž€”Õ +Āԩ# eµ1 uêHYíA +H•š€ÕeR§Ž€”Õ +Āԩ# eµ1 uêž©fµ1 UjRT—A +H:RV{R‡n)›5‡©3G@Êhb@ªÔ€š.ƒ:u€¬ö €N +)«=ˆ©SG@Êjb@ªÔ€š.ƒ:u€¬ö €N +)«=ˆ©SG@Êjb@ªÔ€š.ƒ:u€¬ö €N +)«=ˆ©SG@Êjb@ªÔ€š.ƒ:t +HÙ¬9 +H9RF{R§Ž€”Õ +ĀT© HQ]1 uêHYíA +H:RV{R§Ž€”Õ +ĀԹ3 %u +Āԩ# eµ1 Å,òz@Êïc{ÑåûØHá\€ÛŸµp@zú;äÍ÷£ÛK¶|ôvä£ÿׯOyøðyûWûú§_> +Ï|øöuûÇ¿üéÏ? +çÓ>üéOŸ.ÿ3?þõãÿù󻚿^Ì÷µŸ÷ÛӛºÛù•>Øœÿ—5?ë>ÿeíÔýæ]À'ÝDÖ +Î-Èù17=Çr2ŸqYsü ·!ó7‘5Ço2ŸnYsüÙ¶ çGÛ@ö +°mÈ|®MdÍñ§Ú†Ì‡ÚDÖ +~€mÄñ‰6—cøy¶ðòq6x5Æf0Ÿe“XsüI¶!óA6‘5Çc2ŸbYsü¶ çGØ@ö +€mÈ|~MdÍñ§×†Ì‡×DÖ +tmÈ|rMdÍñçւœ[Ùsü¡µ!ó™5‘5ǟX2XYsüqµ!ói5‘5ǟU_'ÏUï“Ë +PmÈ|NMdÍñ§Ô†Ì‡ÔDÖ +~DmÄñ 5—cüùŽçÇÓ ö +8mÈ|6MdÍñ'ӆÌÓDÖ +,mÈ|*MdÍñg҂œIÙsüŽ!óy4‘5ǟF2FYsüQŽ!óI4‘5ǟC +r~ + +dÏñ‡Ð†ÌgÐDÖ +mÈ|MdÍñÇφ̧ÏDÖ +ö,ÈùÑ3=Ç<2Ÿ;Ysø©³LJÎ^ŽñGÎÌ'Î$Ö +Þ,Èùq3=Ç62Ÿ5YsüI³!óA3‘5Ç32Ÿ2Ysü³ çGÌ@ö +ÀlÈ|ŸLdÍñ§Ë†Ì‡ËDÖ +ŽlÈ|²LdÍñçʂœ+Ùsü¡²!ó™2‘5ǟ(2(Ysüq²!ói2‘5ǟ% +r~” +dÏáÉF +Ÿ#x9Ɵ"0"“Xsü²!ó 2‘5ǟ +r~| +dÏñ‡Ç†ÌgÇDÖ +rlÈ|pLdÍñÇƆ̧ÆDÖ +f|<dŒO.sü±!óy1‘5ǟï~†©>,Š71>+>¿‰ãñž÷Qñî»X>)ŸœòIñéèÍË3T<^³}V|7?+þøåß~ÿoÛ¿øç¿|ùð헟òiñ×/Û?þîõ£â/ÿ~ssû—_~úðúAñoÿù÷ÿñáçÛ +þåÓë'Ìï|”ðòúiÜùÍœó󊏏{ŸÏ?뇿žù‡ýqûÚÿöÀ÷£ÚƒüþJ͟ø£ÚƒügþJÍú£ÚƒüÇþFîOê2Èò¯ÔüÑ?ª=Èø¯Ôüé?ª=Èþ¯Ô|€jòGB=ê:ȟ(5 ÚƒüA€RóIª=ˆŸ(t|€fÍñÇƜŸº +ò'JÍGšö ( Ô|*€jòçJÍšö 4`ÔùÙ©Ë : Ô|<€jòJÍ'šö F Ô|H€jòÇFŸº +ò'JÍGšö X Ô|Z€jòçJÍšö d`Ôù™©Ë j Ô|l€jâ + +Ÿ + Ysüف2óá¢=Èu~~@ê2ȟ (5! Úƒü!‚Ró)ª=ȟ#(5$ ÚƒüQ‚Qçg €.ƒüi‚Róqª=È((5Ÿ( Úƒü™‚Ró¡ª=È+u~®@ê2ȟ,(5- Úƒüá‚Róéª=ȟ/(50 ÚƒüƒQçg +€.ƒø)ƒBÇÇ +hÖ +РÌ|Ҁhòg +J͇ +šö Ü`Ôùy©Ë â Ô|ä€jò‡Jͧšö î Ô|ð€jòGB=öê:ȟ>(5? Úƒüý©žøßÇøââ}ÀgûoäÌÕ +îOÿ{â!Æk¶!îLJ¿ûüéã—o¿ýÃǟþ÷LJï?Ž*íw_¿|ùøã·O?Ü>|ú7Ÿÿôí¿Þ>šãåôûÔ§ï.ì·¿šÇ§œ_ÎóS4àœÏ§h\Œ÷ý§hŒ}#ð +T{Ÿ¢¡ÔEC‘ã)HÖ +?EC™yŠ¢=ÈOÑPjž¢jòS4Œ:Ÿ¢Aê2ÈOÑPjž¢jòS4”š,‚jòQj~¶ª=È?]ÄšóNjº +òQj~ª=È?cD©ù!#šö ÿ˜¥æ猠ڃü“FŒ:Ô©Ë ÿ°¥æ§ ÚƒüóF”š8‚j⏠+Qèø™#hÖ +þÔCæǎÙsüƒG”™Ÿ<‚hòÏ +Qj~øª=È?~D©ùù#šö ÿ£Î³dR—A>KVjΒQíA>KVjΒQíA>KVjΒQíA>K6êKVjΒQíA>KVjΒQíA>KVjΒQíA>K6êKVjΒQíA>KVjΒQíA>KVjΒQíA>K6êKVfΒíA>KVjΒQíA>K6êŽÇÛœ³äý7òž%ßO‡|ä³äñší,ùaœ%ÿÛë1ò‡o}ó“MŽÏ÷‡‡×âÎÓo±ž +öž„q|>ýBüú! +œµñ¢Ë·vxûFžO/·ïœ‘wÔíµWÔ +|_}9ýWáõwŠF +¯euÜQïOOVÝ^{EíÁ +õñpûú™ŠR·×^Q{pG=}^gªÔíµWÔ +|ÿ`ôæôežwj^‹ê:ž£žŸ +wRÝ^{EíÁ +õôexý©R·×^Q{pG=}ŽVÝ^{EíÁ÷ÕãéËpóìÔñZV—Á +õîô»Ä©n¯œ¢öàŽúxúm¢U·×^Q{pG}><Ú_à__zŬ¹÷ÉÛ×°åèÌñZF—Á +õô5xŽêöÚ+j¯ÁíT·×^Q{pG=}îœöŠÚƒï«w§óNªãµ¬.ƒ;êéËp{/ÕíµWÔ +ÜQO_†£ü†3^{EíÁ +õôež±êöÚ+jŸ¯žþ͛ùmnŒ–ÕepGœ;<<Ëo8ãµWÔ +ÜQ7OVÝ^{EíÁ +õùð`ÿ.<^{EíÁ÷ՇӗáA~ïeuÜQO_†{«n¯œ¢öàŽzú2È¿Il/œbÖÜyúÜÉo8ãµWÐ +|_}<} +n¥:^Ëê2ž£žŸGùmnŒöŠÚƒ;êé«pcÕíµWÔ +ÜQŸ÷/òÛÜxíµwÊՑòu¶Á€.ƒÜ+5m0ª=Èm°RÓ£ÚƒÜ+5m0ª=Èm°QgLê2Èm°RÓ£ÚƒÜ+5m0ª=Èm°RÓ£ÚƒÜu¶Á€.ƒÔ+skƒQŒ +Ã6X£ +F±æž +VfÚ`D{Û`¡žÛ`P×Anƒ•š6Õ +ä6X©iƒQíAnƒ•š6Õ +ä6Øš³ +&uä6X©iƒQíAnƒ•š6Õ +ä6X©iƒQíAnƒ:Û`R—Anƒ•š6Õ +ä6X©iƒQíAnƒ•š6Õ +Ä6Ø iƒÉì9lƒ9Ú`$kŽÛ`eŠ +FŽ¹ +VjÚ`T{Û`£Î6˜ÔeÛ`¥Š +Fµ¹ +VjÚ`T{Û`¥Š +Fµ¹ +6êlƒI]¹ +VjÚ`T{Û`¥Š +Fµ¹ +VjÚ`T{Û`£Î6˜ÔeÛ`¥Š +Fµ¹ +VjÚ`T{Û` +Ž6͚Ã6ؐiƒ‰ì9nƒ•™6Ñ +ä6X©iƒQíAnƒ•š6Õ +ä6Øš³ +&uä6X©iƒQíAnƒ•š6Õ +ä6X©iƒQíAnƒ:Û`R—Anƒ•š6Õ +ä6X©iƒQíAnƒ•š6Õ +ä6Xšç6ÔuÛ`¥Š +Fµ¹ +VjÚ`T{Û` +Ž6͚ã6ؘ³ +&tä6X©iƒQíAnƒ•š6Õ +ä6X©iƒQíAnƒ:Û`R—Anƒ•š6Õ +ä6X©iƒQíAnƒ•š6Õ +ä6Øš³ +&uä6X©iƒQíAnƒ•š6Õ +ä6X©iƒQíAnƒ:Û`R—Anƒ•š6Õ +Ä6X¡£ +F³æž +VfÚ`D{Û`£Î6˜ÔeÛ`¥Š +Fµ¹ +VjÚ`T{Û`¥Š +Fµ¹ +6êlƒI]¹ +VjÚ`T{Û`¥Š +Fµ¹ +VjÚ`T{Û`£Î6˜ÔeÛ`¥Š +Fµ¹ +VjÚ`T{Û`¥Š +Fµ¹ +6êlƒI]± +VèhƒÑ¬9nƒ•™6Ñ +ä6X©iƒQíAnƒ:Û`R—Anƒ•š6Õ +ä6X©iƒQíAnƒ•š6Õ +ä6Xšç6ÔuÛ`¥Š +Fµ¹ +ŠÜUŽÁø>F|ñ>ŽÇ»œ6xÿüæþæxúíÂk|úýöé¿;ïžÇ—ÃïÐívS•·túªŸ“Éñ¢Œæõ-ý·Qÿ맟¿mÿì럷üñëßþöá˟¶ñùӗãßþáøýß¿}úúå緇í÷§_ùûï.ÞÂÛ_ÔûÛÇœ'åŸ +þ +r_ñ°_ÿömÀ}=¢=È÷õF÷õ€.ƒ|_¯ÔÜףڃ|_¯ÔÜףڃ|_¯ÔÜףڃ|_oÔy_Oê2È÷õJÍ}=ª=È÷õJÍ}=ª=È÷õJÍ}=ª=È÷õF÷õ€.ƒ|_¯ÔÜףڃ|_¯ÔÜףڃ|_¯ÔÜףڃ|_oÔy_Oê2H÷õÊÜîëQŒ +ÃûzŽûzkŽï땙ûzD{ïë +zŸ¯u +äûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz£ÎûzR—AŸ¯WjîëQíAŸ¯WjîëQíAŸ¯WjîëQíAŸ¯7ꌯ'uäûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¥æŸ +Õ +ÄûzƒæŸžÌžÃûzEŽûz$kŽï땙ûzD{ï땚ûzT{ïë:ïëI]ùŸ^©¹¯GµùŸ^©¹¯GµùŸ^©¹¯GµùŸÞšóŸžÔeï땚ûzT{ï땚ûzT{ï땚ûzT{ïë:ïëI]ùŸ^©¹¯GµùŸ^©¹¯GµñŸ^¡ãŸ +͚ÃûzC柞ȞãûzeæŸ +Ñ +äûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz£ÎûzR—AŸ¯WjîëQíAŸ¯WjîëQíAŸ¯WjîëQíAŸ¯7ꌯ'uäûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¡žïëA]ùŸ^©¹¯GµùŸ^©¹¯GµñŸ^¡ãŸ +͚ãûzcÎûzB—AŸ¯WjîëQíAŸ¯WjîëQíAŸ¯WjîëQíAŸ¯7ꌯ'uäûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz£ÎûzR—AŸ¯WjîëQíAŸ¯WjîëQíAŸ¯WjîëQíAŸ¯7ꌯ'uäûz¥æŸ +Õ +Äûz +Žûz4kŽï땙ûzD{ïë:ïëI]ùŸ^©¹¯GµùŸ^©¹¯GµùŸ^©¹¯GµùŸÞšóŸžÔeï땚ûzT{ï땚ûzT{ï땚ûzT{ïë:ïëI]ùŸ^©¹¯GµùŸ^©¹¯GµùŸ^©¹¯GµùŸÞšóŸžÔeïë:îëѬ9Ÿ¯WfîëíAŸ¯WjîëQíAŸ¯7ꌯ'uäûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¥æŸ +Õ +äûz¡žïëA]ùŸ^©¹¯GµùŸžNÁÅ}=Ÿq_ñ>ŽÇ‡œûúý7rñì­×ûúÛ+ÏÞ:Þ + +ŽG~öÖxÍv_ +ö¿ÿøåãO>¿}0ÒýáæåüzG¿= +Ÿn÷žŒ5ŸÐDo,OhºxcûOhzûFà Mšö ?¡Išç'4ºòš”š'4¡Úƒü„&¥æ Mšö ?¡I©yBª=ÈOh2ê|B©Ë ?¡I©yBª=ÈOhRjžÐ„jâš:žÐ„fÍñšŒ9ŸÐDè2ÈOhRjžÐ„jòš”š'4¡Úƒü„&¥æ Mšö ?¡Éšó M€.ƒü„&¥æ Mšö ?¡I©yBª=ÈOhRjžÐ„jòšŒ:ŸÐDê2ÈOhRjžÐ„jòš”š'4¡Úƒü„&¥æ Mšö ?¡Éšó M€.ƒü„&¥æ Mšö >¡I¡£ E³æž Uf +RD{ +R£Î‚”Ôe +R¥Š Eµ¹ Uj +RT{ +R¥Š Eµ¹ 5ê,HI]¹ Uj +RT{ +R¥Š Eµ¹ Uj +RT{ +R£Î‚”Ôe +R¥Š Eµ¹ Uj +RT{ +R¥Š Eµ¹ 5ê,HI]© UæV¢x9†©GAŠbÍqAªÌ€ˆö €B=€ ®ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©QgAJê2È©RS¢Úƒ\*5)ª=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=ˆ©AS’ÙsX*r€HÖ +€ÊLAŠhrAªÔ€šö €F)©Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +rAªÔ€šö €JMAŠjrAªÔ€šö €F)©Ë €JMAŠjrAªÔ€šö € + +)š5‡©!SÙs\*3)¢=È©RS¢Úƒ\*5)ª=È©QgAJê2È©RS¢Úƒ\*5)ª=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©PÏ)šë €JMAŠjrAªÔ€šö € + +)š5Ç©1gAJè2È©RS¢Úƒ\*5)ª=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©QgAJê2È©RS¢Úƒ\*5)ª=È©RS¢Úƒ\u€€.ƒ\*5)ª=ˆ©BGAŠfÍqAªÌ€ˆö €F)©Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +rAªÔ€šö €JMAŠjrAªÔ€šö €F)©Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +bAªÐQ¢Ys\*3)¢=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©PÏ)šë €JMAŠjrAºŸEª‚ßÇ(H/Þ€ûoä¢ }ý³–+éÃéKýðð‚i^³€·£ ýùÃßþúáӗ·áæï¿Y¹^õ×?M|¹Vâ/º|c»é;od¿ eµ± 5ê,HI]± uê(HYíA,H: +RV{ +R§Ž‚”Õ +ĂT©)HQ]± uê(HYíA,H: +RV{ +R‡n)›5‡©2S"º +bAêÔQ²ÚƒX:u€¬ö €N +)«=ˆ©RS¢º +bAêÔQ²ÚƒX:u€¬ö €N +)«=ˆ©RS¢º +bAêÔQ²ÚƒX:u€¬ö €N +)«=ˆ©RS¢º +bAêÔQ²ÚƒT:t+HÙ¬9,H9 +RF{ +R¥Š EuĂԩ£ eµ± uê(HYíA,H: +RV{ +R¥Š EuĂԩ£ eµ± uê(HYíA,H: +RV{ +R¥Š EuĂԩ£ eµ± uê(HYíA,H: +RV{ +R¥Š Eu„‚Ô™¿€,^ŽQAêÀ­ e±æ° uæ(HíA,H: +RR×A,H: +RV{ +R§Ž‚”Õ +Ăԩ£ eµ± Uj +RT—A,H: +RV{ +R§Ž‚”Õ +Ăԩ£ eµ± Uj +RT—A,H: +RV{ +R§Ž‚”Õ +Ăԩ£ eµ© Uè(HÑì9*H +¹€LÖ +€Î +)£=ˆ©SGAÊjbAªÔ€š.ƒX:u€¬ö €N +)«=ˆ©SGAÊjbAªÔ€š.ƒX:u€¬ö €N +)«=ˆ©SGAÊjbAªÔ€š.ƒX:u€¬ö €N +)«=H©C·‚”Íš£‚T‘£ E²ç° uæ(HíA,H: +RV{ +R§Ž‚”Õ +ĂT©)HQ]± uê(HYíA,H: +RV{ +R§Ž‚”Õ +ĂT©)HQ]± uê(HYíA,H: +RV{ +R§Ž‚”Õ +ĂԹ³ %u +Ăԩ£ eµ± uê(HYíA*H +º€lÖ +€ÊLAŠè2ˆ©SGAÊjbAêÔQ²ÚƒX:u€¬ö €JMAŠê2ˆ©SGAÊjbAêÔQ²ÚƒX:u€¬ö €JMAŠê2ˆ©SGAÊjbAêÔQ²ÚƒX:u +U³ÚƒX*5)ªË €N +)«=H©C·‚”͚Âԙ£ eŽ± Uj +RT—A,H: +RV{ +R§Ž‚”Õ +Ăԩ£ eµ± Uj +RT—A,H: +RV{ +R§Ž‚”Õ +Ăԩ£ eµ± Uj +RT—A,H: +RV{ +R§Ž‚”Õ +Ăԩ£ eµ± Uj +RT—A*H +º€lÖ +€Î +)£=ˆ©SGAÊjbAªÔ€š.ƒX:u€¬ö €N +)«=ˆ©SGAÊjbAjÔY’ºbAêÔQ²ÚƒXBi +R~ۋ.ßÇñøžSÂY +Ò㕂ôùþðxóÌéxÍVÞ‚ô¿~ùüñMµùôrxzœä9¯ŸýuzŒ¹ßËGŸý‹ã7µœæò=œGŸïϯ¿ý~û6Þ1·×^A{pG=}o¬ºœöŠÚƒ;êóáéåVªÛk¯š=ž“çžþûþúÛo£Ž×²º +îšw‡§'«n¯œ¢öàŽ:ze¥&€Fµ9€VjhT{h¡žhP×A •šÕ +äZ©  QíA •šÕ +äÚš3€&uäZ©  QíA •šÕ +ÄZ¡#€F³æ8€6æ +  ]9€VjhT{h¥&€Fµ9€VjhT{h£ÎšÔeh¥&€Fµ9€VjhT{h¥&€Fµ9€6ê + I]9€VjhT{h¥&€Fµ9€VjhT{h£ÎšÔeh¥&€Fµ1€Vè Ñ¬9 •™Ñ +äÚš3€&uäZ©  QíA •šÕ +äZ©  QíA :hR—A •šÕ +äZ©  QíA •šÕ +äÚš3€&uäZ©  QíA •šÕ +äZ©  QíA :hR—A + •¹Ð(^Ža­À@£Xs +@+34¢=ÈŽPÏ4šë ÐJMjr­ÔКö ÐJMjrmÔ@“º +r­ÔКö ÐJMjr­ÔКö ÐF4©Ë ÐJMjr­ÔКö ÐJMjbmÐÐdö +Њ +4’5ÇŽ2@#ڃ +@+54ª=ÈŽQgMê2ÈŽR@£Úƒ +@+54ª=ÈŽR@£Úƒ +@uЀ.ƒ +@+54ª=ÈŽR@£Úƒ +@+54ª=ÈŽQgMê2ÈŽR@£Úƒ +@+54ª=ˆŽBGfÍamÈÐDö +ÐÊLhr­ÔКö ÐJMjrmÔ@“º +r­ÔКö ÐJMjr­ÔКö ÐF4©Ë ÐJMjr­ÔКö ÐJMjr-Ôs +ê:ÈŽR@£Úƒ +@+54ª=ˆŽBGfÍqmÌ@º +r­ÔКö ÐJMjr­ÔКö ÐF4©Ë ÐJMjr­ÔКö ÐJMjrmÔ@“º +r­ÔКö ÐJMjr­ÔКö ÐF4©Ë ÐJMjb­Ð@£Ys +@+34¢=ÈŽQgMê2ÈŽR@£Úƒ +@+54ª=ÈŽR@£Úƒ +@uЀ.ƒ +@+54ª=ÈŽR@£Úƒ +@+54ª=ÈŽQgMê2ÈŽR@£Úƒ +@+54ª=ÈŽR@£Úƒ +@uЀ.ƒ@+tÐhÖ +ÐÊLhr­ÔКö ÐF4©Ë ÐJMjr­ÔКö ÐJMjr-Ôs +ê:ÈŽR@£Úƒ +@SØ+h|#€Ÿx@￑ßÜß +O¿]x + O¿ß>ýwçÝÔøørxøµz|9ܞ~o‘·túªŸ“Éñ¢Œæõ-ýnäÏÿúéçoÛ?ûúçíüúåßonnÿòËOŸ}úúeû|ýùüÃñûãµý·~~{ +ýtz§ß]Œ™·¿ŒÇûœ_ßóu4üÅÌë苿˜ýëè·o®£I]ù:Z©¹ŽFµù:Z©¹ŽFµù:Z©¹ŽFµù:Úšó:šÔe¯£•šëhT{¯£•šëhT{¯£•šëhT{¯£:¯£I]é:Z™Ûu4Š—cx +­Àq +bÍñuŽ2s +hòuŽPÏ×Ñ ®ƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +mÔy +Mê2È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑF×Ñ€.ƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒx +mÐ\G“Ùsx +­Èq +dÍñuŽ2s +hòuŽRs +jòuŽQçu4©Ë _G+5×Ñšö _G+5×Ñšö _G+5×Ñšö _Gu^G“º +òuŽRs +jòuŽRs +jòuŽRs +jòuŽQçu4©Ë _G+5×Ñšö _G+5×Ñšö ^G+t\G£Ysx +mÈ\GÙs| +­Ì\G#ڃ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +mÔy +Mê2È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑF×Ñ€.ƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +-Ôóu4šë _G+5×Ñšö _G+5×Ñšö ^G+t\G£Ys| +mÌy +Mè2È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑF×Ñ€.ƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +mÔy +Mê2È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑJÍu4ª=È×ÑF×Ñ€.ƒ| +­Ô\G£Úƒx +­Ðq +fÍñuŽ2s +hòuŽQçu4©Ë _G+5×Ñšö _G+5×Ñšö _G+5×Ñšö _Gu^G“º +òuŽRs +jòuŽRs +jòuŽRs +jòuŽQçu4©Ë _G+5×Ñšö _G+5×Ñšö _G+5×Ñšö _Gu^G“º +âuŽBÇu4š5Ç×ÑÊÌu4¢=È×ÑJÍu4ª=È×ÑF×Ñ€.ƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +­Ô\G£Úƒ| +-Ôóu4šë _G+5×Ñšö _GÓù®žŽÆ÷1®£/ÞÇñøŒw +œÿF. +õz +}{åñPw‡—Û;~<ÔxÍv +} +÷Ñ¿ÿøåãO>¿}¬ÍýáæåüzG¿= +Ÿn÷ž5Ÿ¯Co,Ï×¹xcûÏ×yûFàù:šö ?_Gšçç뀺òóu”šçë Úƒü| +¥æù:šö ?_G©yŸª=ÈÏ×1ê|Ÿ©Ë ?_G©yŸª=ÈÏ×Qjž¯ƒjâóu:ž¯ƒfÍñóuŒ9Ÿ¯Cè2ÈÏ×Qjž¯ƒjòóu”šçë Úƒü| +¥æù:šö ?_Çšóù:€.ƒü| +¥æù:šö ?_G©yŸª=ÈÏ×Qjž¯ƒjòóuŒ:Ÿ¯Cê2ÈÏ×Qjž¯ƒjòóu”šçë Úƒü| +¥æù:šö ?_Çšóù:€.ƒü| +¥æù:šö >_G¡ãù:hÖ +?_G™yŸ¢=ÈÏ×1ê|Ÿ©Ë ?_G©yŸª=ÈÏ×Qjž¯ƒjòóu”š‚Õ +ä‚Ôš³ %uä‚T©)HQíA.H•š‚Õ +ä‚T©)HQíA.H: +RR—A.H•š‚Õ +ä‚T©)HQíA.H•š‚Õ +ä‚Ôš³ %u€‚T™[AŠâå€ + +)Š5Ç©2S"ڃ\ +õ\‚ºrAªÔ€šö €JMAŠjrAªÔ€šö €F)©Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +rAªÔ€šö €JMAŠjrAªÔ€šö €MAJfÏaAªÈQ"Ys\*3)¢=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©QgAJê2È©RS¢Úƒ\*5)ª=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢ÚƒX*t€hÖ +€†LAJdÏqAªÌ€ˆö €JMAŠjrAªÔ€šö €F)©Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +rAªÔ€šö €JMAŠjrAªÔ€šö €B=€ ®ƒ\*5)ª=È©RS¢ÚƒX*t€hÖ +€Æœ)¡Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +rAªÔ€šö €JMAŠjrAªÔ€šö €F)©Ë €JMAŠjrAªÔ€šö €JMAŠjrAjÔY’º +rAªÔ€šö € + +)š5Ç©2S"ڃ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©QgAJê2È©RS¢Úƒ\*5)ª=È©RS¢Úƒ\u€€.ƒ\*5)ª=È©RS¢Úƒ\*5)ª=È©QgAJê2ˆ©BGAŠfÍqAªÌ€ˆö €JMAŠjrAjÔY’º +rAªÔ€šö €JMAŠjrAªÔ€šö €B=€ ®ƒ\*5)ª=Èé~© +R|£ œxPî¿‘‹‚ôõÏZ®€§ÿùñrú?a,HÇk¶‚ôv€ÿòéóǟ·úíëxÄÎ_?þøŸoË°§ÃËÍy坷sóë™ÈÎÃsR‹ÁM-vñ>÷k±·oj1B—A®Å”šZ +Õ +äZL©©ÅPíA®Å”šZ +Õ +äZÌš³#uäZL©©ÅPíA®Å”šZ +Õ +äZL©©ÅPíA®ÅŒ:k1R—A®Å”šZ +Õ +äZL©©ÅPíA®Å”šZ +Õ +äZÌš³#uäZL©©ÅPíA¬Å:j14kŽk1eŠCŽ¹3ê¬ÅH]¹Sjj1T{k1¥ŠCµ¹Sjj1T{k1£ÎZŒÔek1¥ŠCµ¹Sjj1T{k1¥ŠCµ¹3ê¬ÅH]¹Sjj1T{k1¥ŠCµ¹Sjj1T{k1£ÎZŒÔej1enµŠ—cX‹)pÔb(Ö +×bÊL-†hr-&Ôs-ê:ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹uÖb€.ƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜Qg-Fê2ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜RS‹¡ÚƒX‹4µ™=‡µ˜"G-†dÍq-ŠÌÔbˆö ×bJM-†jr-fÔY‹‘º +r-ŠÔÔbšö ×bJM-†jr-ŠÔÔbšö ×bFµ©Ë ×bJM-†jr-ŠÔÔbšö ×bJM-†jr-fÔY‹‘º +r-ŠÔÔbšö ×bJM-†jb-ŠÐQ‹¡YsX‹2µ‘=ǵ˜2S‹!ڃ\‹)5µª=ȵ˜RS‹¡Úƒ\‹uÖb€.ƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜Qg-Fê2ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹ õ\‹ºr-ŠÔÔbšö ×bJM-†jb-ŠÐQ‹¡Ys\‹sÖb„.ƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜Qg-Fê2ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹uÖb€.ƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜Qg-Fê2ȵ˜RS‹¡ÚƒX‹)tÔbhÖ +×bÊL-†hr-fÔY‹‘º +r-ŠÔÔbšö ×bJM-†jr-ŠÔÔbšö ×bFµ©Ë ×bJM-†jr-ŠÔÔbšö ×bJM-†jr-fÔY‹‘º +r-ŠÔÔbšö ×bJM-†jr-ŠÔÔbšö ×bFµ©Ë Öb + +µš5ǵ˜2S‹!ڃ\‹)5µª=ȵ˜Qg-Fê2ȵ˜RS‹¡Úƒ\‹)5µª=ȵ˜RS‹¡Úƒ\‹ õ\‹ºr-ŠÔÔbšö ×bûœªÅð}ŒZìâ} +/{µØþYj±ã•Zìöùps˱Øö’­»­Ø>þpûðýÿþáøðýǟ>}û¯íÿõ럷Œø7¿|ûùœÔæéæýö‰„÷Çœ'ž3˜ý·>+˜ó[ߏ`ÞŒ +h`ˆ¬9.`9 {ŽóCŠ~!²æž}1dÒ"kŽÃCŠ{!²æžzäŒ^€ì9N^ +™â +ȚÃÞň#w!ðrŒcŠu!±æžtä +]€ì9Î\ +™Ê +ȚãÆŐI\ˆ¬9\ +™Ÿ +ȚãºE3n²ç8m1dÊ"kŽ»C&k!²æ8j1dš"kŽ‹AΠȞãœÅ©Yˆ¬9nY +™” +ȚãÅéXˆ¬9®X9# {Žn +qSدmä+Ä]ŽqŒbÀŽ+$Ö +—+×Ésž²O.sœ­2Õ +‘5Ç͊!“¬Ys +¬2œ +‘5ǵŠ g¬dÏqªbȔ*DÖ +w*†LŠBdÍq€bÈ4*DÖ +*‚œ +=ÇyŠ!S§YsÜŠ2i +‘5ÇaŠ!Ó¥YsX¥1Q +€5†IŠñF‘BÞå÷(LŽBbÍqŒbÈŽ(DÖ +—(‚œ! +=ÇŠ!S¡YsÜ 2 +‘5ÇŠ!ӟYs\ŸrÆ'@ö +§'†LyBdÍqwbÈd'DÖ +G'†LsBdÍqq"ÈœÙsœ›2µ ‘5Ç­‰!“šYsšqt&^Žae"ŒD&àÕ'&LaBbÍq_bÈä%DÖ +Ç%†L[BdÍqY"È–Ùsœ•2U ‘5ÇM‰!“”Ys +”2= ‘5Ç5‰ gLdÏqJbȔ$DÖ +w$†LFBdÍqDbÈ4$DÖ +$×És@²O.sœ2õ‘5Çíˆ!“ŽYsŽqt#^Žq5"À€ØsœŒ2Å‘5Çœˆ!“‹Ys +‹2­‘5Ç¥ˆ g(dÏq&bÈT"DÖ +7"†L"BdÍq bÈô!DÖ +×!‚œq=Çiˆ!S†YsÜ +2Y‘5ÇQˆ!ӄYs\„r!@ö +ç †L +BdÍa +bđ‚x9Æ!ˆӁXs\rF @ö +' †LBdÍqÿaÈäDÖ +džLûAdÍqù!È~Ùsœ}2Õ‘5Ç͇!“|Ys +|2œ‘5ǵ‡ gìdÏqêaȔ +DÖ +w +†LæAdÍqäaÈ4 +DÖ + +‚œ=‡y‡GÝAàå· +LÚAbÍqØaÈt +DÖ +W +‚œQ=ÇI‡!StYsÜs29‘5Ç1‡!ÓrYs\r\'Ï!Ç>¹ÌqÆaÈT +DÖ +7 +»ÕJ8èMŒ‚ãü& àØ}ÿ`¿q|8ܜþŽ„ÇxÍVp܏‚ã_¿þå/ŸŸüe<ïç¯?}üù¯_?ÿéXãåðú¿óÎÎÛ_¶»ÛÇœXcf +ð>gÇpñ>÷C†·oJT{[¥&f@µ9gPjzT{‹£Î€Ôe£¥Šj@µ±kPèЬ9N”™¶Ñ +äºÁš3o uäÀA©) +PíAn +”šÈÕ +äÌA©é +PíA. +Œ:SR—AŽ +”šÚÕ +äÞA© +PíAN +”šæÕ +äêÁš3{ uäðA©)PíAn”šøÕ +äüA©éPíA. Œ:R—AŠ ”¹U(^Ža¡ÀB XsœB(3-¢=È5„PÏ9šë JMjr¡ÔDšö gJMjraԙFº +r +¡ÔÔšö ÷JM jr"¡Ô4šö WF™©Ë ‡JM)jr+¡ÔÄšö çJM/jb1aÐ$dö +FŠ +Õ’5Ç݄2N ڃœN(5íª=Èõ„Qg>Aê2È +RSP ÚƒÜP(5ª=È +RÓQ Úƒ\RuŠ€.ƒ +S(55ª=È= +RT ÚƒœT(5Mª=ÈU +QgVAê2Èa +RSV ÚƒÜV(5qª=ˆy +BG_fÍaaaÈ$Dö +GÊLehrg¡Ô„šö §JMkjrmaԙ[º +rp¡Ôšö 7JMtjrv¡Ôtšö —Fé©Ë ÇJM}jr¡Ôšö 'JMƒjr +!Ôs†ê:È!†RSb ÚƒÜb(51ª=ˆ9†BGfÍq‘a̙dº +r”¡ÔTšö wJM˜jrš¡ÔŽšö ×Fy©Ë JM¡jr£¡ÔDšö gJM§jr©aԙjº +r¬¡ÔÔšö ÷JM°jr²¡Ô4šö WFÙ©Ë ‡JM¹jb»¡Ðo Ysœo(3ý¢=ȇQgÂAê2ȇRSq ÚƒÜq(5!ª=È)‡RÓr Úƒ\suæ +€.ƒ +t(5Eª=ÈM‡Ru Úƒœu(5]ª=Èe‡QgÚAê2Èq‡RSw ÚƒÜw(5ª=ȉ‡RÓx Úƒ\yuf +€.ƒz(t” +hÖ +· +ÊLìhrî¡Ôô +šö FÉ©Ë GJMõjr÷¡Ô„šö §JMûjrý!Ôsþê:ȈRS€ ÚƒÜ€PÍ "|£¹xÇÛã^²ÿF–äöJrúË? +Ÿž¯Ù:‡Ñüß?<ß|ÿáۏ1Èç¯ùôå·§ÿÿ×_ŸœyžÇÇïß{€ÇÓËé7gâÝ_ØǗûœLd^²Â_ÆŒdœøËØ¿d}ûFà’Õ +äKV¥æ’Õ +äKV¥æ’Õ +äKV£ÎKVR—AºdUævɊâå^²*p\²¢Xs|ɪÌ\²"ڃ|É*Ôó%+šë _²*5—¬šö _²*5—¬šö _²*5—¬šö _²u^²’º +ò%«RsɊjò%«RsɊjò%«RsɊjò%«Qç%+©Ë _²*5—¬šö _²*5—¬šö _²*5—¬šö ^²4—¬dö +^²*r\²"Ys|ɪÌ\²"ڃ|ɪÔ\²¢Úƒ|ÉjÔyÉJê2ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ȗ¬F—¬€.ƒ|ɪÔ\²¢Úƒ|ɪÔ\²¢Úƒ|ɪÔ\²¢Úƒ|ÉjÔyÉJê2ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ˆ—¬ + +—¬hÖ +^²2—¬Dö +_²*3—¬ˆö _²*5—¬šö _²*5—¬šö _²u^²’º +ò%«RsɊjò%«RsɊjò%«RsɊjò%«Qç%+©Ë _²*5—¬šö _²*5—¬šö _²*5—¬šö _² +õ|É +ê:ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ˆ—¬ + +—¬hÖ +_²s^²º +ò%«RsɊjò%«RsɊjò%«RsɊjò%«Qç%+©Ë _²*5—¬šö _²*5—¬šö _²*5—¬šö _²u^²’º +ò%«RsɊjò%«RsɊjò%«RsɊjò%«Qç%+©Ë _²*5—¬šö ^²*t\²¢Ys|ɪÌ\²"ڃ|ÉjÔyÉJê2ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ȗ¬F—¬€.ƒ|ɪÔ\²¢Úƒ|ɪÔ\²¢Úƒ|ɪÔ\²¢Úƒ|ÉjÔyÉJê2ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ȗ¬JÍ%+ª=ȗ¬F—¬€.ƒxɪÐqɊfÍñ%«2sɊhò%«RsɊjò%«Qç%+©Ë _²*5—¬šö _²*5—¬šö _²*5—¬šö _² +õ|É +ê:ȗ¬JÍ%+ª=ȗ¬tp).Yñ}ŒK֋÷—¬ûoäû‰æ÷Ï/§ÿczÄKÖŒf»d} +—¬¿ûëÇÿs^±þùëOÛ?ùÏŽ7ßüéËÇÏÛ¿þÛ×?ýòù‡ã÷·ùÓׯßþóÓۓֻ›§_\ëÅûYßôÍáùùyç—x^rÑ_O^tù׳{ÉõÎÙ¿äBuÄK.§ŽK.V{/¹œ:.¹XíAŒärêžäbµñ’K©¹äBuÄK.§ŽK.V{/¹œ:.¹XíAŒärêžäbµé’K¡ã’ +͞£K.Gn—\LÖ +^r9s\r1ڃxÉåÔqÉÅjâ%—RsÉ +ê2ˆ—\N +—\¬ö ^r9u\r±ÚƒxÉåÔqÉÅjâ%—RsÉ +ê2ˆ—\N +—\¬ö ^r9u\r±ÚƒxÉåÔqÉÅjâ%—RsÉ +ê2ˆ—\N +—\¬ö ^r9u\r±ÚƒtÉåÐ풋͚£K.EŽK.${/¹œ9.¹íAŒärêžäbµñ’Ë©ã’‹Õ +ÄK.¥æ’ +Õe/¹œ:.¹XíAŒärêžäbµñ’Ë©ã’‹Õ +ÄK.¥æ’ +Õe/¹œ:.¹XíAŒärêžäbµñ’Ë©ã’‹Õ +ÄK.£ÎK.R×AŒärêžäbµñ’Ë©ã’‹Õ +€K.‡n—\lÖ +^r)3—\ˆ.ƒxÉåÔqÉÅjâ%—SÇ%«=ˆ—\N +—\¬ö ^r)5—\š.ƒxÉåÔqÉÅjâ%—SÇ%«=ˆ—\N +—\¬ö ^r)5—\š.ƒxÉåÔqÉÅjâ%—SÇ%«=ˆ—\N +n°ÚƒxÉ¥Ô\r¡º +â%—SÇ%«=H—\Ý.¹Ø¬9ŒäræžäbŽñ’K©¹äBuÄK.§ŽK.V{/¹œ:.¹XíAŒärêžäbµñ’K©¹äBuÄK.§ŽK.V{/¹œ:.¹XíAŒärêžäbµñ’K©¹äBuÄK.§ŽK.V{/¹œ:.¹XíAŒärêžäbµñ’K©¹äBu€K.‡n—\lÖ +^r9s\r1ڃxÉåÔqÉÅjâ%—RsÉ +ê2ˆ—\N +—\¬ö ^r9u\r±ÚƒxÉåÔqÉÅjâ%—Qç%©ë ^r9u\r±ÚƒxÉwF撋ßÇö¢Ë÷qŒœÝ¹ä‚7òýLÂû§ÇÓwƒ{Ÿä¯Ù.¹žø’ëÿëüóoÿðûÿñϧyÿòý¿ßÜÜ~þøó{?ŒïñõÏŒÎüÛíۻãîÏ" +?ŸÞ~^tùöw>ß;odÿçó±Úƒøóù”šŸÏ‡ê2?ŸÏ™¿þ|>/Çèçó9pûù|,Ö +þ|>gŽŸÏÇhâÏç3êüù|€®ƒøóùœ:~>«=ˆ?ŸÏ©ãçó±Úƒøóùœš«NT{¯::¯:I]ùªS©¹êDµùªS©¹êDµùªS©¹êDµùªÓšóª“Ôe¯:•š«NT{¯:•š«NT{¯:•š«NT{¯: +š«N2{¯:9®:‘¬9ŸêTf®:íAŸêTj®:QíAŸê4êŒê$uä«N¥æªÕ +ä«N¥æªÕ +ä«N¥æªÕ +ä«N£Î«NR—AŸêTj®:QíAŸêTj®:QíAŸêTj®:QíAŸê4êŒê$uä«N¥æªÕ +ä«N¥æªÕ +Ä«N +Ž«N4k¯: +™«N"{Ž¯:•™«ND{¯:•š«NT{¯:•š«NT{¯::¯:I]ùªS©¹êDµùªS©¹êDµùªS©¹êDµùªÓšóª“Ôe¯:•š«NT{¯:•š«NT{¯:•š«NT{¯: +zŸêu +ä«N¥æªÕ +ä«N¥æªÕ +Ä«N +Ž«N4kŽ¯:9¯: ]ùªS©¹êDµùªS©¹êDµùªS©¹êDµùªÓšóª“Ôe¯:•š«NT{¯:•š«NT{¯:•š«NT{¯::¯:I]ùªS©¹êDµùªS©¹êDµùªS©¹êDµùªÓšóª“Ôe¯:•š«NT{¯::®:Ѭ9ŸêTf®:íAŸê4êŒê$uä«N¥æªÕ +ä«N¥æªÕ +ä«N¥æªÕ +ä«N£Î«NR—AŸêTj®:QíAŸêTj®:QíAŸêTj®:QíAŸê4êŒê$uä«N¥æªÕ +ä«N¥æªÕ +ä«N¥æªÕ +ä«N£Î«NR—AŒêTèžêD³æøªS™¹êDŽùªS©¹êDµùªÓšóª“Ôe¯:•š«NT{¯:•š«NT{¯:•š«NT{¯: +zŸêu +ä«N¥æªÕ +ä«Îý#DuՉïc\u^ŒãíÝÞUçþù>ßãÝáöôðªsŒf»ê|æ«Î¿}ýåËxÎô׿ûôõËÇïßyÀôýé¿`/ß]èo=ïn÷Ž:OßÂ^~ý]ŒûŒèòÝ¿œ|zÞ~,àÛ7òŽºœöŠÚƒ;§€Û³¯•š‡i£º +âÃŽ: +ŠÍjâÃŽšc]T{u•šc]T{u:uI]éXW™Û±.Š—cx¬«Àq¬‹bÍñ±®2s¬‹hò±®PÏǺ ®ƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬kÔy¬Kê2ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺFÇº€.ƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒx¬kÐ +ë’Ùsx¬«Èq¬‹dÍñ±®2s¬‹hò±®Rs¬‹jò±®Qç±.©Ë ë*5Ǻšö ë*5Ǻšö ë*5Ǻšö ëu +뒺 +ò±®Rs¬‹jò±®Rs¬‹jò±®Rs¬‹jò±®Qç±.©Ë ë*5Ǻšö ë*5Ǻšö +ë*t +ë¢Ysx¬kÈ +ëÙs|¬«Ì +ë"ڃ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬kÔy¬Kê2ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺFÇº€.ƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬+Ôó±.šë ë*5Ǻšö ë*5Ǻšö +ë*t +ë¢Ys|¬kÌy¬Kè2ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺFÇº€.ƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬kÔy¬Kê2ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺJͱ.ª=ÈǺFÇº€.ƒ|¬«Ô +ë¢Úƒx¬«Ðq¬‹fÍñ±®2s¬‹hò±®Qç±.©Ë ë*5Ǻšö ë*5Ǻšö ë*5Ǻšö ëu +뒺 +ò±®Rs¬‹jò±®Rs¬‹jò±®Rs¬‹jò±®Qç±.©Ë ë*5Ǻšö ë*5Ǻšö ë*5Ǻšö ëu +뒺 +â±®BDZ.š5ÇǺÊ̱.¢=ÈǺJͱ.ª=ÈǺFÇº€.ƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬«Ô +ë¢Úƒ|¬+Ôó±.šë ë*5Ǻšö ëÒq©8ÖÅ÷1Žu/Þ +ëðG°Žß©â±îxÍv¬ûÂǺ¿üüqü³œŸŸúpwxýšù +¿ý᫧ï;wº§ÿôïÿ› +Þx^tùÆß +><wÐ__zŬ¹ +òùðpw”æöÚ+hŸ¯> +7·R +¯euÜQO_ƒã­T·×^Q{pG=}n¬ºœöŠÚƒ;êóáþõ)u{íµwÍo/Ïò¿Á㵬.ƒ;êéo +OVÝ^{EíÁ +u\Þ+5§üšö Ÿò+5§üšö Ÿòužò“º +ò)¿Rsʏjò)¿Rsʏjò)¿Rsʏjò)¿Qç)?©Ë ò+s;åGñr +Où8NùQ¬9>åWfNùíA>åêù”ÔuOù•šS~T{Où•šS~T{Où•šS~T{Où:OùI]ù”_©9åGµù”_©9åGµù”_©9åGµù”ßšó”ŸÔeOù•šS~T{Où•šS~T{Où•šS~T{Où +šS~2{Où9Nù‘¬9>åWfNùíA>åWjNùQíA>å7ê<å'uäS~¥æ”Õ +äS~¥æ”Õ +äS~¥æ”Õ +äS~£ÎS~R—A>åWjNùQíA>åWjNùQíA>åWjNùQíA>å7ê<å'uäS~¥æ”Õ +äS~¥æ”Õ +ÄS~ +ŽS~4kOù +™S~"{ŽOù•™S~D{Où•šS~T{Où•šS~T{Où:OùI]ù”_©9åGµù”_©9åGµù”_©9åGµù”ßšó”ŸÔeOù•šS~T{Où•šS~T{Où•šS~T{Où +z>åu +äS~¥æ”Õ +äS~¥æ”Õ +ÄS~ +ŽS~4kŽOù9Où ]ù”_©9åGµù”_©9åGµù”_©9åGµù”ßšó”ŸÔeOù•šS~T{Où•šS~T{Où•šS~T{Où:OùI]ù”_©9åGµù”_©9åGµù”_©9åGµù”ßšó”ŸÔeOù•šS~T{Où:NùѬ9>åWfNùíA>å7ê<å'uäS~¥æ”Õ +äS~¥æ”Õ +äS~¥æ”Õ +äS~£ÎS~R—A>åWjNùQíA>åWjNùQíA>åWjNùQíA>å7ê<å'uäS~¥æ”Õ +äS~¥æ”Õ +äS~¥æ”Õ +äS~£ÎS~R—A<åWè8åG³æø”_™9åGŽù”_©9åGµù”ßšó”ŸÔeOù•šS~T{Où•šS~T{Où•šS~T{Où +z>åu +äS~¥æ”Õ +äSþýûsuʏïcœò_ŒãíýÞ)ÿþùîöéôÜ=ò%ÿö’íÿx3.ùÿù÷ÿñáçoîênî7¯à=‡Wüöp|ºÛ»Ô?ý*Üþú}sÿ}å5ïëíußÍóáéøôλx‡Ü^ÊdÍœO +OÿžyVäx)’=·CޝŸÕŒ8r{)“5·C>žŸÑHr{)“5·C> +å¯ë¯¯dðrì}ïôbǧ£ÇKQì¹ +òô+ÿ(Éí¥LÖÜyú•žuäöR&kn‡<ýÚ¿~33äöR&kî}òîô‹çÈñR${n‡<ýâßÞ;r{)“5·Cž~ñ_¿‡r{)“5·Cž~ño$¹œ”Éš{ŸŒ? +n^ +9^ŠdÏíw‡‡g÷mdŒ”ÉšÛ!7O’Ü^ÊdÍíÏ‡ùwØñR&kn'j;ýâ?žo#ã¥HöÜ9ú>CŠ$²æ°4∠Œ +ãTЀ)I¬9î93A {Ž#ACŠ$²æž4dA"kŽó@CŠ$²æž +äLì9 +™.Èšã*А‰‰¬9N +™"Èšã +P3²ç84dZ@"kŽK@C&$²æ84d*@"kŽ@AÎȞ£Ð€[ÿGÜÅÖFñq—cœþ0å‰5ÇÝßuòœýí“Ë +G†LóGdÍqñgÈDÖ +ç~†LíGdÍqë'șúÙs +ú2‘5ǕŸ!ùYsœø2 +‘5Ç}Ÿ gÞdÏqÜgÈŽ}DÖ +—}†LØGdÍqÖgÈT}DÖ +6}BLÒ`aÐgŒÑó‘w9Æ5Ÿó‘Xsœò2%‘5Ç +Ÿ gÆdÏqÄgÈ4|DÖ +|†LÀGdÍqŸgÈÔ{DÖ +·{‚œé +=Çáž!ÓíYs\í2Ñ +‘5Çɞ!SìYsÜë ræz@ö +Çz†L«GdÍq©gȄzDÖ +fzF +• +—cØè /‰ +x5ƁžÓç‘Xs\ç2q +‘5Çiž!SæYsÜå rfy@ö +Gy†L“GdÍq‘gÈyDÖ +çx†LGdÍq‹'șâÙs +â2 + +‘5Çž!áYsœà2 +‘5ÇýÝuòœßí“Ë +Çw†L{GdÍqygȄwDÖ +fwF +Õ +—cÜÜ p&w ö +w†LoGdÍqmgÈÄvDÖ +§v†LiGdÍqg'șÙÙs +Ù2 +‘5Ç +!ØYsœ×2u +‘5Çm gZdÏqXgÈtuDÖ +Wu†LTGdÍqRgÈuDÖ +÷t‚œ9 +=Ç1!ÓÒYsXÒq„t^ŽqFgÀTt$Ö +7t‚œ +=ǝ!ÓÏYs\Ï2ñ +‘5Çéœ!SÎYsÜÍ rfs@ö +Gs†L3GdÍq1gÈsDÖ +çr†L-GdÍq+'șÊÙs +Ê2 +‘5Ǖœ!ÉYsœÈ2 + +‘5Ç}œ g +dÏa +gÄÑÆx9ÆeœƑXsœÅ2U +‘5ÇMœ gdÏqgÈôpDÖ +×p†L +GdÍq +gȔpDÖ +wp×És·O.s +Á2 + +‘5ÇÜnÖ¥8z£;¿ ÈßvßÅ?X¿Ýޟþî +ço¿Ÿæ9ýÛqôoÿóÓÏ?~üüù׏_yûžšÓÿpŸyý_±ã?ûî/×ÍÃÞ¯×9ž9ÿç÷‹›‹÷·ŸÜŒ}#Ðܠڃ\Ýuf7€.ƒ +Þ(5å +ª=ÈíRߠڃœß(5ý +ª=ÈŽQg‚Cê2ÈŽRSá ÚƒÜá(5!ª=È)ŽRÓâ Úƒ\ãuæ8€.ƒ +ä(5Eª=ˆMŽBG”ƒfÍq–£Ìt9ˆö —9Fi©Ë Ç9JMƒjrŸ£Ô:šö ':JM£ƒjr¥cԙ鐺 +rš£Ô”:šö ·:JM¬ƒjr®£Ôô:šö ;FÉ©Ë G;JMµƒjr·£Ô„;šö §;JM»ƒjrœcԙ +RÀ£Ì­àAñr + +ŽˆŚãŒG™éxíA.y„zNy@]9æQjj +T{{ +¥&èAµ9éQjš +T{« +£Î¬‡ÔeÃ +¥ŠìAµ¹íQjâ +T{ó +¥ŠïAµ¹ð1êL|H]9òQj*T{;¥&ôAµ9õQjZT{kƒ&÷!³ç0øQä(~¬9n~”™èÑ +äìG©é~PíA.Œ:ÓR—AŽ”šúÕ +äþG© €PíAN€”šÕ +ä +Èš3"uäH©)PíAn”šÕ +ä +H©éPíA.‚Œ:“ R—AŽ‚”š*Õ +ä.H© ƒPíALƒ:Ú 4kë C&"²ç8Rf +!D{!¥&Bµ9Rj:!T{K!£ÎTˆÔec!¥ŠBµ¹Rj‚!T{“!¥ŠBµ¹2ê̆H]9 +RjÊ!T{Û!¥& +Bµ9Rjú!T{ +"¡ž"P×AŽˆ”šŠÕ +äŽH© ‰PíAL‰:Z"4kŽk"c̈Ðeƒ"¥Š(Bµ¹)Rj¢"T{³"¥Š+Bµ¹,2êL‹H]9.Rjê"T{û"¥&0Bµ91Rj#T{+#£Î̈ÔeC#¥Š4Bµ¹5Rjb#T{s#¥Š7Bµ¹82êLŽH]9:Rjª#T{»# +Žð͚ãôH™iíA®Œ:ó#R—A”š Õ +äI©‰PíAΐ”š Õ +äÉš3E"uäI©©‘PíAš Õ +ä$I©i’PíA®’Œ:³$R—A“”š2 Õ +ä6I©‰“PíAΓ”š> Õ +äBÉš3Q"uÄHI¡£RB³æžSRfB%D{S%¥ŠUBµ¹V2ê̕H]9XRjŠ%T{›%¥&ZBµ9[Rjº%T{Ë%¡žÓ%P×AŽ—”šz Õ +ä~‰Š +0áûÓÅû8ýjì%Lûoäl˜ŽÇÃé÷RÜ0×Œ†év4Lÿýÿûöñ§/>¿}zÖé×âõŸ§ß>Äëþþžû¯»ÃÓÝ#¿µŒèò­œó¯ñš¯·o + +†jòÃԚ§‡¡Úƒüü0£Îˆ‘º +ò#Ĕšgˆ¡Úƒü1¥æ1bšö >HL¡ãIbhÖ +?K̘óab„.ƒü81¥æybšö ?QL©) +QíA. +•šÂÕ +äÂÑš³p$uäÂQ©) +QíA. +•šÂÕ +äÂQ©) +QíA. +: +GR—A. +•šÂÕ +äÂQ©) +QíA. +•šÂÕ +äÂÑš³p$uäÂQ©) +QíA, +: +G4kŽ +GeŠpDŽ¹p4ê, +I]¹pTj +GT{ +G¥ŠpDµ¹pTj +GT{ +G£Î‘Ôe +G¥ŠpDµ¹pTj +GT{ +G¥ŠpDµ¹p4ê, +I]¹pTj +GT{ +G¥ŠpDµ¹pTj +GT{ +G£Î‘Ôe +Gen +#Š—cX8*pŽ(Ö +ŽÊLáˆhrá(Ôsáê:È +£RS8¢Úƒ\8*5 +#ª=È +£RS8¢Úƒ\8uŽ€.ƒ\8*5 +#ª=È +£RS8¢Úƒ\8*5 +#ª=È +£QgáHê2È +£RS8¢Úƒ\8*5 +#ª=È +£RS8¢ÚƒX84 +#™=‡ +£"GáˆdÍqášÌŽˆö ŽJMáˆjráhÔY8’º +rášÔŽšö ŽJMáˆjrášÔŽšö ŽF +#©Ë ŽJMáˆjrášÔŽšö ŽJMáˆjráhÔY8’º +rášÔŽšö ŽJMáˆjbášÐQ8¢YsX82 +#‘=Ç +£2S8"ڃ\8*5 +#ª=È +£RS8¢Úƒ\8uŽ€.ƒ\8*5 +#ª=È +£RS8¢Úƒ\8*5 +#ª=È +£QgáHê2È +£RS8¢Úƒ\8*5 +#ª=È +£RS8¢Úƒ\8 +õ\8‚ºrášÔŽšö ŽJMáˆjbášÐQ8¢Ys\8sŽ„.ƒ\8*5 +#ª=È +£RS8¢Úƒ\8*5 +#ª=È +£QgáHê2È +£RS8¢Úƒ\8*5 +#ª=È +£RS8¢Úƒ\8uŽ€.ƒ\8*5 +#ª=È +£RS8¢Úƒ\8*5 +#ª=È +£QgáHê2È +£RS8¢ÚƒX8*tŽhÖ +ŽÊLáˆhráhÔY8’º +rášÔŽšö ŽJMáˆjrášÔŽšö ŽF +#©Ë ŽJMáˆjrášÔŽšö ŽJMáˆjráhÔY8’º +rášÔŽšö ŽJMáˆjrášÔŽšö ŽF +#©Ë Ž + + +#š5Ç +£2S8"ڃ\8*5 +#ª=È +£QgáHê2È +£RS8¢Úƒ\8*5 +#ª=È +£RS8¢Úƒ\8 +õ\8‚ºrášÔŽšö Žûў* +ñ}ŒÂñâ} +ïnö +Çý7òŽ¯¢x¢±pÌkFáx7 +Çß}þôñË·7Ïg;ŸŒ^}<|w±Œò7‡û痝_¬ãËãáöõÏòñ]Ÿ³ÃÛ7ò|xzx÷Œ£n¯œ¢öàNàxúoÂœSóZT×Á +u+>:RV{R§Ž„”Õ +Ąԩ#!eµ1!UjRT—ALH:RV{R§Ž„”Õ +€„Ô¡[BÊfÍaBªÌ$€ˆ.ƒ˜:u$€¬ö &€N + )«=ˆ ©SGBÊjbBªÔ$€š.ƒ˜:u$€¬ö &€N + )«=ˆ ©SGBÊjbBªÔ$€š.ƒ˜:u$€¬ö &€N + )«=ˆ ©SGBÊjbBªÔ$€š.ƒ˜:u$€¬ö %€ÝR6kRgŽ„”Ñ +ĄT©IHQ]1!uêHHYíALH:RV{R§Ž„”Õ +ĄT©IHQ]1!uêHHYíALH:RV{R§Ž„”Õ +ĄT©IHQ]1!uêHHYíALH:RV{R§Ž„”Õ +ĄT©IHQ]!!uæ¯ )‹—c”:pKHY¬9LH9RF{R£Î„”ÔuR§Ž„”Õ +Ąԩ#!eµ1!uêHHYíALH•š„ÕeR§Ž„”Õ +Ąԩ#!eµ1!uêHHYíALH•š„ÕeR§Ž„”Õ +Ąԩ#!eµ1!uêHHYíAJH:R4{ŽRGn )“5‡ ©3GBÊhbBêԑ²Úƒ˜*5 )ªË &€N + )«=ˆ ©SGBÊjbBêԑ²Úƒ˜*5 )ªË &€N + )«=ˆ ©SGBÊjbBêԑ²Úƒ˜*5 )ªË &€N + )«=ˆ ©SGBÊjRBêÐ-!e³æ(!UäHH‘ì9LH9RF{R§Ž„”Õ +Ąԩ#!eµ1!UjRT—ALH:RV{R§Ž„”Õ +Ąԩ#!eµ1!UjRT—ALH:RV{R§Ž„”Õ +Ąԩ#!eµ1!5êLHI]1!uêHHYíALH:RV{R‡n )›5‡ ©2“"º +bBêԑ²Úƒ˜:u$€¬ö &€N + )«=ˆ ©R“¢º +bBêԑ²Úƒ˜:u$€¬ö &€N + )«=ˆ ©R“¢º +bBêԑ²Úƒ˜:u$€¬ö &€N +WÕ¬ö &€JMBŠê2ˆ ©SGBÊjRBêÐ-!e³æ0!uæHHíALH•š„ÕeR§Ž„”Õ +Ąԩ#!eµ1!uêHHYíALH•š„ÕeR§Ž„”Õ +Ąԩ#!eµ1!uêHHYíALH•š„ÕeR§Ž„”Õ +Ąԩ#!eµ1!uêHHYíALH•š„ÕeR‡n )›5‡ ©3GBÊhbBêԑ²Úƒ˜*5 )ªË &€N + )«=ˆ ©SGBÊjbBêԑ²Úƒ˜u&€€®ƒ˜:u$€¬ö &€Eš„”ßÇö¢Ë÷qŒ;î$€ðF~ss<ývá5!=ý~ûôߝwCÍãËáá×FèùîôLwó-ŸêçdrŒ(¯y}Kÿ<úÑýôó·íŸ}ýóöúðíÃ|øùãö¯þýææöãç?ýü^>õüú§zg÷í4oOÿÆÎ4gÛï{¶Mï{¿mzûF mBµ¹m2êl›H]¹mRjÚ&T{Û&¥ŠmBµ¹mRjÚ&T{Û&£Î¶‰ÔeÛ&¥ŠmBµ¹mRjÚ&T{Û&¥ŠmBµ¹m2êl›H]¹mRjÚ&T{Û& +Ž¶ ͚ã¶I™i›íAn›Œ:Û&R—An›”š¶ Õ +ä¶I©i›PíAn›”š¶ Õ +ä¶Éš³m"uä¶I©i›PíAn›”š¶ Õ +ä¶I©i›PíAn›Œ:Û&R—An›”š¶ Õ +ä¶I©i›PíAn›”š¶ Õ +ä¶Éš³m"u€¶I™[ۄâå¶M + +mŠ5Çm“2Ó6!ڃÜ6 õÜ6ºrÛ€ÔŽMšö ·MJMۄjrÛ€ÔŽMšö ·MFm©Ë ·MJMۄjrÛ€ÔŽMšö ·MJMۄjrÛdÔÙ6‘º +rÛ€ÔŽMšö ·MJMۄjrÛ€ÔŽMšö ¶MMÛDfÏaÛ€ÈÑ6!YsÜ6)3m¢=Èm“RÓ6¡ÚƒÜ6u¶M€.ƒÜ6)5mª=Èm“RÓ6¡ÚƒÜ6)5mª=Èm“QgÛDê2Èm“RÓ6¡ÚƒÜ6)5mª=Èm“RÓ6¡ÚƒÜ6u¶M€.ƒÜ6)5mª=Èm“RÓ6¡ÚƒØ6)tŽMhÖ +¶M†LÛDdÏqۀ̎Mˆö ·MJMۄjrÛ€ÔŽMšö ·MFm©Ë ·MJMۄjrÛ€ÔŽMšö ·MJMۄjrÛdÔÙ6‘º +rÛ€ÔŽMšö ·MJMۄjrÛ€ÔŽMšö ·MB=·M ®ƒÜ6)5mª=Èm“RÓ6¡ÚƒØ6)tŽMhÖ +·MƜm¡Ë ·MJMۄjrÛ€ÔŽMšö ·MJMۄjrÛdÔÙ6‘º +rÛ€ÔŽMšö ·MJMۄjrÛ€ÔŽMšö ·MFm©Ë ·MJMۄjrÛ€ÔŽMšö ·MJMۄjrÛdÔÙ6‘º +rÛ€ÔŽMšö ¶M + +mš5Çm“2Ó6!ڃÜ6u¶M€.ƒÜ6)5mª=Èm“RÓ6¡ÚƒÜ6)5mª=Èm“QgÛDê2Èm“RÓ6¡ÚƒÜ6)5mª=Èm“RÓ6¡ÚƒÜ6u¶M€.ƒÜ6)5mª=Èm“RÓ6¡ÚƒÜ6)5mª=Èm“QgÛDê2ˆm“BGۄfÍqۀ̎Mˆö ·MJMۄjrÛdÔÙ6‘º +rÛ€ÔŽMšö ·MJMۄjrÛ€ÔŽMšö ·MB=·M ®ƒÜ6)5mª=ÈmÓ~‘£Ú&|£mºxǻۜ¶iÿ\< +ïµmºœòxŒÇí÷ÇøxŒñš­m:Žºé÷¿|üéÃç·¥»?Œþ)ûy÷í¯ÔksíáxôŸòpŒ‹÷µÿpŒ·o +Ž‡jòÃñ„z~8 +šë ? +O©y8 +ª=ÈÇSj +Ž‡jòÃñ”š‡ã¡Úƒüp<£Î‡ã‘º +òÃñ”š‡ã¡Úƒüp<¥æáxšö > +O¡ãáxhÖ +? +Ϙóáx„.ƒüp<¥æáxšö ? +O© HQíAH•š€Õ +ä€Ôš3 %uä€T© HQíAH•š€Õ +ä€T© HQíAH:RR—AH•š€Õ +ä€T© HQíAH•š€Õ +ä€Ôš3 %uä€T© HQíA +H:R4kŽRe& EŽ9 5ê +HI]9 UjRT{R¥& Eµ9 UjRT{R£Î€”ÔeR¥& Eµ9 UjRT{R¥& Eµ9 5ê +HI]9 UjRT{R¥& Eµ9 UjRT{R£Î€”ÔeRen)Š—c*p€(Ö +€ÊL@Šhr@*Ôs@ +ê:È©R¢Úƒ +*5)ª=È©R¢Úƒ +u€€.ƒ +*5)ª=È©R¢Úƒ +*5)ª=È©Qg@Jê2È©R¢Úƒ +*5)ª=È©R¢Úƒ4)™=‡©"G@ŠdÍq@ªÌ€ˆö €JM@Šjr@jԐ’º +r@ªÔ€šö €JM@Šjr@ªÔ€šö €F)©Ë €JM@Šjr@ªÔ€šö €JM@Šjr@jԐ’º +r@ªÔ€šö €JM@Šjb@ªÐ¢Ys2)‘=Ç©2"ڃ +*5)ª=È©R¢Úƒ +u€€.ƒ +*5)ª=È©R¢Úƒ +*5)ª=È©Qg@Jê2È©R¢Úƒ +*5)ª=È©R¢Úƒ + +õ +‚ºr@ªÔ€šö €JM@Šjb@ªÐ¢Ys +s€„.ƒ +*5)ª=È©R¢Úƒ +*5)ª=È©Qg@Jê2È©R¢Úƒ +*5)ª=È©R¢Úƒ +u€€.ƒ +*5)ª=È©R¢Úƒ +*5)ª=È©Qg@Jê2È©R¢Úƒ*t€hÖ +€ÊL@Šhr@jԐ’º +r@ªÔ€šö €JM@Šjr@ªÔ€šö €F)©Ë €JM@Šjr@ªÔ€šö €JM@Šjr@jԐ’º +r@ªÔ€šö €JM@Šjr@ªÔ€šö €F)©Ë € + +)š5Ç©2"ڃ +*5)ª=È©Qg@Jê2È©R¢Úƒ +*5)ª=È©R¢Úƒ + +õ +‚ºr@ªÔ€šö €”EŠ€ßÇH/Þ€ûoä" }ý³–kéÃýáùô·+ +HÇk¶€ôv€ÿóëŸ~ùüñç·áæëf=}w1Œê7¿^ +ì€i9鍥åŒxcû-çÛ7-'šë ·œJMˉjrË©ÔŽœšö ·œJMˉjrËiÔÙr’º +rË©ÔŽœšö ·œJMˉjbË©ÐÑr¢YsÜrs¶œ„.ƒÜr*5-'ª=È-§RÓr¢ÚƒÜr*5-'ª=È-§QgËIê2È-§RÓr¢ÚƒÜr*5-'ª=È-§RÓr¢ÚƒÜru¶œ€.ƒÜr*5-'ª=È-§RÓr¢ÚƒÜr*5-'ª=È-§QgËIê2È-§RÓr¢ÚƒØr*tŽœhÖ +·œÊLˉhrËiÔÙr’º +rË©ÔŽœšö ·œJMˉjrË©ÔŽœšö ·œF-'©Ë ·œJMˉjrË©ÔŽœšö ·œJMˉjrËiÔÙr’º +rË©ÔŽœšö ·œJMˉjrË©ÔŽœšö ·œF-'©Ë µœÊÜZN/Ç°åTàh9Q¬9n9•™–Ñ +ä–Sšç–Ôu[N¥ŠåDµ¹åTjZNT{[N¥ŠåDµ¹å4êl9I]¹åTjZNT{[N¥ŠåDµ¹åTjZNT{[N£Î–“Ôe[N¥ŠåDµ¹åTjZNT{[N¥ŠåDµ±å4hZN2{[NEŽ–ɚã–S™i9íAn9•š–Õ +ä–Óš³å$uä–S©i9QíAn9•š–Õ +ä–S©i9QíAn9:[NR—An9•š–Õ +ä–S©i9QíAn9•š–Õ +ä–Óš³å$uä–S©i9QíAn9•š–Õ +ĖS¡£åD³æ°å4dZN"{Ž[NeŠåDŽ¹åTjZNT{[N¥ŠåDµ¹å4êl9I]¹åTjZNT{[N¥ŠåDµ¹åTjZNT{[N£Î–“Ôe[N¥ŠåDµ¹åTjZNT{[N¥ŠåDµ¹åê¹åu +ä–S©i9QíAn9•š–Õ +ĖS¡£åD³æžå4æl9 ]¹åTjZNT{[N¥ŠåDµ¹åTjZNT{[N£Î–“Ôe[N¥ŠåDµ¹åTjZNT{[N¥ŠåDµ¹å4êl9I]¹åTjZNT{[N¥ŠåDµ¹åTjZNT{[N£Î–“Ôe[N¥ŠåDµ±åTèh9Ѭ9n9•™–Ñ +ä–Óš³å$uä–S©i9QíAn9•š–Õ +ä–S©i9QíAn9:[NR—An9•š–Õ +ä–S©i9QíAn9•š–Õ +ä–Óš³å$uä–S©i9QíAn9•š–Õ +ä–S©i9QíAn9:[NR—Al9:ZN4kŽ[NeŠåDŽ¹åTjZNT{[N£Î–“Ôe[N¥ŠåDµ¹åTjZNT{[N¥ŠåDµ¹åê¹åu +ä–S©i9QíAn9÷EÕrâû-çÅû8ÞÝﵜûodi9WZÎûãéž?sË9^³µœw£åüÃýüùë_ÞŠœ¯ßIÿÿÆî5§‚ðU8D†‹åüÁ°=vOìJý_õ7²„Ä«Žï/w»ÿ~R?~ +OSÎÏÏñë{?ºë|èþ®/}» +ÇÛ£C +šßÏþGíÁ'êùžR¥æŧšö ¿øT©‰eQíAŽe +z‹eA݃ +Ë*5±,ª=ȱ¬Rˢڃ +Ë*5±,ª=ȱ¬Q'–%u +r,«ÔIJšö DzJM,‹jb,«Ð3–E³æ8–5æIJ„®AŽe•šXÕ +äXV©‰eQíAŽe•šXÕ +äXÖš˒º9–UjbYT{cY¥&–Eµ9–UjbYT{cY£N,KêäXV©‰eQíAŽe•šXÕ +äXV©‰eQíAŽe:±,©kcY¥&–Eµ1–UèË¢Ys +Ë*3±,¢=ȱ¬Q'–%u +r,«ÔIJšö DzJM,‹jr,«ÔIJšö DzFX–Ô5ȱ¬Rˢڃ +Ë*5±,ª=ȱ¬Rˢڃ +ËubYR× Ç²JM,‹jr,«ÔIJšö DzJM,‹jr,kԉeI]ƒË*ó;–Eñ~ +cYž±,Š5DZ¬2Ë"ڃ +Ë +õ˂º9–UjbYT{cY¥&–Eµ9–UjbYT{cY£N,KêäXV©‰eQíAŽe•šXÕ +äXV©‰eQíAŽe:±,©kcY¥&–Eµ9–UjbYT{cY¥&–Eµ1–5hbY2{cYEž±,’5DZ¬2Ë"ڃ +Ë*5±,ª=ȱ¬Q'–%u +r,«ÔIJšö DzJM,‹jr,«ÔIJšö DzFX–Ô5ȱ¬Rˢڃ +Ë*5±,ª=ȱ¬Rˢڃ +ËubYR× Ç²JM,‹jr,«ÔIJšö Ʋ +=cY4kcYC&–%²ç8–UfbYD{cY¥&–Eµ9–UjbYT{cY£N,KêäXV©‰eQíAŽe•šXÕ +äXV©‰eQíAŽe:±,©kcY¥&–Eµ9–UjbYT{cY¥&–Eµ9–ê-–ur,«ÔIJšö DzJM,‹jb,«Ð3–E³æ8–5æIJ„®AŽe•šXÕ +äXV©‰eQíAŽe•šXÕ +äXÖš˒º9–UjbYT{cY¥&–Eµ9–UjbYT{cY£N,KêäXV©‰eQíAŽe•šXÕ +äXV©‰eQíAŽe:±,©kcY¥&–Eµ1–UèË¢Ys +Ë*3±,¢=ȱ¬Q'–%u +r,«ÔIJšö DzJM,‹jr,«ÔIJšö DzFX–Ô5ȱ¬Rˢڃ +Ë*5±,ª=ȱ¬Rˢڃ +ËubYR× Ç²JM,‹jr,«ÔIJšö DzJM,‹jr,kԉeI]ƒË*ôŒeѬ9Že•™XÑ +äXV©‰eQíAŽe:±,©kcY¥&–Eµ9–UjbYT{cY¥&–Eµ9–ê-–ur,«ÔIJšö Dz”€ŠXï8cÙ»; –}~Èç÷Å—_×ß®]ÿñîú—ŒG +¯—ãíëëüòûõž]ôqwÑëûçϹÇËùÈõ ?Oι­ú +NÊ­žendstream +endobj +1060 0 obj << +/Type /Page +/Contents 1061 0 R +/Resources 1059 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 782 0 R +/Annots [ 1063 0 R 1064 0 R 1065 0 R 1066 0 R 1067 0 R 1068 0 R 1069 0 R 1070 0 R 1071 0 R 1072 0 R 1073 0 R 1074 0 R 1075 0 R 1076 0 R 1077 0 R 1078 0 R 1079 0 R 1080 0 R 1081 0 R 1082 0 R 1083 0 R 1084 0 R 1085 0 R 1086 0 R 1087 0 R 1088 0 R 1089 0 R 1090 0 R 1091 0 R 1092 0 R 1093 0 R 1094 0 R 1095 0 R 1096 0 R 1097 0 R 1098 0 R 1099 0 R 1100 0 R 1101 0 R 1102 0 R 1103 0 R 1104 0 R 1105 0 R 1106 0 R 1107 0 R 1108 0 R 1109 0 R 1110 0 R 1111 0 R 1112 0 R 1113 0 R 1114 0 R 1115 0 R 1116 0 R 1117 0 R 1118 0 R ] +>> endobj +1063 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 706.321 297.612 715.208] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> +>> endobj +1064 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 706.321 521.32 715.208] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> +>> endobj +1065 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 692.782 194.64 699.756] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS-GENERAL) >> +>> endobj +1066 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 692.782 521.32 699.756] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS-GENERAL) >> +>> endobj +1067 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 677.893 343.241 686.804] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-CHECKS) >> +>> endobj +1068 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 677.893 521.32 686.804] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-CHECKS) >> +>> endobj +1069 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 664.942 378.957 673.853] +/Subtype /Link +/A << /S /GoTo /D (0:OPENPGP-SIGNATURES) >> +>> endobj +1070 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 664.942 521.32 673.853] +/Subtype /Link +/A << /S /GoTo /D (0:OPENPGP-SIGNATURES) >> +>> endobj +1071 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 651.99 269.807 660.902] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-SERVER-CONNECTIVITY) >> +>> endobj +1072 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 651.99 521.32 660.902] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-SERVER-CONNECTIVITY) >> +>> endobj +1073 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 641.096 184.548 647.95] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +1074 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 641.096 521.32 647.95] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +1075 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 623.831 254.614 632.717] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE) >> +>> endobj +1076 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 623.831 521.32 632.717] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE) >> +>> endobj +1077 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 610.411 194.092 617.265] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-GENERAL) >> +>> endobj +1078 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 610.411 521.32 617.265] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-GENERAL) >> +>> endobj +1079 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 597.46 195.765 604.314] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAIN-COMMAND-LINE) >> +>> endobj +1080 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 597.46 521.32 604.314] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAIN-COMMAND-LINE) >> +>> endobj +1081 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 582.451 179.716 591.362] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-YULE) >> +>> endobj +1082 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 582.451 521.32 591.362] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-YULE) >> +>> endobj +1083 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 567.243 267.346 576.129] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1084 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 567.243 521.32 576.129] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1085 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 553.823 194.092 560.677] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +1086 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 553.823 521.32 560.677] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +1087 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 540.752 217.902 547.726] +/Subtype /Link +/A << /S /GoTo /D (0:FILES-TO-CHECK) >> +>> endobj +1088 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 540.752 521.32 547.726] +/Subtype /Link +/A << /S /GoTo /D (0:FILES-TO-CHECK) >> +>> endobj +1089 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 525.863 233.703 534.775] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITY-OF-EVENTS) >> +>> endobj +1090 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 525.863 521.32 534.775] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITY-OF-EVENTS) >> +>> endobj +1091 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 512.912 239.77 521.823] +/Subtype /Link +/A << /S /GoTo /D (0:LOGGING-THRESHOLDS) >> +>> endobj +1092 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 512.912 521.32 521.823] +/Subtype /Link +/A << /S /GoTo /D (0:LOGGING-THRESHOLDS) >> +>> endobj +1093 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 499.96 279.252 508.872] +/Subtype /Link +/A << /S /GoTo /D (0:WATCHING-LOGIN-LOGOUT-EVENTS) >> +>> endobj +1094 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 499.96 521.32 508.872] +/Subtype /Link +/A << /S /GoTo /D (0:WATCHING-LOGIN-LOGOUT-EVENTS) >> +>> endobj +1095 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 487.009 307.456 495.92] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) >> +>> endobj +1096 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 487.009 521.32 495.92] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) >> +>> endobj +1097 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 474.057 285.697 482.969] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-SUID-FILES) >> +>> endobj +1098 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 474.057 521.32 482.969] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-SUID-FILES) >> +>> endobj +1099 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 461.106 274.639 470.017] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-MOUNTS) >> +>> endobj +1100 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 461.106 521.32 470.017] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-MOUNTS) >> +>> endobj +1101 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 448.155 253.04 457.066] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-USERFILES) >> +>> endobj +1102 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 448.155 521.32 457.066] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-USERFILES) >> +>> endobj +1103 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 437.26 204.054 444.115] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE) >> +>> endobj +1104 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 437.26 521.32 444.115] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE) >> +>> endobj +1105 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 424.309 225.095 431.163] +/Subtype /Link +/A << /S /GoTo /D (0:MISCELLANEOUS) >> +>> endobj +1106 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 424.309 521.32 431.163] +/Subtype /Link +/A << /S /GoTo /D (0:MISCELLANEOUS) >> +>> endobj +1107 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 411.358 201.295 418.212] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERNAL) >> +>> endobj +1108 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 411.358 521.32 418.212] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERNAL) >> +>> endobj +1109 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 398.406 195.775 405.26] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE-CLIENTS) >> +>> endobj +1110 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 398.406 521.32 405.26] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE-CLIENTS) >> +>> endobj +1111 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 383.044 223.889 390.027] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-FIELDS) >> +>> endobj +1112 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 383.044 521.32 390.027] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-FIELDS) >> +>> endobj +1113 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 367.721 194.64 374.575] +/Subtype /Link +/A << /S /GoTo /D (0:GEN-DB-FIELDS) >> +>> endobj +1114 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 367.721 521.32 374.575] +/Subtype /Link +/A << /S /GoTo /D (0:GEN-DB-FIELDS) >> +>> endobj +1115 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 354.77 197.977 361.624] +/Subtype /Link +/A << /S /GoTo /D (0:MOD-DB-FIELDS) >> +>> endobj +1116 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 354.77 521.32 361.624] +/Subtype /Link +/A << /S /GoTo /D (0:MOD-DB-FIELDS) >> +>> endobj +1117 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [143.462 339.761 190.236 348.672] +/Subtype /Link +/A << /S /GoTo /D (0:SYS-DB-FIELDS) >> +>> endobj +1118 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [506.376 339.761 521.32 348.672] +/Subtype /Link +/A << /S /GoTo /D (0:SYS-DB-FIELDS) >> +>> endobj +1062 0 obj << +/D [1060 0 R /XYZ 71.731 729.265 null] +>> endobj +1059 0 obj << +/Font << /F34 797 0 R /F27 788 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1149 0 obj << +/Length 818 +/Filter /FlateDecode +>> +stream +xÚuUÁŽ›0œïWp)a1„®[µÕöÐ=lVªÔíÁ'X5³iúõ +ã1’*;¶y3ïœñ˜xüˆ—‘0K`ˆó0ÞŠ^Q?DÞ vŸ><±ÙäaºËa~gsÆ$Lbo=xÚ?<~‰‰Gá6Íœýq +%aœlœ}ùÓÿTÑV3¬ãlç“ЎύVA +ù²ì +ÍeüÚšÌËÃ|›€Mîzäaa +RGëŠòÒÈç +© +JªqÆÍ’ú'Åu@ü + +kÊq[õ i×SÚN»K§YóžkzÌþ;J +ËŒ9¹ÅJvÚå`ÆM³•ù—‚ª€ìü[ª èšÄažZboߟ¬Žc˜cÃô9  ŽúÝ +™Ö@f¢/AœúGŠ\ +å‡Y Má@ŽŒê^1Ü×Òk[鏢 +M4Zp¬5ò+@EÄ¢‚ÿÌyÖdȺ– +×R$¡ÛMâp—eÃî3&ÚR¥yÑþ›È_l&*uœ `kª +¶ +0™~Ԇ^û^ÎýØ1õaLgêÖË3ו +C!éù÷ˆiëpA“7%7Ò~ð²§bæýj!¢Ëð †rg +ÄPË +uEчB +Á +— +®tͺŽžœƒà8V¬žNø÷ôß( ðæ=ŠâS¯š¶eŸÄ˜4ìš{c*Ï.›ƒ‡˜ðߖ/ +cŽšì’ŠÐ᫃zŒ2ÙP<€6˜yTAύŽtÇÄDV··äšdœP螶iêãyë&›Mm‘¶ºPÑ÷(f·ÎµcnCk†þÖ@7P_Z·þòº,€—WÛ +`W“_·U5¥²Ýjž!ÃÂðÿO +W’í IrU_ÆðYºµw`>.›×X8³Îå>µžÅí +<v°ƒZhVþ¿îÆòœ” +{šÁš +Cj€išÄu[/ [g +v +Ôó\qGmÌzyµ +ŠbÐ!•Ãq=еëK/–Ê“tvŒ|U¯žöSRV;ñZ% +žª¬ôxøŒM|7»pG²»¯*žXOG죚O/aJ¶ðæÅdA–ðqŸ +ôæ"Wendstream +endobj +1148 0 obj << +/Type /Page +/Contents 1149 0 R +/Resources 1147 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 782 0 R +>> endobj +887 0 obj << +/D [1148 0 R /XYZ 71.731 718.306 null] +>> endobj +10 0 obj << +/D [1148 0 R /XYZ 298.58 703.236 null] +>> endobj +1150 0 obj << +/D [1148 0 R /XYZ 71.731 672.579 null] +>> endobj +1151 0 obj << +/D [1148 0 R /XYZ 71.731 672.579 null] +>> endobj +1152 0 obj << +/D [1148 0 R /XYZ 214.345 650.952 null] +>> endobj +1153 0 obj << +/D [1148 0 R /XYZ 71.731 615.919 null] +>> endobj +1154 0 obj << +/D [1148 0 R /XYZ 173.1 605.124 null] +>> endobj +1155 0 obj << +/D [1148 0 R /XYZ 71.731 570.09 null] +>> endobj +1156 0 obj << +/D [1148 0 R /XYZ 71.731 511.311 null] +>> endobj +1157 0 obj << +/D [1148 0 R /XYZ 278.085 500.516 null] +>> endobj +1158 0 obj << +/D [1148 0 R /XYZ 446.422 500.516 null] +>> endobj +1147 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1161 0 obj << +/Length 904 +/Filter /FlateDecode +>> +stream +xÚ­VMÛ6œï¯Ð¡@d óC¢€ +rÈ6 ÚC»@}kr`eÚ"K‚${7A|‡ä(Öʎ»@ +Kj9š÷Þ|‰<`øãAÊ!•žˆ +„J‚bǂ-ž|ŒãdÇ9$YŽû +‡Q"8HDïVwË‚‚Jò`µùÂ$©‚Õúïð~§ÛÁt‹H€Y(À¯÷ÍŸ-«²ÞúG]¯ýŠ¬ûAW + +º³Ï«ßÿ +r¥¬{•B« ’XâÝÿ¥÷;]Ö䧧Õ/ÅB0ôdêaÙ[œ +ǑIÿµÌþÇˆãO8Ä\¢hë~µ+Ég1Õ±YH6Å¡7tÚƒ,䡬Ö'm„7 H]5µ±ÏyØoÄ¢3â +#é + +ñdÿ˜â0hçž2 +ž„ÃŽC÷\ñD-ž +" Ÿ+~}2Ā„õ0ËÀÅWÀſٙçÒÉãŠkö~7ìÈ5'˜‘ÒÔ)í›CW8e¯§žÈÏc9ìün]n\ÜMgFÚM;”MÝO“ÒÍ@_Mý‰1±µryE\ +[IX¶äêKXo +¿»÷«ïu/³b™*V©ôbkŒ6ÑÄÈõÆŽ®æŽ\ñšÂò{#žƒÇ’ÈÓ«à£ÍUð¹# +þsð(r67W €?~šŒî)†¡ÀSl›YŒÇޘÑq +ƒ²èò"ûÑ$:ٜ‘Ÿ¹9*ê +7S€cê*.™\ÅÍpÒ 1Å}VbºžvG[éZŸ²Ùlæ1ºÖšf8Ž +i[{œy<ÁK#žsn¹Ï|vp +ÇÑVº +z$i£鲟brm +ÈRÿþ¯Å¬«F¯Ç!šP:KÝ +TÀm=ãÈW<÷Mºû +ÌғYRe4)·;I1}³\V:²C®Ö°6Ë +gºŸxKš|Qqèl#à;Ø~;g +Éf +åǞöû§¡Ó +í؄¹Žõs+±ñä6žåæ«~øøà7}¹ElL +öŸ­øÛšÝ +êoeëõF +_ç–Ž¹ãý‚ÿò›§ã†Þ?cÖô{ðÿ”Ú-ù‹Žˆ)«?H‰â +º/.ØÓљDè +lN~6.éˈëKxQ¹ÝÓ§Kç6eKümJëð¥ +ìEéFè{ýå +°¿¹{XuCX—œ«æóšnq¿ü‘#‹èdâïžùIF‚Ô$R‹ªÈüœÑ +ö +è?JÚœåendstream +endobj +1160 0 obj << +/Type /Page +/Contents 1161 0 R +/Resources 1159 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1200 0 R +/Annots [ 1166 0 R 1168 0 R ] +>> endobj +1166 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [385.439 644.872 430.297 653.462] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> +>> endobj +1168 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [247.359 628.342 286.729 636.825] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +888 0 obj << +/D [1160 0 R /XYZ 71.731 718.306 null] +>> endobj +14 0 obj << +/D [1160 0 R /XYZ 418.398 703.236 null] +>> endobj +1162 0 obj << +/D [1160 0 R /XYZ 71.731 692.184 null] +>> endobj +1163 0 obj << +/D [1160 0 R /XYZ 71.731 677.24 null] +>> endobj +1167 0 obj << +/D [1160 0 R /XYZ 71.731 639.891 null] +>> endobj +889 0 obj << +/D [1160 0 R /XYZ 76.712 612.297 null] +>> endobj +18 0 obj << +/D [1160 0 R /XYZ 181.702 567.043 null] +>> endobj +1169 0 obj << +/D [1160 0 R /XYZ 71.731 546.902 null] +>> endobj +1170 0 obj << +/D [1160 0 R /XYZ 71.731 524.104 null] +>> endobj +1171 0 obj << +/D [1160 0 R /XYZ 135.691 512.547 null] +>> endobj +1174 0 obj << +/D [1160 0 R /XYZ 155.059 512.547 null] +>> endobj +1177 0 obj << +/D [1160 0 R /XYZ 71.731 458.051 null] +>> endobj +1178 0 obj << +/D [1160 0 R /XYZ 71.731 432.981 null] +>> endobj +1179 0 obj << +/D [1160 0 R /XYZ 135.691 423.481 null] +>> endobj +1180 0 obj << +/D [1160 0 R /XYZ 155.059 423.481 null] +>> endobj +1181 0 obj << +/D [1160 0 R /XYZ 135.691 411.825 null] +>> endobj +1182 0 obj << +/D [1160 0 R /XYZ 155.059 411.825 null] +>> endobj +1183 0 obj << +/D [1160 0 R /XYZ 135.691 400.169 null] +>> endobj +1184 0 obj << +/D [1160 0 R /XYZ 155.059 400.169 null] +>> endobj +1185 0 obj << +/D [1160 0 R /XYZ 135.691 388.512 null] +>> endobj +1186 0 obj << +/D [1160 0 R /XYZ 155.059 388.512 null] +>> endobj +1187 0 obj << +/D [1160 0 R /XYZ 71.731 334.017 null] +>> endobj +1188 0 obj << +/D [1160 0 R /XYZ 71.731 308.946 null] +>> endobj +1189 0 obj << +/D [1160 0 R /XYZ 135.691 299.446 null] +>> endobj +1190 0 obj << +/D [1160 0 R /XYZ 155.059 299.446 null] +>> endobj +1191 0 obj << +/D [1160 0 R /XYZ 71.731 244.951 null] +>> endobj +1192 0 obj << +/D [1160 0 R /XYZ 71.731 219.88 null] +>> endobj +1193 0 obj << +/D [1160 0 R /XYZ 135.691 210.38 null] +>> endobj +1194 0 obj << +/D [1160 0 R /XYZ 155.059 210.38 null] +>> endobj +1195 0 obj << +/D [1160 0 R /XYZ 71.731 155.885 null] +>> endobj +1196 0 obj << +/D [1160 0 R /XYZ 71.731 132.871 null] +>> endobj +1197 0 obj << +/D [1160 0 R /XYZ 135.691 121.314 null] +>> endobj +1198 0 obj << +/D [1160 0 R /XYZ 155.059 121.314 null] +>> endobj +1199 0 obj << +/D [1160 0 R /XYZ 71.731 48.817 null] +>> endobj +1159 0 obj << +/Font << /F21 781 0 R /F44 1165 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1203 0 obj << +/Length 1101 +/Filter /FlateDecode +>> +stream +xÚµVߏ£6~ß¿‚‡JÒÆÁóãÞ¶i³ÝªÚšœzÕõ +8âëÀ€`.JÿúŽ± +l²Ù¶ÒVQdƒÇ3Ÿ¿ùf0v|øa'Æ(` )"uòêÆw +X¹¿ÁÆbfLf›ï77ó%I¥QàlvNGˆF¡%”8›í'w±Ï’5ތPß%H‹º:ð’‹B?fb«'\Ž2ó°[ökŸ7?ßüž P‚Q@^iL.AÆ#HŒSD\SF±Ùµ²®ø_ìœ +:_†‘“ ?îÍ#„ƒÔ™ç§œu»ÿΘţYŠ‚(Êà÷f‘ï»s&óy›UûŒ‹&×{ŠPfEöÏ¢ +¡†ò žäY X4%ro&_²–-æi«h’™zù6˜ +L +|&õÈÌ¿ƒœ–Y#Ï.5`VÕâĚïYþÕŒúÁ€ÆŽÁŽG FÜû?õ‚Œ÷WögÇV1!Ûˇ1JÀ×̌jëêiýðQŸŒ /ô!çM-ÔþsÙZœAl”€ÁKº%(La2Y9 +cB‚Ä'î.% +€(Œã!dŸ i2ŽŒ,õ¬åIÏòŸ&UêÂt¬ÈŠ¶4M­z&e)LûŒÌ\pøˆŠÔØÔÖdršÿöÔJVÝDm +†Þ +”Þ•`^‹A` +«wúáŸú +HEzR†Š'”š4èq×03[œŠ£=Ð4“UWB°IšEó›Ê1ÛÚ#Ô=¶úåÇ՜øŸð¥„‚š!<ûðwëõÑÍYïûâßíxi +[ÒÓrMOú—Ÿ†o¥§‰»«z²6êX¿{C²:V0¶ +Òv! '†’÷ÿ +ÍÄ>Š!œÞ'ësŽ-Æ|V66Ó÷@Þã‡WXWª¹_,TæLâ€ju£K\Ùì¥<ŒŸÏÇ£Q¢C œžÅŒ­wòèYà ܌ÈsõG{Y•œ_£¹º:k‹ËA†ë© +œæa +€ŠíDƒ +Çrœ +°úÿ刄·ÖO3Œ=rSH§º3ä|S hœyçQê¶/hœÙTë%τŒ +ü™ +íëΪºàª~tÝižœô•álŠr›“:qØr‘šìŠŠ{3=4õ¶³ë»žTUBÃÕ#¯·öÐwe[Ÿa +âšd+ž}Š*sÀ¬HšÚ¬ìêÒ°Qò¯*²1S+›Ÿàâ +ŽŒ¯Œ”žwPWØÝü4æ~Nõ̙ +û<u'°_aۇݓ>gñ¿Þž>=­6O^@Ý»_>›ÂÝêþZG 4 +è%oԑ&î®v$kÓߜvçIíU äótv­Í"/„Íu^ +UÀ_Ñ5“Úº3dÙkšdí4G6 vŽŸ¯ú Œe&U;–É®aŠø[­ÿÑ3í+¯Å¡뷂;ªùR°Ém¹,ٝgÄ\ÖCøüãøÕëührq›§p5 +àjfLšàʝü2ÐßAÛ + endstream +endobj +1202 0 obj << +/Type /Page +/Contents 1203 0 R +/Resources 1201 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1200 0 R +>> endobj +1204 0 obj << +/D [1202 0 R /XYZ 155.059 653.848 null] +>> endobj +1205 0 obj << +/D [1202 0 R /XYZ 71.731 599.352 null] +>> endobj +1206 0 obj << +/D [1202 0 R /XYZ 71.731 576.339 null] +>> endobj +1207 0 obj << +/D [1202 0 R /XYZ 135.691 564.782 null] +>> endobj +1208 0 obj << +/D [1202 0 R /XYZ 155.059 564.782 null] +>> endobj +1209 0 obj << +/D [1202 0 R /XYZ 71.731 510.286 null] +>> endobj +1210 0 obj << +/D [1202 0 R /XYZ 71.731 487.273 null] +>> endobj +1211 0 obj << +/D [1202 0 R /XYZ 135.691 475.716 null] +>> endobj +1212 0 obj << +/D [1202 0 R /XYZ 155.059 475.716 null] +>> endobj +890 0 obj << +/D [1202 0 R /XYZ 71.731 439.9 null] +>> endobj +22 0 obj << +/D [1202 0 R /XYZ 220.023 394.646 null] +>> endobj +1213 0 obj << +/D [1202 0 R /XYZ 71.731 371.157 null] +>> endobj +1214 0 obj << +/D [1202 0 R /XYZ 71.731 371.157 null] +>> endobj +1215 0 obj << +/D [1202 0 R /XYZ 71.731 356.213 null] +>> endobj +1216 0 obj << +/D [1202 0 R /XYZ 71.731 346.726 null] +>> endobj +1217 0 obj << +/D [1202 0 R /XYZ 139.477 328.893 null] +>> endobj +1218 0 obj << +/D [1202 0 R /XYZ 139.477 328.893 null] +>> endobj +1219 0 obj << +/D [1202 0 R /XYZ 299.426 328.893 null] +>> endobj +1220 0 obj << +/D [1202 0 R /XYZ 172.114 315.941 null] +>> endobj +1221 0 obj << +/D [1202 0 R /XYZ 71.731 303.822 null] +>> endobj +1222 0 obj << +/D [1202 0 R /XYZ 71.731 290.87 null] +>> endobj +1223 0 obj << +/D [1202 0 R /XYZ 139.477 275.094 null] +>> endobj +1224 0 obj << +/D [1202 0 R /XYZ 191.223 275.094 null] +>> endobj +1225 0 obj << +/D [1202 0 R /XYZ 363.017 275.094 null] +>> endobj +1226 0 obj << +/D [1202 0 R /XYZ 353.821 262.143 null] +>> endobj +1227 0 obj << +/D [1202 0 R /XYZ 479.18 236.24 null] +>> endobj +1228 0 obj << +/D [1202 0 R /XYZ 204.692 223.289 null] +>> endobj +1229 0 obj << +/D [1202 0 R /XYZ 71.731 211.169 null] +>> endobj +1230 0 obj << +/D [1202 0 R /XYZ 71.731 198.776 null] +>> endobj +1231 0 obj << +/D [1202 0 R /XYZ 139.477 182.442 null] +>> endobj +1232 0 obj << +/D [1202 0 R /XYZ 483.035 182.442 null] +>> endobj +891 0 obj << +/D [1202 0 R /XYZ 71.731 150.312 null] +>> endobj +1201 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1235 0 obj << +/Length 1615 +/Filter /FlateDecode +>> +stream +xÚ­XKÛ6Ÿï¯ð¡ˆž$%ê±@›M6h +€Aa (š +ž2m ‘)Wu +äÇw(’zËÙ ++ŠÍ|ó +Š¬0üÈ* (páB#D}¶Š7xu€'ïnˆ¡p +‰Ó£yœœ¹}€Ñ*B‘﮶û•øˆùÞ*p) +]mw¯~ªD±q(ÃkŠôõ!?žÒ,•}ËåN/RYV|CÖYóìŸí¯7o·-F réU†d +’¬H€(a +¥Uûˆ°I‘«áúMŸ!l}–YÎwzGƒƒ +PO>W+ +žê^€Bâ(̓ aºM„Ö*®‹BÈJß<+.¢(Ó\ê|¯¯%?&J÷ÔìÇÜ,ž +›]Ÿ¡š0ÛùQõ +BQÄH#:©ªÓÝííù|Þøl2î(žšTޚ«c¢Šô‡/ÆO¿g;ëº +îò:p^À|CÕ{š§ÊÄ©F†º²æÊ%xß²(â$U +Žxœù3 +‚ÈE%­†£÷QR +3xýþÚk£H’×p5¶å°Æë³úÇ/Fç#ÿ€îŌÍËÚê]%Ü8ûbY'ƝÜx2!J1Ê +Z +ó]úcj}=tRi”Ú&i¹BÖ°O—OåŸý¥MH勩¯>Œû`ä¥É«V_åRXÆ"ÓqªÍlž4iáÓb.ž!Ÿx–é›sªŒ‘YCɊÛÓ©‰˜5ªÆM¹Åƒi&Ê»q!4@ŒÒóCDÜù +biœ +‘.!œd3Rji]âÜy¡7'n|íěw®‹1Vâïgì'ùÑÚÕfú{?0j/Õ;ꇺ—£€œÄž¬O¢PN +øgBZt^qßӜ© +!^uq¿ä/ЗÂ×ýÕ-ûËÐ蒿诩žøëšøãFskž¥€Úç +5dë +p.ükl–"ÕDGþuï÷«*Ž +°ÇN¹ä™ícÿÖGÕbeUNŽ£ö:= +µ”ãÃç0³(d–ïÛl÷i£ïÄ +£G†ÎvØYƒÌ%Ô/ûFq‡F.bA0˜Z'V—“˜Š +÷ØâC·O6$\ÏGŒGmBv™"OóS¥ŸŽŒº‚p> endobj +26 0 obj << +/D [1234 0 R /XYZ 283.599 706.118 null] +>> endobj +1236 0 obj << +/D [1234 0 R /XYZ 71.731 685.978 null] +>> endobj +1237 0 obj << +/D [1234 0 R /XYZ 210.699 673.241 null] +>> endobj +1238 0 obj << +/D [1234 0 R /XYZ 119.552 660.29 null] +>> endobj +1239 0 obj << +/D [1234 0 R /XYZ 423.947 660.29 null] +>> endobj +1240 0 obj << +/D [1234 0 R /XYZ 156.074 647.338 null] +>> endobj +1241 0 obj << +/D [1234 0 R /XYZ 347.605 634.387 null] +>> endobj +1242 0 obj << +/D [1234 0 R /XYZ 71.731 599.353 null] +>> endobj +1243 0 obj << +/D [1234 0 R /XYZ 339.036 588.559 null] +>> endobj +1244 0 obj << +/D [1234 0 R /XYZ 71.731 585.157 null] +>> endobj +1245 0 obj << +/D [1234 0 R /XYZ 137.484 568.135 null] +>> endobj +1246 0 obj << +/D [1234 0 R /XYZ 71.731 553.744 null] +>> endobj +1247 0 obj << +/D [1234 0 R /XYZ 137.484 537.251 null] +>> endobj +1248 0 obj << +/D [1234 0 R /XYZ 71.731 525.132 null] +>> endobj +1249 0 obj << +/D [1234 0 R /XYZ 71.731 525.132 null] +>> endobj +1250 0 obj << +/D [1234 0 R /XYZ 138.919 515.632 null] +>> endobj +1251 0 obj << +/D [1234 0 R /XYZ 71.731 514.539 null] +>> endobj +1252 0 obj << +/D [1234 0 R /XYZ 138.919 503.976 null] +>> endobj +1253 0 obj << +/D [1234 0 R /XYZ 71.731 437.824 null] +>> endobj +1254 0 obj << +/D [1234 0 R /XYZ 265.782 411.921 null] +>> endobj +1255 0 obj << +/D [1234 0 R /XYZ 319.191 411.921 null] +>> endobj +1256 0 obj << +/D [1234 0 R /XYZ 71.731 377.261 null] +>> endobj +1257 0 obj << +/D [1234 0 R /XYZ 71.731 353.974 null] +>> endobj +1258 0 obj << +/D [1234 0 R /XYZ 71.731 353.974 null] +>> endobj +1259 0 obj << +/D [1234 0 R /XYZ 138.919 344.474 null] +>> endobj +1260 0 obj << +/D [1234 0 R /XYZ 71.731 343.381 null] +>> endobj +1261 0 obj << +/D [1234 0 R /XYZ 138.919 332.818 null] +>> endobj +1262 0 obj << +/D [1234 0 R /XYZ 71.731 311.799 null] +>> endobj +1263 0 obj << +/D [1234 0 R /XYZ 71.731 287.822 null] +>> endobj +1264 0 obj << +/D [1234 0 R /XYZ 71.731 287.822 null] +>> endobj +1265 0 obj << +/D [1234 0 R /XYZ 138.919 278.322 null] +>> endobj +1266 0 obj << +/D [1234 0 R /XYZ 71.731 256.379 null] +>> endobj +1267 0 obj << +/D [1234 0 R /XYZ 262.066 245.445 null] +>> endobj +1268 0 obj << +/D [1234 0 R /XYZ 499.036 245.445 null] +>> endobj +1269 0 obj << +/D [1234 0 R /XYZ 71.731 220.375 null] +>> endobj +1270 0 obj << +/D [1234 0 R /XYZ 71.731 220.375 null] +>> endobj +1271 0 obj << +/D [1234 0 R /XYZ 138.919 210.875 null] +>> endobj +892 0 obj << +/D [1234 0 R /XYZ 71.731 199.968 null] +>> endobj +30 0 obj << +/D [1234 0 R /XYZ 294.273 155.658 null] +>> endobj +1272 0 obj << +/D [1234 0 R /XYZ 71.731 131.903 null] +>> endobj +1273 0 obj << +/D [1234 0 R /XYZ 362.22 109.83 null] +>> endobj +1274 0 obj << +/D [1234 0 R /XYZ 156.632 96.879 null] +>> endobj +1233 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1277 0 obj << +/Length 1942 +/Filter /FlateDecode +>> +stream +xÚÅXI¯Û6Ÿ¿_áCØ@D‹Ú ’ ÙE€ž§4>™¶•h«$¿ÿûΐCjósŽ@áƒg†ßlÅW.üø*æ,öáâ¥Ì‹ÂUVÞ¹«#üóöŽ“„C"ÎHæÕînûÆKW)K#µ;¬ü8ba¬bßcIè­vûÏë×'Ñô²Ý8^è®=Š¯¯ë²É‹Œ:êGQíõM^uœØðu¡þû²ûp÷ûκzœùÞM'Idéd<8ÉyÊBp.vær²mŸgçBŽ›À]?'¯ô<ªö¢š+©Ÿ6<\˶7óºÒïêɊò$rzù˜ +Ÿ;Ê^ßÜoÁ +뇺5ÿž^!·ûŒEÝY_·ýG!.õ¹§ íN9¹W065O=Š!x€–«º'‘1Ò! +\$춺‰“oÿøslz +ç3¹ñB + +m/ýÉæ̹ÚCV!ŽçÆ,Mc‚‚+sÛs×n‹:Å3FžñUžEÚy–z!¬ŒX€Ä?n|xê^haÈ ++ +¹yf£êK‚4NF‡\ +ŸØø•úƒ·á`æ.úµ +ÚÆák Œ™^dP.E.ªžô7𔉠+ҏé7»Ó™l#ÌíµÃ9‹ÂXùŸ—µÍsAŠ00úgp§Ú7HT +œ1 +J8†ÐåÌã| +ÿ1pÿ8šÆ!âO:þOØE :)çÀcÆWQ0žWû€–pF"ª +Œ›*QÕXèŠÓ +ãîÜn钂Ž[–ÌMÛsEhý7 +7£Ø%1 +"LhÈO?¶‰÷ê‰Ä;‰iæeu•É†@„bZ +€»‰ +$”ØR•¢Ýší– +=yJ«ž“ÉŠÖP»ƒ»V +@åcMïŽ S)‡![ÕMµ7]é9ôeQ˜tÀ¶Õs Š±åǓD4k¥P +· +êá2Þ¢ºÅäÕ:{=ýSä݀¢vï ¬lŸªR + +ím¿®û9`vóš0<Õ³ˆBµÀ0”ОéøžSÝ·( +tîš +) +ø­ûy{>¬Ž’UäÌó¯'±‘qFB‹$ž+ºZBŒ/ì' !IoÛ'™ÛögŠTiË +ýš0ÝË^äE‡C„-g”XÊš1'tYâŠJÍn“Àz=g²“šŽr6š±“r +àî¹V + +X¥i +# :a[(GLÝãÚ²–K'(wÏ4J‘aívò€sPŽ¹ì/Ó “¡ÌÆœ”‰Œ« +B7ãV²Bnó·uUʪ§ê 8KãhÂ"Œ1q_N‚‰%œØi3/}z§j±ãœdÑ,w +,±ÝÄra7Ö²'X‡&Ç3‘FØSàDk1ú;FeoÖ^Ç¥ +éŠÚr8WÎý “ÄúÞPoÒòÕyzshÝqB«ŒY1œ–ÞFÆ -iêLºò²idµÏ¿kã/—¥ +±DoÙ627mÏ©Ò¢ÙÄ9ÌM(€øqŒ,›òß²hCÅ"šy7F¿ ÷Áž®Òîô +IÄV暃s”‡\û¹îúsY›[Ê +/KnèBíBëƒî&:ޗÊNh–ƒµ²í7š +Ôð25kr(®­êèÐ! +Lg‡ê¹B-y1×ÖÀZ·†,ãME×O@FÆ -¹ÏLÑôœÖ£ +é4džëß6M2·Mύº¶!ÄÍHî¥ +˜µÅrJ‚4i‚MÅ^4!s^4 +ŽO]ÕlY3u˧áœÑÍyå ØükÍT€0 +úºG$+1Œ¯gC +îe&¬Ó“íeê lšÄÄÍ+ÓÞRŒºzèì +6Ô +Т-Ÿ¯ +ó"~AçßÐ5Ì.+Ê +†'I9DbÁ)= ³ +bg˜•r·^^á‘P[Ÿ? + +ÊNÚínéÑi&„†ìO¹Ïl÷ƒç§®‘YnèãŽ5!0v +àšÖVÞßžï3œö7ó˜mÆáo("e3cx㹈çLMiÕ9GqûqÌãiÌ­²{h4Ԑވ^à›AÇ€' +.@8ŽõÂ$nsáUŽDÇå؇ +óºçS +OúœÞy^ÿdҟÉg¢²Ê+`•ô=5€{ô‘ҁŒü÷ƒÃqd +ô©dÿX·ß~ +ÚÐ¥ñ£Á2ƒm8ØšRþó£Ónì”87Á—ÛhŸ¢„RtOCYÔÇÿÓN}ãQóGÚÌ¢ šœMÝ<ÇjjsŸê’ +@«›VãšM3X„͝p÷ôEõ„VÕT5KPÝíýFü.SÊ×۲ޟ‹á“Ÿ ”e¥zÖ(ڎ ߌ¿,ÎA—ìHüx˜7öÐWŠ¯u›Nãˆ: +ÍYMÔ3G /bOŽJKúLªšš_ +ö=Y*öû +a0ÉÖŽõ±åp\ٚ£@‘ß·xèŒTg3ße +ÖöûdSç£y9œdlhr€&ÁüëÎæ3,FÌA^Ì)}8µÄ7?‘"‹/ä!˜ï§F +:>ñ{ièy”gendstream +endobj +1276 0 obj << +/Type /Page +/Contents 1277 0 R +/Resources 1275 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1200 0 R +/Annots [ 1286 0 R 1291 0 R 1295 0 R 1303 0 R ] +>> endobj +1286 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [377.1 642.297 426.944 650.779] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +1291 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [231.668 602.347 288.989 610.829] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +1295 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [187.745 525.365 236.722 534.276] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> +>> endobj +1303 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [355.832 439.557 395.203 448.039] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +1278 0 obj << +/D [1276 0 R /XYZ 256.786 708.344 null] +>> endobj +1279 0 obj << +/D [1276 0 R /XYZ 312.147 695.392 null] +>> endobj +1280 0 obj << +/D [1276 0 R /XYZ 71.731 682.341 null] +>> endobj +1281 0 obj << +/D [1276 0 R /XYZ 71.731 667.397 null] +>> endobj +1282 0 obj << +/D [1276 0 R /XYZ 183.546 655.841 null] +>> endobj +1283 0 obj << +/D [1276 0 R /XYZ 240.688 644.184 null] +>> endobj +1287 0 obj << +/D [1276 0 R /XYZ 71.731 637.316 null] +>> endobj +1288 0 obj << +/D [1276 0 R /XYZ 153.922 627.547 null] +>> endobj +1289 0 obj << +/D [1276 0 R /XYZ 258.585 627.547 null] +>> endobj +1290 0 obj << +/D [1276 0 R /XYZ 139.477 604.234 null] +>> endobj +1292 0 obj << +/D [1276 0 R /XYZ 71.731 566.376 null] +>> endobj +1293 0 obj << +/D [1276 0 R /XYZ 214.106 553.425 null] +>> endobj +1294 0 obj << +/D [1276 0 R /XYZ 176.846 540.473 null] +>> endobj +1296 0 obj << +/D [1276 0 R /XYZ 71.731 505.44 null] +>> endobj +1297 0 obj << +/D [1276 0 R /XYZ 266.908 494.645 null] +>> endobj +1298 0 obj << +/D [1276 0 R /XYZ 71.731 482.526 null] +>> endobj +1299 0 obj << +/D [1276 0 R /XYZ 71.731 482.526 null] +>> endobj +1300 0 obj << +/D [1276 0 R /XYZ 138.919 473.026 null] +>> endobj +1301 0 obj << +/D [1276 0 R /XYZ 71.731 471.933 null] +>> endobj +1302 0 obj << +/D [1276 0 R /XYZ 71.731 452.007 null] +>> endobj +1304 0 obj << +/D [1276 0 R /XYZ 480.508 441.445 null] +>> endobj +1305 0 obj << +/D [1276 0 R /XYZ 232.986 418.132 null] +>> endobj +1306 0 obj << +/D [1276 0 R /XYZ 383.896 418.132 null] +>> endobj +1307 0 obj << +/D [1276 0 R /XYZ 71.731 334.047 null] +>> endobj +1308 0 obj << +/D [1276 0 R /XYZ 246.435 321.096 null] +>> endobj +1309 0 obj << +/D [1276 0 R /XYZ 71.731 308.976 null] +>> endobj +1310 0 obj << +/D [1276 0 R /XYZ 71.731 308.976 null] +>> endobj +1311 0 obj << +/D [1276 0 R /XYZ 138.919 299.477 null] +>> endobj +1312 0 obj << +/D [1276 0 R /XYZ 71.731 256.638 null] +>> endobj +1313 0 obj << +/D [1276 0 R /XYZ 248.487 243.686 null] +>> endobj +1314 0 obj << +/D [1276 0 R /XYZ 71.731 231.567 null] +>> endobj +1315 0 obj << +/D [1276 0 R /XYZ 71.731 231.567 null] +>> endobj +1316 0 obj << +/D [1276 0 R /XYZ 138.919 222.067 null] +>> endobj +1317 0 obj << +/D [1276 0 R /XYZ 76.712 199.153 null] +>> endobj +34 0 obj << +/D [1276 0 R /XYZ 388.999 159.781 null] +>> endobj +1318 0 obj << +/D [1276 0 R /XYZ 71.731 136.664 null] +>> endobj +1319 0 obj << +/D [1276 0 R /XYZ 71.731 98.844 null] +>> endobj +1320 0 obj << +/D [1276 0 R /XYZ 71.731 97.599 null] +>> endobj +1275 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F34 797 0 R /F46 1173 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1324 0 obj << +/Length 2276 +/Filter /FlateDecode +>> +stream +xÚ͚]ã¶†ï÷Wø¢Hl`E‹€(JR É6A +ºÓ‹¢é +ÆŠmudÉÕG&óï{(‘ú %JéÐbµ=~ŗ<|txHï|ø‡w +#Ná +Ĉ„lwºðwWøæ‡X)<%ñFšoŸ> +¿'ñ.FqHwO— +å!ba°ã” ˆ‘ÝÓùûïnÉ£åÁ#ÌßÔœ~WÜi–æ×îc’Ÿ»7i^ÕÉï³ö»>ýùߞú.0‚%ÎN>ô2Œv +ñQLð¬ã1èœÇýÑ FÂw +Å\DkŽDägB˜Ù%L|w£ŠŽŸù:ø«kæüûHb$ÃÁ€O‡Èß] Nm +ŽZ÷ZßÔîŹÑ_Öú +øïO/ݧK¡fäóß~üÔœûÙ÷I&*ýù•æxiÀ‹‚¹ñöãÓçø̆äø>‹Sj, +ŖyLP€C·¹ÒžÍ†€ù`Äž³nªvÜÇïi0\C8Âq&RŒŽ§"—ñº6åGûVÐÅ>j'Å +~Ï{Më›W5éâÁ7ùQœ +œ£ tã:h–hUŠ5Xm³uVms +Ցû—‘z5 +0t_Øߋ2YI*cJ$-Õ±,Šú%­Ýà~ˆ‚€º­%®±ÍÌP‹}˚ +ˆ0æŽV§õŽ™-Ìz”„ˆS$mvÛ©/-Šßtm[m + +c2³*þ€Ÿ +ëâøù­ªÅ +ݓÇ"Ù, œ­ =ˆÙV’Užm¿ +tÛþ6Þ£üóí÷žcžfC¿ +q—{ÏžËÝhè¿  +ÿO(Ç + +ñJœ1-R®$«”Û~(·ýmÊG +ø2Êï@ž§µ.4²âšæGø¿høâ@Øþ—f{‘¯àM9C +ÇÎ8ksœfCsxc +o£Øé®5Nw³¡÷*<(¡ˆ`6¹b|–Àëã:“dƒžMÕÆh;éžË!ƒ=#Õþj>3‘è¹-»ýyÚŸŒÚó"îÃ-Dˆâ +ÅKiŒ‘hfÆŠ +m™²nïŽV·µÑP;kFŸœ4%€ÖRçeøû=’Z÷à +OÎçTþ9ÉÔÄáŸMÖÎÉαÞTÉwgƒ²&•í9dý«(eª÷€Ð£îpm{ÆU5wµmœ +_Ï H¡€ +³Ž`HL±«íѯíVáÔÔ² +@‹Y. +èÊùïHŽ˜•d5Ú~2¡ío§ÂQî*¹ß=‹=C}ºì'¡Ý¿vï¿>0¶¯j‘dõíë™# +Ê-Ջzü€’Iä'¡2ëcóÍp‚œ“£5Îà˜ +Y7¯µæ3ŒA9­µÆim6ÔÝŒÝqX„a—LnŸ‹u$âÃ~â“€™dxüE i«›çA³„³R¬Ñl›­Ãl›[,Ü§(ë%šQGµ(»sBõ¡êӠ溒ÏîGw@}KT†zM3õx#ÑÏ=’jbry]&Y_åZց¿ÿèXN)•—ÒµƒÒN4{Pš‹úUæÛ¢|ùF +yàv€òÙÌ" +Œ¡0\yn;-Ò $«8Ø~x°ým F +ØBÄ)K +^|–i[ÁYNI¿ÁÉóþA˜Îts@ü6°¿)Zå@ +Ô^}Œ¢»ª§‹Ÿ]êÂZ™» +9SŠR9ðÊ1[¬E¥Æ‰f‹ÑqCVV-ëHþŽ†»­•Æm +Aý£‰uŸzõ¬wåÃ#KòQ)e(PB1y^0ÍâÝt +̈́T‰ºy|T³4ú=çˆõ%¶Æð‘”uzj²d®Â–^(ê`ߊŠ{“ +œÕI/ÆW¯In€\ɇ_”ëCŸ1‰°èŽCoGªº9†qr<Ûÿ<êðÊÒ\ŸÁÊãø‹RéíV™ŒRG™Án! +觜Kû1(`a%_"Læè$ÞHcó0mÆ:€uÈr†-TH°ÛZiÜÞFCýŠ +©˜`YÕÊçfòŽ–D1ìàv^è·Û2)&ˆÉ;›Gûo›4;ۑ +8ŠÚ^Àæw»Ÿ?^ú»l˜ïáÀŠŸ›¢)OòDþã™gY”Žfv=ٓö¯ŠR€ÝTcÚ×oaŠâ~”~ߍˆß.CŸÜ¯ P퀪Û÷ +X§hŸíîɋ°cá)K ×OûáÖ`œdE.Žã¥cŒ€Xt[‰Ñ1A7úaÝßý˜æ + +þú·&ÃÅ°èäy¡œŸ‡˜<À +øvze(Fwa•Þ› +º.ŠŠÊÞ!әþï,+)ŽÑ‡{°lr{eÂ6óž|ד€¯ŸRÏpµ÷³-ÏžúœZ% %µÈތ=ÇsQ߬Vý†¶»æÎ_yëGž +n'Lu#²áÂ/5mŸÿ +qÔ +endstream +endobj +1323 0 obj << +/Type /Page +/Contents 1324 0 R +/Resources 1322 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1200 0 R +/Annots [ 1327 0 R 1331 0 R 1338 0 R 1343 0 R 1347 0 R 1351 0 R 1355 0 R 1360 0 R 1364 0 R 1367 0 R 1371 0 R 1380 0 R 1382 0 R ] +>> endobj +1327 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [347.584 706.187 392.416 715.208] +/Subtype /Link +/A << /S /GoTo /D (0:SUIDCHK) >> +>> endobj +1331 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [406.443 675.303 456.255 684.214] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +1338 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [406.443 644.419 456.255 653.33] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +1343 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [375.719 613.534 425.531 622.555] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +1347 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [446.672 582.65 496.485 591.562] +/Subtype /Link +/A << /S /GoTo /D (0:MOUNTCHECK) >> +>> endobj +1351 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [443.752 551.766 493.565 560.677] +/Subtype /Link +/A << /S /GoTo /D (0:USERCHECK) >> +>> endobj +1355 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [329.333 520.882 379.146 529.903] +/Subtype /Link +/A << /S /GoTo /D (0:SQLDETAILS) >> +>> endobj +1360 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [352.845 489.998 397.676 499.019] +/Subtype /Link +/A << /S /GoTo /D (0:PRELUDEDETAILS) >> +>> endobj +1364 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [303.879 459.113 342.892 468.134] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +1367 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [306.706 446.162 345.719 455.183] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +1371 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [472.425 415.278 511.438 424.189] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +1380 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [342.314 340.558 381.327 349.579] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +1382 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [316.79 314.775 361.621 323.567] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> +>> endobj +1325 0 obj << +/D [1323 0 R /XYZ 71.731 729.265 null] +>> endobj +1326 0 obj << +/D [1323 0 R /XYZ 129.514 708.344 null] +>> endobj +1328 0 obj << +/D [1323 0 R /XYZ 419.614 708.344 null] +>> endobj +1329 0 obj << +/D [1323 0 R /XYZ 71.731 695.273 null] +>> endobj +1330 0 obj << +/D [1323 0 R /XYZ 129.514 677.46 null] +>> endobj +1332 0 obj << +/D [1323 0 R /XYZ 129.514 664.508 null] +>> endobj +1333 0 obj << +/D [1323 0 R /XYZ 241.274 664.508 null] +>> endobj +1336 0 obj << +/D [1323 0 R /XYZ 71.731 662.486 null] +>> endobj +1337 0 obj << +/D [1323 0 R /XYZ 129.514 646.575 null] +>> endobj +1339 0 obj << +/D [1323 0 R /XYZ 129.514 633.624 null] +>> endobj +1340 0 obj << +/D [1323 0 R /XYZ 241.274 633.624 null] +>> endobj +1341 0 obj << +/D [1323 0 R /XYZ 71.731 631.602 null] +>> endobj +1342 0 obj << +/D [1323 0 R /XYZ 129.514 615.691 null] +>> endobj +1344 0 obj << +/D [1323 0 R /XYZ 452.729 615.691 null] +>> endobj +1345 0 obj << +/D [1323 0 R /XYZ 71.731 600.717 null] +>> endobj +1346 0 obj << +/D [1323 0 R /XYZ 129.514 584.807 null] +>> endobj +1348 0 obj << +/D [1323 0 R /XYZ 129.514 571.856 null] +>> endobj +1349 0 obj << +/D [1323 0 R /XYZ 71.731 569.833 null] +>> endobj +1350 0 obj << +/D [1323 0 R /XYZ 129.514 553.923 null] +>> endobj +1352 0 obj << +/D [1323 0 R /XYZ 129.514 540.971 null] +>> endobj +1353 0 obj << +/D [1323 0 R /XYZ 71.731 538.949 null] +>> endobj +1354 0 obj << +/D [1323 0 R /XYZ 129.514 523.039 null] +>> endobj +1356 0 obj << +/D [1323 0 R /XYZ 406.344 523.039 null] +>> endobj +1357 0 obj << +/D [1323 0 R /XYZ 273.822 510.087 null] +>> endobj +1358 0 obj << +/D [1323 0 R /XYZ 71.731 508.065 null] +>> endobj +1359 0 obj << +/D [1323 0 R /XYZ 129.514 492.154 null] +>> endobj +1361 0 obj << +/D [1323 0 R /XYZ 424.874 492.154 null] +>> endobj +1362 0 obj << +/D [1323 0 R /XYZ 71.731 477.181 null] +>> endobj +1363 0 obj << +/D [1323 0 R /XYZ 129.514 461.27 null] +>> endobj +1365 0 obj << +/D [1323 0 R /XYZ 370.09 461.27 null] +>> endobj +1366 0 obj << +/D [1323 0 R /XYZ 179.466 448.319 null] +>> endobj +1368 0 obj << +/D [1323 0 R /XYZ 402.658 435.367 null] +>> endobj +1369 0 obj << +/D [1323 0 R /XYZ 71.731 433.211 null] +>> endobj +1370 0 obj << +/D [1323 0 R /XYZ 129.514 417.435 null] +>> endobj +1372 0 obj << +/D [1323 0 R /XYZ 71.731 402.326 null] +>> endobj +1373 0 obj << +/D [1323 0 R /XYZ 129.514 386.55 null] +>> endobj +1374 0 obj << +/D [1323 0 R /XYZ 258.45 386.55 null] +>> endobj +1375 0 obj << +/D [1323 0 R /XYZ 450.747 386.55 null] +>> endobj +1376 0 obj << +/D [1323 0 R /XYZ 71.731 373.48 null] +>> endobj +1377 0 obj << +/D [1323 0 R /XYZ 129.514 355.666 null] +>> endobj +1378 0 obj << +/D [1323 0 R /XYZ 256.398 355.666 null] +>> endobj +1379 0 obj << +/D [1323 0 R /XYZ 450.617 355.666 null] +>> endobj +1381 0 obj << +/D [1323 0 R /XYZ 207.112 329.763 null] +>> endobj +893 0 obj << +/D [1323 0 R /XYZ 71.731 299.831 null] +>> endobj +38 0 obj << +/D [1323 0 R /XYZ 148.27 256.614 null] +>> endobj +1383 0 obj << +/D [1323 0 R /XYZ 71.731 236.473 null] +>> endobj +1384 0 obj << +/D [1323 0 R /XYZ 270.156 223.737 null] +>> endobj +1385 0 obj << +/D [1323 0 R /XYZ 71.731 211.618 null] +>> endobj +1386 0 obj << +/D [1323 0 R /XYZ 71.731 211.618 null] +>> endobj +1387 0 obj << +/D [1323 0 R /XYZ 138.919 202.118 null] +>> endobj +1388 0 obj << +/D [1323 0 R /XYZ 71.731 159.279 null] +>> endobj +1389 0 obj << +/D [1323 0 R /XYZ 255.65 146.327 null] +>> endobj +1390 0 obj << +/D [1323 0 R /XYZ 371.425 146.327 null] +>> endobj +1391 0 obj << +/D [1323 0 R /XYZ 250.081 133.376 null] +>> endobj +1322 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F21 781 0 R /F46 1173 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1394 0 obj << +/Length 1654 +/Filter /FlateDecode +>> +stream +xÚµXÛnÜ6}÷WìC®‹#R÷>h.N +$­‘8@€ŠZ‰»+DUQªœ +?ŸCqš»Ý¢Maºâ +gΜ9\º±ánJ.,"Ì÷6IqaoŽ0òú‚â + +§X£9Ïo/ž]±h‘Èw6·‡øÄóÝMà0zls›þº}qŠ«†×—óì-#úúBU–gåQ?Æeªo²R6ñ%ÝæÝØo·o.^Ýö.xŒ‡=é$NY: +NRœ +ì8®Û9y}ÐöÏ¢Õ7w—T¹Õè§Fèk+y?wTÆMvÉŒí—ÔÛªQ7ÚVqò%>âÔ".á +gD=ÚhžÃÇ¢ÜÍlÙñ„†ëž9™oG. +ãÒþ’_YŽŒUÐ e$ +ì³2®Ïz +]Ã4Èž8ÅY©N±ÔK˶ªDÝÌ<~óNß|¶=»® +žPôü%ßgq9ŒŠ|?}ÍËFˆaŽÙÿÉFÃ?ÝX!ãŸÆŸW¢Ñ3ƛ¡Ýfzš|y\gr²-‰ûº†èrX4ƹÓ+³¢Ê1͹BŒ=»rÜ<PŸYe®ˆ¿š°s=o +#æê:8mžÂ’ót + +0ǿ׫žþ&$v ±Àڞº!>ºÅäéœô³Ž +Nž|ðQíӇ.n²‹ +l^Z՗ãÒo +—²TA·àíÉò.Ës}—Ô†`ÙÔYUÁbŠâÚJ”Ëí#„Á¡·YÙÞã,'ôgòùªæüù‡—ÃønRÄS¡ãžQ +:e²ógEæø„E'Aò¬9ë†Ù#aäO€fWò¢RÜp®K£(šíyÝ+Æ÷±ªX +m×6Ôؖ©Ázϒ¯þˆ77oVYvŠáè­MWã*I£L©CG?Ôëùrû@ìŠ +Nô7 +š²Çž±ïºžV6¶”¡ +MA +Óý254„sŒIÍ` +çy[ìÚ:ºg‡ÉSLj¬ +Ê4ž €a£`æYŒ{ö›nȏºs-=6mí +Xé pd¡Q׆¥@Wöš+”Ö +ü‘á1I&úf¬6µ˜ñ +âDÁôdaºMÍo³z ¢Øœ‰:êT +„~Å-ÈbˆaÒ5ø±vð<ƒ‚)F‡(n) +«ÈUý çžÞ¶WÔ5“ÀºòôârXœc +Ìéw@ +»þØ€F `Fç¯OxýþúSðš¥2bp²6x +šT©œ•Ó‘Ëàe°9Ô著j +Ó4©Ðè4í +Ÿ‹éŠÐVˆ—G3À·þÁ‰œÑ§!æÙÄw£ +‹ž/ƒ÷ÖHÙS–œŠ§I€[1=Œ£Á݌–ï%£2“ +fp +S +i#St¥‹yhSÐÃûF§ž +w{!U2ª€^™îLƒ,ùªã†æj€\ªÅØ×Öãt€Rr‰‹O\Ö+%jŽRQu•þë#ŒÓ‹«;šNU,@Ž +Pñÿ‡„ºð÷07$!Ⱥ§~1Š,~0óšG€†p†²<ò«×ÒÎ_5 $ýendstream +endobj +1393 0 obj << +/Type /Page +/Contents 1394 0 R +/Resources 1392 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1200 0 R +/Annots [ 1403 0 R ] +>> endobj +1403 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [339.664 612.837 389.477 621.748] +/Subtype /Link +/A << /S /GoTo /D (0:NATIVE-PACKAGES) >> +>> endobj +1395 0 obj << +/D [1393 0 R /XYZ 71.731 729.265 null] +>> endobj +1396 0 obj << +/D [1393 0 R /XYZ 71.731 718.306 null] +>> endobj +1397 0 obj << +/D [1393 0 R /XYZ 185.115 695.392 null] +>> endobj +1398 0 obj << +/D [1393 0 R /XYZ 307.714 682.441 null] +>> endobj +1399 0 obj << +/D [1393 0 R /XYZ 71.731 670.321 null] +>> endobj +1400 0 obj << +/D [1393 0 R /XYZ 71.731 670.321 null] +>> endobj +1401 0 obj << +/D [1393 0 R /XYZ 138.919 660.822 null] +>> endobj +1402 0 obj << +/D [1393 0 R /XYZ 71.731 638.879 null] +>> endobj +1404 0 obj << +/D [1393 0 R /XYZ 71.731 592.912 null] +>> endobj +1405 0 obj << +/D [1393 0 R /XYZ 71.731 569.998 null] +>> endobj +1406 0 obj << +/D [1393 0 R /XYZ 71.731 569.998 null] +>> endobj +1407 0 obj << +/D [1393 0 R /XYZ 138.919 560.498 null] +>> endobj +1408 0 obj << +/D [1393 0 R /XYZ 71.731 538.555 null] +>> endobj +1409 0 obj << +/D [1393 0 R /XYZ 119.552 514.67 null] +>> endobj +1410 0 obj << +/D [1393 0 R /XYZ 71.731 489.599 null] +>> endobj +1411 0 obj << +/D [1393 0 R /XYZ 71.731 489.599 null] +>> endobj +1412 0 obj << +/D [1393 0 R /XYZ 138.919 480.1 null] +>> endobj +894 0 obj << +/D [1393 0 R /XYZ 71.731 469.193 null] +>> endobj +42 0 obj << +/D [1393 0 R /XYZ 154.983 424.883 null] +>> endobj +1413 0 obj << +/D [1393 0 R /XYZ 71.731 404.742 null] +>> endobj +1414 0 obj << +/D [1393 0 R /XYZ 71.731 379.887 null] +>> endobj +1415 0 obj << +/D [1393 0 R /XYZ 71.731 379.887 null] +>> endobj +1416 0 obj << +/D [1393 0 R /XYZ 138.919 370.387 null] +>> endobj +1417 0 obj << +/D [1393 0 R /XYZ 71.731 349.518 null] +>> endobj +1418 0 obj << +/D [1393 0 R /XYZ 71.731 315.428 null] +>> endobj +1419 0 obj << +/D [1393 0 R /XYZ 461.157 304.634 null] +>> endobj +1420 0 obj << +/D [1393 0 R /XYZ 290.509 278.731 null] +>> endobj +1421 0 obj << +/D [1393 0 R /XYZ 71.731 256.649 null] +>> endobj +1422 0 obj << +/D [1393 0 R /XYZ 296.666 245.854 null] +>> endobj +1423 0 obj << +/D [1393 0 R /XYZ 199.78 232.903 null] +>> endobj +1424 0 obj << +/D [1393 0 R /XYZ 311.879 219.951 null] +>> endobj +1425 0 obj << +/D [1393 0 R /XYZ 471.917 219.951 null] +>> endobj +1426 0 obj << +/D [1393 0 R /XYZ 71.731 182.302 null] +>> endobj +1427 0 obj << +/D [1393 0 R /XYZ 71.731 182.302 null] +>> endobj +1428 0 obj << +/D [1393 0 R /XYZ 138.919 172.429 null] +>> endobj +1429 0 obj << +/D [1393 0 R /XYZ 71.731 171.485 null] +>> endobj +46 0 obj << +/D [1393 0 R /XYZ 318.287 133.057 null] +>> endobj +1430 0 obj << +/D [1393 0 R /XYZ 71.731 119.902 null] +>> endobj +1431 0 obj << +/D [1393 0 R /XYZ 71.731 119.902 null] +>> endobj +1432 0 obj << +/D [1393 0 R /XYZ 138.919 111.438 null] +>> endobj +1392 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R /F47 1176 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1435 0 obj << +/Length 1449 +/Filter /FlateDecode +>> +stream +xÚ­XKsÛ6ŸûWèЕ a|{Š‡ÄNwzèÄòL:I ‰l$‚%ÈØê¯ï‚X)9N“сµ/ì~ûa!ºpàC!%¡ +ø‹tá,¶ðËo%l±G2¯W—oYŒˆI +ž‹Õfá†ñoºŒD>[¬²ÖužT +¯—6ó +‹ýŒûªØåVMÊL/ŠR6ɒZ»î·Ï«ß/Þ¬ú|F‰Ëž +EæA†C”ÆćàB'"®çé kž4\ÇÐäžšù?mQs +-ƒeÚ®.žÔï>9ŸSlôº^ð%õ­ÇB6Ãöv`>;€4}yjûÝÄsÚ¥Çxƒõš¬òŽm’õŽOŒ(=È€ÀŠŒÄ˜øT”Ÿ +‡mÛ:i +Qšˆ +¶ãD‰_Ÿõ‚EDœP%T!u;Õu"ó_P&ìe §°U"ûä +„8Žuóænusûþ×K)ö +²€ßꍩRj;ã +ØhÉV0 ƒÎÞí8 ær;Rö‚ +EïsæÃó‰o€ +9­¬0Ūևeà[Î{É7­ŠÄ‹­@äŠ +!}E«$ý’l + +Œ +³—”óΣª‘ +3Âb÷šR +F’×_»× +&ß*Щò¬Ý œ•ƒ²×Á€šu¶u[ޘoéèð-ÔÍ¥lD¥Ó$ÓºššI:ÒQSeÑtÐe ï;èÕíµg#hŒd†4 é§Š’€,4%|oàÝV°š·‚<Ȇ﵈Êú®­*Q7ŠÏŒ‘? +0^¶Ø«/^ßÝàòN쒺øíݟöý\ë=8/F=~û~ôN¿ú8ùޖ +—Ê?µ>ÿĒ·¥¡•oÔ;ìïËÓ,€‰ìï@Œ™áÈœP +Ç=ÕÓ€¡HŸ¯šq£Ý#ѓg[žcĎÌÀñ÷ñYôœ¹«Úz˟—·WR˹Þèpqál‰«K꘎P„$bÇ3 +FÓÏl†Í +Š&G*äÅI«&¡æš7O5ŠœÌ +rÔu‚­ *^F}¶É«ù€ä:*xï8uuJ`íã|ƒ‘C‚8ìIhfÎvcèñÉÚ[•úlœÛ)€è » +‰#: +rSsŸ–ÙÏ2—>aÄ9aš©gu>«vY +N ±Iå¡Ýñ:›rW!ÿŸˆf:·]€U,Øåê'c_§±ÊùÑ@9ÂI +4H*Jn f4Í +Ós@¹}Ò€y™t¢ñxm=†ÒK=ҙð5€—5 +ŸýT6˒sÏC +ž¥šóàY +ýÜ +‘éU·œLE»Ã·k®ŸіÑëwBµÍÞy–@îèA.a +³RHê¬-AdhK¥X£/}ªW8Ðã.ÆUE§8ãny©ºwzõÛ +Sªk˜á®tèK‚åí’_6ǃp’ýÝ]ÉÅÈ +»BÇv5œ;›K/UJŒ<{$dnÏ!‰ÃñåوtMØ?óÇ\®é)ÓçàuNù,ž;úÔ; +à!/ÒüˆG/g3šÌ +fb™®exªó•MãÇ;ŒˆD4|òÿAdöwˆO⺱±¢BÎü©1wô8‰­endstream +endobj +1434 0 obj << +/Type /Page +/Contents 1435 0 R +/Resources 1433 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1480 0 R +>> endobj +1436 0 obj << +/D [1434 0 R /XYZ 71.731 729.265 null] +>> endobj +1437 0 obj << +/D [1434 0 R /XYZ 71.731 718.306 null] +>> endobj +1438 0 obj << +/D [1434 0 R /XYZ 71.731 683.273 null] +>> endobj +1439 0 obj << +/D [1434 0 R /XYZ 71.731 683.273 null] +>> endobj +1440 0 obj << +/D [1434 0 R /XYZ 148.603 673.773 null] +>> endobj +1441 0 obj << +/D [1434 0 R /XYZ 71.731 652.904 null] +>> endobj +1442 0 obj << +/D [1434 0 R /XYZ 166.315 640.897 null] +>> endobj +1443 0 obj << +/D [1434 0 R /XYZ 71.731 616.199 null] +>> endobj +1444 0 obj << +/D [1434 0 R /XYZ 71.731 616.199 null] +>> endobj +1445 0 obj << +/D [1434 0 R /XYZ 138.919 606.326 null] +>> endobj +1446 0 obj << +/D [1434 0 R /XYZ 71.731 585.457 null] +>> endobj +1447 0 obj << +/D [1434 0 R /XYZ 71.731 548.379 null] +>> endobj +1448 0 obj << +/D [1434 0 R /XYZ 71.731 548.379 null] +>> endobj +1449 0 obj << +/D [1434 0 R /XYZ 138.919 538.879 null] +>> endobj +1450 0 obj << +/D [1434 0 R /XYZ 71.731 518.01 null] +>> endobj +1451 0 obj << +/D [1434 0 R /XYZ 71.731 493.883 null] +>> endobj +1452 0 obj << +/D [1434 0 R /XYZ 71.731 493.883 null] +>> endobj +1453 0 obj << +/D [1434 0 R /XYZ 138.919 484.384 null] +>> endobj +1454 0 obj << +/D [1434 0 R /XYZ 71.731 463.365 null] +>> endobj +1455 0 obj << +/D [1434 0 R /XYZ 133.111 451.507 null] +>> endobj +1456 0 obj << +/D [1434 0 R /XYZ 71.731 439.387 null] +>> endobj +1457 0 obj << +/D [1434 0 R /XYZ 71.731 439.387 null] +>> endobj +1458 0 obj << +/D [1434 0 R /XYZ 138.919 429.888 null] +>> endobj +1459 0 obj << +/D [1434 0 R /XYZ 71.731 409.019 null] +>> endobj +1460 0 obj << +/D [1434 0 R /XYZ 71.731 394.854 null] +>> endobj +1461 0 obj << +/D [1434 0 R /XYZ 71.731 379.91 null] +>> endobj +1462 0 obj << +/D [1434 0 R /XYZ 252.568 370.411 null] +>> endobj +1463 0 obj << +/D [1434 0 R /XYZ 71.731 348.689 null] +>> endobj +1464 0 obj << +/D [1434 0 R /XYZ 71.731 348.689 null] +>> endobj +1465 0 obj << +/D [1434 0 R /XYZ 156.908 338.301 null] +>> endobj +1466 0 obj << +/D [1434 0 R /XYZ 71.731 337.317 null] +>> endobj +1467 0 obj << +/D [1434 0 R /XYZ 156.908 327.811 null] +>> endobj +895 0 obj << +/D [1434 0 R /XYZ 71.731 268.334 null] +>> endobj +50 0 obj << +/D [1434 0 R /XYZ 192.444 223.079 null] +>> endobj +1468 0 obj << +/D [1434 0 R /XYZ 71.731 202.939 null] +>> endobj +1469 0 obj << +/D [1434 0 R /XYZ 71.731 202.939 null] +>> endobj +1470 0 obj << +/D [1434 0 R /XYZ 429.516 190.203 null] +>> endobj +1471 0 obj << +/D [1434 0 R /XYZ 119.552 177.251 null] +>> endobj +1472 0 obj << +/D [1434 0 R /XYZ 215.99 177.251 null] +>> endobj +1473 0 obj << +/D [1434 0 R /XYZ 312.428 177.251 null] +>> endobj +1474 0 obj << +/D [1434 0 R /XYZ 431.95 177.251 null] +>> endobj +1475 0 obj << +/D [1434 0 R /XYZ 119.552 151.348 null] +>> endobj +1476 0 obj << +/D [1434 0 R /XYZ 381.806 138.397 null] +>> endobj +1477 0 obj << +/D [1434 0 R /XYZ 71.731 132.797 null] +>> endobj +1478 0 obj << +/D [1434 0 R /XYZ 129.514 113.578 null] +>> endobj +1479 0 obj << +/D [1434 0 R /XYZ 71.731 113.479 null] +>> endobj +1433 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F34 797 0 R /F21 781 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1483 0 obj << +/Length 1824 +/Filter /FlateDecode +>> +stream +xÚµXɎã6œ÷W(@Û@‹­} &³3‡$H:§L²DÛÂh1Djz<_Ÿ"Y€V»AdI%VÕã«W%¹–?׊]ûpðRâE¡•×wŽu„;?ß¹ha£‰=²ùéñî᜗Z)I#ßzåsVUêO×7Œ„jI1•„WÉÙjÌEÙ ~ìŒpûEø¢ +Á?C žÛŒa2'•ƒ4™FÓ¶ŸñŸ3Ë:º‘ëÇõV‰ +&öÈfÁ«Ù2"—×ç3mŠò+jòÂqè'Ln{F›Û®g +IJEa˜:2&’÷> +Ì^Å­'Cñi¢w¹u¿bº®í˜n1fñî9êBÆ«“§RT/I^w‘äZ˜±ìHÙ +‡ú³öÝ®ãýYG–W}aÖàºnrX¬í:Êà±á6tHŒßôõ^';çÛɬ_hc1ÈH( +8¥õ„VE$H•:ÀƈBŠ“í‡ZLV•ßv¶ëÈ­€‹ÊüÙÏ1*8+2ž‰+K‘Ð.F1X ÙvŸqÃöCÁŸ³ŒÜí +¡3€Z`0åô +*qvaœÖH€ã.܂k6©ÇQ*¢ŒE +«lPQ~=L¶•Ō잎rÍÖ +5¡îµé&]j”µ¶‰š;m%ºŸ™— ñí²œÅC×֓D>7­P%€t‹è +Û¶XõÝzƒ™ÒöL»CÛÕ3HMŽš_0ˆK¢ÁÊ;j +™ÇVP+"Œÿ²o^‰æesu㕳Ÿrh_ÖÌDfO%?¡õhöõ|*úµMI¯-ìEÄKµ)Š[k¹˜HbzJWrÜåXv3<€üT +â +µ7R.[堀0Ÿ×e“U ¬­šbƒÔç % Höš<›œ4¥Ÿ˜ü² +öŸžš©Hã+ô]èŽ? +Œ~HÜÀï›XÄæӖ`F ’Ÿ“™/¶F +¹© +53Ùô–ë@‚N¢GL +QÉuQ˜r.§Jqn÷awÆGV³€œ)ôÐ +WHìNŠjunÁ­ +‚ƒ¢Ò‚/1:Ö°è#Â*`×BP·:&º¬šn©šÕåÕÌ[žéõ@‹-¢5ì2%G2¥S¶"‰{÷32°Ìœ&6šž0͚ÎiÌžù[”ì\e˜JrcžÙê0ø,` KJ¥%köe#e¿ÛCÉm +Ûe/ +ÞP€^›Åû_ZN_iI +C^Ñ­8žj’pìY‰„ŽTÌ#Ø=[u„SšŽŸY‰Ã¹ˆŠ& +²µ3Sãž"ž +5£ŸÊ\à=6kšg=Ã^-÷CÀ€Ëá²C5 +£xҘ8ž¿RMcߟð­mÔjŒ‚º`!ø€L~âeœD¡’Ö+ãÃ%3kНïH-QåWÚfœžbŠ¶Rƒu êý0Ë + +öú +3@‚ê +ŠŽGšig—ƒIF×·¯?¢A.@ŒSË4Š‘±f|€þÜ°`„oiE9ÞÖk‰rL²úåóœechãԌî + +Ôñ"æv©0ÒÑP O"š¬á//‚„àèßA°ÊD庬 •aØóS@׳cŸˆKrNËß{ +@Gó’A÷õÁ| +c}žCÓ?ôÕtüvõsËÕÉéþšœw}³ò£ñrq¢ùçî5c÷RÏa(Öý?cY.Âxá'5¢ÞÈ/›vé"£uÛÜ+í_bDËáu±gtñ +U׊[ +È·ça“6öÛÍýô +”Q®}‹—ÁZ›J„—ÈêÀ_òâŠÛ£hɧÙc“šÞÊŽžP¶!ó·{üž$0ßÅ7¿ø&‹Ÿ¡ßOõ*"‘ôÊgÛ¥£×aœXendstream +endobj +1482 0 obj << +/Type /Page +/Contents 1483 0 R +/Resources 1481 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1480 0 R +/Annots [ 1487 0 R 1492 0 R ] +>> endobj +1487 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [403.953 688.254 453.766 697.166] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +1492 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [303.63 607.856 352.058 616.767] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1484 0 obj << +/D [1482 0 R /XYZ 71.731 729.265 null] +>> endobj +1485 0 obj << +/D [1482 0 R /XYZ 129.514 708.344 null] +>> endobj +1486 0 obj << +/D [1482 0 R /XYZ 307.614 690.411 null] +>> endobj +1488 0 obj << +/D [1482 0 R /XYZ 71.731 665.34 null] +>> endobj +1489 0 obj << +/D [1482 0 R /XYZ 71.731 665.34 null] +>> endobj +1490 0 obj << +/D [1482 0 R /XYZ 138.919 655.841 null] +>> endobj +1491 0 obj << +/D [1482 0 R /XYZ 71.731 634.971 null] +>> endobj +1493 0 obj << +/D [1482 0 R /XYZ 71.731 587.93 null] +>> endobj +1494 0 obj << +/D [1482 0 R /XYZ 371.675 577.136 null] +>> endobj +896 0 obj << +/D [1482 0 R /XYZ 71.731 560.782 null] +>> endobj +54 0 obj << +/D [1482 0 R /XYZ 357.038 517.685 null] +>> endobj +1495 0 obj << +/D [1482 0 R /XYZ 71.731 497.544 null] +>> endobj +1496 0 obj << +/D [1482 0 R /XYZ 71.731 497.544 null] +>> endobj +1497 0 obj << +/D [1482 0 R /XYZ 71.731 446.786 null] +>> endobj +1498 0 obj << +/D [1482 0 R /XYZ 71.731 446.786 null] +>> endobj +1499 0 obj << +/D [1482 0 R /XYZ 138.919 437.286 null] +>> endobj +1500 0 obj << +/D [1482 0 R /XYZ 71.731 416.267 null] +>> endobj +1501 0 obj << +/D [1482 0 R /XYZ 143.073 404.409 null] +>> endobj +1502 0 obj << +/D [1482 0 R /XYZ 71.731 382.327 null] +>> endobj +1503 0 obj << +/D [1482 0 R /XYZ 254.693 371.533 null] +>> endobj +1504 0 obj << +/D [1482 0 R /XYZ 337.173 371.533 null] +>> endobj +1505 0 obj << +/D [1482 0 R /XYZ 206.993 358.581 null] +>> endobj +1506 0 obj << +/D [1482 0 R /XYZ 71.731 343.473 null] +>> endobj +1507 0 obj << +/D [1482 0 R /XYZ 71.731 328.529 null] +>> endobj +1508 0 obj << +/D [1482 0 R /XYZ 274.141 319.03 null] +>> endobj +1509 0 obj << +/D [1482 0 R /XYZ 434.439 319.03 null] +>> endobj +1510 0 obj << +/D [1482 0 R /XYZ 139.477 295.717 null] +>> endobj +1511 0 obj << +/D [1482 0 R /XYZ 247.932 284.061 null] +>> endobj +897 0 obj << +/D [1482 0 R /XYZ 71.731 256.165 null] +>> endobj +58 0 obj << +/D [1482 0 R /XYZ 213.326 210.911 null] +>> endobj +1512 0 obj << +/D [1482 0 R /XYZ 71.731 190.771 null] +>> endobj +1513 0 obj << +/D [1482 0 R /XYZ 388.759 178.034 null] +>> endobj +1514 0 obj << +/D [1482 0 R /XYZ 71.731 152.963 null] +>> endobj +1515 0 obj << +/D [1482 0 R /XYZ 71.731 152.963 null] +>> endobj +1516 0 obj << +/D [1482 0 R /XYZ 138.919 143.464 null] +>> endobj +1517 0 obj << +/D [1482 0 R /XYZ 71.731 122.595 null] +>> endobj +1518 0 obj << +/D [1482 0 R /XYZ 148.085 110.587 null] +>> endobj +1481 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F21 781 0 R /F34 797 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1521 0 obj << +/Length 2254 +/Filter /FlateDecode +>> +stream +xÚÍYKÛFŸÏ¯Ða0lw7Ù|,ƒ7ñx + Fv­EÄ9p€ÖˆXŠTHÊcýû­ê®&› + +I©Xïúªª%V +þÄ*, á"3&cµÚnøêŸy{#ˆ" ’À£ùÇöæ՝ÌVËâpµ=¬Â$f*ŽVI(Yªäj»ÿcýã1?wºÙRñµdöúc}:eQ=ØÇŒÚۛ¢j»|#Ö¥ùîÏíÏ7o¶œ +J +Êg•$’¹’b%& +B-±\±$J’’ Žª%éú®(uko­Zp³/œëj0BðõÕ~Væ‰R­ëK‡º1)ø"F)qÜãU csa€l‹óß-a +„îd +ú#I›ŸŽyQYǜ):º©7B­éëVwôéÁrUžxÁSÆyBl;T]­/m§É€K«›v®Œ’LJz‰ +òë&‚uGR¡«íugY]±ËKûÑGÎe\qê²bÔ +5œZWHúpi6Yuå3€7j¶ +D’1¡Ü«ØhuÂwÀL˜x}¯íõÑi£ó{ŒKIŸßÛ ™û‰àës[Wå8sc5<ßm0/‹òÒ'c7\uÕŸ + +z¬Èډ䝟îñÚÄ®¹»žÏM}& +òNãùÈj?Ö֙Ë5Ÿ³9ÓΓ"ã,íS­®ô„¥‹Ï©nIÚ¡Ñ]tEOÎÛº¢ø +6!_cIàèOn?µK +²„gãŽú IÚœ.mZ/ðÝëbК4êKLD,Œ +ã@f‹b(x•°«¡–IÙnRŸn&^BvÓï|¢³I÷ ü‘1 Š’À-[ÄGxD€’U²ÄxcÂuþ(¥šÉ“ìKòŠ×A>œ3—ï¡ŽpT")°Ý(5øIqò_S8Aÿþ}¥X*(˜y£‰ÀAÞ*¢h6 dÝÍùð¥ÒeEß0 +g +CÁTäpI6ò¹ø€=m— +{MM–s9»Ómk°~/í%/bµŸÐ‚HÀy»F©xÿ “È—nî +‹²Žw÷ô]CŠ#˜ÅЁ +Ëš9 +¡duyÀª¥Îøz¿/sâӍƒ‚4€óÎâÇ k¯@+Ý7Ӊî:Ì5–#æ^h5=|SÙ4)#•1±U±`Ž—¥"p4G䊠Í”z%özElVŠ‡,Mãg +;šg ++ +³0IFÂucã„CL +t6N‚²“ò£þ9?m—¢4©)úyçüŒpOnìŠíÖ%HwœD¥>£-jƀšÜÀâ?Œ¡ +Pîóöø7¢IzAF9X}á=Š9ÅÐȂ +”@?€ü–1ö$¬!¬Šê +°6= kDòEX›Ë{¬ÍåÏaÍSàõ +J2§Q?yÅ + ¿€! +2 +È +*ŒÜ{aÕÜÕ¿†V“Þ€ñDØáÄ¥ +™7lõ^+ +ʜ a˜ O !Ã4ڎÀr‡jŠF9{Š™ +Éê— AÁ؏×sxpl +ÞÌÜ×R–çÎlíܑ·Sôí7Sî\ìÙž +hfÄ @âr‘Ø¢}wx""ä~BþÐԗ3i| +Èí$t +ÙIŸî{Œ=ÑÔ9sÅéÝaÙÆ(Ù膻!R_Äe˜ÿ¡KxÆËÇf”O.‹jÑx9ääæÕŒ$”l–Êÿ³F +|[œàq +Ζ¶05ÑIÛëSÍÏÎŒ„áuuÙ"ÖO@µfóMœ$•ÝäŒÀ÷u§9P-âΊ­ŠË¢Œî8WQŽáŽÝçNíóF   +páÆ©WºÛœ²:_Þ8˄Sà”ã }u3¶c—ºs£?ÍÙi?á\£iÓ§s7,Džmú›)Ìê€gP0v²Éže2ZXvGœÃà¿3{LCߜsÞ¶û{€R9JœM +!·IsïŽÞD?ޗs{yûî§a¯ÔåÞ[ŽÈŽœŠ-|2U:s~šÁ0}­óݒl“–ŠÜ¹+„n&á%ë. +d£$p‰’Oó%|b +r'À8¶ I±ûé¥ç^MòЎzuszª¹ÜAyýóƒxŽÅŽ0ùÐÛ힉º£*Í2¿¢6Ž&Ÿ/ì +Yà° +gòŠ>MTØ#ô€ŒKÙ-àíÛ÷ÿ™K³|?Ù7WXîÝù”3 +ÇïËœS¹pŠ\ªœC5“:=n„LŠ£L/k<,™ãìÇY:$ºX@¡@ʄ õÕ'JÛ¡fŠ~é¥<ó&O_ì +R¥þ\Ií‰ø®ò{tp©sdW–A•Ÿôt䠆ú‰Bs‚cyœý˛umöŽN~;: ¢3–Aݑ)Püû[{[¹EKªØ«¯˜;Êëä”Ã`Þgü§w—Î;6òؓqî\ _8S!4¯~D\¶"–(‡ +€®‘wé +6Žõ™Êr¢¯ç.§ +§}‚ +q89DœéÆLÉȟfͩιÌwÎD3ÊÎø2ƒ %ã“žغ˜Ç– ˆRX^²7Ô;ÿ\šwÊõâBfº@ßÅ<Ÿ» +žà5€È,ÊŸÊkËþŠ‹BGbtZÊráTT‹±õÒ4.*“á„,æœK=ødÈMøaûÅ£™aþ@€¬Kx|òØÃY7Œv¡5ÒÛÚf?Ï°„ŒÒ+Ä`£ža0aɏz×ùH‚ƒ!©gûˆ_}ö!„<—âŸsݯÿ~s÷î÷§–Xœ•2Xa?üëæ?ùjËäÏ7à +€×GžçLdÙêtq€\Ä8ó\Þ|žù×7ŒáÄc{‰@pô€`ó6öŽšÇ\†5Ë9Ëÿç +oÍ +F +> endobj +1534 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [459.055 559.75 503.886 568.662] +/Subtype /Link +/A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> +>> endobj +1522 0 obj << +/D [1520 0 R /XYZ 71.731 729.265 null] +>> endobj +898 0 obj << +/D [1520 0 R /XYZ 71.731 718.306 null] +>> endobj +62 0 obj << +/D [1520 0 R /XYZ 322.763 705.748 null] +>> endobj +1523 0 obj << +/D [1520 0 R /XYZ 71.731 702.184 null] +>> endobj +1524 0 obj << +/D [1520 0 R /XYZ 71.731 687.24 null] +>> endobj +1525 0 obj << +/D [1520 0 R /XYZ 158.405 679.147 null] +>> endobj +1526 0 obj << +/D [1520 0 R /XYZ 266.412 679.147 null] +>> endobj +1527 0 obj << +/D [1520 0 R /XYZ 230.305 655.835 null] +>> endobj +1321 0 obj << +/D [1520 0 R /XYZ 76.712 637.902 null] +>> endobj +66 0 obj << +/D [1520 0 R /XYZ 385.269 598.53 null] +>> endobj +1528 0 obj << +/D [1520 0 R /XYZ 71.731 595.56 null] +>> endobj +1529 0 obj << +/D [1520 0 R /XYZ 71.731 592.691 null] +>> endobj +1530 0 obj << +/D [1520 0 R /XYZ 129.514 574.859 null] +>> endobj +1531 0 obj << +/D [1520 0 R /XYZ 129.514 574.859 null] +>> endobj +1532 0 obj << +/D [1520 0 R /XYZ 199.979 574.859 null] +>> endobj +1533 0 obj << +/D [1520 0 R /XYZ 250.35 574.859 null] +>> endobj +1535 0 obj << +/D [1520 0 R /XYZ 71.731 541.818 null] +>> endobj +1536 0 obj << +/D [1520 0 R /XYZ 71.731 541.818 null] +>> endobj +1537 0 obj << +/D [1520 0 R /XYZ 153.724 532.318 null] +>> endobj +1538 0 obj << +/D [1520 0 R /XYZ 71.731 531.225 null] +>> endobj +1539 0 obj << +/D [1520 0 R /XYZ 129.514 514.385 null] +>> endobj +1540 0 obj << +/D [1520 0 R /XYZ 139.198 514.385 null] +>> endobj +1541 0 obj << +/D [1520 0 R /XYZ 423.11 514.385 null] +>> endobj +1542 0 obj << +/D [1520 0 R /XYZ 71.731 479.352 null] +>> endobj +1543 0 obj << +/D [1520 0 R /XYZ 339.534 455.606 null] +>> endobj +1544 0 obj << +/D [1520 0 R /XYZ 389.905 455.606 null] +>> endobj +1545 0 obj << +/D [1520 0 R /XYZ 71.731 440.497 null] +>> endobj +1546 0 obj << +/D [1520 0 R /XYZ 71.731 425.554 null] +>> endobj +1547 0 obj << +/D [1520 0 R /XYZ 280.893 416.054 null] +>> endobj +1548 0 obj << +/D [1520 0 R /XYZ 469.678 416.054 null] +>> endobj +1549 0 obj << +/D [1520 0 R /XYZ 165.21 404.398 null] +>> endobj +1550 0 obj << +/D [1520 0 R /XYZ 410.832 404.398 null] +>> endobj +1551 0 obj << +/D [1520 0 R /XYZ 71.731 364.846 null] +>> endobj +70 0 obj << +/D [1520 0 R /XYZ 276.124 325.474 null] +>> endobj +1552 0 obj << +/D [1520 0 R /XYZ 71.731 302.579 null] +>> endobj +1553 0 obj << +/D [1520 0 R /XYZ 71.731 302.579 null] +>> endobj +1554 0 obj << +/D [1520 0 R /XYZ 312.835 279.646 null] +>> endobj +1555 0 obj << +/D [1520 0 R /XYZ 71.731 277.489 null] +>> endobj +1556 0 obj << +/D [1520 0 R /XYZ 71.731 262.545 null] +>> endobj +1557 0 obj << +/D [1520 0 R /XYZ 232.663 253.045 null] +>> endobj +1558 0 obj << +/D [1520 0 R /XYZ 375.818 253.045 null] +>> endobj +1559 0 obj << +/D [1520 0 R /XYZ 274.814 241.389 null] +>> endobj +1560 0 obj << +/D [1520 0 R /XYZ 402.928 241.389 null] +>> endobj +1561 0 obj << +/D [1520 0 R /XYZ 139.477 229.733 null] +>> endobj +1562 0 obj << +/D [1520 0 R /XYZ 76.712 213.095 null] +>> endobj +1563 0 obj << +/D [1520 0 R /XYZ 71.731 193.17 null] +>> endobj +1564 0 obj << +/D [1520 0 R /XYZ 195.507 181.514 null] +>> endobj +1565 0 obj << +/D [1520 0 R /XYZ 275.827 181.514 null] +>> endobj +1566 0 obj << +/D [1520 0 R /XYZ 330.785 181.514 null] +>> endobj +1567 0 obj << +/D [1520 0 R /XYZ 71.731 143.656 null] +>> endobj +1568 0 obj << +/D [1520 0 R /XYZ 378.976 130.704 null] +>> endobj +1569 0 obj << +/D [1520 0 R /XYZ 463.439 130.704 null] +>> endobj +1570 0 obj << +/D [1520 0 R /XYZ 71.731 128.547 null] +>> endobj +1571 0 obj << +/D [1520 0 R /XYZ 71.731 117.339 null] +>> endobj +1572 0 obj << +/D [1520 0 R /XYZ 71.731 117.339 null] +>> endobj +1519 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F55 1335 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1575 0 obj << +/Length 2248 +/Filter /FlateDecode +>> +stream +xÚí[]oãž}ϯð£ +ŒiñK” +ô¡Ýt³˜mÓ(°]Š­Ødɕäù÷œ)‰Öíd™ng1I6uyîᜇ—” +g +üá™ÀHP8ŸÏ6‡o¶ƒoþrƒu‹¥n²4Úüy}³º%á,D¡OgëÇ>â>› JPÀÉlœýyþÝ>:Vq±XîÍ RÇïòÃ1I“l§.£l«N’¬¬¢ž§õw¿¬Œùžn!p‚%VÌ”~0[bhÊ +l󟛟ñf[hû㍇h̞áÜC8 +g‡æQ$x ¯Ó›/7à +Mÿ +tÌPÈØdÇõM +˜Qgºõ¹"ô- +G€ZÖq;®1ïh8 +G!§5×åC’m“¢O +!²`®3÷vp1+8B€$qîa£0šD†ž +l1+6Jòqž—r“g#øÐì GøcV|ŒpÄ ÀL|iŸ‰RH* +Èe$`W!Œ)—íޔ;ï• ~ t|‰a"ø!FžÖ|Ýþx{÷Ï©<èŒ9H +²& +Ldÿòž—åY +G<• +ðaÏC³ŒâÿÌHQKuÛW.ÉŸ ȁ=GŸï×ãœ:•ÅªNߕTçɐì̺ˆI +È6(ÇA‚JO†¥ +Œ­DÛ06}†1®6SâìY+Î6d8Ÿ!{Z>&uÙ +:3‹Â¯>‹ž@”r{ù`œ°kôŒ³æ"y,ØÚä1°ýãËgUŒJiÒT]l¢cRE©Uæ +ÀþŠóï¡ +£0€öe`#À„ZŸ3è"H-ðÚ +ÀÛGElUx; +·`lÞÄhSxÈ: +· kÞDvIᝠû})<ñ‘Aàa!ïÓ« +ö֘‹Ô™FÖfŽìo÷ë7Êû¯ýMÝß+:åþw¡Š$Jòcµ*£Ã>J²•Mä;»."Ղ² +Õ)”6™w²“y +ÊVæM” óé€Ô»@×Iœ]+õ&:-õ&—“²ïéïJöyȁ]»îó0@!¿Š°7¬9H'¶&Ll«ŒÚǓ–.°}Ó÷÷ +ÃÀC>±Wï<  MÄjkýn˜t‹€m,ŽŒTÁ;AÙJ» +e#í#(-uŒ|­žÛð5â>‚ïB5ïãošOç™@Ȅ ëFœƒuªæ¿õ>nÊ]€úŒLvYT +}¹ªè!*å +çÏIS?è€ªâL]T¹äyuë³H«Ü2ƒŽEˆNêèÍs” +ðuÓUš<ŽŽ>þ[!ý »Û/ð\ã8&Û3_ÀôL^#Œ)P£­ŸQŽb„n~ÄŠíª8µØ@øÐ{ÆY5 +§€4ß +Ù +E«QÆý·ÀIó]Kœë'°w™ŠŠ1i¬èPËÝh»Mª$Ï4ò—Sj +l\6þšãkpã§O:PÓ©ŒÒ%! +È[]’šêh_ +Rí +ÈgT* +„èEàÍscWŒ: +òˆö,^î +`)ÖµÉÁ³¬*r +ÞyÖÀè%?UzŸ>æišK +yÖÏ°W·”êÎeÑȵ+›<“]ïNÅóxè8#û +IP“°4Ð`?”ÏŸ’- ïiZ“âL`„)}hÞj +ÑšÑ +d]ü8°S?Ê]ôJ!mFúë»þõ=ÃþCsÖ˜X.Ÿ“j¿l8\ªˆûãíݧC"CešH€.y­Þ +#5Ώœí)’ü+ÙS¡IÂ9EÄÃïM®›\$|Øß„÷û#Ü  ‡ðƐLvŸŽÞÄwz®ŠÓ +SÐ.?žÀq×h’cÝä"ÇÃþ®àžßÿÇÍ1L +ù +ÞÈoo^œæ·(,üâÁã’¿ºÉE~‡ý]Áo¿ÿ1~ +š_YÃ\ +‰ºÐ{=Á#µL%#åÓå1 aˆ Ò³Ñhj +š&—Æ`€¿Ëc0èd +Lz +äÄýncðÃÚ(J€ýѺDîé–qñ$çÏæ7jy–ŸÈ}]€á`YáSV×,K¹Ø~œôZ•* + +õ³¬«D0ÿ|ʪä« +ÕUÙÂPcqiŒ*:qfk_*(£4ÏŽ™ŒPÇ͂€8&qVME + )bW­6HMñkVÃ;ÞkõŸ"N}ëÏÞH€'*¥ïOÅ1/ãášØCLù†¹_³&VƬà䚘À&žï“"ÞTraÎ|[sbì»Á(ÇHþüòú­Ä÷ˆê* +|ȈY÷pˆï# +šEܧ|gäÛh t]BŸ¹¶iÁÀ÷êÎd¬žpãÿ#Vœ),üŽí±Âë}Ò:'a6'ƒéˆé캈˜ +ÊшéPŸ.`Œ‘ÉÀqáÍYà|ýS +oŒÐ +8P3ýxè~ž¥47YqÓ97ÈWïVMŒ +7~[¥9jŒÍy»+ǚF8‘ï‡fQFš¢,VSøS\Žõ\·—äÂ|¿”üë›ÿšWñT;fŒ–Ü“öêU +ŠKiš‚i¹këbOo«Âٶȏê¬ÈóJ +%>Ož’4ÞÕ[rðaôX5w˚w KŽÐ¥ïqAù\;r§­æÍmYc4‹ë­/Ù¹6_i„Ñf—ºy•ëc_®gšœÕÚ=ùö +Ï}ý{g%°`Mn” ÷Օx}«“­ÒcAëæx] Ãõ¶­žš¬žê։Ÿ}³?ä[uÊ9W'õîŒl#_$IÓz¿©î*ݙvœ¶þ²ž¿Ìð—i +Žr{BºëiG +ášfä +5,òÿTöÈ+_Ê*>šóŽ©`F­ÔŸ$9å \Ó$Ú`œøœ5ø — +/]Ô|èu«ùÑ6ÚýcՏ=mÇtWë6~\¬è”ê{6E +µá¢íž +Æ|P;áò–œF­1U£ÎOÙyžëÛõŸŽdEfoInëþî{s!vÎX;æòQÅÐÁå Ú!ÖYxTo,iNkvýŠ +P€ +õ%ª®É`œÌõ«Kº‰„‚ñÄ«PÞþ +÷Ÿ/endstream +endobj +1574 0 obj << +/Type /Page +/Contents 1575 0 R +/Resources 1573 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1480 0 R +>> endobj +1576 0 obj << +/D [1574 0 R /XYZ 71.731 729.265 null] +>> endobj +1577 0 obj << +/D [1574 0 R /XYZ 71.731 741.22 null] +>> endobj +1578 0 obj << +/D [1574 0 R /XYZ 71.731 560.299 null] +>> endobj +1579 0 obj << +/D [1574 0 R /XYZ 299.405 550.337 null] +>> endobj +1582 0 obj << +/D [1574 0 R /XYZ 129.793 537.385 null] +>> endobj +1583 0 obj << +/D [1574 0 R /XYZ 344.51 537.385 null] +>> endobj +1584 0 obj << +/D [1574 0 R /XYZ 157.19 524.434 null] +>> endobj +1585 0 obj << +/D [1574 0 R /XYZ 296.934 524.434 null] +>> endobj +1586 0 obj << +/D [1574 0 R /XYZ 71.731 502.352 null] +>> endobj +1587 0 obj << +/D [1574 0 R /XYZ 370.857 491.557 null] +>> endobj +1588 0 obj << +/D [1574 0 R /XYZ 499.753 491.557 null] +>> endobj +1589 0 obj << +/D [1574 0 R /XYZ 71.731 488.155 null] +>> endobj +1590 0 obj << +/D [1574 0 R /XYZ 129.514 471.134 null] +>> endobj +1591 0 obj << +/D [1574 0 R /XYZ 129.514 471.134 null] +>> endobj +1592 0 obj << +/D [1574 0 R /XYZ 71.731 468.977 null] +>> endobj +1593 0 obj << +/D [1574 0 R /XYZ 129.514 453.201 null] +>> endobj +1594 0 obj << +/D [1574 0 R /XYZ 129.514 453.201 null] +>> endobj +1595 0 obj << +/D [1574 0 R /XYZ 71.731 451.044 null] +>> endobj +1596 0 obj << +/D [1574 0 R /XYZ 129.514 435.268 null] +>> endobj +1597 0 obj << +/D [1574 0 R /XYZ 129.514 435.268 null] +>> endobj +1598 0 obj << +/D [1574 0 R /XYZ 71.731 433.111 null] +>> endobj +1599 0 obj << +/D [1574 0 R /XYZ 129.514 417.335 null] +>> endobj +1600 0 obj << +/D [1574 0 R /XYZ 129.514 417.335 null] +>> endobj +1601 0 obj << +/D [1574 0 R /XYZ 71.731 415.178 null] +>> endobj +1602 0 obj << +/D [1574 0 R /XYZ 129.514 399.403 null] +>> endobj +1603 0 obj << +/D [1574 0 R /XYZ 129.514 399.403 null] +>> endobj +1604 0 obj << +/D [1574 0 R /XYZ 71.731 380.224 null] +>> endobj +74 0 obj << +/D [1574 0 R /XYZ 257.488 340.852 null] +>> endobj +1605 0 obj << +/D [1574 0 R /XYZ 71.731 340.673 null] +>> endobj +78 0 obj << +/D [1574 0 R /XYZ 283.431 306.381 null] +>> endobj +1606 0 obj << +/D [1574 0 R /XYZ 71.731 306.232 null] +>> endobj +1607 0 obj << +/D [1574 0 R /XYZ 71.731 293.878 null] +>> endobj +1608 0 obj << +/D [1574 0 R /XYZ 71.731 293.878 null] +>> endobj +1609 0 obj << +/D [1574 0 R /XYZ 71.731 222.148 null] +>> endobj +82 0 obj << +/D [1574 0 R /XYZ 206.739 189.669 null] +>> endobj +1610 0 obj << +/D [1574 0 R /XYZ 71.731 189.52 null] +>> endobj +1611 0 obj << +/D [1574 0 R /XYZ 71.731 174.576 null] +>> endobj +1612 0 obj << +/D [1574 0 R /XYZ 76.712 98.511 null] +>> endobj +1573 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F64 1581 0 R /F34 797 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1615 0 obj << +/Length 1842 +/Filter /FlateDecode +>> +stream +xÚݛßoÛ6ÇßýWøÑyÍ߀†aëÖaÃlhÞÚ¢pl% [™$·È¿£E‰”,1vÁ¡Q€–lêôœã‡äùL‘9†d®R +^h‚šóõn†çðÉo3b[ÜÚ&·^›ŸïfË·4™'(‘l~÷0gJ"!ù\1ŠŽ ó»Íûśíê©N˛[*ð‚¢æõM±{Êòlÿ؜®ö›æ ÛWõê†,òãgïþ˜ýz×I” Fƒ"9•RÏo 4ÊŽùwöþ#žo í3ŒX¢ç_à#’$ó݌czߜç³w³ŸâŠöþnÌQÂù䍏a0Ó +ÙÖ}+ >AÂw«Ž÷â.ÖÄŚPøŒ%s +J;ÆúïCùTTé0pŒb€t‹3÷õâZcAqŒrDá +_Ü/Y™®ëH xñ|Ú¹"ãh4}d8Œ5—%¯©’Ì.Ðê”™`$É1Ώ0ŠyZMqàŒÀÁP +Ä]ƒ<ésàÉˋõ*‡Q^§›¬4 +û) +ƒÛÜÄŽ]æÅãòù§Ë)\¢žÒÃE¿z\ET%a\”€0ëf\®`Ê=Ο/aã +ÇÀf sOæeÜd÷/p×+ãFH`C +¹ðÍb“m|l&©qfcP39J'ò"jÊÃ~˜n|Ûu©ßՂiéÁŒÃض’‚ٝ +Ä#n’7¥¿›$-ÏÓMsê͍%KŸ0–€PÆWŸ bŒ«!é[åÅ>mÎM^`^×7/ò,Ý×ÞhuÁ$—gåv +1I/ŠÞéÿ×pL¡„°`n'8F nòè·Ù飂!­ØܳõõÊZcAeT(1=a +êâd&ÐnËãšlU²„ ¡iOæ_Å& +ÜweÜf®ç¯ß5ž&4*œt +* q3CT«Ýv•í' uæb:ç¯-¡Ÿ¶ûl?:ý›nLìô?áB‡o + +Ÿøvøz>(Œ'é!¬GoòêéÅÕaza=¢Dùô–ëI~Áüäñë«{®ÖÅþaaK*%„Oýè Žá‡ƒ8æbÏ€8†°ëš‚9DPk„˜' +>ÄHOAìŒñPÞÄŸºÝjbŠHân†Vz9éH +^G:ŠCqn)ö=‘œOQ +EØuMÅÜԄ9 +S¬ 1£ý©‰IŽÉ +Žqìé;›c± +žÒ‘ +ÃGr Ö +ɞ/!’c»²ùXDq8%æÖã&cû€¶|ªÒúéËÞ!“L;ã1˜ +H +cÚ)œ,?¶ÎL +ÃGt æ +ÑΓ@– +E×÷15³X@sŽWŠ9×HÛNè:]åõ6ˆŽ3éØ1€=­—2Ýž3 u +W +ԁžwP{Ÿ„šŽ!ìÛRÝç‘Ë^U²«%¶Œ%LzUIږÓæ·ÅÏi9U;d ( ¯~%bJ ¢Â¿ +3ŽIöbíгa”†”ÙQê +;»vEe7C*ÛèË +Õ£(»®”Ÿ‰iN”@ +ÒMj~š›€Ó™ŠAç@ØÈâé:s “ßaCŸÃ6×[§?°lDÑu]Ù=ã +q +N†Wˆ+ÝQ»®óIp¹àčëi»€Ü:xcžàà +Ä·ƒ×ó!Do +aW6åÒ +®2  +œÓÕnÏZ +xÚÆàõ€_í +w¢Ã7†ß@€;|=/¥î(®lò%À +æa|‰D*a畺=ƒ1 +È#ØSwA©Û <]çŽâ +C8äaύ@u0Š°ëB˜&ŸŒÒ0˜ .Î-s{#0<Ô7Æ°“wA•»™ +§KÜQÜè  +¹ƒØù`8Š®ëÊ"šfN‚ +S-Áڇx¢"Üqì¬Æàx q„ãžÄóSá +ÛQÜp +BÝrìûH‡£û¶“± EÊßìNæ:• +‹€öJ0²ÛVØn)ŒÛÚœ„uZÕÕ!«ÓÓ^‡/š +7”M +wvÛÏq/ëºØ¥Usø%«·öñ”æLÞ0ޜÍëç"i™™mëUûe™š÷ +ËŽªàŽivÔÔ +š=©uÚ=ñb?ßZµ:žpO[F +å©GL²Ä6©÷û”Ås_¥5o +¶ +º[4;ò«âP®­Wu™ŠèØ÷‚ÔÄlÊ솊Ök˜u™=Õ֟êÔ +eöè÷Ü0ÿ¡j{êä€AÛŽ}Xh•»G +²ÚõNq°'«ò†èÅãaý“îë®óŒ9z* +£÷s¶±^TÐÍÍÑ¡Z=ÚÐn¢-{±ÉöE¹;v«UÓEÂ÷ºÚ +‡Üvêœm²nk›FcõÃid ÈÐÒֳۚܗ‡ÅûâÉܵúØ\%µ»*‘H3iƒôãHŒ‘~ž?í»ûŽ<5$à‹ˆj[þ4œ_ìh3?D|&Ì59y$LØ'±ls#B'žì:œÓå ™âendstream +endobj +1614 0 obj << +/Type /Page +/Contents 1615 0 R +/Resources 1613 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1480 0 R +>> endobj +1616 0 obj << +/D [1614 0 R /XYZ 71.731 729.265 null] +>> endobj +1617 0 obj << +/D [1614 0 R /XYZ 71.731 718.306 null] +>> endobj +1618 0 obj << +/D [1614 0 R /XYZ 71.731 636.613 null] +>> endobj +86 0 obj << +/D [1614 0 R /XYZ 258.306 600.229 null] +>> endobj +1619 0 obj << +/D [1614 0 R /XYZ 71.731 600.05 null] +>> endobj +90 0 obj << +/D [1614 0 R /XYZ 283.431 565.759 null] +>> endobj +1620 0 obj << +/D [1614 0 R /XYZ 71.731 565.609 null] +>> endobj +1621 0 obj << +/D [1614 0 R /XYZ 71.731 553.256 null] +>> endobj +1622 0 obj << +/D [1614 0 R /XYZ 71.731 553.256 null] +>> endobj +1623 0 obj << +/D [1614 0 R /XYZ 71.731 435.497 null] +>> endobj +94 0 obj << +/D [1614 0 R /XYZ 206.739 403.019 null] +>> endobj +1624 0 obj << +/D [1614 0 R /XYZ 71.731 402.87 null] +>> endobj +1625 0 obj << +/D [1614 0 R /XYZ 71.731 390.516 null] +>> endobj +1626 0 obj << +/D [1614 0 R /XYZ 71.731 390.516 null] +>> endobj +899 0 obj << +/D [1614 0 R /XYZ 71.731 252.833 null] +>> endobj +98 0 obj << +/D [1614 0 R /XYZ 220.987 210.567 null] +>> endobj +1627 0 obj << +/D [1614 0 R /XYZ 71.731 190.427 null] +>> endobj +1628 0 obj << +/D [1614 0 R /XYZ 71.731 190.427 null] +>> endobj +1629 0 obj << +/D [1614 0 R /XYZ 411.732 177.69 null] +>> endobj +1630 0 obj << +/D [1614 0 R /XYZ 71.731 144.714 null] +>> endobj +1631 0 obj << +/D [1614 0 R /XYZ 197.18 131.862 null] +>> endobj +1632 0 obj << +/D [1614 0 R /XYZ 71.731 106.791 null] +>> endobj +1613 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F64 1581 0 R /F46 1173 0 R /F68 1635 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1638 0 obj << +/Length 2268 +/Filter /FlateDecode +>> +stream +xÚ¥Y[ã¶~ß_á‡k-ꮎ[ Íe‹¢-Šd€>€A@ËŽ-¬,jHif'ØßCòP’u +0–å£s¿ïÜHэt“R’†ðä$HâMq}çoÎðËÇw%<ñF2{x·ÿ!È79ɓpópڄiBâ$Ú€a@²8Ø< +Þ~{aMËåÎ +bûù­ž6eUÖgû•ÕG{QÖªe;º­Ìo¿<üãÝ÷œ +q@IŒê$ŠÌL')ÍI +Î¥~FÂ(2N>\žuà(Ë]oŸv4Þ:§U!ËŠE•öjÿC”l2P˜h +iJ’ ŽŠ–«v¯ÿu±¢cÛIŠšÃ‚U%Úy.ۋèð +“;šmÏݐáu«œHUÙ«F +íïSyÄU(qÅ«N±3×~l<„f \$GrÊú$䕵¥šÑ› +‰ñªÕ +l» +Y: HžsŒÇÔ×#düT¯ÖßxÀGBscëÀÔåO(“ö2@”Ó%ðŒÄ÷·?‹F;§~±fÙ&%yjiª“ŸüËL1Db–ŽôþZw×P:Õ‡)(÷×9c^àûZÀÓ!&·ÑÒ¥ÊC +ߎåã_Ï +ú$óPèè€uzž]¯M +n¿è °WWƒ,y±ßŽåéÄ%D‚ýŠ–rÀ%‰S£=˜hÿ;sžžººÐOÝÖÝ>ÚK­Eçˆ][v•ýºw«áUwD'*q^ПM)éÊ㝓0ÍoVNýÉ›ˆUUBäì—Ofñ²guJW՝ºª+Ö:ò·)~¿âçý¹Y‹†DçõE=ê²aˆºz™f£çIæêŃ³ˆ@¢?âԕö,]œü.7,̙rn|ãn`±rúkQ{L{Ò4UY°ƒ+A#1ÛoôÕTŸÊŠáGg{R8!*3,›émٔŒçºüÍõWÀ\éÄ +h9xïI+t_~¶]f<Ð %ql"‘ªíÒXàdŒ‘Ð|.˜(24’™¹0%Q-™›~æñ™¹ùÑì4U¬Í{_<ï±+y;Ç7Òm)ÇÆõoHvmӵƮÝWjÚQ@³¬:ƒl”ë!yh„l + +O¥ýäz–øì˜ÇÚåM&ñ–¬qæÐuiø:#¡UœŒib« +,˜»ÏÁÌücóÞp¹yŠÏYˆ};~4pbð +¥jV¹ÁÖ +ZÕõ:€icË +üz™uø¬ˆéæëèÍlœŒ‰í%ì۞èT+˜ +€\fµÐMp? +¶^»ÐVX0”Õ:‚‰O’è +„ƒÐ:†(c&šuçæހâÔüŒ#óžW +¯š8«»fŐä‘ÛS|'ê÷z³€x™‡p'€èž9Áú¬l!"QüÈZ„\÷„NqèU(&\ +ï"·Gª-Ï»x +ºPfšïL‰Ú•nyÃåš韱Î#ìVRßáqZçeÌX¹ÎãÜÜxœš_âqd +’AîÂt[ +Kù²PÔØ!ÄÈåÃ. +jì6yíÒƬ¿Y‰Š +0ép§éc¢“ +cJr>ð\ +ÔVsÝ/˜|A®Q +ì +—R\'ZuҚ=o.ÇaÅŒh +|yt]²Þ!}Z' +eÌ.`ô¹¹7>5¿DúÈŒç¢ò«žÙ‹úR›ö +ýä +ë ©f@ýœ€ýiÂ/ + –·9y‰Ù +Š;9É3}jc\×â†þ;nS®«†# +óù^;ð~ +s­ö윺¡·=ö'NgJ}å–ך૬™ìÎä6ZeÝɘ-Ù*ë +æî³>3¿ÀúØ<Ìæ:Óûù|!Õc’õeûá⎳0Nb5ëp ÐӃ›)†¶Ø^X;™ž{&úìíT§œW® +8N×=Mà* +Î-Œ($™Nî !ã4s{ +Óvæ®]„;‰M0WùÁíš{q{­×Œ +  qü±uŠN»àÑ0ölOÌàöÍ€¥åõŽeŸKˆ€£0ß*éZ¬¡Œ72dW0UŽ²KˆAŠ.Y[5ûÈÌx<"b¢Öd! +•ÅeŽtHI +ºÉôIJa×п[Äý4žp§OH{¥º²Å›:n†š˜¯&JÐ#«P߀ÛB3úIÿ3µ +~ÀÃKž:àcPՎƒ + +›Šòà:ƛZk€Øöb£BžMY%5om +E?rØ;IH +?šFŠFÅÛÒlyÝÚo͐„.4ڊóé\ö¢¬—Ž9G;ÿ}§ä^·ãjyÖÙý¡¬÷s’hE sEà«9~Ðë­£M«Ví§ S74²W×_팠æšßðÝ +@¯d Í Àò;Y2ZÍ'³²³áŒ`ín–L/dÉØvÆŠ!¬ÄùŒ¯&àD$H]Îü¥lp +L ±žy +ëÌpÃîä\ŸDé(ZÍ¡ŽXûèÏ8öÑïÊjv†d‚êacß¡À +Œ‰zl +:–ØõÂJ,³¶ôæ[VAý>Ÿž'Ï%,@N—¶ª—ßð•XD‡‡>,Š\:†>rw +j«‰‹îÁ·Òùxö-\ÛfB +|2yÎe}{qŸaßп?í‚H¿!qN¯ÉäOW×=—æ +S]ðžù±ÙÊë¹&„fù\„ÖseVvíÔsk÷seb|)WF¶¯Š™«ÇÊ +Cêá¢é±º“<Ô§ )}-{zÍ}Äîöƒ[SK™¥ScÈ®!Ü[ݎÂ=µ[u=±ZwÆŽ.öƒy€è]ð©×Cí3dÊð„ñ΄(ÎÙóvâŽBàrß0¥Žø³^³žª +±ˆi»Ÿ|º®ëŠ%§À‘Ž8qã;Ü(#@óÚ[ÞAd6îÆúÅd6Šà‘ûò»Ú¹¥ÿBAIendstream +endobj +1637 0 obj << +/Type /Page +/Contents 1638 0 R +/Resources 1636 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1480 0 R +>> endobj +1639 0 obj << +/D [1637 0 R /XYZ 71.731 729.265 null] +>> endobj +1640 0 obj << +/D [1637 0 R /XYZ 71.731 718.306 null] +>> endobj +1641 0 obj << +/D [1637 0 R /XYZ 197.18 708.344 null] +>> endobj +1642 0 obj << +/D [1637 0 R /XYZ 71.731 683.273 null] +>> endobj +1643 0 obj << +/D [1637 0 R /XYZ 71.731 683.273 null] +>> endobj +1644 0 obj << +/D [1637 0 R /XYZ 148.603 673.773 null] +>> endobj +1648 0 obj << +/D [1637 0 R /XYZ 71.731 652.755 null] +>> endobj +1649 0 obj << +/D [1637 0 R /XYZ 71.731 628.777 null] +>> endobj +1650 0 obj << +/D [1637 0 R /XYZ 71.731 446.413 null] +>> endobj +1651 0 obj << +/D [1637 0 R /XYZ 71.731 432.712 null] +>> endobj +1652 0 obj << +/D [1637 0 R /XYZ 71.731 431.467 null] +>> endobj +1653 0 obj << +/D [1637 0 R /XYZ 137.484 414.446 null] +>> endobj +1654 0 obj << +/D [1637 0 R /XYZ 137.484 414.446 null] +>> endobj +1655 0 obj << +/D [1637 0 R /XYZ 71.731 412.289 null] +>> endobj +1656 0 obj << +/D [1637 0 R /XYZ 137.484 396.513 null] +>> endobj +1657 0 obj << +/D [1637 0 R /XYZ 137.484 396.513 null] +>> endobj +1658 0 obj << +/D [1637 0 R /XYZ 71.731 394.356 null] +>> endobj +1659 0 obj << +/D [1637 0 R /XYZ 137.484 378.58 null] +>> endobj +1660 0 obj << +/D [1637 0 R /XYZ 137.484 378.58 null] +>> endobj +1661 0 obj << +/D [1637 0 R /XYZ 71.731 376.424 null] +>> endobj +1662 0 obj << +/D [1637 0 R /XYZ 137.484 360.648 null] +>> endobj +1663 0 obj << +/D [1637 0 R /XYZ 137.484 360.648 null] +>> endobj +1664 0 obj << +/D [1637 0 R /XYZ 71.731 358.491 null] +>> endobj +1665 0 obj << +/D [1637 0 R /XYZ 137.484 342.715 null] +>> endobj +1666 0 obj << +/D [1637 0 R /XYZ 137.484 342.715 null] +>> endobj +1667 0 obj << +/D [1637 0 R /XYZ 71.731 327.607 null] +>> endobj +1668 0 obj << +/D [1637 0 R /XYZ 137.484 311.831 null] +>> endobj +1669 0 obj << +/D [1637 0 R /XYZ 137.484 311.831 null] +>> endobj +1670 0 obj << +/D [1637 0 R /XYZ 71.731 297.096 null] +>> endobj +1671 0 obj << +/D [1637 0 R /XYZ 137.484 280.946 null] +>> endobj +1672 0 obj << +/D [1637 0 R /XYZ 137.484 280.946 null] +>> endobj +1673 0 obj << +/D [1637 0 R /XYZ 71.731 278.79 null] +>> endobj +1674 0 obj << +/D [1637 0 R /XYZ 71.731 263.846 null] +>> endobj +1675 0 obj << +/D [1637 0 R /XYZ 71.731 252.351 null] +>> endobj +1676 0 obj << +/D [1637 0 R /XYZ 71.731 247.37 null] +>> endobj +1677 0 obj << +/D [1637 0 R /XYZ 157.41 227.746 null] +>> endobj +1678 0 obj << +/D [1637 0 R /XYZ 157.41 227.746 null] +>> endobj +1679 0 obj << +/D [1637 0 R /XYZ 364.731 227.746 null] +>> endobj +1680 0 obj << +/D [1637 0 R /XYZ 414.293 216.09 null] +>> endobj +1681 0 obj << +/D [1637 0 R /XYZ 157.41 204.433 null] +>> endobj +1682 0 obj << +/D [1637 0 R /XYZ 357.673 204.433 null] +>> endobj +1683 0 obj << +/D [1637 0 R /XYZ 71.731 202.546 null] +>> endobj +1684 0 obj << +/D [1637 0 R /XYZ 157.41 187.796 null] +>> endobj +1685 0 obj << +/D [1637 0 R /XYZ 157.41 187.796 null] +>> endobj +1686 0 obj << +/D [1637 0 R /XYZ 266.054 187.796 null] +>> endobj +1687 0 obj << +/D [1637 0 R /XYZ 71.731 150.832 null] +>> endobj +1688 0 obj << +/D [1637 0 R /XYZ 157.41 136.189 null] +>> endobj +1689 0 obj << +/D [1637 0 R /XYZ 157.41 136.189 null] +>> endobj +1690 0 obj << +/D [1637 0 R /XYZ 303.192 136.189 null] +>> endobj +1691 0 obj << +/D [1637 0 R /XYZ 356.873 136.189 null] +>> endobj +1636 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F88 1647 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1694 0 obj << +/Length 494 +/Filter /FlateDecode +>> +stream +xڝSMoÛ0 +œûWèhĈúÖ±+Úœ +3vi{ðb'öà؝ã!È¿ +)I÷Ñ + +CE>ROO"2A2‡àM2€Ž†­w™`[Š|Î0!x‚ðW˜Oe¶º—V±rÔ³`¬fNIðF²²~ÌoÛêenŠ‚K#r qŸ +w/]ß +Ûž¬†:Ý°Ÿ«óþ{.²»òBÁH%ß%© +q‘† +"àì‚ù™=> +VöÆ‡lA+)@8ÃBPljØ&ûš}¹”Œ{-Ô{5bnÂýS‚£%ØXÔŒœj†Œ­æf?ï£ù$Œ@µBMFס›Ûhq>5Uß9ýα‚/wW»±î6Çk¡šMÑӏێÝx->#⟈‰ÖØÏ +œs¶^šGº*¯Š&úæ6yÆ¡?&×ù(Š¢Õ +—„aœcl=OBÈ¡©SÚxÎIȺ›šõ<Ò£T"?Æà¡mŠ?ÙºÛ¹}¥cŽº$'åÓ~ +ð÷KÕ.€vŽœº÷>! + +Ý/ž¿gîXjMNý [ãÍ +× +<ºÿ¶ž!iI“ ‹BšßèÔk™óN¿ +^Sendstream +endobj +1693 0 obj << +/Type /Page +/Contents 1694 0 R +/Resources 1692 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1698 0 R +>> endobj +1695 0 obj << +/D [1693 0 R /XYZ 71.731 729.265 null] +>> endobj +1696 0 obj << +/D [1693 0 R /XYZ 76.712 708.344 null] +>> endobj +1697 0 obj << +/D [1693 0 R /XYZ 166.376 652.867 null] +>> endobj +1692 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1701 0 obj << +/Length 1736 +/Filter /FlateDecode +>> +stream +xÚ¥Xm“›6þ~¿Âß:‡Œé·Œ'LÛÉ9ÓÌ$ù ­ A.×_ßZ 0ø’NçfÎÄŸ<»ûìŠhÂ_ŽÊ"’ÅðCsB×éj_] +«SšÎôQJâ$ZÒwþ;èÇwfúãdÀ%‚§Q21@±êÈÐÞû 5¿¢žúTÉƏ6 +b%O­µò#ï +žMŇi +¡g™yiëoàÍA²`¥ø‡ŸE¡`-Û1uüMHh +ÿüaÓEðqËÁŸëû ðÏô/‚?2`üý‘ï¿>‚>€¯–Џýpó(ú#Ñìৠ+èVíB @ +x—l4†ãjzö€{ù.p֕퍹3ñè^”åŒ:£0$1D +|°àKJ’ÐîØqšP4ŽYy%kT¹óièuè†jكÍ4t +œ±ŸÝɆk>94²« +bnŸè +™u% +ÜZu™Å¬ÊÒD‡›ä©!*ÅÛ3m«ÔŸÃ +º†õAëoê;¥Þäžl0šõøí|Z* +ãîÿÀS'-ü\€âf +‚8$ybwª¶‡"Ns²Y¯ +jöŽêÌImσjy5¯ð©IyBÂMêbÁšh +Åks{”ÅŽKJ'iš‹Ñܺ|çJ4Œx4þFìR¬13 OXãÌx<þ:îã {)\†œJÞrûÜZ*ï.uŽ y'4˜åAø4 +v + +ÁëeÉoìtâu!Ÿ“y(à OlýœZîÊlÐNŠÆeŒë®õÁjãÐ蝔¶Žùß +¯÷|ž +áY«G,ºïDÝ}·à§á +ŸÌÇ{^ +™­œ×ZeÝJ‰×¿Ûîö%Œáý_žÝŸÀå­,Y#^œù3øð×OßÚÕÛ÷o?ƒÇœ Ž3’$–à*öÕï$S[øl +žÎ_V–AÆÌýTg_ŽÂú¢·ùڝÌòAvÍŒ6î,HJs$Dg>Pw²«±!>_q7#³ŠáûÖž††ŽYãÛ'äo#Å]©ìY]˳ +,tŒ`ä¬ ¥ +6 +ÝƒóîYs +=bÓžO”õ> endobj +1702 0 obj << +/D [1700 0 R /XYZ 71.731 729.265 null] +>> endobj +900 0 obj << +/D [1700 0 R /XYZ 71.731 718.306 null] +>> endobj +102 0 obj << +/D [1700 0 R /XYZ 381.708 703.236 null] +>> endobj +901 0 obj << +/D [1700 0 R /XYZ 71.731 692.184 null] +>> endobj +106 0 obj << +/D [1700 0 R /XYZ 220.471 651.526 null] +>> endobj +1703 0 obj << +/D [1700 0 R /XYZ 71.731 631.386 null] +>> endobj +1704 0 obj << +/D [1700 0 R /XYZ 71.731 631.386 null] +>> endobj +1705 0 obj << +/D [1700 0 R /XYZ 71.731 618.53 null] +>> endobj +1706 0 obj << +/D [1700 0 R /XYZ 71.731 617.284 null] +>> endobj +1707 0 obj << +/D [1700 0 R /XYZ 129.514 598.226 null] +>> endobj +1708 0 obj << +/D [1700 0 R /XYZ 129.514 598.226 null] +>> endobj +1709 0 obj << +/D [1700 0 R /XYZ 71.731 596.203 null] +>> endobj +1710 0 obj << +/D [1700 0 R /XYZ 129.514 580.293 null] +>> endobj +1711 0 obj << +/D [1700 0 R /XYZ 129.514 580.293 null] +>> endobj +1712 0 obj << +/D [1700 0 R /XYZ 71.731 558.211 null] +>> endobj +1713 0 obj << +/D [1700 0 R /XYZ 166.216 547.416 null] +>> endobj +1714 0 obj << +/D [1700 0 R /XYZ 219.904 547.416 null] +>> endobj +1715 0 obj << +/D [1700 0 R /XYZ 394.787 534.465 null] +>> endobj +1716 0 obj << +/D [1700 0 R /XYZ 448.475 534.465 null] +>> endobj +1717 0 obj << +/D [1700 0 R /XYZ 213.637 521.513 null] +>> endobj +1718 0 obj << +/D [1700 0 R /XYZ 71.731 473.528 null] +>> endobj +1719 0 obj << +/D [1700 0 R /XYZ 71.731 473.528 null] +>> endobj +1720 0 obj << +/D [1700 0 R /XYZ 71.731 440.771 null] +>> endobj +1721 0 obj << +/D [1700 0 R /XYZ 456.994 429.857 null] +>> endobj +1722 0 obj << +/D [1700 0 R /XYZ 71.731 381.872 null] +>> endobj +1723 0 obj << +/D [1700 0 R /XYZ 394.887 371.078 null] +>> endobj +902 0 obj << +/D [1700 0 R /XYZ 71.731 354.724 null] +>> endobj +110 0 obj << +/D [1700 0 R /XYZ 414.21 311.627 null] +>> endobj +1724 0 obj << +/D [1700 0 R /XYZ 71.731 287.871 null] +>> endobj +1725 0 obj << +/D [1700 0 R /XYZ 71.731 287.871 null] +>> endobj +1726 0 obj << +/D [1700 0 R /XYZ 193.331 252.847 null] +>> endobj +1727 0 obj << +/D [1700 0 R /XYZ 167.322 239.895 null] +>> endobj +1728 0 obj << +/D [1700 0 R /XYZ 354.11 239.895 null] +>> endobj +1729 0 obj << +/D [1700 0 R /XYZ 374.932 239.895 null] +>> endobj +1730 0 obj << +/D [1700 0 R /XYZ 454.323 239.895 null] +>> endobj +903 0 obj << +/D [1700 0 R /XYZ 71.731 223.542 null] +>> endobj +114 0 obj << +/D [1700 0 R /XYZ 298.094 180.444 null] +>> endobj +1731 0 obj << +/D [1700 0 R /XYZ 71.731 156.689 null] +>> endobj +1699 0 obj << +/Font << /F21 781 0 R /F29 790 0 R /F27 788 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1734 0 obj << +/Length 2016 +/Filter /FlateDecode +>> +stream +xÚ¥YێÛ6}߯ðÛڀÍeɒòR4i²H±@ƒzSô’>Ðm +‘%C—löï;”8)ʖÛ"@V¶†œáá™3CšÎ +øGg%Áþžq7þ,>Ý9³ŒyŒ£Òb%MVšÍÛ织n4‹HŽYϞ÷³u䑍¿™k—„Ÿ;{Nþš¿;²sÍËÅÊõùšty_Qβb +êÌâ?Þ}•5¯?ÿ|÷þY +Ổ¬Ý«zDº g+×!‘KGm(ˆ®'$kÏëWÌb1hƒ&b1_\׆D]Þә6úþíýË1cþšéSÏ`[œ$<ÕkUóSÕ}H + +Y÷pd +י£}áɋæUÍÊú¡ª‹³|—é¹®ˆµ0 À&rˆG'€ÔŒ.‰&S@Žø›rÄ¿€ +Àó‘—™ŽBð$ +5ËV&ݧ}!¹[¥}VÄ +:guZäÝÅ^YTüFL—xA8iotSi2‰©íïLmÿ6ŠZÿSjÎ +{ây]œïuX»ç{•“°¯­l,¥KžÂŽ¥í)•izt.ymîâÇw897C@p ‘ß±mžÒŒù.S.­ê2݉4kúI~ÿãÏ¥™’õÜp +ÂXæ™Ëè>Ý/|_Ø×Mu/!šLšNÒ`+—¶_jøC®+€»©Œ¥uú\òsQÖ\N°“˜žK@)Íú'^UìÀ»™X +¡ÿÓ6„•à0ÜwHèD +y!dz/Ä$ß҄ˆHÙ.ãÚ>îfP;æ1ìx\äuYd™ZE; +Y*w,aüTäËÑEŽò7ºOØ-ØÎLf|Ìä,/¥ØÚk +ÄŽ87å¹@­ÄÃÌZº¢¿†©:þe¯žÃžø +_tœI.ìE՜y)’ +â“.Œ +Þ@MGí掣žµá:9X,ˆ^I¬^Ž)V”SSÉíÞɑ‡táú²þ䊿Ö"W4ò‰lŒdûâ8n)– +“ãׁdŒœ +€ +NââtRÙT@‘`%sI›})mWµY3º€Íh2¥Í#þŠµÙòÙÚ¬ÐJ +žè‘<*ÑÛ¶6zŠÈvíGMrP +öB>QfQ­Êú^á+™Îª +ùSƒÝ<AS€—ŸÚL”RS`ê¿€™ìw­¶ò!ÃÖYÃsȳ˜'KS-_8ÇoÊ&ϕ&Ž* +Ÿ<þzß;G +-K^9¿ç³Yô-†Éל + >0Õ +¥€’Zˆìå6Á‹Bu•‰œÍ%"J‹) +ÚΊi8t>ÂBÍ{[ùlŠˆ +ŠƒX +K: +–$ùÅ®Ä +ý-TyÆÊ% +«aJ'C& + z ¡¹­Flny'CÕy'ÖtVŽã–ì¡`c'tN› +Xd×sˆ’–f¢ð\&Ç& ·™`Got‘ +Òd’¶¿2ô?Æ-€Vêù%µ +IP‹)Ší°Ëxy éT6õFñ’&“xÙþnÀkè +/-€¯¬`‰©;¢é€71_i œŠ@ú«6V@;ýjJ£Un©K痱^SN +oz›‹Hw“@[ÎnÀyà| +æÞ{ß=éq±z'JöFŒ?ƒ +„ÌÌø¶;kåˆt³†) +ßh·M,ÊäC×ëŠY3\Ï +)Y•ŒFœ +]׃Úež +×ÿ!>Ù¿M-ÝûSëêŠnšükÞ©k.¹mHèoL*N–ûíšï8v\¿ßUœ# +óñj,OX}ñVàiûV6Ìã·ri®ê„v ‹‡’Vl€Iä¶ + +ñ¢®P­‰'4?çÛô³l„ì8J[5ֆ¶{kÎËA·^É©ð4(z|SÆáˆÆk눉×} ïÀk²ššûÜŒVl] òåI†2š +>嵗RfLÖ óêLjœ>²º¯ˆiߢn‘pAuÉΰÌóp™ql +dU;©6ëËQÝ0iè79ÒNŒ*š,ÄP௠+ڒ +tKÕgÚ×€@ÔSšóÆÏùKsa±å  ¹s(Ër€œ6-dî8>ˆ,À‘ۏÛ÷¿- ‰›/ÕWŸžúoł?ƒóíðú^~øô~i€}ßAWá͆̐#E +7¥ž–òŽ>ªŠüÉ]„áé‰e#øÅgys +ÒEÝtÑÕâÍSɓ]kCv\x3Ÿ·Iòç=NXPI®ý؛X³O)¡^ˆ³Ž%csá'<ÛÓ?7ŠÆendstream +endobj +1733 0 obj << +/Type /Page +/Contents 1734 0 R +/Resources 1732 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1698 0 R +>> endobj +1735 0 obj << +/D [1733 0 R /XYZ 71.731 729.265 null] +>> endobj +1736 0 obj << +/D [1733 0 R /XYZ 71.731 718.306 null] +>> endobj +1737 0 obj << +/D [1733 0 R /XYZ 71.731 718.306 null] +>> endobj +1738 0 obj << +/D [1733 0 R /XYZ 71.731 718.306 null] +>> endobj +1739 0 obj << +/D [1733 0 R /XYZ 129.514 708.344 null] +>> endobj +1740 0 obj << +/D [1733 0 R /XYZ 71.731 706.187 null] +>> endobj +1741 0 obj << +/D [1733 0 R /XYZ 129.514 690.411 null] +>> endobj +1742 0 obj << +/D [1733 0 R /XYZ 71.731 688.254 null] +>> endobj +1743 0 obj << +/D [1733 0 R /XYZ 129.514 672.478 null] +>> endobj +1744 0 obj << +/D [1733 0 R /XYZ 71.731 608.717 null] +>> endobj +1745 0 obj << +/D [1733 0 R /XYZ 319.371 595.766 null] +>> endobj +1746 0 obj << +/D [1733 0 R /XYZ 187.895 582.814 null] +>> endobj +1747 0 obj << +/D [1733 0 R /XYZ 119.552 569.863 null] +>> endobj +1748 0 obj << +/D [1733 0 R /XYZ 71.731 547.9 null] +>> endobj +1749 0 obj << +/D [1733 0 R /XYZ 71.731 547.9 null] +>> endobj +1750 0 obj << +/D [1733 0 R /XYZ 71.731 546.655 null] +>> endobj +1751 0 obj << +/D [1733 0 R /XYZ 129.514 529.514 null] +>> endobj +1752 0 obj << +/D [1733 0 R /XYZ 129.514 529.514 null] +>> endobj +1753 0 obj << +/D [1733 0 R /XYZ 171.765 529.514 null] +>> endobj +1754 0 obj << +/D [1733 0 R /XYZ 71.731 514.406 null] +>> endobj +1755 0 obj << +/D [1733 0 R /XYZ 129.514 498.63 null] +>> endobj +1756 0 obj << +/D [1733 0 R /XYZ 129.514 498.63 null] +>> endobj +1757 0 obj << +/D [1733 0 R /XYZ 440.824 498.63 null] +>> endobj +1758 0 obj << +/D [1733 0 R /XYZ 71.731 483.522 null] +>> endobj +1759 0 obj << +/D [1733 0 R /XYZ 129.514 467.746 null] +>> endobj +1760 0 obj << +/D [1733 0 R /XYZ 129.514 467.746 null] +>> endobj +1761 0 obj << +/D [1733 0 R /XYZ 71.731 465.589 null] +>> endobj +1762 0 obj << +/D [1733 0 R /XYZ 129.514 449.813 null] +>> endobj +1763 0 obj << +/D [1733 0 R /XYZ 129.514 449.813 null] +>> endobj +1764 0 obj << +/D [1733 0 R /XYZ 71.731 447.656 null] +>> endobj +1765 0 obj << +/D [1733 0 R /XYZ 129.514 431.88 null] +>> endobj +1766 0 obj << +/D [1733 0 R /XYZ 129.514 431.88 null] +>> endobj +1767 0 obj << +/D [1733 0 R /XYZ 71.731 394.022 null] +>> endobj +1768 0 obj << +/D [1733 0 R /XYZ 344.565 381.071 null] +>> endobj +1769 0 obj << +/D [1733 0 R /XYZ 465.769 381.071 null] +>> endobj +1770 0 obj << +/D [1733 0 R /XYZ 391.359 368.12 null] +>> endobj +1771 0 obj << +/D [1733 0 R /XYZ 472.704 368.12 null] +>> endobj +1772 0 obj << +/D [1733 0 R /XYZ 206.624 355.168 null] +>> endobj +1773 0 obj << +/D [1733 0 R /XYZ 314 355.168 null] +>> endobj +1774 0 obj << +/D [1733 0 R /XYZ 71.731 333.086 null] +>> endobj +1775 0 obj << +/D [1733 0 R /XYZ 143.342 322.291 null] +>> endobj +1776 0 obj << +/D [1733 0 R /XYZ 247.002 322.291 null] +>> endobj +1777 0 obj << +/D [1733 0 R /XYZ 336.386 322.291 null] +>> endobj +1778 0 obj << +/D [1733 0 R /XYZ 119.552 309.34 null] +>> endobj +1779 0 obj << +/D [1733 0 R /XYZ 208.936 309.34 null] +>> endobj +1780 0 obj << +/D [1733 0 R /XYZ 71.731 287.258 null] +>> endobj +904 0 obj << +/D [1733 0 R /XYZ 71.731 273.061 null] +>> endobj +118 0 obj << +/D [1733 0 R /XYZ 166.466 229.964 null] +>> endobj +1781 0 obj << +/D [1733 0 R /XYZ 71.731 206.208 null] +>> endobj +1782 0 obj << +/D [1733 0 R /XYZ 71.731 149.102 null] +>> endobj +1732 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1785 0 obj << +/Length 2284 +/Filter /FlateDecode +>> +stream +xڕYߏ۞~Ï_á¢/6°¢E‰’¬ +òpwMÒ-®wé®hÑ+z\™¶ +•%ŸH%ٗþí +ŠC‰úa{‹YYÍ|äÌ|3CÑ +ÿè"¡$ áO’ ŽÙ靿8À“Oï(Jx(â92?lß­?é"%i +.¶ûE˜2Gñ" ²‰‚Åv÷¯åG~V¢^yAä/Cbþ~%ܢђæF#ùŠú˃þO˜[e¥„\ý{û×w¶ +Œ( $ +®E‘)ЀJiJ"˜ø2֜߻ꈪ³š¹Ê˃ù)_¥'ŒnÎ+ºk•è +î’Å8ºòÄÿHQ£CWQŽD’ß +siRZ¡†s\}G.Ç +ír KxE@V6 +ŠŸÎÒµ7¡n™a”ÎuSNy1ÐŒÈËØüt䖿<ŒÍŒÌñÊë +U)ŠNJ®R«©²»¡@bl@°fÍ,\fEn(‰1ƒîÕBoëA—K®>³/ìžâÏ\Š;sÿ+ìQ®ŽæÇÎ,º,*Ÿ3Ò-»¯CÄüêûÁ¡ÑU®xªï(°¯«“¹Âw˜ëhæ/ïÌӯnjhwVëúžó掋“ +µÎG&䄍eUŸ` +Hpóµj°>èJP5 +º@ÔuU£Âg‘ñŠc“}G +YS× +ÕólDì@EX»;ðX÷ú•õˆI,ƒB!P#nXÈm¡™¶a +ÒŠ0›•œë +R’DN}œÈQÈKãëüç]â?+r‹ÿfìÝ濉ýþsÿm?<üm†ÿ »¶j»Jt +œòÒ$ÈL +¿Œmú +Ðy}Ûz¡‹Û†"7·mjï +Û6¶?·mض¿ë}ºßƎMŸaëÆáß·D1|¯F÷»¶‹È»˜v6•u®÷Mªøœîv³ÆÖ ÎMCCŠ +Å_AÜÓg:là +ŽšÝÊ\ +;$ýÛ.K(._zZr³ÚÕ áÊÜM“¯ºÃCQ—5Ùô +h*è°H1Ÿ0ßRȏª.ŠziBß"ðŠ*BÒÄ + +ÙTC@’ä-ÌÐ +nt»ŽÐ¥²"·RhÆÞíšØŸI!øì/OŸgøxCXd¯áՂꚚbغ +Ã0þ¹ê£—ÛŸB +ë#Œ¿˜9€×s1jœ*œ˜¡uŸë¬Ÿ`˜ÛyEnZÝqŽÝ«Îš9äºO0Š­EÍU­šóe×ëte7ØÓºèz¹éú©œ7ž~lÎõpý÷?<Ì1g`ÑõOÐVe/#ÏÕÁõöÓ¹pë\u¬ +%XÝ @Žìd?5—§ê¹·ýõœ*۞ðÛ £¹»éµ]‚ +8w·Ý“}ÑŽÝšþ°Š–]ÌGSÁŸòˆ5¡Ùu«¬yŽj=Ïøê8ûŠíÖUS#c^/ñu¬c +¶PW»ñÈ1ìåÆ3@·;u¥œ4Õ +;ƒJ}ÂSäª?²g㕢íGëÙG‘)òßq‡ YÑN#1f“ÆŠxœÌääj€Š +Y‘õk`$"tl›ŒPÀ®Ø¶"×lÔhÛÉ!L7Ä÷oÔGè9X‘[ä0cï69Lìϐƒ +@w€ÛÝ,yš!èìS[ +>‹z¯§7ä»ÑÊ +oaàüRÚj¯[ÝUš5Dv¹ãL–㱜ê€mRºÓթڙSÀFuКm4šO KÒ +Cƒ +šŽ!Vàµd³ü|ÿgsÑÓÅhq D +Å÷d: +Û UVlÔâÒu:áêóý|ÍÓ3ù`ÆçÓv=}ûëŸ+ÚN†£cŸŸ +OF=`Z.šœchÀÓ9Öuœ-ŽPiÏyW”ó“õ“ÈÍè‡ +§¡ês‘g¹Öq +ôŸÓÓÙԇг]:Y÷«Ñ±',+jºòÎùÎëڋ÷ïú0Ó +êóeڝEŽåÿΞК¿_r~ž +’ ˆ€z×ÙüԏŸœÿüðáã=@ûÇ +, ?dXó±«9OW.Ãp˜bìÆ»?µdÞÇn{]¯X +’ûÿ +ͺÊiEuã Ñgj}ipŠ§“듃©±ÀŽ¿º`aŸçÐ18J’˜€ŸPô +œÌ +%(éæ?›Ó۔ô3•t';`H@ +Ô*ÖÓÚ +ÓBw¯Mnß + ¡/õzaµTÃñÍ +Ënv£ƒñMõ㛚ï NÜ +èð竓¬NNR?j”ŠÓiÞÐýõæsbà† +ö]û(ÝXŒØ€âvö‚ø +l¯ Š÷@4€µ9ñUœ¿ûrdL;˜çšO3PFÈ$×òïFCj— +WN7 +¿¶ÇŠ©Ì߶‰Ýkú"Øà’ƒ¹îƒ$̙ +\È# +èÁµ9·Ó7aûŽç¡î¿:ßôÊéäs~1«ó³ù(3ÜLðz@IL +müñ+/öýåú9/×òhã"бtmÒP˔¹òðκ‘õÜÀ‹õ—•e€^CÁZc4`âïðÕvïô•­QH’t£[ŸöiÛ"Üÿüþ·Œ«©r®µO”ÿöÝP§ÛáÇY¶!š\ý|ۋL:žˆú$Ý€V‹ÆH“ +`§–þŽÄwgendstream +endobj +1784 0 obj << +/Type /Page +/Contents 1785 0 R +/Resources 1783 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1698 0 R +/Annots [ 1817 0 R ] +>> endobj +1817 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [371.822 413.783 424.126 422.695] +/Subtype /Link +/A << /S /GoTo /D (0:LOGFILE) >> +>> endobj +1786 0 obj << +/D [1784 0 R /XYZ 71.731 729.265 null] +>> endobj +1787 0 obj << +/D [1784 0 R /XYZ 71.731 718.306 null] +>> endobj +1788 0 obj << +/D [1784 0 R /XYZ 264.546 708.344 null] +>> endobj +1789 0 obj << +/D [1784 0 R /XYZ 486.083 708.344 null] +>> endobj +1790 0 obj << +/D [1784 0 R /XYZ 71.731 673.31 null] +>> endobj +1791 0 obj << +/D [1784 0 R /XYZ 71.731 640.433 null] +>> endobj +1792 0 obj << +/D [1784 0 R /XYZ 71.731 640.433 null] +>> endobj +1793 0 obj << +/D [1784 0 R /XYZ 71.731 639.188 null] +>> endobj +1794 0 obj << +/D [1784 0 R /XYZ 129.514 622.167 null] +>> endobj +1795 0 obj << +/D [1784 0 R /XYZ 129.514 622.167 null] +>> endobj +1796 0 obj << +/D [1784 0 R /XYZ 71.731 620.01 null] +>> endobj +1797 0 obj << +/D [1784 0 R /XYZ 129.514 604.234 null] +>> endobj +1798 0 obj << +/D [1784 0 R /XYZ 129.514 604.234 null] +>> endobj +1799 0 obj << +/D [1784 0 R /XYZ 413.456 591.283 null] +>> endobj +1800 0 obj << +/D [1784 0 R /XYZ 263.172 552.428 null] +>> endobj +1801 0 obj << +/D [1784 0 R /XYZ 71.731 550.272 null] +>> endobj +1802 0 obj << +/D [1784 0 R /XYZ 129.514 534.496 null] +>> endobj +1803 0 obj << +/D [1784 0 R /XYZ 129.514 534.496 null] +>> endobj +1804 0 obj << +/D [1784 0 R /XYZ 71.731 532.339 null] +>> endobj +1805 0 obj << +/D [1784 0 R /XYZ 129.514 516.563 null] +>> endobj +1806 0 obj << +/D [1784 0 R /XYZ 129.514 516.563 null] +>> endobj +1807 0 obj << +/D [1784 0 R /XYZ 474.954 503.611 null] +>> endobj +1808 0 obj << +/D [1784 0 R /XYZ 169.922 490.66 null] +>> endobj +1809 0 obj << +/D [1784 0 R /XYZ 169.922 490.66 null] +>> endobj +1810 0 obj << +/D [1784 0 R /XYZ 190.943 490.66 null] +>> endobj +1811 0 obj << +/D [1784 0 R /XYZ 71.731 488.503 null] +>> endobj +1812 0 obj << +/D [1784 0 R /XYZ 129.514 472.727 null] +>> endobj +1813 0 obj << +/D [1784 0 R /XYZ 129.514 472.727 null] +>> endobj +1814 0 obj << +/D [1784 0 R /XYZ 71.731 457.619 null] +>> endobj +1815 0 obj << +/D [1784 0 R /XYZ 129.514 441.843 null] +>> endobj +1816 0 obj << +/D [1784 0 R /XYZ 129.514 441.843 null] +>> endobj +1818 0 obj << +/D [1784 0 R /XYZ 71.731 413.783 null] +>> endobj +1819 0 obj << +/D [1784 0 R /XYZ 129.514 398.007 null] +>> endobj +1820 0 obj << +/D [1784 0 R /XYZ 129.514 398.007 null] +>> endobj +905 0 obj << +/D [1784 0 R /XYZ 71.731 378.829 null] +>> endobj +122 0 obj << +/D [1784 0 R /XYZ 163.591 333.575 null] +>> endobj +1821 0 obj << +/D [1784 0 R /XYZ 71.731 313.435 null] +>> endobj +1822 0 obj << +/D [1784 0 R /XYZ 71.731 313.435 null] +>> endobj +1823 0 obj << +/D [1784 0 R /XYZ 310.065 287.747 null] +>> endobj +1824 0 obj << +/D [1784 0 R /XYZ 119.552 274.796 null] +>> endobj +906 0 obj << +/D [1784 0 R /XYZ 71.731 271.393 null] +>> endobj +126 0 obj << +/D [1784 0 R /XYZ 234.966 228.296 null] +>> endobj +1825 0 obj << +/D [1784 0 R /XYZ 71.731 204.54 null] +>> endobj +1826 0 obj << +/D [1784 0 R /XYZ 71.731 204.54 null] +>> endobj +1827 0 obj << +/D [1784 0 R /XYZ 496.454 195.419 null] +>> endobj +1828 0 obj << +/D [1784 0 R /XYZ 289.124 182.468 null] +>> endobj +1829 0 obj << +/D [1784 0 R /XYZ 366.802 169.516 null] +>> endobj +1830 0 obj << +/D [1784 0 R /XYZ 71.731 144.445 null] +>> endobj +1783 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1834 0 obj << +/Length 1132 +/Filter /FlateDecode +>> +stream +xÚíWݏã4ß¿"¬VºT×q>8­Dq§å!(ˆEœ7q[«i\åc÷ŽÓýïŒc§M“nµÀ +šR3±'3?g~ +Ïx1A1ƒMž—í®°·†™wWÄiN%èŒY^ÍßÒÔKQ1o¹òX¢ˆG^Ì(J8õ–ùoþ·±od5 +(Ç>CöùN–0Dž/ +;ÐÖbF°¿6Ò•º‘õì÷å÷Wß-08%ˆÑ‹@Êhy  +P3Äžã±0ìpÎT9ߪEûÁâÍOK+Þüx÷Ãk#ÿž°Ð@O!°Öžû¶.€Ü[eòÚ>'šQ§¹XÜâËOUH«ëo¬týáf±ž¶ò·nlÿ¡øÚÌõÈ0G,9±]ÈÞÞbagëŠÿÒ­âú9vÁj5Fž‘y[WóBg¢˜?€ÂŒ­çµØm„*ÿÁì֙o6² +9"Å<=})ŒÁ}YÔò’U»†‡JŠíKÌ­ÔXiØ\—rb*LPH’±)3ÅbINÐì +§ñëbg‚x¿gôÖs]äf +@UÆǪ +B†°lª2¶@îV¶È>ê¶/@Wv°%Vxej +Vº|åfõŒøºøjôuŠÛ"ÎÐJ° +Êý'U®íÐ=æž-MöÈ +dòµE=,QH8(䈀¶:§Ë5!é2l–O]|áCNNw»Vºœ oÏÔ]©3HˆFž™Êôn_ɺ>3µÊF¥uóM‡p£¡(Š5cT +ᩂ +"""–)Á‡u§ÑoÚß«:¢ª-û¬A{•_.žèdQÀw·ï3ќÉ4cbûýeFûgÌœ˜Yãÿ™õ¿Â¬ÑK™5þWÌ:MYG¬Á™Ê—e^g•Ú7g4ìǟ +gè +%ܒfŒjÚ CÖC±é_âÄÿeŸ‹Æ²ŒYŠá +cZ8¹VëR4må^A_<ˆZNé¹wÔ±³uŽì©Óm®}É +Üi'ë²øh%p¹×#Ò=@1VP:;Š³ä”Q5íþÈÏ¢šµ›’r܇ +Œ£SðÅIx¶ëu‚’m‡«2ËÿYfêqq¢pâ>IÁÑe÷Nç²û#žF'îÁs—) +Z^ +Ýa@(J9é暍ªÍåúØ_gÉÃ)( +æÖ€Çø„!³SÇÈ;>) +÷X¹=¶-!×ܙ+Üh¡ûÃŽ9œÆP3pxC^:;¥q,«•ì3àI5›÷ +§šƒíõúä¬VH¢‘“zs<ó¡•÷ÛÒŠ6 +Ñ%”#œ‚—Žk†¹ +4ÓHEßø—gʍ҄:cK͝Ø® +õ!Çí:ƒqAô‘ ++aê‹,ƒóÝö"Èñ‹Ž© +=¡ï e©$§éf +ÍýE—ᬊêgÙë +ºœAàOBs±¥›/Ty¬_&ÖӐҐ#ägÃê Âðhc1*wsƒv4"»t·;ªL®v +ø’£:ãœ$ÏÜΊžþ7–endstream +endobj +1833 0 obj << +/Type /Page +/Contents 1834 0 R +/Resources 1832 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1698 0 R +/Annots [ 1840 0 R ] +>> endobj +1840 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [435.802 155.628 488.106 164.539] +/Subtype /Link +/A << /S /GoTo /D (0:DYNUP) >> +>> endobj +1835 0 obj << +/D [1833 0 R /XYZ 71.731 729.265 null] +>> endobj +1836 0 obj << +/D [1833 0 R /XYZ 71.731 547.135 null] +>> endobj +1837 0 obj << +/D [1833 0 R /XYZ 71.731 523.472 null] +>> endobj +907 0 obj << +/D [1833 0 R /XYZ 71.731 234.866 null] +>> endobj +130 0 obj << +/D [1833 0 R /XYZ 401.782 190.661 null] +>> endobj +1838 0 obj << +/D [1833 0 R /XYZ 71.731 166.906 null] +>> endobj +1839 0 obj << +/D [1833 0 R /XYZ 137.534 157.784 null] +>> endobj +1841 0 obj << +/D [1833 0 R /XYZ 244.642 131.882 null] +>> endobj +1842 0 obj << +/D [1833 0 R /XYZ 365.128 118.93 null] +>> endobj +1832 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1846 0 obj << +/Length 1968 +/Filter /FlateDecode +>> +stream +xÚµYKÜ6ŸûWôi§qDœåC€ÄÈzœ‡Äˆ;‡ ÙGbw +–DA·çߧ(²(êÑ=N‚Å£Éz}õU‘Mw.üÑ]LIìÃÅK‰ +»¬zãîÎðåýªG8zˆcùáøæéß^ºKIù»ãi秉Âhû +IBowÌß¿»°ŠçíÁñBwïu}ÏkxEÃ=+Ջ¡cêîÏòW¯jÑóîð¿ãßüx4j„ +%ŸwWQ=d­h<)JiJBP0vâÁšè‡“’û"uÃZŽÊõYÝv¬º°¢Vã5H÷YYðºêxûEڄÆV"çRÿ¹h“ AW)”Õ¹ +bk“ØõõˆÏ£Kx£Öì/Z§gÖñ²šõSÎz&ßš'¡õëtã-åwÿhV«¥øã¹!¡A²sšGR +9øŠ +0®è¯R +¡ +Æ{öÒéOúíЀ6\yÆš‹ +Ÿ]#ŘŸnFÇ8Ö +iLÒ؎(‘üáyáJžçAÄé–Œåu’¯çlɟ‚p +i0Sàˆæ7-?ñ¶å¹Fï/BßK÷uKß]ù³#}§'üá†îÇÿ| +àJ5xÙ3„‚ü|éûæíÓÓõz=Dប̑ž­@Òý“ +ÿ4® ÃïÎâ~jEÝó:× ¹^Šì¢aP–âà +ûëBg@ŒýRÀ%TŒïTR œ]ÇÎ\ϒ˜ŸMox{mµÎ/LI>U™ ! +ðõÜœÓ&µ¬@3KÁP‹§E֌ ÷݈P•2žŽÓš +¹‰TŸêû¯ ut©zÈ«H]Ëû€®å¯‘j)p<ÄÀ2U#ZÖå‹ò­L“BJÂ4ÂHdÍkE@»© +ñM< +ñWƒ +‘jܵCœVƒ†ñ”2cc§ŸñÏJ¿8"i@õÌÇ Š+P?’0yÕÔ䊩 +\Ÿäyº . +Ÿ}ÞrĜ­CH`õr*PÄƒMÁ˜gžÎša§dÎx +u<]› +—­¹73µO)úMÖÈ5qԜ/2›Élý"ÿ‰BÊD +@ +šË2`MyK?”⌬æz¥Åp:ñÁ)±]šùƒº2ÙÖ_s±%ùiÇ~_vâ¶môÿdÛ²]X˜Åÿ‰YZنÅñª»Yó,g„©Q +]¿†<$E`òÎØuÏ +ã +pm”bŒääLæ®ÌUU©KÁò%fE-c +ZÖX +7œ2fa7œÒòÓã¢á[Çžº†›ruK^I%œºž`겑üôáý¯Ÿ~ñ&¯@»;-ß_X¿‘`0éÓñ@“ýÏŸàþÝÏ? +5 +¥IÔ +VÃ>M®67yã;ˆŒìYMÛd؈ +ÝõŽÅz+ø‘ þÊåü¢Ÿ7=ìY +ýŠË­ôü“ÁšÉmì|€ +ò?ëJ?[;‰¡¹ct;ÕF°eóNtPّ{4”yà„Ðœ'>T؀Ÿ +‹O©jœì?TÍØ ˆ‘T°áµ +7]q®Yéô©EÑé—#²7º™˜$ ÚNâã!1Í÷™#Éèg +å\È*%Ç® \;ø4¶oºo;î+Ñç¬ämÿÙò¹ÖBVßšòUawC™#î6Pž]xŠÂ—?.:FkMtiK)Ì؛ìBŒ›ˆ?ÈõJ††èR)žkní +èQ{Vi€TìÅ(8^/ŒlNC©õ)NÊ„^.†ç~ÍŒÑ*h +ÇõlOècH[ÌÙ)º19oúK‡²«Šä•!Ÿå-lϵÖ~˜X_¿~ÕF6¢,²{bÞgD¯yѵL²÷*<ú=z£öe&„¯ìܬA77ã8fd:žMt’€Ð•øX¶iá}ñzÌ}ñ‹ +€xG'„n6âv4¿ï6 êfÉÈ,ž\Ö»ýe¬aÏå¢~8ŒšxõÌۇEdíÊלtPaôJVÃëÑÚøÝç‹úA~"‘u>‹qëÙ}-2ŸŠkÃü +„USöT›Ä‰|&wiš6SM›¿ +µL@õ ùî­zÊDUAú;zoþ +捁6Cn€µ§R®ºÏ«:šè^-M7ŸfÛ¢UR9aÎBrÞemñŒ~*ê%Dœ”‚2!ôNˆÚ>­Â1Ž5hÑåB£Î,VÅW%ü‡¥lßOI›Œ{²qÌ]ÙË +€ìïtáøIôvâœ2ê +LŒ8‹Zoè ±t]ÜŽ“§)¬Šás`KŒ(ž!v +:AÉœ!ĵ) žçGCS> endobj +1865 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 364.36 171.855 371.214] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +1869 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [291.385 214.718 339.814 223.739] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE) >> +>> endobj +1873 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [331.514 155.938 379.942 164.85] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1847 0 obj << +/D [1845 0 R /XYZ 71.731 729.265 null] +>> endobj +1848 0 obj << +/D [1845 0 R /XYZ 71.731 718.306 null] +>> endobj +1849 0 obj << +/D [1845 0 R /XYZ 184.846 708.344 null] +>> endobj +1850 0 obj << +/D [1845 0 R /XYZ 306.997 708.344 null] +>> endobj +1851 0 obj << +/D [1845 0 R /XYZ 71.731 693.235 null] +>> endobj +1852 0 obj << +/D [1845 0 R /XYZ 71.731 691.99 null] +>> endobj +1853 0 obj << +/D [1845 0 R /XYZ 129.514 674.969 null] +>> endobj +1854 0 obj << +/D [1845 0 R /XYZ 346.15 674.969 null] +>> endobj +1855 0 obj << +/D [1845 0 R /XYZ 389.128 662.017 null] +>> endobj +1856 0 obj << +/D [1845 0 R /XYZ 71.731 648.966 null] +>> endobj +1857 0 obj << +/D [1845 0 R /XYZ 129.514 631.133 null] +>> endobj +1858 0 obj << +/D [1845 0 R /XYZ 181.11 631.133 null] +>> endobj +1859 0 obj << +/D [1845 0 R /XYZ 351.828 631.133 null] +>> endobj +1860 0 obj << +/D [1845 0 R /XYZ 450.627 631.133 null] +>> endobj +1861 0 obj << +/D [1845 0 R /XYZ 71.731 570.197 null] +>> endobj +1862 0 obj << +/D [1845 0 R /XYZ 156.075 559.402 null] +>> endobj +908 0 obj << +/D [1845 0 R /XYZ 71.731 501.37 null] +>> endobj +134 0 obj << +/D [1845 0 R /XYZ 387.682 456.116 null] +>> endobj +1863 0 obj << +/D [1845 0 R /XYZ 71.731 432.36 null] +>> endobj +1864 0 obj << +/D [1845 0 R /XYZ 71.731 388.205 null] +>> endobj +1866 0 obj << +/D [1845 0 R /XYZ 71.731 344.434 null] +>> endobj +1867 0 obj << +/D [1845 0 R /XYZ 133.111 331.583 null] +>> endobj +909 0 obj << +/D [1845 0 R /XYZ 71.731 315.229 null] +>> endobj +138 0 obj << +/D [1845 0 R /XYZ 96.607 249.751 null] +>> endobj +1868 0 obj << +/D [1845 0 R /XYZ 71.731 229.611 null] +>> endobj +1870 0 obj << +/D [1845 0 R /XYZ 460.819 216.875 null] +>> endobj +1871 0 obj << +/D [1845 0 R /XYZ 119.552 190.972 null] +>> endobj +1872 0 obj << +/D [1845 0 R /XYZ 71.731 169.024 null] +>> endobj +1874 0 obj << +/D [1845 0 R /XYZ 119.552 145.144 null] +>> endobj +1875 0 obj << +/D [1845 0 R /XYZ 205.618 132.192 null] +>> endobj +910 0 obj << +/D [1845 0 R /XYZ 71.731 115.839 null] +>> endobj +1844 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1879 0 obj << +/Length 1589 +/Filter /FlateDecode +>> +stream +xÚÝXɎã6œ÷Wø([€DQY&È +’Ói ‡Ì +h›m +£-ZºÓùúER%˘cÐ@˖Kªâ{¯ªXÄ;þðŽaÄ|ž‘îNك·»À/°¶pµ‰;²yÿôðøÄ»Å¡¿{zÞùq€Bî˜OPDÉîéü—ó󕗍šö.¡žã#uý(rž +©ÃSu£­ù +{ÎEþêV^4¢Þyúíᗧ> +J0òÉÍ@µ‰ +(Þa†Š2R³`"D] >ž +EÎmY2dÏiԝGuyß^êɍOÕ +ŒŠ£Œ;Y/žb&Cžv%$Œuž~}V+|+ZõáÊå[^$ zñeU +»÷uß.¢i’ü_‚Ø©yvåI®~i +u­Úü >êæšä_ÍGÞlzù©hs`JœÕ +®.GiØ^æU"Wa”©àµëØ]LPLq·ºÓUœzÇúåö,p~ÚSêü®n|öŸ‹ªÍL„Ô»6Mùîñ1å®=‰:è, +;+ø +OV¯ä.{œ&§k­RÄ$K‰ <'íkÁ«œÏœ“€âÊa +iÆL? Wv|›-âUJ¿uai\ +‘õ×2ýBµD +«*‡5WâTd™ÈÏÏÞôïVÔMR䚀ây`â~ëÀp#‚‚(žâ"“Ý$zÒI¬ndœ3ÅÖÂD, €Œ'éTãß)d‚p2¡D¡ŠîÒ¶ù±ç +ȲÑÄ +CŽ‡ó{%A)iä +ÁD‰Ÿ”ÄU‚‰LdGQÍ3Š I>·é‚b+!£ÒkŒmjxÑ÷€—Æ sJÛ³˜Qû\€i±'Ôy +ŽÇÎÅü\ m4P*ÞÍk%Æ1¢ KJŠñr±46îÈHUK¶ƒ¬löžNæ„PË!Èð’¿ùuð¯ŸYò?0•œâ`ÀŸ=çä +bú +G(áäeÜ·ôéjAif7O“ë0™bŒ|ÊÌ[€'⭜۞þ”¡„endstream +endobj +1878 0 obj << +/Type /Page +/Contents 1879 0 R +/Resources 1877 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1925 0 R +>> endobj +1880 0 obj << +/D [1878 0 R /XYZ 71.731 729.265 null] +>> endobj +142 0 obj << +/D [1878 0 R /XYZ 330.82 705.748 null] +>> endobj +1881 0 obj << +/D [1878 0 R /XYZ 71.731 681.992 null] +>> endobj +1882 0 obj << +/D [1878 0 R /XYZ 236.801 672.871 null] +>> endobj +1883 0 obj << +/D [1878 0 R /XYZ 71.731 638.211 null] +>> endobj +1884 0 obj << +/D [1878 0 R /XYZ 338.688 627.043 null] +>> endobj +1885 0 obj << +/D [1878 0 R /XYZ 158.844 614.091 null] +>> endobj +1886 0 obj << +/D [1878 0 R /XYZ 255.401 601.14 null] +>> endobj +1887 0 obj << +/D [1878 0 R /XYZ 71.731 579.058 null] +>> endobj +1888 0 obj << +/D [1878 0 R /XYZ 71.731 546.181 null] +>> endobj +1889 0 obj << +/D [1878 0 R /XYZ 71.731 546.181 null] +>> endobj +1890 0 obj << +/D [1878 0 R /XYZ 71.731 544.936 null] +>> endobj +1891 0 obj << +/D [1878 0 R /XYZ 129.514 527.915 null] +>> endobj +1892 0 obj << +/D [1878 0 R /XYZ 71.731 525.758 null] +>> endobj +1893 0 obj << +/D [1878 0 R /XYZ 129.514 509.982 null] +>> endobj +1894 0 obj << +/D [1878 0 R /XYZ 71.731 507.825 null] +>> endobj +1895 0 obj << +/D [1878 0 R /XYZ 129.514 492.049 null] +>> endobj +1896 0 obj << +/D [1878 0 R /XYZ 71.731 454.191 null] +>> endobj +1897 0 obj << +/D [1878 0 R /XYZ 71.731 454.191 null] +>> endobj +1898 0 obj << +/D [1878 0 R /XYZ 71.731 419.277 null] +>> endobj +1899 0 obj << +/D [1878 0 R /XYZ 71.731 419.277 null] +>> endobj +1900 0 obj << +/D [1878 0 R /XYZ 71.731 418.032 null] +>> endobj +1901 0 obj << +/D [1878 0 R /XYZ 129.514 400.891 null] +>> endobj +1902 0 obj << +/D [1878 0 R /XYZ 370.359 400.891 null] +>> endobj +1903 0 obj << +/D [1878 0 R /XYZ 71.731 398.734 null] +>> endobj +1904 0 obj << +/D [1878 0 R /XYZ 129.514 382.958 null] +>> endobj +1905 0 obj << +/D [1878 0 R /XYZ 370.359 382.958 null] +>> endobj +1906 0 obj << +/D [1878 0 R /XYZ 71.731 380.801 null] +>> endobj +1907 0 obj << +/D [1878 0 R /XYZ 129.514 365.025 null] +>> endobj +1908 0 obj << +/D [1878 0 R /XYZ 186.64 365.025 null] +>> endobj +1909 0 obj << +/D [1878 0 R /XYZ 464.117 365.025 null] +>> endobj +1910 0 obj << +/D [1878 0 R /XYZ 71.731 362.869 null] +>> endobj +1911 0 obj << +/D [1878 0 R /XYZ 129.514 347.093 null] +>> endobj +1912 0 obj << +/D [1878 0 R /XYZ 343.69 347.093 null] +>> endobj +1913 0 obj << +/D [1878 0 R /XYZ 435.285 347.093 null] +>> endobj +1914 0 obj << +/D [1878 0 R /XYZ 470.981 347.093 null] +>> endobj +1915 0 obj << +/D [1878 0 R /XYZ 379.823 334.141 null] +>> endobj +1916 0 obj << +/D [1878 0 R /XYZ 71.731 299.108 null] +>> endobj +1917 0 obj << +/D [1878 0 R /XYZ 177.285 288.313 null] +>> endobj +1918 0 obj << +/D [1878 0 R /XYZ 340.302 288.313 null] +>> endobj +1919 0 obj << +/D [1878 0 R /XYZ 396.201 288.313 null] +>> endobj +1920 0 obj << +/D [1878 0 R /XYZ 295.55 275.362 null] +>> endobj +1921 0 obj << +/D [1878 0 R /XYZ 442.597 275.362 null] +>> endobj +1922 0 obj << +/D [1878 0 R /XYZ 71.731 253.28 null] +>> endobj +1923 0 obj << +/D [1878 0 R /XYZ 264.277 242.485 null] +>> endobj +1924 0 obj << +/D [1878 0 R /XYZ 399.867 242.485 null] +>> endobj +1877 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1928 0 obj << +/Length 1987 +/Filter /FlateDecode +>> +stream +xÚÝZKÛ6ŸûWøhk†/=Ø[»MƒIÐbè!ÍA+Ë6= +IÞíö×w(’m=vH³iåÑÌÇá73$Gd‰áY +.T ê{Ë8[àå +~y³ F‚sŒPÀýÀÄèrã(øåvñê7J–#ßËÛ]k3D™¿ŒÝ~Z]¢c”ë + +ÂGúz]äaL÷§2ªe‘ë‡ÅN_Ób¿&xµ—ùš¬öúÙ.Še*k™TëÏ·ïÀj°HøLå +ņ Ä¡2z{Hà=¯âž!xšž€F`W”úŠŠÀZvˆ€’•ŸæQ–lµQî/C0ê+£$ðQH<ð²WE͛eÜGça$°0rwZé6Ù©!F§ŽFúÉÏiUè»™+©†+-ŽcŀMÿ–÷1n( +P@ùrC(žvÍ«€ +@ “ë‹Y7yø#Œ^ÿåÆRZĎ/-ëhp"øúκ7ªíÏÙQڇµÌPNŒv²¶²ªKy·Šxuê, +£øKŽoçð•1ú 냱£†ÖÃÐã%Í`à,Ékë'˜©czIÐØçÇ%º4z,Nf8 +UÕHžÍ3ë§mRÅ0F5ˆnæškV”I3 +|6_Û€ŽdZ¹³Œx}ÛÆ%ñBD +¿ô©‡0ƒ¡ke6ŽŽ]‡—Š”í›$îFsÈ¥qŠ9 +™4ne&_*Ò,Ô, +1ˆBš)FƆ‘pQ7r +“UÞ$yRF©yO +dŠÂ hÞz}€H&Ý°j Ú"œòèTŠRþc¹”[©æXÇC¥ƒÓRCO~e%sYÃünÏCÜ€ + +–ÐiªïöÍXê€?F0âp«1fI¥2Œ þJ5Ò®‰Ä; +”J +VÏeˆÛŒPkœÕ}RÊúqÀF!ãN +ၠ+ž*Ñ·( +¬ÒÌXáîΈ@âß7.‚ûZeCî¯"+€~”ù^ÿ¡3£- WFá¡š†Fà1Ä°õW}(×,G +Št;ì,Yi&_OQja]i\P6Ž'[ÀÚ³M‹5õVIi“D”_]ä + +"÷ʟڝçiüd%¿í'8bŒÉïX׌€¶q`#áƝ)]T͓t€!ø,2ڄ·+R3í÷QØ©ó4í²sTÚŒžš`ȓíOœìE`É^.Â8šÜðuñé3^n!‘Œ[`Ä`2 +à +#"Ä2[pLÔúïtq³øãÞ°æUŠåHp>jžy ƒ}g€Ïµlì(6œ„Vgk£.¿RÀÁĒCâT§®÷vR.ýš&Gá·Ã³Ê&á1Ê +.Œ¹ÏM‚Ëãä£"ğ£š%ÏŒúµ°þł +×YËì# +êԛy2JN× +˜@ÖRÀAö±šíªOåf4J‚9Pž‘à‡O,„Å·7É&0엄Yçé +ï~ŒŸx0ÎÒÀ÷«§Jðæ<ß»Uª%È +è_V’€º8§ x \×e™ïŠQntºæ Dz– +²·€¬ÌšEp”öW-ƒt˜ð +Ë^[›'†a{ÂMÑšeL kùà ûs +6èڍÄsH1âÿGŠ`s‘‚úˆÁÊl’¶„Ÿ.ÛYT~%D§kBL k á »]3o%¡JÔQvœàÀ + _X™ aöIJt`ª‹sR–£èTÍA `- +`¯ËҞœ?'́õe•*<ä +’ T„ÈuQŽKYQÁÑ5ŠY*žÈ®™ŒÿÂažß=/Ð +âÙ« +#=Ê?€5fCÈãº$GiRŽÓ¡SöíÐ::L@kéà@ûœ,öe”™#Ç:*ëÓñUî,)›c³¿eÓSGî&èSẕj +Ç««³¶Ši +E§ª]Dw®ö£k^µ.É*“y³œ'ä +{Y +Šzöbšžê÷„f›Œó±Ó5Gzš@ÖòÑAö6‹¬%‹=ê0œ+ +Ô8•À”Š«Ô¶O«€4‡åæ€?OuçsŒGs +ôû–9—ùþÈrÕ(¡§ +Šª¶Þ +0ù³ëÆÕfñ.?V¶?žCŽægáo:¥›FºþÛ!RÇ\Úð@')N/_ +Œÿl‡{éŸÓ3s;&R +‘µ}eÝA‚• +³Ò@ëeÈ%Óp-mC®kP+éŠAßÿT¢ÓQà£ÝÂ=žŽôž- +!K†©€]OOã]Jœž=ØÙ»ŒvöÍ;Cöt?0Ÿn¹‘éÉö¹jóG™TEjfÅ|ÐÔ)È0wæÑv +bg©B÷Úû¬>Ql{’Ÿ>È*þ<@ºò‡2€/ŽÃ™JŸŸ‘u[ +ï‹âËéØWîҰ늓Q&PÕ +õŸ`B'4Ê#ò$úöžÁ„Ÿý> +Ç"•±r’iwÞË"m;þföÚψl§¿ûŸÃ|0é6,`9˞p['4ê6#ò€Ûúöžá¶ŸýŸÛ +Q +·×¹øâ‹+û +ÄHó +‡º@‚A—‰M'¢9÷ ©2/°Z +JúE·ù€­oé_˜ý»4endstream +endobj +1927 0 obj << +/Type /Page +/Contents 1928 0 R +/Resources 1926 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1925 0 R +/Annots [ 1934 0 R ] +>> endobj +1934 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [158.296 624.95 204.791 631.804] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +1929 0 obj << +/D [1927 0 R /XYZ 71.731 729.265 null] +>> endobj +911 0 obj << +/D [1927 0 R /XYZ 71.731 718.306 null] +>> endobj +146 0 obj << +/D [1927 0 R /XYZ 507.703 703.236 null] +>> endobj +1930 0 obj << +/D [1927 0 R /XYZ 71.731 672.259 null] +>> endobj +1931 0 obj << +/D [1927 0 R /XYZ 222.485 663.903 null] +>> endobj +1932 0 obj << +/D [1927 0 R /XYZ 296.367 663.903 null] +>> endobj +1933 0 obj << +/D [1927 0 R /XYZ 119.552 650.952 null] +>> endobj +912 0 obj << +/D [1927 0 R /XYZ 71.731 624.95 null] +>> endobj +150 0 obj << +/D [1927 0 R /XYZ 169.341 579.795 null] +>> endobj +1935 0 obj << +/D [1927 0 R /XYZ 71.731 559.655 null] +>> endobj +1936 0 obj << +/D [1927 0 R /XYZ 71.731 559.655 null] +>> endobj +1937 0 obj << +/D [1927 0 R /XYZ 365.826 546.918 null] +>> endobj +1938 0 obj << +/D [1927 0 R /XYZ 459.065 546.918 null] +>> endobj +1939 0 obj << +/D [1927 0 R /XYZ 143.042 533.967 null] +>> endobj +1940 0 obj << +/D [1927 0 R /XYZ 427.179 533.967 null] +>> endobj +1941 0 obj << +/D [1927 0 R /XYZ 71.731 518.858 null] +>> endobj +154 0 obj << +/D [1927 0 R /XYZ 258.693 481.643 null] +>> endobj +1942 0 obj << +/D [1927 0 R /XYZ 71.731 458.748 null] +>> endobj +1943 0 obj << +/D [1927 0 R /XYZ 289.224 448.766 null] +>> endobj +1944 0 obj << +/D [1927 0 R /XYZ 71.731 433.778 null] +>> endobj +1945 0 obj << +/D [1927 0 R /XYZ 71.731 433.778 null] +>> endobj +1946 0 obj << +/D [1927 0 R /XYZ 71.731 211.81 null] +>> endobj +1947 0 obj << +/D [1927 0 R /XYZ 409.461 198.859 null] +>> endobj +1948 0 obj << +/D [1927 0 R /XYZ 209.036 185.907 null] +>> endobj +1949 0 obj << +/D [1927 0 R /XYZ 71.731 163.825 null] +>> endobj +1950 0 obj << +/D [1927 0 R /XYZ 71.731 163.825 null] +>> endobj +1951 0 obj << +/D [1927 0 R /XYZ 71.731 162.58 null] +>> endobj +1952 0 obj << +/D [1927 0 R /XYZ 129.514 145.559 null] +>> endobj +1953 0 obj << +/D [1927 0 R /XYZ 350.722 145.559 null] +>> endobj +1954 0 obj << +/D [1927 0 R /XYZ 410.776 145.559 null] +>> endobj +1955 0 obj << +/D [1927 0 R /XYZ 71.731 143.402 null] +>> endobj +1956 0 obj << +/D [1927 0 R /XYZ 129.514 127.626 null] +>> endobj +1957 0 obj << +/D [1927 0 R /XYZ 71.731 125.469 null] +>> endobj +1958 0 obj << +/D [1927 0 R /XYZ 129.514 109.693 null] +>> endobj +1959 0 obj << +/D [1927 0 R /XYZ 71.731 109.594 null] +>> endobj +1926 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1962 0 obj << +/Length 1423 +/Filter /FlateDecode +>> +stream +xÚ­X[oÛ6~÷¯Ð˜’"%±@lmŽè:luŸÒ<(²â%O’äßïðŠ»å®D4ýéœï\xΡ‰‡áxAQ* +¹— +VØÛÃ7·+bŸ +ø=ÌïÛÕÕ +ž@" +Œí£0ŒB.Œ( (æÔÛîîÖc“UŸrŒfÈ<ߕÅwŒéþTm_', +óEùhžy¹!xœ×ÿ䆬‹œÙLR™ËFfõæ~ûiõaÛ䔠€.šÀ0ØƞO1”Ìbˆu?Â1 +ë쌌‰H™é0¢ÌüN)S"”Â÷Äë‰rúÆÏN¿}gNëgFrÂ’4ÍêÚx)«ª²²ëÇÒú~'«,mÊjÆwΠP`ÄÈÇô@ç +㠗 +3£ï²cfôO +Ó'P>Ôé©ÊŒTÖåv]$‡¬vÛ +¿ÈæÉ~Qþ2s-‹&ypðô)©’R¹41{I±»rþ•Å†áõó†BBçrg6¿}|__Ý¿NOQšu}J­ŸS +º²êj_•§£~.>E,Š/ħ +\ŒÏTßÄgªŸ +ŒÜËâ +þ—§ÆŠ¯òᳪ +YÑô<'mqš“ÃS¢«‚õŒÅ€mUɬûëëCYÈƪyÊÎ˞¯ž×8F1šÐמþJ6¯¶"õvóñÙ:ÇX6»—B™ +ÂÈ +¡d +¡˜ +§Ãø=ÐĝcA†}ڕS†šd +YVo1ËêG‚”ú_{‡Ã +º:kÚ#â" H +›GÈgšWb><ƒ#!àÑgƒïiç"„[< +ÄÎëmX©¥£MCQ¬Ó Û¡†Áëøϲd +qølŽ~kÇ)1ÊPH!µ G=loJô(e]dÂ)dG +zŸj©Qše~,.JiKÝ/ +”‹O,æa +¡€Íì +Z0øå¥~k,d¡ƒ +¡>ÆEÐæ}wbâ~g#f¢u¯¹cU•` ˆ4âÍ`/Ž{~ˆ5;EM-uҚűÌej{Õä­éžÓüw–ìþ,ò×뮒Ÿ¬›&û¹ÜßÈ<«ç±C¹·Uù"‹=ŒR_+ìKR +ðû¢¬²/e‘]§ +{ +D +ú·<¿V'„€÷Ðêÿ¹y@­3MAÏ—ä‰÷À8±`ê{YƒŒ™Mƒ³”ÛN +bðÌí¶éÓgw=X­eñlz¯úœWÙíú¯ÚrýW­MÿU«S=nŸÿ!áŸ(v·QÌ.æüöIZR³fŠk†â^˜Ggß°Wª +ÛÙ 5ÐÿwªhÝ/ôYéž.ÊFŠÙ2 +Hœ¢š7õpÊytáÔ6X“^M°¡£g],–¬,þPò®mRÛú +C +ƒùC—'ßÕ'&Pp-@uBªnQŒ~—'umRjXÜñ ÌêŠVÏÔw°ë;® WYž4íÔñzÌF-Pg—û +ÆÊrªœÐÅÔÊMûÊcD)³({›ºQœ« +E7V‚£÷²œ8©«”¹<œnBŸ¶}AMQÍpŠ:–u-Û©×MPUV7•Lm%1GX°A +šs¯%nÖ}h[L¯ê~ +ÏYÛÍM3CS$‹=Â9bþ~g!~3Y†bf&Š`¬9€† +ÀebIµÃ,ê + +jç%Ç­ëçɆº›„Ì{7Ÿ› µÞž»'èY +GŠÄ?«»{ìí€ñ§ +‹"ö^` +3 +ÞaÅ0ÕäÌç|õuõ×OŒáÔ«#ː0—ÖY1ú% +bÌÊ¢‡Rº› +ÁŒ·AçKÒ?-À#pÖnnzú\O£“}ÀŒž°Ÿ§æ„-RSaŠª õš}•ûBª‰ +F¯4›þvAa– +ÿŽ*B<Žê5ñs9Ð S5 ž> endobj +1971 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [240.367 619.512 292.671 628.423] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +1980 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [279.48 153.838 324.311 162.75] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +1963 0 obj << +/D [1961 0 R /XYZ 71.731 729.265 null] +>> endobj +1964 0 obj << +/D [1961 0 R /XYZ 129.514 708.344 null] +>> endobj +1965 0 obj << +/D [1961 0 R /XYZ 71.731 708.244 null] +>> endobj +1966 0 obj << +/D [1961 0 R /XYZ 129.514 690.411 null] +>> endobj +1967 0 obj << +/D [1961 0 R /XYZ 71.731 688.254 null] +>> endobj +1968 0 obj << +/D [1961 0 R /XYZ 129.514 672.478 null] +>> endobj +1969 0 obj << +/D [1961 0 R /XYZ 220.163 672.478 null] +>> endobj +1970 0 obj << +/D [1961 0 R /XYZ 71.731 634.62 null] +>> endobj +1972 0 obj << +/D [1961 0 R /XYZ 357.218 621.669 null] +>> endobj +1973 0 obj << +/D [1961 0 R /XYZ 165.081 608.717 null] +>> endobj +1974 0 obj << +/D [1961 0 R /XYZ 71.731 586.635 null] +>> endobj +1975 0 obj << +/D [1961 0 R /XYZ 71.731 563.721 null] +>> endobj +1976 0 obj << +/D [1961 0 R /XYZ 71.731 239.788 null] +>> endobj +158 0 obj << +/D [1961 0 R /XYZ 213.661 201.823 null] +>> endobj +1977 0 obj << +/D [1961 0 R /XYZ 71.731 181.719 null] +>> endobj +1978 0 obj << +/D [1961 0 R /XYZ 71.731 181.719 null] +>> endobj +1979 0 obj << +/D [1961 0 R /XYZ 276.422 168.947 null] +>> endobj +1981 0 obj << +/D [1961 0 R /XYZ 71.731 133.913 null] +>> endobj +1982 0 obj << +/D [1961 0 R /XYZ 71.731 133.913 null] +>> endobj +1983 0 obj << +/D [1961 0 R /XYZ 71.731 122.705 null] +>> endobj +1984 0 obj << +/D [1961 0 R /XYZ 71.731 122.705 null] +>> endobj +1960 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1987 0 obj << +/Length 2187 +/Filter /FlateDecode +>> +stream +xÚÝ[[Û6~Ÿ_áGˆ9âM—}Ëf=Ýé6“lâ(š>hlÚ"K^Ižéüû +Š€D[=hk +0²,êð#ù+i<ñáOBŒB +#ðÉrwãO6ð䇬[Ìt“™Õ柋›Û;Obt²XO(óQÀãIH Š8™,V¿zï¶ÉŸåtFžï1€®ïŠü«ï“Í¡œbî%uZäêA±V׬˜bßÛ4ÿÒ)öòú~,Ó,­SQM[üx3_Ž9Áˆç˜c¢É +CS +Ê6ÿ»ùõ7²‚¶?ÞøˆÆÑä>ûÇñdwÃ|Ò +MÝg7Ÿoþû +o˜þ}蘡˜±ÁŽ›—|£>éÖÇR|Œ8Lî,lúbÝJàn%0gVÂç(æT­D–Tœi£ÄGeKØ÷C3œÐ(aˆÀ6ŽÏé&O%#–IŸý¥%ã` +Œr +8ñ¿où­Å$!ŠbþZ4ºõÐb!G~w3ö3ˆ1òýž™±ùÏó‡ÅÐbZŸZ»˜.hf1 =I¥y])­ +u}êZŠ}QÖb¥îŸúÜO‘Іa_dérŠïEÝ?¥E֘‡ê +l£C0Ú¶dÅ&ÍoáqšAFCÌeB +sfòµøïn=ÀN£n +˜+]Lcêœý4 +|o˜xÐ¬ˆ +bK<b”õa[ÕÅ^Ñg'ª*وj˜c>"Fô·'cˆFÌM +"›ï?’¢8) +ðZRXðSÊœˆP'»}gr¶žò(’ÆnŽdHã_Æ˕ˆž|†Ý|€ÐW®þ§?ügþË W:acpÅ­åJm±Õ +ꛌ; +ôb/Ç.Ly¶2]›ïÍ0Æ£?‚,öd@“‰a.1Ö+³=˜¢ ŸáQ€BOŸŠÌ÷>|äS'p +>9àµ|²á•eQŸÖôº, +#ÈÓ.„(ÓQŠüÿÉ +Å¿çƒl°ŽÀŒ– +< +—/õ65ù¬È*Ñ9%6:NóuQî òTäIvL"g¬;Ê ¯Ë¬ðˆ"»C +Á(Gðvʹ÷å_ƒ4êčA#8C#Ü痪;Eˆe’eUǟµ±6+ñ8%ŸwØ@~Žq³eŒ±ü¹fÇ^g‚Ìϯ³nÄÁëFøÄá'0sb)+dšÆ/e¹DȈ°M[KQAýŠºäbJž÷< +ž÷Ƅ»}Ö3Ž$éòFWꪖ[èÒŒ#k\KqeTmSŒ"DÐQŒÐ$H—U_ŒäF–m —•IƳ¢AÞÅ¿ÏiŠíLU·Ÿe(T”ßôà’ÜŒ_Ô[ÃÁü8¿ß¥¿7XõHgրépHÿ,³BG2+,€e¡Îú +1"8º\ëd`R +ÀŒE±œ®ú6ÂëŠO'(ŠB§[aœ£( +^ãV,qcpÀ®%®çV]Æ(8¯+À`4Dœq7˜8UŽ§ÉZŸ< +2¡7 +àZ&Xà +dä©ÍyȏCÏsÁjUƒ_iJoÚK4©óïi­oB—âÓ£œ2ËSC|âæá +¿®g +ƒQx-£,xG5žê$’H²TÕ[† +Îà¯ÌàøŠÜ™1ó!ÐejKæîþ§AfŽ’Æ Æ0¬–¬÷GF¥YÒn +™Š›ª¡™€XšÆžlÊŽÖ58ˆs—ß ÍŠÏ#Œ.óBcŒ8v.4fˆû*6XŒ4,–šøãfd;&к,v'uÙe–BÆv+ +û¢Ôy•vZ‡Çª yy3ÊЮËìÐ0€ÄÍ +çÐ0FF,×çã4&ÞۇûwƒôéŽAŒ–>Œ;uúÄ;B–k+ +Žd"Yµe:cöe±)“*ïעܥy“ÑshŒñý5ŒÏXY3 +äjQ7‡Š"‚Ûÿ{:Qc°Ç¬e +¬_Ýï¢ãÈE™dÎÚÛ(ð¯Ì31Ž˜{ÿ‡²±P5y˜žEèDÁa\-5l\.jä¢6U57=FÀ•¹ +ÍX䊥S +Ìï>~&H'm +†8°µ±±¹(’æûƒÉž»<{YäÇ胓V%YÅÈn.1Ö¿J™Ÿ’ +¶6â ‘§€Öæ(+áÑ@ +a²x>#a䜕u—'¹5’€Yò(µ°I.à‘ܵoN›6>Ÿ8>jzŒ ,lŒÀLžs +ʓ*Ùm“ÔÔö{yÆ­:‰F×E&«î÷ÜFkÙiדnV¶' $ž +ÕÑqä7|:wص-«‘!fˆâÐÞ1Mä8ŸÂ{ý‹(Ãçú;œvýëwúýǶÒ̎ˆÙ§?çPsÂ5ÊPOµ=ï‡ÊÌ¡ÚÿJ³zfž}~ʳøhTi%Ž~&mMRPoÍf†¹ªR„zÝ&, 3íu<šõsÞ ¯Tt˜”M%œ9&*qÛÛ6öi‘.ŽT;8úìdÇ +5€ +ÜLÁ,F„“ +$è +’@7¹H‚~¯ ÁiÿçH`€ÔÌ +?Gvã”í^XeU²µivÔÀ+ìÉÊAÀœá ¥Q +_˜Ð®Ñà„ê&'Žßß+&ôŽÿsjßQ™èÏ&˜°îOgó~Ý€óv­\«DìŠüƂI‚Šg°ß44Jz»O·ƒ +!ò™YÆŽjx¥õ²jùœšóUœ‚üLî  sýú($äÿïWn^6ZJC°@äHK­óÊY²4úúøbÁ3»íjïu)Lò˜JGœÌ]©·‹ïîï> +FÁ(¿@Œ®Ñ ñt“‹Äë÷÷ +âöŽx£Æv5¯¯ÒàУŸJÏóºlœ¢4šœ³vVb. +çSº:9Ov{Xp³RTiUË­ÍÞÌë`"÷HzöÒ5鍚럓è&r„ü<¥ßÓÝÖ®endstream +endobj +1986 0 obj << +/Type /Page +/Contents 1987 0 R +/Resources 1985 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1925 0 R +>> endobj +1988 0 obj << +/D [1986 0 R /XYZ 71.731 729.265 null] +>> endobj +1989 0 obj << +/D [1986 0 R /XYZ 71.731 542.765 null] +>> endobj +1990 0 obj << +/D [1986 0 R /XYZ 71.731 494.78 null] +>> endobj +1991 0 obj << +/D [1986 0 R /XYZ 71.731 494.78 null] +>> endobj +1992 0 obj << +/D [1986 0 R /XYZ 71.731 483.572 null] +>> endobj +1993 0 obj << +/D [1986 0 R /XYZ 71.731 483.572 null] +>> endobj +913 0 obj << +/D [1986 0 R /XYZ 71.731 298.616 null] +>> endobj +162 0 obj << +/D [1986 0 R /XYZ 320.077 253.362 null] +>> endobj +1994 0 obj << +/D [1986 0 R /XYZ 71.731 229.606 null] +>> endobj +1995 0 obj << +/D [1986 0 R /XYZ 71.731 229.606 null] +>> endobj +1996 0 obj << +/D [1986 0 R /XYZ 71.731 198.403 null] +>> endobj +1997 0 obj << +/D [1986 0 R /XYZ 71.731 198.403 null] +>> endobj +1998 0 obj << +/D [1986 0 R /XYZ 71.731 197.157 null] +>> endobj +1999 0 obj << +/D [1986 0 R /XYZ 129.514 180.136 null] +>> endobj +2000 0 obj << +/D [1986 0 R /XYZ 129.514 180.136 null] +>> endobj +2001 0 obj << +/D [1986 0 R /XYZ 169.922 180.136 null] +>> endobj +2002 0 obj << +/D [1986 0 R /XYZ 71.731 165.028 null] +>> endobj +2003 0 obj << +/D [1986 0 R /XYZ 129.514 149.252 null] +>> endobj +2004 0 obj << +/D [1986 0 R /XYZ 129.514 149.252 null] +>> endobj +2005 0 obj << +/D [1986 0 R /XYZ 71.731 147.095 null] +>> endobj +2006 0 obj << +/D [1986 0 R /XYZ 129.514 131.319 null] +>> endobj +2007 0 obj << +/D [1986 0 R /XYZ 129.514 131.319 null] +>> endobj +2008 0 obj << +/D [1986 0 R /XYZ 264.816 131.319 null] +>> endobj +2009 0 obj << +/D [1986 0 R /XYZ 432.586 131.319 null] +>> endobj +2010 0 obj << +/D [1986 0 R /XYZ 71.731 116.211 null] +>> endobj +2011 0 obj << +/D [1986 0 R /XYZ 129.514 100.435 null] +>> endobj +2012 0 obj << +/D [1986 0 R /XYZ 129.514 100.435 null] +>> endobj +2013 0 obj << +/D [1986 0 R /XYZ 71.731 98.278 null] +>> endobj +1985 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2016 0 obj << +/Length 2204 +/Filter /FlateDecode +>> +stream +xڕYK“ÛFŸûWè(UzØÍ·©r&ٍ·Ö±·2·M +ª%²L‘ +¶õït£›Í‡4v¹Ê¢(>€ +ŸñàßĜÅ>|ˆ”‰(Üäç7Þæ¿üû +'‰=‰ì +™ŸŸß<þK€›”¥‘¿y>nüÀcQ˜nb_°$›çÃÿ·OEvée»Û‹ÐÛL>5õŸž'NC»ãá6ëËŠÖ?4GýY5;îmOê¿rÇ·õIß?fyY•})»Ý_Ïÿyóë³50œùâ® +>DÉf/<– +Ÿ*ÃyÊB0}{ óƒ`ô3ÞÄ,ÑM#cDÐÍ? +ç&q!àwŸq^eôÍ?GýôÌR¿ƒ3'C +L +0ˆí +m;Ù~ÌÁ +ež}0,ˆh"“cÏÎEVÖúËОêêùéÓãûOúúkÙ$Ü·MMz²¡/dݗ¹ !Þ«$XžjT_cž_èZâuÞ^!3Hø,».;Ɏ-@$°£Ôc%hŽÐ­ ‘ׂ¶¢ïõ -ô¯Í5@ýåQgÕ2Z~ÀÒ F +j`Œ|É3ºx‘t֖‚6H·}£GoûU6Ÿ1Yè ‰5hŒPw.msj³sG5׎Š(O§ÒT"„ùÑüÐgŸñ>8°Ù“Ñ€ KCíeלIU–¥>\ÌU.Û~tš©Xñ(x'Bø¬îgÃ(t3HäÕlXêûŽl˜ë_Ëǀ?þ÷_Ááe%Pk²H†§¡m¡«ëJntÃå!,)’® âA_jºþÔÊñÆÇ6Ë+ù`£KQªËoùùév$ÎÂ4x%£ÐÍHÈ«‘XêûŽHÌõ¯EÂ1àS»C–ª†ƒ\‰„Ï¢(øá²<_Êʔ$±©Q?«4`UŠR«P_Þÿò +§d’:iÙßP4N!Ì(úš6ß-Љ–NÖ +؆[Š@Ç!†¡Ç-þk–Óv +övr +$ŽH3ªe«Š–dIaL2ÔôâðÃN„HR8^LvËŸwˆ>/@W—¶qcL +Šø¶h*zÞ +Š.yïMëY7 ý™ÛÁãÛ²›ûØ_w¡Ã7 ©EsGÄ"O+ýœéå[- +ÜJŠÁ”B¹õ +͎“mv8”H‡ú+Ñ)\)øáÓÀ—ǝo¬ÑpÃœVþ=”- \v{ŸÀÔH†oӘ’hYÛ7ê‹Ü™Ô<;©Áx·’æ:ô:©±Ý“ +Pü@X‘r€–hÕ·ÞhT] ƒ§ø™à!b°bŒ@>Ã;ð‚€ùL?üžU-,£L€{"=(šÇšÍŒÑÐ鬀Š= +NØ»•™)f طǙ6ÖþŒ«šQNS§Èа/ØN¥SrSºI|&Œ˜"Ü©Þ +£æÎÑø +`­ +_NÚ +Ø]ŠqČ؇aÏBKW™ÙÈì +!ÃÌVÿüEªGI§ +Œ3>Wï +Jš{êÌ]õó¡úŸ0if-jd?„d2Í2¯²n%®ÐH/¢ñu(/`ap×¹ëÉì5«8Š +î0bIp?ŒFæŸöً,ŽÔLT3¢ÖE˜rbG1oy_‹ŒZ +Ž«¢95vZF+©»–gl¹Y›&úf!3 +Û"«ÍԄ¹!ىdû4÷Ùùҙ^Œëé8ÂC£„E*ÜQ¶mӚhºŠ–Ögm?\ +õ®Úä˜âBY‚Yž€v?jûj™ç0ÖD鈵u°U +InýÖš »?ã¶ð0 +!90QƒG@~(LHÂ:JYo—èV + +Æ° +&“ +Üg]ofÏq]X‹Æ}LR(|»àæÓS†—je˜ +‹=q»D +yÉbèÛ~° +Zg:-³w„V˜nú¢5‚X(±š“ûÊIæŸòً,=°%Œ` +g +öfUázmyB~]ëœ “ú‘)]y4‰à”$UÄÐ^šN>æ8Ãø'µµ\§3f6©{JÛw£óâa|+ŒÃŒŒE3˜1ÃX +dVUױƜyù8TÖ@͇Ú7Quæãž<› +-Kfjà‚Y¿nz³C)wØ Öîi6á!c{ZÇמǐE×7G;`e +8gvV–çÉ°«™ܬà-S7¥ÛËãʃtD¢í@÷ŽmCԕ·X_”'–õuN||Qœ^6CW©©x$’ERA{ +’äÇ'¢Õ`ox˜%ÖÙ{õCk:ÖW5ˎ)frÜ¡Ö¢µ]EŠá.gK +Ó7g’}’Â%ŠŽWèE³S»ÊÒݘ +ŸA†ràc=󱁫Öpc}˜1öFoÁö•N ®âæ¥öNáºÑŸ\ƒžw‚  +Fæ8Œ³³9aXfWʂԐPU‚ + +ÏxÀ’Ð'˜mºii“‹Är³2¿b? +ÜŽª{ڛcØZð$Ì)‹³5EšýԜ߾Ûfon&0㢳Ü9'õëŒ9³nv5hr ’™‰É™¢<³,ÂuÚ]¯Ýúè@²ä›ùvM˜ê +±÷¶‹CYú# +Nr<ŸûgŒQdq n>àF"h±nü¹m©éq +Ñendstream +endobj +2015 0 obj << +/Type /Page +/Contents 2016 0 R +/Resources 2014 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1925 0 R +/Annots [ 2039 0 R 2041 0 R 2046 0 R ] +>> endobj +2039 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [276.073 418.442 328.376 427.353] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2041 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [404.54 418.442 456.843 427.353] +/Subtype /Link +/A << /S /GoTo /D (0:CLASSES) >> +>> endobj +2046 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [325.766 346.83 370.598 355.622] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +2017 0 obj << +/D [2015 0 R /XYZ 71.731 729.265 null] +>> endobj +2018 0 obj << +/D [2015 0 R /XYZ 71.731 741.22 null] +>> endobj +2019 0 obj << +/D [2015 0 R /XYZ 129.514 708.344 null] +>> endobj +2020 0 obj << +/D [2015 0 R /XYZ 129.514 708.344 null] +>> endobj +2021 0 obj << +/D [2015 0 R /XYZ 184.29 708.344 null] +>> endobj +2022 0 obj << +/D [2015 0 R /XYZ 71.731 706.187 null] +>> endobj +2023 0 obj << +/D [2015 0 R /XYZ 129.514 690.411 null] +>> endobj +2024 0 obj << +/D [2015 0 R /XYZ 129.514 690.411 null] +>> endobj +2025 0 obj << +/D [2015 0 R /XYZ 176.916 690.411 null] +>> endobj +2026 0 obj << +/D [2015 0 R /XYZ 71.731 675.303 null] +>> endobj +2027 0 obj << +/D [2015 0 R /XYZ 129.514 659.527 null] +>> endobj +2028 0 obj << +/D [2015 0 R /XYZ 129.514 659.527 null] +>> endobj +2029 0 obj << +/D [2015 0 R /XYZ 215.302 659.527 null] +>> endobj +2030 0 obj << +/D [2015 0 R /XYZ 71.731 657.37 null] +>> endobj +2031 0 obj << +/D [2015 0 R /XYZ 129.514 641.594 null] +>> endobj +2032 0 obj << +/D [2015 0 R /XYZ 129.514 641.594 null] +>> endobj +2033 0 obj << +/D [2015 0 R /XYZ 175.631 641.594 null] +>> endobj +2034 0 obj << +/D [2015 0 R /XYZ 71.731 590.785 null] +>> endobj +2035 0 obj << +/D [2015 0 R /XYZ 71.731 562.725 null] +>> endobj +2036 0 obj << +/D [2015 0 R /XYZ 71.731 547.781 null] +>> endobj +914 0 obj << +/D [2015 0 R /XYZ 71.731 498.73 null] +>> endobj +166 0 obj << +/D [2015 0 R /XYZ 519.912 453.475 null] +>> endobj +2037 0 obj << +/D [2015 0 R /XYZ 71.731 429.72 null] +>> endobj +2038 0 obj << +/D [2015 0 R /XYZ 202.759 420.599 null] +>> endobj +2040 0 obj << +/D [2015 0 R /XYZ 363.594 420.599 null] +>> endobj +2042 0 obj << +/D [2015 0 R /XYZ 71.731 385.565 null] +>> endobj +2043 0 obj << +/D [2015 0 R /XYZ 137.534 374.771 null] +>> endobj +2044 0 obj << +/D [2015 0 R /XYZ 255.451 361.819 null] +>> endobj +2045 0 obj << +/D [2015 0 R /XYZ 214.814 348.868 null] +>> endobj +2047 0 obj << +/D [2015 0 R /XYZ 71.731 326.905 null] +>> endobj +2048 0 obj << +/D [2015 0 R /XYZ 71.731 326.905 null] +>> endobj +2049 0 obj << +/D [2015 0 R /XYZ 71.731 268.38 null] +>> endobj +2050 0 obj << +/D [2015 0 R /XYZ 176.04 257.211 null] +>> endobj +2051 0 obj << +/D [2015 0 R /XYZ 119.552 244.26 null] +>> endobj +2052 0 obj << +/D [2015 0 R /XYZ 300.412 244.26 null] +>> endobj +2053 0 obj << +/D [2015 0 R /XYZ 179.048 231.309 null] +>> endobj +2054 0 obj << +/D [2015 0 R /XYZ 71.731 209.226 null] +>> endobj +2055 0 obj << +/D [2015 0 R /XYZ 71.731 170.372 null] +>> endobj +2056 0 obj << +/D [2015 0 R /XYZ 71.731 155.428 null] +>> endobj +2057 0 obj << +/D [2015 0 R /XYZ 300.538 145.929 null] +>> endobj +2058 0 obj << +/D [2015 0 R /XYZ 71.731 127.404 null] +>> endobj +2059 0 obj << +/D [2015 0 R /XYZ 197.291 117.635 null] +>> endobj +2060 0 obj << +/D [2015 0 R /XYZ 76.712 100.997 null] +>> endobj +2014 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2063 0 obj << +/Length 1749 +/Filter /FlateDecode +>> +stream +xÚµXÝoÛ6Ï_áb–»˜õaI-òÐfÍÐ! +ŠÅ}ÚbPeÚ&"Kž('õ¿;ò(Q¶ÓŠX‹) +ï~÷}4ùðÇG gI cÁ, +›3Ž‚/¿Ÿq¢˜ÉÔ¡y5?{vd£Œe³p4_ŽÂÈg³8%aÀÒ8ÍŒËuŸmE3™±ïEÌ):ӊ–òɄ +–[Cï”8°bœÕ¡«];Q”E,òÜ{%.uÜ +ñƒ†²Ý_hL&ž‡þÏ6‹Rbòя}%ŠÓ␥iD”ÞJU|:fD,à;Î +Mô < +Ž`Á/TËÆ`aÍ +×Ú(_Šr·@€ÕÊ~0õ)êªÜÛ·˜„XŠze¯˜ùúKŸÙ–B=§€E +—{3a «§c‚FHÄ¿àíA0 +³„&ðo!tãß­Æ/$nY?ÑrœzbäYËîPUWÂ2 +ËjYŸ?)À“œºzÜäZ"í–MœqŽŽO$ˆ<M3¶å;ö{ûwPPìASBaŸkŠ_°:vº4ú¢çoAã‡C†.7 +5cY}ÂÅ`@áÖ%ÜCq] +’ê„7l§ò]ka×9‘á@Âœƒ:ҝœ–Õî + +ÖÃТ§mlöÆJw>pšµ-Af"ŒÙ«V3 +ÈõüžPÄKRÛ· +ÑŽ¹­Þêðô¡§µÁ‹ÝÁäz›n[•²º¥Íb·í9üÚœ +P")Ö +ÙL"ßÌz+*ZÞʲŽ“‹~³ê6[Td+úéÊší<ݜìÄÓ01aÐQu)âÕxÐ8P¿ø{Â9Mœ®œ +huLnd%ýãš] +ðӎë:~M5ìNæéN!nóáqÊ| +w3àêÙ^ +73ìRIÜ5ž²D›Ï|ƒ# 5c'&ی³(¶sæÕÞZ +$t¥Òˆ»‚ :塐/M 4Õ(Dºšªq8Y +O?:þèæm#¡ŽxºÃÚ#Çó1Ü©Cßvf +qböŠíòçÑOÆýÀnÑœœÄ±÷þ·¹>å³îD|òÔ¶ìmuæL’>Kàê? +;öŒ›‹Ãð䧬_NŸÓŸëîf»ÄžŽ‹×ÓMŽ÷d‰Ñ†/Œ¹1rqwa + +ŠC(“tž^.uz¹Â’Œ +䍞ÓóÎ +æüC€ël˜ùÜ[ÊR< +˜­C=ã4 + +Â/þzÿ§‘sõæÚ,næ/ÑPoß=RØ7ðcA~uùXƒŒk$^u ¿nš? Ö5dõ¿"à𮝕Žåh +¬tðV +K%>ß5Šñ“ô!î?A!XÜ£By³8ÒI'ò±ï5€à¡ pãߣ”¥<ùꯐ=Éя1HA‘   ~à×ÂcIÿ±ëjžendstream +endobj +2062 0 obj << +/Type /Page +/Contents 2063 0 R +/Resources 2061 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1925 0 R +>> endobj +2064 0 obj << +/D [2062 0 R /XYZ 71.731 729.265 null] +>> endobj +2065 0 obj << +/D [2062 0 R /XYZ 360.531 685.031 null] +>> endobj +2066 0 obj << +/D [2062 0 R /XYZ 71.731 647.173 null] +>> endobj +2067 0 obj << +/D [2062 0 R /XYZ 276.72 634.222 null] +>> endobj +2068 0 obj << +/D [2062 0 R /XYZ 147.507 621.27 null] +>> endobj +2069 0 obj << +/D [2062 0 R /XYZ 147.507 621.27 null] +>> endobj +2070 0 obj << +/D [2062 0 R /XYZ 372.925 621.27 null] +>> endobj +2071 0 obj << +/D [2062 0 R /XYZ 372.925 621.27 null] +>> endobj +2072 0 obj << +/D [2062 0 R /XYZ 71.731 573.285 null] +>> endobj +2073 0 obj << +/D [2062 0 R /XYZ 172.861 562.491 null] +>> endobj +2074 0 obj << +/D [2062 0 R /XYZ 172.861 562.491 null] +>> endobj +2075 0 obj << +/D [2062 0 R /XYZ 71.731 488.603 null] +>> endobj +2076 0 obj << +/D [2062 0 R /XYZ 71.731 488.603 null] +>> endobj +2077 0 obj << +/D [2062 0 R /XYZ 277.567 451.905 null] +>> endobj +2078 0 obj << +/D [2062 0 R /XYZ 321.442 451.905 null] +>> endobj +2079 0 obj << +/D [2062 0 R /XYZ 259.854 438.954 null] +>> endobj +2080 0 obj << +/D [2062 0 R /XYZ 71.731 416.872 null] +>> endobj +2081 0 obj << +/D [2062 0 R /XYZ 71.731 416.872 null] +>> endobj +2082 0 obj << +/D [2062 0 R /XYZ 71.731 394.077 null] +>> endobj +2061 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F27 788 0 R /F55 1335 0 R /F34 797 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2085 0 obj << +/Length 1230 +/Filter /FlateDecode +>> +stream +xÚ­WÛnã6}ÏWèCd bDݵ@€¶ÙŽØb·h÷¡è-Ó‰tIâ¿ïŒHÊJ,oóðÐôpîçP¢+>t•P’ üŒøqŽÊë +oUÀ??_P£áwŠóãæâú'?[e$‹ƒÕf¿ +BÄQ¶JŸ€‘¿ÚìþvnKÖôŒ]»~ä9!ÑòVɯžçC»Š‘Ãz¡€þCíµ¬ÔšzN1~‰5ud¡÷÷,•èïÖÿl~¹žÛLF>%ÿÍŒÊI +aŒJ! +S G +¥ðR„á˜ÂÝs£Úþž?òVô‡› +ŸÑ;u) +„“Që»{±ÙscÏs6eË»RU;ýs¯ZœòQ­]ê<Ìw˜Ô’?CÍ$«ô¯ŠUEËêE§{wæì<`ôòNAWª(ÐÜs¯LìZÜÿþY/v¬g[Öñÿ +[‡òÑšOaó¶}cÆ&âûC×óZ¯sVUÝËøª±ÖÅÃù¬Š[Žq£.¯Ž +QUš +SOW4!>pfÜ(%Q +"‚ +}:$ãš'©sçÖLØSÉ+aBR°â"T +Æ'ˆŸÓsޗ¬×«œÉëzè̯-7» +Aa0Äwz“µüƒÍÄó™6ûÏE#žìm¶ÛAgODiF"m„$H, È'a‹Ù?¯å„5êûÄ +l3s#؂ðXd$L’É%F{Ïû/P° È5M +ôF/ŠŽ(M%xÂC‡ã^óïKÕõž8-¶kÌ«ýgcJ­Žä¢(ûâÝTWœhTeïĶâWæËKÃ\Ò(ÙÆÕÊ6-LÓJÖ² +ÀÙY’“Å• vÆ¢~š0ÎLvà9ròbœhÑñ† +5Þ+!5à\kZA2CÆBÚñšæè +ãnµPÉ, ”šÐȄ +©1XhšFà=&ºÌÑ|ÐzÀŠGšMaúScG`âĝ–-ÏU]s¹6Ɓ„Në +ċašñZ°EŽD‰ûŸ~ÓrÞ@4,˜16^1 KÝŽ3c4¿z‘gœ±µï9k?r”0g?þz¯‹k⟓H¥ÔÃÐt`’ + „QǺÄIbjpY±ƒ®v9Íʵ3aؘg +YÀÒiÏÁ֏S°œŸlgæÎÂÖêÌ`;æŽXHۇ«W÷ ‘tªæÿî¬%v/T̜јՎúךBãÕ`fË'¹¥ÀŸ\ª9ó–ç +j§ÇaŸÍJôå;%/‘q,Tp_@¹¡ßªA7\“º +ä9:CCaæì[uŒª{ºÝpµC'–R¶¢oY;ë¿y4úŽÑé¢G×;SŠ{ +p9:b6ÀƒÚc†z5 + ÍÖÏæÐ.¢%F LŸ/äŽT•îj +á€;JWšk §ýá$ÑAƒ4€$@<Úëö,ê¡6Ő@š#JYu4 +IFï +™¹³Ø°:3llpºD͗àá‘4ŽŽšÆ¡ç-áA+œOHLŸêcÇûWí‡2",–*ipÓ?qn¯œùüö£ +5! ãùÐ +<ûˆZ|i l +öïÒÁ^­ãÏé€u¬.™œµìÜw=>‡ËKVÍŒ^’×`ÞZB kx2ûÖ{ÍQåäµ&–§aj­`\~|æýãÔÓÂÅ[Øendstream +endobj +2084 0 obj << +/Type /Page +/Contents 2085 0 R +/Resources 2083 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2112 0 R +>> endobj +2086 0 obj << +/D [2084 0 R /XYZ 71.731 729.265 null] +>> endobj +2087 0 obj << +/D [2084 0 R /XYZ 71.731 741.22 null] +>> endobj +915 0 obj << +/D [2084 0 R /XYZ 71.731 557.098 null] +>> endobj +170 0 obj << +/D [2084 0 R /XYZ 156.894 513.251 null] +>> endobj +2088 0 obj << +/D [2084 0 R /XYZ 71.731 493.111 null] +>> endobj +2089 0 obj << +/D [2084 0 R /XYZ 276.989 480.375 null] +>> endobj +2090 0 obj << +/D [2084 0 R /XYZ 71.731 463.274 null] +>> endobj +2091 0 obj << +/D [2084 0 R /XYZ 71.731 450.322 null] +>> endobj +2092 0 obj << +/D [2084 0 R /XYZ 139.477 434.546 null] +>> endobj +2093 0 obj << +/D [2084 0 R /XYZ 139.477 434.546 null] +>> endobj +2094 0 obj << +/D [2084 0 R /XYZ 213.05 434.546 null] +>> endobj +2095 0 obj << +/D [2084 0 R /XYZ 71.731 414.442 null] +>> endobj +2096 0 obj << +/D [2084 0 R /XYZ 426.946 401.67 null] +>> endobj +2097 0 obj << +/D [2084 0 R /XYZ 71.731 386.681 null] +>> endobj +2098 0 obj << +/D [2084 0 R /XYZ 71.731 371.737 null] +>> endobj +2099 0 obj << +/D [2084 0 R /XYZ 71.731 299.652 null] +>> endobj +2100 0 obj << +/D [2084 0 R /XYZ 71.731 284.544 null] +>> endobj +2101 0 obj << +/D [2084 0 R /XYZ 139.477 268.768 null] +>> endobj +2102 0 obj << +/D [2084 0 R /XYZ 139.477 268.768 null] +>> endobj +2103 0 obj << +/D [2084 0 R /XYZ 202.709 268.768 null] +>> endobj +2104 0 obj << +/D [2084 0 R /XYZ 71.731 246.82 null] +>> endobj +2105 0 obj << +/D [2084 0 R /XYZ 71.731 185.829 null] +>> endobj +2106 0 obj << +/D [2084 0 R /XYZ 71.731 172.778 null] +>> endobj +2107 0 obj << +/D [2084 0 R /XYZ 139.477 154.945 null] +>> endobj +2108 0 obj << +/D [2084 0 R /XYZ 139.477 154.945 null] +>> endobj +2109 0 obj << +/D [2084 0 R /XYZ 200.318 154.945 null] +>> endobj +2110 0 obj << +/D [2084 0 R /XYZ 71.731 134.84 null] +>> endobj +2111 0 obj << +/D [2084 0 R /XYZ 139.477 109.117 null] +>> endobj +2083 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2115 0 obj << +/Length 1455 +/Filter /FlateDecode +>> +stream +xÚµXÛnÛF}÷W‚H€µæò"’ +ÔMê&El °^ŠŠ+q%mˋÂ]&Q¿Ÿ³Ü^d*éƒ +&EçzÎ̐|æÁŸÅœÅ +ü”ù«h¶-®ŒÙ +îürÅQb‰"ˁÌO뫛;?¥,]³õn„ +[Eé,|–Dþlý1sG#ëÅҏŒyÈÜñMU~ô<ßÔ + +Í +QUénT;wÌ«÷æûöŸZðy¹w×wb«re”Ô‹?׿^ýŒî +Œ|Îÿ›! ÈÓâ>ÎSë«$baÐFp/Ÿª¢)œGYf +Œ9³Þ=¶ŠY˜ÆSæ}ž'ƒ;çÇÎQîûÌ +ÁӁºÖÓ +x€,Œã΀uõQš{¡ò‡ŠøÁzxsE³ +XÙ"x”G`ÁJrÏ +c_¢ÄҖ/vï¥Öbén£ß +¬ÓFºã§F62sçŠrG-mÁ²î‡Í?Û2ËZäîb1Rªšö%*•Ë‚@šüŸà‚ªÁ'Åɝ|±Ð¥97m/„éÜ +P—=@!jÈ*K#ÞFU +KZ6ņJøs +B +ä$YhF×>z‘÷Pùz**ÒtPûƒÔèç±VU­Ì©^ä²6pߢF¿!Uœ¢<éQŽWZRðª(dŠ„‘ùi±ŠæèÜ-Þ-*9á~2åè +š²Öæpú1ãÜ%ïŸÉ:æ(]Ë­:*pF_âDl‡Ïʼnº‹œ G_•?es9Å ÎVþ +9q’úŠ¬ŠxဆŒx¿ëðՕŒNŠ‰Y(AŽ®œi</‘Fà +ÖkŸBò|QæÐc{\lžÖš6h«ªê'š0r֚ш +Qäyo4cµÇ1S×¢À+YÊÊëÿQGjÝìl·°£a+É}&!W_”Æ•™ C&mgÖcgÆi>Œ +#Ž¬±3‘ý㱪)¶]U;þÕmÇï(»ë3ºmZ6ë®GlkÃ/_-x2oÉ}™LÍæ/¹í +WÊK, +Ú Ôì™X4Pw‘E$Ó±Èù:E£˜Å^€4ÒŠÆ yN#'5€Ñ;`Ï5Š ?dA~GŸ±8$£ +†¶Ui”®æÇ\lå¡Ê3Ëà +ürœˆCªÜËwtòH˜-³*õË{R( +ѐh±—†øњAoN®è‘njāµŸNª œ9¥è~öhbŽvDPÇÀ–ŽZ¥ûJ + –úeSœ‚Ñ X“3™Üµp‡†@t؀gðtԝD~jÐüƒ¹v>œ_@Ÿ1Õ/:ÛJ;*VÇ~ ìjI©Ñr×`¶v¥­—6Jl{Úø.ŒŒ ÿ­àÒTK] ø~a—Ó6ó8‰]Þ.’ŒB/¹Àà€̋WÏÅàº‹ +&™Ánè|œàð*aqÌ¿Ça”ú_8¬ôkE–xõ9õT·8ê–Ά(÷„öwuUŒŠÎíù2ÏÎg®€ÝÔ²ÓµjÌp„î<²{îÉ +ìšPŒvőÞW?~=ýÃLžœ²Ãázè4Páî··ã +²‹'¯¶ŽCºIÓw¢MŸ7J‰h +a<—œ·o1k*7—aìCŒŸ÷lëÜ@ÝE“ÌÆÎÇÛ2›@râ±4€\i3c”q8^V:è6Y_,ÿí‡ØXZ$÷¯.Opρs<þ¶y +Â`íFWC•¬¶°PŒ¡,FýœÛ‰{ãè + +eeÆ è_6§Ag$<ø óüd4Šn5­QÊÀ +ÑÖ/A›\”L#6ý‹ +ÑýǙ º·Â£š +©Šƒµ9»žÈv¿ùŽ<k} +7S¯{²Üæ•>ïÃe”<ɪfC×>AŠxœÓÓ=[Y +~°· +éÌS1¡×*Åøгq[ízê +|ºì¶ôà%’fÝgE5ÂMA‹ný +r?æ„ KxüÍÏ=œÈ“¯=%)i±Žùñ +Ï2O-ý +©Ž¥xendstream +endobj +2114 0 obj << +/Type /Page +/Contents 2115 0 R +/Resources 2113 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2112 0 R +>> endobj +2116 0 obj << +/D [2114 0 R /XYZ 71.731 729.265 null] +>> endobj +2117 0 obj << +/D [2114 0 R /XYZ 71.731 741.22 null] +>> endobj +2118 0 obj << +/D [2114 0 R /XYZ 71.731 683.273 null] +>> endobj +2119 0 obj << +/D [2114 0 R /XYZ 139.477 667.497 null] +>> endobj +2120 0 obj << +/D [2114 0 R /XYZ 139.477 667.497 null] +>> endobj +2121 0 obj << +/D [2114 0 R /XYZ 199.392 667.497 null] +>> endobj +2122 0 obj << +/D [2114 0 R /XYZ 71.731 647.392 null] +>> endobj +2123 0 obj << +/D [2114 0 R /XYZ 71.731 584.558 null] +>> endobj +2124 0 obj << +/D [2114 0 R /XYZ 71.731 569.45 null] +>> endobj +2125 0 obj << +/D [2114 0 R /XYZ 139.477 553.674 null] +>> endobj +2126 0 obj << +/D [2114 0 R /XYZ 139.477 553.674 null] +>> endobj +2127 0 obj << +/D [2114 0 R /XYZ 191.103 553.674 null] +>> endobj +2128 0 obj << +/D [2114 0 R /XYZ 71.731 531.726 null] +>> endobj +2129 0 obj << +/D [2114 0 R /XYZ 71.731 470.735 null] +>> endobj +2130 0 obj << +/D [2114 0 R /XYZ 71.731 455.626 null] +>> endobj +2131 0 obj << +/D [2114 0 R /XYZ 139.477 439.851 null] +>> endobj +2132 0 obj << +/D [2114 0 R /XYZ 139.477 439.851 null] +>> endobj +2133 0 obj << +/D [2114 0 R /XYZ 197.18 439.851 null] +>> endobj +2134 0 obj << +/D [2114 0 R /XYZ 71.731 417.903 null] +>> endobj +2135 0 obj << +/D [2114 0 R /XYZ 163.816 406.974 null] +>> endobj +2136 0 obj << +/D [2114 0 R /XYZ 71.731 343.96 null] +>> endobj +2137 0 obj << +/D [2114 0 R /XYZ 71.731 330.909 null] +>> endobj +2138 0 obj << +/D [2114 0 R /XYZ 139.477 313.076 null] +>> endobj +2139 0 obj << +/D [2114 0 R /XYZ 139.477 313.076 null] +>> endobj +2140 0 obj << +/D [2114 0 R /XYZ 208.248 313.076 null] +>> endobj +2141 0 obj << +/D [2114 0 R /XYZ 71.731 291.936 null] +>> endobj +2142 0 obj << +/D [2114 0 R /XYZ 163.816 280.199 null] +>> endobj +2143 0 obj << +/D [2114 0 R /XYZ 71.731 243.088 null] +>> endobj +2144 0 obj << +/D [2114 0 R /XYZ 71.731 230.037 null] +>> endobj +2145 0 obj << +/D [2114 0 R /XYZ 139.477 212.204 null] +>> endobj +2146 0 obj << +/D [2114 0 R /XYZ 139.477 212.204 null] +>> endobj +2147 0 obj << +/D [2114 0 R /XYZ 220.422 212.204 null] +>> endobj +2148 0 obj << +/D [2114 0 R /XYZ 71.731 192.1 null] +>> endobj +2149 0 obj << +/D [2114 0 R /XYZ 252.651 179.328 null] +>> endobj +2113 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2152 0 obj << +/Length 1249 +/Filter /FlateDecode +>> +stream +xÚ­WkoÛ6ýž_a`j1+ê­æ%ÎСI†ÄE1ŽÅ@ËŽÍMO”’æßï’Œ”¥Øqâ¡RÒåœçÜǑEüÑADIäÁâ&Ä +ƒAšŸ9ƒ5<ù팢ÅMÆ +›_çgï¯Üd$ôóÕÀó +É ò\î`Ÿü2ŒØ°mÍ«ÑØ +œ¡OÌzQ_ +Ç]7ՈCV‹²0ʕY³rDáZÿ#:,ÖæþŠ¥"µàrômþûÙlÞ +\J<÷(4Ù§í(Pš GNL<ß×nïLð+‘)&ÏÛaâŸÒC‘]â'°éΊ÷žœœ™aA¡x«ö”ÙȺÅZš +Q ŒNÑ8"qì +Ji`MòLLŒ4mªÖ³^™Yr.%[s€PÖlëG!•@"ËTžÁØu\èùX +$IsQ¢Ù’á +œódVžC +°Ñ§Èòq#T@.·,Ń_ÀYd¬ø!êš-à EL²GáaäÂŽdbiCoYÅêò0_•¶ó]ÂõY4¢ÞhŠr3£ª@vî²jÉò"ÍJH +.û1%4ã}&˲YØ{ÿ6%žÆ€ØŽbÝvh ¬EÑEÚ5ÖNU&;~Ï{\L,Ò^i¡5Èv%߬@vŠâAÁâ•dª6ÄŽÌ}â0+¡8„oSŠ ôHè +?J):î^T +k³§7e}H*bBaw\*Œ‘Šðu©žÙiÂ!AèöçAMðCHwüº&xh’²âTIÐz@J‚Þ +Ó!Œ)cڛ¬V|ÏH¬œiƒë® +øŸ™"žœÓžx–›® +ÀÝ® +(ã¢cìµzçv¬p˜;€çvÀöÅ;U ¿?T +úJГ©ýá÷ +p_þž+Á›d ß€­&„q +3³ï,ßfügc퇻)£‰à×Ò~–„4ÑÆ_® +L¿µààA`ŒütðÞ8tœál¬ºËì+žr±º)C‡j +åj%¡°Æ@eA­õFõ’Ú¥LrCG_~Ú¢AiV.֛ÚlÙrY©©‘ç=@QgéÆìÊÃ2t‘—w¡òã!„ +ôm +j„²²X“7&Õlª±É HOU(×,ç¿l ‘eÎÿZ–£‚€e~ö‹¹œáª¿5›àŒ=™í¹À +ÕèšoS¯KÝ¿š¬ +ú“hÜ)÷ +„äŠÆÓÿFÞä +na­ÌºåÅÑQNŸ/ê§êœÖž×ì»È› +»JäØ +^?rŐcGòñDÚâ3+ê^1P¿ñüƒvWau–ìéÜìþnlÏٞ^àÙT܎ƒíPõRz±³·U¹®r‘µ~-è®h +='V{٘ġï8§Õöy跑†Â‹e7%:¯8Ll]Ù°mç•ÈÔ +›Ûö°¬YU7Û^råi”Ú_ÆÉÄ,ï ?n?~žøÓܘ^^Î.ßaüûùôn~Z昖í„Ïèž4Ýmu;ÅŸ•Ž¥‚¯í&OûߗøýëÇ$ŠÑÑ/äÉÞrá<`‡&*ª¿ð%»é?ägú7endstream +endobj +2151 0 obj << +/Type /Page +/Contents 2152 0 R +/Resources 2150 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2112 0 R +>> endobj +2153 0 obj << +/D [2151 0 R /XYZ 71.731 729.265 null] +>> endobj +2154 0 obj << +/D [2151 0 R /XYZ 71.731 718.306 null] +>> endobj +2155 0 obj << +/D [2151 0 R /XYZ 71.731 708.244 null] +>> endobj +2156 0 obj << +/D [2151 0 R /XYZ 139.477 690.411 null] +>> endobj +2157 0 obj << +/D [2151 0 R /XYZ 139.477 690.411 null] +>> endobj +2158 0 obj << +/D [2151 0 R /XYZ 214.325 690.411 null] +>> endobj +2159 0 obj << +/D [2151 0 R /XYZ 71.731 594.521 null] +>> endobj +2160 0 obj << +/D [2151 0 R /XYZ 71.731 581.47 null] +>> endobj +2161 0 obj << +/D [2151 0 R /XYZ 139.477 563.636 null] +>> endobj +2162 0 obj << +/D [2151 0 R /XYZ 139.477 563.636 null] +>> endobj +2163 0 obj << +/D [2151 0 R /XYZ 217.643 563.636 null] +>> endobj +2164 0 obj << +/D [2151 0 R /XYZ 71.731 543.532 null] +>> endobj +2165 0 obj << +/D [2151 0 R /XYZ 286.405 530.76 null] +>> endobj +2166 0 obj << +/D [2151 0 R /XYZ 71.731 439.851 null] +>> endobj +2167 0 obj << +/D [2151 0 R /XYZ 71.731 439.851 null] +>> endobj +2168 0 obj << +/D [2151 0 R /XYZ 71.731 414.899 null] +>> endobj +2169 0 obj << +/D [2151 0 R /XYZ 71.731 100.809 null] +>> endobj +2150 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2172 0 obj << +/Length 1902 +/Filter /FlateDecode +>> +stream +xÚ +X[Û¶~ϯð[m`Åeݜ‡i² +ö  Š¬ÏÓIQÐ2œæ‰n©lÜ_ßñ"Z’·Y ’¥Ñp曙o†€«þè*£$ÛÂ%ڑ(MVEõ&\=ۏoš‘ŒHàÉü²sÿkŽ[íÈ.Ý®ö§Õ6IšìVÙ6"y­öÇÿ­ßŸY«x· ¢$\ÇD_ß7õ×0ŒžûnC“5S¢©õ‹æ€¯e³¡áúyøOlèº~ÖÏO¬¥P‚ËÍûÿŒyØ;“ˆ’môª +Fdî]јlã} tG°= +3’Çtð!&1¡hz–¯‚Š‰RßwŒmгp­€~Â꣟Qg.:}+jş;¡.h2¬–€ +«¡Ê²a™ý™k/eø?/”BÔæqÑԊ‰Zê_ +`—ŠU­~¢Ð+X©oύT5«øþùrÅÙHwF-xÁ™âæ[a"¡câÝ–ìÙÈ +šãe“&k‚Ÿ ù4"»D£$Yuföó^rc§PæŠÙDÉúÅŒ?lµ^”èE`?zúŽÿݺzŽÖ1°€³6±+몋TŒÒ÷ÃµñöÀ +†;0ŒvfBŸùŽè” +WÖ] +ì5DÃåè ³–êAaÇåÝ¿[4Ü +““gS’×G| +O© +ªmúÒÄᯞ÷|¢º‚ýhX‹ŽB~»[ˆÈ + gœWÖ¢‹ÃŠ©ÌËïBŠè.킍 bÍzun:ñ·ÍŽ–w²©¥ +¿—œúNØ2œ +à∠I49IO©šnšœ¯šÎ$âðÀ•NÅ~ˆª¯têÖ}u°ðO"mRÖÓ}œŒ0Wå6b +¬÷2üE”¥- @YW-t†$àŽcÚGžãVèÜôƪScn˜Ô«áÊ|–D;ôX;@áˊÕ_Èß¡LùõœŸÉ#zgÝžöî|ÐpÞN’ÔBÈʼn÷21{LM?/Œs¯ûZ +˜€žòBŽ‚×ê§M’¬åBˆF %ïŒB +“ +ì&]eCÙa\Žêº«žey0ª +êõþ(žýˆFŒì"uã(’ +”×ÆX±ÓØälàÀ +ŒÝui3“²·åÈ\­A„¿ˆ@çuÖ +A8ñ]t9fëÁÖ€Iq¶>D°ÒÑuq§×­ihË Ž:’)†Š—BN!ý¢°­êº1ÆtGb-Šóš™¶ì³ùÚ*ô(ƒ,9Ÿ +¶Ù'aB’Ýnqj°2'€Ç¯‘O!fO~ӈI4[< +¡#ߟŸž‘y}ñ‰"\ügŒä­Ö²ÔÍ×Fûp¹Ê4)žkŠúÎõ€:uM„Ð-ÚޕÀ©kª×À"ÌçŒ÷"kû¯íª˜„A +“ +§ND +ó+Ǟ4Ò +³#C}l®[À88Ë +‡qfG"Ÿ$Ó8€éÎz£4'yžƒx¡u@JFYî +T;ûâ-‰v™ùB—[°i˜.„ÆçÛ`2 +«Š•®gŽM×Åj K[”ܧXË6X0Ía 9Ñô² +Âf Œ4œe`œâô‚×íï +À³fZÒ +¹Ñš}mŒÁŒXiœHÀJQhª2ydߎ@Aìo\nì€T‘•P³é·(9ë”n +¶è‘ÕÚYÝ¥UË9k75 +Â2zˎ +œÏH!‚ð§;H‘-\óeR02'4' +‰¢#Qº@IYDÒ +Vã1Ä5ƒ>·›ÐõQςâØ[»² +Kg(;šæÊR”K{Œý|ÖPç^Ú]oóÍÞ +]ûo5†°³ÏCœ¿I–€‰%)Õœ2À¿<||üŒ Ò0\zxzz÷ñ!6ŗ.ŸðI¢³õ$ÆBiÛ÷|!m­„-âuKJ«"„,<Úôôøñó»ý¿<›­KgnÌã­hÿåÝão>~xkOn-þðùÈÉK:bº#4ÅÎEI’ëütg +ÃÈwÞy¥h¢’ø(¡Yn2{¿¡ +èO1ypŽ†¢ÐušOWŒ³ +µ°‡,q<êÎçV÷ÚÃAŸrï8G³^ 3£õy¥/OÝñЊZ˜zƒ§Ÿ¶ÔŠV™é +f)I۶ӛ –ãÛ9”øh›MŽT@kðÉà–€x˜ +ÄAINSãÚ=zrh~ܟDÉï[ +i†E`ŸÐ‹ä^QÁúûÍ6\ÿÐ0d¥{‰/.å쪪ŸT¢µ²À÷ +æŠ93Û¥1%k[=Èß€Ý +§™1îŽâtB€Gk#¬Uõµ‘õ6ø^Eøfu7õ%nD¥u +H*DºŠå÷IsÃä|üÚqé(2;-MÀÎ-T§As£ÝcÍùJÿsÿendstream +endobj +2171 0 obj << +/Type /Page +/Contents 2172 0 R +/Resources 2170 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2112 0 R +/Annots [ 2181 0 R 2184 0 R ] +>> endobj +2181 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 503.442 164.383 512.354] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFACILITY) >> +>> endobj +2184 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [122.869 432.085 172.682 440.623] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2173 0 obj << +/D [2171 0 R /XYZ 71.731 729.265 null] +>> endobj +174 0 obj << +/D [2171 0 R /XYZ 381.337 707.841 null] +>> endobj +2174 0 obj << +/D [2171 0 R /XYZ 71.731 684.724 null] +>> endobj +2175 0 obj << +/D [2171 0 R /XYZ 119.552 662.013 null] +>> endobj +2176 0 obj << +/D [2171 0 R /XYZ 336.924 649.061 null] +>> endobj +2177 0 obj << +/D [2171 0 R /XYZ 71.731 614.028 null] +>> endobj +2178 0 obj << +/D [2171 0 R /XYZ 215.57 590.282 null] +>> endobj +2179 0 obj << +/D [2171 0 R /XYZ 181.001 577.33 null] +>> endobj +2180 0 obj << +/D [2171 0 R /XYZ 71.731 529.345 null] +>> endobj +2182 0 obj << +/D [2171 0 R /XYZ 388.361 492.648 null] +>> endobj +2183 0 obj << +/D [2171 0 R /XYZ 71.731 470.566 null] +>> endobj +2185 0 obj << +/D [2171 0 R /XYZ 71.731 412.16 null] +>> endobj +2186 0 obj << +/D [2171 0 R /XYZ 174.325 388.04 null] +>> endobj +2187 0 obj << +/D [2171 0 R /XYZ 377.551 388.04 null] +>> endobj +2188 0 obj << +/D [2171 0 R /XYZ 71.731 355.064 null] +>> endobj +2189 0 obj << +/D [2171 0 R /XYZ 71.731 332.15 null] +>> endobj +2190 0 obj << +/D [2171 0 R /XYZ 71.731 238.811 null] +>> endobj +2191 0 obj << +/D [2171 0 R /XYZ 71.731 218.885 null] +>> endobj +2192 0 obj << +/D [2171 0 R /XYZ 230.655 207.417 null] +>> endobj +2193 0 obj << +/D [2171 0 R /XYZ 71.731 188.892 null] +>> endobj +2194 0 obj << +/D [2171 0 R /XYZ 71.731 188.892 null] +>> endobj +2195 0 obj << +/D [2171 0 R /XYZ 191.293 179.124 null] +>> endobj +2196 0 obj << +/D [2171 0 R /XYZ 71.731 173.049 null] +>> endobj +2197 0 obj << +/D [2171 0 R /XYZ 139.477 150.83 null] +>> endobj +2198 0 obj << +/D [2171 0 R /XYZ 76.712 134.192 null] +>> endobj +2170 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F51 1285 0 R /F44 1165 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2201 0 obj << +/Length 1784 +/Filter /FlateDecode +>> +stream +xÚ­XێÛ6}÷Wè-2°¢ERÔ¥@ +€iS$H[q‚IPpeÚV#‹®$ïÆß‘”dÉkA±XëâáÜç̌©ÂõJ– +/?,Boßü¶ –"°$Áˆæçõbõ’e^F²˜{ë­Ç£Ä"óÎH*˜·Þ|ô_ìå±Uõ2`"ô#b®/tõ) +ÙîT/©ðe[èÊ|¡·æZê% +ý]÷Q,©_íÌû­Ì‹²h +Õ,?¯_/~]÷ + +F g7Mà4e +(#™ HóïâãçÐÛíkøÿþHÍYHÂDx”d÷jåmoõ¬BàA#’ÄÙ-&æ°#œ1 h +*g O +R"¢‘O©‡x£SYšžd^œS³Ä8õù2 +ý÷¿>_f¡¿~‹ŸXœŒ"/ +Ht‡ÀDFƒÑÀ:5¡x‡0àóýŸ;Ï'Ü,ÊÒÜm—<ôeQޙÇbk®í^™›\ŽE©6Aa~Y2à‹góBO<,™è%oÏENx¯PÔWüPù©•÷È£ŽgŠÆ\7ŶÓHÕªjÑRã}HŽž³j[ëRŠN\êëJ¹7²5w;U|H'٪̈́ü šFîÔ§P„ +|Pó¶{}¥Š¹ÆcNâˆyq”uù~5Ù,M0"ê‚;ӔÚóVå.*©v²©ôˆr¥ñMéŽæŠô)#”þ:€tnX”J/RèÕÖèuÆHé“y85֑Ò\Žµ +\’˜7OÇ9íã—ù>Øw÷E%![žÍš’ imút‡Oè¢;Kl5§Ú +]_ɓZÉÍԕ4IJœ8ŒIÄèUOZ’`D3sä„Í7E‘ñTã7e;š›Â§Œº(¹¹¬ÕöT–gHüÐ'³DJ2%‰7‚Ÿï +2NSBŽ†ðû‘uE‘eD@ƒbBhŽíF‚¢g&ŸĘýFï\ ‡¬T +Y2ô)Èë”a•àµ;Œ^ráקƀ4ÈézÖc(5*EIDXįŌ‘(ƒ›Ñ7Óë`)B4"Ĉ]g)U)71r4FÙ$²ÊŸ54 +1ä„HILQ$GS*yžâ‡ÀÒد“dšpp€-FžS¥: ôv +mÔ<áæ(Û=ÜEVÝåW¥¶]ÛÆÁ0hÌõ±.Z%ïÝëûó ÖÀw'¹QŽ§¬¬þãy#äÐ읝õ2ŸÖíÜNHΔ92]jÎ82A"p€¡TÛ%|ÂJ~P9€ŒÀŠŽ#„óÔqrcÍàµZçÐuîÌÓ¹CRžÙK· +ŠœáÚù=/O0m‡ŽCŠ>›P³Ÿ«æ¶²€#²*¶ÓìÇfÙÌí +šAja·;ç³Êô@ãòÙñ€=ô¡Ë"ch,µþrçLÈ E–æ2UΟÀŸ7KA#zÂ'PgèƒތZz˜tëè +jW8N¯Z8µ-Üî2H‚O?ŽiÃÿ¡è~~yœü°1Ø -¶þÙ +*‚ኳ[¿ù +$³Ÿü(ÏAyK‚Jñð‰ßææ’þ§‰õlendstream +endobj +2200 0 obj << +/Type /Page +/Contents 2201 0 R +/Resources 2199 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2112 0 R +/Annots [ 2204 0 R 2206 0 R 2232 0 R ] +>> endobj +2204 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [363.642 647.664 413.486 656.254] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2206 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [186.81 604.534 236.653 613.016] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2232 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [293.598 155.822 332.969 164.305] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +2202 0 obj << +/D [2200 0 R /XYZ 71.731 729.265 null] +>> endobj +2203 0 obj << +/D [2200 0 R /XYZ 166.376 672.792 null] +>> endobj +2205 0 obj << +/D [2200 0 R /XYZ 166.376 627.739 null] +>> endobj +916 0 obj << +/D [2200 0 R /XYZ 71.731 578.382 null] +>> endobj +178 0 obj << +/D [2200 0 R /XYZ 166.449 539.996 null] +>> endobj +2207 0 obj << +/D [2200 0 R /XYZ 71.731 516.241 null] +>> endobj +2208 0 obj << +/D [2200 0 R /XYZ 71.731 516.241 null] +>> endobj +2209 0 obj << +/D [2200 0 R /XYZ 71.731 501.297 null] +>> endobj +2210 0 obj << +/D [2200 0 R /XYZ 71.731 492.076 null] +>> endobj +2211 0 obj << +/D [2200 0 R /XYZ 139.477 474.243 null] +>> endobj +2212 0 obj << +/D [2200 0 R /XYZ 139.477 474.243 null] +>> endobj +2213 0 obj << +/D [2200 0 R /XYZ 198.096 474.243 null] +>> endobj +2214 0 obj << +/D [2200 0 R /XYZ 71.731 454.138 null] +>> endobj +2215 0 obj << +/D [2200 0 R /XYZ 442.746 441.366 null] +>> endobj +2216 0 obj << +/D [2200 0 R /XYZ 487.03 441.366 null] +>> endobj +2217 0 obj << +/D [2200 0 R /XYZ 387.006 428.415 null] +>> endobj +2218 0 obj << +/D [2200 0 R /XYZ 71.731 391.304 null] +>> endobj +2219 0 obj << +/D [2200 0 R /XYZ 71.731 376.196 null] +>> endobj +2220 0 obj << +/D [2200 0 R /XYZ 139.477 360.42 null] +>> endobj +2221 0 obj << +/D [2200 0 R /XYZ 139.477 360.42 null] +>> endobj +2222 0 obj << +/D [2200 0 R /XYZ 218.759 360.42 null] +>> endobj +2223 0 obj << +/D [2200 0 R /XYZ 71.731 338.472 null] +>> endobj +2224 0 obj << +/D [2200 0 R /XYZ 71.731 338.472 null] +>> endobj +1831 0 obj << +/D [2200 0 R /XYZ 76.712 282.462 null] +>> endobj +182 0 obj << +/D [2200 0 R /XYZ 345.974 243.09 null] +>> endobj +2225 0 obj << +/D [2200 0 R /XYZ 71.731 219.972 null] +>> endobj +2226 0 obj << +/D [2200 0 R /XYZ 206.166 210.213 null] +>> endobj +2227 0 obj << +/D [2200 0 R /XYZ 376.197 210.213 null] +>> endobj +2228 0 obj << +/D [2200 0 R /XYZ 306.867 197.261 null] +>> endobj +2229 0 obj << +/D [2200 0 R /XYZ 454.074 197.261 null] +>> endobj +2230 0 obj << +/D [2200 0 R /XYZ 71.731 182.153 null] +>> endobj +2231 0 obj << +/D [2200 0 R /XYZ 71.731 167.209 null] +>> endobj +2233 0 obj << +/D [2200 0 R /XYZ 414.211 146.054 null] +>> endobj +2234 0 obj << +/D [2200 0 R /XYZ 139.477 134.397 null] +>> endobj +2199 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2237 0 obj << +/Length 2311 +/Filter /FlateDecode +>> +stream +xڍYkoÛÆýž_!ôK$À€IŠ©·€“8†›Ü€šUEnP¬©•Ž0Eªä2®î¯ïÌî +ßr›ækwçuÎÌìʟyðߟş/á¬Ý`ÍÒã+o¶‡/w¯|áЧ3æíæÕõ‡`=[»ëÕr¶Ù͖¡ç®¢õ,^n³ÍöëüÝAœŽ,Nyóе×wEþ?Ï +öu¹ð£¹ÐªÈí‡bg¯Y±ðœùÞüQ +žïíûHUŠŽ’ÕâÛæ§W·›FÁ(ðÝeð¢ 4dlBܚàûk7Õc/q—ahLØ +$kEj òœT•œŠ¥Zné%Ù¡4\Ãõ|[H–ÚÞH4ý/Ué+û,ò-KIŸÐp^ëñÜ Ø +Ðw° +Ý$ÁXÔ–YÞü©§±Ó±wé» +ÜÙ)€ÉóA¥{{€¶fTâHw'¡žàÌ Ö‘›$ñÌñwMqMçY%XŠÒ6Å\~p­åóèõé$ó­Üf:QHŸÆa8Ùv(òçû÷}X5_Ne‘ʪê +rY +ÐDógƒ1p5Ë7fù¡­º°×RŠÅ>Wÿ—ƒH–ãù±À@Ç?²go¥E62Iµš–€åEO÷¡õAèÆl—UG&ƱQýK>Ži"K«_¹=FÒ}ñ§¢ªŠ¬4[_W + +y%p`’,ŽÊ® T ò­B/WÛZd„ðLÉ\WMÀh`O*HõGZ[æÔØNÄÇøà|v˜á¹ÇÄøµ’€é§b_ýǏ¢YÃW8<†ü4ü,«kpý˜9¡n©¡oÿ«ª”œ’Žó[K'v=x–<“6ɱ“­É3Ÿ‹6MBxVYféèƒj!аKGöÜI–‚#ç–& +Öõ=ZùóŠŸ#¯È3JCEΞÌÁy*ÿÉ2–ÀAÌ çIöÇÐo›w?3ÜÐ#œ +õ¡®ºÄ˜ +|–õAÂ|ŠuY6æ‰èƒÖ]þQšL³UÀl]”gN +'‡Y +–ˆìWºz)a‰²%[8Žu¥ûf<—JKÑ°® +Ä#¥[]Â4^øXN¥. +c%å°púËÄõíVžNUN +ãtKç`!”ùÐàúžëäCñX®â—åӘ—åBù?Úwó‰ÉËÖÚc‰RîÐg&ÙpZÏJ,R+ ž^ŠÅñ”I=UV``DðPrRu™Ã‚áÊ S²SŸúRå4ôí™Êlžvœõ²Çë­Üa¯ ꌩb2R< +Ü8òI!HóÑŒ€Fd€·Ÿž [×yÒÐ8D!/ˆJ$ó +û»lQ8^?‚%<ëRU +ðƒÀíRr‹7ò–DؕYèŠÞrµÒ¥PY'oUj™§ì[#‚|1bߥ²8^®JeWý +GMb‹§]*­†ñNÙÔüRûŸ‘wœ^¿>|ùðmìÌÀzÂ:ó(JÛ5–‹(šrn7rdp¿€CÔæw;Ãv“»µÏ +®Ky5l3T[ҏÃÉÐ7 +šÊÔxåhón£k€6µ“®HŸ5 + +Éy±BÃ^È×èì’ógwbOßœÌeÙf\A-z x/ŽÃfŒjr›&#@슑Ž<ŸšµF=-KG«¶cóY,i³•UZªÇÉff«p ³àrØï.òfk17Z +>Ô%–Í‘_†Lxf€Œ)UÔ¶FŽµI­Q„ø“ÎÇE¶ZŒsÚe + +æv»4Žm/Áׯ«Q¡€ëSn‘>ŠÊaOÉ|§3L›÷{(Éç +mÏ%æw{Øq€EUŶ/¢:nú女¢x¢Š–)ûõM!áªít¡ Ç°aw`gŒò×FžƒÿÞÞÞÝ^8+:Ùۇ‡›»[ÇY8>~lŽ‡)‘Í¿œ\º_âÉÅ>}¹ûxû»Ã‹M¬õQbHœ0±j¥iÔŸ"Ûþ\ +Oß&fe=Üß}ŸÙüúË-)>)®IoÊãîÚürsÿéû÷oE¥sÜÿ^~ûùýÀgd(ån¿uüÚõáÆÁ*J­Ê=€‹'óï²T¡Ôl(tQwßõㄲÿfáÃ^¿ ©ˆr€; Aíh=‹ž± +یŸ^`±oßæÌ +æjj$°ƒ?vÃ`Õ91€‰Â^ ÓÆ#+?WÒnàîÎ9M¡åÞllòߌ]ä^â®`Ûæø+wµŒûoXÀùÔÙ»y1N‚) žñº[¯w*“×|VÑ·Å¡ÑV@bæüv0{“UŒ¹œšs͎4I^[G +Öò +fmŸM*€«ÀÓ‚:œWšF͖x>£«ŠÚ>ÐîÅ.OsIŽšžpšÉÊðž[,a^9PÆÁ?gûIdjÌ*á"†ã‹ ávÚÔ¶Ôq†‡ÿŸðCš‡áyƒ-@( +ê5FðxPz +XD,WM3*~ù88Ð,׌3MЮžÔ‰îâŽ1ßò檣UG-iÃÚãE߃4ÉfZè’jݧMöRgÜóŸXÑP“° Y¡\R€(» +ýƒFŽöUÑã™--Ž­-f†Ð +5Уú7¶™jáîÝÁX*3p÷X Ôþêm“;L¹ßÙa-–àÁ +¡¥§–ð +k¯.ÚxDzØÝ/ÊŠï +1ñXYmڂxݙezü†ˆ–€ðš*dë²×ׯIŽ=€5‰0ß·>gAPxÆD0UÈžËúÐpCg›l”ElÇ»lïÜ +ŒLŠØY +ImýŒC +'S9Í1díœíöŒmvjÝB$‘ë1ÛºEg؂lhݔÈA’€ù]ŽêØl„{ðÎssl͊ŽŠO37QÔ ž¬×€ëG<Žšå–ÀøiÐp;0šS^à†>ïŽZ¢Ñ^oˆx +ìÍ"žY«oň€Ì+¯ÅNÛÍ-žLÀvÌz}@‰ú0ÌS5£ã_ÅRpBƒô¢¶ +åÌ;f€ŽÎà9òž«)RŠ Ø'„Œl³Ùœº¥Waù*Šº>˜M)¢m°ýjJ fX¥Ž§Œœs’éžE9™.o˜üÚ,wAr“šºÇKô»U˜ž‰¿øËV;dôÃV„ +¢KCÐú¥áš±€¿˜œendstream +endobj +2236 0 obj << +/Type /Page +/Contents 2237 0 R +/Resources 2235 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2112 0 R +/Annots [ 2246 0 R ] +>> endobj +2246 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [138.082 562.725 195.367 571.636] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +2238 0 obj << +/D [2236 0 R /XYZ 71.731 729.265 null] +>> endobj +2239 0 obj << +/D [2236 0 R /XYZ 71.731 718.306 null] +>> endobj +2240 0 obj << +/D [2236 0 R /XYZ 384.376 708.344 null] +>> endobj +2241 0 obj << +/D [2236 0 R /XYZ 119.552 682.441 null] +>> endobj +2242 0 obj << +/D [2236 0 R /XYZ 71.731 660.359 null] +>> endobj +2243 0 obj << +/D [2236 0 R /XYZ 139.756 636.613 null] +>> endobj +2244 0 obj << +/D [2236 0 R /XYZ 219.038 636.613 null] +>> endobj +2245 0 obj << +/D [2236 0 R /XYZ 71.731 589.001 null] +>> endobj +2247 0 obj << +/D [2236 0 R /XYZ 330.19 564.882 null] +>> endobj +2248 0 obj << +/D [2236 0 R /XYZ 172.303 551.93 null] +>> endobj +2249 0 obj << +/D [2236 0 R /XYZ 222.674 551.93 null] +>> endobj +2250 0 obj << +/D [2236 0 R /XYZ 71.731 529.848 null] +>> endobj +2251 0 obj << +/D [2236 0 R /XYZ 359.2 519.054 null] +>> endobj +2252 0 obj << +/D [2236 0 R /XYZ 119.552 506.102 null] +>> endobj +2253 0 obj << +/D [2236 0 R /XYZ 71.731 471.069 null] +>> endobj +2254 0 obj << +/D [2236 0 R /XYZ 71.731 401.395 null] +>> endobj +2255 0 obj << +/D [2236 0 R /XYZ 71.731 376.423 null] +>> endobj +2256 0 obj << +/D [2236 0 R /XYZ 71.731 285.142 null] +>> endobj +2257 0 obj << +/D [2236 0 R /XYZ 71.731 265.216 null] +>> endobj +2258 0 obj << +/D [2236 0 R /XYZ 230.655 253.748 null] +>> endobj +2259 0 obj << +/D [2236 0 R /XYZ 71.731 246.772 null] +>> endobj +2260 0 obj << +/D [2236 0 R /XYZ 71.731 246.772 null] +>> endobj +2261 0 obj << +/D [2236 0 R /XYZ 189.302 237.111 null] +>> endobj +2262 0 obj << +/D [2236 0 R /XYZ 71.731 231.036 null] +>> endobj +2263 0 obj << +/D [2236 0 R /XYZ 250.838 208.817 null] +>> endobj +2264 0 obj << +/D [2236 0 R /XYZ 71.731 190.184 null] +>> endobj +2265 0 obj << +/D [2236 0 R /XYZ 424.487 168.867 null] +>> endobj +2266 0 obj << +/D [2236 0 R /XYZ 236.976 157.211 null] +>> endobj +2267 0 obj << +/D [2236 0 R /XYZ 451.045 145.554 null] +>> endobj +2268 0 obj << +/D [2236 0 R /XYZ 76.712 117.26 null] +>> endobj +2235 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R /F21 781 0 R /F51 1285 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2271 0 obj << +/Length 1566 +/Filter /FlateDecode +>> +stream +xڝXێÛ6}÷WèQV +IÝ +Ž@šd‹E‹bE’ZŠmuuq$jwý÷IY¯[‹5ezș9sæb3‡ÂsbFbž + +NV®šs€O~[1#áo$óëfõ枧NJÒÈw6{Ç(‰Âԉ}N’;›Ý÷ÝQœ”lÖ +©œŸ««¯”òC׬Yè +•×•þ Þ뵚׌º‡þ%_3·:èýœÈò"W¹l×ß6ŸV6ƒ!gÄç7]ðC°”‡ŽÇ8IC†2ßW_ŸQg²Ÿàÿø^¡ŽÏ)¡qè0’ŠŸÓHg¿zXý5\Eá8Jo]¢[ÁÅ% +‹Àäì‰(#a0”9pÈ"•' ñãԉR55šo× u?x»N©»y@,Þ܁“@$úCà"'”úà4\èP|ÆC +ÀuɂHqJ‚8vFåçGK™ÏB#žüñÊz)Šaš’šÈž(Ƅ³6Ý(ô¡¢§:Ÿ‰ˆvû÷ú`ї +ê>ÁڗH +_š;á˜*žš˜5O؏l·»]¥aAŠ + +â€ðÀ¿9N‚ +FŸÌ׋¿Xš±NŒ®ëýõƒ‹­Ìב²2ÚZŽ>èªö„/²ùY»†z@ + ԆgÊ3L2òm +‹gxØÃcÝnþ^3fÒ +`9 +Ì@”ށ|ë×ö$3(ïfóh>mç°B?×ÚïôFWhJÿœ+³š÷¢ÀŒ5WŽŠ +ŠTfšø8;sªÛ6ßöõ%HÆÙÊ gtOX;³ºÚ]·Ù4x2}ž¶Æ¿üi­QÂØ°Ùcw"_6ªfᐵTëÿ£Vò§eç! (7‘»ZxŸûé©RCÕÓ¬WõPm‹ËF +®ŸËQ^ +msvªÏcÍ„üº{]Ä  +}ÀKwWÔصj(Öº·hçÆzÚ20ºŒË0äA"$€^šfLÌ{f2ÿœT0ž\a5ðù}×äv¢T²<ՍhŠUU_ºqè43gY^@{±Œ5ƒåhc™ŽÈìŽlï—û÷ê§ïìäTŠ”%ê¢Ð5€Þ +媖â%/»R‹T]¹µµƒó`0j¥ÍÆ£âí^]rrêýÒuãy+Ê£°v?ãhnÓ¡}še?Œb@Òu-ï‚oòª® +±0k%@¡®RÎÓ±U¢Q­5G +CF›{l^ïê +C»P$EvŽÅší² +txÐ;äØR + +!‡4-ĜÉ` +š4àzéÇ£Í&:†ò—©N™ +F¥Ø(öuóâcª +£góßòá> endobj +2274 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [363.642 647.664 413.486 656.254] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2276 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [186.81 604.534 236.653 613.016] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2272 0 obj << +/D [2270 0 R /XYZ 71.731 729.265 null] +>> endobj +2273 0 obj << +/D [2270 0 R /XYZ 166.376 672.792 null] +>> endobj +2275 0 obj << +/D [2270 0 R /XYZ 166.376 627.739 null] +>> endobj +917 0 obj << +/D [2270 0 R /XYZ 71.731 578.382 null] +>> endobj +186 0 obj << +/D [2270 0 R /XYZ 193.425 539.996 null] +>> endobj +2277 0 obj << +/D [2270 0 R /XYZ 71.731 516.241 null] +>> endobj +2278 0 obj << +/D [2270 0 R /XYZ 71.731 516.241 null] +>> endobj +2279 0 obj << +/D [2270 0 R /XYZ 71.731 501.297 null] +>> endobj +2280 0 obj << +/D [2270 0 R /XYZ 71.731 492.076 null] +>> endobj +2281 0 obj << +/D [2270 0 R /XYZ 139.477 474.243 null] +>> endobj +2282 0 obj << +/D [2270 0 R /XYZ 139.477 474.243 null] +>> endobj +2283 0 obj << +/D [2270 0 R /XYZ 203.058 474.243 null] +>> endobj +2284 0 obj << +/D [2270 0 R /XYZ 71.731 452.295 null] +>> endobj +2285 0 obj << +/D [2270 0 R /XYZ 71.731 426.258 null] +>> endobj +2286 0 obj << +/D [2270 0 R /XYZ 71.731 411.314 null] +>> endobj +2287 0 obj << +/D [2270 0 R /XYZ 76.712 331.379 null] +>> endobj +190 0 obj << +/D [2270 0 R /XYZ 206.474 292.006 null] +>> endobj +2288 0 obj << +/D [2270 0 R /XYZ 71.731 271.902 null] +>> endobj +2289 0 obj << +/D [2270 0 R /XYZ 409.701 246.178 null] +>> endobj +2290 0 obj << +/D [2270 0 R /XYZ 339.823 207.324 null] +>> endobj +2291 0 obj << +/D [2270 0 R /XYZ 71.731 174.348 null] +>> endobj +918 0 obj << +/D [2270 0 R /XYZ 71.731 124.285 null] +>> endobj +2269 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2295 0 obj << +/Length 1921 +/Filter /FlateDecode +>> +stream +xÚ­XێÛ6}ÏWømm âRw©E +ŽÁ¶M‘[³ÎC‘WæÚDt«DíÆß!9€$Ëk€@±ÀZ’©á̙33‡öWþüUê“4„ 'A¯Šê]íá›ßŸùžÂÃ%ÞdͯÛg׿ù*'y®¶÷«0¢$‰óU$‹ƒÕv÷qýâÀZÉ»Ät +óù¢©?Qì‡nãÇk&ES›/š{óY6Ÿ®÷úŸØøëzožß³B”B +Þo>oÿ|v³uƁOÂàbžd‚¿òSø±ŠÁBAc’F™!"©ò;ÍÖ7ß ”š•ænî +ØIG(¢”d`×SH€©6Ó³êÀZ0Œ€]?lþ«Š—›ç\!3nåëŸèD+ûë¶kö +«zD€é,dûœ°8}¢1„#ܲÁœª¶ä¯¥¹í‡¶m:i¬;;-ÛósY0å €èùÉc_‡³=\e?Ëm Aò‹Nîždã€g'¹ +˜P@ žCòàlîìo\cr7ÁüÄ̂}ébß4"4¿ž­YqqיµéÏù0å•Ѐ„P +^”y•!¯  +úŠäßE£í<©òQ±o +4„ o‚xý +Ž bPI +Ÿ%Ÿïž›û»F +æ5øx>ªØ-”=ît‡vjVÙd·¢å=Rî%é†Z•¯#&ëÏPiÇxÕÔèȬL +EYš«¡Gx¢d•<‰‚LJ*Í3•-eæzÇ®‹§ LRB£ +—:¶7ƒl‰[Œ{œ +H—Ó[tê•š‡oÏq‡Iûóü4$4ÄÐ +ŸŒÛätýË&L×Û?ŸŒxûæöí«›¥s4Nš¢scÐdÞT/9Û¹L- ÉâGá÷!‘8Îp)B 0oBÎk{ÇUÃ^Ô5f +Ê3‚ÂMIH³YŸ¯‡Ÿ»uQ;~Ý2yèÉaéžOSç úgZgN+â*`8鬍jGêï:±ãÖc“¶f*Hr+lÙHQqKˆn®ö3Œ&~f9ÉšõóãkÑŸ—ÑÀ̉sK¿ž˙ç°,ÜtŽ“º&ŒUakõ¬C^àç$¢ñ +ó[.±Ëüdވã1Kq@ÒÀ–pZÆ2‚0š„ÙŽÊ5,ŒÿܒïIWú[’æHǧexÚ¥Æ)9ôü”YŠ!ƘGÏ4jH/Œ8Çb¡ÀœÁÓsy mÕ +àâF®ž!c-ù>Ž;ØÅ +’—€ + +û`:lšV÷?` +F㻉¯•™ñïe­äƃڒáB»SÊ#Ø¢º€¥Ÿ©ž¹Ž$PÁù +gªŸiÊ4ènŠhÐr’isªèu +oaDR筆MíŒ 5õ5L æbdÜ  +Âv$Š +ªûšø“©p±k?b(ø¬æ`vR%ª!Ò²æ¹ù–áŠVákLŽáþQ© + +ñŸ6-¯ +­•zwb€â}ª +-`F€ä5®kÐ5‰Žº7Áq@; +Oàúè&ì3 2ß +v@í±µ^M×AÐè +æmn†•uÆÍã┾á󮵌Õ[=ðNÈã’ %‘o«ŠnjŸ€hö +t•Y"ê9ck²y‘(°Æ>ŸjöŸÏX +Iù‹.¬Rt?3 +ԁ6Qa4“Š˜œ[š;·À[®;ëë˜ÚäÈܪr‰/dæ +9­(ƒŒÎÖW^k. Wó^0ѓÀì&­šÃ]ceŽI}×q5\—²o©BÍdxó—ŠæÃË÷7¯oÞloÏt4%‰›cýh +šC²€ãÿ +¢ã®JÒéšÏ7–sígD§5 +Ãw¶ŽäáR®)\ºDzžZîµÓ §î+Vféis6dÖ¹£H‹ÃiÉ >Á<éÑŽñàš&ÏÔ Ýy¬ª·÷6²¡ëùÆp +OJqg™÷KaÎkæ;Ã;[çKGäáŽNÍ(6=å+Y.ÏWçÐ +1 +ñnxô› +ÄjŸwÎ +ž5ÏG•ÔKVµFž`_éOe;dSA¡¬,sQ +ÅdŽŸZ¡I;Ÿí”œí +ðø·ŒãVµÙ +ÝÑt"/ùŸÿN’캊m 1<•jzj¢”ž•ˆ~âfq`µšë}µ”{Ó£*³ü«S=äœuǹWǁ3úÀfÒ©ƒ7ägª9ˆuc³Õ̧<*K-›QNdO·UâþL1¶ÄÁhuÅ2ð5k·_œ¥hOÑZëjŽærtï; +° +0§O¬b±ºB¹y|b~? +ž:ÝâÒ©Ð}h>ä;V3 +mGôI£qxβ +COýž4NFÛ®ŠšªµœK—†.À)ŸÄÛ¹ÜÑBéx +kk÷º¹0"@_"Ô4ýq\eC¢Ž³ÔÁ«`1O,^œ¬ZfŸö|êê:ª­ù3™=X/ì 9ùµ +™Œ2’ùéÅßhÇ%‹ŸhcØ?Àq‰r# +Ÿø-u¹Ó¿¡Ò·> endobj +2300 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [235.077 657.763 274.09 666.674] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +2296 0 obj << +/D [2294 0 R /XYZ 71.731 729.265 null] +>> endobj +2297 0 obj << +/D [2294 0 R /XYZ 71.731 741.22 null] +>> endobj +194 0 obj << +/D [2294 0 R /XYZ 246.843 705.748 null] +>> endobj +2298 0 obj << +/D [2294 0 R /XYZ 71.731 685.607 null] +>> endobj +2299 0 obj << +/D [2294 0 R /XYZ 71.731 685.607 null] +>> endobj +919 0 obj << +/D [2294 0 R /XYZ 71.731 656.517 null] +>> endobj +198 0 obj << +/D [2294 0 R /XYZ 173.146 613.42 null] +>> endobj +2301 0 obj << +/D [2294 0 R /XYZ 71.731 593.28 null] +>> endobj +2302 0 obj << +/D [2294 0 R /XYZ 156.074 567.592 null] +>> endobj +2303 0 obj << +/D [2294 0 R /XYZ 225.533 567.592 null] +>> endobj +2304 0 obj << +/D [2294 0 R /XYZ 119.552 554.64 null] +>> endobj +2305 0 obj << +/D [2294 0 R /XYZ 292.302 554.64 null] +>> endobj +2306 0 obj << +/D [2294 0 R /XYZ 119.552 541.689 null] +>> endobj +2307 0 obj << +/D [2294 0 R /XYZ 71.731 520.356 null] +>> endobj +2308 0 obj << +/D [2294 0 R /XYZ 309.358 508.812 null] +>> endobj +2309 0 obj << +/D [2294 0 R /XYZ 119.552 495.861 null] +>> endobj +2310 0 obj << +/D [2294 0 R /XYZ 172.273 495.861 null] +>> endobj +2311 0 obj << +/D [2294 0 R /XYZ 205.877 482.909 null] +>> endobj +2312 0 obj << +/D [2294 0 R /XYZ 71.731 480.753 null] +>> endobj +2313 0 obj << +/D [2294 0 R /XYZ 71.731 465.809 null] +>> endobj +2314 0 obj << +/D [2294 0 R /XYZ 306.386 456.309 null] +>> endobj +2315 0 obj << +/D [2294 0 R /XYZ 360.946 456.309 null] +>> endobj +2316 0 obj << +/D [2294 0 R /XYZ 296.907 432.997 null] +>> endobj +2317 0 obj << +/D [2294 0 R /XYZ 357.321 432.997 null] +>> endobj +2318 0 obj << +/D [2294 0 R /XYZ 403.637 432.997 null] +>> endobj +920 0 obj << +/D [2294 0 R /XYZ 71.731 393.445 null] +>> endobj +202 0 obj << +/D [2294 0 R /XYZ 168.377 348.191 null] +>> endobj +2319 0 obj << +/D [2294 0 R /XYZ 71.731 347.975 null] +>> endobj +2320 0 obj << +/D [2294 0 R /XYZ 71.731 333.031 null] +>> endobj +2321 0 obj << +/D [2294 0 R /XYZ 426.039 321.59 null] +>> endobj +2322 0 obj << +/D [2294 0 R /XYZ 71.731 272.076 null] +>> endobj +2323 0 obj << +/D [2294 0 R /XYZ 408.296 259.125 null] +>> endobj +2324 0 obj << +/D [2294 0 R /XYZ 71.731 237.042 null] +>> endobj +2325 0 obj << +/D [2294 0 R /XYZ 71.731 211.14 null] +>> endobj +2326 0 obj << +/D [2294 0 R /XYZ 71.731 196.196 null] +>> endobj +2327 0 obj << +/D [2294 0 R /XYZ 71.731 102.213 null] +>> endobj +2328 0 obj << +/D [2294 0 R /XYZ 71.731 102.213 null] +>> endobj +2293 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2331 0 obj << +/Length 1289 +/Filter /FlateDecode +>> +stream +xÚÍX[o€6~ϯàm@ +Žml.Q[©]5œš[EêH}èVž$0‰v}±¹ +à\VQZE +Œ}|nßwˆ +áXA!ês+9]aë;?]-ájw"óÃöêæŽFV„"ß³¶{Ëcù<²¢Sk›þe8ÆU+jÇ¥ +Û +©ë‡²ø„1=œk‡p;n³²På^]óÒ!Ø>tÿ2‡ØÅA­ïã$˳6ó÷ö׫·ƒƒœäÑ'CÐ"Ë‚1B"ÄÁõ‡Èc¬ +áŸù9÷u)ÎÅÜtƏ0b„¬ÙŠˆEp3ٙ_/ ¥3ps¢®sÓc7œ± L*7 +ÚÚUy«ÝýVú{sǹÂq_ +÷}tÉsU]î³\üSÄ'¡D§ qµ¬+1‹òÄ•H²ýgI{êŠò£ÖKu=7B£Ÿí$Yd§b/‘Ïy«v²F]7çvŸŽqVltò®PöD†H»(?ÆÕÖ 4¿ûÒ +–¹;PFufPŽÌ +”Î݈vî:”Ûå +0¡BÌ40yÖ@~|¬ÊB^ujôñ ê +$ˆ­ëa†œV6EnۃÕéƒ,?©D*ÐhÆ“æXžóTÝï4p§žªDz‰ovªâ€]Õª²ÉŸ.à²îÙÒ%ESãæxŠ[µZ”²ôl’—“á·Rúðhâ' +ñà­è0j3²A‹ü¯ÈàOÈàE°AÆ>À–æƒ:J4%àçNŸ +(á +Š°6PÖV(‰t®Ú(AÅ +؛0–W˜áɲs(ô–õ’’ +{ +M>Š4;ŸL,aÔGëO‘¯aÉšÍÈ-bb‰òv +#sä‘א€£H»N’^Ûß2N]À¯i@αoŽY"®;.`‰ŠžbÁc'\×JPÔõëXósv8š8ãQŽ‚ |+ÒLÔYÓ˘h#Ý]! + + +^øF”Qº–måœ s„P¿æ“š†§ ç¢nJ@š/ƒAÐWå¡ ³0ÇjŒe(BDž,n#Ç#9 +%j=)O§žHÝ<+„Z)+9ò®€_”ÞŸƒØÛ£ž‰³HýÆ(ºž`û2—u újÖÍ՚_2ôK¿äø­ýR¹šõjœ$¢jA¯Hoä§â”ZÄÑêåöî ² +º/”ÈÈUþ/ +AU²- +™+IŸ˜ŽŠu4U* +»nU;^ êh‰Ô +‰<]:÷S4¢:&Oåq/¡Éóa,îÇ_uLݟÎM;) +Þœ +Ä/ú-àºX!ÁȀ®³i·U'TÄ]w†õ1†lQŸAy2ã¬e€ԌôÒÜ +°ž›_C{bŸÃ›q{òjwsÍòN‹üþMéMˆ‰Î`ò"wÌ9,u±AÉwKVŒ(Hez‹š5·v M\IJê?Nm‚Z +œg  +ÌÐiéªg†niîÐÍͯA71ïºG×íNÄ­›­š +‹Ü‡ùÔ{G?Ÿvý÷ŽþsF#’²H›ŸhÛGÑU0<íÚn"Ñ ñ4F +1AÞs8ȘQT"êfqaëÎl¯A8ÚvÝPƒdÁ(ïÆiZ/3Ï9Üœz^¿ÿ=ž! +ÕãQŒíµ/·FM_„r€Òëg˜ZTeÝ^V® +;dl·rKŽó|ë/k,D! žüö6Š,²Ë‰ÌjÐkéʓŸ‘--ý +ßJÔMendstream +endobj +2330 0 obj << +/Type /Page +/Contents 2331 0 R +/Resources 2329 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2292 0 R +>> endobj +2332 0 obj << +/D [2330 0 R /XYZ 71.731 729.265 null] +>> endobj +2333 0 obj << +/D [2330 0 R /XYZ 71.731 741.22 null] +>> endobj +2334 0 obj << +/D [2330 0 R /XYZ 71.731 708.244 null] +>> endobj +2335 0 obj << +/D [2330 0 R /XYZ 139.477 690.411 null] +>> endobj +2336 0 obj << +/D [2330 0 R /XYZ 139.477 690.411 null] +>> endobj +2337 0 obj << +/D [2330 0 R /XYZ 206.226 690.411 null] +>> endobj +2338 0 obj << +/D [2330 0 R /XYZ 71.731 669.271 null] +>> endobj +2339 0 obj << +/D [2330 0 R /XYZ 71.731 633.375 null] +>> endobj +2340 0 obj << +/D [2330 0 R /XYZ 71.731 618.267 null] +>> endobj +2341 0 obj << +/D [2330 0 R /XYZ 139.477 602.491 null] +>> endobj +2342 0 obj << +/D [2330 0 R /XYZ 139.477 602.491 null] +>> endobj +2343 0 obj << +/D [2330 0 R /XYZ 226.281 602.491 null] +>> endobj +2344 0 obj << +/D [2330 0 R /XYZ 71.731 580.543 null] +>> endobj +2345 0 obj << +/D [2330 0 R /XYZ 71.731 545.455 null] +>> endobj +2346 0 obj << +/D [2330 0 R /XYZ 71.731 530.346 null] +>> endobj +2347 0 obj << +/D [2330 0 R /XYZ 139.477 514.57 null] +>> endobj +2348 0 obj << +/D [2330 0 R /XYZ 139.477 514.57 null] +>> endobj +2349 0 obj << +/D [2330 0 R /XYZ 226.281 514.57 null] +>> endobj +2350 0 obj << +/D [2330 0 R /XYZ 71.731 492.623 null] +>> endobj +2351 0 obj << +/D [2330 0 R /XYZ 71.731 457.534 null] +>> endobj +2352 0 obj << +/D [2330 0 R /XYZ 71.731 442.426 null] +>> endobj +2353 0 obj << +/D [2330 0 R /XYZ 139.477 426.65 null] +>> endobj +2354 0 obj << +/D [2330 0 R /XYZ 139.477 426.65 null] +>> endobj +2355 0 obj << +/D [2330 0 R /XYZ 244.791 426.65 null] +>> endobj +2356 0 obj << +/D [2330 0 R /XYZ 71.731 404.702 null] +>> endobj +2357 0 obj << +/D [2330 0 R /XYZ 71.731 356.663 null] +>> endobj +2358 0 obj << +/D [2330 0 R /XYZ 71.731 341.554 null] +>> endobj +2359 0 obj << +/D [2330 0 R /XYZ 139.477 325.778 null] +>> endobj +2360 0 obj << +/D [2330 0 R /XYZ 139.477 325.778 null] +>> endobj +2361 0 obj << +/D [2330 0 R /XYZ 229.857 325.778 null] +>> endobj +2362 0 obj << +/D [2330 0 R /XYZ 71.731 303.831 null] +>> endobj +2363 0 obj << +/D [2330 0 R /XYZ 76.712 260.772 null] +>> endobj +206 0 obj << +/D [2330 0 R /XYZ 427.288 221.4 null] +>> endobj +2364 0 obj << +/D [2330 0 R /XYZ 71.731 198.505 null] +>> endobj +2365 0 obj << +/D [2330 0 R /XYZ 71.731 186.366 null] +>> endobj +2366 0 obj << +/D [2330 0 R /XYZ 71.731 185.121 null] +>> endobj +2367 0 obj << +/D [2330 0 R /XYZ 137.484 168.1 null] +>> endobj +2368 0 obj << +/D [2330 0 R /XYZ 137.484 168.1 null] +>> endobj +2369 0 obj << +/D [2330 0 R /XYZ 71.731 152.991 null] +>> endobj +2370 0 obj << +/D [2330 0 R /XYZ 137.484 137.215 null] +>> endobj +2371 0 obj << +/D [2330 0 R /XYZ 137.484 137.215 null] +>> endobj +2375 0 obj << +/D [2330 0 R /XYZ 71.731 135.059 null] +>> endobj +2376 0 obj << +/D [2330 0 R /XYZ 137.484 119.283 null] +>> endobj +2377 0 obj << +/D [2330 0 R /XYZ 137.484 119.283 null] +>> endobj +2378 0 obj << +/D [2330 0 R /XYZ 71.731 117.245 null] +>> endobj +2379 0 obj << +/D [2330 0 R /XYZ 137.484 101.35 null] +>> endobj +2380 0 obj << +/D [2330 0 R /XYZ 137.484 101.35 null] +>> endobj +2381 0 obj << +/D [2330 0 R /XYZ 71.731 99.193 null] +>> endobj +2329 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F21 781 0 R /F11 2374 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2384 0 obj << +/Length 1645 +/Filter /FlateDecode +>> +stream +xÚåXK£FŸÏ¯°&‡ÁÒÒŠæa%‘’ÕN +J¢UÖ9D»{`LÛFáaž‰÷קªÐ +Ìd•CrˆF éªúêõuaºòà®bJâ.~Jüˆ­öՍ·:›ïnšÚáª-®±çÛÝÍæÞOW)I£`µ;¬‚Ð#KWqà“„ù«]þÞy}ÊÎ=o×®Ï<'$òúº©?xžŒŽkʜ¬/šZŸhòZ6kê9Gñ¯XS§>ÊõC¶/Ê¢/x·þžûñæÍnÈ|JÿE‚4 qš¬\ß#©O÷P?&Ì÷ÁO/!AŽ~Æ£Ÿz“Þƒ~22EDƒ˜„Iž24isÓëh^ÉÌÍaž*Fó®›ÕYyý‘ö=Ç­³Š#žÍ=¥£`”„` %Ÿ”ïMÅ1‰ÃTœÎÚuCfJh@ÂHïúZ)1ƒã_ÛøaÈÄ5ªúSÑÉ»°T +Áuž”b„!!¬1ébH µX@qâüʏEeUˆÂ€ +Ÿ‘×L^Þ¶ŒŒä\>@¶åM&e]¹ðß°œxa˜‚>ƒ +‰H$ŒŸãu' ƒ8usn°|KŸ• ƒ†”æQåÿý:€œJŒ, +ÎX¯ø“ZÊù%²KÙË +nn^™ÆµÔ±„wwkh—U§¬šïTŒŸo°¹žÐaŽZ×>C§aç+ÄœrVˆ6Ž­ôWmêdG‚Ÿ@OË[ќJÚQ}Q–òö”å +Í; +D>~ð˜y¡Ž{x9* ì§Ê+€¶îDeÖËÔB€k±p­?eŠOcì[eZSok΂˜æEB#è#ݪÔޚuñ•b +„ŒXŽ +#ÉÐ[ÄCQòyñ i¬vaØŽOC +Œÿ¹èöuqì †Ën‚Ž÷ºDž}šÐcV¢/ +oݜ#ޚç‹ÕCæýíê +a**tý Ù»Í5Ó +(pm +Ù¬reÌU˜:™æyÛ7ÊÚ±\ŵ¹È›š +ÄŠ™‹†Pkš±µˆûSÓõš{”‚—QDWOR&}CÎ8ò™µys|:ò§G +‡$¯iâÜ,Ï1Þó`Æ>‰<ð}Sµ\Å +˜PKÀЈb&IDS±[;yžó +‰`q4@±a™–ë¬àӐ–ŠÎm‘Wü°}’¯²Œ*êm{+m$ +©°á‡I§ç‰!",ÑŸ +aD"ŒSm +'Ï·ÏÕnÀ¡i +AH@åtáJ +¿uâ À[ PIŸø°ûér;‚:=lëäÊ¡m*y·¹tíŠlöY¹áý~£‚µQŠ6B®ìÈŸ©‚ïñ„‹aÊ1¹EáøŽ×ŒúÉåãüªÌŸ8êÙÊGð3”wEß‹«"Sß7—þÔŽE¯ÔìyÛ‡bªÀŠ\,‹+ݗº,ª Œ vóšuu +D. +sžÉŽø±ÆÐHQ“y -„¯[žõƒš!C(lgIQéFÕ/!/žmTIV‚üª`ÜÍû1$EÎkUC‡ÆnC(Az,d±ú,% +'Îç8󘵛îÜ4åàÒÄ;ÔVÙË)š}.Ü"Ÿª­qÉR€k +{Ð΂‘ÊߑiqkÝ(”kjéz±7äãí„dnår£mŸžîÄöÑâq÷týÑò +ì]03 +&‡’f«Å +_Ìv¢0hêi҈« +Š’‘€|ŸÁ©LèÎ`š8Zó +ëÀ7u&peü<é¡ÊDœŸ•åÀlDöaÎÿ̪s¹à'ú8ã|ÛOPJ(šŸ]ˆãN +î¢9ÔôêvQYÆÀëRšŒRžƒ# +¹ân©zµlB +Z¢å{^< +™y¡hd +g†_~鿚:˜!XšsםšK©‚õÀ3Év•6ÑiaWVŸøŽ>Œ{%;õ°Ô +âÍ0MBKq˜²Œ55z°ýœÌ<‰_æZ¹mÈBéŒ-yÖq-Sñêa¬ +¬—Íû +,n¬;«ÀM&Õ +Pç×9ýŒz +®ŠA†·jiâΛz^ËE°ªŒžõvÝ4ĐÒG8T,{†ø¢÷¥ŽmVÙŽf +³¹¥øZ™Bµ]2õ90ΘÖÔ¶0dÂgMþ~È +†íg9gaâSú†Œÿpà‹þŸù»–ú%’“À·êK¿Ž[f¿a1À˜€¶ ր=ó›ÞÜÒ_ +}wˆendstream +endobj +2383 0 obj << +/Type /Page +/Contents 2384 0 R +/Resources 2382 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2292 0 R +>> endobj +2385 0 obj << +/D [2383 0 R /XYZ 71.731 729.265 null] +>> endobj +2386 0 obj << +/D [2383 0 R /XYZ 137.484 708.344 null] +>> endobj +2387 0 obj << +/D [2383 0 R /XYZ 137.484 708.344 null] +>> endobj +210 0 obj << +/D [2383 0 R /XYZ 412.167 663.99 null] +>> endobj +2388 0 obj << +/D [2383 0 R /XYZ 71.731 660.798 null] +>> endobj +2389 0 obj << +/D [2383 0 R /XYZ 71.731 645.854 null] +>> endobj +2390 0 obj << +/D [2383 0 R /XYZ 203.048 625.734 null] +>> endobj +2391 0 obj << +/D [2383 0 R /XYZ 464.889 625.734 null] +>> endobj +2392 0 obj << +/D [2383 0 R /XYZ 255.616 614.077 null] +>> endobj +2393 0 obj << +/D [2383 0 R /XYZ 321.465 614.077 null] +>> endobj +2394 0 obj << +/D [2383 0 R /XYZ 71.731 564.563 null] +>> endobj +2395 0 obj << +/D [2383 0 R /XYZ 196.313 551.611 null] +>> endobj +2396 0 obj << +/D [2383 0 R /XYZ 249.712 551.611 null] +>> endobj +2397 0 obj << +/D [2383 0 R /XYZ 190.106 538.66 null] +>> endobj +2398 0 obj << +/D [2383 0 R /XYZ 71.731 526.541 null] +>> endobj +2399 0 obj << +/D [2383 0 R /XYZ 71.731 526.541 null] +>> endobj +2400 0 obj << +/D [2383 0 R /XYZ 163.128 517.041 null] +>> endobj +2401 0 obj << +/D [2383 0 R /XYZ 71.731 167.639 null] +>> endobj +2402 0 obj << +/D [2383 0 R /XYZ 71.731 167.639 null] +>> endobj +2403 0 obj << +/D [2383 0 R /XYZ 167.97 157.39 null] +>> endobj +2382 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F11 2374 0 R /F21 781 0 R /F44 1165 0 R /F55 1335 0 R /F34 797 0 R /F46 1173 0 R /F47 1176 0 R /F88 1647 0 R /F68 1635 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2406 0 obj << +/Length 1529 +/Filter /FlateDecode +>> +stream +xÚµX[oÛ6~ϯ0Œ‘ˆ&uWÞÚ -: +C°x؆u²E[DeÑ©dî¯ßáMÛq‹ +C€P¢ÈsùÎ9ß!MfþÈ,%( +ar$ñl³¿Á³ +|ùpCì +ß.ñGkÞ®n–ïƒ|–£< g«í,Œ0Jâ|–†Êâ`¶*ÿô +ªâ i»ðƒ{2ão>a +ìºvAb¯Œ7æߚ±æ +‚œþÇÄkvf~[lXÍ$£bñ×êǛw«ÞÀ8 ( +®º`—œ¹%³ +\H” +„ä(ӓ;à‹8 2‰Šv7Ê!öjvšø!í•cÄá"Å.|·Ç[ë‘Nï‰QEKó8h˜šhÙ +Ô ”ÚªŠ( 3º’š©é hœÁ–Ö̬AÜŠ•091î/S?zʜr¿*Øþ_‚a[¶³IFf$Baä$ª¶K2-1B9 +UèÒÌûEó&muÝ© + +3<uæ£Ì<šèšæë«ØµœÊ¡GB†1T9ŽH­ôÉ9 +ۛb¯š—*:np»·(DƒÈÕ[ï¡Êm³œfëÉYwÖøÊN‰smŒÌ)æRãí“îDŸÛ‹DD@W1h1ùèrÝ°ð8k‡Œt_†ÀCÂ&œl‡€ˆ°ww’ž +=-Ž¶;)7éRs"ÒÖ Ñmyë$¹6|«J + +žG‘>ãø$à0ג.PY„²ÜQÙi±Yº©™>eL'Á +Å/Myn 1ʱò-\cƒŽß·_ *Gœœq[aù4埧qUú~ǬÚ8 +Ò0 !|nV +üàŒòý Úsy)F$K솿‘þ;Ç2ÌPЯr}3ÍQ¢ÆMí-—Õ +à&N(5ŠÅ€Lu> endobj +2407 0 obj << +/D [2405 0 R /XYZ 71.731 729.265 null] +>> endobj +2408 0 obj << +/D [2405 0 R /XYZ 71.731 547.135 null] +>> endobj +2409 0 obj << +/D [2405 0 R /XYZ 233.245 535.592 null] +>> endobj +2410 0 obj << +/D [2405 0 R /XYZ 71.731 487.607 null] +>> endobj +2411 0 obj << +/D [2405 0 R /XYZ 119.552 463.861 null] +>> endobj +2412 0 obj << +/D [2405 0 R /XYZ 71.731 461.208 null] +>> endobj +214 0 obj << +/D [2405 0 R /XYZ 412.167 423.243 null] +>> endobj +2413 0 obj << +/D [2405 0 R /XYZ 71.731 420.051 null] +>> endobj +2414 0 obj << +/D [2405 0 R /XYZ 71.731 405.107 null] +>> endobj +2415 0 obj << +/D [2405 0 R /XYZ 71.731 358.785 null] +>> endobj +2416 0 obj << +/D [2405 0 R /XYZ 196.313 345.833 null] +>> endobj +2417 0 obj << +/D [2405 0 R /XYZ 249.712 345.833 null] +>> endobj +2418 0 obj << +/D [2405 0 R /XYZ 164.104 332.882 null] +>> endobj +2419 0 obj << +/D [2405 0 R /XYZ 369.054 332.882 null] +>> endobj +2420 0 obj << +/D [2405 0 R /XYZ 182.664 319.93 null] +>> endobj +2421 0 obj << +/D [2405 0 R /XYZ 260.721 319.93 null] +>> endobj +2422 0 obj << +/D [2405 0 R /XYZ 71.731 297.983 null] +>> endobj +2423 0 obj << +/D [2405 0 R /XYZ 119.552 274.102 null] +>> endobj +2424 0 obj << +/D [2405 0 R /XYZ 434.283 274.102 null] +>> endobj +2425 0 obj << +/D [2405 0 R /XYZ 71.731 249.031 null] +>> endobj +2426 0 obj << +/D [2405 0 R /XYZ 71.731 249.031 null] +>> endobj +2427 0 obj << +/D [2405 0 R /XYZ 148.603 239.532 null] +>> endobj +2404 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F34 797 0 R /F55 1335 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2430 0 obj << +/Length 1465 +/Filter /FlateDecode +>> +stream +xڍWkœ6ýŸ¿bŽªF* + +˜ÇJU»MÓŽUšFÝ­ª*‰*x+ + +aȆßëÃc’T# +ì{Ï=÷ ÞðÛ£4‚K˜£0!›âtlŽðæå +¶;|»ÅŸìùññf÷s˜or”'Ñæñ°‰â%$߀Qˆ2n +Ë·ÞóŠž;Öný^ŒÌõ¹hÞAxìÛ-& +ížhÌ +q0×Zlqà +õßb¯9šçZðšwœÉíûÇßn^<ŽIˆQ~Ñ»eeBœl20!Q&`œ#ÐÓ CQ +kd_LÊC_×ÃÖO‚À+ZF;Vš›^n}ì)õ+Zä +Rð@«F(‘óÀ)쮖 +¹ZœŒBŽ-SbŠ® +ôa`6œ0 +’§iª%Ý7¥¡£«ž4+wí*f%§µ°¬9vÍË8÷Šš³Š»3zŽùAjÕG εš=•Õ7vO:îò¢8ÕÔh›|Z–œt +øŸyÚК#yî=ÐSEyã^÷ÜZ +ž''ÚÐ#Ór¬ +Š(€ž`Ž.ò-?ŠáQŠqŒOæܹfT2³– +m;³ŒÕŒŸ +Ú[óJX\š +µø݀17•VÄSîrnÅÀ1ÎDo7pYYQÂ\AÑBvÃ4Nì)ó 1éòf‚¿e'vÚ;$]E-’A(C¬VY‰Ÿ.ÇØ«­œsÇXS.ü-*xJVsà‹Œkófl@ÐŽÃUØ-$ÈžÇmÊ,¹¥hØxNû-_™Û»ÅÈ +òÁŸÎPvŠR>‰ÖÚznÅG^ºüÙ‹£·“2¡‰œÛñä±¥§k)úâ‚Ýdhkk“Ec€8HÁÒ݌Ÿde`!€çö4“xŸ3ðš4Ð°¢ãª +Nm +²ÊÖ1lß$“éŽÁŒ2¯TmcÀã5:þâLO•]üäÂŒïŽNðCB +ùÁ¥^*%¬œ’ð +±KC•%IÏ»3&kÞ°»+Ù +!"8ƒE„”hQÖ§ºÇÜ¿zeߙËë?ÞÜ?<üýÓÝNí3íª]'v³”]~ÚÖ8CN¿øI{Ù²ú¢%P$ó,wRÌ(ý̧çZÓq«áendstream +endobj +2429 0 obj << +/Type /Page +/Contents 2430 0 R +/Resources 2428 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2292 0 R +>> endobj +2431 0 obj << +/D [2429 0 R /XYZ 71.731 729.265 null] +>> endobj +2432 0 obj << +/D [2429 0 R /XYZ 71.731 741.22 null] +>> endobj +2433 0 obj << +/D [2429 0 R /XYZ 71.731 663.698 null] +>> endobj +2434 0 obj << +/D [2429 0 R /XYZ 71.731 640.035 null] +>> endobj +2435 0 obj << +/D [2429 0 R /XYZ 71.731 640.035 null] +>> endobj +2436 0 obj << +/D [2429 0 R /XYZ 148.603 630.536 null] +>> endobj +2437 0 obj << +/D [2429 0 R /XYZ 71.731 342.327 null] +>> endobj +2438 0 obj << +/D [2429 0 R /XYZ 119.552 316.613 null] +>> endobj +921 0 obj << +/D [2429 0 R /XYZ 71.731 290.297 null] +>> endobj +218 0 obj << +/D [2429 0 R /XYZ 336.57 247.199 null] +>> endobj +2439 0 obj << +/D [2429 0 R /XYZ 71.731 223.444 null] +>> endobj +2440 0 obj << +/D [2429 0 R /XYZ 176.548 214.322 null] +>> endobj +2441 0 obj << +/D [2429 0 R /XYZ 319.171 214.322 null] +>> endobj +2442 0 obj << +/D [2429 0 R /XYZ 119.552 201.371 null] +>> endobj +2443 0 obj << +/D [2429 0 R /XYZ 71.731 166.337 null] +>> endobj +2444 0 obj << +/D [2429 0 R /XYZ 119.552 142.591 null] +>> endobj +2445 0 obj << +/D [2429 0 R /XYZ 243.844 142.591 null] +>> endobj +2446 0 obj << +/D [2429 0 R /XYZ 375.021 142.591 null] +>> endobj +2447 0 obj << +/D [2429 0 R /XYZ 71.731 130.472 null] +>> endobj +2428 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F47 1176 0 R /F21 781 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2450 0 obj << +/Length 1904 +/Filter /FlateDecode +>> +stream +xÚÝZùkÛHþÝ +a +µ!žÌ©£Ð +mêvSÚŽuÜÝ +n)Š%Û¢²äJrš°ìÿŸo.I>€B, +èzó®ï›é=“!†?2t r +šš#†‹ÍWðä倉‰™4džÍç/š?ô‘ï°á|9d +#GøC—Qä :œ‡Gë`[FùxB +q€Yú7ÆtµËÇDŒ‚2ÎRý [êc’ +­Ô¿xLFéJß_‹8‰Ë8*Ɵæ¯Óyå  1Ú‚9Á­C ÄG\w±‡ç*„«HzyWži‚0Ô'å:Ò'E”ßÆ +sQfͧÜ¥Á*Î +}SFDÒ÷óÜz`ÖQf +@ØuÁOip±Ž_Ùf€a˕ +ÐôÓ'ˆ ++ÿäX!Xv`|8a +Q×Qr¿Œ'Æ£ÇJÿç"جƒ8}¬o*sã €:Ô7Âh§±‚Žƒ¥ !€®Ö€ +F‘iøÏ 1óèsl¬peZÚó +£’ÊÄù®ÈÏoâôŒ£vaŠoOvú˜gY©Ï +}žžÎȣ󜍰!ïÙt•ÍS +’Ç&wRclyXA¯-î‹2Úè; kpoĂ/’–&ÙÆr$ÞDgöŠ>Þg;3Þþ&‡i¹O«8]äQPD~H’a˳m²[Åim,ەUÐùfnÞK‹u®Žc[f ÌC*Fߪg‰šŒ‘uå‘G®Ï +15õO3X8ˆzŸ\æ™IŸƒ÷ãžNћÀÀ +5ôJ‰™†Ÿ5ø&ì§DRFc~_M€ù:J`~KyHÉv›gÛ<ÊjÄ¢^Ô* š`eÅqT”S„}›cõtö + ®c%5 ‘‘"Câ"J„Ê H󖪥8G@|ðÄõF×÷E’PÏ]䁢f‚ªÉ€ž'‰ *Ò"©KȆ!¡æNj3"¯nåJåz7Ɂ„jû„žHÉ„ôRošÝyœåÕ.p<öÌÀ 8drñäpã°+>§ +qÎä®ðuðñ +†°ƒŒ`Ä|oø +Î1"À̀cªŒéëdp=xÿ#¬y9#9ÄÊ[ +«AÔè3#œ¯eb£˜pØž$ÐÕæFY¥àó‡ +ð瞧Rt­6·[‰ÉýajÅȃ=€¡óÇ=ŽÊ:=d”# +7ö<Ô +U|5ÈßïþHíô㩄K8à© +ö“‚ù +ØåNŸíB0ßA„Û­ýfLñh·jcCCalèrϲ¡éÞë·/??Ÿ>“«Á‡—m4èÅÅ=ø?= +\XÒ ïŠ `Šò +§Ë¬•µ®>ÐáYŀ†g’—W/Þ¶‚߇wl +p(â.í߈;D¿·e¥|ßiƒ¿ÖÖü +ŸUð7|“ð_œ +s<š_^L[IЇl€—:BýnPEôŸ«¿?òŽ•µŸ>hÐá]Eƒ†w’Ž ìT¿Í®.¯Ú·‚>Œ|`«#ÈõŸóF ¿ã̧ï&È¿Ž’ ÖÕ :<«HÐðL’`:›µb߇s +{߁\tcœéÍ6ÊóVèkU}@ßáX}ñïA߇slýÇü—ÌöõF»€­Vìk]}`ßáY +}Ã3‰ýÅìrÞ +~Þ=¬yO=`Ñìžz +r¹.I”·‚_ëêûÇ,ôMÇ$ô¿œžÎÆŒÿµá߇ƒÿïÜߎÁ«oW³‚ +x=võºø&*Š`e«kI‰7ZÙL¹L=η +Ö،ÖA^ +önl)s›Äe£Vw\Í +̈1mš<ÏLu9Œ–êMr—ØJ!KŠ'«‰»fa»Y°Ö?£Ž”å%óx,„-K>>Û·_Mô ò\ÞRL4-¥ûj>:ì0E·]·y¶€„˜¬ã.‚ªå+€óöjöéns堀ì—ƒ0Œë’óQ‘Zv%4<ÈæµÑܘW•n[k“‰Qš™ähªXòÜ4Žf¡ò;2)žƒÓaœËjxMi˜üUŠ)–5p›j]ð{!óOõ!êZ¹ÃUï7;F¿Jîîôòˆ0ÒÍzüW`Íñ±-<¿‰‹Å±² ó(bœîá²Wñ·mÌ*‹ªái›Üï*ÛÛúû~՞ڪýû×úäyP7²dUÔéqaÉt`ùpƒõä™Mß«ªÙålúfz5¿¶m^r]äPb‚Ÿ¯ãB›YŽY“ p'ŸîVó +V•RŸÝËÒ¡êdÁÅ:W·ÇHßœ¶qɎLšï|‹ËµUb01žõh2‰Ò@U'“hr·I&U.,€Ù¶žMLÈÒœV£š'6ÂL-’ð¹c‚©ªÎ›zM ++E8þõÆ  gó±ë°> \q.HŠ#S&h™$†àD0 +bÄNŒ3-I +:­Æ•xy"ýavÀˆÇtùà"K<(ä +Q)V+ÌÙák~À=˜MnçÏj‘£_ È?ƒ©kDd`Ìkiç[ú1menendstream +endobj +2449 0 obj << +/Type /Page +/Contents 2450 0 R +/Resources 2448 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2476 0 R +>> endobj +2451 0 obj << +/D [2449 0 R /XYZ 71.731 729.265 null] +>> endobj +2452 0 obj << +/D [2449 0 R /XYZ 71.731 718.306 null] +>> endobj +2453 0 obj << +/D [2449 0 R /XYZ 274.629 708.344 null] +>> endobj +2454 0 obj << +/D [2449 0 R /XYZ 71.731 607.469 null] +>> endobj +2455 0 obj << +/D [2449 0 R /XYZ 254.345 582.615 null] +>> endobj +2456 0 obj << +/D [2449 0 R /XYZ 71.731 570.496 null] +>> endobj +2457 0 obj << +/D [2449 0 R /XYZ 71.731 528.366 null] +>> endobj +2458 0 obj << +/D [2449 0 R /XYZ 361.651 516.463 null] +>> endobj +922 0 obj << +/D [2449 0 R /XYZ 71.731 513.061 null] +>> endobj +222 0 obj << +/D [2449 0 R /XYZ 171.252 469.964 null] +>> endobj +2459 0 obj << +/D [2449 0 R /XYZ 71.731 446.208 null] +>> endobj +2460 0 obj << +/D [2449 0 R /XYZ 71.731 446.208 null] +>> endobj +2461 0 obj << +/D [2449 0 R /XYZ 298.498 437.087 null] +>> endobj +2462 0 obj << +/D [2449 0 R /XYZ 71.731 435.05 null] +>> endobj +2463 0 obj << +/D [2449 0 R /XYZ 71.731 423.842 null] +>> endobj +2464 0 obj << +/D [2449 0 R /XYZ 71.731 423.842 null] +>> endobj +2465 0 obj << +/D [2449 0 R /XYZ 71.731 265.436 null] +>> endobj +2466 0 obj << +/D [2449 0 R /XYZ 434.029 255.473 null] +>> endobj +2467 0 obj << +/D [2449 0 R /XYZ 211.426 242.522 null] +>> endobj +2468 0 obj << +/D [2449 0 R /XYZ 71.731 207.488 null] +>> endobj +2469 0 obj << +/D [2449 0 R /XYZ 328.516 196.694 null] +>> endobj +2470 0 obj << +/D [2449 0 R /XYZ 393.173 196.694 null] +>> endobj +2471 0 obj << +/D [2449 0 R /XYZ 501.894 196.694 null] +>> endobj +923 0 obj << +/D [2449 0 R /XYZ 71.731 180.34 null] +>> endobj +226 0 obj << +/D [2449 0 R /XYZ 231.523 137.243 null] +>> endobj +2472 0 obj << +/D [2449 0 R /XYZ 71.731 136.348 null] +>> endobj +2473 0 obj << +/D [2449 0 R /XYZ 71.731 121.404 null] +>> endobj +2474 0 obj << +/D [2449 0 R /XYZ 426.039 110.642 null] +>> endobj +2475 0 obj << +/D [2449 0 R /XYZ 268.492 98.986 null] +>> endobj +2448 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2479 0 obj << +/Length 1928 +/Filter /FlateDecode +>> +stream +xÚ­X{oÛ¶ÿ¿ŸÂ.`ˆhœeeë°>Ü.CšäÖÞ]md‰±‰Ê’*Jkýíï!yHœœn†À% +ž7çÎ̆?g9$òàáÆÄ +ƒYzzfÏ0óö™ƒ’X=š—»g«7n<‹I +z³ÝãÌómñ,ò\²ÜÙ.ûuñê˜T +­—–Ø +Ÿšç«²øͶÝC[/`‘4¬,ÔDùšžy¹tìÅAþcKgQ +Ô÷Ç$e9kåËßw?=Û쌂ëÏýª H21Á÷gk0!&8^Lü(šEöšx0!LHŠ +€Gk¥ +<Ó²­9UãϬ9ªQs€B©Õ›ÀéøÅ6qíä +F–%š­,i’}Âéó>š} +Ök„ž ¬Ð5Àþ7;°?irç°x®†§déً³zÙã|Rמµâ×H*?òOù•<³œhM¢0†‘‹€Ðªäô|M%¡âP‹/IšSÁ¡ûšžÙ>õ +"™ÚÀ-$¡§žÝ ÏÎKÂÛ¢rڊ–3Ú§ÜꑃÞxG9OôGšdPÇ +ÕhŽ«iÚ°?—n°@Y¬èa»,ŽMJWÛnŽDÂ·ÚÐDkMk+£‚liArÒ +œéGdíko†R‘“RZ-<*Õ!‘¯tè> +¿à4oµ_šcҌŽÍKtpRW>r'oXž«¡Ž<ÉŠî‡w·W:1²±ŒD/2Â2*íNÚŒ11í2„ÚƒOJ¯ w€Šš(¹Q‡–C7€Ýh“5ì +‰m]u~V›üÝyû_©-ŒD2Öt +`Ÿ) +`p_˄Tk +°S•Ó°£ÙˆŒ¡ +>"mÛª*ëa¥D€jÖ°/÷¯_ŸBnÜØï’1­'Uڋ(¶È­(5Û6—6ùñPö +¢œr7 +0/äØ$Œç'±WÉq®§{.r5gûê“õHaFì;£êH|)ÍA볶{­o#­IËSÅò +K1(ùZ}º+•ŒMS5µ÷ÔŠ+ë³Ô +]s–› +i‚ü[NGö#Ωd锡Û>jl/‘¥?·nV u%€qéE°‘œÅ +U_©Ø +ÓOlÑ0ô%žŠø·Nê³y‘ +Ӝ öÕIç' ’|= +E„ðŸ÷¥³W-¯W{V¬òìÚ8Ëp®ÖQŽrPÁšS4ÿ¶§Ÿ§Á8ððíÔÃ}—\vuä‘(Œ«AÜ-'ðÈ:šY.” +[IŸ+z=Åv7 Ÿ­ëÀƒÐ®HX\šƒ +¿X>®Ò–E‹DnלZŒŽOš5»;2D5ýDÈE,µrÓ.œ@§@î%Š“€VGAëÕ(8º1Po\žºþSÔ[ +:¹ÎۓƷŠD +Ò!.t•&ùôžˆÙcŠ&':ä;_–Ó¶ÔËùS+A͜^FÁÇw +€Êƒdï +‚aÀ +(ªùâéÁ»œí%œÀ›Bc¹L÷0ð"Š®‰`–lÅRðÅg!®¬%ŒÂ§Ýr +¯Ó +w¡C°c³(Uéœ4t?HÈØÓ]›² +øêð¬”ùF5Âþ²9‰-úÌކªé§À#––y{*øÄ»Œ7µpŸ<ÕÈLR‡ÀwÈò €nôáD-’EžÀIl¡ËËœ¬5áÃcn‘cs!Kîð<ˆ§r¡fÂ\ +‡-Ž ï҇œ&ú¡ +¡é› +GЩåWÚt© +0jÎÔr§å +µÅ"„Jöљðç‡×Kàðbé€J»M߁qÆt§44‡Hòh‘ê + +Ø3ˆ+2*è¿üóîrƒSI/öeӔ§á•ËÅÀª;lÜPŒÄ® + +Î/T‡î,¬‹QwñÑ +÷TÈF†Ë|èùÆ»T³æB.Š®Ç×mìÈ÷\(ñ7OÕ/°3ÀEŽRŒl +fîÔÔ͎žWÍÕ}ɀH7™ŠD›º>¬Õ§–7ÃvTŽÛ¹î|X1b“‚Hs +38ƒÊãåŽÅܟMÛÐíôy'©ªº¬j–4æÜ#zhʏe®êz•ëñí!Þnúk²v¢¯Þv$“ëϲǃìA¡­?qO9•ôþŸßendstream +endobj +2478 0 obj << +/Type /Page +/Contents 2479 0 R +/Resources 2477 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2476 0 R +>> endobj +2480 0 obj << +/D [2478 0 R /XYZ 71.731 729.265 null] +>> endobj +2481 0 obj << +/D [2478 0 R /XYZ 229.686 708.344 null] +>> endobj +2482 0 obj << +/D [2478 0 R /XYZ 71.731 689.711 null] +>> endobj +2483 0 obj << +/D [2478 0 R /XYZ 218.048 680.05 null] +>> endobj +2484 0 obj << +/D [2478 0 R /XYZ 71.731 618.879 null] +>> endobj +2485 0 obj << +/D [2478 0 R /XYZ 119.552 567.073 null] +>> endobj +2486 0 obj << +/D [2478 0 R /XYZ 119.552 541.171 null] +>> endobj +2487 0 obj << +/D [2478 0 R /XYZ 71.731 539.133 null] +>> endobj +2488 0 obj << +/D [2478 0 R /XYZ 71.731 524.189 null] +>> endobj +2489 0 obj << +/D [2478 0 R /XYZ 71.731 476.712 null] +>> endobj +2490 0 obj << +/D [2478 0 R /XYZ 388.645 450.809 null] +>> endobj +2491 0 obj << +/D [2478 0 R /XYZ 71.731 412.787 null] +>> endobj +2492 0 obj << +/D [2478 0 R /XYZ 71.731 335.688 null] +>> endobj +2493 0 obj << +/D [2478 0 R /XYZ 71.731 311.666 null] +>> endobj +2494 0 obj << +/D [2478 0 R /XYZ 71.731 254.493 null] +>> endobj +2495 0 obj << +/D [2478 0 R /XYZ 71.731 234.567 null] +>> endobj +2496 0 obj << +/D [2478 0 R /XYZ 71.731 151.133 null] +>> endobj +2497 0 obj << +/D [2478 0 R /XYZ 71.731 113.111 null] +>> endobj +2477 0 obj << +/Font << /F29 790 0 R /F44 1165 0 R /F51 1285 0 R /F27 788 0 R /F21 781 0 R /F46 1173 0 R /F68 1635 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2500 0 obj << +/Length 1787 +/Filter /FlateDecode +>> +stream +xڕXmoÛ6þž_áo±˜õj +ˀµ]×Y‘-- +F¢e¡²äJt\ÿûÝñHœXJ³!@$‘wÇ»ç^i>sàÏ"Î" +nÌÜ0˜%» +g–ÁίÜP, +ɲGób}qýڍg1‹Co¶ÞÌ<ßaaÏ"Ïe«À­Óó—[±W²^,ÝÀ™ûŒž/«ò£ãžÙ¡^ð`.T^•ŽQmèYT +îÌ3ý/_ðy™ÑúF$y‘«\6‹Oëß.~Y· +.gžû] +ÉÈ?œ­À„MàžÃ<P8+æùŸ6áÃm•}Âó@̒s01Ò믄¢‘÷òQÖ¹:Ý +Ø Ê"- uÈ,¹Ã"@féû,ð<ÍþÖج¶Ò0ô tæ> +Ø?h,"CÖÈdŒ$J×/I‹yo\)_yEߧê`š +¡ØUiŸ9ÉJå]# +jhå1g4›ª/ºÁü˜ƒ÷œe2Ž1Ä]\ëœæ5jt +²ù¬ +8ŀçy̍ò‰Ådè˜PoÞKõêÅ;±“7$+ôA–¡šÀcQ +À҇Ï%P\²Ÿ·µÐµx(Š€ÆŒG«NªB²)±D7ÒõMÕš'tíIÝÕSºN}ßÈúy¡ zNh€;Ñ4ǪNǂ£§'xo('„ҟƠ읬›ŒQ²TÏ?É溬&’ly4H²õDÈÒBn"WUô èÅò +ÔÌ Ú*û9fY»Œ0AiÊÜ? +GŽR*ي2“–ÕêqÄ:§¶d–çwf9ƒ„A ®3ïÀj¡àœŒn7˜-ݐ +1Ÿ«ž­æ5>9£¯» +:6*«åý·6ûüNV +‡¯lÊŒ^x@][րXYÍ~E6XõÇwöëÁ(!èQêÍ +6Èþ<X@ +Ú{{gHÓŽ–MƒåM•VD‡û³[9±Vóï­,m'ɲܶ€È[gî@€È3ÙØâw(€õEQ˜·Zì['ïLä”Öñ&T +šx™L‚þÑòÐaïDZö‹|‹-šjåézxóÑuý?_þµÆ§Q¢Qb·¿µætÑÁœ¯˜Ïm +ùi8ò%„÷~x=/ÖgŸÿ +ºF‹Æ8îÓzAµw=+B{)³ Õfó^ԍ +*:g)òºϓZ +%ϜLí¢ÍTú‚ šO¶mÕç™Ùs/í䠕€+u6?b±$iðy»9k©iU^.øjnâ¯È¿`ì÷êÀtkÚÒÔšj¯«ÐšV@wVi +¥®Ø÷ 6œóš«×&€4gô²Üc~h7¢˜š6 š •Ž‰m¹CO +¡©ãÌEâK}°4d‘ÒÇ%*Áñ¹†ªŒ +Xèj2üîýíí™;F©Ûå­sFzî¯3rQ-äWðáAm1·“D—­¢y™J”ùíò©ñj ÖgŽbÊÆ$,É +0€eúœ0o +OÝy8!aֆž7nuYñ±B'Џ5ÄÜ—C”È2­Šo§9XôÝìe’k `í£8- +Zá–8QZk:ô8è˜Òw‹åV4ÛË+¢?nódKûä| +,üþ* •d+“/Ía7á ‹ +*ÕuÈôrp±0:ê@­Oj&.Mª×Úª +;kmýŗº²ëxÌk“áç4]/bw^Á,ÖMäW“z[779ŠÂ8¿"æÆ^›_Ò÷ +%JÛ äÃËWJIè9 +&coP„Š²Ù×Î +ýRÒŸŠÌäíkúZ Îó§Óš–꬞²©†Ñ;„»BŽA„x1!ÑÏ + +±ó1†Š$ÕnP25©Þœ +NCý0תּª+VY+ltãpwñW¶›Ê¯X6ÆþóYèÙÛX›ô¶§š®C +ÏkK÷k +‡4±QÍ÷Ã4õØ]M +cpû;˜)JÀJgn†±Ž‹º§à0&çDG}û.ÍdŠ¯™ +Ã~0ªáMáŠzœÐ”rD,qÂ×ۛŸ2y©Û3f3¥ ^³'äzNÄáÓ +¢ot4 +©)zر\ +Ak‰h(Ü +ýËI+¯ +cåt|h +è™RýôYßÔp¿goÍô¥óBÚ÷ÀA(šœñtׄ +°}³ +Ò CÏҁªe¥&®¶²LˆçŽWTw›0îÁÐ[̎߀aà +5–ž~M9ъÝ)pÖÖ¬:€€åÔ%Þ±ÛŠ +fL0Z"ϙ}ê„×:NF"ÿ ªënÂ6ÝXÔìY;h”©L‡`RšÊÿmuNMwÏ»ÛJëέÀŒ!þi¶ñ)]šæLÒ} +RnWgŒœy£ƒ gú–ÿÊe~ +óWlÅ£ïþNבŒ~Š +à@òƐ๟óÄïiã“þÎÖ-2endstream +endobj +2499 0 obj << +/Type /Page +/Contents 2500 0 R +/Resources 2498 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2476 0 R +>> endobj +2501 0 obj << +/D [2499 0 R /XYZ 71.731 729.265 null] +>> endobj +2502 0 obj << +/D [2499 0 R /XYZ 71.731 665.106 null] +>> endobj +2503 0 obj << +/D [2499 0 R /XYZ 145.006 652.154 null] +>> endobj +2504 0 obj << +/D [2499 0 R /XYZ 71.731 629.141 null] +>> endobj +2505 0 obj << +/D [2499 0 R /XYZ 184.11 594.271 null] +>> endobj +2506 0 obj << +/D [2499 0 R /XYZ 189.489 582.615 null] +>> endobj +2507 0 obj << +/D [2499 0 R /XYZ 184.11 570.959 null] +>> endobj +2508 0 obj << +/D [2499 0 R /XYZ 184.11 559.303 null] +>> endobj +2509 0 obj << +/D [2499 0 R /XYZ 205.629 547.646 null] +>> endobj +2510 0 obj << +/D [2499 0 R /XYZ 205.629 535.99 null] +>> endobj +2511 0 obj << +/D [2499 0 R /XYZ 71.731 504.409 null] +>> endobj +2512 0 obj << +/D [2499 0 R /XYZ 119.552 478.506 null] +>> endobj +2513 0 obj << +/D [2499 0 R /XYZ 71.731 478.386 null] +>> endobj +2514 0 obj << +/D [2499 0 R /XYZ 71.731 463.442 null] +>> endobj +2515 0 obj << +/D [2499 0 R /XYZ 71.731 414.047 null] +>> endobj +2516 0 obj << +/D [2499 0 R /XYZ 246.006 401.096 null] +>> endobj +2517 0 obj << +/D [2499 0 R /XYZ 298.31 375.193 null] +>> endobj +2518 0 obj << +/D [2499 0 R /XYZ 391.778 375.193 null] +>> endobj +2519 0 obj << +/D [2499 0 R /XYZ 71.731 353.111 null] +>> endobj +2520 0 obj << +/D [2499 0 R /XYZ 71.731 307.283 null] +>> endobj +2521 0 obj << +/D [2499 0 R /XYZ 322.887 283.537 null] +>> endobj +2522 0 obj << +/D [2499 0 R /XYZ 393.532 283.537 null] +>> endobj +2523 0 obj << +/D [2499 0 R /XYZ 443.789 283.537 null] +>> endobj +2524 0 obj << +/D [2499 0 R /XYZ 286.036 257.634 null] +>> endobj +2525 0 obj << +/D [2499 0 R /XYZ 71.731 255.477 null] +>> endobj +2526 0 obj << +/D [2499 0 R /XYZ 71.731 240.533 null] +>> endobj +2527 0 obj << +/D [2499 0 R /XYZ 472.124 196.065 null] +>> endobj +2528 0 obj << +/D [2499 0 R /XYZ 76.712 166.476 null] +>> endobj +2498 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F64 1581 0 R /F34 797 0 R /F21 781 0 R /F44 1165 0 R /F11 2374 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2531 0 obj << +/Length 939 +/Filter /FlateDecode +>> +stream +xڍVێÜ6 +}߯0òd;²$[Ÿä­ +Úb‹&œdŽhŠ@ëÑÌ+[®åÙÍü})QöÜÒŽX`EÑÉsHQÃ" +,*)3XxMx!¢Š»£ÑŸüpǂÅ*˜¬ÎlŸ]ߥßó:ªI]dÑze9% +š£2ã€êÚ€ëӇw¿úåçߒ‚UKþ‹3<§aÛ +l@ùx +vµ¿%ò +öê‰1žÌŸj +·øFC/÷PþÙ5¯ÒÇ€ñœƒSÆÒâêãÀê)ƒðŸ&°Ç#£Åʂ‚ +Ž" + +î°¯œó6Ì +‚ +–DÂn4‡ÅWС +2œB +DöÝ]A'ú +Ï% +0S©;’ŠßÞö+Àæe +Œz{¯·UVq’»ypF_Hˆ/W$ÏâNö©Q +2ÏN†Ãh”öØOò3ê]©÷Ó4ŒNӍBªcÒ +íߚ4ŠK7ŠIGµï© 4UnD€HÓÊ]I­,ÙOöM|Û®WmpÉ$ù‘“žÈhƒïÑ¥ +÷éEi}©YîÞ`¬m5ä +Zt®¯g¶ „óü‚ØÿEž;g€OýçUðœ°Av +¯æ"Zñ‚`—¿3“z +ˆÉ/ˆá3/®5án¶×Þ‚K8L +šm’Ä7Ÿ· +ËaÐí2â +ŒÝº}rÃ9åî +ÙÜ +áŠ(üT‚æ- +2”_ö +J:žÕ”–>ó +^/Z~¡Šçø2x +ªùVÌÀF%7rƃ­ŸUðŒÔP!¯]±TèQ5§ +ŒØâ \uïƒQ%ä +„§Þ8¬/ž{Y­1^{Â6CyT¶Ý(‹õš‡ +&“²SëŸJPšq4cˆÔIWƒãrö 'BÈõžøŒ"+¿ú#àdró@+™(g/þùdÿòXßFú‘v6endstream +endobj +2530 0 obj << +/Type /Page +/Contents 2531 0 R +/Resources 2529 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2476 0 R +>> endobj +2532 0 obj << +/D [2530 0 R /XYZ 71.731 729.265 null] +>> endobj +230 0 obj << +/D [2530 0 R /XYZ 361.913 707.841 null] +>> endobj +2533 0 obj << +/D [2530 0 R /XYZ 71.731 684.724 null] +>> endobj +2534 0 obj << +/D [2530 0 R /XYZ 476.44 674.964 null] +>> endobj +2535 0 obj << +/D [2530 0 R /XYZ 71.731 627.353 null] +>> endobj +2536 0 obj << +/D [2530 0 R /XYZ 197.548 616.185 null] +>> endobj +2537 0 obj << +/D [2530 0 R /XYZ 469.704 616.185 null] +>> endobj +2538 0 obj << +/D [2530 0 R /XYZ 258.005 603.233 null] +>> endobj +2539 0 obj << +/D [2530 0 R /XYZ 145.006 590.282 null] +>> endobj +2540 0 obj << +/D [2530 0 R /XYZ 252.821 590.282 null] +>> endobj +2541 0 obj << +/D [2530 0 R /XYZ 71.731 575.173 null] +>> endobj +2542 0 obj << +/D [2530 0 R /XYZ 71.731 560.229 null] +>> endobj +2543 0 obj << +/D [2530 0 R /XYZ 336.433 550.73 null] +>> endobj +2544 0 obj << +/D [2530 0 R /XYZ 446.424 550.73 null] +>> endobj +2529 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2547 0 obj << +/Length 1939 +/Filter /FlateDecode +>> +stream +xڍK£6ø>¿"ÇDšx±{šÔ®¶U{i¥Šê¡ÛƒNb-àÌLóïûùÅːŒFøüœŸÞð‡7 FI +É9ěŒz 6øòË +¶Q”¡8Í`¿ðqŒB²Ùüt|ùô3Á CœmŽçžH" +6ÇâŸí—+œIÖìö$I·12ëQ +ré*¹šÍËo„$f×ÒêºÃ[ÊëWóB^™ +S%Ûý{ü +žÚ“JcCŠ5—¢Q_€§d“¡ì*–¢¥Àã>ÌP†öš±ÅŠD̃E­÷›~ȁ•+Ë¿·æQºÓŒ–l‡ãí¥áòn^‰ó—=p²sQÝhÃëK§2;zÙÅJØVÚg³J’žh˖°;%`‚²kÁZ~©©ìÖŸZLua6µü|Ÿ е@5SäŒÎEÝòV²:ç¬Eæm¯2 Kâ훒›•Ó“¥ž\zéxë„î-}‚³x;ç¬ +!lh9‘Šh©&xÏ; +‡s^rɝ‚ic™»5Báyã@§`rÈB‚ÒÄøÉÄä9µ›S¯fÙ¢íÄy (9«¥S!µ»³hÞ5KMaOT¬méÅñ&ÅLé-k¬°–gÚHgÖ8žw%ƒO5+µN}Ö×S{£UV¿ÎygrŽOKQ+lQŠ4vih50pv[P¹ +‡«he«Øšj4ù€F›®^däDUX}¿4¢sžŒä »ŽšFe•ò§Ï€är +<ÈÛÈÞŠª1aÛ%m†`À+Ò²]­>ˆQ#›eð& +,sPYCŸ!±ÎHÆώüöـEÑ +v$Ô +äWiršX¢bu¡ùUYOØ»=ðÛÕCr4ú†jÏÍØlyø-Ë)x³báåë±OãÒ`†‹’AD,%z²`t¢9”%ZŒ)% +$ïØ#(KÄæë@Ü +Y >(ê<ˆOTb|@ë³bÕɕž>œ++­U„‚VûÓYMŸ+å]¹uº¯M©œN–‰žµì;/K³ƒükm# X–î;.Üõކ¡Œš˜zçòê„ž1 ¹N»Šåi”a'ÑÉY™ +Ø +ÕI‘QòàmeTÙwÍ3¢E‡g®1­ú†yê +>œx‡Oßsý®5Ö;d:~ÍNÜXݚmw3+5KËòÎØÝvxu%sî']öAêÀ˜Å¬ +(  +^‚{‚ô‘ë®Ç7Fƒ +Û +Áö?õOÛ +Pg:ßCrѕ6M\˜5% +®ÜÜåÑô>TÒÜœÕ8ïç +"Ð +þrQÂ4ºšiŸÒ +NÁ±Rò>IPd°fÐ^Eš¥aÛÞýÕRu +TŽçŽB‹¯\Þœq­Í÷íÚP`Ž»€/Г2ø:«®gQ–Béø]õ®i€ºxsÕ¹s]ÖÉ;ŠϞ—’ńlH zÜÅš°0ûiGrÍ)ÁL9a‚¢4Z"· +öÌcò3ē68÷ºñy;ì)íÖšÖzW[UœžK + +)ÏÁ<ä~ŽHqÿ'Ëf!Ô=âÿñá±å +Ìcâ3DŠø¯ +¹ø€ð3ræ1¹"OÖá9ñô“eÑCâæ!ñ9"+kß±Ïé’rýc;˜Çtgˆ +Œ}©“‘ô‰Ôæ1õ"-ußÞëä +® tÒLR^mñb +ðœÅ+µÔ +mãJéËz% +I–ˆ=(€æÈñ!e@*Ž¢dLýDzŽ;ÁňÐöŽ“Á·Ÿñ +ÞìÂZR˜©ÕÔæeýC],ŽažºCs€7fÄê§/±0¥Wzš¥©Rͱ + +"þÞEÐç—E³š›œ$týõhŒÔ¶Î öd:[u·›h€)—L³ +«}“µõhÍØ䙵è=7÷}ÏÞcT‰ð +,§Îà7Qò|ÑŠaò8°~¬Ž6[ž™N|ïWž_͌êښ¡kÏütšÞ3¯s(ÌõÇ0UëjŠ + +‘«Zı¡çä0ó²zÝڇá?±öŽjm +òÔÚ>œXÛ§ï[{ÄÀï7¥`Pè}wˆ·£ÖÊs4¢Øͱ­îå µSÝò’„0Pw¡açyí<ê° +®ßž(G-ˆ?Í«Š£„4ò(c>ʞXfZµŒyjŸÞ,ãÓ÷-3bày +BèŽ[ý.ˆ‹2Ï.‡ +ő3¡ßàÿŸ_Ö-:C–èèqÉÛ€ú&Š¢¿2ÔþQ.0í™ùÆäºÐtc­`*Ô.Þíx šDºƒpÑÚsÅš.w$›xàÚÝâ8žº~ë/›™hóÛP_•?+š3kúûÃs#*_‘$ PØ[ŽV—tžÆp†B˜€ +Èzh°'Çh5,ÈÓ ðé} |ú~Œøjô\ËîC)Š ;EÑ¢°n¹\š0žgš~¢dû +Úâ'R'Ö؇]ŸGžø †ºæ8žà +ëW7ûóM”¢T·ä<b?€Ӎ$Ž1Faœ8,ŠjDæ”ì¯I>¥ÿ‰qc endstream +endobj +2546 0 obj << +/Type /Page +/Contents 2547 0 R +/Resources 2545 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2476 0 R +/Annots [ 2574 0 R 2575 0 R 2576 0 R ] +>> endobj +2574 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [300.731 278.602 345.562 287.514] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +2575 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [356.162 278.602 400.994 287.514] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +2576 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [428.471 278.602 478.284 287.514] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +2548 0 obj << +/D [2546 0 R /XYZ 71.731 729.265 null] +>> endobj +924 0 obj << +/D [2546 0 R /XYZ 71.731 718.306 null] +>> endobj +234 0 obj << +/D [2546 0 R /XYZ 148.621 676.38 null] +>> endobj +2549 0 obj << +/D [2546 0 R /XYZ 71.731 649.741 null] +>> endobj +2550 0 obj << +/D [2546 0 R /XYZ 137.534 637.047 null] +>> endobj +2551 0 obj << +/D [2546 0 R /XYZ 71.731 589.062 null] +>> endobj +2552 0 obj << +/D [2546 0 R /XYZ 71.731 589.062 null] +>> endobj +2553 0 obj << +/D [2546 0 R /XYZ 414.781 578.268 null] +>> endobj +2554 0 obj << +/D [2546 0 R /XYZ 463.199 578.268 null] +>> endobj +2555 0 obj << +/D [2546 0 R /XYZ 71.731 543.234 null] +>> endobj +2556 0 obj << +/D [2546 0 R /XYZ 71.731 543.234 null] +>> endobj +2557 0 obj << +/D [2546 0 R /XYZ 132.005 519.488 null] +>> endobj +2558 0 obj << +/D [2546 0 R /XYZ 71.731 517.331 null] +>> endobj +2559 0 obj << +/D [2546 0 R /XYZ 71.731 502.387 null] +>> endobj +2560 0 obj << +/D [2546 0 R /XYZ 260.198 492.888 null] +>> endobj +2561 0 obj << +/D [2546 0 R /XYZ 384.794 492.888 null] +>> endobj +2562 0 obj << +/D [2546 0 R /XYZ 71.731 489.786 null] +>> endobj +2563 0 obj << +/D [2546 0 R /XYZ 149.44 473.76 null] +>> endobj +2564 0 obj << +/D [2546 0 R /XYZ 149.44 473.76 null] +>> endobj +2565 0 obj << +/D [2546 0 R /XYZ 71.731 460.108 null] +>> endobj +2566 0 obj << +/D [2546 0 R /XYZ 149.44 445.466 null] +>> endobj +2567 0 obj << +/D [2546 0 R /XYZ 173.281 445.466 null] +>> endobj +925 0 obj << +/D [2546 0 R /XYZ 76.712 399.239 null] +>> endobj +238 0 obj << +/D [2546 0 R /XYZ 234.931 353.985 null] +>> endobj +2568 0 obj << +/D [2546 0 R /XYZ 71.731 330.229 null] +>> endobj +2569 0 obj << +/D [2546 0 R /XYZ 148.085 321.108 null] +>> endobj +2570 0 obj << +/D [2546 0 R /XYZ 71.731 299.026 null] +>> endobj +2571 0 obj << +/D [2546 0 R /XYZ 71.731 299.026 null] +>> endobj +2572 0 obj << +/D [2546 0 R /XYZ 71.731 297.781 null] +>> endobj +2573 0 obj << +/D [2546 0 R /XYZ 137.484 280.759 null] +>> endobj +2577 0 obj << +/D [2546 0 R /XYZ 71.731 246.099 null] +>> endobj +2578 0 obj << +/D [2546 0 R /XYZ 71.731 246.099 null] +>> endobj +2579 0 obj << +/D [2546 0 R /XYZ 71.731 246.099 null] +>> endobj +2580 0 obj << +/D [2546 0 R /XYZ 147.447 229.95 null] +>> endobj +2581 0 obj << +/D [2546 0 R /XYZ 162.67 229.95 null] +>> endobj +2582 0 obj << +/D [2546 0 R /XYZ 71.731 214.842 null] +>> endobj +2583 0 obj << +/D [2546 0 R /XYZ 147.447 199.066 null] +>> endobj +2584 0 obj << +/D [2546 0 R /XYZ 165.43 199.066 null] +>> endobj +2585 0 obj << +/D [2546 0 R /XYZ 71.731 186.015 null] +>> endobj +2586 0 obj << +/D [2546 0 R /XYZ 147.447 168.181 null] +>> endobj +2587 0 obj << +/D [2546 0 R /XYZ 209.065 168.181 null] +>> endobj +2588 0 obj << +/D [2546 0 R /XYZ 71.731 166.025 null] +>> endobj +2589 0 obj << +/D [2546 0 R /XYZ 147.447 150.249 null] +>> endobj +2590 0 obj << +/D [2546 0 R /XYZ 165.43 150.249 null] +>> endobj +2591 0 obj << +/D [2546 0 R /XYZ 332.93 150.249 null] +>> endobj +2592 0 obj << +/D [2546 0 R /XYZ 417.83 137.297 null] +>> endobj +2593 0 obj << +/D [2546 0 R /XYZ 71.731 135.14 null] +>> endobj +2594 0 obj << +/D [2546 0 R /XYZ 147.447 119.365 null] +>> endobj +2595 0 obj << +/D [2546 0 R /XYZ 209.464 119.365 null] +>> endobj +2596 0 obj << +/D [2546 0 R /XYZ 377.592 119.365 null] +>> endobj +2545 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F44 1165 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2599 0 obj << +/Length 1724 +/Filter /FlateDecode +>> +stream +xÚœXMÛ6œï¯ðÑÖ\‘E)@›d“Ž@[ ñ¥hz eÚ&"K‚(u»EÑßÞ¡ù!ÉÒzSÄ^™œ7o†Â‹þáLjSø " [䧛hq€_>Ü`·b햬kÞlnîޓl‘¡,¡‹Í~A£q–,8%(ed±Ùý¶|{u+›Õš°hɐý|[•_¢ˆ +ºf +ÙRŽª*í_áö›§ã +/ +*oíƒö(ÝØYžï§ªTmÕ¬~ßüxó° Ñ2‚%Wó¡EòèÐ+šf`Z»EÖpbÕh•BÖnӕ3Å*á‡È¿ +šªó©Ô M•Kí5g„†CòJêÿ-ówÏ#D +AH\Â̞]’ +]pÍS”ßÌb†ˆ! +O—÷«8I– Uˆí +CŒÒþ”›?<uw²O÷]™›,ôm;%x”˜ãyªÛêЈúšrûè(ôÑ~³TO95Æ¿*åúÑÄ"ž†æ€$@?šyR|4? + +c%^U÷U55ƒ1êO—Qòi® +¥A™u—=D;îC>)Ž‹Ÿ­G çºóÂ? +€ÄÒô;äƒCÌ + +ƒ>·o ¶óÒ$îýÁ“2~éo€€ Ÿ͵FUîµõãҊ +‡¡K +”rzÕ'°:,qIq +–é‹Xò«XRD1§ïÓgjÔta’h +£(bnïV4³yfŒÎ3n,Míá[è\^€œúâ1𰜞Z€0ðw~MSÐyšÚñ÷rs +ã +”#L<¢(ªaðxTŸFÖ +€c™Ï‘‘@Iò­d|„V69f +ñq2#c!O² +×O¹7 œ¹Šàqñäg +ûIÉz.ŒÞ_÷O"?Â\©}î+6óci.±¹(<Ò-Luºk˜ŒeŒqßÏ·brgšƒ.Q=¶mýê +Ý=>>®¶D¹F­q ‘#UÜý³5 +¹û$ëªiõÝfEÙR +ds×ëҘè÷z\/wËÖU +#+Žn/Élkuûé +»€ëóÇû5~N®üˆÙHºÉyfv.ü +Ê$üë +Ÿ{‡{5 } +ÏM\kَoCo +SÿXõ`‰ïùïÔÁ4(©ÛûâPœ6ÙLTÇ(&^ôf_* žfóŒ™ÆÉ9Âýû +g®ƒSÝóÝR–¢Ÿå€-çºŸ«V^*pš’Ò®9e ý, +vÖ%ӛöýyü×æÅ +\WæFË­ÌE§{Qò<Ò2ïÕ> +”rٔz~F7/}Ü`Ú¢íٍÇ©jäPCâÛHgN–šëBÙF¢'/!ÜëË8E)æW_pöK&ï7 +O&r·Ä8é3ï +§žþñbendstream +endobj +2598 0 obj << +/Type /Page +/Contents 2599 0 R +/Resources 2597 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2476 0 R +>> endobj +2600 0 obj << +/D [2598 0 R /XYZ 71.731 729.265 null] +>> endobj +2601 0 obj << +/D [2598 0 R /XYZ 124.533 694.147 null] +>> endobj +2602 0 obj << +/D [2598 0 R /XYZ 137.484 676.214 null] +>> endobj +2603 0 obj << +/D [2598 0 R /XYZ 430.91 676.214 null] +>> endobj +2604 0 obj << +/D [2598 0 R /XYZ 243.227 663.263 null] +>> endobj +2605 0 obj << +/D [2598 0 R /XYZ 314.34 663.263 null] +>> endobj +2606 0 obj << +/D [2598 0 R /XYZ 71.731 641.181 null] +>> endobj +2607 0 obj << +/D [2598 0 R /XYZ 71.731 641.181 null] +>> endobj +2608 0 obj << +/D [2598 0 R /XYZ 185.085 630.386 null] +>> endobj +2609 0 obj << +/D [2598 0 R /XYZ 124.533 616.189 null] +>> endobj +2610 0 obj << +/D [2598 0 R /XYZ 137.484 598.257 null] +>> endobj +2611 0 obj << +/D [2598 0 R /XYZ 158.794 598.257 null] +>> endobj +2612 0 obj << +/D [2598 0 R /XYZ 204.731 598.257 null] +>> endobj +2613 0 obj << +/D [2598 0 R /XYZ 71.731 563.223 null] +>> endobj +2614 0 obj << +/D [2598 0 R /XYZ 71.731 563.223 null] +>> endobj +2615 0 obj << +/D [2598 0 R /XYZ 185.085 552.428 null] +>> endobj +2616 0 obj << +/D [2598 0 R /XYZ 71.731 532.324 null] +>> endobj +2617 0 obj << +/D [2598 0 R /XYZ 166.017 519.552 null] +>> endobj +2618 0 obj << +/D [2598 0 R /XYZ 71.731 497.47 null] +>> endobj +2619 0 obj << +/D [2598 0 R /XYZ 71.731 497.47 null] +>> endobj +2620 0 obj << +/D [2598 0 R /XYZ 198.087 486.675 null] +>> endobj +926 0 obj << +/D [2598 0 R /XYZ 71.731 453.3 null] +>> endobj +242 0 obj << +/D [2598 0 R /XYZ 350.343 408.046 null] +>> endobj +2621 0 obj << +/D [2598 0 R /XYZ 71.731 387.905 null] +>> endobj +2622 0 obj << +/D [2598 0 R /XYZ 331.943 375.169 null] +>> endobj +2623 0 obj << +/D [2598 0 R /XYZ 343.012 375.169 null] +>> endobj +2624 0 obj << +/D [2598 0 R /XYZ 487.745 375.169 null] +>> endobj +2625 0 obj << +/D [2598 0 R /XYZ 498.814 375.169 null] +>> endobj +2626 0 obj << +/D [2598 0 R /XYZ 141.41 362.218 null] +>> endobj +2627 0 obj << +/D [2598 0 R /XYZ 265.822 362.218 null] +>> endobj +2628 0 obj << +/D [2598 0 R /XYZ 306.31 362.218 null] +>> endobj +2629 0 obj << +/D [2598 0 R /XYZ 317.378 362.218 null] +>> endobj +2630 0 obj << +/D [2598 0 R /XYZ 381.037 362.218 null] +>> endobj +2631 0 obj << +/D [2598 0 R /XYZ 438.176 362.218 null] +>> endobj +2632 0 obj << +/D [2598 0 R /XYZ 449.245 362.218 null] +>> endobj +2633 0 obj << +/D [2598 0 R /XYZ 479.786 362.218 null] +>> endobj +2634 0 obj << +/D [2598 0 R /XYZ 490.854 362.218 null] +>> endobj +2635 0 obj << +/D [2598 0 R /XYZ 242.878 349.266 null] +>> endobj +2636 0 obj << +/D [2598 0 R /XYZ 281.712 349.266 null] +>> endobj +2637 0 obj << +/D [2598 0 R /XYZ 71.731 327.184 null] +>> endobj +2638 0 obj << +/D [2598 0 R /XYZ 389.886 316.39 null] +>> endobj +2639 0 obj << +/D [2598 0 R /XYZ 71.731 281.356 null] +>> endobj +2640 0 obj << +/D [2598 0 R /XYZ 395.833 270.561 null] +>> endobj +2641 0 obj << +/D [2598 0 R /XYZ 166.864 231.707 null] +>> endobj +2642 0 obj << +/D [2598 0 R /XYZ 71.731 209.625 null] +>> endobj +2643 0 obj << +/D [2598 0 R /XYZ 147.507 185.879 null] +>> endobj +2644 0 obj << +/D [2598 0 R /XYZ 232.716 185.879 null] +>> endobj +927 0 obj << +/D [2598 0 R /XYZ 71.731 156.574 null] +>> endobj +2597 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F21 781 0 R /F64 1581 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2647 0 obj << +/Length 1601 +/Filter /FlateDecode +>> +stream +xڝXË®Û6Ý߯ÐÒ"^‘’,)‹mn’¶h€¢õ®é‚–h‹ +†(çÆùú’âC”)YFà +üó +ÏgzA/ ùeíb/¯ŸïÄùø• +¯L|Ëæ—ýÓó”yÈv¡·?za°IŒó’4FÞŸøgó®Äçžt[ÅÁ&òù®m>:]º-Œ7ž§m#øŒP"ß1\—[žÁŽy#¿èK¢lø?+õŸnÚ·ÝößýïOï÷ÆÛA¢»ûQ&î~ €`,6€y bD鰟„bIºù@/ø;FO +î/ +aŸF2r% åkú‚’$–[ãû’;xÝÂ`Óv_˜üxžÊç‰4€ãÄ4œƒ“ü +ËG{|ÀLÐ +€%LB¡ +ߧ@³éҎnÃd3çl +ƒªÿ)ÚqSÈ762æm}Æ +mN® øŽå‚r§iÃz- +î”ç#Îuî<"Åp€™n§oå³#y{jè÷9ÉùâmAÅWù9Ì8úÜ*qQâ¹ éIa/ÁÀàI0ÑC iñCԚŽÉ«KAÞÞÆ„ˆy€Çéì²h6ÀŽoÉKŒdÉ ÔÍ:ƒ^Å +B Œà +ÞísÄWÿ™ÃC ++Ãh 3˜!ÿ@•†yw=÷í©Ãç’æ꫒ä_Ø +«QQq1|_˜‰sr÷¿}|ÿ—|[bV*­ªSÛÑŸ¬µNq€+ +j\ºEñæ«H„ÃTW­>ÿú³ÕQPâz‰•CX±Ñ>‘‚¯ß,ê)À}9Í¢šÒbULì- +pWÊÝO›¶Æ\:]Š$L†ƒrŸ“Ñh‘e²ÊŠ‹÷-.ŸË‹å€Ù|=ÿ(/ü™EkG4ZäE™¬òââ=À‹‹ïòb9Њ÷Úè –Ñ Úd„Œufð +ltYöm.ßÔ9iªë[sBB|b +燈Œý­Gãi9\_ŽWÖ+ã3Bd5F–Gi–©z€ÖÙ<çõDßÍVZ!OW=wÒ|ŽÛíVŽµR&«Z¹xhåâ»ZYŒ9Ö„õž>³ËlQ”òú7\ag4ZdG™¬²ãâ=ÀŽ‹ï²c90Û=0^`.Ó­–Ñ" +Êd•ï\|—ËCCs©:Íë)q§k}Ú|¹“ê @OW˜™Q&«Ìžx0ãâ»ÌXÔŒFºœöjüŸþŽ—O¢¥ù-Q6$°ñw6æI‘„–H +³D0ŸO¢eŽD¢6Y#qoÄ|‡DÛÃÜgž^*°D‰æwÚ¡w‚h"wzÊ&}1»Ö‡¶Ò݉X\Ð/û=_x=! +äÕöB΀)L¢o:ƒt +ÖâWØUß:-ã +ew4Á¢Ìq×ÓüRánšcM,L}œ +é +^t\ãëŽqœŸÐu”cÓɲ¥žk­v\¹Š^ÈÄ.^(e•o¹¡p³ÐИ‘| +ëÄ ÎI@üÂæ‘v^ÛÜ +¿]HÀÿ$ +ÉâñÞ¯×=àWFŽªrȧͱå\wõdžÐi%Úªâ;#Pˆ=.òaƒ0.oe™Ej`ôB„2Œ9þùUôÒ\ÑR~TŠç‚v +÷ÄC*á? +CþŽ†]«3Š}©³ +EÙ¹ÂTﬔ5¿¢AÌVÔßÎ$§Ç«æäætäf€gï옛+'£—i—nv)•vµl/UaBßíö€ž +NYhƒØÇ8 º=Ë78f6`iñž܊QQÂ$4bB%ç'錑s@¡scµ`yüÇO?§ÿH:£Ö8ó谊ÎsG|Ÿ£BƏNµ¯wIňkøø +kFf2ŒñUc”Î +¥×BÉ^p&ˆžï®4„†òìÏ +ç©™6'¹]ÓӐÅ=(Ÿ”»¯TŸeFÄ œ ؎ˆ€Û³‡J³ÑaR»\Nwª÷â÷ +‹ŒóUaZáC5˺ÌÊÜ%‹Ú’`q'±¡rЙÇ?ª±4/oS˜ÜÖ&ΰ>†„q¢WþGÑ ÝEú/Ò¯@endstream +endobj +2646 0 obj << +/Type /Page +/Contents 2647 0 R +/Resources 2645 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2686 0 R +/Annots [ 2680 0 R ] +>> endobj +2680 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [194.818 328.497 247.122 337.409] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +2648 0 obj << +/D [2646 0 R /XYZ 71.731 729.265 null] +>> endobj +2649 0 obj << +/D [2646 0 R /XYZ 71.731 741.22 null] +>> endobj +246 0 obj << +/D [2646 0 R /XYZ 226.737 705.748 null] +>> endobj +2650 0 obj << +/D [2646 0 R /XYZ 71.731 681.992 null] +>> endobj +2651 0 obj << +/D [2646 0 R /XYZ 71.731 681.992 null] +>> endobj +2652 0 obj << +/D [2646 0 R /XYZ 293.478 672.871 null] +>> endobj +2653 0 obj << +/D [2646 0 R /XYZ 71.731 637.837 null] +>> endobj +2654 0 obj << +/D [2646 0 R /XYZ 71.731 604.961 null] +>> endobj +2655 0 obj << +/D [2646 0 R /XYZ 71.731 604.961 null] +>> endobj +2656 0 obj << +/D [2646 0 R /XYZ 71.731 603.715 null] +>> endobj +2657 0 obj << +/D [2646 0 R /XYZ 129.514 586.694 null] +>> endobj +2658 0 obj << +/D [2646 0 R /XYZ 71.731 571.96 null] +>> endobj +2659 0 obj << +/D [2646 0 R /XYZ 129.514 555.81 null] +>> endobj +2660 0 obj << +/D [2646 0 R /XYZ 71.731 554.37 null] +>> endobj +2661 0 obj << +/D [2646 0 R /XYZ 129.514 537.877 null] +>> endobj +2662 0 obj << +/D [2646 0 R /XYZ 71.731 535.72 null] +>> endobj +2663 0 obj << +/D [2646 0 R /XYZ 129.514 519.944 null] +>> endobj +2664 0 obj << +/D [2646 0 R /XYZ 71.731 517.788 null] +>> endobj +2665 0 obj << +/D [2646 0 R /XYZ 129.514 502.012 null] +>> endobj +2666 0 obj << +/D [2646 0 R /XYZ 71.731 499.855 null] +>> endobj +2667 0 obj << +/D [2646 0 R /XYZ 129.514 484.079 null] +>> endobj +2668 0 obj << +/D [2646 0 R /XYZ 321.413 484.079 null] +>> endobj +2669 0 obj << +/D [2646 0 R /XYZ 71.731 481.922 null] +>> endobj +2670 0 obj << +/D [2646 0 R /XYZ 129.514 466.146 null] +>> endobj +2671 0 obj << +/D [2646 0 R /XYZ 71.731 463.989 null] +>> endobj +2672 0 obj << +/D [2646 0 R /XYZ 129.514 448.213 null] +>> endobj +2673 0 obj << +/D [2646 0 R /XYZ 71.731 446.774 null] +>> endobj +2674 0 obj << +/D [2646 0 R /XYZ 129.514 430.281 null] +>> endobj +2675 0 obj << +/D [2646 0 R /XYZ 71.731 428.841 null] +>> endobj +2676 0 obj << +/D [2646 0 R /XYZ 129.514 412.348 null] +>> endobj +2677 0 obj << +/D [2646 0 R /XYZ 71.731 410.191 null] +>> endobj +2678 0 obj << +/D [2646 0 R /XYZ 129.514 394.415 null] +>> endobj +2679 0 obj << +/D [2646 0 R /XYZ 71.731 356.557 null] +>> endobj +928 0 obj << +/D [2646 0 R /XYZ 71.731 327.252 null] +>> endobj +250 0 obj << +/D [2646 0 R /XYZ 449.433 284.155 null] +>> endobj +2681 0 obj << +/D [2646 0 R /XYZ 71.731 260.399 null] +>> endobj +1876 0 obj << +/D [2646 0 R /XYZ 71.731 236.17 null] +>> endobj +254 0 obj << +/D [2646 0 R /XYZ 290.958 198.954 null] +>> endobj +2682 0 obj << +/D [2646 0 R /XYZ 71.731 175.837 null] +>> endobj +2683 0 obj << +/D [2646 0 R /XYZ 71.731 175.837 null] +>> endobj +2684 0 obj << +/D [2646 0 R /XYZ 71.731 120.15 null] +>> endobj +2685 0 obj << +/D [2646 0 R /XYZ 304.197 107.298 null] +>> endobj +2645 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2689 0 obj << +/Length 1080 +/Filter /FlateDecode +>> +stream +xÚåXMÛ6œï¯ðÑbV$E}h$hÒmî)Z‰k+‰ŠD5Ùþú +ERŠ,Ë +>4ö Îgæœy + +¯ø룘 +€ˆDl•W7Áj+on°µØZ“­górwóÓk’®R”Ftµ»_Ñ B1‹V1%(adµ+>¬_ +²Fñv³%,X3d®¯d}dß·Ì֙²6 +·„Äæ®ËªÃ¯3Q?3/ԁ[øÏÒÞW²J¶›»?n~ݍÑ2‚%ó±&ó|âc>§ˆA +q †C>ïyVŒ«ËÇÓ-m”(Äøܞ +)Üx+§×1:L +BÏs7Š(ŒãqK +ދ²t•)„®T>T·3/¹.÷—œ7Ê;£A­†1ÍjðoŠÂŠ4zú›”Z +å\ӱص4׍ðEtŠ×9?+ƒIàdp&î]Ãó!n§Ð>tn‚,ô(†AJ¶'ê¿%”"šÐÉ!Щ³Ô›ðnÄ +ŸâÐÃú­¬ù"Øa„@àZ`Ý-ƒmm.Íî£\çe_À|aÒïao +µÂ5™÷Ç3óêhûԐ¿ +««ñy}dÚǜ8Ó³Z«ÈŒ., –.C(6 +žìË +ñ©nÌP¶š2ù¡Žœ’íHZِK™?Œ§ò°çñs${òçÈß +oƒ¥ÀP$ÂÂku€çn±œÍТðk^d%€V8ìŸûÄŽ9Ž}¢ÅnÒ*è41ûÙ"™ÂñÅG“Ùw +†1¢,v^t€![øæ0ßé+·%Sqendstream +endobj +2688 0 obj << +/Type /Page +/Contents 2689 0 R +/Resources 2687 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2686 0 R +>> endobj +2690 0 obj << +/D [2688 0 R /XYZ 71.731 729.265 null] +>> endobj +2691 0 obj << +/D [2688 0 R /XYZ 71.731 741.22 null] +>> endobj +2692 0 obj << +/D [2688 0 R /XYZ 71.731 718.306 null] +>> endobj +2693 0 obj << +/D [2688 0 R /XYZ 71.731 706.187 null] +>> endobj +2694 0 obj << +/D [2688 0 R /XYZ 139.477 690.411 null] +>> endobj +2695 0 obj << +/D [2688 0 R /XYZ 71.731 620.423 null] +>> endobj +2696 0 obj << +/D [2688 0 R /XYZ 71.731 605.315 null] +>> endobj +2697 0 obj << +/D [2688 0 R /XYZ 139.477 589.539 null] +>> endobj +2698 0 obj << +/D [2688 0 R /XYZ 71.731 567.457 null] +>> endobj +2699 0 obj << +/D [2688 0 R /XYZ 71.731 532.503 null] +>> endobj +2700 0 obj << +/D [2688 0 R /XYZ 71.731 517.395 null] +>> endobj +2701 0 obj << +/D [2688 0 R /XYZ 139.477 501.619 null] +>> endobj +2702 0 obj << +/D [2688 0 R /XYZ 276.721 488.667 null] +>> endobj +2703 0 obj << +/D [2688 0 R /XYZ 71.731 466.585 null] +>> endobj +2704 0 obj << +/D [2688 0 R /XYZ 71.731 418.68 null] +>> endobj +2705 0 obj << +/D [2688 0 R /XYZ 71.731 405.629 null] +>> endobj +2706 0 obj << +/D [2688 0 R /XYZ 139.477 387.796 null] +>> endobj +2707 0 obj << +/D [2688 0 R /XYZ 71.731 365.714 null] +>> endobj +2708 0 obj << +/D [2688 0 R /XYZ 71.731 330.76 null] +>> endobj +2709 0 obj << +/D [2688 0 R /XYZ 71.731 315.651 null] +>> endobj +2710 0 obj << +/D [2688 0 R /XYZ 139.477 299.875 null] +>> endobj +2711 0 obj << +/D [2688 0 R /XYZ 334.056 299.875 null] +>> endobj +2712 0 obj << +/D [2688 0 R /XYZ 71.731 276.862 null] +>> endobj +2713 0 obj << +/D [2688 0 R /XYZ 71.731 261.853 null] +>> endobj +2714 0 obj << +/D [2688 0 R /XYZ 139.477 246.077 null] +>> endobj +2715 0 obj << +/D [2688 0 R /XYZ 139.477 233.126 null] +>> endobj +2716 0 obj << +/D [2688 0 R /XYZ 71.731 211.044 null] +>> endobj +2717 0 obj << +/D [2688 0 R /XYZ 71.731 163.138 null] +>> endobj +2718 0 obj << +/D [2688 0 R /XYZ 71.731 150.087 null] +>> endobj +2719 0 obj << +/D [2688 0 R /XYZ 139.477 132.254 null] +>> endobj +2687 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F11 2374 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2722 0 obj << +/Length 1510 +/Filter /FlateDecode +>> +stream +xÚœXKoÛFŸûWè(¡æŠ»âÓ@ +ŽŽ€í@QZ¡N4µ’¡H‚€ìš¿Ÿ3û W¢äøÀgvfŸy›tà +„”„x°˜°À€›3w°Êë3ª9 +ÍâX<¿ÍÎÆ×, +Ä$&ƒÙr0qúÁ œ0ùl0[Ü/×IÙðjä0ß +úD=/‹ü“ë²Õ¶Q˜4¢Èác¡:ÕÉf=¢ÃDäçêE³æšnfúŒ)rÑÕèóì÷³«Yk­Ï(™°gñh–>ž°ÃCiL|Àº™xžÄó±æ=ÔgƒØ% +¥Ç2âÅp°(‡ÏÖ4Êq=°Í×·m/ +[•hÛ[p†H2ñ_hŸêPñ²šuN²L;ü[,ú3•1š @ +óØÓ6; ۃgàœìNÜiؚçÀžœ„ +iÒðÅ`wâNÃÖÒÇ$×Îy±ÐóI=è7b••që嚧_êíŠ>ÅýˆÚ: +J³Ìœ‡ô¯‹HI¬G@ +ñù +)ãë‰× +Ö + +ÜÈ5ÞÖÕž~ùž±ÑPECJu +Pç‚:±Ü)){îr=Ð@‹Ñf¶Úö²ÈDŠÖî4ÎÚ8£áùŸ,ª=` K­ádÜ]êLA“:Ÿ& +a*[ucŽ’ŸJqé¶I +2^3ñP%•àu™±TìÅà +šx +³¬%ŠEÞÀøCÏ©ˆnÓµ=k +õUó +îdõAà—Û +Ægu,6í$¶–V’ÕœÖó¡ + +xQDh¯†Ç±˜z™~(-ú^h-ñ‰G¢žúØ# +ŒãgÕkžçÕBõ¿˜á{À +ÜeÂ@ï2P*ìºë#æŸrp­çu¹­ªb[êsÉ« +$ + +r‡ž÷˜fWš2 +Òa"Õ€|»yØŒNª&ž‘cŸS]° Šè¡ƒbî‡Ä›øÆmÑð +Åà[&Îv©.£«D&[©úÙ©sšäê Û<7º-É2‚ßBÓÕ²†7T~ +:\©7-z8×:ÖÒß2˜¹1‰š1æFÔé{a‹bÍò$m/Ïš( UHð&_F +‚Ö÷ +ž.€„™’ÀWQžò_Ny²žË3Ù7~ÖöùpÑ +ñ +,ÃìŒJõOóùüþœò¹o£ïÂ|10Ԟºo +í +’Ñý.ÍÎÕÜÊÉba‚à»h7<©z#<+Ÿ)P÷#&#Wµ€^r©¯œ€&1Jpö$$èijIœš—I +U“4&M2Q7Zí²ÐÀÓ!›Ï1cæçê×ô.nó©¿u“—bÕóò͝UX#˜X'šõŒí‡]ðßÝZ°À£|õæÝmG3ÅhÑßÞÞut9k-âÇS<Ēž +ýÊ¢œžŸï.®ÐUØB,†›ÙMÇ°Áqo +Qes$ +Gá¥Í™ +ÈúðöïŽ+„œ^}úêêώ:ÖÄ5 + +Þåhú#‡«¶Üœê®Ù +`³ï¥÷Ó«ŽÏÌY&ç¬ +¶È!— +к“yӇ׎TDózŠ—ïÐÊ¿Žë7uûÒé +‹,‚'=ãUzê"ÒQoø„F~ûB“ ±L"i’ÞE­tÉ}(nrx‰6Õ±\¶Í•Ížmlè +jl‡œúFÞoÀ  ›ԃpUK4«1,Ý,Pp +3¢n_‹ŒÍ®ê]cf]òÔZQû{š»7K¯ M·«N»}éÍÆÌ;ŒÞ£‰ý +`Y@ƒ +fjüvÒ6Š¯ýEÓš6­ +•ØœÕ4ãþ•6ëèr›eã2iÖ㊃âñR ·3ÞGæš‹¶Žãðz;ÞDXmˆß‰Ž|Ü=˜±­j¹f.® +e³þ +%Â}Ø ípÓ߂Œftøì×¢Ž¥÷±È‡¢¥^d€ Y^pâCN_Ó¿N3œ5endstream +endobj +2721 0 obj << +/Type /Page +/Contents 2722 0 R +/Resources 2720 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2686 0 R +/Annots [ 2739 0 R ] +>> endobj +2739 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [242.141 486.013 294.444 494.924] +/Subtype /Link +/A << /S /GoTo /D (0:PRELINK) >> +>> endobj +2723 0 obj << +/D [2721 0 R /XYZ 71.731 729.265 null] +>> endobj +2724 0 obj << +/D [2721 0 R /XYZ 71.731 718.306 null] +>> endobj +2725 0 obj << +/D [2721 0 R /XYZ 71.731 708.244 null] +>> endobj +2726 0 obj << +/D [2721 0 R /XYZ 139.477 690.411 null] +>> endobj +2727 0 obj << +/D [2721 0 R /XYZ 71.731 667.397 null] +>> endobj +2728 0 obj << +/D [2721 0 R /XYZ 139.477 649.564 null] +>> endobj +2729 0 obj << +/D [2721 0 R /XYZ 71.731 637.445 null] +>> endobj +2730 0 obj << +/D [2721 0 R /XYZ 71.731 626.551 null] +>> endobj +2731 0 obj << +/D [2721 0 R /XYZ 139.477 608.717 null] +>> endobj +2732 0 obj << +/D [2721 0 R /XYZ 71.731 596.598 null] +>> endobj +2733 0 obj << +/D [2721 0 R /XYZ 71.731 585.704 null] +>> endobj +2734 0 obj << +/D [2721 0 R /XYZ 139.477 567.87 null] +>> endobj +2735 0 obj << +/D [2721 0 R /XYZ 71.731 555.751 null] +>> endobj +2736 0 obj << +/D [2721 0 R /XYZ 71.731 544.857 null] +>> endobj +2737 0 obj << +/D [2721 0 R /XYZ 139.477 527.024 null] +>> endobj +2738 0 obj << +/D [2721 0 R /XYZ 169.085 514.072 null] +>> endobj +2740 0 obj << +/D [2721 0 R /XYZ 71.731 466.087 null] +>> endobj +2741 0 obj << +/D [2721 0 R /XYZ 76.712 424.458 null] +>> endobj +2742 0 obj << +/D [2721 0 R /XYZ 71.731 409.514 null] +>> endobj +2743 0 obj << +/D [2721 0 R /XYZ 374.689 397.858 null] +>> endobj +2744 0 obj << +/D [2721 0 R /XYZ 139.477 386.202 null] +>> endobj +2745 0 obj << +/D [2721 0 R /XYZ 211.342 386.202 null] +>> endobj +2746 0 obj << +/D [2721 0 R /XYZ 272.716 386.202 null] +>> endobj +2747 0 obj << +/D [2721 0 R /XYZ 344.581 386.202 null] +>> endobj +2748 0 obj << +/D [2721 0 R /XYZ 71.731 332.6 null] +>> endobj +2749 0 obj << +/D [2721 0 R /XYZ 71.731 332.6 null] +>> endobj +2750 0 obj << +/D [2721 0 R /XYZ 71.731 295.044 null] +>> endobj +258 0 obj << +/D [2721 0 R /XYZ 341.355 255.671 null] +>> endobj +2751 0 obj << +/D [2721 0 R /XYZ 71.731 232.776 null] +>> endobj +2752 0 obj << +/D [2721 0 R /XYZ 71.731 200.712 null] +>> endobj +2753 0 obj << +/D [2721 0 R /XYZ 71.731 200.712 null] +>> endobj +2754 0 obj << +/D [2721 0 R /XYZ 137.962 189.918 null] +>> endobj +2755 0 obj << +/D [2721 0 R /XYZ 71.731 168.778 null] +>> endobj +2756 0 obj << +/D [2721 0 R /XYZ 71.731 134.959 null] +>> endobj +2757 0 obj << +/D [2721 0 R /XYZ 71.731 134.959 null] +>> endobj +2758 0 obj << +/D [2721 0 R /XYZ 137.962 124.164 null] +>> endobj +2720 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2762 0 obj << +/Length 2633 +/Filter /FlateDecode +>> +stream +xÚ­ZIãƟϯúÒRЪfqW€ØpìŒá + +#ÓA¶Y’˜á"”۝_ïWU¯I±=h.*Ÿõ«·‘tãÁÝ$”$ +üñãh“׌Í~ùþÅ{\²·ÖüýåÃóGÿ°9C +l^N›À‹Iś$ðIù›—âçí·—ì:°n·÷#oyü¶m~ñ<ÿ|ëv4ÚfCÙ6ò‡_|?‘g}V_vt›•Í“Œ1\®'+<¯ÛŠ +Ún÷ëË??üãEKù”þ]}pÉTŸÄèCéD Gâ¥$C¡Ï‹£¿²Œä²ä–üíI +3%jä5·ô`]™g\SùKÇò[×ëç +v +.òŽì‘Ô•“Í*C©gÌU4HCâE‰–pNSµfo-ššêâª~b¹Ñ,"!‰\öa“ ŸË +—ÜeîáŒ¿âŠ"F÷ïZyÞŽƒ<¹Þƒ + +ô€1Iœt³§>9 úî˜o +»,ÿŒ£Þ– +Üðáa»ß€Î7yõß[?š' +ðåÀÔªL +¢\§ŽY3çÊ +@ŸnÏ·š5ø$!D ƒn‰PÅe`%±Ðá?»HVEžuêž +°¥šÞ˜çñ/žM +¿g ÇãÏ@÷×Gƒ¹¬«Þ_X +2«öx,›³’Paüvœ¶ÝÀï©íŽ— +œ£7DÅ2РÐT +Ÿµ9P+Ë3uÖlÝ·] +Iµt“&b±÷ +~ŽÙû1‘fø±&OÒ­ð& +‹Ü +$JÖÿUðhiBhšWþð7ã'vûÀŽ +{ÂYpäfÌÐXp™ÉCÞV•Þœ÷I­æAšçy’w^K-€tœPâŒw{ºuù‹8"°¡É"Á +ëښ˞RGÒ +‚jŽ­Ê~‡ +)\žÍ„[ᆒR\·ÃQR81Ö-Jœ¬—D>ï|Ø\âë@ä­‰ðÑ£J‘ÈV$²‰À2Jž#“„궡S/ä=%^žõÌVòƒ†W?êۆʊ¢ä +BGt¬n¹_~Ûùðl +wtůMVƒÅˆŒüŽ]ìç† +r +à +힎=Û׶*ó7ˆžò;OTYÙ(T•âså,aëc²ý-¿Œ’þT&‘Ù€£M‹2à9ÑȄ‹qZÉË2^5ų²OÁ*¶ +wqqêÚzíœ[БL»¹ÿB5Šfâ{« +ʚ=çü¿ÊðÈD·çyUúÛq,¯¿í¿¬ê[£ÅéÍÑ á)ãVY7Š~ ]•ÍgãÀ©_æMq㛱auéaI™G¹ŠÒŠÏ#;¶Špz8`l¬³`?‰ ŸGXBÆh ¶ +’­ÊÏG=^Lh€â9òÿwoªþˆ +­+:›!ë1¶C° ’hÅ© +twÔämÇé,$H¡“ +÷b-ZˆZà +2Ãn + wÙ;„9ûŸ@cV°&w¶ñÙr|36ºÞmu+ 7C‡Ù}ØÌ·þ­‡Œ£æœÓy•1*¬ïÇs +ýd +œ&ŸZ è2 ÛÙ‡ +­& +sœìØüUH$Œ<-ú ŠÀzó£cs³Hٖz] +ùEsênÊ~¯% ŽéÉÃLtƑ™H”ªÌäšÎ +_–NšŸ²î]24ÉJÖ) +žOî¹ûØj×ö£÷Ùrº2¯Šø}`x™ŒŒ +§È¶ç÷ÁØ¢—ƒ€ +zRô~=a-Z¬'Ô.DžXOÌ°[¯'î²wË÷*P¥»µ›ã +Iªš“Ï—‰úEÁZVûŽ¿pŠ>®5}è.Ã4Âúý ·×€|X©Dԋ))pŒêitÖßcÏß2¥QˆÍ¢eã9Xñ”Ý;@|œC˜³Ÿv‚fº*nõnhæ[ií¬ålÒ™-rÉø€ÇþMãœaŠÉ±>átɢށD4ŒŸæ­EK‰^-YKõ3ü֓ý +ÿIº·pZ?aՙ*kDVé& +Asa@WjÐáð +¿à0z $JWªbkђÃԒ5‡Íð[wØ +ÿ‰Ãl^/eõ%†îX-_Ç;/G;à=Áıçhœ’8^=Z‹ãœZõŽãÜ +»õ8w—œCØL‡Â˜Çù +gp%Ò& +q°„†JÂßÿª\‹{ +ù‘=È'¡J£Ï²ãx–ýÌ4Õ%I=5)z’Œ +ùEžŠ²Žu+Êð0ÙòíawŠpË,µ‘e +œc9ŠylôÙ`+šlEu‡/hœ/MF +nšBgքx +y(‡`/ª×Ð)ëC]ÖË +¬~BõáðP0U탌R‰š—Ïü +\Í5–Ôᢟ:&ðB +B3q[qˏ藩Cˆ„j'¢üŠ!æ5^8ªnÌGUÁ«LøɞTã»9Qyô9Wš1o䡁iñ5OlIË?í¡Ñ{a”ˆ,°tÓyõz­Þ4œõ/åù¢gH–èš+dLØ©Á‹%¬&j¹QÖ[ €]r¹œÞdœ†ȌŸ&&ñùkƒÃ™äEŽâÇ$ò‚‘#ùæÚ»ã +»—ÓÉQwÙ•ƒ²ZÒåœÙÎôY­fhT= +Ý­á_Ž Iq—Ú +œö`cwÎ^a⁹)›fóՇ +“ñ30~J“»_¡™%“Ð"ê‘CzPTD«–,| 6åôa®¡þendstream +endobj +2761 0 obj << +/Type /Page +/Contents 2762 0 R +/Resources 2760 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2686 0 R +/Annots [ 2765 0 R ] +>> endobj +2765 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [384.057 706.187 436.36 715.098] +/Subtype /Link +/A << /S /GoTo /D (0:RECDEP) >> +>> endobj +2763 0 obj << +/D [2761 0 R /XYZ 71.731 729.265 null] +>> endobj +2764 0 obj << +/D [2761 0 R /XYZ 71.731 718.306 null] +>> endobj +2766 0 obj << +/D [2761 0 R /XYZ 71.731 673.31 null] +>> endobj +2767 0 obj << +/D [2761 0 R /XYZ 71.731 647.407 null] +>> endobj +2768 0 obj << +/D [2761 0 R /XYZ 71.731 632.463 null] +>> endobj +2769 0 obj << +/D [2761 0 R /XYZ 71.731 581.126 null] +>> endobj +2770 0 obj << +/D [2761 0 R /XYZ 328.476 548.045 null] +>> endobj +2771 0 obj << +/D [2761 0 R /XYZ 76.712 506.8 null] +>> endobj +262 0 obj << +/D [2761 0 R /XYZ 195.31 471.333 null] +>> endobj +2772 0 obj << +/D [2761 0 R /XYZ 71.731 471.183 null] +>> endobj +2773 0 obj << +/D [2761 0 R /XYZ 71.731 468.792 null] +>> endobj +2774 0 obj << +/D [2761 0 R /XYZ 137.484 448.618 null] +>> endobj +2775 0 obj << +/D [2761 0 R /XYZ 71.731 433.509 null] +>> endobj +2776 0 obj << +/D [2761 0 R /XYZ 137.484 417.734 null] +>> endobj +2777 0 obj << +/D [2761 0 R /XYZ 320.706 417.734 null] +>> endobj +2778 0 obj << +/D [2761 0 R /XYZ 71.731 402.625 null] +>> endobj +2779 0 obj << +/D [2761 0 R /XYZ 137.484 386.849 null] +>> endobj +2780 0 obj << +/D [2761 0 R /XYZ 227.695 373.898 null] +>> endobj +2781 0 obj << +/D [2761 0 R /XYZ 71.731 371.741 null] +>> endobj +2782 0 obj << +/D [2761 0 R /XYZ 147.447 355.965 null] +>> endobj +2783 0 obj << +/D [2761 0 R /XYZ 71.731 353.808 null] +>> endobj +2784 0 obj << +/D [2761 0 R /XYZ 147.447 338.032 null] +>> endobj +2785 0 obj << +/D [2761 0 R /XYZ 71.731 335.876 null] +>> endobj +2786 0 obj << +/D [2761 0 R /XYZ 147.447 320.1 null] +>> endobj +2787 0 obj << +/D [2761 0 R /XYZ 71.731 274.481 null] +>> endobj +2788 0 obj << +/D [2761 0 R /XYZ 137.484 258.331 null] +>> endobj +2789 0 obj << +/D [2761 0 R /XYZ 348.969 258.331 null] +>> endobj +2790 0 obj << +/D [2761 0 R /XYZ 137.484 245.38 null] +>> endobj +2791 0 obj << +/D [2761 0 R /XYZ 71.731 243.223 null] +>> endobj +2792 0 obj << +/D [2761 0 R /XYZ 137.484 227.447 null] +>> endobj +2793 0 obj << +/D [2761 0 R /XYZ 515.254 227.447 null] +>> endobj +2794 0 obj << +/D [2761 0 R /XYZ 71.731 225.29 null] +>> endobj +2795 0 obj << +/D [2761 0 R /XYZ 147.447 209.514 null] +>> endobj +2796 0 obj << +/D [2761 0 R /XYZ 71.731 207.358 null] +>> endobj +2797 0 obj << +/D [2761 0 R /XYZ 147.447 191.582 null] +>> endobj +2798 0 obj << +/D [2761 0 R /XYZ 71.731 184.443 null] +>> endobj +2799 0 obj << +/D [2761 0 R /XYZ 137.484 168.668 null] +>> endobj +2800 0 obj << +/D [2761 0 R /XYZ 210.359 168.668 null] +>> endobj +2801 0 obj << +/D [2761 0 R /XYZ 228.769 168.668 null] +>> endobj +2802 0 obj << +/D [2761 0 R /XYZ 441.978 155.716 null] +>> endobj +2803 0 obj << +/D [2761 0 R /XYZ 460.388 155.716 null] +>> endobj +2804 0 obj << +/D [2761 0 R /XYZ 309.199 142.765 null] +>> endobj +2805 0 obj << +/D [2761 0 R /XYZ 386.179 129.813 null] +>> endobj +2806 0 obj << +/D [2761 0 R /XYZ 71.731 101.754 null] +>> endobj +2760 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2810 0 obj << +/Length 1531 +/Filter /FlateDecode +>> +stream +xÚœXYoã6~ϯ0҇ڋH%ë*É^HÑnø-ŽD[B$Ñ¥š8þ÷ +ŠCY–µI¶Š!MÎp®o†C‘‰d;ô`pcÛ +üIRž9“ +ì|>#Ha!‰Õ£¹^žÍ?¹ñ$¶ãÀ›,×Ï ìÐ&¡çڑïN–éÝô}F·’‰™åúÎÔ·õøžW_ +ÇÝ4bFü)•9¯ôÆW× +õ¬Še6#SšWzAf +i€³ÀyÉ«\r1»_þröqÙië»ÄöÜíñbÏãhb¹Ž +»d”†ž¡í».íD¶·X +ŒF"C£Œí¡FÄ +íEŽ˜ôN2â†ãA<òŒ,~p°¿œEΔk¥ +Œ_æ:,_ëqÏ=I0§Ÿ­÷àÿJÒgä¬õž›8\<æòPÜ`*–Ï[–H–bÌò*ŒÖlÁ'EÉĊ׹Üë%ŸV +»ÁévŒØIÙjæ:Óf³é„í2†PMUuË +-•NÃi.3ýãܒF—\žëiSwŒçÖÖl¯9nsa +r}ÔµPwš·‘>N‹„v +ð³T„AkÊÇgZngÉOÈԋã"²‰ƒõÍ0JŒ*ö=÷Ó +’å$cÉc?„*&‹xj\BQí\@xžØÏŠ1҆ày—ƒX +XÐM<5P’5+ÖÆ¥ +Z“Œ +ZO Uäc@âÖ¶»¿M{ÊêˆçàûÀqŠ—z˜7™sA“‚Í©H²|f‘ésœ#^í⻛MÅ»*Šû‘Ýu®ŒÿÂÑê䌎ëÙ +ñZæ4Ë.ÁÊ1nŜµÜZM˜;]­5±õ³ +q+Ž[ïêŒ+æŠHßé•Ñ +(ySAvé*¶jlC¥&®QL­F¢‚®~BŠ–PKNW-M‹Vx +hZèyޘx]Ÿ$£ÕŠÍvõ+ã;Åvq€µ®ÌJ^=ÖHË~ÄÙgžI9ÃœŽZcµBŒ:êVÝrCšÛ®-GºJËö:i­åF}^I÷œZ4m«„¿C¶”LÂ:þäÂøž¢%’“Và7}öáúZ‡eHMoÿüõ¢©æ +֣­ +õˆitÄ4Ɋq£4”+uî+!­ûÎî‰QY„èÊ«:O™Ù§šêW ++ŸëËÓS +oMµV?nŸÜ,õ‰«—ôª›$ëÃÛ\‡¶!;†ŸRw€@;XšÃÓÒì~wi +/ÈŠ19©Ÿp7}gÞ+h%Ým-Y%kSŒut5~kýœ’RäàkV¿­N>Q1¯·œóòï†5J§iwÊ(Ëíw—iðÑ¥E†2ÙøU¡(QÈx€Gî^ïÿ +°îK  +ÊiÑ¿™/L#“•d·è:’Šïq_g|w— +íŽ.žœŽI°’«†Ew-é›FÙ!CA}€‡f1âùÚððúš +¯G@çü7ž Î忂Ó± +G÷8ۗPß +ëãX^‹œ¢s¯ð +rË + +h©rÝF­M 3Ó³µja}؈Täë}çbã.Ñt±lï95Ù + +«.‡u݂µ†8˜Ê¯‡ôöƹŸcûQk‹oúR8ŒŠ·Ív+X]ë_%ÌšÂ-€ +þ3\ÆZ¬ŠU+l7o/Ž)°h0÷Šߘ"õA%•0­M5Ýt~@eúXTÏ +ÃkÐÀ.aBvÝýQ^|u|‡Ù +šà’Jƒú‚otðHÉÅðña?}v4'ŸUJ¡_ŒÅÁ/ +ÌÀT +ЉŠì*MYz©É}ÿ!!’Ï×MQl©Ìæ*»j^²Á6m}}~ÀÚ~ .ì Â#Jsýú=VËrcéxhš÷[^«ÖcLÁ^.ы +*ý6¯*Hð + ƒ‡zs[@ó™š+làê;PNÕÐ{Ä<>úxh +Ÿ»Ðõ¥oÝBÝ· +þwÄÉ1~"ãø +vÂÔzaҞ͚MY~ôèU0W˜yÔŸUÅÖkÂR5|Ý­%óRi?øš€ßdà +ˆHøâW›ÉÉGÊš D%{}ãƒÊ©€_rŒ¡endstream +endobj +2809 0 obj << +/Type /Page +/Contents 2810 0 R +/Resources 2808 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2686 0 R +>> endobj +2811 0 obj << +/D [2809 0 R /XYZ 71.731 729.265 null] +>> endobj +2812 0 obj << +/D [2809 0 R /XYZ 71.731 741.22 null] +>> endobj +2813 0 obj << +/D [2809 0 R /XYZ 137.484 708.344 null] +>> endobj +2814 0 obj << +/D [2809 0 R /XYZ 71.731 673.31 null] +>> endobj +2815 0 obj << +/D [2809 0 R /XYZ 71.731 673.31 null] +>> endobj +2816 0 obj << +/D [2809 0 R /XYZ 71.731 650.396 null] +>> endobj +2817 0 obj << +/D [2809 0 R /XYZ 71.731 492.564 null] +>> endobj +2818 0 obj << +/D [2809 0 R /XYZ 71.731 492.564 null] +>> endobj +2819 0 obj << +/D [2809 0 R /XYZ 71.731 467.681 null] +>> endobj +2820 0 obj << +/D [2809 0 R /XYZ 71.731 378.567 null] +>> endobj +2821 0 obj << +/D [2809 0 R /XYZ 71.731 378.567 null] +>> endobj +2822 0 obj << +/D [2809 0 R /XYZ 71.731 344.01 null] +>> endobj +2823 0 obj << +/D [2809 0 R /XYZ 71.731 276.851 null] +>> endobj +2824 0 obj << +/D [2809 0 R /XYZ 71.731 251.243 null] +>> endobj +266 0 obj << +/D [2809 0 R /XYZ 459.796 214.027 null] +>> endobj +2825 0 obj << +/D [2809 0 R /XYZ 71.731 190.91 null] +>> endobj +2826 0 obj << +/D [2809 0 R /XYZ 181.818 168.199 null] +>> endobj +2827 0 obj << +/D [2809 0 R /XYZ 243.775 168.199 null] +>> endobj +2828 0 obj << +/D [2809 0 R /XYZ 119.552 155.248 null] +>> endobj +2829 0 obj << +/D [2809 0 R /XYZ 186.49 155.248 null] +>> endobj +2830 0 obj << +/D [2809 0 R /XYZ 71.731 127.188 null] +>> endobj +2808 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2833 0 obj << +/Length 2094 +/Filter /FlateDecode +>> +stream +xÚÍYKä¶Ÿï¯h8¶;˜V‹z¶ +8Á؉ +prðÜv÷À‘Ø’2zA€f¶ýãSŗž3v‚ +‚>ˆ¢ŠõüªXd“ +?²‹‰ûððNjÂ]Z¿sw9|ùñ +ÑGMrœÐ|÷ðîôƒ—ì'‰üÝÃe绑‡Ñ.ö=ç +z»‡ìÃþû‚v‚õ‡£ºûÐQÏïÛæ£ëzùÐHž§¢lõá£çÅjÄi] +Ȟ–͝šÓ4°²ÒãºmJÑö‡O?¿ûۃÕ6ôˆã{oÚ£IÖöÝì‰Ð +â'NÇ»Ø=;~H{þÑ +ö +Ê;ý3–Ô +ÀEæHó UÏ{ÚçCÍ¡ÞD«ÖMEDg>éu?åMÛ³ûì@Ü}Ʋµ”0v¢ÄPÓ&[ó#±Ɍß/%çe“¯¹E>È5mB®U}4šGÏò¡¢œzaßÝîzleÜÐŽ‚ +°;z{ž8âDa¬xS‘ŒRÍû2T•uTÎÁxîŸÕDÌhr=àìÐ[E”x£æßÀH|OöÝ š*?–Z7D’†ÑÈOœdZ +ok& +»²*ŸŠ +Kn" +÷ܝ炩®„ŸŽð‡cäºø’«*úY +­õøBÑf +\Ê +çÂ$ÙÓ +ƒ-g¯êYµyß +*˜zýè†.sòo4Cð<ÍwˆzüÏç='ÿr§æ˜H!‹ +`@d|@mj'Dªj±§gڟ@æŒDR\ +sÔWÐ¯øüãŸÔ(E¥ + +}Ä7e +Ë{Ö©é¯ÐŒŽo›Û¿ÖüVÓ²¡7£÷­ïêî)ç7ÎÒ¡g7ÞµmÅú0t^ÞžœÔ¢C[>?p>žÇäò”oùü𗯿R¬r +[#ƒð$ÊÆ6©u)Þ°öš·L ŽjÔӈû*¢ï +dî~ +^)Õ„¶¬Ð€ö©úš + +ÈÑÌ‘z»Í{=ÔI³w+öµœ³ñÆ\€3€<„Úk€f¥Ê"÷Û9’Nc¬!|ÿQž·bÞ÷o÷ÁFL””›òÁt€ºŸE»ŸKiõõUÿUÖÚ¡ÚÁ”å†k¡ p$û®0ÜR +Lw&Rz„ÈY—lÐ7€]@ë{_ÁnÙÀ–øŒµÍ„Ä9“È”÷ˬHgeÏR¡Ek͍–ºÄLÁñá^ +íRãŠñOššÏ+ +~{˜ +wSÚÜ­oªëk[úðŽ¥%­fø–Û†6lŠD£»Þãþì:nª³Øץ܌øI†ñ¥a=/ Ü>@Y> Žv[Ξ°ˆ6p8w”ÜȌËJ!yö¬V萋*MÙ^ŠVð¹sí~8O.>òÉŽš;ý†£UZ +c¥÷ùV¹ŸÓF€Ýëtø•=U,E=•¶"‘º\­ôô^ž;F14ÇJ +hp᧖ÿõÚкÔÛkúH¹ÆÀÐañ¶a8fär,Üu›•˜.,ƒZÂëÒúÔHX¿ÌÒÉ4, X< +0€# +-bMj»T'žÑŒ¿qRàeÞàyB +œž™è +ºªŽ# œ:=Ùdj{Áž™Uϲ9ÖPú«Ši;Dëõ©ª$&„3ZãÏIôÉ.T”£ZNŠŒ +­£&õªÏŽv2‹€Àb°¬*h“3«À[ιrÁj›<ÒÇ*y~r˜>³ÉNŒÊđ§¯y> endobj +2859 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [219.476 153.201 271.779 162.112] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2834 0 obj << +/D [2832 0 R /XYZ 71.731 729.265 null] +>> endobj +2835 0 obj << +/D [2832 0 R /XYZ 71.731 741.22 null] +>> endobj +2836 0 obj << +/D [2832 0 R /XYZ 71.731 718.306 null] +>> endobj +2837 0 obj << +/D [2832 0 R /XYZ 233.156 708.344 null] +>> endobj +2838 0 obj << +/D [2832 0 R /XYZ 308.303 708.344 null] +>> endobj +2839 0 obj << +/D [2832 0 R /XYZ 71.731 643.273 null] +>> endobj +2840 0 obj << +/D [2832 0 R /XYZ 71.731 610.02 null] +>> endobj +2841 0 obj << +/D [2832 0 R /XYZ 71.731 589.544 null] +>> endobj +2842 0 obj << +/D [2832 0 R /XYZ 76.712 563.268 null] +>> endobj +2843 0 obj << +/D [2832 0 R /XYZ 71.731 543.342 null] +>> endobj +2844 0 obj << +/D [2832 0 R /XYZ 71.731 489.741 null] +>> endobj +2845 0 obj << +/D [2832 0 R /XYZ 256.451 480.08 null] +>> endobj +2846 0 obj << +/D [2832 0 R /XYZ 302.52 480.08 null] +>> endobj +2847 0 obj << +/D [2832 0 R /XYZ 372.798 480.08 null] +>> endobj +2848 0 obj << +/D [2832 0 R /XYZ 414.025 480.08 null] +>> endobj +2849 0 obj << +/D [2832 0 R /XYZ 71.731 473.832 null] +>> endobj +1843 0 obj << +/D [2832 0 R /XYZ 71.731 435.547 null] +>> endobj +270 0 obj << +/D [2832 0 R /XYZ 341.758 377.524 null] +>> endobj +2850 0 obj << +/D [2832 0 R /XYZ 71.731 354.629 null] +>> endobj +2851 0 obj << +/D [2832 0 R /XYZ 71.731 354.629 null] +>> endobj +2852 0 obj << +/D [2832 0 R /XYZ 71.731 309.614 null] +>> endobj +2853 0 obj << +/D [2832 0 R /XYZ 71.731 250.834 null] +>> endobj +2854 0 obj << +/D [2832 0 R /XYZ 306.05 240.04 null] +>> endobj +2855 0 obj << +/D [2832 0 R /XYZ 71.731 192.055 null] +>> endobj +2856 0 obj << +/D [2832 0 R /XYZ 176.527 168.309 null] +>> endobj +2857 0 obj << +/D [2832 0 R /XYZ 320.376 168.309 null] +>> endobj +2858 0 obj << +/D [2832 0 R /XYZ 119.552 155.357 null] +>> endobj +2860 0 obj << +/D [2832 0 R /XYZ 71.731 133.275 null] +>> endobj +2861 0 obj << +/D [2832 0 R /XYZ 328.187 109.529 null] +>> endobj +2862 0 obj << +/D [2832 0 R /XYZ 472.036 109.529 null] +>> endobj +2831 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F27 788 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2865 0 obj << +/Length 2138 +/Filter /FlateDecode +>> +stream +xڝYYÛ6~ϯ0öÉbFÔ­-Њi“¢ÐÝ’<Èm+‰ŽŽ$Û_ß^¢;A±’)’s}ó͐K7 +üÑMBIÀÃψG›¢~æmNðå—gTÏØë){gΏÏ^üìg›Œdq°y8n/&Io’À'iäo +ʷۗçüÒ³v·÷#oõ|)šwžçŸ†vG£mÞsÑšï|?Qo]^Ÿwt›óæ¹èÏLρ••~¯EÃ{ÑîÞ?üúìՃÕ6ò) ü›öè)K{’Ñ +J3 +‰—’ +¥=Qñµ~ÚÅÑVëƵúŸÎŒ8«×"¹V•u +tÒÃâˆZO +Hƒ + +‚†(ꞡœ¬åýӛSfɖýPUz¡£iâ?Jõ:ljŒÍ]D`o`MZsž²wæ,\3ÛF©[Œ + %t.;€”DAxSž™sSú|#ÿý +AŒSÏkX›÷¬|çE” N›œŸQ’¥~Dj’È + + +Àº ++x^iص,ïkÖô6j„͊i!CS#P—‘é}!š¡Gšé¹àœªJìühûIKî +zžóŠ4iàåŒnŸÎ¬bq’BütÖÆ +˜òÍÀ­ +Āú$‹šT£dêmšò +Ð涬@™OT3ÌÆtힺžÕ&]"fu +Y!ߎ-û0€Ÿ+™XD{ +nh!ŽÑ- + Ã#1M¥B ‰ä“$ÝþÅ +E% +•ìҟ!â^‡a_ú؛Äþ'f‘pé³=ˆû„}"4ÓH3áçpQŸ¥÷CåXœ•æõP«o­ÒÊ(#R)5S †²LýFU9aDýR£ˆ/ +õG4U» +; +ÊQmlo3‹h©Ig“Óš‘,úZjx +‰€ÉŸ’!\;ÜÌøø( +"ys2ѵÙ`æÒrDö͜šŸÈ÷7Q‘âœF +fÎޙŽdëÙFè•ïqABÂ4\7ŽâõšÛâge$Ù ƒ‚a©$ï×K.¡ÀËÁP“‰þ“IêÈ[°}€O’›Î5snZ7ßhAøŽKºªtKž™sSø|#I÷ŠÍ¥ìº »MøëðsãÙV³êAæÏømÂȚ܄È"Ý¡â%ÁCïGÙ×<@%õM¹ž÷77°rCex ÞTùޖ‚¥^aJ¢ŒjYÞJ±ºD§ªp³ObПØQ$ý‰,¢)ñÀdåFÕÌ"Қ%›™Ï +ŠASØHró²œs++Æaä +“#öÇ.ì°ó¿nøÆ¡M21Ú¯T +”øYög”ºà6¢_ó6®¹UØž*‚( Ì +ÄUB<šä6EüŠäi†IJ² ŒMšÎ€«€iæ bþUÒ\÷eÒŒ)~¶ñ„4O•8X®cGéå¡ê¯e €æ*©.ŠVaO îéC¶EšT +ΊÚB(¶ÜnYvoìmVç +‰P ÀßyW,! +ç–ÔNY!)h¡ZÍOàP» +úÏ4ìÉ¢ÿËøï7uÊ@ï²ê;µ0Š ²Xv]iDš¯×5C}`íU0†È_À¢s +Šj +Ê +®#q!ë+€xCötÛ +¿zýù¹= +ÍÐç_֊µ†vOáP€‡PÉÔ¶µ±nk_ç-RZYñæQšÉ™8üxœ©åVŠ,šLµ‘Žæ€$>ŸÓ4ïŸxU9íüš +Q_rÓÍ[ði€LĞóVZ0Ó&wxS×ö1#N“Ëw!8ي÷zïIKŒ÷X‡xSTCi;Ô;rg2f„Ü9=Å¢­¡1vë +(ÔMììfeyñç=l§ÛŸQ +Âp\†„ +è쁙Ç]&ÊÄPæ`iFýè†Ë(!„FÆ +Æ€êðtŪՁù ™?6÷Zð¥eڂ9²q[°õq*×È9pH“ÈRÚï) +£2WÆ +Ê{®/¯À¯@ÎyÇ%KËŸïŽ4,v{öõ$qâ‚^=kQªŸWošŽ +ÉAÆ +Ë­ä˜CoØj œçò +: + ŠTç€ð#<¶“Ðé[šî\î±?ê} +L¢U+vD»ä9ÑÕòü +•ž÷¢žü@]=vWŽmÀ¥”êªòÔÍï²æ‡òÁޗB$Á›æ¡Ó+Ú²±žÍ2Øq­âô-öÝ€iZ2¬ºé +f7}ŠrÀ‡Wä$ßB­( +aœSC°ïŒ0bökïX{ìÔ/€FÏMh`–º/Ǭ„3åBxU—!X#áiLÆ/ªžªyYÊýòjÞœë"A“BÜú7Ó8eñ_Š`D‰ÙE‚Ï»ò ¥€ÿ"ÊÏšendstream +endobj +2864 0 obj << +/Type /Page +/Contents 2865 0 R +/Resources 2863 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2897 0 R +/Annots [ 2868 0 R 2874 0 R ] +>> endobj +2868 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [359.23 706.187 411.534 715.098] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2874 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [373.527 533.564 418.358 542.476] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +2866 0 obj << +/D [2864 0 R /XYZ 71.731 729.265 null] +>> endobj +2867 0 obj << +/D [2864 0 R /XYZ 259.306 708.344 null] +>> endobj +2807 0 obj << +/D [2864 0 R /XYZ 71.731 659.113 null] +>> endobj +274 0 obj << +/D [2864 0 R /XYZ 289.939 621.898 null] +>> endobj +2869 0 obj << +/D [2864 0 R /XYZ 71.731 599.003 null] +>> endobj +2870 0 obj << +/D [2864 0 R /XYZ 71.731 553.988 null] +>> endobj +2871 0 obj << +/D [2864 0 R /XYZ 71.731 553.988 null] +>> endobj +2872 0 obj << +/D [2864 0 R /XYZ 71.731 552.742 null] +>> endobj +2873 0 obj << +/D [2864 0 R /XYZ 137.484 535.721 null] +>> endobj +2875 0 obj << +/D [2864 0 R /XYZ 244.143 522.77 null] +>> endobj +2876 0 obj << +/D [2864 0 R /XYZ 430.562 522.77 null] +>> endobj +2877 0 obj << +/D [2864 0 R /XYZ 387.743 509.818 null] +>> endobj +2878 0 obj << +/D [2864 0 R /XYZ 476.47 509.818 null] +>> endobj +2879 0 obj << +/D [2864 0 R /XYZ 71.731 494.71 null] +>> endobj +2880 0 obj << +/D [2864 0 R /XYZ 137.484 478.934 null] +>> endobj +2881 0 obj << +/D [2864 0 R /XYZ 239.042 465.983 null] +>> endobj +2882 0 obj << +/D [2864 0 R /XYZ 318.733 465.983 null] +>> endobj +2883 0 obj << +/D [2864 0 R /XYZ 403.853 465.983 null] +>> endobj +2884 0 obj << +/D [2864 0 R /XYZ 71.731 463.826 null] +>> endobj +2885 0 obj << +/D [2864 0 R /XYZ 137.484 448.05 null] +>> endobj +2886 0 obj << +/D [2864 0 R /XYZ 71.731 428.872 null] +>> endobj +278 0 obj << +/D [2864 0 R /XYZ 260.774 389.499 null] +>> endobj +2887 0 obj << +/D [2864 0 R /XYZ 71.731 369.395 null] +>> endobj +2888 0 obj << +/D [2864 0 R /XYZ 162.171 291.865 null] +>> endobj +2889 0 obj << +/D [2864 0 R /XYZ 249.772 291.865 null] +>> endobj +2890 0 obj << +/D [2864 0 R /XYZ 71.731 269.783 null] +>> endobj +2891 0 obj << +/D [2864 0 R /XYZ 119.552 246.037 null] +>> endobj +2892 0 obj << +/D [2864 0 R /XYZ 178.101 246.037 null] +>> endobj +2893 0 obj << +/D [2864 0 R /XYZ 71.731 243.881 null] +>> endobj +2894 0 obj << +/D [2864 0 R /XYZ 71.731 228.937 null] +>> endobj +2895 0 obj << +/D [2864 0 R /XYZ 76.712 189.848 null] +>> endobj +282 0 obj << +/D [2864 0 R /XYZ 397.601 154.381 null] +>> endobj +2896 0 obj << +/D [2864 0 R /XYZ 71.731 131.981 null] +>> endobj +2863 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2900 0 obj << +/Length 2233 +/Filter /FlateDecode +>> +stream +xÚ¥YKsÛ8ŸçWèf©ÊføI)U9dSÉNvg•©k/ž + ’°! .AÚQ~ý6€nðéxjŠ| Џ¯ûû+þ‚Uxi?áÞ +“x••¯üÕÞüýU€#îpÈÝ`Ìßî_œþîW{oŸD«ûÓ*ò/“U +Þ.W÷ùÃúý +Õ-o6waì¯cÏþŸ—Õ»fÄkÖ +YÙ¿‡aj¯+/›`ÍDukŽŽcà˯KY‰V6›¯÷ÿxõáÞY‡ +?õ‡ÌýI{‚`ïÅàGêïŒh»5þ\X“¢úŠÐ•ûÍÎ_K{ͲLvUkoNV]Ž\ì +×Ïx­}VèÚUvö"cUóLœ®KßØgO¢œLâ"Í{ +Š×£mï +¿º +Boùøíÿ|:)ÞŸµÃãxµƒá‰ +žúÞ~ÂWzôa>]âÅQŠ¯ßÌ?Œ( ×¯kVš!ðBÄã Á1¢šžñð/¡²¯žõؐ' +©£‰ƒ3€!ˆ +@0?¿ð†c˜öGšÉŠUWòFd¬ÐŠB°ߋ’£+aí0^ëˆÑ±Ï²¶ƒoÌýÝ0S»–çöÉ +µˆø(è±a²MúÈqìùéK±KŒÝ~cÐŏzUB[Ù­š©>áÖ)°‰S( +r/7‹È.ðöi2ÂQ+J®ú`T²u32 +ҍõÁÆþ +¬iîÃDð&€E»%ZÅ +Ìð§böçQǞGêIÐ%É#Q—ËÁ^W°zq¥›ŒŠH{菒ý³ºù‹m÷º[ápÈ4_tÐ9U +Ź“ƒ‡0€\‡ñê2Ø„Ðb¡ArãÂØÛú"᷂3¥HwkL\a*àJwSfJ +nžDQž¡ö"»ðlúëoöП·ˆ‚†ŸñMä»@ØGâD +ኪeU +ÆÞÁ»®À—'ò„E÷o폏u¡çSp蔢—Ä©ÅNÆÉB0ÆYhrÑ@åé‡ðî +Ñ÷M +À›ûK§p +öÙ<.2eŽžø·Œ<ÛbŒžr3© +°±Â9:^ +‚ +ß\KÙŒõž¶@=&áw„Œ4õÂÈÂä¥èãûY +û=qÑèûœ¡dÅtÏ: +ԂŠïԆý‹Žî¶°Ä75¡7=wÞ7^]h8µkÐ¥[˜ÄÕšŸodñº’UÝxw€bˀ^¡¯ò†zS˜¬ŸtUQíáºð•íšó +J5T¶ì(»ÖUn‰ÛQ³±œ ðšóŒÐbÛ(O‹i«£&ê‚Z˘;Ã0ô‚p‹EûÅ€úQÛhÖ9èš-0r²÷ü„*]ñGkÔ,qÛċÒpB«Ä Š¬¢(=“ŽúøÃëRÕ~™žý•uT˱Ìd˜Ü~C:Lµ–Š¯4QÜ:%„t0kšÑBÈH(º¯®ºVœÌÞ)ɛFjŽÌQpԈïÎg̟ÊQ·„+BÑÿ:®ŒWÇ¢'E@ 0±ÐqNbâÙO§‰\³ð"Áג +Ìó)˜Çœs-äÖÍYJ0#¿!šáC‰8wÑéÅ\Ž ñYyøfÊÀœ4 àŒËóÏÿÑÞ,"NBð=`[Möâ +çysX&ÐÓýŸW{D±S©g‰B·ªmvŽ[3œÐÉ + +ՍŽÏÈ +’a°mã +ø²â•ìηuœšu'Õt‡Ëm­‚Œ>óéÉ•á’27YŠàLcEÚzn·“!œCœ#ŸÉÎ2ËÕ°“­tЩ/hÛNWg*3ØÛîûÃÜFœTçnbՀ®O£Šg}ŸŽ£†àpª˜ž +D$#þ+]Ž%,Z. Ýíž^(;&Û4Ô8á¶sÿg~é +2ôüq3Rà +œK®NæÀˆÅ7ªÕ +óÍNÍNðËéA&&|PŽuÁ2>*]ãVŸœÙ +“æ`acU‚¿ÝŠ»÷Yäê-ûÄkÑŒÊy|€ +Æ)L€è‡ßšM”Úzù:'Õhï +>éh#I`Õ:ØÝûÙ孔ݧž¿ +;ÎŒcŸ{g6Œ“s÷€$> +þ +ÚðsU\,Œ}Ïß-XØïqFg‰Œz{¯Éþ@Ȃ„€Û¯þ‘˜E‹9"aAHñƒO›Œ=ˆ„æÌÊZ +HÉu» + +w8‚µ +a4ä ÙO)Åð¬a±1rHM8þÎ +&ÄÛÉÁȇ_?b¯Õ¬/ +/êûÁ_ƒœ ßäŸ"øœíeúÓÿñôCfÿâ‰Áº(Ni£Gƒgþý2_éÿÛzöœendstream +endobj +2899 0 obj << +/Type /Page +/Contents 2900 0 R +/Resources 2898 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2897 0 R +>> endobj +2901 0 obj << +/D [2899 0 R /XYZ 71.731 729.265 null] +>> endobj +2902 0 obj << +/D [2899 0 R /XYZ 119.552 695.392 null] +>> endobj +2903 0 obj << +/D [2899 0 R /XYZ 190.544 695.392 null] +>> endobj +2904 0 obj << +/D [2899 0 R /XYZ 200.398 695.392 null] +>> endobj +2905 0 obj << +/D [2899 0 R /XYZ 274.628 682.441 null] +>> endobj +2906 0 obj << +/D [2899 0 R /XYZ 71.731 654.381 null] +>> endobj +2907 0 obj << +/D [2899 0 R /XYZ 71.731 639.437 null] +>> endobj +2908 0 obj << +/D [2899 0 R /XYZ 232.17 629.938 null] +>> endobj +2909 0 obj << +/D [2899 0 R /XYZ 71.731 580.423 null] +>> endobj +286 0 obj << +/D [2899 0 R /XYZ 336.363 541.051 null] +>> endobj +2910 0 obj << +/D [2899 0 R /XYZ 71.731 520.947 null] +>> endobj +2911 0 obj << +/D [2899 0 R /XYZ 71.731 520.947 null] +>> endobj +2912 0 obj << +/D [2899 0 R /XYZ 341.676 495.223 null] +>> endobj +2913 0 obj << +/D [2899 0 R /XYZ 410.737 495.223 null] +>> endobj +2914 0 obj << +/D [2899 0 R /XYZ 225.264 456.369 null] +>> endobj +2915 0 obj << +/D [2899 0 R /XYZ 290.728 456.369 null] +>> endobj +2916 0 obj << +/D [2899 0 R /XYZ 71.731 428.309 null] +>> endobj +2917 0 obj << +/D [2899 0 R /XYZ 71.731 413.365 null] +>> endobj +2918 0 obj << +/D [2899 0 R /XYZ 201.093 392.209 null] +>> endobj +2759 0 obj << +/D [2899 0 R /XYZ 71.731 364.314 null] +>> endobj +290 0 obj << +/D [2899 0 R /XYZ 288.562 324.941 null] +>> endobj +2919 0 obj << +/D [2899 0 R /XYZ 71.731 302.047 null] +>> endobj +2920 0 obj << +/D [2899 0 R /XYZ 71.731 302.047 null] +>> endobj +2921 0 obj << +/D [2899 0 R /XYZ 466.108 266.162 null] +>> endobj +2922 0 obj << +/D [2899 0 R /XYZ 71.731 218.177 null] +>> endobj +2923 0 obj << +/D [2899 0 R /XYZ 71.731 159.397 null] +>> endobj +2924 0 obj << +/D [2899 0 R /XYZ 178.211 148.603 null] +>> endobj +2925 0 obj << +/D [2899 0 R /XYZ 283.356 148.603 null] +>> endobj +2926 0 obj << +/D [2899 0 R /XYZ 377.392 135.651 null] +>> endobj +2927 0 obj << +/D [2899 0 R /XYZ 157.728 122.7 null] +>> endobj +2928 0 obj << +/D [2899 0 R /XYZ 324.471 122.7 null] +>> endobj +2929 0 obj << +/D [2899 0 R /XYZ 430.553 109.748 null] +>> endobj +2898 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R /F21 781 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2932 0 obj << +/Length 1976 +/Filter /FlateDecode +>> +stream +xڕXYÛ6~ϯð›e`ÅeQG>€Û +[ôBã(Ú<ÐmÑQêfóë;$‡:,oŠ&òJÃáÌ7ß +$ÝðŸnJ’=<Œ„1ÛäÕ«`s†/ï^Q”ðQğÉ|wxuÿ6Ì6ÉâýæpÚ샘$,Þ$û€,Ü +Š¿Œ‡ +o{Ñíü +#öùÐÔAx +º +e +ïeSÛ‡ab)^]vÔ㲟³/ú‹@XYâ睊eßt»‡^œ9ŒÖ²’}øUPdåÏ>šü¡4# +üH‚”ì£Èøs?šî^ +e}߂ñ©'JY²Æøþ?;x¢“`øéYø$3}ABhƒZӓ,K»ðˆÞ +JèlcŸySµCŸó‹È?)Ð=TÊAÁI¹BÈ +•ýkœj-Ž +ßYåӐd5Qe3ô°ŸÜG©F +Ãê,¢hÎ[ +Û#߀Šn +?u·Ž5ñîÚFûZ9„^D–nR@66ÈÆ!ÛøaLbãÀ‡Vˆâ+‘™ûÔEà—ã. +Œd3šòBxÚš$õdm>ìBpà“¬Ïë +“”„Q†zÚβ`œ%i¶G©Nš¡ìÕžƒyrûPò\K +LÎëÞŸj4|ÆÑ]/Ð4^ž€4OšÞR»æ UcžØG!aa +?(‰™ +HÖœ8kÂB\`™ìŸí: +íŸq +5± j²œ97¬œ<8íöŠŒ7×æŸì³¿tÂHfžoßƘ'6¯O‹ 9CÀeŽ‚Êæ0·/.|ÌáÂë³(ˆýë`«ü2Cuz‰ä_4;E×\Ñ +°Ÿæ6dZ#&.ÖŒfê¥3́«;á£W#}GŒøÉ (òþ–·:ÿɺhû®¶°€€%ÚŠ™ž*Xý“&ÐX·]ƒs4Œ2¯iõo¬drVaힳFJ“€ Fþ¯Ÿ€Ê?® +ƒÆŽ + +œ’SÕæXª-s3¡ci³«†¢¢'Wª'vê6<ŽmÓõ˜ó枀ÀO_wûÄòëƒèÚâ¯Þ_Ÿµ«›ÕπPæêði(ËäÖ>F +ËF{uՖ̪Eǜ>7À?ôDhö}6̇žK×6nE!NÆ` 0ÆHaRƓáÀ5FRJír>ÌZÁܓŒ’ˆ¹’p¢€E3ŸævÊhfŒÐØÕ€±ûßB3cÙËh + +ßœùfá­)âœÅënbü_ÿ¹£:3†‰’Ø“ ’†K óÎ4_|mØÕÑmÜp9]µ"—Œ +•å|Ð%nšhSù8$Š¶1‘ +»ÓCSˆ«nT ¥žNô³ +ð3?ZL#kM1k\£À¡u͝`Qÿ^«åˆŒQci†„w®ëÒêߣæŽC¡j +3Å8ˆÜöØ:òr(\ÿA°. Ê‘Ð}“×SŒqý<;G逗Wg,ïäquË]HüâÒŽ¢ë¥3ʍ SŸ + +Àý+Øetèºêæ!Û€Ÿ±¿¶Û«®Žu9±Eô¶?î²Ð»ÓÉ«šS¯³ +åtšK°ž8®ý~¶nMîíÎÀ`Ú€té^ÕQt£†Ç•²n +ØFŒ"ïogÕ8–ÌÌŒð®Ðù¢Æõ?­¶ZLê_}ÖR`ãÈé­íÐS-:œ«Óòn¥åÜ5C», +—úùÊÍýaؒ•˜-Ö³ã;®³C +ò¯æ¥+5Ûk}ŒÁÉè‹ØçэTsŽ-kŒjKá,|ðýGþ +Œj] +̈68ÆÏ2‹©‰¯/.î:±Ò·„f€ºŽèFS‹Yϲ eî4Š'ëþFx +¹ïœahwžë +j¯!Ôàà;3»ò¡‘äL&zAǯL +1IõÏ­žRÊó +Êf¹è*©¯ +tS“ºÉ­wA#gÔE¶³Š@Ÿef܉8é{˜˜Dqˆu›aÕ~óÙ + + ÊÍΠ®ڃœ;hªáXHèpò”ó#ÞkÓpàKŒ\Ž#ð¡ŸÀA̧q|õ0n®‡'4xFÁÃ. +'~Üe*̚\¶‚ƒëb‹2~Ò åFîšb=yÞÅÌÃÈ– + +å8ë­Š±Š”¹I·õ‰"Lõ)ƝZÏ5 ·O<¡AZyº×žŠãšjtÿܬÓäæÑðIH¥ +z + +ÍÏRõp>76LádᆮuªÁµšjÓ ¡úõÅ ª3É\óŽ \·aêÝ@eMãÝÂü +ï;#0 +Ɗ¯ÝˆN"« +QÓ= +õ(bH +ŸpY¹Þé_@–cendstream +endobj +2931 0 obj << +/Type /Page +/Contents 2932 0 R +/Resources 2930 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2897 0 R +>> endobj +2933 0 obj << +/D [2931 0 R /XYZ 71.731 729.265 null] +>> endobj +2934 0 obj << +/D [2931 0 R /XYZ 119.552 708.344 null] +>> endobj +2935 0 obj << +/D [2931 0 R /XYZ 71.731 693.235 null] +>> endobj +2936 0 obj << +/D [2931 0 R /XYZ 71.731 678.291 null] +>> endobj +2937 0 obj << +/D [2931 0 R /XYZ 250.112 668.792 null] +>> endobj +2938 0 obj << +/D [2931 0 R /XYZ 76.712 640.498 null] +>> endobj +2939 0 obj << +/D [2931 0 R /XYZ 71.731 620.573 null] +>> endobj +2940 0 obj << +/D [2931 0 R /XYZ 354.434 608.917 null] +>> endobj +2941 0 obj << +/D [2931 0 R /XYZ 71.731 547.746 null] +>> endobj +2942 0 obj << +/D [2931 0 R /XYZ 289.622 534.795 null] +>> endobj +2943 0 obj << +/D [2931 0 R /XYZ 446.542 534.795 null] +>> endobj +2944 0 obj << +/D [2931 0 R /XYZ 71.731 512.712 null] +>> endobj +2945 0 obj << +/D [2931 0 R /XYZ 71.731 512.712 null] +>> endobj +2946 0 obj << +/D [2931 0 R /XYZ 189.708 501.918 null] +>> endobj +2947 0 obj << +/D [2931 0 R /XYZ 312.014 501.918 null] +>> endobj +2948 0 obj << +/D [2931 0 R /XYZ 119.552 488.966 null] +>> endobj +2949 0 obj << +/D [2931 0 R /XYZ 71.731 467.633 null] +>> endobj +2950 0 obj << +/D [2931 0 R /XYZ 71.731 467.633 null] +>> endobj +2951 0 obj << +/D [2931 0 R /XYZ 214.714 456.09 null] +>> endobj +2952 0 obj << +/D [2931 0 R /XYZ 410.64 456.09 null] +>> endobj +2953 0 obj << +/D [2931 0 R /XYZ 193.444 443.138 null] +>> endobj +2954 0 obj << +/D [2931 0 R /XYZ 258.997 430.187 null] +>> endobj +2955 0 obj << +/D [2931 0 R /XYZ 353.482 430.187 null] +>> endobj +2956 0 obj << +/D [2931 0 R /XYZ 195.376 417.235 null] +>> endobj +2957 0 obj << +/D [2931 0 R /XYZ 71.731 413.833 null] +>> endobj +294 0 obj << +/D [2931 0 R /XYZ 431.577 376.618 null] +>> endobj +2958 0 obj << +/D [2931 0 R /XYZ 71.731 353.501 null] +>> endobj +2959 0 obj << +/D [2931 0 R /XYZ 71.731 282.805 null] +>> endobj +929 0 obj << +/D [2931 0 R /XYZ 71.731 232.742 null] +>> endobj +298 0 obj << +/D [2931 0 R /XYZ 100.394 167.265 null] +>> endobj +2960 0 obj << +/D [2931 0 R /XYZ 71.731 143.776 null] +>> endobj +2961 0 obj << +/D [2931 0 R /XYZ 409.472 134.388 null] +>> endobj +2962 0 obj << +/D [2931 0 R /XYZ 119.552 121.437 null] +>> endobj +2930 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2965 0 obj << +/Length 1652 +/Filter /FlateDecode +>> +stream +xڕXÝoœ8Ï_±RŽ=æ〞ԫ®§VêUºìË©ío•5+ +Ióßߌ=v¡¹Fy€µÇãùÍçðM|“r–Fðs&bS +¯‚Í=ìüuÅIÂ'&óÇîêæ]˜or–'Ñf·ßDAÂR‘lÒ(d™7»ê³÷öPœzÙmýPž`öù¶U_‚ Œº-^Ñ×­²_Â0µoº8 +¶Ü+jumúƒ$8ÙÐû±UußvÛ¯»WîFkEÈY>‹‡D–xÒ ç9€# +2űÁ³Ûf×ÚÛ%Zÿœl†ŠÌÑÃ]Uw²“j©íÚ +0zíÑþ(ìà =máŸSS”r„JòƒªœïFü§¶©KŒù aŸG Ì°8ˆhëû{Ÿ‰ROŸižÁ‹ñŒdëþ@6R,jUÕÛPxu5æøƏ„e)ž‡,§”¡Óc+yršÚýÒÂ4fyê.õùÒ* +°4ËIàK -åe|Ã0‚Û$¹`Q +®Æ—Dü™Ì"ŸjðÂ[ˆËE°˜‰ÅÝiÂ8žøÙËIæùÛ/áõ¿`ÎÈ)|“l‚²>–€ š†§ý»íåoVRs” +Á耓û øÔœIÄ4ƒxÚga.·~@*™µc±~ni¹­êœYÍ) +pŸVmEÛu¯e³·ïŚ™javeÔ¢O²¬!»HŽ*ÛHœÍ9BäsÎa±ÚŠÒšÖíÙ# Ö” ÃÐZ›í÷dßÓ6¡Áþx4-Iõ€ž\PBJsO–(ùÍù‡ÌŸÃÅ¡?ó®¹WâÆã +ÛχÂd> +ƒt êB +€ŠÛŠ žRšod_.³X”€S1ñkªchçY“SS³]šjÅ +MøQ"|º=’ÃÛýE¬ši‡Õt>ºò^öSZ¡„¬®W.ևvhHÏ å™ÃŽì‡“}mêoxj, +É?9K!ŠOd{÷çdQ}RÍÓWã +à,ιÙ|u¶f– .¯_Ÿ•¶kŸßô}Wß +œÔ_—Ê^­jñˆ-žHÛ·NjP-èAÚÓìŸìûŸ +IÒÙwãt|™F‰•©Ú ü) xêEHÍdÁ©ò2 Ò +K‚ å¥Õ& × +ŽFéË`܀Û恕­Ú3]<ȕó\Ÿé²h€ªŠîG·˜^ÌSrašqšBJmüx&â!QNl¢€%8õ›Šò‡BágÎŒ•ý;H#œÛrèÁGùÚ +bj˜°BîÜúP4ƒ\úÕ'¡¹ú7 +@WàŒÉúfÎîV܇“ðšÁ:QòkU_ÜùØ×8Ž+ +vWƒƒŒ\í#Ú·ˆö–Î~Rk€yY + +”%îž%h'hï°sxwXµoß6M‹Žxԍ{GúÑ +#É +>Ci#ŠD‘ªÇ&p=¡'µè""ã +øPqçL j\SªU cBFó¢¢¢$›ÅŸ©u¿RŠ> endobj +2970 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [223.85 693.235 276.153 702.147] +/Subtype /Link +/A << /S /GoTo /D (0:RECDEP) >> +>> endobj +2966 0 obj << +/D [2964 0 R /XYZ 71.731 729.265 null] +>> endobj +2967 0 obj << +/D [2964 0 R /XYZ 71.731 718.306 null] +>> endobj +2968 0 obj << +/D [2964 0 R /XYZ 406.105 708.344 null] +>> endobj +2969 0 obj << +/D [2964 0 R /XYZ 194.53 695.392 null] +>> endobj +2971 0 obj << +/D [2964 0 R /XYZ 71.731 693.235 null] +>> endobj +2972 0 obj << +/D [2964 0 R /XYZ 71.731 678.291 null] +>> endobj +2973 0 obj << +/D [2964 0 R /XYZ 491.994 657.136 null] +>> endobj +2974 0 obj << +/D [2964 0 R /XYZ 71.731 638.503 null] +>> endobj +2975 0 obj << +/D [2964 0 R /XYZ 71.731 628.541 null] +>> endobj +930 0 obj << +/D [2964 0 R /XYZ 71.731 402.68 null] +>> endobj +302 0 obj << +/D [2964 0 R /XYZ 253.971 357.426 null] +>> endobj +2976 0 obj << +/D [2964 0 R /XYZ 71.731 333.67 null] +>> endobj +2977 0 obj << +/D [2964 0 R /XYZ 145.006 324.549 null] +>> endobj +2978 0 obj << +/D [2964 0 R /XYZ 71.731 291.573 null] +>> endobj +2979 0 obj << +/D [2964 0 R /XYZ 71.731 291.573 null] +>> endobj +2980 0 obj << +/D [2964 0 R /XYZ 200.866 278.721 null] +>> endobj +2981 0 obj << +/D [2964 0 R /XYZ 71.731 258.616 null] +>> endobj +2982 0 obj << +/D [2964 0 R /XYZ 71.731 223.762 null] +>> endobj +2983 0 obj << +/D [2964 0 R /XYZ 71.731 223.762 null] +>> endobj +2984 0 obj << +/D [2964 0 R /XYZ 224.307 212.967 null] +>> endobj +2985 0 obj << +/D [2964 0 R /XYZ 71.731 192.863 null] +>> endobj +2986 0 obj << +/D [2964 0 R /XYZ 487.866 180.091 null] +>> endobj +2987 0 obj << +/D [2964 0 R /XYZ 201.492 167.139 null] +>> endobj +2988 0 obj << +/D [2964 0 R /XYZ 396.536 167.139 null] +>> endobj +2989 0 obj << +/D [2964 0 R /XYZ 71.731 152.031 null] +>> endobj +2990 0 obj << +/D [2964 0 R /XYZ 71.731 137.087 null] +>> endobj +2963 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2993 0 obj << +/Length 1254 +/Filter /FlateDecode +>> +stream +xÚ­XQo€6~ϯà +N)ëÅcˆ”‡6—k¯j©ÙSzUEÀÉZaa +lÓô×wŒm0ìæªS€Ø +ã™ñ|ŸÇ3`LJ?ì0ŒXI‰š“í.|ç ÞüpµÄJ‹¬2ßo.ÖIâ$(‰góè~„ +Sâlòßݛmºoyí­õ]ŠÔxS•_|Ÿ< +jS7mEUª_ajÖ€»­‡ÝT”—êA»åZVzŸ«JÑVµ÷Ç構ÛMï-%ää~Žˆœìàa$7„q‚(l$Šb”0Ümˆ¢a¹»ŸQ>©iª††gU™ëyæaßÝòü œ +ƒå;+&uZ?=ª +œV5y‘kӲ՛¯Ô˜myö¬T톁XñFý®Sˆ•ŽxõØrÁ—­0qË+å8LSÉZ¿ã“`Y#ïšeàž³7 +öõš9û=ò(Gq8rà¶ÌŠªÑaN‹BÃ$jž¿ïCTOC˜|5n¢ +ÁþþþæÇÛŸŸýsó›dܝzŒšAò݂ôCQõ +x–/À÷Jq +N +žH'ßW8BQw*‡ïz“ET +ˆÀõºs-ÿ2ŸÞ{+`{œÎÓי%ï,³,ò}øá + +Y€Eβȶ÷Ùöm + +øÀe.( +4ÔÕ^&ØTsªÏPr‘ͪƒÉ +öQlLŽ¡~#v¢HëqFú9åFâsŸ©Lw9Id™qCæ‰=ÏÄã«a Í°B4­I\Am +`M© \J£–7 +*—V×j1¥C>Rä +JäbcŠèd=žÙ€!Jbæ¬"Xá+c¿J·ì4E¢„8A˜ +·É,ÁŽÌj 4ðX‘4‰‘e.`(ŒÃ9sËüÒkN›Ÿ(–æ¿3‰IÝÁáYŸ®^D·Ò°›KíU¿}e'™5Ì +Ð.pkãÅZI +ã +`„ãøL܏BËq×2rãd97Äý”ù‰âQÜeœQð +äùT®¡6Á2 +yzŸ &U»]@çî˜xòÑÙÆKg³G󞉺«SÈ¿2wÝŽ€šù_àZŸX +õ÷äN42fë4ύø(np +ÚYhÀc·Eª‘˜¡Öœ€Ú@h‘jFF©6cî<ÕNšŸ( +QÍ:ÌÕ¡mDÎ'Õøû{€ê\U 9÷f~œ<#²>Ê"ø«¡ +£3 c ŽŒ¢–‘þ†Ë(Úæހâ)óŧQå,ˆ7ºoâÿ9÷]/Qé‹‚ÅÁŽ»yáÂe4€F +º2],Ã݀}‚öO€ +øÎø¥ztØçBúŸ]"€Q÷b™G|÷Y6?VC2ƒiUN0Օ•Ç@Y5¡(€¡® +~ÐíY*¡ÇŒilÊ +¢otMyÓCõ-±i‡!C«TµXQeÛªï +xûÂyi@>†eb‚“>€ +WÚ +6 +`2ÂËP«jµy“Q;Ð'z{WMEðäQÙº›b®·®z(òzÆ«ŽÒ +Â؝ü$q±ŸHPè +ʌ–Ž<áÂ×ÛÒ%£endstream +endobj +2992 0 obj << +/Type /Page +/Contents 2993 0 R +/Resources 2991 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2897 0 R +>> endobj +2994 0 obj << +/D [2992 0 R /XYZ 71.731 729.265 null] +>> endobj +2995 0 obj << +/D [2992 0 R /XYZ 71.731 741.22 null] +>> endobj +2996 0 obj << +/D [2992 0 R /XYZ 76.712 708.344 null] +>> endobj +306 0 obj << +/D [2992 0 R /XYZ 331.5 668.971 null] +>> endobj +2997 0 obj << +/D [2992 0 R /XYZ 71.731 645.854 null] +>> endobj +2998 0 obj << +/D [2992 0 R /XYZ 71.731 601.061 null] +>> endobj +2999 0 obj << +/D [2992 0 R /XYZ 71.731 601.061 null] +>> endobj +3000 0 obj << +/D [2992 0 R /XYZ 71.731 599.816 null] +>> endobj +3001 0 obj << +/D [2992 0 R /XYZ 129.514 582.795 null] +>> endobj +3002 0 obj << +/D [2992 0 R /XYZ 71.731 563.681 null] +>> endobj +3003 0 obj << +/D [2992 0 R /XYZ 71.731 518.237 null] +>> endobj +3004 0 obj << +/D [2992 0 R /XYZ 129.514 500.304 null] +>> endobj +3005 0 obj << +/D [2992 0 R /XYZ 71.731 465.644 null] +>> endobj +3006 0 obj << +/D [2992 0 R /XYZ 71.731 465.644 null] +>> endobj +3007 0 obj << +/D [2992 0 R /XYZ 234.539 454.476 null] +>> endobj +3008 0 obj << +/D [2992 0 R /XYZ 71.731 402.421 null] +>> endobj +3009 0 obj << +/D [2992 0 R /XYZ 71.731 402.421 null] +>> endobj +3010 0 obj << +/D [2992 0 R /XYZ 71.731 369.425 null] +>> endobj +3011 0 obj << +/D [2992 0 R /XYZ 71.731 369.425 null] +>> endobj +3012 0 obj << +/D [2992 0 R /XYZ 71.731 368.179 null] +>> endobj +3013 0 obj << +/D [2992 0 R /XYZ 137.484 349.121 null] +>> endobj +3014 0 obj << +/D [2992 0 R /XYZ 71.731 346.964 null] +>> endobj +3015 0 obj << +/D [2992 0 R /XYZ 137.484 331.188 null] +>> endobj +3016 0 obj << +/D [2992 0 R /XYZ 71.731 303.502 null] +>> endobj +3017 0 obj << +/D [2992 0 R /XYZ 137.484 287.352 null] +>> endobj +3018 0 obj << +/D [2992 0 R /XYZ 71.731 274.301 null] +>> endobj +3019 0 obj << +/D [2992 0 R /XYZ 137.484 256.468 null] +>> endobj +931 0 obj << +/D [2992 0 R /XYZ 71.731 214.376 null] +>> endobj +310 0 obj << +/D [2992 0 R /XYZ 377.353 169.122 null] +>> endobj +3020 0 obj << +/D [2992 0 R /XYZ 71.731 145.366 null] +>> endobj +3021 0 obj << +/D [2992 0 R /XYZ 145.006 136.245 null] +>> endobj +2991 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3024 0 obj << +/Length 1712 +/Filter /FlateDecode +>> +stream +xڍXێÛ6}߯ð[m`%‹²n.ЇvsÁ-4ÎSSŽDÛÄJ¢!R»Ù ß¡È¡®N +?˜’y™3sæÌÐdÀ‡¬Râ§;ø +÷~˜Ä«Œº +Vgøåý +±3<;ÅÌùíp·}îW{ŸìV‡Ój$~'«túY +®Åßë‡ +œ*ÖlŒ0Ö±oŸDý9ÂsÛlHŒŠŠ‹Úüð9 +S3’ŽºlȚòúÞŒPfçÀÊҎ+Qs%šÍ?‡ßïÞ +œµqHü]ø]š1‡Ç@„þ>&ÝO%ڐ`Í~6[ +¹> $šìÀtc›§æ”ŠR? hG£eö€AŽ +UXæ’8æF#æŸ\˜ ºeL/ʎ§¬ÎEk‚¹ +ÐÅ×*öÅö­Ȋ€~H⎳@ì +ÞxQâÇÝÁ1V¥ÙúСƒ|K~®©jû0 +ꙇqã.’nëCﮡ¯†õ PÓ +Œï6’> + ’íÆYû +@6òáhƒQ°“$mKe£î2éZÒÜžÞÏN÷Hû¡.Âo[ÙlK‘ÓrûLaďۮtz]í\PÔ(ÑOnÛ +N‰턉‘ú ¥Sõ#§õ˜Z¹+í†*§Wë)@`ÍrNñŠÁ¹€# +8²±ãcâ +yM‘÷]XÁRfµà&²@"³Œmž²SF¥š¥W㜊ÕBM’Ðy°ñù„™@z!â«öêëXƒuÖZ€ðc\è^°¬ðD]Ú-€”\§:V1­K/ +-H-ÔDIœŠ" + +ï\ó¯‹Ý•Éã\WwÝ€¡·O®£ãJŽÀR¬dƒŠž„D£yÎ +P'W†ušUšYHºŠ–<碵‡^¡lin-óc€L=~͹V&(g¹íáæqY ÒW*Ú(Œ¬K+®9Bòà*Fó‹93)ý±ÎyÐÛ®=ßHôԕiìÆ¿h®avµ~kQßcÜ»šÎÉ€¿žÊü<à€ëJíႁšææà +çUHÉgdԌCWÎ~ð⑩†– ¢Š×特ÚHxûkÎÞ֜ìù̎ðF-V¡W©XeÆ'=¿#2<|üôøfûñýãóØégòåÉJÜ&ƒÆZié¬.–6íõ*ëßSw(ø€ï[ÄUgÝý­‹Â@›‡óçÍi0ª›þ6Ü×2ì¶> endobj +3025 0 obj << +/D [3023 0 R /XYZ 71.731 729.265 null] +>> endobj +3026 0 obj << +/D [3023 0 R /XYZ 71.731 718.306 null] +>> endobj +3027 0 obj << +/D [3023 0 R /XYZ 71.731 718.306 null] +>> endobj +3028 0 obj << +/D [3023 0 R /XYZ 187.406 708.344 null] +>> endobj +3029 0 obj << +/D [3023 0 R /XYZ 417.283 675.467 null] +>> endobj +3030 0 obj << +/D [3023 0 R /XYZ 435.733 675.467 null] +>> endobj +3031 0 obj << +/D [3023 0 R /XYZ 478.622 675.467 null] +>> endobj +3032 0 obj << +/D [3023 0 R /XYZ 139.656 662.516 null] +>> endobj +3033 0 obj << +/D [3023 0 R /XYZ 187.257 662.516 null] +>> endobj +3034 0 obj << +/D [3023 0 R /XYZ 71.731 642.411 null] +>> endobj +3035 0 obj << +/D [3023 0 R /XYZ 334.424 629.639 null] +>> endobj +3036 0 obj << +/D [3023 0 R /XYZ 242.42 616.687 null] +>> endobj +3037 0 obj << +/D [3023 0 R /XYZ 160.368 603.736 null] +>> endobj +1018 0 obj << +/D [3023 0 R /XYZ 71.731 602.391 null] +>> endobj +314 0 obj << +/D [3023 0 R /XYZ 327.188 557.236 null] +>> endobj +3038 0 obj << +/D [3023 0 R /XYZ 71.731 533.481 null] +>> endobj +3039 0 obj << +/D [3023 0 R /XYZ 227.735 524.36 null] +>> endobj +3040 0 obj << +/D [3023 0 R /XYZ 119.552 511.408 null] +>> endobj +3041 0 obj << +/D [3023 0 R /XYZ 71.731 476.748 null] +>> endobj +3042 0 obj << +/D [3023 0 R /XYZ 71.731 417.595 null] +>> endobj +3043 0 obj << +/D [3023 0 R /XYZ 71.731 417.595 null] +>> endobj +3044 0 obj << +/D [3023 0 R /XYZ 480.464 406.8 null] +>> endobj +1019 0 obj << +/D [3023 0 R /XYZ 71.731 377.495 null] +>> endobj +318 0 obj << +/D [3023 0 R /XYZ 497.739 334.398 null] +>> endobj +3045 0 obj << +/D [3023 0 R /XYZ 71.731 310.642 null] +>> endobj +3046 0 obj << +/D [3023 0 R /XYZ 71.731 279.439 null] +>> endobj +3047 0 obj << +/D [3023 0 R /XYZ 71.731 279.439 null] +>> endobj +3048 0 obj << +/D [3023 0 R /XYZ 71.731 246.697 null] +>> endobj +3049 0 obj << +/D [3023 0 R /XYZ 71.731 149.302 null] +>> endobj +3022 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3052 0 obj << +/Length 2281 +/Filter /FlateDecode +>> +stream +xÚ¥Y[ÛÆ~÷¯Ð›%`5âðÎ-úàÚÞ`‹Šn²Ú‡ )Š9”“ + +o”_ß33g†×Ý) +˜y8çöëҍÿè&¢$òàâ&Ä +ƒMZœs6gxóÝ;Š{$ُhþv|wxp“MB’ÐÛ +óç„$ +ÂMä¹$ÜÍ1ûyûñ® +ov{7p¶Ñ׏¢þÅqÜsßìh°e]!jýâ׍ô]˪ˎnYQßéÝ +# +|Yâ}%ê¢ÍîßÇ¿¿û|ŽÒ.%žûŠ>H²Ô'ô¡4!è91ñ|_éóӎRg+zÍ?e(xÅꞕåMÿâR­ßÒ²ÏPNЏnñ>+ž‚Ð7£NàŽ +ߝx)vn°}§ô/Fñ¢E›\D_f†R_û–g†‡aŸ +Ž·8µiœ$Ÿ6âTòª•ö3ì©Kô“ƒ“3¹×”‡šw‡R€¬Œˆ¶³Jšë“(¥g#Ö~æ Öw¢}mÝþR”%š©h#œ¥o„èVMÓœÀ(åˆ6•›*¹ßO%}€5E¿†S,Ōþnö8|‡Ôy»Ä\{k;^éû¢6l$c?©j +T2pjiœÄðÀ>_sÂúÑSWÐíªÆYtq‘("’àšnbÀušp +wƒÍÞ +IšøþStü^ÓÌ-ߑ#iŽÊ]QŒ}z~ü€ïÒ +Ow®³ýª*<Àõ›D°ôœç(C£ÇÃ}Ãwðð·+¯ÛB“íš/¥•ïžÛ¢>ëÛ÷u‘ò÷úŸb»á ZAn.ŒŒîŒ`{‡Œs}팔ÿõ<•êE¥š¢³Œ+*ŒCžèõœÔqŒFÇ +óý£,ª¢› +T +–Ý͞i¹JH`š+®žÊ4‰Ê°‰!¢%ëoEƳ{‹(ð«›tåcº’q•—ƒ<ŸP/@/·àÓ¬š/ÀàÅ$c$Ón”ÿñŽÇô-ÅBýdžè·Ù`0㇢»¬@’z$v<þ©/²\O)˜t«Åú+ŠÀ—N$?L(¡aò¿H +’ísìäû1Ú+úSö9UâeÉ×# +õX©nœ°€Mèš +®íRó0"žgTʯí’9€ÔG +ãŸÀ/îo•Æ=W•ŽáŠå©š3›AÀJq@dÖ¡ëCk£#sþ¶†¢Ž®o(ž€E“äŗj +> o¢ÆÐM~4vžº¹ä;Ä WyþTð2[š;‚žÆ5ÆŒñ5sƒ\±k1Š3ÀÅæY4î ïºÆq²I™”2²Ia2•J¿«„‚·z­L +ÏnR^ýšèZ+»<ê4 +ÕH*VŸMnXäkf«‰d1ÖRûlÆcñ1ŸX|êOŠgL[õÝ ‹B9 ×¢áQ7œT¡d/—h +Äãþÿ‹Võ`µXA/ý,Æ~o¯<-òÛÄÒSSÓŽs`Ž}šòVõlŸgV€±@‚Âé^ +­Ùêc + ™Òóuț^4€jæJր$„â)?ô¬a54m£æóðôé@MéҏF7GŠYGÑP§ä“ëë7)oZ;wRG‡3Þ\E +âo‹“ ñj~£Ñ—ú +ñMwô+­B-øB8?„Úc*7ȁG«‘zvì@92ށA!UoÍxFe˜“q¶>îbÝrêáÐÔn˜dýh29 +såPCáÇÍ̶Uo?)Fc~Hjfa¬5Žuž?2KSvàÍBåëàÕ9၊ãzk‚LNè‘7¯ž“ + +©3®žR«VsW;›5­* °sãÉfk¬vµºþ:†á|J|z +^÷[£°™þr;[‰ŠfV¿Ö §–(c²6ÀÐÝÚ±_'e$ZÎÅï.Ù¶Œ”ÈÉì`¹ðS­t`#7}§{‘­øÀ£ÄM6œl3jœA„\á°sîÝSªgù|Ç!ñЫ·–?CGå:Ã`âF;‹óÙšŽmATt|C{™°äÊo +JcÌ博fN×K˜NXü(mRé ]•œy6šf¯ªh[ +ó×¹ia›;áöý’‘„_Y4­z}Š6†t­Eΰ¥ +ƒ!ëòu˜ÍVz +éßà +ÓÄõéóÇç +ÿóéÃñÏ_Ÿ +D +);çWÊ) + +èփ)r>ÛPŸî‹e +8]ÌvNMŽ!ˆõBfeV.JκáÖ!€P˜±J©lØ +ãÔ¢ÎES²=;‰ŸÓ +_CÆÄëR|³EÕ)VµûŠÉ'D™V‡ +Qo‡\ˆ•ô‰ÝÿcÛÈ +S³ +¢­)~çεô@0%þ!І@®çM„ìf +Ԇ¯xÍæå5Šm]‡V—Ã7Ö +ÊâtÀÖIaL"¬a¯bÌ#Ô5UNr×*G + Ýi_Å T\L™7 +/˜8±‘ŒO$,VZE8žqÒÝ|~Zâ©ïcnQHŒÐ{Kû?ˆ0©}0]cÍ Œ« +—„ÎŽŸÒð^zÄW–{~‹ÝñÎnü7 +üƒ”“˜FoþÉj YüÅ*€‰Bߎ$jú_ùkҒÓÂp7endstream +endobj +3051 0 obj << +/Type /Page +/Contents 3052 0 R +/Resources 3050 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3090 0 R +>> endobj +3053 0 obj << +/D [3051 0 R /XYZ 71.731 729.265 null] +>> endobj +3054 0 obj << +/D [3051 0 R /XYZ 71.731 718.306 null] +>> endobj +3055 0 obj << +/D [3051 0 R /XYZ 71.731 667.333 null] +>> endobj +3056 0 obj << +/D [3051 0 R /XYZ 71.731 652.389 null] +>> endobj +3057 0 obj << +/D [3051 0 R /XYZ 71.731 624.257 null] +>> endobj +3058 0 obj << +/D [3051 0 R /XYZ 173.612 614.595 null] +>> endobj +3059 0 obj << +/D [3051 0 R /XYZ 325.989 614.595 null] +>> endobj +3060 0 obj << +/D [3051 0 R /XYZ 417.158 614.595 null] +>> endobj +3061 0 obj << +/D [3051 0 R /XYZ 71.731 609.453 null] +>> endobj +3062 0 obj << +/D [3051 0 R /XYZ 173.612 597.958 null] +>> endobj +3063 0 obj << +/D [3051 0 R /XYZ 240.316 597.958 null] +>> endobj +3064 0 obj << +/D [3051 0 R /XYZ 307.653 597.958 null] +>> endobj +3065 0 obj << +/D [3051 0 R /XYZ 71.731 591.089 null] +>> endobj +3066 0 obj << +/D [3051 0 R /XYZ 233.676 581.32 null] +>> endobj +3067 0 obj << +/D [3051 0 R /XYZ 378.338 581.32 null] +>> endobj +3068 0 obj << +/D [3051 0 R /XYZ 451.162 581.32 null] +>> endobj +3069 0 obj << +/D [3051 0 R /XYZ 405.646 569.664 null] +>> endobj +3070 0 obj << +/D [3051 0 R /XYZ 139.477 558.007 null] +>> endobj +3071 0 obj << +/D [3051 0 R /XYZ 71.731 551.139 null] +>> endobj +3072 0 obj << +/D [3051 0 R /XYZ 278.077 518.057 null] +>> endobj +3073 0 obj << +/D [3051 0 R /XYZ 76.712 488.468 null] +>> endobj +322 0 obj << +/D [3051 0 R /XYZ 345.185 449.096 null] +>> endobj +3074 0 obj << +/D [3051 0 R /XYZ 71.731 428.425 null] +>> endobj +3075 0 obj << +/D [3051 0 R /XYZ 263.032 416.219 null] +>> endobj +3076 0 obj << +/D [3051 0 R /XYZ 446.921 416.219 null] +>> endobj +3077 0 obj << +/D [3051 0 R /XYZ 280.905 403.268 null] +>> endobj +3078 0 obj << +/D [3051 0 R /XYZ 402.278 403.268 null] +>> endobj +3079 0 obj << +/D [3051 0 R /XYZ 196.751 377.365 null] +>> endobj +3080 0 obj << +/D [3051 0 R /XYZ 71.731 342.331 null] +>> endobj +3081 0 obj << +/D [3051 0 R /XYZ 119.552 318.585 null] +>> endobj +3082 0 obj << +/D [3051 0 R /XYZ 254.205 318.585 null] +>> endobj +3083 0 obj << +/D [3051 0 R /XYZ 119.552 279.731 null] +>> endobj +3084 0 obj << +/D [3051 0 R /XYZ 399.011 266.78 null] +>> endobj +3085 0 obj << +/D [3051 0 R /XYZ 340.053 253.828 null] +>> endobj +3086 0 obj << +/D [3051 0 R /XYZ 169.633 240.877 null] +>> endobj +3087 0 obj << +/D [3051 0 R /XYZ 289.035 240.877 null] +>> endobj +3088 0 obj << +/D [3051 0 R /XYZ 144.179 227.925 null] +>> endobj +3089 0 obj << +/D [3051 0 R /XYZ 71.731 227.217 null] +>> endobj +3050 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F55 1335 0 R /F34 797 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3093 0 obj << +/Length 1534 +/Filter /FlateDecode +>> +stream +xÚ¥X[oÛ6~÷¯°iˆi‘ºð€¬IŠ-Š6-Y¢-¶º€º$ó~ýo²,K +Ú!HJ‡çòï +Ò† +Ø0 + +H„ˆïI±°=Œy¹ÀJb©D–™?6‹Õ +‰ŒEŸclv†cû(ð|#p +=blÒOæ‹,~lim-‰g› +’㋪ülÛdßÕöÌžeU)_|&$³&.2 +›1+¯äƒ6£Jvæj^T%k«Úú²yµžÝôÞz#‡\ŒÇñÀmâKLPäa.ó}ñé‹m€ û +þ¿Âÿó‚K;ÄFvàE‘cÔÔØ- +ïzU6èp]úî%%r³ž +? + íðÅ° 9®Ï&‘ƒ0`íG +ƒP|m +¶ùçíµÙæ†#±ºs]#„€ˆ= d% + dŒŒ‹Moh›Ui ¡iË!.S9!rxfy.g[‹ØæAÎSº³ +ی»Œ•ÊJMjZT<OñL*Ÿµ™µÄzyZÂ{¶ge¬4«\ÂÓ«©NkŽ0X‚Ä×J›TЕIÜR +©À +#ß +DTm%åþá +i­V +“ëQ”Sî6 +KW͞)‘Ǻzä¶]`4|’oïwrρa¥Nµë-k%ZŒs€2«i»ÇàS5‘pª²a)­Ç8m©Šg€q|äa¢Jãrüë&Âr ò¡íH¹+‘uP!ì'€niẁ2Û¯àrŸïöÔé®ÌYù§@»\ÄÖ1¶ŸR·ƒôöª¡áN +îCQÕt`õœ«YÜhph©; +êûfL8Çp˜ŸQá +³¹ +†C"“;p¬œvTÎb +󰠎^È"”~€h|Tž€œƱíþlw0°xº”‚?  +Îœƒæ6y` +!NYê$ô +‘Á‰§0: +²ñ ‚ƒãq +äu 3žÉàP݉RIXÎڃ|¢ß$œJ‘O7’µŠNgi`pÀ„O±"ûI‹8÷Æõxo¢ +ð¯¿T»Ñ 6Œ`©šó‡­Äw 5.ŽÈ2·ñIûóíËŸ±–ŸÍQhÙo¢bõÙöl[NwŒmðIó̋‰µI&ZTív ‰'Žö&¯¹^ºÆó–Y ÕóÄû>_miû,(Í¢7q-ÍÑ-ŠÞrU™6Wr‡µ<šù" ¶}æW0ŽÙ»w¯Œ¯¹%`;D=ëh“d4írNá +߯À†±iãß +“LÎJ¶ÏÚK=(œk¹›Xnüu4ÌFÓ +B +,ý„j”žh-NtÎpaCéž;ÐFPɁB +pò&©e–!Q­C +Ž‰P5˹.Í;žÂÐœh^Ë\4?VÄÍÿޓaI !ysšQ{è²NjIõy. +xGæ“">èIÙÉ‘H?Wðw’w©JDUª‰>‹—(q+·®W¥PÔ®ò*‰ó¬jÚI̺™³‚µÚUÏ,§Š%âÊÇ §jé’GwÍºÏ< ã +*©ŒyµkŒæÜ}U0-+4+s–šiŒki=.îã|PœOAºVwª3ÙÙýÇK›î +-d„<}øp³zxy3„ì¿›I¯XÜ:îø®uYý?çäï—yãªÝ,å o¡£ +î«kXÕU1n‡Š¥šw +ŸáWÓ§±€ŒÂô*XÓ@á7³Š9Ž +“Ão&ÍÞ¬žáÓl)©JqLßÇyו8ã€cƒÐF[:ݍu|Òyonï®?ŒÞüusœ¹~ÿöíf +†Õ¡ýCÊxNž0ÒZÄ-1˜ù`rné_ûRŒàendstream +endobj +3092 0 obj << +/Type /Page +/Contents 3093 0 R +/Resources 3091 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3090 0 R +/Annots [ 3105 0 R ] +>> endobj +3105 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [280.946 368.431 350.884 375.572] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +3094 0 obj << +/D [3092 0 R /XYZ 71.731 729.265 null] +>> endobj +3095 0 obj << +/D [3092 0 R /XYZ 166.376 677.774 null] +>> endobj +3096 0 obj << +/D [3092 0 R /XYZ 166.376 631.328 null] +>> endobj +3097 0 obj << +/D [3092 0 R /XYZ 292.012 631.328 null] +>> endobj +3098 0 obj << +/D [3092 0 R /XYZ 166.376 610.309 null] +>> endobj +3099 0 obj << +/D [3092 0 R /XYZ 402.888 599.746 null] +>> endobj +3100 0 obj << +/D [3092 0 R /XYZ 71.731 558.249 null] +>> endobj +326 0 obj << +/D [3092 0 R /XYZ 253.472 525.853 null] +>> endobj +3101 0 obj << +/D [3092 0 R /XYZ 71.731 502.736 null] +>> endobj +3102 0 obj << +/D [3092 0 R /XYZ 249.513 492.977 null] +>> endobj +3103 0 obj << +/D [3092 0 R /XYZ 71.731 470.894 null] +>> endobj +3104 0 obj << +/D [3092 0 R /XYZ 71.731 460.932 null] +>> endobj +3091 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F55 1335 0 R /F51 1285 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3108 0 obj << +/Length 2174 +/Filter /FlateDecode +>> +stream +xڝYiÜ6ý>¿¢?vG”D +vMâì: blfv‹$4»[i]%·ûߧH%꘶c]<ªŠ¯Þ+²éÎ +tQùpñâ +l—Uîî_þù@± +ƒM +«ÍWϏßzÉ.!Iè;ß +IÄÂ]ä{$fÞî9ÿyÿõ9m{Þ + +¹{FôõëŠþÅuœÓÐ +(Û§}ÑÔúÃ/žé;‘VçݧEýF¿èÏ +Û@Ïï«Š.úŠ;üúüÝûçÑZæQâ{wýÁ&kèŽFÄ£L:„N‡Œ’8ŠÊFš+œˆâý7ŒçY_Ô'ýøœô +w5/õswðÜ}Óô—¢Ò@;šbD$†¹ +ª(TC?Ÿ +¡ÝjÚ)$æ]6t +¯ûò†ñZOÛt=ϱSmŸ +Œ÷E=|Âø]Ô +̓çÚ\á + +ñˆií‘`ŒOëÜŒ +É'3ZF|ŠCéÄÕ¡ +Ipá«4;5ËAFãŸí8ÿêéxXTæö\XÎ,ÁCó{o6>0èNó|hy=60õf†kџgfëõuóI,G6.”¢Yx/]×@”XÕ“%iPK؎E1I‰Ž? +~þÕÝå€Êïàïwø»>ȶŸç7b; +íü]ÇwLJ§‡¥QH˜ëÝC÷Åv«! +cŒŸIÇ3àÄB‰N/ñ‰ +pe¡K +Tdþw ]-¯à +;p(T + „!<@SÂ0WÞ÷:„åµÎq†¯ûF_S!†Šã»sŠ_óB€/2 +Ê1Ãó-ô¡Z؂ +V€Óe“æØ +GŒÈM@û17«&J.Æõ§`{€ln»Ff5Zœž€€Doځ”Ꟛ>3v!9*C^£{!S +Ic“¶¢˜lÂ"Ç9ÞLXøÌVM›Ó,R}ó˜s™—ŠW&ÒúzU\P–+šQB‚Ö}Ç_ęOcâÆ@°ºÝ_œX—‰E՝RšP=pàçǚO1Cçç ž‘CšG„4+Ê¢¿ +B¶Ç,¿5ƒŸ©¹¢ + § +ɚª-Œô(þ˜+“Ší·:;ü`²ÎEž×#™¥ñ +{;Ž +Ò¹dgž]þŠalJ1 ++±“ƒ<¶i~ì›Ç§°fEªŽ]‹ +u’ž +»HTŠ`qšÖ鵎G!—Ã`&N_bô–1aµ +@Þ~Dž•Š(Â:c[;TꙐiÚ §˜> ‚‡¿ ʛ؀ë‚Bš(šŠË +ãB¹/×úŽœâà-x˜µ1*z +µN+>©Ҟ–{$Ò#œ)ê‰×ŒKG‰Œžyý£”£`nŸÔbˆA +iiªIxðdŠ)–“@e†wy!ÉŒètØ7cu+“Öb+£Íɉ¬8&Áú +”Që5ʼn“d– +émË;9Œmy§‹R›.$$jðËÄ _’C–Ö#±l$€\!ÿTÏÿŽy:U˜Ú©;* o×2 +'„F1N«’ZCòÈEЕ T£.ȕ"«µ +g@éš¹T–ëŠÈá 7UÝÊhD‰¡JKŒ&²@“åÓÇ +1>3W—m +îhž­Äižw\.Š‚óåðŠÄ±ZŽ$-ä}J«Öšé‹`^62=¯$ðŸ`v×Bðeh·4U²›|Aù,JüP7œ¥š®°  +nUÓmi·rö8iQ›˜ó\̃x©µÙ +g«õC1¹¯ª£#VK)Sš—ߧ’Fòµ™ó5¯5+«/ÿv`Ûì +µ^ûóbb|Ýý#1fŒ +)Ey3–õéʘŽÿ1@~"¢hÒR:6,šz ‡8ÉÈwŒmí4ÁzçØ5Õ¬€B’q#]äèÂøõ°ÓŠ¹$¡FŚãÌ»NØg²ŠIf1ù‚4ºž‹ìŒëun†27žÒ ++€eé3·RVF)Zœ2ˆÙt*±˜Ek.µ=ƉFŸ2ìxp|fêŽ+Ú7'.g‚Ò} ‘-’ +”j© & + +蜲ŽVªq)ê}7#'šŠZT`;ü>€!@¡Y¹ÿh0r"-³å(š‹œIË»ië±p÷U +Juݯ +4†FÎEŠÙ¢x™–qµsL â +(,¡u\°yaÚ8V#U +Ïâ°H^ +^{Õ±]Îï‰BïîüŠÍÝù—ÉùÿnFn«ƒbÅq‹<ÆÊ{¹áCPÀvå[«¢‡Z·„Êù-¶Âd + +S/f³õ“[ÑòözÒAaꏞûbj™y6‚¬O;Ⱥ;îa%hmQ§MºzԇªnÝUEÏ׆A–ÆŸÙ:˜Ê¡Î_•&÷Œèç[Vx€=bä/ÔO•ÜËšIt0 +°îXœÈyÃ4 +ÄaxÛªffÞϗÆCAȓ/ŒBLüqª1eÛþ%DCo׏ے)ÿãÙÐo¯ˆ›Xû’*œl˜à1f^i¥ž±DíÅ9@ÜPŸÍê©«:k•íooeç`/xÚiõa6ô‚ýÓ¿~ûþÝO?Ÿûá·ÿŸûééý‡ßè÷žþ²§ä·^?x՜ã‚-°2­çãF ZÉJh ++Š +þ†Zo: ¹Ó­CäG€Uk# [j¡ +ía&‘t„Œ˜„”Ý;OÙ/W« GUçb]šŸ‹||y±Nƒõ‰Ó–Dù q]³Õy¿Å~xðwê^Å£â +dy›W +‡×鋔¬’;0yvòžQÕÞ2ë +>G³ø¥Ÿ=q›‹«šxîN +%?¯3ãœ)eåÎøk€ÝA:ÖÕÎՉŒÑÓåAœ="ƒ-vxØëƒ_÷~™š¬~a›š_ +âW~žXÏô'Ër«endstream +endobj +3107 0 obj << +/Type /Page +/Contents 3108 0 R +/Resources 3106 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3090 0 R +/Annots [ 3129 0 R ] +>> endobj +3129 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [190.441 212.017 247.762 220.499] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF-CONFIG) >> +>> endobj +3109 0 obj << +/D [3107 0 R /XYZ 71.731 729.265 null] +>> endobj +1020 0 obj << +/D [3107 0 R /XYZ 71.731 697.136 null] +>> endobj +330 0 obj << +/D [3107 0 R /XYZ 318.907 651.881 null] +>> endobj +3110 0 obj << +/D [3107 0 R /XYZ 71.731 628.126 null] +>> endobj +3111 0 obj << +/D [3107 0 R /XYZ 71.731 590.945 null] +>> endobj +3112 0 obj << +/D [3107 0 R /XYZ 166.376 537.437 null] +>> endobj +3113 0 obj << +/D [3107 0 R /XYZ 71.731 479.324 null] +>> endobj +3114 0 obj << +/D [3107 0 R /XYZ 71.731 449.456 null] +>> endobj +3115 0 obj << +/D [3107 0 R /XYZ 71.731 449.456 null] +>> endobj +3116 0 obj << +/D [3107 0 R /XYZ 231.311 438.661 null] +>> endobj +3117 0 obj << +/D [3107 0 R /XYZ 71.731 416.714 null] +>> endobj +3118 0 obj << +/D [3107 0 R /XYZ 71.731 416.714 null] +>> endobj +3119 0 obj << +/D [3107 0 R /XYZ 71.731 383.703 null] +>> endobj +3120 0 obj << +/D [3107 0 R /XYZ 162.999 372.908 null] +>> endobj +3121 0 obj << +/D [3107 0 R /XYZ 139.746 347.005 null] +>> endobj +3122 0 obj << +/D [3107 0 R /XYZ 363.047 347.005 null] +>> endobj +3123 0 obj << +/D [3107 0 R /XYZ 71.731 344.848 null] +>> endobj +3124 0 obj << +/D [3107 0 R /XYZ 71.731 329.904 null] +>> endobj +3125 0 obj << +/D [3107 0 R /XYZ 438.645 285.436 null] +>> endobj +3126 0 obj << +/D [3107 0 R /XYZ 358.334 273.78 null] +>> endobj +3127 0 obj << +/D [3107 0 R /XYZ 76.712 257.142 null] +>> endobj +3128 0 obj << +/D [3107 0 R /XYZ 71.731 237.217 null] +>> endobj +3130 0 obj << +/D [3107 0 R /XYZ 182.838 202.248 null] +>> endobj +3131 0 obj << +/D [3107 0 R /XYZ 370.215 202.248 null] +>> endobj +3132 0 obj << +/D [3107 0 R /XYZ 153.428 190.592 null] +>> endobj +3133 0 obj << +/D [3107 0 R /XYZ 262.575 190.592 null] +>> endobj +3134 0 obj << +/D [3107 0 R /XYZ 420.192 190.592 null] +>> endobj +3135 0 obj << +/D [3107 0 R /XYZ 430.262 178.935 null] +>> endobj +3136 0 obj << +/D [3107 0 R /XYZ 76.712 150.641 null] +>> endobj +3137 0 obj << +/D [3107 0 R /XYZ 71.731 130.716 null] +>> endobj +3138 0 obj << +/D [3107 0 R /XYZ 380.481 119.06 null] +>> endobj +3139 0 obj << +/D [3107 0 R /XYZ 299.506 107.404 null] +>> endobj +3106 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F44 1165 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3143 0 obj << +/Length 1269 +/Filter /FlateDecode +>> +stream +xÚÅWKoÛFŸûWhK€Éìò) +thÝ€Hí4E¬ +‚8hri.L‘weKýõÙE=E + +ŽËç7ß̒Ô!ð£NBœ$€??õü8ròÅq +áä× +j$\#âd~ž]Œyç§Nê¥qàÌJ' ±—D±“Ÿ7‰|gV|]WÙR²nìúEžþ¿n›{BüÇU7ŠÑ(“ŒmôÁœï'z%²E5Š£Œ7Wú¬˜‘ÍÚ¬mÃeۍ¿Î~»x;룍|êþÙ|ŒÈA>aèL Ÿó¡Aê +Iâ$dâp€ùˆ˜?2Y°F +ˆ!™à“<«kœ¹'‘­^×\Hœ*xÇrŒÓ +t9 EõÉ +·š DGMœÑ»<[ Š—™‘TP) G +o +·þD V +ex&«¬1ªæŸu]Û¡Ó+ó܄ÎM|\ ‚ŒK©G‰ÊtÙ1±Z°Â5I=°A€æìaì“ÑÆ:7X@šÞŒâffžÞÞ|À8ŒÞ_ìŁö÷yLC2jWFœjWuboÞEt[“0öHƒ*ªüþq +*3-5¬œï{™) +áYÍÿBÙ^˜E&³‡ÌbýÂeu:mžHGu›,DÑöu®¬€J֍'^HBq¬"C„k[ƒfÏqÓ6nÁ$G·r€Ü¡DÇ2Cž®måS_Ír·ºYm£A;td9¶h +ŽÍÄÄ~ʧ8ޗúž:4„®Pp»f€AW%€»Î-ò(ñš§õ· +¯›]›H¶£š€C#Ѻ³Š +Ýà¥âvÎk.7ú‰=É{“ªaª4“B;Ì&êã’J܌ B×°ú0 +‰‘=ú`W¡?œDùNV0­šá„2@B=-] ;0}bš*_nT _wZPãðÃ؍ æ/ùs&™Þ!ӈ^–8Rp!^°°\æ•b >jËR™ÃÆÖþ®+–?ý„–Ù”žö͘ÞÏÈ3Ü=0ùÂX£79úD+b7g\ÛâJï +VfŠèž 9,Þìœq;E>9’ +ÅF‘[ +ƒzz©*d¢WçëVKicyǗÒBí_Ý uöéÏ·ßë/³)JžQ*>«€Ä^„‚=³ŽcHp +`ýqnfxÁ~à¥“È “ÐKÓôè +ge܁ŸâŒÜ7„AßYÒc!ô0=pŸ‚–ïŸwodλß3„î{À]? Kè¢w +/¹ÑøO¡”ò(9NÖ⣺cqÕ0ŠÆ÷N'ݪZ4«µ¡nVª·M&!aö +–Y3/zñ€Bòôæ3^dúX1°Ø«{V0ýÅé8‘%"—laÃØ1EG +[.­™› +·p‰—|mõõ†«K²Ÿ4fZk¶P©ç8hN¶[ÅÖpçå|a'·ÈT“yGsùžžÐØ Mag™é†æúu˂„éŸ8ŸS<ŽŽÈ–g;Y‹^÷ªSýGPwJ⌜ŒŽiߙ¡ŠŸ7–¶I^ +€öÀäü +ù¢úlëfªÙD0[V>€ÿA¶Ë®Íçøîr&Ñ^æÇËWõÐýԛ·%]«‹ëX’ÇH›ükIÎyÓlÞ.™~ +ú‡æß"1Ž€ö¬ŒŠì‘÷íRüÿeŸ×mûŽZŸ +‡Z}-)ÝïÉþ¶µªtÀŠAþÃËÎ|ù›ۄ&g¿·"ŸÆÄšFDœ §'>[=ý +°jÆendstream +endobj +3142 0 obj << +/Type /Page +/Contents 3143 0 R +/Resources 3141 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3090 0 R +/Annots [ 3150 0 R ] +>> endobj +3150 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [323.985 473.591 393.922 480.733] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +3144 0 obj << +/D [3142 0 R /XYZ 71.731 729.265 null] +>> endobj +3145 0 obj << +/D [3142 0 R /XYZ 71.731 689.819 null] +>> endobj +3146 0 obj << +/D [3142 0 R /XYZ 185.573 680.05 null] +>> endobj +3140 0 obj << +/D [3142 0 R /XYZ 76.712 650.461 null] +>> endobj +334 0 obj << +/D [3142 0 R /XYZ 261.448 611.088 null] +>> endobj +3147 0 obj << +/D [3142 0 R /XYZ 71.731 587.971 null] +>> endobj +3148 0 obj << +/D [3142 0 R /XYZ 249.513 578.212 null] +>> endobj +3149 0 obj << +/D [3142 0 R /XYZ 71.731 566.092 null] +>> endobj +3151 0 obj << +/D [3142 0 R /XYZ 71.731 171.089 null] +>> endobj +3141 0 obj << +/Font << /F29 790 0 R /F44 1165 0 R /F51 1285 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3154 0 obj << +/Length 1863 +/Filter /FlateDecode +>> +stream +xڝXMs£FœûWš|±TeÍ @Ê%µ»ÉŠ’ÝTqjÙTj +#‰2€œú÷éfŠIÞJùFMŒî~݃¿ðàÏ_Ä>‹žð +ãQžHŠoq€_~ºñ­Äڊ¬G2ï +nÞ|à»ÅŽí¢`ñ°_^Äâ0ZÄgې/ +Ò?—j€^­yè-Cf®ïUùÅóø¡Õ+?\Š&S¥ùá +ç±¹«Eq\ùK‘•÷æAs”VÞÌí}¡Ê¬Qzõ×Ã/7?>ôކÜg¿™Çã/ü + +6äû;B ±³íÆï +™ï1ŽÄÛåç£hÌ]V›«0—'©K™›{œâÞR©æ)³²ß£¿`* + ók-Ž;o­ÀÛ +‹¶ˆáÏzµ IáLß²xÇ­dçà$,š²17jo®•V- ++••u#ò +`—©]™ëíÓÊ÷–RVŽºG‘<¥JÙäªJ–·ö÷}ŸrQ’îF·)== +kR=6âÎÜf·ÔF`lÙ&kŸ³]h€I"ëÚõ‹â:Ս,lqýQ·cÈOöÇ69š;m0#LŽ-¢g,B©­žõÉ5ba¹§€Ò +;|ñ9K­ž=b$’ +gM&'Ÿ +{A,eŒÒ³ñ™N骇VðBO²ƒ +JjQÛ·1CF`)!;{­ ++ÑŠ™Mt®õœ›Ý1p +J3ì'Ê÷]UߑÂªxÉè¥^’⬶w‰Ô˜C'"“1ª.ë€lQùŒDGÿù˜QOߖJ"¿=—³)ÁôhåSÙÈ€¡^²Æf;9Êä©n©ž ׉SyfJ{` +‘+œ*BÓ1͛‰ò2†/šYµyJED`ªÍÉBŠ÷+ +.÷R˲qýïóQNˆPé쐕"§ø$‚Û³%µ~!›£² +$h4®n»6 +€ Îëòñt.C}`üûÓØ70`@µ +ˆ‘ZaݖMVHªHQ81g? +l,£åJ€â‘jej|is9'Å]Ä6QlU`*?}üu„VÆ$Ù†Ê +Œî +IžÛÎî†Sô›À0,\±éÁ5Ãd6³2w +Ž1iî +wᣄQ§ +¡ÂÓxøÿE›”kY™è`@m!ºnLñ0f„Ï›T>¿y*d1!ôØ6ˆF Ø"­À + +ëïÅFCÎ߁ï•h’ãuØÂãmUã2™ŠB•kHî:# fE +ŠÔh(ì'% +Jü±œ³bðÈñ˜F\©æ‘‚[›TS±W•ÒÍ@Ak?‚aÉ#ËDQ'þœ +¹0! êŸê¡Ø{÷E2¬24bGžÌ#ÙîÀQªK˜b $¢žÇÕžÛÑô·•úa {sik©­—ÏY‡õK¥ ‡ý©¶ÍÙêç`‡çPô¡“Ô>2[ +’H?%3w6ÃØXÚ·eIýêð<7ÝÍŠgô‘†R6†Võ“Í|-gvæL­¶9(ȟ¬-–ïNã€Ú^›“ávž|.TÊ0÷m<÷ÄúœG~ ‡€ +âÐÿovÛ #ŸÃ€ÈTµÃŽ +f–2ÿ4ÉÎT˜'zÀå73 +2ÕÖ°MEáòþìhÚRœ©ÂŒOäÙ­`MuÖŽÝòÏlɏwoxiã±Èß[w`·îŸ‹*— +ʎmqù†Û°äÉü› 8à"ŽÛ§úò² +ÙՃèHÌIúÉÝÇT +!—øùÄ­[܄ +&ñƒ`?›• +Y*QUy–tàœ9ÿŠÝŸÃÝHÁ©rjYe‚ŸT»ñ`6Ÿ›žŸ| +³óEfçÏO$² +dÌùÉ¡aG +7ÌëØ +`xm7glM¯ƒmûÊUÛ®ÚîT5 +E€ÖmÕžÉh`:Àþ•N¹Jb|5kìÛíÀñÐw0™[ÚiÉéS5±+\š¥«¢€­qOÇšnµ˜wM¯ŠZÓºð ìœ?kn룡5Ós»÷[‡Ÿ(²~mÕ²ÊE"瓺#?lƒŒ~=Üi› +¶ÿИpœ3íù{·’—c♾ò³kö‡ŽOU +aú°Ú‚å~k챊ÕÝ4ZÍ.õç;æûÑõF ]ì’ÁÀøÅV8cîõ^žj~¢Í?|K‘"¿•¢ " +“±¿DrüyÑ%?5.Èá±a!SÕ$q"Mu?+ÔtÔò_è¬{îÜ0·Ãž4îËί +Šžº— +ycCWK÷[É?mQ¹Ž>ò¬®pÜ+Ï·öX!NÊb€l~ 2Â4¿˜(ò±­ådò„ž5ºÆý7Ïd:X;ÓS'‡‡ì vó1¢F%òøŠó ]÷ßCÜ\ +ëèȞS·Å^J +³sYª*úh:bÁÏ1ÔÝßJ.“”L +E“4lŒåtpL ¹Rœÿ“—|/dAp–™‹¬dEà")ÍmœÎI×l»j +Frð¡ÙàëI느)úÉxÒ²iuY_š¢Ñ¶5‹ß~øÞlÙ֏¯~Df_ÆCßg +ô¬FyŸZÏ-ýó$Ëendstream +endobj +3153 0 obj << +/Type /Page +/Contents 3154 0 R +/Resources 3152 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3090 0 R +>> endobj +3155 0 obj << +/D [3153 0 R /XYZ 71.731 729.265 null] +>> endobj +338 0 obj << +/D [3153 0 R /XYZ 337.725 707.841 null] +>> endobj +3156 0 obj << +/D [3153 0 R /XYZ 71.731 687.736 null] +>> endobj +3157 0 obj << +/D [3153 0 R /XYZ 129.235 674.964 null] +>> endobj +3158 0 obj << +/D [3153 0 R /XYZ 71.731 614.028 null] +>> endobj +3159 0 obj << +/D [3153 0 R /XYZ 420.878 603.233 null] +>> endobj +3160 0 obj << +/D [3153 0 R /XYZ 353.551 577.33 null] +>> endobj +3161 0 obj << +/D [3153 0 R /XYZ 376.952 564.379 null] +>> endobj +3162 0 obj << +/D [3153 0 R /XYZ 275.824 551.427 null] +>> endobj +3163 0 obj << +/D [3153 0 R /XYZ 71.731 529.345 null] +>> endobj +3164 0 obj << +/D [3153 0 R /XYZ 309.009 518.551 null] +>> endobj +3165 0 obj << +/D [3153 0 R /XYZ 71.731 465.4 null] +>> endobj +342 0 obj << +/D [3153 0 R /XYZ 368.684 426.127 null] +>> endobj +3166 0 obj << +/D [3153 0 R /XYZ 71.731 403.01 null] +>> endobj +3167 0 obj << +/D [3153 0 R /XYZ 71.731 360.274 null] +>> endobj +3168 0 obj << +/D [3153 0 R /XYZ 71.731 360.274 null] +>> endobj +3169 0 obj << +/D [3153 0 R /XYZ 71.731 359.029 null] +>> endobj +3170 0 obj << +/D [3153 0 R /XYZ 137.484 339.95 null] +>> endobj +3171 0 obj << +/D [3153 0 R /XYZ 71.731 304.917 null] +>> endobj +3172 0 obj << +/D [3153 0 R /XYZ 71.731 272.04 null] +>> endobj +3173 0 obj << +/D [3153 0 R /XYZ 71.731 272.04 null] +>> endobj +3174 0 obj << +/D [3153 0 R /XYZ 124.533 247.049 null] +>> endobj +3175 0 obj << +/D [3153 0 R /XYZ 137.484 229.116 null] +>> endobj +3176 0 obj << +/D [3153 0 R /XYZ 71.731 194.082 null] +>> endobj +3177 0 obj << +/D [3153 0 R /XYZ 71.731 148.254 null] +>> endobj +3178 0 obj << +/D [3153 0 R /XYZ 71.731 148.254 null] +>> endobj +3179 0 obj << +/D [3153 0 R /XYZ 124.533 123.263 null] +>> endobj +3180 0 obj << +/D [3153 0 R /XYZ 137.484 105.33 null] +>> endobj +3152 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3183 0 obj << +/Length 1742 +/Filter /FlateDecode +>> +stream +xڝX[oÛ6~ϯð[d fD]ퟥi2d˚¢1 +ëÐms‘%M€šz¿~‡7Q' +†±(Qçúï + +Ï|øó£4„Ÿ` +‚$že‡3¶ƒ'¿œa³ca¶,z{Þ¯Ï.oƒÕl +VI8[og¡Ÿ 4Nfi e +ÌÖùÞõžÔ‚6óEû^ŒôïuU~óý`×6s +{D°ªÔŸAª¯89ìçØ#¬ŒÐ7Ğš=ðfa®UÉDÕÌÿ\ÿzv³î¬ŒÂàM̖©?©ó‡)Š–Ñ,õ—(Œ"åϕVÜT•xfÂXAŽú¢’î|—ÿhóÒ0AGŠó#Ï€SE¡×۶̜ó¢Ò¿uA2óÑ?µ‡zž‡ nU±÷b$4Tœ{ ¥p +@¡ÓA„Œ„`Ž29rö Ҙ7«í ÛdžƒèY2éi¢>Bò szo¶§Ù3?‘Ć[+©rB/6Gi0åC3(Éö¯Ûa4m«ÆÂ"gRCŠ Åµ‰ +œ¢•Ly#ßO•¡w6,yΊ‰k9 +8=ƒÆ‡/ÌÚ£¶9WAíåm”Ì–€šD"*€ +Y¥„RûeÝT™Þԇ + 2\™-¬¬r:Ž*§‚fbO’W +]”;‹N°TôB» +„ +l²Ž•è—=³1Í+ï².„[kRJHmüAv/T>û¡0Ÿµ2†&B›yà{­‘Ö°ŽÙüåöт!ö¿Ì@u#ZbäÞ2[äG.èŽÂ>¬oähÅõ: +öó +ƒ‰MI‹S8}0 Œm(}ÿøáò¡Š%ü2IOPS¥(l}—öêtY²)šó)Ø8‹I™OߔniUù^h^‹V +iúTÎäÈ@ÏpŒ€€~E>JðRù#ì£H’mºônšFŠBÕ,”s"V€8>  +’®x¿«+ùîÎb¥Ç/LìµÁçŸ +î﮿êÛ¿Ý|þxs?_Þ¹aþ5ÀÀBÖ^l«ÖBãX +ÂuxçBC\DÏï>¬!?çƶ+UÍk‡:h¬[B & ¬„žÔŽµàFvUä랹.ûŒрû\Á~'™ÖÜ©&w—°•Œs +’¡{Bq1Æø; +FÁ҄ +箆Ñ܏_¯¯îïß +IÏúš ’àŒ +à5ëÈ¥ +ˆ^îÁÄ*,òœ±ÍÒ ÌelxúåjŽ1öd6nŠÆL³ñŠ²!‡kC¥ý +9͹Óüé³4ïáú€Æ1íÇ«ÿN»Š6 +wbG«AMÜm;Žh<ÔÂòca)Ô¶‡®â¥ß’Qœë9åYÃja +ˆC¥Ÿ^üC›Ê +aOÌí +¥å(= +‰=ã֊œAcárY“f†û:Çá +ȞpDãh͂‰JG§¡îý2ïY­®š™ãì +ž³j +²URFá¶ÈsŽ’h™Ó‰ô¢ªžŒ‚é +ŸáéQM€Æ +KÐ2qFî‰pRiяZ}`m\Ö +Ҝ˩¢5MƒÒkÁêŽAZæÖ}?5ãlžŸj¢ÆZ؋ÒÜšVŠ§õ Øп[ցq`›¢‡ÐžYp–w€”.÷AÙÖ¹fgã۞ˆWkwóî*CÀOd+&(ÅåÈó¶šq:Æ׊8–ŒHR” +µX†ãÀ ++l~×^ºR)ª ++/áÕZž©o! ýÄ#JÑŽõ;ÌzŸÔõ­˜ñPw§?sŽôÌVÙ‡ž¡œ8 +¯êÞñ³×Ýí ªûèDûûÇߎ̇®h‰–8}óS˜Û2ùC B@’Ù" +Lð+_©Ššþ +ô.øendstream +endobj +3182 0 obj << +/Type /Page +/Contents 3183 0 R +/Resources 3181 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3090 0 R +>> endobj +3184 0 obj << +/D [3182 0 R /XYZ 71.731 729.265 null] +>> endobj +3185 0 obj << +/D [3182 0 R /XYZ 71.731 741.22 null] +>> endobj +3186 0 obj << +/D [3182 0 R /XYZ 71.731 718.306 null] +>> endobj +3187 0 obj << +/D [3182 0 R /XYZ 71.731 673.31 null] +>> endobj +3188 0 obj << +/D [3182 0 R /XYZ 71.731 673.31 null] +>> endobj +3189 0 obj << +/D [3182 0 R /XYZ 71.731 610.461 null] +>> endobj +3190 0 obj << +/D [3182 0 R /XYZ 230.783 597.509 null] +>> endobj +3191 0 obj << +/D [3182 0 R /XYZ 326.523 597.509 null] +>> endobj +3192 0 obj << +/D [3182 0 R /XYZ 431.728 597.509 null] +>> endobj +3193 0 obj << +/D [3182 0 R /XYZ 71.731 551.582 null] +>> endobj +3194 0 obj << +/D [3182 0 R /XYZ 71.731 535.328 null] +>> endobj +346 0 obj << +/D [3182 0 R /XYZ 275.564 498.112 null] +>> endobj +3195 0 obj << +/D [3182 0 R /XYZ 71.731 474.995 null] +>> endobj +3196 0 obj << +/D [3182 0 R /XYZ 321.711 426.381 null] +>> endobj +3197 0 obj << +/D [3182 0 R /XYZ 71.731 404.299 null] +>> endobj +3198 0 obj << +/D [3182 0 R /XYZ 71.731 332.568 null] +>> endobj +3199 0 obj << +/D [3182 0 R /XYZ 71.731 293.714 null] +>> endobj +3200 0 obj << +/D [3182 0 R /XYZ 71.731 278.77 null] +>> endobj +1021 0 obj << +/D [3182 0 R /XYZ 71.731 184.787 null] +>> endobj +350 0 obj << +/D [3182 0 R /XYZ 366.095 139.533 null] +>> endobj +3201 0 obj << +/D [3182 0 R /XYZ 71.731 115.777 null] +>> endobj +3181 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3204 0 obj << +/Length 1174 +/Filter /FlateDecode +>> +stream +xÚµWÛnÛF}÷Wè +”+îò^À‰[·) € @âšZI‹P$Á¥ì*_ߙœð¢›• kw9œ9sfvfH +þš“P’ðÃ2ÂâÈ)¶7Ÿ³†'ÞP#áo$óvq3¿g™“‘,œÅÊ ü˜$Qì$#iĜÅò“{·É›Ž·3EŸý{WWŸ}Ÿ­wíŒFnމºÒ>3–è•Ì·›usQýªº +72ðfiÖÛº]ÝÎ +ßü±èÑFŒ’€]ôLj +ù„ƒ?”f$??%A*ÈŒO]Äóx•?•Ü+뵚ž÷’wŁGÉ ÓwÜp„ap[pŽÜ÷|¬í¢2î-f©oÙkyQ¯+ñÕ²ŒÉ«5—6¹"_NzU@ªeP¥dNHht’«Hx— +&ë9n’„„ij<ù.nÀFÕÓ±Ž~nìãՌún^ˆR?Ý~úîÃS“O/6ÍÂ| +÷ã9ž1³"’Ã¥¶©g³.@@žhã$Ërû·cúš +&s<žÄ1͔‚Oë±OOx•ü29K̙ûHO'žóŽë +ÆÞ×K•iž/3n\eQ­õQœZa€_µ€ÏÞcjÜmxñå +ã·ô$œSʔ5QAõ|†»švOŒ{ávÜ +5Ë¿0Ï uµ”ßô1y£ ä›C”¥!4oyfa=sTÚB}á#ؒ÷:q +zF$òC'ÌRB:UÑ­Œ7R%}R“!ð›¬.7¡‡æC‘0dÍ[™‹æé»mbä±4"›ì+Ùû,ƒ{²[Q­êá A +;'u!Û]ىŠ4Ñ%Îdá +)v/ó +ò•i2ÿmÜ&%LQ¡ +rC#$̋R¥Ž—Râk@Ãb—€.fëŒùîu7ñd[ï y—z£«Gßðà€©KQ`â +U¯0!)£“Þ> endobj +3212 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [345.504 497.382 415.442 504.165] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +3205 0 obj << +/D [3203 0 R /XYZ 71.731 729.265 null] +>> endobj +3206 0 obj << +/D [3203 0 R /XYZ 71.731 718.306 null] +>> endobj +3207 0 obj << +/D [3203 0 R /XYZ 71.731 718.306 null] +>> endobj +3208 0 obj << +/D [3203 0 R /XYZ 149.718 662.516 null] +>> endobj +3209 0 obj << +/D [3203 0 R /XYZ 197.04 649.564 null] +>> endobj +3210 0 obj << +/D [3203 0 R /XYZ 418.258 649.564 null] +>> endobj +3211 0 obj << +/D [3203 0 R /XYZ 71.731 624.493 null] +>> endobj +1022 0 obj << +/D [3203 0 R /XYZ 71.731 381.021 null] +>> endobj +354 0 obj << +/D [3203 0 R /XYZ 427.295 335.767 null] +>> endobj +3213 0 obj << +/D [3203 0 R /XYZ 71.731 312.011 null] +>> endobj +3214 0 obj << +/D [3203 0 R /XYZ 71.731 280.808 null] +>> endobj +3215 0 obj << +/D [3203 0 R /XYZ 71.731 280.808 null] +>> endobj +3216 0 obj << +/D [3203 0 R /XYZ 71.731 248.066 null] +>> endobj +3217 0 obj << +/D [3203 0 R /XYZ 71.731 248.066 null] +>> endobj +3218 0 obj << +/D [3203 0 R /XYZ 418.956 211.234 null] +>> endobj +3219 0 obj << +/D [3203 0 R /XYZ 71.731 186.163 null] +>> endobj +3202 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3223 0 obj << +/Length 1166 +/Filter /FlateDecode +>> +stream +xڕWKÛ6Ÿï¯Ð•WÔÓ°‡v‘Ž ºкè!›-Ñ6™HÉÎþûΐ”ÖZ?6 +|hžß +gÆ4ˆáGƒ’’2 +%Y€Èƒjwøòû +õ‘'‰Žh~[ÞÜ}HÁ‚,Š4X®ƒ4.H™A™&dž'Á²þ>lYÛq=‹’<sâÖ%Ÿâ8ÙôzFóuBI÷á)IJ·3l·Ñ yë.º-÷4ÀÙøýNIÑ)=ûºütó~9Z›'”€ÉU<ɉ?YÌÁŸý¡iLR +žÄs’f™õç'Ô""JI‘—öîQõ²{ØòêÛG ŸîYs^Ð0‰ã uqFÂpq +þ©6!7î`øžkÑ nPq—ÿr·nÙÞﺃr› + +0ïü­„x2±v+sËMö_ +®ÖüÖSÉz”sÑÚÙb"qTBCî¥ +D·õr·ž·RZóÊ3ªSÁ3ŸCío‡Ð³ÅÿQc±£áýiy +þ³Uã~sÊPŸ*«ÓLÁ¶pÛµBÁúv85: +(¬žÝÚ3HPë ÅZ©r„pG~0¿¬Žû»3~ +Þ3ý†€ÞŒEÑíZg£Tü»M€êV*Ӌ–šïß0a«v|äGöïgø¡ô”/¥'¢1”žE%É2'r¹ÅDte¢î‡’èOê ºR€$Ë»¡>íÚ~¬Ze%j.ý·¿ži!Džy9+As“h@K’ÐÜڔ•d7QVl±°6å„ŠXËyˆc–Äá7›µxcž4ðàñeãÑ:ã ++åAbáq +œÏnßnëš9 +e° +réQ™Ím +¡õàw+`Ü㎵·o[¥œ¿k +0d +l€Óe©¯ËýÅh5Vw~Lï¬K³ëâ‰aä®:j +óÐ3G—lÕðÝÄÏ(DåÄ×AšKGìLø¶R1¿Yñ‰ãµ· +Dª3®ÛœtÑÉÝ}é?fpšyb6xkZ^ $Ä33(eiÞ0PډY’‡{ +Þ¢z&ßJBŸ§"¿ÌrŒž¥qïwµÀbªôó¬ÈCßl?zmô Žz”¬Gߜšw¶ +[Jìbkè²:ɍ +Þ +Œ\Ú{ÐÒjUq3zŸe˜°{¡z=qˆº`õŠÏ2ÄÊöž +§”dI,6K@ðsö4×sßQYŸAœ»¶yö¢ëÚž¯ZÖjÁ:1ΰ‡¯móµ,êëÎ%ê3 +XÓoœðîËqb QYù"›„–5\wcš€)c~4䙡èÁ,SPW`ŸüÉñ2_ÿßìñk•Ç§§8‡áeÒÍÕzµŸÐmÐh +ËXáüž4I +ƒUrq ò&Y7®ŽXí— +²Y»;Î*?`üüÇçÇ÷WŒõ# +†d-*ߐa>hŒ +t•ùN»âj^“Ë‚—Ã`Î[>Œ„=÷sŠw—}6±‘JóË*X‰¹‚þd.Ó4jc¿J±ÑêpÙ©^ +9 +®ý?lN掌ú_á +ää¯BúRÐçIPm‘^ãO5ývŽS–endstream +endobj +3222 0 obj << +/Type /Page +/Contents 3223 0 R +/Resources 3221 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3220 0 R +>> endobj +3224 0 obj << +/D [3222 0 R /XYZ 71.731 729.265 null] +>> endobj +3225 0 obj << +/D [3222 0 R /XYZ 71.731 479.004 null] +>> endobj +1023 0 obj << +/D [3222 0 R /XYZ 71.731 462.65 null] +>> endobj +358 0 obj << +/D [3222 0 R /XYZ 443.684 419.553 null] +>> endobj +3226 0 obj << +/D [3222 0 R /XYZ 71.731 395.797 null] +>> endobj +3227 0 obj << +/D [3222 0 R /XYZ 71.731 364.594 null] +>> endobj +3228 0 obj << +/D [3222 0 R /XYZ 71.731 364.594 null] +>> endobj +3229 0 obj << +/D [3222 0 R /XYZ 71.731 331.852 null] +>> endobj +3230 0 obj << +/D [3222 0 R /XYZ 71.731 331.852 null] +>> endobj +3231 0 obj << +/D [3222 0 R /XYZ 150.976 295.02 null] +>> endobj +3232 0 obj << +/D [3222 0 R /XYZ 71.731 269.949 null] +>> endobj +3221 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3235 0 obj << +/Length 1369 +/Filter /FlateDecode +>> +stream +xÚœWMoÛ8œçW؋D +)‰’µ@i›¶Y4i‘:ØC[ŠD[DõaˆÒfÓ_¿Cr$˶â-ö°R$g8ófæ +ÍþØ"f$`ðâG|‘Ugt±÷g +Oxxěœyœ:»xç'‹„$Q°X­HÌ£E +ødÉýÅ*ÿêŒ)Òm'Z×ó9u8±ã›ŠþF©¿é[—q'ídSۍoŸۙJ«ÂeN*ës»Ðπd‰óª©e׎î÷ÕgW«ÑZî3ø'ýÁ#Gþ„Ñb þDÚP0À +.I†ÆŸß\/¢ÔiEš7uù¬o + +c$âñôD¯DK÷¶£ÃmvzÛ?œ +œŸ;œ•~QãJë'¹X§}ÙÙ©ìX7Òõ˜³©›VÌ^{¬÷ +lXËRšÛŽ¯HÙld­•1­ìXѬжmÖæâRœ€}VT©â"Õ¢}W4­ü)ò‡âYý¢ñÊ¥ +J©fmÇû뷈̓ƍaø9Œi"]cǬÙò_–¥Ÿ†Œ +óëwšçÃÕÝ.}A7níøéó•V‚_w—·ï¯Îñäʎ7÷_pöu|Œ„•_Ë€1oŽ«÷2W¯šŸïœQêqJõH=-ŽïhÃch#YxQLÂÐ:µ*Žç¶Äó~(÷Çç.²ÍšŠQÔ¢ž¥Úö#ã\יÌE{wBm›Z¡ðʍACZ4‰-XL|ƍMaL–°â +áÆ"NXšé+^:7Æ$uìÉ €ù/¶Žh +K%Ò[‘¢S© + ¿7mZU°Åe×d +Ư]‡21ž›¢ësç õèä2ëy>E +wŸZÙu¢ +ô">ÈÁ¯ÁæÈ +T>»wf× +"'Ò¬ƒì“„3ãÏ4 +è +êÚ>ëúWu۞·!šôFcBjÑ1¢£é™ ¬Q@%ÐÌÈ\èvP‹|tÒHOYœCP‚A\)f. + çËý›ª^¡b{žoÀLHC5ÏO,ã=ðæ̃ä÷Cvl^ö/æY*ðâÄI²—r»Ú9ˆLÖÔ +ä"nnÓ¡n Û’IBO•i)šÆ<Ž_ YºÁÃe»ÏŽF8²R€u¿ÅLêµúLëPQ{šÎpešc>ÂYXMžcRnÓVÁœSÐÃDû +ωéSÂ<FÂ4øXžz§ +FcÈ!’Ò†¶H`UsG5}›ø™59Îrt+]º-^ +ò˜Öu +yž +4žËLdåݒáþ™Œ`AnñIÆ +e0Æ l’$ˆàÒ0Þy8%ȆÌØCªš·ïª-ÉÐ(ó1S;1‡·ÒŽvŽ +1FÉ +Pܖ¢²d¬ÍŽgFB¹É@³fŸuæœy9\ÀÿÆÕÝÜ. +͂é@‚>E¬ŽÐ5™ +З”šåšáFƒ£:Ø^e~øäÜùså²¥ói†=‡Îƒ +GóõÿÐp86œÏn‚Ð ÛteÔŠ3ÀF×׺ +N7"›õ—eÕš]«m)c‹JƎ1’›ÉnÕWƒ’ +<¬º¢"ƒwKê +RAkÓѱ!ÂâÐzäƒçŠGÍ©æ +;ïžnÞòYrP +Œ÷{ÍêúýÕ +* +’NO5à +Ÿnä.gÐ×fðÞ§£‰hÐÂWªqãåt ›²îÿŸÑ2‚U6ˆzÒͶ +ƒD?n­àïùzÜ Ü—GðL*í­ÜÕ]B,f²Êy$‡f»ãÆãÈŸÌ ¿“ƒ—„$ŠBèqðøc‰QÿõFªìûá1üÕ†,Y|òwåîÈÑÏJoÌ +»xDß +/üä;ŸéŸòÕendstream +endobj +3234 0 obj << +/Type /Page +/Contents 3235 0 R +/Resources 3233 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3220 0 R +>> endobj +3236 0 obj << +/D [3234 0 R /XYZ 71.731 729.265 null] +>> endobj +3237 0 obj << +/D [3234 0 R /XYZ 71.731 455.691 null] +>> endobj +1024 0 obj << +/D [3234 0 R /XYZ 71.731 439.338 null] +>> endobj +362 0 obj << +/D [3234 0 R /XYZ 184.629 396.24 null] +>> endobj +3238 0 obj << +/D [3234 0 R /XYZ 71.731 376.1 null] +>> endobj +3239 0 obj << +/D [3234 0 R /XYZ 71.731 376.1 null] +>> endobj +3240 0 obj << +/D [3234 0 R /XYZ 226.629 350.412 null] +>> endobj +3241 0 obj << +/D [3234 0 R /XYZ 348.381 350.412 null] +>> endobj +3242 0 obj << +/D [3234 0 R /XYZ 129.793 337.461 null] +>> endobj +3243 0 obj << +/D [3234 0 R /XYZ 71.731 316.486 null] +>> endobj +3244 0 obj << +/D [3234 0 R /XYZ 71.731 269.55 null] +>> endobj +3245 0 obj << +/D [3234 0 R /XYZ 348.624 258.756 null] +>> endobj +3246 0 obj << +/D [3234 0 R /XYZ 147.105 245.804 null] +>> endobj +1025 0 obj << +/D [3234 0 R /XYZ 71.731 229.451 null] +>> endobj +366 0 obj << +/D [3234 0 R /XYZ 276.558 186.353 null] +>> endobj +3247 0 obj << +/D [3234 0 R /XYZ 71.731 162.598 null] +>> endobj +3248 0 obj << +/D [3234 0 R /XYZ 176 127.574 null] +>> endobj +3249 0 obj << +/D [3234 0 R /XYZ 71.731 115.454 null] +>> endobj +3233 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3252 0 obj << +/Length 1297 +/Filter /FlateDecode +>> +stream +xڍW[o£8~ï¯@ڗD*.æÎJ}èŽÛQV3íCRi¥Î<p«ÄŽž€êþú=ÆDŽiW‘bŽÏå;WšåÀZ%‘‹›7 +¬låX[xóýŠ" +$væÛêêæÑM¬„$¡g­6–ç„$ +B+ò\®µÊ_g÷»ôP³rn»3 +ˆ^ï¥øå8î¶)ç4˜¥5—B¿ø庑ÞUé~7§³”‹ký Þ1€›î÷RðZ–óß«¿¯þZuÚ.%žû©=H2²Ç­ì •=ÔsˆG'&žï·öü1·CǙ5ӛŸ’LmJID-Õß²ªŸ+¶ò ©è„”M +@*±ì0"Ÿ¯ï<ƒ +¥±•‹m¥÷²Ñ›,Er©×Žd-§4!@Ä1‰wÒtCc÷ˆŽ/#+"IԚ>à£ç#y® +ÐÐ)yÃõ$ïLÉï¢à—€úg +|kx‘£í%5OŠ÷k.ÒòÃÄHàŽ.2‘ÓzÀó{ü)Äj€tRœm›‰t]0Ž +BD;>RWïŒÎvšùF¢Ï².ŠH§éKÅ➯#gUç@d2§pªTžøÎ +>yY6Š(PÀ‘Ó*-*iRÀp©XÂñöšeéh + +?Q$dmÈðn³VGõÇʚ!ÌGŽ@|„ +ö2rCËvC¶z=ÉZ%d’¢sâ;ì±™{ÎLÖ֍HkV(Ý¢XE~¥wfÕªÂæ «Š¯ç.(Ãô“¶jÀº”E +Ì@užÿD?^Á£Ùe~©^ZŽÍ‰£ª>Xz:’ºãÓzMÒY¯?a®XÈ=î6ÈT‰«Îeœi­5*;à + +UsPV + +ÞºÄ(ƒoó‘îÛø‡žšlã™2ÄâB +ð#ð„ô§¢Gt©B’¯*ĄŒ¯+ĄüQ +è+ÝFlÙ adrà +©­:yÛ„\š1‹ä¡æ{þ/æTºÝ– +ânîšäτŸÁ:ýÖÑEX‘äKXÇòþ¬cùcX{ +,6ˆ’8«Ÿìž•O +}~yZüƒåΠìœéÓûŽõ›b+TiìpòÕ¡”y“™rÙ«’H›³S¹ïú€€Z73 +zŠéΪxjs + +DÎ¥ö +÷jªi$! Â˹ÉzcL> endobj +3253 0 obj << +/D [3251 0 R /XYZ 71.731 729.265 null] +>> endobj +3254 0 obj << +/D [3251 0 R /XYZ 71.731 642.192 null] +>> endobj +3255 0 obj << +/D [3251 0 R /XYZ 71.731 607.158 null] +>> endobj +3256 0 obj << +/D [3251 0 R /XYZ 71.731 607.158 null] +>> endobj +3257 0 obj << +/D [3251 0 R /XYZ 71.731 605.913 null] +>> endobj +3258 0 obj << +/D [3251 0 R /XYZ 129.514 588.892 null] +>> endobj +3259 0 obj << +/D [3251 0 R /XYZ 246.285 588.892 null] +>> endobj +3260 0 obj << +/D [3251 0 R /XYZ 71.731 573.783 null] +>> endobj +3261 0 obj << +/D [3251 0 R /XYZ 71.731 558.839 null] +>> endobj +3262 0 obj << +/D [3251 0 R /XYZ 428.729 549.34 null] +>> endobj +3263 0 obj << +/D [3251 0 R /XYZ 124.533 496.837 null] +>> endobj +3264 0 obj << +/D [3251 0 R /XYZ 129.514 478.904 null] +>> endobj +3265 0 obj << +/D [3251 0 R /XYZ 71.731 476.747 null] +>> endobj +3266 0 obj << +/D [3251 0 R /XYZ 129.514 460.971 null] +>> endobj +3267 0 obj << +/D [3251 0 R /XYZ 226.081 448.02 null] +>> endobj +3268 0 obj << +/D [3251 0 R /XYZ 71.731 397.21 null] +>> endobj +3269 0 obj << +/D [3251 0 R /XYZ 216.118 371.308 null] +>> endobj +3270 0 obj << +/D [3251 0 R /XYZ 71.731 359.188 null] +>> endobj +3271 0 obj << +/D [3251 0 R /XYZ 71.731 248.568 null] +>> endobj +3272 0 obj << +/D [3251 0 R /XYZ 71.731 223.497 null] +>> endobj +3250 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3275 0 obj << +/Length 2114 +/Filter /FlateDecode +>> +stream +xÚ¥YÉrÜ6œë+xóLE„î<$U¶ãžœK*‘n¶‰™¡M4Zž|}+Wéà”K5\€Þûõœþa/Ã(‹à',P˜&^ÙÞÞÞŒ¿ÁfE +(É +žÞyé'!FQèù3o +nîþ±(M +ïáä” +£Ô{š> +Þ^H/èpôÃ,?€Hÿ^džÞêKq¡ú¢ag}Áåj + +ŸÃïç‡?AEæšH#©!ÎP*ýš@˜#5Ha°3 5׿Z&\h™p2¿qrP†ÀýS-.õºÕNÚ +©ÍÓOA:ѝ RÀyšÅU?jYW +6ԝÕq傶HßlêA +„Ÿa§I1ø!öqˆŠD{TÕ\ +õã1 +£š™1§'åWrŠFÁ1Ö5Æ®~ëVæœÑteãäIg^ +ŠGNW(›švân +·’ôäQ®qaxά\YTGH_Ÿ˜ z¢Dþk†Œ]\­‘2€Hªžy÷àê§P–Eâ¥a„r(^(Ëo7?^%ü'ü}¿§¹8‚: +²ÄÚ("o Þéæþæo'IÚ +á/‰Ð[岌(¶"|k*Ž9¶KpŒ¢8•5 +æ9 +qì¥A‚²TÇéCÛ«€€»€ºîãØË¡îÕ +ˆ)Fy”CåcèRœé­J’î¢rjÛ'‚ö9†&oòí@µLH‹“™ƒú$ËmÍÕåŽæ0c3³Šô}S—D%—uq»RÞ +±¬&cÓ£im]Éu#¬ +=Ø +‰ PŽEq0°ðæª*ÈǝÉ_ +#= +Á)26Âè¬;.HÓÓ ð€#-å+ƒz".æÙ§ T£3ZaO € +$þ<ӜX +°O±TU}RFѲ€\ñK£3eôïÌÆÄ, +˜©oGc™êQ ‹òµêS©FG›µ¯Ð]é,€¯ôCÖKÃu6ŽGFcIÜÆΩ+Â/tž7P<·Z‡za +‰²1Ÿ‰‹QÜ­"ȝ– +ãS0T±jP{8b)טÂÚŸnèf,t/‹I:€ÇÁ¬„q€±Õ¹‘ÞåûŽƒH‚ †ú +OJÁðõ×͔™×†– وÎ1Â¥u?éÆØ'ÚX +Ðåx= +”_¶6û¡üç‹bæ0(] +83¿î€LŠÒh„æÙ +ßÈÔEX;ðtîˆÂƒfÃð + +ÎãÜZßendstream +endobj +3274 0 obj << +/Type /Page +/Contents 3275 0 R +/Resources 3273 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3220 0 R +/Annots [ 3299 0 R ] +>> endobj +3299 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [425.441 342.709 470.272 351.62] +/Subtype /Link +/A << /S /GoTo /D (0:BASCLT) >> +>> endobj +3276 0 obj << +/D [3274 0 R /XYZ 71.731 729.265 null] +>> endobj +1026 0 obj << +/D [3274 0 R /XYZ 71.731 718.306 null] +>> endobj +370 0 obj << +/D [3274 0 R /XYZ 366.999 703.236 null] +>> endobj +3277 0 obj << +/D [3274 0 R /XYZ 71.731 672.259 null] +>> endobj +3278 0 obj << +/D [3274 0 R /XYZ 71.731 672.259 null] +>> endobj +3279 0 obj << +/D [3274 0 R /XYZ 247.52 663.903 null] +>> endobj +3280 0 obj << +/D [3274 0 R /XYZ 413.974 663.903 null] +>> endobj +3281 0 obj << +/D [3274 0 R /XYZ 119.552 638.001 null] +>> endobj +3282 0 obj << +/D [3274 0 R /XYZ 288.895 638.001 null] +>> endobj +3283 0 obj << +/D [3274 0 R /XYZ 71.731 635.844 null] +>> endobj +3284 0 obj << +/D [3274 0 R /XYZ 166.376 582.867 null] +>> endobj +3285 0 obj << +/D [3274 0 R /XYZ 252.129 574.18 null] +>> endobj +3286 0 obj << +/D [3274 0 R /XYZ 166.376 517.398 null] +>> endobj +3287 0 obj << +/D [3274 0 R /XYZ 211.638 507.629 null] +>> endobj +3288 0 obj << +/D [3274 0 R /XYZ 288.613 507.629 null] +>> endobj +3289 0 obj << +/D [3274 0 R /XYZ 207.235 495.973 null] +>> endobj +3290 0 obj << +/D [3274 0 R /XYZ 325.07 495.973 null] +>> endobj +1027 0 obj << +/D [3274 0 R /XYZ 71.731 487.752 null] +>> endobj +374 0 obj << +/D [3274 0 R /XYZ 169.341 449.474 null] +>> endobj +3291 0 obj << +/D [3274 0 R /XYZ 71.731 429.333 null] +>> endobj +3292 0 obj << +/D [3274 0 R /XYZ 71.731 429.333 null] +>> endobj +3293 0 obj << +/D [3274 0 R /XYZ 307.873 403.645 null] +>> endobj +3294 0 obj << +/D [3274 0 R /XYZ 449.281 403.645 null] +>> endobj +3295 0 obj << +/D [3274 0 R /XYZ 190.096 377.743 null] +>> endobj +3296 0 obj << +/D [3274 0 R /XYZ 71.731 355.795 null] +>> endobj +3297 0 obj << +/D [3274 0 R /XYZ 237.707 344.866 null] +>> endobj +3298 0 obj << +/D [3274 0 R /XYZ 299.933 344.866 null] +>> endobj +3300 0 obj << +/D [3274 0 R /XYZ 258.579 306.012 null] +>> endobj +3301 0 obj << +/D [3274 0 R /XYZ 119.552 293.06 null] +>> endobj +3302 0 obj << +/D [3274 0 R /XYZ 71.731 271.097 null] +>> endobj +3303 0 obj << +/D [3274 0 R /XYZ 71.731 212.198 null] +>> endobj +3304 0 obj << +/D [3274 0 R /XYZ 71.731 212.198 null] +>> endobj +3305 0 obj << +/D [3274 0 R /XYZ 254.604 175.501 null] +>> endobj +3306 0 obj << +/D [3274 0 R /XYZ 71.731 140.467 null] +>> endobj +3307 0 obj << +/D [3274 0 R /XYZ 71.731 48.817 null] +>> endobj +3273 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F44 1165 0 R /F51 1285 0 R /F34 797 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3310 0 obj << +/Length 1941 +/Filter /FlateDecode +>> +stream +xÚ¥YK“ã4Ÿï¯È€j¢±ä÷R +X`Ù¥–GՆ*(à ±5‰j ++Xöá×Ó²Ô~;;@Í!Ž-÷ãë3tãÁÝĔÄ>|°”°(ÜdçÞæOŸ}A݉œ;²œyuxqÿš¥›”€‘¿9 {Qš +õ¶GûE‹ê#ŒôÇá»ß +:#BF‰ÏnšéŽÌ͌{3)MIæÅ^Bü hÍ|[fê,K§þ,ŽæG¡í7^9µÜÑí±¹ýúpžR”µóñÇÒ~V"òRßõžÛ«'Y/§ +R“±MÅ$M—]Ä3ûÁ¡¹AÆGJfêü˜I°€núÙ«wïÜV?lÔg'‘}˜ Šå±äuSA6¬!zċØ'è­#áÎSØ:suÏ@â–ú‰`£žg™žÔ(\ÎÙ/òq(HŸ+—lÜ%؃»ñqGíšäïžÇDîòM„êIjw&—:ã•Ë_éLà%ÞкxÏ~BÒm¥ÚR¯r’†ŽõÂŒ +9(3'Ÿˆ\h=rîŒQê¯Gn®î‘»¥~"Øšá7©{ýì”ö(aÁ§Š»?ŽŒ;c, +ց™«{0·ÔOõ +:.çóÝ$Ç& Av}¶ +íï€t]òs× +Ôô%UjUˆ5™ŠŠ¡î•P„‰O|êßÅàÐj(ðŒÁ"\ +łºO‡âŠú‰à–]ò®Ÿ +ªjÇÂíS9Éψ-†Aê0t4PÖÕu +ÛÖ5°|Š £¡1øÄ¡Ÿ |kDD˜éƒq²}{Ÿ(ÓþA/k{O–ºæEÁk©J{§T5Ž[+{à_“tíÍ@Ç­ä/Ñ©Çíi+ +nÀ BŒÅvëä§ÃQ !aâ-rÅ¿.Xá{„F±;”Wêâ:»RŽA/•4”  +¬é'‡ÇnôÑ&ÕyU7—)閲–Œ·hžáá× + +aH5ªo€Ç +ïiØqlÀÇ|ŧ¢Pcq„^ÿ­lÎÐA€ä±›6] +˜ + +à<œÃ§o°™hQ×ÝȄ~õy$u-Êî¹VÐüÁ'Qc<@'„ÄÆ2˧Ÿë +VS(Ãõ4°º–(æ„O]d ‰ç‘!(Sh’b:ì©3^]Dê +×2U0nsÄS âXZØ kn(1ðxæՔÌ |A× +bȆ!DvŠ˜”Ô @ +T.­ÞºGHD#9k +^œDi@e‰›ÕÅŠ\Ë'HƒÙ€Ž“µ%$€ÉzV Ržx2FŒx nS@ñŒ±þ•ÌsñhçMQßÙªöƒ·D$‚ +ÁV5„ÕðÝҐ&[±ÀD +8€ºÓO]Ê +†ZSV²ÄtHSdŠ© ûõQ¹<7ø#È-°Aœð2ãàñ1Øcöb^—‘3ª-‰™Ý4"aŠÜu7—4A·r.Ϊ\à?JBˆÊp~Íeí}à딲Qí–êAå×¹PXРWŒdvœØQLÇ&&8•v%ræuv²uŒ·b†ÅŒÂÊ€ìšEå; +ԓ¬OC¥@ +êÒVÓ,shpŸŠN+c¿%(Ä +4•µ¬¯_X1ažIÚw]ó¡ +Å +B”¶_tÜ { – +€Öb”Ñ¥œë +1E„öN–Í_.5^WÂ4©Wï¿Ÿ[ ¿DÝ>iŸW@jR»oo~Úÿü‹»þñ=ˆxMM5Ž»@d'‹A·n`EÓú±):,»ÖT%N˜d= ×sm¹~wÕ,€£‰ùìºÄHñ~9;bŒRrOË8šö倛zrñèòÄ’žõ<Ãú×yÝöE»mv^Îk(Žé¿¢Y€܂qQ +gùüÅ6ô +òˆøÿÇIÃy>lÉšÎ]¡'|`šÁ$Õq]šalN8®Óí}v:«|:ä²Y­*¹<Ì +ÒÒ­Àf „IÓèsÿÀÐßq;ÕÚš5â?@ëæãfЧÙI5EŽގáÈ?¢ÍË~*m.Ø +mW÷=¬I”ÚØŒSÇáfƒ`^×fj~žY^ÿË,3·:Ëà™Ñ$Š¯0OŸ» +mه6ïÝÔWüùñÏ +ëç®,ÈTO•¬û&\‰=»Ÿ” ?—×î¥ þ̝=‚k‰¶ +qÈTU5—y„b9ºuç°KL÷v{šiªÓ`ÙæEÛÖ~9xsøþ +î° +ëþ +³Št¿$,xf ÑÍÃÞX< +„Ÿô™ë§¶1ø&87wӑ*\µSŒâj<8I8ÃÃ-“ó+j +%ÿ‚eœ6uÍ鮙ƒp + +(ŽÀÀï]wðÁÞüX +ŒCãQóÈÕŽcðŠV0³É¬OK7mi‚ÁŽîBǁ;«$žÇð +Úœ +äÔÍV +\d rÿ‘W÷ ÷Ë328°t6Ûc/·Ý2ïƆ!Kž‹À:n`žõ“þÈìÿ&!õ` +OQJûûIŒòϏ¹ŠÅyaçendstream +endobj +3309 0 obj << +/Type /Page +/Contents 3310 0 R +/Resources 3308 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3220 0 R +>> endobj +3311 0 obj << +/D [3309 0 R /XYZ 71.731 729.265 null] +>> endobj +3312 0 obj << +/D [3309 0 R /XYZ 71.731 718.306 null] +>> endobj +3313 0 obj << +/D [3309 0 R /XYZ 344.496 708.344 null] +>> endobj +3314 0 obj << +/D [3309 0 R /XYZ 71.731 665.838 null] +>> endobj +3315 0 obj << +/D [3309 0 R /XYZ 137.484 650.062 null] +>> endobj +3316 0 obj << +/D [3309 0 R /XYZ 71.731 634.954 null] +>> endobj +3317 0 obj << +/D [3309 0 R /XYZ 137.484 619.178 null] +>> endobj +3318 0 obj << +/D [3309 0 R /XYZ 71.731 617.021 null] +>> endobj +3319 0 obj << +/D [3309 0 R /XYZ 137.484 601.245 null] +>> endobj +3320 0 obj << +/D [3309 0 R /XYZ 71.731 599.089 null] +>> endobj +3321 0 obj << +/D [3309 0 R /XYZ 137.484 583.313 null] +>> endobj +1028 0 obj << +/D [3309 0 R /XYZ 71.731 564.134 null] +>> endobj +378 0 obj << +/D [3309 0 R /XYZ 331.319 518.88 null] +>> endobj +3322 0 obj << +/D [3309 0 R /XYZ 71.731 495.391 null] +>> endobj +3323 0 obj << +/D [3309 0 R /XYZ 200.478 486.003 null] +>> endobj +3324 0 obj << +/D [3309 0 R /XYZ 238.116 486.003 null] +>> endobj +3325 0 obj << +/D [3309 0 R /XYZ 150.545 460.101 null] +>> endobj +3326 0 obj << +/D [3309 0 R /XYZ 71.731 438.019 null] +>> endobj +3327 0 obj << +/D [3309 0 R /XYZ 177.115 414.272 null] +>> endobj +3328 0 obj << +/D [3309 0 R /XYZ 71.731 412.116 null] +>> endobj +3329 0 obj << +/D [3309 0 R /XYZ 71.731 397.172 null] +>> endobj +3330 0 obj << +/D [3309 0 R /XYZ 71.731 384.22 null] +>> endobj +3331 0 obj << +/D [3309 0 R /XYZ 139.477 368.444 null] +>> endobj +3332 0 obj << +/D [3309 0 R /XYZ 186.142 368.444 null] +>> endobj +3333 0 obj << +/D [3309 0 R /XYZ 434.269 368.444 null] +>> endobj +3334 0 obj << +/D [3309 0 R /XYZ 455.847 368.444 null] +>> endobj +3335 0 obj << +/D [3309 0 R /XYZ 139.477 355.493 null] +>> endobj +3336 0 obj << +/D [3309 0 R /XYZ 71.731 333.53 null] +>> endobj +3337 0 obj << +/D [3309 0 R /XYZ 289.443 322.616 null] +>> endobj +3338 0 obj << +/D [3309 0 R /XYZ 407.569 322.616 null] +>> endobj +3339 0 obj << +/D [3309 0 R /XYZ 71.731 275.005 null] +>> endobj +3340 0 obj << +/D [3309 0 R /XYZ 354.1 263.837 null] +>> endobj +3341 0 obj << +/D [3309 0 R /XYZ 256.248 250.885 null] +>> endobj +3342 0 obj << +/D [3309 0 R /XYZ 407.28 250.885 null] +>> endobj +3343 0 obj << +/D [3309 0 R /XYZ 71.731 216.225 null] +>> endobj +3344 0 obj << +/D [3309 0 R /XYZ 196.473 205.057 null] +>> endobj +3345 0 obj << +/D [3309 0 R /XYZ 267.496 205.057 null] +>> endobj +3346 0 obj << +/D [3309 0 R /XYZ 71.731 180.898 null] +>> endobj +3347 0 obj << +/D [3309 0 R /XYZ 71.731 165.789 null] +>> endobj +3348 0 obj << +/D [3309 0 R /XYZ 139.477 150.013 null] +>> endobj +3349 0 obj << +/D [3309 0 R /XYZ 297.214 137.062 null] +>> endobj +3350 0 obj << +/D [3309 0 R /XYZ 330.352 124.111 null] +>> endobj +3351 0 obj << +/D [3309 0 R /XYZ 370.245 124.111 null] +>> endobj +3352 0 obj << +/D [3309 0 R /XYZ 381.765 111.159 null] +>> endobj +3308 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3355 0 obj << +/Length 1946 +/Filter /FlateDecode +>> +stream +xÚ­X[Ô6~çWŒÔ>d€‰;R%(]¶T-E0}„Œ‰g&%§N²Ëô×÷8¶ç2 +mÑ<$ã +ûÜŸs3Þxðۣ؇I‰ÂMvzämðåæÖ®&q-šw +¿ é&EiäovûŸŠ(Æñ&ö JB²ÙåïœçGZ·Ll]zN„ÔóܕìJœ¶GŠ^JŸÅžsP&î`ӇÝ/®wƒ!ÁÈ'Š©I–bÆ£˜§(ñb/A~ôbþD[ªX¿÷Í@æ£ €\’ +Ä6 +Þ՚β + QøšnÏÅ +n]U‹BJuW +:c NM0Üžs¥ä +õ¡Z“ý$ug–^ð<)ЊÉxUž·Qè ¥Vâ+Á©÷o™‘—¶ÃéÒL®ïc„ƒH[KÙègM,¶~ì°¿ºBœäWsÏ2-yÕh_»4,ëDў·aèè]Å~f»‹Ø뙭àï +Nd£ +”7Š\ûxÇƱ\éBì¥$Üž5)V{Su¯oôæâ0 9㕔éÐ ÚŒRlŽ”—"šø(ŠŸ]DÇ]ŽhM3‰è¯F€‚^·ÅN£Ý}€[â9wr³bêñ +ÀIÌ£žy¯ž‰tšºú°Žµ 828lºÛyFbX»öÈO“ÜRIâh@ϑ—yQ +Fõ(Æ)X &“˜¯»Û²È¡Ž+Pè,†Ý÷E{œAÑ¢Ó_tRÑÆÀŽ(öçÙ& Úv‚!#Ì^¯_þ4Aøì„QŠ0Ü7ŽuÜEìš væâ.¢¯eÕĆ· +âÐøNðº +ì<–‚"ã³°öœ/Êr–Œn™b8&pÒ2åsÉA¹Mô cšUK:ŽïœÐ»?Ùqª'Uln8ÏwGPÈ°¡Iÿ‚,6S]͵z]?›uÉÍŒÚuMGËòli(%PªÚfkšÒ4Ä?TÅßl–ðV²Q іš£V}kD:ÑvµTU{æm +2^MU;ѹ ºR©4eÎè4€ŠQÌytߪîl^µ[F#\ + Ô¡À/4QÚ>–›õR&ŠÚ$˜¡tßI$RQðÎø[dG€I&#¹™ûǶ) +JLeðÁa_Z¢Ųš† +"~Ôk!_Š +'Îv(PU© +T=2™n˂Uí21J€ ++{`ןîI“ž›vê +¡b«ç$3V>ÏvctçL:ÔŸ +¬eo­ÁðC'&û?Hõ  NƒÉMk×UŸ*™ÏMã–i=ú€iŽý?šЭo þ^,_©ìQ‰k¡€;k)]Ÿz¬Hml‘M%RY +À){•=.µ³*9ÿ€5. +eÏ'˲é†!" $g˜,"èЀ€ïŽG? +1ßB +žï&k±^s#Ïsž©G6 çÁ­‘ +~þýíîճ߮?>ÿõåõÖÅΫ +~ÚвÅO¡q*öøß C!?¥­ä^±ÿ-éå!ƒ”ó•„ç¡0‰5©,–82cÆqª€Òœeʼnå ™ú“žM§ +O=\W=Ó«I–3Ë{œülºüB'ËŽ£JÐ6>ºî±ŠAV°Õßž1ôUÉ$ š!€'Už€ +Ô>ò|À7ŽPä'ªN +¿×dñ@ +¥3ªŒ/#ÓuAXW{ ¿„P +C"ÅÑõˆ."ÔÐH!ÈE„®°û2Bd?;X²ÿ£a³Ð +æá èI™Î¬2’ $5e€¡§#-ª +këûŒÆ>òƒPÝÏÙY.¿Ps ÝÔÐçËÂÐPÄÃŽ•]hH€/ÒD·EE͜%ãȚý›+=ücÙ®„ÓŠKé{5ëº%„d[8͓ƒr2ã[(]–É5;BŠ0̈́moœ€hž¬ø*{› +›V7.G0 +0þ'Ρ;ÉÂúdŽ¶”€ +aHúÁ€¿¶ +Xѓ¹b”§ñ:éòa0j†î ·’œTꚙæ|a90œŸL“uG± +ÇÝ¡©—\}Kö5T™ +³Åt!ïÆ+’e£­dï]•u­u)7ƒmTµŠ­©š{VÐ6}øëgùÖYãÕÒ8ºéŒ}ây!û®áÆ„”-ÿyeDZñe/8Ù¿â8#_:‘Xcћ®ZÃ1ŽyÁÁ±”“wí +tgSK×ЃY’GPžšjÚû +ןé©.Ù¢Ñð€: +?xE?’,nèCèÅ|èÅ4I?í$®Ù—œþ‚tíendstream +endobj +3354 0 obj << +/Type /Page +/Contents 3355 0 R +/Resources 3353 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3393 0 R +>> endobj +3356 0 obj << +/D [3354 0 R /XYZ 71.731 729.265 null] +>> endobj +3357 0 obj << +/D [3354 0 R /XYZ 71.731 718.306 null] +>> endobj +3358 0 obj << +/D [3354 0 R /XYZ 71.731 708.244 null] +>> endobj +3359 0 obj << +/D [3354 0 R /XYZ 139.477 690.411 null] +>> endobj +3360 0 obj << +/D [3354 0 R /XYZ 172.961 677.46 null] +>> endobj +3361 0 obj << +/D [3354 0 R /XYZ 280.029 677.46 null] +>> endobj +3362 0 obj << +/D [3354 0 R /XYZ 470.623 677.46 null] +>> endobj +3363 0 obj << +/D [3354 0 R /XYZ 71.731 652.508 null] +>> endobj +3364 0 obj << +/D [3354 0 R /XYZ 71.731 639.437 null] +>> endobj +3365 0 obj << +/D [3354 0 R /XYZ 139.477 623.661 null] +>> endobj +3366 0 obj << +/D [3354 0 R /XYZ 298.38 623.661 null] +>> endobj +3367 0 obj << +/D [3354 0 R /XYZ 71.731 598.59 null] +>> endobj +3368 0 obj << +/D [3354 0 R /XYZ 71.731 587.696 null] +>> endobj +3369 0 obj << +/D [3354 0 R /XYZ 139.477 569.863 null] +>> endobj +3370 0 obj << +/D [3354 0 R /XYZ 421.855 569.863 null] +>> endobj +3371 0 obj << +/D [3354 0 R /XYZ 176.289 531.009 null] +>> endobj +1029 0 obj << +/D [3354 0 R /XYZ 71.731 523.871 null] +>> endobj +382 0 obj << +/D [3354 0 R /XYZ 263.698 480.773 null] +>> endobj +3372 0 obj << +/D [3354 0 R /XYZ 71.731 457.018 null] +>> endobj +3373 0 obj << +/D [3354 0 R /XYZ 245.866 447.896 null] +>> endobj +3374 0 obj << +/D [3354 0 R /XYZ 355.335 447.896 null] +>> endobj +3375 0 obj << +/D [3354 0 R /XYZ 71.731 422.825 null] +>> endobj +3376 0 obj << +/D [3354 0 R /XYZ 71.731 288.306 null] +>> endobj +3377 0 obj << +/D [3354 0 R /XYZ 71.731 253.461 null] +>> endobj +3378 0 obj << +/D [3354 0 R /XYZ 71.731 253.461 null] +>> endobj +3379 0 obj << +/D [3354 0 R /XYZ 71.731 252.215 null] +>> endobj +3380 0 obj << +/D [3354 0 R /XYZ 137.484 235.194 null] +>> endobj +3381 0 obj << +/D [3354 0 R /XYZ 176.777 235.194 null] +>> endobj +3382 0 obj << +/D [3354 0 R /XYZ 71.731 215.104 null] +>> endobj +3383 0 obj << +/D [3354 0 R /XYZ 180.523 205.605 null] +>> endobj +3384 0 obj << +/D [3354 0 R /XYZ 199.89 205.605 null] +>> endobj +3385 0 obj << +/D [3354 0 R /XYZ 71.731 193.949 null] +>> endobj +3386 0 obj << +/D [3354 0 R /XYZ 137.484 176.016 null] +>> endobj +3387 0 obj << +/D [3354 0 R /XYZ 206.375 176.016 null] +>> endobj +3388 0 obj << +/D [3354 0 R /XYZ 430.423 176.016 null] +>> endobj +3389 0 obj << +/D [3354 0 R /XYZ 137.484 163.065 null] +>> endobj +3390 0 obj << +/D [3354 0 R /XYZ 190.894 163.065 null] +>> endobj +3391 0 obj << +/D [3354 0 R /XYZ 326.674 163.065 null] +>> endobj +3392 0 obj << +/D [3354 0 R /XYZ 326.424 124.21 null] +>> endobj +3353 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F47 1176 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3396 0 obj << +/Length 1907 +/Filter /FlateDecode +>> +stream +xÚ­XYoÛ8~ϯðC‹È@E‹’š#@‹^i›¶ +»E[l™¶ +èZIn`üÉ¡%K¶“‡Â¢šñÌpŽofH'üè$€$ôàáÆÄ +Ø$ÉOœÉ +ŸŒ?¡Ha#‰Ý£y=?™œsãILâÀ›Ì—/ŽIHÃIè¹$bîdŸøfœYóªõÔv™cD?ï7™xŠ—íZèEVN©c­ôK#êŸð§ó?NÎç[%˜K‰ç +UIFjúÁ$"N(µ€‘C˜ëMB'"žï+-›õ) +èŽ.&^[EÀó5O‹ÑVw‹© +8ŽÙÓ/çÏõ¡®ç³)µ‚0Š_œ~óöüÝð +Ô +Aw$dûbhì +‘6xØ|ÈHjꑑ8/$~äï7|vâñ?ÇÅKñ_1p¬ôå”2KÔ§SƬFï&e1õ +K)RQ$HŸÜ X¯M@mœÚ—§È²Äÿւ·HÎõ£’Ñ*mښwE[ßOfaܝÿây•‰3ôuŸG +/†c$ð¢Ç +„ +bírû²ïúGø +òƒ¹Ñ~ïˆû +i€:þa¿Å=ÂïÇÄKñsãîrÓV›V¯ïÒ,3Ù]Þâ*œ•‰nœÐÇgbKäC +DEûüç«ùÇ©Z¯þ<Ùð¬})‘ZéwÇq5FìjgžŠË×)¥R)-Œ(§.³îô˚O]»V‹*ã# +©ã/ö0úªõ`>ñA Mz—¶ëA^,7Yv¯—ÿnxŠÏ³Ð‹2çòŒÇύu—.ë²AcCЃàB +2˜]# +ß­Ód(?QöÅ +]—› +e×”úÝaÎ +PŸžÅs iÂ_‰šTҍl‡&aÎ4Ûty P1^%*¶P‰¡û8ž‡ +Ñá> endobj +3416 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [156.015 480.683 200.846 489.594] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +3397 0 obj << +/D [3395 0 R /XYZ 71.731 729.265 null] +>> endobj +3398 0 obj << +/D [3395 0 R /XYZ 71.731 718.306 null] +>> endobj +3399 0 obj << +/D [3395 0 R /XYZ 180.523 708.344 null] +>> endobj +3400 0 obj << +/D [3395 0 R /XYZ 199.89 708.344 null] +>> endobj +3401 0 obj << +/D [3395 0 R /XYZ 71.731 696.687 null] +>> endobj +3402 0 obj << +/D [3395 0 R /XYZ 137.484 678.755 null] +>> endobj +3403 0 obj << +/D [3395 0 R /XYZ 71.731 671.617 null] +>> endobj +3404 0 obj << +/D [3395 0 R /XYZ 180.523 662.117 null] +>> endobj +3405 0 obj << +/D [3395 0 R /XYZ 199.89 662.117 null] +>> endobj +3406 0 obj << +/D [3395 0 R /XYZ 71.731 650.461 null] +>> endobj +3407 0 obj << +/D [3395 0 R /XYZ 137.484 632.528 null] +>> endobj +3408 0 obj << +/D [3395 0 R /XYZ 71.731 610.446 null] +>> endobj +3409 0 obj << +/D [3395 0 R /XYZ 71.731 610.446 null] +>> endobj +3410 0 obj << +/D [3395 0 R /XYZ 71.731 577.689 null] +>> endobj +3411 0 obj << +/D [3395 0 R /XYZ 237.877 566.775 null] +>> endobj +3412 0 obj << +/D [3395 0 R /XYZ 251.765 553.823 null] +>> endobj +3413 0 obj << +/D [3395 0 R /XYZ 124.533 513.724 null] +>> endobj +3414 0 obj << +/D [3395 0 R /XYZ 137.484 495.791 null] +>> endobj +3415 0 obj << +/D [3395 0 R /XYZ 485.336 495.791 null] +>> endobj +3417 0 obj << +/D [3395 0 R /XYZ 71.731 480.683 null] +>> endobj +3418 0 obj << +/D [3395 0 R /XYZ 137.484 464.907 null] +>> endobj +3419 0 obj << +/D [3395 0 R /XYZ 71.731 401.146 null] +>> endobj +3420 0 obj << +/D [3395 0 R /XYZ 278.733 388.194 null] +>> endobj +3421 0 obj << +/D [3395 0 R /XYZ 71.731 353.161 null] +>> endobj +3422 0 obj << +/D [3395 0 R /XYZ 71.731 343.198 null] +>> endobj +3423 0 obj << +/D [3395 0 R /XYZ 71.731 343.198 null] +>> endobj +3424 0 obj << +/D [3395 0 R /XYZ 149.141 333.699 null] +>> endobj +3425 0 obj << +/D [3395 0 R /XYZ 71.731 332.605 null] +>> endobj +3426 0 obj << +/D [3395 0 R /XYZ 149.141 322.042 null] +>> endobj +3427 0 obj << +/D [3395 0 R /XYZ 71.731 320.949 null] +>> endobj +3428 0 obj << +/D [3395 0 R /XYZ 149.141 310.386 null] +>> endobj +3429 0 obj << +/D [3395 0 R /XYZ 71.731 309.293 null] +>> endobj +3430 0 obj << +/D [3395 0 R /XYZ 149.141 298.73 null] +>> endobj +3431 0 obj << +/D [3395 0 R /XYZ 71.731 296.712 null] +>> endobj +3432 0 obj << +/D [3395 0 R /XYZ 149.141 287.073 null] +>> endobj +3433 0 obj << +/D [3395 0 R /XYZ 71.731 285.98 null] +>> endobj +3434 0 obj << +/D [3395 0 R /XYZ 149.141 275.417 null] +>> endobj +1030 0 obj << +/D [3395 0 R /XYZ 71.731 251.258 null] +>> endobj +386 0 obj << +/D [3395 0 R /XYZ 352.821 206.004 null] +>> endobj +3435 0 obj << +/D [3395 0 R /XYZ 71.731 182.248 null] +>> endobj +3436 0 obj << +/D [3395 0 R /XYZ 398.463 147.224 null] +>> endobj +3437 0 obj << +/D [3395 0 R /XYZ 71.731 114.248 null] +>> endobj +3394 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F47 1176 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3440 0 obj << +/Length 1568 +/Filter /FlateDecode +>> +stream +xڍXÛnÜ6}÷W,Ð-àeDÝUÀ@ÚÔiS4Hk/ú’-qWD$q#Qvöï;Œê¶u–HQs93sfŽxãÃÞ€¥!\‚ +IŒ)š+s„'¿_asbgŽì&g~Ý_œzä› +åIžÙ6až£§›4 +P›}ùÑ{S‘“ ÝvÄŸ— }=5œÖ·¢¢úŠæ[ì{Gœèi÷/=ìÿŒºÝ;#â£0xÑLsdef”l203‘fâÐG!wý + +Q€Ìüø?>H} f‡1JâTíÿ4ÛKÌÞ.ñ}o_uŽ¯x]êåwîæy»Ã +éJÖ +õžàæ*œ•757OFOWZÖ{·ßNŒ÷Þ`â|SÀ{*Á§PûòžõÅà +÷T€›÷JãÍ»¿µ€,;i.í{ù +D4 +#ºÃ>Jã|³“M­€9Õ&jÊk±-Ž=ꂷŸ|?8 +ÙbO0Þþ¬ÅÏ"a€CÐœkãßԌ¶¢ø.$é4wôÈz•gÊ'})”(y]H]óg}ËÄ<8`rK +ñƒ±ÐvÞh +š9—Œ!GÖ¢‚7¯{R‹×2NŠÃ +Àâ +NQ€c +lœ¡8ƒK +;ڕŲ>ÒÌ»mÉ£¬†Z%Üy$= +Õ«’"wôê•ŸL—pëM¹±²¹ 0SºJ.ƒõÜ֜”úä¡ÛŸÇœÒe 7œÄLyr^LÒ#JQ^éìÐNübҁ +[&•DF@n‘òiÄ +¬ÉÑd?˜Ó"€©kõšõ +rà'ãR¬Ã¥^Œ3'èÀÊ¢c„¶Ž) j–ÁŸÆšw1P +cåŒSií( Ö +©-c +/çþ'?öÏ(«)ÜbÃt‡N +wϵ–KÉðæو'Fá£u +KÈt˜šqãÑ +Ö +¢É·œÅEV\'†“aÛwíÌ5ÍËŒ+­¹СwFÙhܯB<êl†^ÌÍ +SÐkewTtŒJg4RÎ{«Óa•C^ŠÈfˆaå|šH{!€ÕŒ°4:Ï@ + +ˆG®LG‚‚Tb(œ‰(‘{v²LMÂ]vyäã,¥'ƇŸ>C +ûÞµ.&‰TSì¡Nf4 ‹°”n£Þr³¥ZÀ7fٔÔ9iðy›ÄÞõ¢‹±Š¡%ƒÈÖgç +œmZh +_$}ÐÒ¡6,;ꈜŠv”_Få™ÕµãøuÀKZS—cÈv°àÅ_Ñã ^ +†€†~XšÐÑf +ÚvŽ-š@°z* +œ› +/i“ó Ƈ + +££Úu.ÖlYT5€W9æxO©N\(ù1q}å6qÛÓM\ÖCTŽ|?6§'óï:^hb +ý¶œXÚÂ琛9r©Çä^£=Ò¶›ò,žóHkÞ + +0–™.[§ +p×xI¯ÆîŠ#øìRt +Ї9 +ÓÐÍ¿ØLÀo^ +fçú³ ôݒœlƒÙٜ9Ù7g^FÕjˆY͈®`€¢· êĹiåD +fÇ +=öÖœnŸ‚ Œ»ýçóÛ»mä{ÞŸ¿œÛfŸ÷ïí +<Š +aɞ°&R +w ¶¹c>wVðt¢Ô +šVÓׁZα@LΙîƒf€ù‰?Š&CÙÔÊPߛÒƑÚåÎô—ókÈÊàãé¥ß+Æ#«Ÿ+bfBøŒ4G€%©ÿ?¿9¬5ýÔ_‚Uendstream +endobj +3439 0 obj << +/Type /Page +/Contents 3440 0 R +/Resources 3438 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3393 0 R +>> endobj +3441 0 obj << +/D [3439 0 R /XYZ 71.731 729.265 null] +>> endobj +3442 0 obj << +/D [3439 0 R /XYZ 71.731 718.306 null] +>> endobj +3443 0 obj << +/D [3439 0 R /XYZ 71.731 593.76 null] +>> endobj +3444 0 obj << +/D [3439 0 R /XYZ 71.731 570.097 null] +>> endobj +1031 0 obj << +/D [3439 0 R /XYZ 71.731 502.602 null] +>> endobj +390 0 obj << +/D [3439 0 R /XYZ 281.757 436.376 null] +>> endobj +3445 0 obj << +/D [3439 0 R /XYZ 71.731 416.235 null] +>> endobj +3446 0 obj << +/D [3439 0 R /XYZ 226.659 403.499 null] +>> endobj +3447 0 obj << +/D [3439 0 R /XYZ 221.488 390.547 null] +>> endobj +3448 0 obj << +/D [3439 0 R /XYZ 71.731 362.488 null] +>> endobj +3449 0 obj << +/D [3439 0 R /XYZ 71.731 347.544 null] +>> endobj +3450 0 obj << +/D [3439 0 R /XYZ 205.298 326.388 null] +>> endobj +3451 0 obj << +/D [3439 0 R /XYZ 321.568 326.388 null] +>> endobj +3452 0 obj << +/D [3439 0 R /XYZ 71.731 288.53 null] +>> endobj +3453 0 obj << +/D [3439 0 R /XYZ 173.23 262.627 null] +>> endobj +3454 0 obj << +/D [3439 0 R /XYZ 220.532 223.773 null] +>> endobj +3455 0 obj << +/D [3439 0 R /XYZ 71.731 208.665 null] +>> endobj +394 0 obj << +/D [3439 0 R /XYZ 278.19 171.449 null] +>> endobj +3456 0 obj << +/D [3439 0 R /XYZ 71.731 148.332 null] +>> endobj +3457 0 obj << +/D [3439 0 R /XYZ 243.167 125.621 null] +>> endobj +3458 0 obj << +/D [3439 0 R /XYZ 476.37 125.621 null] +>> endobj +3438 0 obj << +/Font << /F29 790 0 R /F46 1173 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3461 0 obj << +/Length 2184 +/Filter /FlateDecode +>> +stream +xÚ­YkÛ6ý>¿Âßb#ŽH‰¢T`Èf'‹mMÜmQÈ2=ÖF#¹’<ÓÙ_ß{ùõ°3û@0‘-]]Þçá¹4] +ð®%"‚ +ËKøªxŒ Wðäo7ÔHF$ðdþ²œ¹{ϲUF²$Zm«(ˈ b%"FRÎVÛýOëwÇüÔËv0 +®¢¯/çJÞêýQêU³¡áúAédû/ý²ýöæ~ëŒàŒ’ˆ]5ӈÌ̓™”f„ƒy"LIÇÊÌœðόEŸîøõý§M +®ÿþý¯Ÿï?mÒpýûOð(ÖB冮;ýñÐT`8ãëg¹×wv/úšëË)«àÑ8fŒŠ„Ç)XfU)ëÞHy&³˜€¡0BÏeUiçNN¢ˆËM-+ëÔž +X +‘ˆóU@ÉL~^åpŽÞƙõ這ʫj—_LDløB +Î}€"$<ʌùym"ÕÔՋ{}ær +“PÄæ +ÐKho®&e]öe^•ÿF/DZØç}™Úå4u·=º×:›% +“„F&2T碩1$OÊײ†Œšî +dޟ[ó¥oô5·ÑƯԘ«;ËàŠ¶,֖¡Y®Îø·wòÐ8œV֔„ú¬¬E F=” +t–ª;xö\ªÌû¯b)ëÛ +çk¢\ +Wv§ÊÇûßóÇS%¿Ñáb/ü!I„­8rÁø9 +ÙùÝÐtm +žh`Ÿø?º,ÿd**rëCEÝÉŸ@UŽŠtùã1/ëyê£À†&fñµÍ«MZ¡»Õ‰‹bF¢lœ8W.t<ôšŠ•¿egnëôeëœN^]5ù~RFƒëy_6µ-ôUFàÐ6“wŠ‘W7-ÆøškY@Ĝʞ+0]^³zjœF,«îvÜ +ƒ³ªP~·÷Õ*à­lÛŠ +wn{®mCéë›â(‹/oô—Çfo{·a<ý%$T>ãd•B> +^iHhdóéŠàrdÉ +&æ¶eûÎä\4€ñŽY/%éökŽ"œC»z®c +|€=#c,!‰ZñcÓÛŸ=dð•“8€Æô÷Ø*Ò"]7*rOesîôNÐN$šì_ô­Væ]Sw˜Ž[}G +|Àbáµ*hüž×uc>w'Y”‡—Éf/À[ÍT™×ΐ@2xàê +® +8j—JI +×bÊð B”dŠ,ñf¹WuGô×íUaS«ð©jš/çÓÌRåô×­=wg•áÕ4ÇŠëëüÑzvX®ÞwUÇ¡£‰·Y +z<••Üe= +óÁO·{áMÕyÕõy/÷eûÆZȏžI#µ“H€‚p;˜n/•êü\õ ++-.Pv^u@Xå Ð2׆Oy;/_(ó(±GæDYBhœÓ +’dJn»{ +êdÞŽ™˜Ç=4Þ«QÖ"c'-(ë žŽ)FŒvoi +œÚ²i±çû—Ž`-%h— Wé©Œ’Ãú‚ŠD'M²Uœ à-1T+xBsŠ:Q„|–Å™·„OgTŒ²«‹[™«‹OáâÖe9§v€ÔÔÖË»ï>ÜÜ~Ü0±~ûýýŒx Ÿ13Âv3wÙóZÔËÖh3G œ†-µÞ¹õ8*ÎȊ*DAœ$lŽs +5ë+¶å8¯Ã‰Î1k¢!ä[ø§P¥[ 8@Z„Z§óúͬ˜˜ œA€µ‹KÅddOh^LEžšÎåh¹HvÕ +åŠ×ayóÎly÷Ÿ*ÆåGˆuW•»»—3¢a%ïڂ˜:25ŽؓÒ0úJL¡Ë112h» +“ùr¯ˆÉdùŘxË_‰#$0šD±Ò`›â¬Ëa‚äJEB8afóø«™1F;å¬ÇãÀCõ7»Ñ|阪âûaÍI×ìÌÄRwvgpzÜæ$&7û +¢yu–‹c9,9 +ToG˜= +sĂI/ᯙ·“ÙŒ= +Ðé +£Nã1Ì +x2ìC%±³êթ¡ñšZ +³‡ñIˆªÂûíæ§_ÂÕ +ªô[øûü=ß pÄB |EIÃS+W‡›Ï7?8MF˜Á8Í®)Ñ/kÁt®$°ö,äDdñЈ~3 û¢ÎÒÔÕá»·:³o7 +ís–INˆH/,žÎN2Ø0w'J +÷)=€5‡æÓY~DnyîúJÏHb"vÒ'`•áløª4DQ±|C?ó?æý”öî +µ*,»Ó[ƒøÄш•>Û±ÁQ^Ç6÷Km¯W<Êz!P ͌NSfˆ2u^fÉ¡Òúãɒq÷®"p·Wí*Í(GšÃtì\^=cPs +‹•œÃœ¬Ç#Mng‡"¯F>#”ãð.Å£žÍ a¶ŽÑWÐ4›ÿà +ˬó]qZà΀DZÝûg#×âðƒ-ïÈ ‹BÂ"> +†;Â&ŸY +98³<ŸÍsº + +œWTËWí‡Î²ñí¬hiÓ +nΕ‰hs²Y3Çm)”t&Ê +aøØTrèb‘‘ ÂÕÿ£" +ÓQŠŒÙÿ™>ÚE°y°«GÏÈCEòÁ™Ã6ÌX 埲¹ +Ñ +Ž=©IYÓsÌr‡¯^;t‹ ¯;s"ióÇ£ÿó™Ûk6ÎþÒÔéN“ýcv‘†a›³@ñ£,ª¿8šEƒ“ÛhØ Ãžƒ_E+¯Ž’aç%)ªOD,:]òlvb&@‡`Þ€ŸH­KÉ€È CÛîKçn™£þè +š5 +êƒÝÿÜPÕáf +ËÕɖÊÁ˜á³²†Ù6ÎøIGæ'$rˆfu!NSÜZÍ!`š‚µxðëLW>ÔöŒ~ +(Aÿžu±–àA=Ãó[X +„ +Š«¿– +"³Ë8€_]dDÐ~A/üâ5_é÷rê©endstream +endobj +3460 0 obj << +/Type /Page +/Contents 3461 0 R +/Resources 3459 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3393 0 R +/Annots [ 3473 0 R ] +>> endobj +3473 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [170.869 494.879 217.912 503.791] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3462 0 obj << +/D [3460 0 R /XYZ 71.731 729.265 null] +>> endobj +3463 0 obj << +/D [3460 0 R /XYZ 71.731 718.306 null] +>> endobj +3464 0 obj << +/D [3460 0 R /XYZ 338.1 708.344 null] +>> endobj +3465 0 obj << +/D [3460 0 R /XYZ 290.091 695.392 null] +>> endobj +3466 0 obj << +/D [3460 0 R /XYZ 71.731 660.359 null] +>> endobj +3467 0 obj << +/D [3460 0 R /XYZ 160.229 649.564 null] +>> endobj +3468 0 obj << +/D [3460 0 R /XYZ 399.688 623.661 null] +>> endobj +3469 0 obj << +/D [3460 0 R /XYZ 71.731 608.553 null] +>> endobj +3470 0 obj << +/D [3460 0 R /XYZ 71.731 593.609 null] +>> endobj +3471 0 obj << +/D [3460 0 R /XYZ 496.333 560.797 null] +>> endobj +3472 0 obj << +/D [3460 0 R /XYZ 71.731 522.939 null] +>> endobj +3474 0 obj << +/D [3460 0 R /XYZ 231.83 497.036 null] +>> endobj +3475 0 obj << +/D [3460 0 R /XYZ 220.403 484.085 null] +>> endobj +3476 0 obj << +/D [3460 0 R /XYZ 71.731 462.003 null] +>> endobj +3477 0 obj << +/D [3460 0 R /XYZ 71.731 462.003 null] +>> endobj +3478 0 obj << +/D [3460 0 R /XYZ 71.731 460.757 null] +>> endobj +3479 0 obj << +/D [3460 0 R /XYZ 137.484 443.736 null] +>> endobj +3480 0 obj << +/D [3460 0 R /XYZ 137.484 443.736 null] +>> endobj +3481 0 obj << +/D [3460 0 R /XYZ 71.731 442.328 null] +>> endobj +3482 0 obj << +/D [3460 0 R /XYZ 137.484 425.803 null] +>> endobj +3483 0 obj << +/D [3460 0 R /XYZ 137.484 425.803 null] +>> endobj +3484 0 obj << +/D [3460 0 R /XYZ 71.731 406.625 null] +>> endobj +398 0 obj << +/D [3460 0 R /XYZ 247.934 367.253 null] +>> endobj +3485 0 obj << +/D [3460 0 R /XYZ 71.731 347.148 null] +>> endobj +3486 0 obj << +/D [3460 0 R /XYZ 134.217 321.425 null] +>> endobj +3487 0 obj << +/D [3460 0 R /XYZ 348.59 321.425 null] +>> endobj +3488 0 obj << +/D [3460 0 R /XYZ 71.731 319.268 null] +>> endobj +3489 0 obj << +/D [3460 0 R /XYZ 166.376 268.773 null] +>> endobj +3490 0 obj << +/D [3460 0 R /XYZ 266.879 257.295 null] +>> endobj +3491 0 obj << +/D [3460 0 R /XYZ 287.115 245.639 null] +>> endobj +3492 0 obj << +/D [3460 0 R /XYZ 378.67 233.983 null] +>> endobj +3493 0 obj << +/D [3460 0 R /XYZ 219.205 222.327 null] +>> endobj +3494 0 obj << +/D [3460 0 R /XYZ 71.731 182.631 null] +>> endobj +3495 0 obj << +/D [3460 0 R /XYZ 160.229 175.767 null] +>> endobj +3496 0 obj << +/D [3460 0 R /XYZ 398.333 162.815 null] +>> endobj +3497 0 obj << +/D [3460 0 R /XYZ 193.424 149.864 null] +>> endobj +3498 0 obj << +/D [3460 0 R /XYZ 360.507 149.864 null] +>> endobj +3499 0 obj << +/D [3460 0 R /XYZ 474.189 149.864 null] +>> endobj +3500 0 obj << +/D [3460 0 R /XYZ 71.731 134.756 null] +>> endobj +3459 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3503 0 obj << +/Length 2009 +/Filter /FlateDecode +>> +stream +xڍYێÛ6}ÏWøme`ÍÕý’¢¶Û€M‘E×}Jû@KŽÍ®,¹¢”ÿŸCr(Qï"YçræÌPë­\ø筏$\üŒøqŽÊOoÜÕÞüúÆC‰ +Šl,™Ÿ·oîÞûÙ*#Y +¬¶ûUe$ñ’Uø$üÕ¶øâ< +é¹eÍzãG®}œt%»Õ·í‘雲^{®sÐ?kŸÂ¢¶¿¿y·íˆ|þ‹f¢ÈÜLo•‚™±4Ó +2&`Š›’ +•™Ÿë–œ•ûÝœ‡'œš‘ЕʥÌûuà:µt%Iz·ö]ç+¯;¡–wð΋ +Þ^ô£†QQWb +Ïnõí-Üä%gH;-þŠUUãœ8³œï/“gÚ +ñQ=yUЖîšÀ_»®_â}] +¢àÜjƒm<ÄQ¢Ü2;àÙ×µ9 +ÝŒ`Òn¢nÍV‹ÂÏŒ,õ]Y×OÝyÉ©Rª6*TRàNEÝ.÷}]BôDÏ:ÿ‘ +Na¬P™†ë¹áu£ë)ÌúèOh!Lâúþ*BâÃu‰ŒÌÆÒÄ`EjªHê‘å-‡2RÕD0àÊ'òÛ=‰Šöxr9Ð` +\ê—Ì1"›AffÍDÜì'4âÌ%Hj<|üðîóöóÚOœûOïæx4¡“ŒXgå¡­+îf +EŽÐI‘ +Ë)*+¹\_Iüž^‹Ô[W@‡9–lʗ Ž°y$óC̈§ýW&Š¹ãЕ‚ÄŠÐy};KžŸrÅ É®$E6ƒÌð€ö¡/MŠµ’S ÊÙñm¡œLéÉ)3šG9ÙÕ֝`Å>Ur»Šs^hÿv¢5ƒÈ“J—©€ÜàÑ*xœ+91.µ0ß°)§µ×ŠgÞ +VîçžÖýæV€§tŠXõϪê×† +T*úÓóÇàQxó’ +1$ÃDÇÄw؁b&¯¡ÞáäœÆSÔ?Hý +P3åÖ +Pß +®po‡àޜ.Ÿƒ~¡÷8,—§‚k³ä‰šGv»Ê˘ãßôÑÆŠ!•Åqϵ(ä»éùл€?ÁÎ +Š-Z&&Ρ¢/:: +@s·GcJnÒžc†M•šÃœi癍2âgáÙG4ðc}XJmâ©ÅbwUœ0L‡p—ØDfÏè6‘m8VEa0b +Ég +tæ‘4Jft¶t™VÞˆÊ –‹lö¹î™à©Ÿ>†¯‰é™5Ÿ“‰jŸ+љóð8Åy)“'ᬿ±h/lH,ƒ@òÎ0 +ÔU⁙ŽÊ™®ö×=7PÇ®j>Ri=üaÀÜŽ=_tbÆ +V8֞aÁªî£œwMc\ +8y +lQG£³™\ؘÁ9ÁÁùÖÊd›ñøFöÿ‚Ñâf:&¿6#Ï.ÔïŒxõ@0 +»-? +—üdX`øö1ÐÎ7~êNý2C7¬}f&­bô!lòó`ËŸQ¹ƒœŽ(r +h +›+4.971ÅûÈZÍâ[9ƃ¡•[³Šp4 +œ +bV78|`ЋrÜ +# +ùL&NJ)š‡(Z‘×ÄägŒ”€Þ˜@ôŒ™3VØäWwãœêøÖ-Žp +åÛWŠlš +.D7>%éÞÝT€ßž¯™Õy<óЂd‡®»Ø; €Åˆú¯mÀ¬ÓÈþ"™ÎðZ£ŸÌÒ²›|ÁqgŸ÷ ^†Î@õ91FjŒÍÎèø§€P&%yñƒÈìo‘ã°$ŠHßÿÊÿùNÿävT endstream +endobj +3502 0 obj << +/Type /Page +/Contents 3503 0 R +/Resources 3501 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3393 0 R +/Annots [ 3508 0 R 3509 0 R ] +>> endobj +3508 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [473.022 632.065 521.32 640.976] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3509 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.731 619.113 134.217 628.025] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3504 0 obj << +/D [3502 0 R /XYZ 71.731 729.265 null] +>> endobj +3505 0 obj << +/D [3502 0 R /XYZ 71.731 718.306 null] +>> endobj +3506 0 obj << +/D [3502 0 R /XYZ 463.929 685.031 null] +>> endobj +3507 0 obj << +/D [3502 0 R /XYZ 71.731 647.173 null] +>> endobj +3510 0 obj << +/D [3502 0 R /XYZ 148.134 621.27 null] +>> endobj +3511 0 obj << +/D [3502 0 R /XYZ 119.552 608.319 null] +>> endobj +3512 0 obj << +/D [3502 0 R /XYZ 71.731 588.274 null] +>> endobj +3513 0 obj << +/D [3502 0 R /XYZ 71.731 588.274 null] +>> endobj +3514 0 obj << +/D [3502 0 R /XYZ 71.731 587.029 null] +>> endobj +3515 0 obj << +/D [3502 0 R /XYZ 137.484 567.97 null] +>> endobj +3516 0 obj << +/D [3502 0 R /XYZ 137.484 567.97 null] +>> endobj +3517 0 obj << +/D [3502 0 R /XYZ 71.731 566.562 null] +>> endobj +3518 0 obj << +/D [3502 0 R /XYZ 137.484 550.037 null] +>> endobj +3519 0 obj << +/D [3502 0 R /XYZ 137.484 550.037 null] +>> endobj +1032 0 obj << +/D [3502 0 R /XYZ 71.731 520.897 null] +>> endobj +402 0 obj << +/D [3502 0 R /XYZ 404.76 475.642 null] +>> endobj +3520 0 obj << +/D [3502 0 R /XYZ 71.731 451.887 null] +>> endobj +3521 0 obj << +/D [3502 0 R /XYZ 71.731 382.203 null] +>> endobj +3522 0 obj << +/D [3502 0 R /XYZ 313.09 371.035 null] +>> endobj +3523 0 obj << +/D [3502 0 R /XYZ 394.882 371.035 null] +>> endobj +3524 0 obj << +/D [3502 0 R /XYZ 438.258 371.035 null] +>> endobj +3525 0 obj << +/D [3502 0 R /XYZ 71.731 323.05 null] +>> endobj +3526 0 obj << +/D [3502 0 R /XYZ 380.938 312.255 null] +>> endobj +3527 0 obj << +/D [3502 0 R /XYZ 450.815 312.255 null] +>> endobj +3528 0 obj << +/D [3502 0 R /XYZ 71.731 290.173 null] +>> endobj +3529 0 obj << +/D [3502 0 R /XYZ 378.846 266.427 null] +>> endobj +3530 0 obj << +/D [3502 0 R /XYZ 458.128 266.427 null] +>> endobj +3531 0 obj << +/D [3502 0 R /XYZ 119.552 253.475 null] +>> endobj +1033 0 obj << +/D [3502 0 R /XYZ 71.731 224.544 null] +>> endobj +406 0 obj << +/D [3502 0 R /XYZ 295.804 181.073 null] +>> endobj +3532 0 obj << +/D [3502 0 R /XYZ 71.731 157.317 null] +>> endobj +3533 0 obj << +/D [3502 0 R /XYZ 150.824 135.245 null] +>> endobj +3501 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3536 0 obj << +/Length 1348 +/Filter /FlateDecode +>> +stream +xÚ­XKoÛ8ŸçWøVˆ‘z/°‡l7éfáìš/ÅvŽLÇBõ0(*iþ}‡"‡’í(îÁÈAŒ4šù曧Lg>üÑYBIÀ +e„ÅÑ,¯®üÙ<ùtE­ÄŠ,F2¬®nîY6ËH³ÕvdIh2KF҈ÍV›ÿŒ;ŸWBÎ,òœ˜˜ëkWŠksT;ae3§Ÿ÷dþi +|†—þ_ý}u·r "FIÀÞ +iENa&LJ3ŒÄOI†=̯s +֛Θ¯ø«9ŒhLŒVkƒè”†vs„ƒÖ4 I +­îîÇŸ‘ꋘÓÈ{Ö:„,”Õù;ڐߍ–lŸOҌZ5ßüÈo,wŒÖÊ^ +Y,ò^Wµ“¢Ý5å^ æVQã£9õ,ÅyYô%oêoŸÏž:ÉUÑXa}§ÕlAӐÄa +F2LTÚȍ3Ý ":UT¢UŒÚ£ÊÈv‚Kµ\}0‚`˟D{šÉe„Ní3˜Š"X²èŒ&„ÑH³µ’E“0ËzŒ1Iu–%©·êÁá¯ÕãҜZ +ÂñÜÃ×7W]kÎ{n3PÇë44hK'w’ô¶t +û!ó^ Ÿœ#p6„—wRÂ᮳€%såFÎâƒ&ÄücðÃa#¶} +v¥2/@*xŒ²Vš-š-Ú±óŽÑÖ8ÁLÁ™ž/U?"QÈlžµŒÚñ¢&;U•§ŽÇ!”KjE¯-òzcô¯_Mº‰OšMÚK +¢Ö)‰Wð}És±qéz‚1@WlíÞŸA/5ˆ0ódߟà5!1ÚŠµ +ê£c”€UËÝÁ\ê®Z#hf/Åb£)ÓA­Q¿ÐÝÑÐ^hÑ×ݛ +7Ç­k³c„¿!@µŸ€5ה:ÇC +§K˜€$‚‰ùƔbЬà0zr|uóŒ2F|šÓÅHÝé@ +2B–£ÌA¶›þŽ[2êF +€HO +kœ +G‰ÛgK·Çã +ê +àeԌÐ/ZMñ$$N£‹ñ1š›æÃʜç£5Øíz²²4à u”7kŒQŽ­+ãâžòÇ†Ì +]Š”Ð`¬.ÙÕµ.PTƒI:¢ÿŽêÏÆâîGñN(ØUÒ4ŸT(Fê&C2çCÑ·‹ +þŽ{6,Sþé‘^Ì=§mÚ;#ò +yænñÑ +áÓÞÞ® +K^·ÛÓÅØ9î3B³àbžêŠ]·2ç}ß +•ïÄáˆ6•ÌÛÊŠ:¿ŸÉÐÃry÷év9E +‹á£ ŒXŸÔM҂2®1vv~e¢éN¯çŠœmAzÃ{ÅÝhSä\ +C|°<¹îÃ×u#+ +ü0j«¢îûiÒ>Ï3æÝþóðq’6æ÷[õ¥hÔMÓfe~¡MÔyÓÕ£‚Û,ê;­[„”È0ŒºMñ>%÷ó$ôn–wNqB“ŒÄpœ'#u“œ Œxk?Àººíò +zǶ+qn(QíǪzœ +{³c]ÁàŸïý÷éèã sÝæ€aœ×­>ÿ»|øøu’¿ %©±-`€nš?+s>§6E›7ö“]7£fµ‡g°ÿæ#ªž‹Š +Êlì°ýœ$Û4y÷•Aä䕈B‰Ô¢=H‚‰_EN-ý2YQÂendstream +endobj +3535 0 obj << +/Type /Page +/Contents 3536 0 R +/Resources 3534 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3393 0 R +>> endobj +3537 0 obj << +/D [3535 0 R /XYZ 71.731 729.265 null] +>> endobj +3538 0 obj << +/D [3535 0 R /XYZ 71.731 741.22 null] +>> endobj +3539 0 obj << +/D [3535 0 R /XYZ 71.731 718.306 null] +>> endobj +3540 0 obj << +/D [3535 0 R /XYZ 203.307 708.344 null] +>> endobj +1034 0 obj << +/D [3535 0 R /XYZ 71.731 691.99 null] +>> endobj +410 0 obj << +/D [3535 0 R /XYZ 345.522 648.893 null] +>> endobj +3541 0 obj << +/D [3535 0 R /XYZ 71.731 625.137 null] +>> endobj +3542 0 obj << +/D [3535 0 R /XYZ 71.731 625.137 null] +>> endobj +3543 0 obj << +/D [3535 0 R /XYZ 425.094 616.016 null] +>> endobj +3544 0 obj << +/D [3535 0 R /XYZ 205.508 603.064 null] +>> endobj +3545 0 obj << +/D [3535 0 R /XYZ 71.731 580.982 null] +>> endobj +3546 0 obj << +/D [3535 0 R /XYZ 71.731 535.154 null] +>> endobj +3547 0 obj << +/D [3535 0 R /XYZ 71.731 522.203 null] +>> endobj +3548 0 obj << +/D [3535 0 R /XYZ 71.731 507.259 null] +>> endobj +3549 0 obj << +/D [3535 0 R /XYZ 71.731 496.365 null] +>> endobj +3550 0 obj << +/D [3535 0 R /XYZ 139.477 478.531 null] +>> endobj +3551 0 obj << +/D [3535 0 R /XYZ 71.731 466.412 null] +>> endobj +3552 0 obj << +/D [3535 0 R /XYZ 71.731 455.518 null] +>> endobj +3553 0 obj << +/D [3535 0 R /XYZ 139.477 437.685 null] +>> endobj +3554 0 obj << +/D [3535 0 R /XYZ 71.731 412.614 null] +>> endobj +3555 0 obj << +/D [3535 0 R /XYZ 71.731 401.72 null] +>> endobj +3556 0 obj << +/D [3535 0 R /XYZ 139.477 383.886 null] +>> endobj +3557 0 obj << +/D [3535 0 R /XYZ 71.731 373.824 null] +>> endobj +3558 0 obj << +/D [3535 0 R /XYZ 71.731 358.816 null] +>> endobj +3559 0 obj << +/D [3535 0 R /XYZ 139.477 343.04 null] +>> endobj +3560 0 obj << +/D [3535 0 R /XYZ 71.731 330.92 null] +>> endobj +3561 0 obj << +/D [3535 0 R /XYZ 71.731 320.026 null] +>> endobj +3562 0 obj << +/D [3535 0 R /XYZ 139.477 302.193 null] +>> endobj +3563 0 obj << +/D [3535 0 R /XYZ 71.731 292.131 null] +>> endobj +3564 0 obj << +/D [3535 0 R /XYZ 71.731 279.179 null] +>> endobj +3565 0 obj << +/D [3535 0 R /XYZ 139.477 261.346 null] +>> endobj +3566 0 obj << +/D [3535 0 R /XYZ 71.731 249.226 null] +>> endobj +3567 0 obj << +/D [3535 0 R /XYZ 71.731 238.332 null] +>> endobj +3568 0 obj << +/D [3535 0 R /XYZ 139.477 220.499 null] +>> endobj +3569 0 obj << +/D [3535 0 R /XYZ 71.731 210.437 null] +>> endobj +3570 0 obj << +/D [3535 0 R /XYZ 71.731 197.585 null] +>> endobj +3571 0 obj << +/D [3535 0 R /XYZ 139.477 179.652 null] +>> endobj +3572 0 obj << +/D [3535 0 R /XYZ 71.731 167.533 null] +>> endobj +3573 0 obj << +/D [3535 0 R /XYZ 71.731 156.639 null] +>> endobj +3574 0 obj << +/D [3535 0 R /XYZ 139.477 138.805 null] +>> endobj +3534 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3577 0 obj << +/Length 1951 +/Filter /FlateDecode +>> +stream +xÚÝZ[oã6~÷¯ÐCƒÚÀ˜áE¥-0M33œ ~(0S,™Ž +ÕÅ+ѝfý +Š€.¶¥d +a·äAŒEžós> + +Š$ +†?⠂ƒ +ž—ä +ì=À›ïÄöXÛ.ë^Ÿo7‹ë74ò"ÌÛì<EHá FQÈ©·Ù~XÞìヒÕjM9^È<™|ešj/M#+W/Ì?µ¬þ€A¿o~\ÜnZœÄè$LÛå +Šè`!ðóýææ‡÷·ÿžýíæöö»ÛïNõºA„‘OÈ%Åù4zoNŸ-DB)Â>`ì‰;ÇÈ"ä +ѪÔ*srY×ñƒuÛG̱DÖ±* +—*ÎWdy€7ÄüºkÓž—²0­J&2]QŸücEøRnͯ»ªÌO’d©,”}]Ú8Æ汕1Š + +çåÑu-wðô£v'˜†£ˆS4ê­ÜéˆÇÇ̎±h·ñã*àKˏò Ò҂Ÿ“êà€q +Ú¬_‚ðwiž*m*jÔ¬!TåÞZSü§•œÑ&:è2Nö}ËÎh+ð /; +ìˆyè¹ÑâT+-µŽÏÒZÉ­ +Ò­i_ƕí]—•rÎŒl# +öʑ¡j«{Í€ÛÇ+Š-&Ó±(Ir¬*§EÇáQªŽ*-–ŠãR +Ñ[EkƒFÑjh硬ëô>³2”%l}Iºséøå‡ÆÏ'ŽÒhÒKÍ2's/ã-d;‚4ƒz£,7ëŽxhqÄ-$p]Õ§W¬ÉŽíKz +€,:Oô\ŸY x7°+?ÖÊÍ;ëÔ8ÏÃàë7~à +0كf²ã¢D<°íUž™Žý¬à‡ +BÛïÕ¹ E¡ÓX:"‡3$¢NŽñDqdӐ»Ž»²TSÀ¢¡ÀJêž«ÞôÈžwnž©™Ã4dˆ‡|1²2‰Ûɑ'ÚÆÊå€R›Òä­ +{aE]ð;#(ˆ| +[kÈ y‚–ŽºÎÒûëÇãjM–™Œ>7˜Pp! +†×Rž. +,âˆÀdáÂ,‰—Ö,×gÝët¶ œ +ÒjïŽ{]r|ø©rߧˆBXŠ”»>“ÊOiåߘ€ÛèÞŽq€LQ¥÷:û +hM<¬xA óå'ÿl±ŽH²ãÖÍõI¯ +.wÄùa¥ƒÐŸ‰õ¥X +‰gÌ!ŽQ„ +U/’žM~ûïHo—Ê}$ÉÖ;»2ƒ*ŠÃ'HNn’@ÆHd®²Žø”fÙ0qäôFš¯Mu™Õ€Ÿ¯ÆêNE:ÂÿZ|ø +{[ Ã +Œä‚OÐƈD‘—/|LÍÿÙânñë_áŽë< ‰ +­1ÅÍ +bLËö +JY;#Ö~e :¢’þŽ + +ˆŠ¡ +ÄŒqÿ/ÚÁû2۞”Œb2ßë‰ü띰I€ŒúˆÂ}€wéC‘jb'q‘Èó¢—ÂẫQlj€Ñ +ûܙ‚.á_. -ü›ŸÀÑW›Qt’æ À.G€>®]‘¹ +SWÌh”sà|a$ +&À(0ëÎÕÝ(:Asp`Vˁ֝Š+u<<‡sÀ +P úì)À¡< £i +pŽš +ލr “4&pµ +èár{ÚáV3‹]}œ”EaJŸqvÌaÀ +K,€÷bš + +~bŠ\»úy” +€9Ø1«eG×Ï÷}¡ãA=N„9°Ÿ°4»Ù?Q.€ãydË +×£Dè$ÍA„ \-zž6«²ƒŠ³36ŽŸ>÷EI/+°±8 +Ɖ2‡-/,càöIO”8BÔ~›žz?J”NÒ +D™ÀÕ¥‡ë}ügšsNJü˜©žå±îˆ£¿->•Iæ°áÿ›Iú¡å(„^SçL@i.øÿ`ïnŸF>oóÎý +†~îs‹ùØNîÞÇÀañÜÝ{Oä +“l + ›d}€ÏۜςñeeYÆŠh0™eÄLÅ«·£è$ÍA€ \-zžÞ–®>ן÷GÓè, _VAÆH€xÈŠ ;‹§öî=Is0`Wˀ +®öTn<øsà{aÓD}2 +| +Î~êÛ]OÐ +±Ÿ€ÕÆŸƒuyË>88 +'Å +Àÿ. +Ãà@Ÿö—ÍÞٌ¹Ì@”0¶®J_ٓ¿×ZÔ +7Ÿ_Šp™¥úúˆŸ(™ŸŒúÒ4šr +žŠœ‚ÆÛÍûwŠU +ÕášL;׃Í#üwoûBñVÉÂ#õßÖŸÔWŠ +;möi +ú0±°[1ˆ¹® +!ÒÍ¡•Œ š>@c•OP› +Æhp% +lMáŠA-מ[‚? ”zÍÙyë@ áÞZ0DüšÛ}d$ßì+­Ÿ,Õ +3+BJ×#^×CòÞVu{²H@øUwsÇ +öÇ÷™Þ> +Ïú“}Uº»©ªef¥Æ»öPÝÿÖÙ +§EªÒ8Kÿ +ëíˆU'Sµ×:ªá¥ˆcÝá΍Ãû%I™ç­ä,-äà2Iw⇠+v +ŒÕ›`b +y×û/lÑö¡‚Zjj/¬ÖÆËõÚüµÀ¹§ëŒÆÕ:F¡;FŒ6ݶéYk/Vù! +‰˜ŒzÕu9»yŁ< +Èc»hÂ¹>u®é?ßj®endstream +endobj +3576 0 obj << +/Type /Page +/Contents 3577 0 R +/Resources 3575 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3607 0 R +/Annots [ 3588 0 R ] +>> endobj +3588 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [395.176 570.695 442.219 579.606] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3578 0 obj << +/D [3576 0 R /XYZ 71.731 729.265 null] +>> endobj +3579 0 obj << +/D [3576 0 R /XYZ 71.731 741.22 null] +>> endobj +3580 0 obj << +/D [3576 0 R /XYZ 71.731 718.306 null] +>> endobj +3581 0 obj << +/D [3576 0 R /XYZ 71.731 707.163 null] +>> endobj +3582 0 obj << +/D [3576 0 R /XYZ 139.477 690.411 null] +>> endobj +3583 0 obj << +/D [3576 0 R /XYZ 71.731 609.549 null] +>> endobj +3584 0 obj << +/D [3576 0 R /XYZ 225.663 585.803 null] +>> endobj +3585 0 obj << +/D [3576 0 R /XYZ 279.062 585.803 null] +>> endobj +3586 0 obj << +/D [3576 0 R /XYZ 354.718 585.803 null] +>> endobj +3587 0 obj << +/D [3576 0 R /XYZ 251.246 572.852 null] +>> endobj +3589 0 obj << +/D [3576 0 R /XYZ 257.523 559.9 null] +>> endobj +3590 0 obj << +/D [3576 0 R /XYZ 325.308 559.9 null] +>> endobj +3591 0 obj << +/D [3576 0 R /XYZ 71.731 537.818 null] +>> endobj +3592 0 obj << +/D [3576 0 R /XYZ 71.731 524.867 null] +>> endobj +3593 0 obj << +/D [3576 0 R /XYZ 71.731 513.659 null] +>> endobj +3594 0 obj << +/D [3576 0 R /XYZ 71.731 513.659 null] +>> endobj +3595 0 obj << +/D [3576 0 R /XYZ 71.731 385.938 null] +>> endobj +3596 0 obj << +/D [3576 0 R /XYZ 71.731 373.819 null] +>> endobj +3597 0 obj << +/D [3576 0 R /XYZ 71.731 362.611 null] +>> endobj +3598 0 obj << +/D [3576 0 R /XYZ 71.731 362.611 null] +>> endobj +3599 0 obj << +/D [3576 0 R /XYZ 71.731 300.842 null] +>> endobj +3600 0 obj << +/D [3576 0 R /XYZ 71.731 280.917 null] +>> endobj +1035 0 obj << +/D [3576 0 R /XYZ 71.731 232.698 null] +>> endobj +414 0 obj << +/D [3576 0 R /XYZ 161.302 187.444 null] +>> endobj +3601 0 obj << +/D [3576 0 R /XYZ 71.731 167.303 null] +>> endobj +3602 0 obj << +/D [3576 0 R /XYZ 200.478 154.567 null] +>> endobj +3603 0 obj << +/D [3576 0 R /XYZ 71.731 129.496 null] +>> endobj +3604 0 obj << +/D [3576 0 R /XYZ 71.731 129.496 null] +>> endobj +3605 0 obj << +/D [3576 0 R /XYZ 143.761 119.997 null] +>> endobj +3606 0 obj << +/D [3576 0 R /XYZ 216.389 119.997 null] +>> endobj +3575 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F44 1165 0 R /F47 1176 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3610 0 obj << +/Length 1850 +/Filter /FlateDecode +>> +stream +xÚÍXIoÛFŸçWèP `9$‡K€^;AŠŠ(ݒ +(rd±&9ìôòïûfãp• +æ¢Ç·/ߌqàoBŒB.nŒÜ€lÒò•³¹ƒ_>ŒÂšb¯Iöš·‡W×ïÝx£8ð6‡ÓƋcâpz.Šˆ»9d_·ïÎIÝRŸÛ»ÄÙH]Ÿ»‚^©ÛöLÕMÁvØÙÞ©‡†òøèûá·W·‡^ âbä¹ÕÔ$s5C«&Æ1" ^èDÈó}©&Ó +ŸÕ•Ó¿;ÚŽy¥Ê[}­&j§ ö¶úæ8î]Ǔ6gš@Œ)èaÂõ{?ØD =ÒÍ +t +p,å~ý”7éwMŽš0P‘@R}¡í»3g¬œÉù¯Š˜ vBA€e^ŸÒ:iϊbhò^ÓìEdÂPR~Ԛ2ž™øŽL]kNë„k +OÆ7Öæ3Ø,ÔQ%y1æ‰P—l­ +ëڜÓLûÆÅÖjLìpP€”ᇌ6.ôdpçFÚ`iFIÑÖÙÊ3®„&lRž×m3gçȋˆ¡êŽh—¶ÂjRUqg'+EÞ4¬ã©Ÿ_ú¹þY×D\b¡ÇnÉ”™+ìȍ.©Œ9jÎsý9A¬édØ@@Mùiç9:™·¥ø +B1#O'”Š}ÓÒZkõÍ!Žÿ°V²Êì{bߋGVÚ:+ +~‡¢€Òíž5š-vCD\Š×C®-V­¡Ùˆæe;a$ìXç +ȏü%qÓ«¯¿¹,~ÂX67VÖy!Âì‡ÛŠñ2)ÀCÙ"õêSr/<£ šNf„mŸY§^uþæ"aæ݇1$„IáŒ>\sˆ+ç%Nhx®&ÑÊèIOº¢U2ò“–µƒì{ÊewӝDãêööÍ¢ln«–³ZpzVùäzFA$¢†bÝå?$BýŸÔoZ²Jó^l!ž‚@ÃXŸËšhyJõ˜øxZpHä!àtHdJ$cT·ŸÊŽ­Þ +ÓÞ5vÜ sµ ±ê2 +1 +|í,eŒÞ•ê$þ™¡QG(‡7³Ž/ÓN7”cҜ =bäô)_&÷À~¶€ „ U + Ä0-Ô×*B0€fŒýEØ0ε-S +÷ØwPä#Dò?Pt5Âÿm +û£Hëµ\èH‚†Ù€h=—5PÁ[Ï幞ÈåKâ'Œ +ø÷ŠUõÙ+±äö? ¯s^%\7 Awè)yWª±‹NEu­€‹y{ÝŽÐÕ³gcËÐl +É튐4m_^ QTØj×ñbª‹\ŽÔ€h5R†FžÊ_Ô‚ž—#uQü„±ÿçžP¹mÄŽÚùŒRΪ&RóåmÒ䩁(z0(("š>¥ýÐʖ ˆœûñZ±Ž¶ +C:\7DL,$Hª•¹hQ€Öpaá臐€ژ}ájÎ ¶„È +ðéVŇ–‘^ŸÆ)ð$7À1x’/5Purg€„‹°æò?5,U@²œ2S|âÙ£%.ó*/»rn&!€œŒŽM¯ë€i +³ç/Á玳®^`ã Ø‰{D*öá +Žè<-h_ËvzŠ”È%üœí¡£Mnµ¢ +S¿«jð©L›Bº;ªàÌV‚ +Œk{—œ DÁuxüLë"IûæÎN‡ýXã"xÜöZšxƒЧ«‰n¥ +þHÍÊõÌJjÇç1ªÓ«lÖÆ^4rҌ¥A#,—22@ñ›ç‡K®Ï² Ï²Ôf™Žçx¥Ÿ ý›?Ÿ, +€`'DA¿•‹ü©ÀÓy›žQʪÓ<b +x+ŒœŽxÀî̳æنðñOdµ`³¢ÑèÄeø +º¶ƒGñ<9mXñ°Â5‚ÿRÙ +í‡dÐ&L +|DÈOpª9kYʊfÅTÃjuʺŽU‡¬¥Y±šDˆ"«#v.ëå {Iö˜­\ë9MZ:Úršç²È«û¹+C9ŽI +káLQ<]ð$àÑá‘ÍBa ×dzùz‘)ÆùA8Xû+v5>²|Ì͂Òïuº¯ÝO7L3hÁa$D^äX~•˜RÖÉœFÀ]y"NpúVg›oiššŽQR†éΑœÔá0tz »ÚnãóµtŠT +,MG3¶9'}/*ò#Oô4‘ÐrŒdAìŒ÷ÉÛÙªÍzވ­CýÙu’õè©6GÀÚ èœW†ÜîړÞ+"g›+Kӎ7³ +Ðgðr +/žÒ[’Ù!=œÈƒvªI„A!Y9iŸKúτGendstream +endobj +3609 0 obj << +/Type /Page +/Contents 3610 0 R +/Resources 3608 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3607 0 R +>> endobj +3611 0 obj << +/D [3609 0 R /XYZ 71.731 729.265 null] +>> endobj +3612 0 obj << +/D [3609 0 R /XYZ 71.731 741.22 null] +>> endobj +3613 0 obj << +/D [3609 0 R /XYZ 71.731 718.306 null] +>> endobj +3614 0 obj << +/D [3609 0 R /XYZ 71.731 654.05 null] +>> endobj +3615 0 obj << +/D [3609 0 R /XYZ 71.731 640.035 null] +>> endobj +3616 0 obj << +/D [3609 0 R /XYZ 71.731 625.091 null] +>> endobj +3617 0 obj << +/D [3609 0 R /XYZ 183.331 615.592 null] +>> endobj +3618 0 obj << +/D [3609 0 R /XYZ 426.191 615.592 null] +>> endobj +3619 0 obj << +/D [3609 0 R /XYZ 71.731 566.077 null] +>> endobj +3620 0 obj << +/D [3609 0 R /XYZ 71.731 566.077 null] +>> endobj +3621 0 obj << +/D [3609 0 R /XYZ 71.731 556.115 null] +>> endobj +3622 0 obj << +/D [3609 0 R /XYZ 137.484 523.238 null] +>> endobj +3623 0 obj << +/D [3609 0 R /XYZ 316.96 523.238 null] +>> endobj +3624 0 obj << +/D [3609 0 R /XYZ 320.835 510.286 null] +>> endobj +3625 0 obj << +/D [3609 0 R /XYZ 71.731 482.227 null] +>> endobj +3626 0 obj << +/D [3609 0 R /XYZ 137.484 466.451 null] +>> endobj +3627 0 obj << +/D [3609 0 R /XYZ 71.731 459.686 null] +>> endobj +3628 0 obj << +/D [3609 0 R /XYZ 71.731 459.686 null] +>> endobj +3629 0 obj << +/D [3609 0 R /XYZ 161.694 449.813 null] +>> endobj +3630 0 obj << +/D [3609 0 R /XYZ 229.479 449.813 null] +>> endobj +3631 0 obj << +/D [3609 0 R /XYZ 71.731 448.869 null] +>> endobj +3632 0 obj << +/D [3609 0 R /XYZ 161.694 438.157 null] +>> endobj +3633 0 obj << +/D [3609 0 R /XYZ 229.479 438.157 null] +>> endobj +3634 0 obj << +/D [3609 0 R /XYZ 71.731 437.213 null] +>> endobj +3635 0 obj << +/D [3609 0 R /XYZ 161.694 426.501 null] +>> endobj +3636 0 obj << +/D [3609 0 R /XYZ 71.731 425.557 null] +>> endobj +3637 0 obj << +/D [3609 0 R /XYZ 137.484 408.568 null] +>> endobj +3638 0 obj << +/D [3609 0 R /XYZ 212.482 408.568 null] +>> endobj +3639 0 obj << +/D [3609 0 R /XYZ 71.731 406.411 null] +>> endobj +3640 0 obj << +/D [3609 0 R /XYZ 137.484 390.635 null] +>> endobj +3641 0 obj << +/D [3609 0 R /XYZ 373.278 390.635 null] +>> endobj +3642 0 obj << +/D [3609 0 R /XYZ 71.731 368.553 null] +>> endobj +3643 0 obj << +/D [3609 0 R /XYZ 251.665 357.758 null] +>> endobj +3644 0 obj << +/D [3609 0 R /XYZ 310.445 357.758 null] +>> endobj +3645 0 obj << +/D [3609 0 R /XYZ 71.731 323.098 null] +>> endobj +3646 0 obj << +/D [3609 0 R /XYZ 192.836 311.93 null] +>> endobj +3647 0 obj << +/D [3609 0 R /XYZ 251.616 311.93 null] +>> endobj +3648 0 obj << +/D [3609 0 R /XYZ 137.484 298.979 null] +>> endobj +3649 0 obj << +/D [3609 0 R /XYZ 189.937 286.027 null] +>> endobj +3650 0 obj << +/D [3609 0 R /XYZ 71.731 263.945 null] +>> endobj +3651 0 obj << +/D [3609 0 R /XYZ 245.11 253.151 null] +>> endobj +3652 0 obj << +/D [3609 0 R /XYZ 341.548 253.151 null] +>> endobj +3653 0 obj << +/D [3609 0 R /XYZ 394.948 253.151 null] +>> endobj +3654 0 obj << +/D [3609 0 R /XYZ 137.484 240.199 null] +>> endobj +3655 0 obj << +/D [3609 0 R /XYZ 223.163 240.199 null] +>> endobj +3656 0 obj << +/D [3609 0 R /XYZ 292.702 240.199 null] +>> endobj +3657 0 obj << +/D [3609 0 R /XYZ 124.533 226.003 null] +>> endobj +3658 0 obj << +/D [3609 0 R /XYZ 137.484 208.07 null] +>> endobj +3659 0 obj << +/D [3609 0 R /XYZ 207.491 208.07 null] +>> endobj +3660 0 obj << +/D [3609 0 R /XYZ 279.401 208.07 null] +>> endobj +3661 0 obj << +/D [3609 0 R /XYZ 71.731 157.26 null] +>> endobj +3662 0 obj << +/D [3609 0 R /XYZ 155.237 144.309 null] +>> endobj +3663 0 obj << +/D [3609 0 R /XYZ 71.731 129.201 null] +>> endobj +3608 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F47 1176 0 R /F55 1335 0 R /F21 781 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3666 0 obj << +/Length 1657 +/Filter /FlateDecode +>> +stream +xÚ­XKÛ6Ÿï¯ð¡ÀڀE‹zQ +ÐCš&iŠ&Y$F‹¢é–ž¶º²hˆÒþ÷ +’CY²”EÅ+J|Ìë›o†Š +þè‚QÂBx ’x‘ïüÅ +fÞßQ\ááo°æ§íÝæ]-2’%ábûž³Œ0Ê, +H‹mñ×ò́ŸZѬŒ ö— ±ÏKW‰µ +¶a•\Q¹·/J4Ï°éïí¯wo·œq@IŒš&.™ªI)š™h5i˜‘ˆš~JÂ(2jnËÓ+-nó>\WÂ(HádœäÃ#èÆÒåeøKÙÙÞ;èTYïíP]T%q +ƒ=L¬g¶ÖBxJN@²ÏŒ`?ÍPr!ž7úĉ~aBÂ4ÆUJæúø'ýOŽö䲶Oëeä‡FJœü‡—±Ã²°1ZÖ#@â +F"œJ)Ibf„•uÎqoKY+»í\VÚTé€ÆËóŒå­ŽÏ×_ŸWp +ªÇQØâ“( ;®?à"v]$„Â&ô©q„)ñý¥‡qŠãEBâÐD b$ +#\œ±Þ-Êfz,`.f[8Šè›à㜠+ΎCüïÐäöñŸÖ¹Ö=Œ÷T¹¯ + +sYóý`ß5zքU`»×8Ql§ôf ؀à?õ‚syZ +øöM¢ŸûÓ~ŠSƒ94o¹)t÷(x™ÆÆ} # +¢ç±¢˜™}OaþEš¶)s<„ç¹P=pÛfl¹;7üd_Ÿù±ßæø¢?Ÿ MÀ0å³+RÐÇÓüǬ֯•e4cr¬ÑÛE£ŒsõJ é×W^Ž£œãôNˆ²åN»¿+«Â~F}5Uv§“lZûò(‘iÑ +<·$™÷U¯¢U(ç÷¥t)jqä÷« +CV66ƒXŽY™š@þЀdÈì ¢áM) +œ]¥`Š +‹šïœ)í¡TšG§Vt)®Äo +éÓ;)I2—}C@ŠK1ãï€Ð„âjy2ˆµ‹U Ø+‹ +IzžöœgÜ£#žœÆ>U r`œ–FÚÄLý ŸÃ”F + +ÃQs +ŒžýÎÅò6æט‚ÏyjJÞ +çÏV{£YßxÐä + ‰HL¹Ñ曃T­"šÏScÓ”Ä Ãå@›ÙLõB`#? +Fñœ]ˆú2s4ä`ê(J²ÒX™R^’ô€y­c?ÉVÌP^C¢/Q^§ÄˆGƂbÍìl‚-1• +Є3žŠéÐÓ$£¬Ç•†ŒÖ¥^Y«ÜíÕü(~üôúãÛúŠ émY÷J# +"&FD»Ž*ÍáÀº˜Àx)uLiýǑÔîµìûµ+­ +SâŒ{žŒ+Óœ>W’w¥»Ó•ÁyÛÉëKpÁÅ±ï ŽfY~Ôñø# +æq;t Ó0 +Ÿ‡[{ŠÎ|LSá +×щ1é#Z5C̖H?š3¶ÌÄ®ÊP¬2_E] + +ŸéFÔØ}Š“©JHkõŸªÈä)`ŒÝ€g.öµ–8’J•–yŒ +Å(QcÙh3  Üj²v'ç7í¹]cÇ +tT}ÄÒÉ®JÕ:æ“cŠê+5ÖÔ¢Å.áÉ.3evN’ +Šjä@p£îŸK0bŽ7AɂRxD§µn–«'g%w.¹8/d}¯ë +Š0r§wJh-zå®fLË£ÍÝ'7;š +¿H­ÿY+lK +³«×7á +„u`$ÄÚãb€ ·?ÞØzîKŸú±y{ãÉBTåPÉáæJñœë.ÍÎÔ!/v>A×&ˆ‘œܔ˜›Ä\å:«mô +rš4”ÔVæ²Z;_”ùÁÔŒê +‡!n“G‰vÖ +áS#ŒBhš°íó4·,§ÂA¶×fÕpÉR­”žaw™U +}ùŠkxs)^ +O•8Â'Ž»Â5ºÃ0ꛝ/oû¬›º×?ϐŒlç.˜lSLBÝå +ÂֈJòâVÓŸzšk §&*Q MßݐŸnu†}~˜ê£¯]=ý:ðµ¢9–ußM +e¯ +‘&á`”^ +¯9‚s=òs/õלPMR¶à•iÿían‡ƒ×¥o¶’ëŒ +XBæô‘Ý×ÒADu€Éiê8h‘Û_DðW™( + +€œø»ÍuÉäg›*RwŠȒïüö2•ô/ê`¹œendstream +endobj +3665 0 obj << +/Type /Page +/Contents 3666 0 R +/Resources 3664 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3607 0 R +>> endobj +3667 0 obj << +/D [3665 0 R /XYZ 71.731 729.265 null] +>> endobj +3668 0 obj << +/D [3665 0 R /XYZ 71.731 718.306 null] +>> endobj +3669 0 obj << +/D [3665 0 R /XYZ 330.494 708.344 null] +>> endobj +3670 0 obj << +/D [3665 0 R /XYZ 495.814 708.344 null] +>> endobj +3671 0 obj << +/D [3665 0 R /XYZ 161.265 676.234 null] +>> endobj +3672 0 obj << +/D [3665 0 R /XYZ 213.557 676.234 null] +>> endobj +3673 0 obj << +/D [3665 0 R /XYZ 76.712 654.615 null] +>> endobj +3674 0 obj << +/D [3665 0 R /XYZ 71.731 634.69 null] +>> endobj +3675 0 obj << +/D [3665 0 R /XYZ 473.604 623.034 null] +>> endobj +1036 0 obj << +/D [3665 0 R /XYZ 71.731 583.482 null] +>> endobj +418 0 obj << +/D [3665 0 R /XYZ 468.524 538.228 null] +>> endobj +3676 0 obj << +/D [3665 0 R /XYZ 71.731 514.739 null] +>> endobj +3677 0 obj << +/D [3665 0 R /XYZ 200.478 505.351 null] +>> endobj +3678 0 obj << +/D [3665 0 R /XYZ 337.802 505.351 null] +>> endobj +3679 0 obj << +/D [3665 0 R /XYZ 248.248 492.4 null] +>> endobj +3680 0 obj << +/D [3665 0 R /XYZ 318.364 492.4 null] +>> endobj +3681 0 obj << +/D [3665 0 R /XYZ 71.731 470.317 null] +>> endobj +3682 0 obj << +/D [3665 0 R /XYZ 242.4 459.523 null] +>> endobj +3683 0 obj << +/D [3665 0 R /XYZ 384.067 459.523 null] +>> endobj +3684 0 obj << +/D [3665 0 R /XYZ 119.552 446.571 null] +>> endobj +3685 0 obj << +/D [3665 0 R /XYZ 71.731 445.164 null] +>> endobj +3686 0 obj << +/D [3665 0 R /XYZ 71.731 430.22 null] +>> endobj +3687 0 obj << +/D [3665 0 R /XYZ 221.025 419.971 null] +>> endobj +3688 0 obj << +/D [3665 0 R /XYZ 291.285 419.971 null] +>> endobj +3689 0 obj << +/D [3665 0 R /XYZ 432.221 419.971 null] +>> endobj +3690 0 obj << +/D [3665 0 R /XYZ 139.477 396.659 null] +>> endobj +3691 0 obj << +/D [3665 0 R /XYZ 247.351 396.659 null] +>> endobj +1037 0 obj << +/D [3665 0 R /XYZ 71.731 368.763 null] +>> endobj +422 0 obj << +/D [3665 0 R /XYZ 358.399 323.509 null] +>> endobj +3692 0 obj << +/D [3665 0 R /XYZ 71.731 299.753 null] +>> endobj +3693 0 obj << +/D [3665 0 R /XYZ 71.731 243.021 null] +>> endobj +3694 0 obj << +/D [3665 0 R /XYZ 456.007 205.95 null] +>> endobj +3695 0 obj << +/D [3665 0 R /XYZ 236.592 192.998 null] +>> endobj +3696 0 obj << +/D [3665 0 R /XYZ 71.731 170.916 null] +>> endobj +3697 0 obj << +/D [3665 0 R /XYZ 71.731 147.071 null] +>> endobj +3664 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F47 1176 0 R /F55 1335 0 R /F27 788 0 R /F34 797 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3700 0 obj << +/Length 1837 +/Filter /FlateDecode +>> +stream +xڝXێÛ6}߯ð[l`͈²® +4M/Htìæ) +®DÛÄÊ¢*R»q¿ŸC‘EIvÒ"@Vo3gΜ +¯ø‡W)Féþ„9 +“xUœn‚ÕF~¿ÁfÆÖLَæüüpóú·0_å(Ov«‡ýj—ç(Åé*Ý +(‹ÃÕCùiýöHIÛÍ6Œƒu‚ôßsWÑ[ý(T?T|ƒƒõAÿŽ}†E_ +þžùõa0"1Ú +WÍ4SæfâŽÐ.J”ç(ûÒ EY„{;„1ÂÊŸ4[¿å§Ó& +Ö]Í +"Y}Я_˜<ê'm5<åØm¬ +ƒR‡G°Ú*$ÒŽ?áÐŸñœþûŒÁñš¶‚ñZ¿À(CÁ­CH?Ä +‹ +^ÓºÔ?ˆC‰}'¹?V1ZKýÌ̙Ãܗ#­/Î.x]ÓB*{£|ض€ۄ±µÛ®¯•£8Dy¬¡> endobj +3701 0 obj << +/D [3699 0 R /XYZ 71.731 729.265 null] +>> endobj +426 0 obj << +/D [3699 0 R /XYZ 380.907 707.841 null] +>> endobj +3702 0 obj << +/D [3699 0 R /XYZ 71.731 684.724 null] +>> endobj +3703 0 obj << +/D [3699 0 R /XYZ 200.478 674.964 null] +>> endobj +3704 0 obj << +/D [3699 0 R /XYZ 71.731 626.979 null] +>> endobj +3705 0 obj << +/D [3699 0 R /XYZ 301.208 590.282 null] +>> endobj +3706 0 obj << +/D [3699 0 R /XYZ 363.783 590.282 null] +>> endobj +3707 0 obj << +/D [3699 0 R /XYZ 71.731 568.2 null] +>> endobj +3708 0 obj << +/D [3699 0 R /XYZ 211.127 557.405 null] +>> endobj +3709 0 obj << +/D [3699 0 R /XYZ 262.294 544.454 null] +>> endobj +3710 0 obj << +/D [3699 0 R /XYZ 71.731 541.051 null] +>> endobj +430 0 obj << +/D [3699 0 R /XYZ 357.638 503.836 null] +>> endobj +3711 0 obj << +/D [3699 0 R /XYZ 71.731 480.719 null] +>> endobj +3712 0 obj << +/D [3699 0 R /XYZ 173.957 445.056 null] +>> endobj +3713 0 obj << +/D [3699 0 R /XYZ 426.657 445.056 null] +>> endobj +3714 0 obj << +/D [3699 0 R /XYZ 232.716 432.105 null] +>> endobj +3715 0 obj << +/D [3699 0 R /XYZ 320.107 432.105 null] +>> endobj +3716 0 obj << +/D [3699 0 R /XYZ 71.731 417.37 null] +>> endobj +3717 0 obj << +/D [3699 0 R /XYZ 71.731 402.426 null] +>> endobj +3718 0 obj << +/D [3699 0 R /XYZ 71.731 308.07 null] +>> endobj +3719 0 obj << +/D [3699 0 R /XYZ 232.617 282.167 null] +>> endobj +3720 0 obj << +/D [3699 0 R /XYZ 320.456 282.167 null] +>> endobj +3721 0 obj << +/D [3699 0 R /XYZ 71.731 247.851 null] +>> endobj +3722 0 obj << +/D [3699 0 R /XYZ 294.335 236.339 null] +>> endobj +3723 0 obj << +/D [3699 0 R /XYZ 194.251 223.388 null] +>> endobj +3724 0 obj << +/D [3699 0 R /XYZ 71.731 221.231 null] +>> endobj +3725 0 obj << +/D [3699 0 R /XYZ 71.731 206.287 null] +>> endobj +1038 0 obj << +/D [3699 0 R /XYZ 71.731 158.929 null] +>> endobj +3698 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3728 0 obj << +/Length 2012 +/Filter /FlateDecode +>> +stream +xڝXYÛÈ~÷¯ÐÛHÈšÍæ)HgíÝ8À,ëñC°ÎE¶€†I6Ã&=«üúT±«›§caŒÅ£ºîúªŠ|ãÁ?ŸI8KøñÌ£MVŸñ6xóËN{"ُhþñòæíÏþqsdÇ8ØŒœ7ÁñÈžl’Àg‡Èߌä¿oºŠu+šÝޏŒmÌÌï­+Ä£¹l¯Â\jÇœíÅÜhÑ|ƒCÿyùכ/N‰Èç,ðïªI$K5ù†'ÌçêiÍõ"–„‡^͘q•KÛO7]š‹¹Æ +ÔJVTø$ƒ¹aÂÀwÖ&IÏ +3|ñ"ïێG[Ñh©*ó3 ý +Œâæ>KéE!õŽo[A·–ŸVMk®" +Ÿíòš|Šèž* +‘E#Z››s£Jò€µé +)ª%Q +^®’”&>'–‚7÷à‘cÄ{»D•ž +‘EoO7ü¶F·ô0Šœ‚pðÏ!d‘'ä°ß +{ŽbáÊ(fñ1"ÒLU_<Ï¿t0ÜUÝ‚Ð×kï$xš©²–šÀÌýG¢Hó\"ý£y,«™ŠãŒõ¹Ç¢€“à'©³¥nQnuÓàoÔ]Ž’€EaHž2ù®Î³Œ +¬I[—øĕÀMušâq-ÚòÁÂÉüB¢IœO¢ýüþy—„Ûw 'Šî7üOüÍ +Œ¢ÍÆx0ŽXì +tî&ôÒp +3ß󉂓ý$f^M’~È"š>ÿÛÉFèiÊ6 +œŸAºbì$ŒHõ2L<Y[Uš +DY©vUã 8yWÝáëÇ,Š­ë>|¿üˆñĒ4 ”*çg,mË’¢kd{Ûő•:Á«, +s•ƒÉ¢nÈp)ž2 +âIœÕÜùÑö›. èbÝ(š |±óÁ² + +êF/Êž‹\Š­°ÏÒ³ޓ¬rS¬£X,Ð +lûØÎ5OµîJ1ÎHÈÖ¬9À‰L +ýó +rhUºBÀzù^R +t€ò»(ÀˆçâŒI›v)bÓëœú@ +~Ø¡KSQªêaê‡JT~{X2Áf +%ØØzW-‡xÚ»”Þ÷QøCêVOL€’¯\ +7t[Q"ΓÔï8XÔ×ùö²¥.р`™;ÉÖæW(A·•òç +þæ +ûÈŽ·•ºO"ž²uÿùӇßV’>d<¶ÀmjšìøUµK߀ٕ2” øa! +ìa«¯ª+rs}M1 +í&ì²o^ðJa†¿ÒL’·—Fuõ#1鲫9@*À³”ˆM˜êBIzA) +ĕ¢GSYN0AíÒešeBkb¯Ì3ƒÕSÝ .óàDu§03ÖkF> +!{;>„1 +G; +v +Aˆßð +ŽÚ·j¯GzšFœo?4›ŒÓÓ\_L'>L' +•’œ•^­4Î +òdaÍ:è@v—àºÔAÕ0‚šJÌAç;#~Ê-­ŒóÆš€bµÓfévYÖ +(!ßûù©ªY©ëŽ€ +{íåæ:Âh,"OԂÞ]aÃ7X<øDé]áP£Å·vi•OJy1d嵒U»î¢É„6Àª®Ÿo8ÂȚᩣºŠö¬qÆLßt¡RèYG@‹¯±õX7õ¶!öj!æƒ<çGAøÂÐ +†µIÞÒìGDf”7ü#3eÃÁB8‡àŸp¢¹/|Æ +ÿ݀þJ¹}÷æÀÌa‹=€bÞ€£Í¹ïêM™V™0/Ú®úÑÕãƒñ|5Ž +ÕÙ!òU€_Ï|办gŒmMu£NÃxq +Tpµë::÷ŒiÔÑi1ŒFªÏ"HS“t%÷#Ï{ºþÒ8>ØEñœšÅhrQ.ÁQó Œ”Æ]tsÚ-/—aüqëfò«Ô×ÇyçuÝ +¯»3&7¶‚l-†„'ÅΪYAšÁcíʊö1fôь +X¥²õžÚ1¬•–Ó±6Å +Þíǜaµ\`Á?ŸÞaÕþDŠvÕšJ—àÖµnj·‡ ÚI(,ÛK•¶° éÇTôjŒõ8¯8Ä9>'Ü7ݹOŽÉX0ÖáRփˆ_~ýlÌ~z +d•01ÊÚæi݈LÝ­§&m&>wÑêy°Õ%. + +×RŽ2[É`Ëß©x¶ãè§ßžé|¢`.ËR\ö%.†.úv£r-%Õj”[ë.Öó(baP»¶ˆtvÀµžÞ·ÐÇa+À’nO +$.LTtd­pÅr³¡<=O]¿tÚ ²kñUVtù÷[9ÎØ Äí¹UTžgib9:¥! Úéöœ¡}5 +»ÎêŽh2c»ƒ»3áöã +Z.Òê¯ßë€ +üóûÝ8"²M +$ãhIPÝ/Ÿ-äù> +BŸ&oþ;ȧ3kò‡&èƒ<œ( +Ý:ЂxžI¡\xn²ŽÃ'ðZÿՄe°]ˆ;É`3!—P®­ Í‹%žàçˆÅNø +œ;ÿµãž`,ZñžÈÇi}+ôq9ùUwDCãó‚ +ú°§Ù¯"(b¹ +Æ}G1eúµÿŽú•#ìN˜^vÑ cŽ–/ø†!ì,ÁŸÒSg¬Ûe‹pTeŠàX@ðíà‘‹¿pšõ2JXO?·-»Ã‡ß +Y}¥Gd^ÿÁÕ.;l^/ô‰8<°Oî~HßÃ#ûp”X.šorøÎGí¥€ÿ» +zendstream +endobj +3727 0 obj << +/Type /Page +/Contents 3728 0 R +/Resources 3726 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3607 0 R +/Annots [ 3746 0 R ] +>> endobj +3746 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 429.32 164.383 437.858] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +3729 0 obj << +/D [3727 0 R /XYZ 71.731 729.265 null] +>> endobj +434 0 obj << +/D [3727 0 R /XYZ 238.03 705.748 null] +>> endobj +3730 0 obj << +/D [3727 0 R /XYZ 71.731 681.992 null] +>> endobj +3731 0 obj << +/D [3727 0 R /XYZ 71.731 681.992 null] +>> endobj +3732 0 obj << +/D [3727 0 R /XYZ 204.055 659.92 null] +>> endobj +3733 0 obj << +/D [3727 0 R /XYZ 471.281 659.92 null] +>> endobj +3734 0 obj << +/D [3727 0 R /XYZ 313.821 646.968 null] +>> endobj +3735 0 obj << +/D [3727 0 R /XYZ 379.425 646.968 null] +>> endobj +3736 0 obj << +/D [3727 0 R /XYZ 71.731 624.886 null] +>> endobj +3737 0 obj << +/D [3727 0 R /XYZ 228.303 614.091 null] +>> endobj +3738 0 obj << +/D [3727 0 R /XYZ 283.914 614.091 null] +>> endobj +3739 0 obj << +/D [3727 0 R /XYZ 326.812 614.091 null] +>> endobj +3740 0 obj << +/D [3727 0 R /XYZ 425.073 614.091 null] +>> endobj +3741 0 obj << +/D [3727 0 R /XYZ 310.743 575.237 null] +>> endobj +3742 0 obj << +/D [3727 0 R /XYZ 386.707 575.237 null] +>> endobj +1039 0 obj << +/D [3727 0 R /XYZ 71.731 545.932 null] +>> endobj +438 0 obj << +/D [3727 0 R /XYZ 292.43 502.835 null] +>> endobj +3743 0 obj << +/D [3727 0 R /XYZ 71.731 479.346 null] +>> endobj +3744 0 obj << +/D [3727 0 R /XYZ 364.291 469.958 null] +>> endobj +3745 0 obj << +/D [3727 0 R /XYZ 327.928 444.055 null] +>> endobj +1040 0 obj << +/D [3727 0 R /XYZ 71.731 428.075 null] +>> endobj +442 0 obj << +/D [3727 0 R /XYZ 276.558 384.604 null] +>> endobj +3747 0 obj << +/D [3727 0 R /XYZ 71.731 360.848 null] +>> endobj +3748 0 obj << +/D [3727 0 R /XYZ 71.731 305.8 null] +>> endobj +3749 0 obj << +/D [3727 0 R /XYZ 200.279 279.996 null] +>> endobj +3750 0 obj << +/D [3727 0 R /XYZ 71.731 244.963 null] +>> endobj +3751 0 obj << +/D [3727 0 R /XYZ 221.369 234.168 null] +>> endobj +3752 0 obj << +/D [3727 0 R /XYZ 257.343 234.168 null] +>> endobj +3753 0 obj << +/D [3727 0 R /XYZ 268.691 221.217 null] +>> endobj +3754 0 obj << +/D [3727 0 R /XYZ 71.731 199.135 null] +>> endobj +3755 0 obj << +/D [3727 0 R /XYZ 71.731 166.258 null] +>> endobj +3756 0 obj << +/D [3727 0 R /XYZ 71.731 166.258 null] +>> endobj +3757 0 obj << +/D [3727 0 R /XYZ 71.731 165.013 null] +>> endobj +3758 0 obj << +/D [3727 0 R /XYZ 129.514 147.991 null] +>> endobj +3759 0 obj << +/D [3727 0 R /XYZ 156.363 147.991 null] +>> endobj +3760 0 obj << +/D [3727 0 R /XYZ 451.484 147.991 null] +>> endobj +3761 0 obj << +/D [3727 0 R /XYZ 215.551 135.04 null] +>> endobj +3762 0 obj << +/D [3727 0 R /XYZ 274.589 135.04 null] +>> endobj +3763 0 obj << +/D [3727 0 R /XYZ 344.716 135.04 null] +>> endobj +3764 0 obj << +/D [3727 0 R /XYZ 144.179 122.088 null] +>> endobj +3765 0 obj << +/D [3727 0 R /XYZ 71.731 119.932 null] +>> endobj +3726 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3768 0 obj << +/Length 1411 +/Filter /FlateDecode +>> +stream +xڝWmoÛ6þî_¡a_d bIê}À>dA›ŽXlq‡i?Ð2mq‘%W/ Œ_¿;‘”eËN†¢Hu¢Œãswϝ˜CásbFb +<%< +l;£Î~¹™1£áo€óÛböþ#O”€‘ï,֎ŸŠ$f±ûœ$!w«G÷:»VÖs‡Ôˆ~î»BŸÓb›K-՜Qw£_Y?Êo‹Ï³‹Á‰3âóWÝ +(ø%ŽÇ)I9;«ÃXJBpϋiBü 8Ü\'iŒW±:V¯ò•óðÔ%Æ9üΜÑQÖÞéó`ßì9gÀ’Á%C +9Ð5+aPRÛ]a–ž=9g¡»—+œ”‹&×ÒWÒÛ«‡Û9sœÅ§›Â3xÉUfÔ^TQh)«¶»®•ÖÌŠmWËÆX7O<OÞÊŠ“Åfê +ÚAÈàâpm’š€PeÓJaܬÖ'™p{w5š{=òݬx +°cý7¹ŽÈUsê~#机Ïè‚9³}A§ª +ÛŒ–ò4hUU6Gw`ý +jùœSµÅz]ÕG¡9ŸÃ€ ™ä” +}'Š ÌPK +ßgßš³‚Œù +ÿÀßË +•}J +R‡‘4õZ:ëÙÃìá$ð. + ¥ìµ3ô^£79³ÞxóÁä™àiyõeeHÃĉ‚”$p\_æWó„º}žš§Œåûµ €s¿Š."  +Ïg$L4„wâ ã„ÈljÛ>ZÚãjÕéô èh¡¢ØZÉâj4ös¹;óV•F ÙÇÇtàµ^åJ +Y¡dÙjù§ÓèiL PGhü °> endobj +3769 0 obj << +/D [3767 0 R /XYZ 71.731 729.265 null] +>> endobj +3770 0 obj << +/D [3767 0 R /XYZ 129.514 708.344 null] +>> endobj +3771 0 obj << +/D [3767 0 R /XYZ 71.731 680.284 null] +>> endobj +3772 0 obj << +/D [3767 0 R /XYZ 204.234 629.789 null] +>> endobj +3773 0 obj << +/D [3767 0 R /XYZ 71.731 600.127 null] +>> endobj +3774 0 obj << +/D [3767 0 R /XYZ 71.731 524.456 null] +>> endobj +3775 0 obj << +/D [3767 0 R /XYZ 129.514 506.523 null] +>> endobj +3776 0 obj << +/D [3767 0 R /XYZ 244.422 506.523 null] +>> endobj +3777 0 obj << +/D [3767 0 R /XYZ 71.731 491.415 null] +>> endobj +3778 0 obj << +/D [3767 0 R /XYZ 71.731 476.471 null] +>> endobj +3779 0 obj << +/D [3767 0 R /XYZ 428.729 466.971 null] +>> endobj +3780 0 obj << +/D [3767 0 R /XYZ 124.533 414.468 null] +>> endobj +3781 0 obj << +/D [3767 0 R /XYZ 129.514 396.535 null] +>> endobj +3782 0 obj << +/D [3767 0 R /XYZ 71.731 394.379 null] +>> endobj +3783 0 obj << +/D [3767 0 R /XYZ 129.514 378.603 null] +>> endobj +3784 0 obj << +/D [3767 0 R /XYZ 259.277 365.651 null] +>> endobj +3766 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3787 0 obj << +/Length 1670 +/Filter /FlateDecode +>> +stream +xÚ­XYoÜ6~÷¯X€Þ"Z€D +-Z M4’žÈ"@Ñô–ž»„uUÒÚñ¿ïðԙm¡D +g†s|3³xãÃÞÄÅ,$E$¢›¬Œò7Gøòö +Š0LMRx^ùèQ‚Q@6ވÁÏû«›7oˆ"šnö'Ä ¢Í>ÿsûú̞·;ÄÉ6Fzýµ®:ýxØ[›ï·_Žb +~»Ûám«>[Vv»¿ö¿Œx“¢4 +€ž0F È÷‚ ›×±òÄD +š¿mÚz‡éöQäŒÓ; +ßؐ»ŒUr`óT[­Œ +”2ðÀ%Õ æ§5™~ñ©ßr +ï:Q +õ§þÄõ;ç¢7{-y¢x©_E•ðNÀýÀÖ +&(¥ú6hxgè˜^>=w=/õógœ” ‘ +§‘õ÷™Ÿ¹=Uå3Mꊵ1P_ë5cEño—FÆþxƒcD0•ð¬BŠ +•Î1ÂÆËwRû +^#(‰cuæ10Šmj°á}Á§Zž;³Q±’Ëk +©¶¹ªY¯³ºêê‚_ë×\»\d\ú©“^Ü6 —îÜ4uÛ6çf*œÚac0-b.|5v"V—»¯û“1ýA¯O'‘™­’=ë‡ûoÜ +éí?@808[Y•y?s1%³ÒYou/ál+J>2çòW·ûhŒÒ8ÝPš‚»V¡Á’x††±Ó§l€]>ñlˆÄWˆÎ%SŸ"ŸK’-É%É36RòO2Ž«Œ ¡(Œ'Y9scsÛƆ³/xþ‹ï“ã¹eƒörò¯žlJEé&S‘< +!zÒ01ÇÞüåvéU¢ˆXYÀL¢F(&ÑZ]E˜W· +¶4AAj¥j +—*Ÿ‚¬‘Ñö(ÿ[S8qÊìoÞ,ÕÅJ’ÐP ­,†Nˆúd™û¢R;œ +œOÃǏ}Ô\@éÙ~õÔ? +]ºdÈ>»è±gíÊV\9.þ’ó2ªíáVõËjö  +ÕVŒðZÞAgUõkê¬$X–I–ÍKޖRBUoB³ +µÐÁnBv¿K|[~‹²·Ò¹Ô5|A•g]X]çæŽ[;,snÜLÉp[DV"ãþC_?H»ŸžéËæ +9výݵŒÇËЉ¡Y²±%-¹(p¥Å)eÉ,HPل|¹¢(Jù8xpØ(–JaÈcß¡/(UŸû•.*†±gÖEÍøDÊ=Ž +oÛ6¢V³ +lVÔ +ϗ?1°yY~’n¬Û0Þ»çüÕ×íóŽ]qgÚºvž%»šxb»áŽŽñ”c~€‚ê•àõ‘ÑPx‰žpFv¡`ßpҐH©‰¿˜NõïaKIÿ¢kò +endstream +endobj +3786 0 obj << +/Type /Page +/Contents 3787 0 R +/Resources 3785 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3814 0 R +/Annots [ 3793 0 R 3794 0 R ] +>> endobj +3793 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [457.979 557.713 505.022 566.624] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3794 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [261.777 544.761 306.608 553.673] +/Subtype /Link +/A << /S /GoTo /D (0:CONSOLEDETAILS) >> +>> endobj +3788 0 obj << +/D [3786 0 R /XYZ 71.731 729.265 null] +>> endobj +1041 0 obj << +/D [3786 0 R /XYZ 71.731 718.306 null] +>> endobj +446 0 obj << +/D [3786 0 R /XYZ 463.515 703.236 null] +>> endobj +3789 0 obj << +/D [3786 0 R /XYZ 71.731 672.259 null] +>> endobj +3790 0 obj << +/D [3786 0 R /XYZ 71.731 672.259 null] +>> endobj +1042 0 obj << +/D [3786 0 R /XYZ 71.731 648.795 null] +>> endobj +450 0 obj << +/D [3786 0 R /XYZ 151.162 605.698 null] +>> endobj +3791 0 obj << +/D [3786 0 R /XYZ 71.731 582.209 null] +>> endobj +3792 0 obj << +/D [3786 0 R /XYZ 343.419 572.821 null] +>> endobj +1043 0 obj << +/D [3786 0 R /XYZ 71.731 543.516 null] +>> endobj +454 0 obj << +/D [3786 0 R /XYZ 316.686 500.419 null] +>> endobj +3795 0 obj << +/D [3786 0 R /XYZ 71.731 476.663 null] +>> endobj +3796 0 obj << +/D [3786 0 R /XYZ 374.702 454.59 null] +>> endobj +3797 0 obj << +/D [3786 0 R /XYZ 481.65 454.59 null] +>> endobj +3798 0 obj << +/D [3786 0 R /XYZ 177.942 441.639 null] +>> endobj +3799 0 obj << +/D [3786 0 R /XYZ 274.17 441.639 null] +>> endobj +3800 0 obj << +/D [3786 0 R /XYZ 71.731 419.557 null] +>> endobj +3801 0 obj << +/D [3786 0 R /XYZ 164.094 382.859 null] +>> endobj +3802 0 obj << +/D [3786 0 R /XYZ 244.592 382.859 null] +>> endobj +3803 0 obj << +/D [3786 0 R /XYZ 288.038 382.859 null] +>> endobj +3804 0 obj << +/D [3786 0 R /XYZ 341.996 382.859 null] +>> endobj +3805 0 obj << +/D [3786 0 R /XYZ 71.731 367.751 null] +>> endobj +3806 0 obj << +/D [3786 0 R /XYZ 71.731 352.807 null] +>> endobj +1044 0 obj << +/D [3786 0 R /XYZ 71.731 303.756 null] +>> endobj +458 0 obj << +/D [3786 0 R /XYZ 317.013 258.502 null] +>> endobj +3807 0 obj << +/D [3786 0 R /XYZ 71.731 234.746 null] +>> endobj +3808 0 obj << +/D [3786 0 R /XYZ 71.731 234.746 null] +>> endobj +3809 0 obj << +/D [3786 0 R /XYZ 189.011 212.674 null] +>> endobj +3810 0 obj << +/D [3786 0 R /XYZ 71.731 177.64 null] +>> endobj +3811 0 obj << +/D [3786 0 R /XYZ 474.288 166.845 null] +>> endobj +3812 0 obj << +/D [3786 0 R /XYZ 230.634 153.894 null] +>> endobj +3813 0 obj << +/D [3786 0 R /XYZ 274.539 153.894 null] +>> endobj +3785 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3817 0 obj << +/Length 2120 +/Filter /FlateDecode +>> +stream +xÚ¥Yێã6 +}߯ÈcL4–mùR ÚÁlo[Žè(ŠmQx +mb¬/íÌtúõ¥,Җ-;I·˜‡LZ€ÈÃÃKøʁ?Ÿ +9 +=xqcæb•oœÕŸùö +G‰-Šl +™ovoîߺñ*fqà­vWžˆœUè¹,îj·ÿ°~8&§V֛­+œuÈôëwUõ©Ñÿ~¬ð»Ç¿A¬LrxçÇë_ê/ÖՆ;ëCœábÍæÏÝo +wœMÂåÌs/Z"¶Õá`5ç1`mèDÌóýÎêÇ$=j³€R>˜ŸœêêP' +~Sœ›V[ü$õ'{ù‡ãž¥Üë·Y©_Û#~ŸV¥8œë€Í*üV}’Ë»ñ#‰~id:6mR·YyÐ:_²ö89þ(“=ž\uÿÖó‡[:«-wYŒQùÐy[] +®õ§–6}â{L<€„1hߓYû}Š +º³•ùNŒ™*Þwn|Vá”uÖŸÚCŸ9)ý(z”‘W‰ŽZA֜ +§:KZ©}Ò +kÙ +«|ÉÿäNËø-Œ;NˆŽâÚQïªÃŒ\¹ŸÛûŸ_mñ³­N`4 +B$ +uÃ×u‹I1×<+ålT +u?ŸdùPERî¿Ô²B¬" +:{, +Èæûç<¿?% ÇºÜ%õÑ +­ŒUæù +sþÑÖÁ?ÃõàMWI^I4Ï«+Ö/›@tH‚wôØÄðIõQ¿&ø~’~SUZ$ˍ:m¯ßœ +e91Јú$d¹o0ñˆŠðùe +1“N±Ãü}yƒÛœÜ.æs»p ²‡B‰N!>é4#ڝ²L«s n“{6¥Mâ;á9Lp>˛$³5„ˆ8C‡&o’ˆ2û×–>×^åsúŠ¯ƒ~|fNÿ@Ü@êýŽ¯ƒÆ,tð„2[ChÀGñ$™E@/9®˜Sž +(|Æ6Àp!÷À‡À¥Š¹îAfœ)w)¯ÁÌP{èër 0yu8èÊ­²Zš€Y®Šaç_Žá#C—!¹sŠž}êj(òUÇMÏdƒÞ}tÀU]èº +1«ÞK–£ÑµLe6€ÏŽ(V2­M£N=q}iÛgå +qUÐDmê[Å~W*z[««[áùNº˜?¿©ä[’2¯çSâÿ©ql1 <Á" þËI0-'Ê\M[á +I05`. +šúy&|@K=M€Ç¿;€€çv9`²F6ÞøÎ}Hô1};sҞ1+º>aÀMšg@bxR‚2û¬–]ìÄ¿ÛýôŽNVÈU‡ëŒÐ73Ñ&O}~$)äæ¡'ùq‚©~® nî¶lҗ@ +UӖIA*{™6ƒÛ0RTU4:҉óÔÐexќmí +‡@ϗœCö6îdŽ6ØËÒº,tÿƒ’”Šrklï&ZkŠ +8d"ñÄ{Ùî6¡¿53cT¥ˆO,™åÀŽ³° +aZä¹Ê +¶ŸxÁÖo3ƒaÀã¥ÉÃڕTÆþHU†$ˆºÑ]8Žüè¹ +ãË~$™‹÷˜ +€Cl¬²\Æ +Æ-ý‘Ï +ÀÄEý(sYÿä ¥ÿ+ž4§-#–<Ågìʗ:k¥*ýžã{ÅUð™ŒQ‡ã¶éè349ÍbÕr# ¢èÊìm-¡”D®¡tFßu”Îè·PjðV‘ +m+d ÍQJÞh€kºœß0döeH‘Çîö ªI†þß}ÿíã¯*XÔhÉôSs.lêŒ\ÎN­9¢ëM­=k7'™ŽFíÛË¥äõXœ +hŸ³«ÖÈZ—jHyÎêª,úö\oH 25LȐ·þv0ô +„¬®ŸRlcwT*Ü=ŽeŒ, Ð§“«nøzî¶w“ëVeþ:3püÓãÌJ +9öŽÂÔ×ÖÔ*Ž}*s+ÓbF›jµ1ý +ïó×°7ƒ +{,Ž|#/Ô3óŽæÏ(*ž‡Å»¿z5˜Õ™£ah)«®8 ÷›ŠFUÎ8AÀ +åQüããï_>'ùy±íá·,sùõe.¿q™Ë?g™ËoXæòñ2w(Š4T +eM-»ýh’#ø›£º)òOóԊÛíé@ú3šu¿ +Ç3ø»‹V¯uŽÆ#!QY݁h)f€ +FWb6-Æ +E®ÆÌÖwCÌlývÌ +ÞW +4&I ¿ét”l\"Ð,ÇÞÊøa¯ûõÈÜrNÊ> endobj +3856 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [326.792 313.908 384.077 322.819] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +3818 0 obj << +/D [3816 0 R /XYZ 71.731 729.265 null] +>> endobj +3819 0 obj << +/D [3816 0 R /XYZ 71.731 718.306 null] +>> endobj +3820 0 obj << +/D [3816 0 R /XYZ 119.552 695.392 null] +>> endobj +3821 0 obj << +/D [3816 0 R /XYZ 216.527 695.392 null] +>> endobj +3822 0 obj << +/D [3816 0 R /XYZ 119.552 682.441 null] +>> endobj +3823 0 obj << +/D [3816 0 R /XYZ 71.731 660.493 null] +>> endobj +3824 0 obj << +/D [3816 0 R /XYZ 71.731 627.482 null] +>> endobj +3825 0 obj << +/D [3816 0 R /XYZ 71.731 627.482 null] +>> endobj +3826 0 obj << +/D [3816 0 R /XYZ 193.314 616.687 null] +>> endobj +3827 0 obj << +/D [3816 0 R /XYZ 71.731 594.74 null] +>> endobj +3828 0 obj << +/D [3816 0 R /XYZ 210.022 570.859 null] +>> endobj +3829 0 obj << +/D [3816 0 R /XYZ 283.785 570.859 null] +>> endobj +3830 0 obj << +/D [3816 0 R /XYZ 71.731 548.912 null] +>> endobj +3831 0 obj << +/D [3816 0 R /XYZ 71.731 548.912 null] +>> endobj +3832 0 obj << +/D [3816 0 R /XYZ 71.731 547.666 null] +>> endobj +3833 0 obj << +/D [3816 0 R /XYZ 129.514 530.511 null] +>> endobj +3834 0 obj << +/D [3816 0 R /XYZ 237.827 530.511 null] +>> endobj +3835 0 obj << +/D [3816 0 R /XYZ 189.011 517.559 null] +>> endobj +3836 0 obj << +/D [3816 0 R /XYZ 71.731 495.477 null] +>> endobj +3837 0 obj << +/D [3816 0 R /XYZ 71.731 495.477 null] +>> endobj +3838 0 obj << +/D [3816 0 R /XYZ 71.731 495.477 null] +>> endobj +3839 0 obj << +/D [3816 0 R /XYZ 139.477 479.701 null] +>> endobj +3840 0 obj << +/D [3816 0 R /XYZ 139.477 479.701 null] +>> endobj +3841 0 obj << +/D [3816 0 R /XYZ 488.913 466.75 null] +>> endobj +3842 0 obj << +/D [3816 0 R /XYZ 71.731 453.699 null] +>> endobj +3843 0 obj << +/D [3816 0 R /XYZ 139.477 435.866 null] +>> endobj +3844 0 obj << +/D [3816 0 R /XYZ 139.477 435.866 null] +>> endobj +3845 0 obj << +/D [3816 0 R /XYZ 310.564 409.963 null] +>> endobj +3846 0 obj << +/D [3816 0 R /XYZ 124.533 377.833 null] +>> endobj +3847 0 obj << +/D [3816 0 R /XYZ 129.514 359.9 null] +>> endobj +3848 0 obj << +/D [3816 0 R /XYZ 152.199 346.949 null] +>> endobj +3849 0 obj << +/D [3816 0 R /XYZ 209.753 346.949 null] +>> endobj +3850 0 obj << +/D [3816 0 R /XYZ 177.374 333.998 null] +>> endobj +3851 0 obj << +/D [3816 0 R /XYZ 269.189 333.998 null] +>> endobj +3852 0 obj << +/D [3816 0 R /XYZ 350.255 333.998 null] +>> endobj +3853 0 obj << +/D [3816 0 R /XYZ 390.065 333.998 null] +>> endobj +3854 0 obj << +/D [3816 0 R /XYZ 71.731 331.841 null] +>> endobj +3855 0 obj << +/D [3816 0 R /XYZ 129.514 316.065 null] +>> endobj +3857 0 obj << +/D [3816 0 R /XYZ 71.731 303.014 null] +>> endobj +3858 0 obj << +/D [3816 0 R /XYZ 129.514 285.181 null] +>> endobj +3859 0 obj << +/D [3816 0 R /XYZ 265.941 272.229 null] +>> endobj +3860 0 obj << +/D [3816 0 R /XYZ 329.731 272.229 null] +>> endobj +3861 0 obj << +/D [3816 0 R /XYZ 71.731 270.072 null] +>> endobj +3862 0 obj << +/D [3816 0 R /XYZ 129.514 254.296 null] +>> endobj +3863 0 obj << +/D [3816 0 R /XYZ 71.731 219.263 null] +>> endobj +3864 0 obj << +/D [3816 0 R /XYZ 71.731 219.263 null] +>> endobj +3865 0 obj << +/D [3816 0 R /XYZ 208.806 208.468 null] +>> endobj +3866 0 obj << +/D [3816 0 R /XYZ 71.731 173.435 null] +>> endobj +3867 0 obj << +/D [3816 0 R /XYZ 71.731 173.435 null] +>> endobj +3868 0 obj << +/D [3816 0 R /XYZ 180.552 162.64 null] +>> endobj +3869 0 obj << +/D [3816 0 R /XYZ 124.533 148.443 null] +>> endobj +3870 0 obj << +/D [3816 0 R /XYZ 129.514 130.511 null] +>> endobj +3871 0 obj << +/D [3816 0 R /XYZ 365.517 130.511 null] +>> endobj +3872 0 obj << +/D [3816 0 R /XYZ 433.551 130.511 null] +>> endobj +3873 0 obj << +/D [3816 0 R /XYZ 71.731 128.354 null] +>> endobj +3874 0 obj << +/D [3816 0 R /XYZ 129.514 112.578 null] +>> endobj +3815 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3877 0 obj << +/Length 1482 +/Filter /FlateDecode +>> +stream +xÚµX[o£8~ï¯@š‡iB0—³ÊC/IÛÕ̶R#­V3£‘Nj0ƒ¡iÿý +c› ÝÑjW•Š/Ççòs>aÃ2d.<œÈræŸgg¶±ƒ›3€$ŠJdڑ¹\ŸÍVNdDV4wõÖpýÐB‘k®c +Ÿc¬“¯æÕ.*RNŠŽo›%Ÿ·Œ=s9Ü2µ·|± +§0ó"ó¡œxŸÉ&È6wåù&Îøäûú÷³åºõÉwå:ïz­D^»ÞÁk{>òŒÀ-×ó¯Iµ¢)8ô«ÂîlåûFGæâÄéxˆM)¯€ˆ +Ž:žek‰»­ +ç"’79ًØX™ÈÍåó\¬ +çržá*~" ++,±?Y=u„pŽwäco¹(ٮę:€4æ¬qݘ†Žåør¬HeŽg_Å?×I”B’r"Ãí‚hS‘ô`~ +ßEžŒÀ7G–íü:|ôßçãÌ`€LNóÝš„b€ÄÒ·l·‡å» Ǡݗc%çY‘ãý#fvÔ-g¹Š +m{Áiù/`e÷ÿ`fIÌÔufš‰à¢›îo¶í€-ŽÚ"6r’œŽæøæ‹øĂÌk‹] +AåÇÍíù(‘h™iGHò_`V4DÒÓ#‚øæ8þÀžãÑ 1{ýçÁŸ:3fÀd]îªch +Æ9Ý€*W“ONªÅ45Ѐ‹“Šl9WÄýçÄUÕÓ¡p58âýš( /H +ʚtˆäw«¡%~U=`²- =MÕΊé Ñ4"闓*õ<}Ó£˜è +òmÝUIw;R’Xû4ìMäú–ßr<ô浊m¬7á”í+QNb–'\µ'dۃÄ5bSÇö-ÏE-qYH „pâ¬hRHI]ÈávâˆF•“7—¢ ² +ÊZ£Ÿ@3—t#ŽÔe*wàf +i®ê¢$!t3£ý‰!¥JKZTýû»À»–^q®ñøåñˆ+ø!:sfcã +‡îö}Ó*ҏ'-eyÆAJäN•eiãèÜu=í’0%G/•ýžläàêænšA—ú~¿ŸÌ +£ 'Ã¥@ΊYv䎀}'ÛÏ_(«¹.ʃ+Š‚Ÿûe+QÒ +¢€IÉEÔýîjQîzKû :º>oH™aMøےŽš ˜Çó +œVcœ§šßC&«œÕeÜ€–”NIï·àf*Q}&"+ô}¥n šôsÒ!ȟ5-5)µíɒ +8žÕЕò·óº¥ß/eX0xΙ8·W.±LYy€ +Vųa +èbR×íèX×ÅFÂ‰x +×®‰ŠÅŽÔ•J0§z¬1Õ:r@A–µ«ºõzÙL» +êZ +Íƀ‰43vŒqš¶ôóµ(;{'®¡”ít&cŽiJ«·Šó%ó«·W²­À€âáæEQã÷Wý‹æ{lú2e&Ó¹ +¡T‚?šaB¶4§’žÅ +°„.’ã--¹#­›bŠßµ†î +’_± +š#¯ +l.C +pç­ß +²(ŽvƒnžÜÕÉ+>®@y©!‹Æ€p¡kVF!f?hr'’¿Ð’åÂ҈/`h)·÷_–‹Ù“ d’YÆ89áš>ñp±Ÿ]LĉO +T0ù€1“xö +~ÅÏŒÎNįv««Ëk× +aärî¯"g +]¬–Ë•{é/ËÐ^^{‘;_]Û×(p®Bï4ê10@Aqz +÷ƒÀâtm5ïÕ£š¶¿G +î?ß]ýuZ‰~ñ÷Š}urA¶ÿ6¬>,x¡¢àÝO‘Á— +ºà·vCçÄ÷‚¡¥¿Doendstream +endobj +3876 0 obj << +/Type /Page +/Contents 3877 0 R +/Resources 3875 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3814 0 R +>> endobj +3878 0 obj << +/D [3876 0 R /XYZ 71.731 729.265 null] +>> endobj +3879 0 obj << +/D [3876 0 R /XYZ 71.731 718.306 null] +>> endobj +3880 0 obj << +/D [3876 0 R /XYZ 71.731 718.306 null] +>> endobj +3881 0 obj << +/D [3876 0 R /XYZ 187.755 708.344 null] +>> endobj +3882 0 obj << +/D [3876 0 R /XYZ 71.731 674.027 null] +>> endobj +3883 0 obj << +/D [3876 0 R /XYZ 71.731 674.027 null] +>> endobj +3884 0 obj << +/D [3876 0 R /XYZ 190.535 662.516 null] +>> endobj +3885 0 obj << +/D [3876 0 R /XYZ 71.731 629.539 null] +>> endobj +3886 0 obj << +/D [3876 0 R /XYZ 71.731 629.539 null] +>> endobj +3887 0 obj << +/D [3876 0 R /XYZ 184.438 616.687 null] +>> endobj +3888 0 obj << +/D [3876 0 R /XYZ 124.533 589.539 null] +>> endobj +3889 0 obj << +/D [3876 0 R /XYZ 129.514 571.606 null] +>> endobj +3890 0 obj << +/D [3876 0 R /XYZ 265.055 558.655 null] +>> endobj +3891 0 obj << +/D [3876 0 R /XYZ 324.96 558.655 null] +>> endobj +3892 0 obj << +/D [3876 0 R /XYZ 76.712 540.722 null] +>> endobj +462 0 obj << +/D [3876 0 R /XYZ 334.383 501.35 null] +>> endobj +3893 0 obj << +/D [3876 0 R /XYZ 71.731 478.233 null] +>> endobj +3894 0 obj << +/D [3876 0 R /XYZ 71.731 394.585 null] +>> endobj +3895 0 obj << +/D [3876 0 R /XYZ 71.731 358.72 null] +>> endobj +3875 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3898 0 obj << +/Length 2262 +/Filter /FlateDecode +>> +stream +xÚ¥Yێã6}ï¯ð[l E‹7‰ +°&“îÉY$»ÓØ<$yPÛŽ¥Œ.Ž.Óë¿OQ$u£¬n$ôX–J¬bÕ©ªÃ2ÞøðoBŒB +$B$à›C~çoÎðäà +6ŒEˆ‹® +zœ`DÉÆ-ðíÓÝþ‘à +ñQÀ£ÍÓ©WâSDh°y:þº}ŸÄ—FV;„b+þ|wÜa{L›Ž,âLß{”qÓV²Öß~#$TWáöSz.äq÷ûÓ`ˆG$žY¹,~ó}rn«X­³ÿ.nâ羖f¹4ƒµà-01ÜD( +š² +H€É +¥Ž[çÛ²Ià +îo›Dê‹Ãti}SÝÉ€œæþok)•Š»‡§ÞQ„qÄžØ4D> +}ieŒ‘væÈÒùBÊÔOò0Øó +aGy„QÄéºr#³®|¶Rþ +lkÕqqœyì88Ÿ•'×e5Ä\ÖÙzq¶Æ(Šhk[°2«[˜/äø#á( +Áºÿ¬ÌºòÙB3ÿåñµŽGÈ& +«bþƝ +$$Njú/ŸO=[`f2®¹Ã|ûÿfð«Tá`Ñöùªï}(Ú?O}Œ€l°sŽ0Øåwϗ³›)˜#îc#¡LGzÁ§Dáh„—AŒpµ£áV +Ê<—ÅQ§îti. íÒåE +Äì3®ä×®µðˆ#â«Ž%H„aot÷Ž›O¯óN‡3s£(ï«DMžlµÈ/PmLJŒ€¶œÔíåRV&L§Ìš†é<ž77â<‰ÓÂ.eú +î0ûeG £>+®I™[&Q£Ž+àšh'Kðû÷åIÁဪ–ºÐìbTe{X·u +ùsu +7Â)ï9$ãÛ²lE'71á¥7ÀGC;ºŸ‘Ð-ðY‘×À· ïuð-èwÀ76à±*s箚ç} +ÈÒBÞ;”bjXÝ +œs +x(+|Û7o°¹è\O™'¬ÉP«ºmµw2VaËõ{c(yޗ.u: +rNáGè*7' +ÄÐ^Ü"ÏÇxvÚnA?!K«˜&ŽÑ4xŠ£9Š»áJï @›êàÉÔtEèR”^ + fl\1€ûšÕžLú‡D'}GpýõçÚ;ì +¶›é'õAM/k€`ÝPÇÆø˜§ºd® +!GŸ9@ãiG¡= +Ò,tH£R +xÚÄõgca%³Noú†]AÇLíA)NëŠãozHÓ! +Ê +E  +< +ŠU(†“2\OvîN$ž8NÆIz’a‡SŠ*ë\RHI„RVé–Ÿ•ñFB]îý7_hJ +»YšÃ©bôŒ¬+72ëÊg +­0BuŒø†@“òÃn,øçݯ¿û›#šþþþ€¿—;%Lá +šDpGô+¹9Ý}ºûO¿’â+~€_¬-¢_ւ¡»ˆgí ˆ¶HÆ +Jn Ç[Ž>tC a\§Òûwê û¿‡w»H +z +@CÍš +yžC\î¥_t¹1àîw¯¿œ +sP5um”LØÇЪm·³“Šù˜b¬_`äGö +Ô ±Æ,Fó³<Ījél‘Ð$ƒ>é•`Zõ’Z\÷†Nឧç€Ñ—gÙؔ©tuh/@Í$÷ûr‡™ +VI•Ý ++„¢¥¥w +56Í/YjsÈpO•q§~> +÷Ìu0xjX{9Æzþe–¿vŸu=,bؖ«\šzžãVèÁKT2/ÕÒzóHfÇ!Ò¶•šÊPÕMïþ®È•öi%= +U.Î&*°;ŸOk”°ÃøøèÁú„_ŸÚuÓÖ:Ñ_;žîŸ2úu +†‹¥PŸ]àÀK_ÀÙæbkþUßJ äeK»uc1l}°î“œ¿Û€}ñ‡f*°ÏcÇv/ÏG¯ÀqXnFyûwk +þç +Å2º‰Òß/IãjÂÀ:ŸÌÒ +MÄ +,קçwõ|ÐgÄ䧄aæižÕèÃp24ötVÚÃ¥œsä›Ci1p¬ŒbÃ>yó$Î +Åܯ¬þŠú±ò|êæNU)ÿ3;þÖ%8ˆ¢³Ã÷QB‘€–/gG§§ +þ‹#²pž€pq¶¶š +$ò ªÅçºÍ~ò]YÓÇç× +ê‡öÏ=ø’€‡äæ”A +ûÕPr8ù Ò,šú(ˆŠ,Úð13³ýXXTÌ‘±0‘UUVŠ ßk?º@ª/òàN‡»‰ ò߄J'“1Ä×óÜ6? +2 ¥x™• oÑi6Š'ÇzÖ +qbL·lAçšÌ¯”®Š¿!éendstream +endobj +3897 0 obj << +/Type /Page +/Contents 3898 0 R +/Resources 3896 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3814 0 R +/Annots [ 3901 0 R 3902 0 R 3920 0 R 3935 0 R ] +>> endobj +3901 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [245.458 634.89 291.953 643.802] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +3902 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [443.932 634.89 488.763 643.802] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASEFILE) >> +>> endobj +3920 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [129.514 457.431 186.799 465.969] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +3935 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [327.284 309.672 372.142 318.262] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAINADMIN) >> +>> endobj +3899 0 obj << +/D [3897 0 R /XYZ 71.731 729.265 null] +>> endobj +1045 0 obj << +/D [3897 0 R /XYZ 71.731 718.306 null] +>> endobj +466 0 obj << +/D [3897 0 R /XYZ 357.56 676.38 null] +>> endobj +3900 0 obj << +/D [3897 0 R /XYZ 71.731 645.402 null] +>> endobj +3903 0 obj << +/D [3897 0 R /XYZ 274.699 624.096 null] +>> endobj +3904 0 obj << +/D [3897 0 R /XYZ 316.482 624.096 null] +>> endobj +3905 0 obj << +/D [3897 0 R /XYZ 71.731 602.014 null] +>> endobj +3906 0 obj << +/D [3897 0 R /XYZ 71.731 602.014 null] +>> endobj +3907 0 obj << +/D [3897 0 R /XYZ 278.384 591.219 null] +>> endobj +3908 0 obj << +/D [3897 0 R /XYZ 71.731 569.271 null] +>> endobj +3909 0 obj << +/D [3897 0 R /XYZ 280.317 558.342 null] +>> endobj +3910 0 obj << +/D [3897 0 R /XYZ 362.917 558.342 null] +>> endobj +3911 0 obj << +/D [3897 0 R /XYZ 139.756 545.391 null] +>> endobj +3912 0 obj << +/D [3897 0 R /XYZ 71.731 523.309 null] +>> endobj +3913 0 obj << +/D [3897 0 R /XYZ 71.731 523.309 null] +>> endobj +3914 0 obj << +/D [3897 0 R /XYZ 71.731 490.567 null] +>> endobj +3915 0 obj << +/D [3897 0 R /XYZ 71.731 490.567 null] +>> endobj +3916 0 obj << +/D [3897 0 R /XYZ 71.731 489.321 null] +>> endobj +3917 0 obj << +/D [3897 0 R /XYZ 129.514 472.166 null] +>> endobj +3918 0 obj << +/D [3897 0 R /XYZ 285.577 472.166 null] +>> endobj +3919 0 obj << +/D [3897 0 R /XYZ 397.058 472.166 null] +>> endobj +3921 0 obj << +/D [3897 0 R /XYZ 71.731 457.431 null] +>> endobj +3922 0 obj << +/D [3897 0 R /XYZ 129.514 441.281 null] +>> endobj +3923 0 obj << +/D [3897 0 R /XYZ 71.731 428.23 null] +>> endobj +3924 0 obj << +/D [3897 0 R /XYZ 129.514 410.397 null] +>> endobj +3925 0 obj << +/D [3897 0 R /XYZ 312.726 410.397 null] +>> endobj +3926 0 obj << +/D [3897 0 R /XYZ 245.339 397.446 null] +>> endobj +3927 0 obj << +/D [3897 0 R /XYZ 71.731 395.289 null] +>> endobj +3928 0 obj << +/D [3897 0 R /XYZ 129.514 379.513 null] +>> endobj +3929 0 obj << +/D [3897 0 R /XYZ 389.746 379.513 null] +>> endobj +3930 0 obj << +/D [3897 0 R /XYZ 163.437 366.562 null] +>> endobj +3931 0 obj << +/D [3897 0 R /XYZ 410.001 366.562 null] +>> endobj +3932 0 obj << +/D [3897 0 R /XYZ 76.712 349.924 null] +>> endobj +3933 0 obj << +/D [3897 0 R /XYZ 71.731 334.98 null] +>> endobj +3934 0 obj << +/D [3897 0 R /XYZ 242.583 323.324 null] +>> endobj +3936 0 obj << +/D [3897 0 R /XYZ 76.712 295.03 null] +>> endobj +3937 0 obj << +/D [3897 0 R /XYZ 166.376 239.553 null] +>> endobj +3938 0 obj << +/D [3897 0 R /XYZ 267.551 228.076 null] +>> endobj +3939 0 obj << +/D [3897 0 R /XYZ 254.792 204.764 null] +>> endobj +3940 0 obj << +/D [3897 0 R /XYZ 322.29 193.107 null] +>> endobj +3941 0 obj << +/D [3897 0 R /XYZ 71.731 153.304 null] +>> endobj +3942 0 obj << +/D [3897 0 R /XYZ 379.654 146.44 null] +>> endobj +3943 0 obj << +/D [3897 0 R /XYZ 459.593 146.44 null] +>> endobj +3944 0 obj << +/D [3897 0 R /XYZ 265.931 133.488 null] +>> endobj +3945 0 obj << +/D [3897 0 R /XYZ 332.252 133.488 null] +>> endobj +3946 0 obj << +/D [3897 0 R /XYZ 119.552 120.537 null] +>> endobj +3947 0 obj << +/D [3897 0 R /XYZ 71.731 48.817 null] +>> endobj +3896 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F34 797 0 R /F29 790 0 R /F55 1335 0 R /F46 1173 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3950 0 obj << +/Length 1873 +/Filter /FlateDecode +>> +stream +xÚ­XÛnÛF}÷WAP€Iq—\. ¶,¹NÛ M\ô!) +JZIl(Rá%ŽÿŸ3{!W¢âŠm8âewngfÎ,‰À?âpâó~hêӘ9«ýEàláÍíÑ+<œÄ³Ö\ß_L4uR?Cç~ãАù”Ä©Ÿ0êܯ߻³]vhE=ñ( +ÜÄW¿WëuÞæU™ê~1áÌY;!nWOBîŠFœø@)WWïòm)ÖêzV•‚€na-an†’Š7Y›-³FsóÄüqÿêb~ßûÁ(ñCú€§zÉÈÓ0<%$õxȃÄ£Hzêyy»óV;±úØtû—ÏP÷tÁ˜“À¶·%Ô"T$#óã|öÓ»ß~QËléQäêeZ +åÃûÄš~;šª­D2qëMÊÒªk{cµ +KÄ©Ÿ$Ž‡Xr~ÆbÛ"û +)ñ +ˆ.4TK +H»ÓœFy—iœuؗ­Axù8vÁÓJl‹¶‡­ÚàyE•­=ñ¥eù µæ[™zQ + +@GÙz{­áþîvþ–€t +EL¹‰Õôµ»i[MQÕÈï˜û<ÿM¶ße¹¶×ûqlŽ(=Î꧌ük«ôÑßt +.¹"/õ³j£»öе—ãTHAo¢¥aâšåÍ![©ú:V +Ųôʉ&¹hûIš +a9ÿ’í +xqŠ +?ŽùQòZe6íšz +Ù³ÌK +Ç +e +™ñ0œŽ¯t?àq2K£Ôt‡zÐõ|’P=a‹à:ä +†º +Oë³Néü&º2øÆÁ +x¢g§í +ÄÐ;Ræ0Ù.cì +Ÿ.Þÿ8kè3¯àï/ø{žÀÅ! +ü`%~š†N-œÍÅ»‹_{Iã%P€1}J†Ú«×DxÆ/J„9š6XAãRùžŽFú¡tö÷I +ñyûúîõ­:ܐ +(ÃÄôY¢Â3«ö‡ +R +«‘'®ÌgøUy·å„n÷æVÝ"xžºÀ“‡\&&îÉåžtØ<”܈Iž_ð?±ê å£˜B/l«µº:0˜PD1‹¥±_T‚ôÄ©{‡Á‰ûˆoªN=ì@øPãÙZšœ_—j‘µƒô>Q·²±Á3e"uká­dÌŽ ÞG¢Œ ##l?TÁ¬«òy« +-òžÌÄa—7èÎ¥ºí€U ’F +úQdzÄsSTè +Í˲z>΀è)bV{v7’O@>;/ çDÃñÎQÏoÚ +‡]ŸÚéÜjT‘Ri +û©Ë?O(Œ +(ÛŸ÷Øq +ǪˆÿX\!N`NPëþ{¥[eʑrÉPŠ|Z•Œh`Ðӓ ~¢U@B?Nb•ÕðÔ€„Ú[š€`r²[·.CkùŒ²D£©fâÈ6ý”*©EÎ#ۓáEÙŠ +ƒÛŒmD±9CXÁ±éâÚ +^. £Îߟy{÷ú~ +×à +ŽƒrhÜ©U}šˆ•Ez°ÉëJý–øÕªë}ւÏX&g\ À`ApBºà³ù"ž©ýó‹Ôˆ&Úà +ä/nÔÍuü«pÁ™ +²ÖÆeÍ4û’«+œƒÆ³D +Z0M¶>;Ó`ÀTd!ûªîóà +Õ"öÙGaˆši3€Ôd8õ9£ýPcÈG͓È9€ô ™¬¬SG N +ê>5Ž¬ +ª¶ +À®^r‡ +†€y¡{pɧ0^År¬UŽÁAf÷ƒ^Éû•p +a‰Aޟ‚=›|+“1xðòd":z"‚ˆ +¢\-n&a@0ôô±©Ú»ç~ƒ©Ž§eño•ÕtßÕ*™ã$ù߂{*—QoŽŒý^ +H3íªY­rL?gõŽÈ—S\eÎT›õç&/ŸûϧúN•~ÐçgÍêŸVæçš]o—ìŒñøÄ44÷Z +ªº +7lìãV϶ÉD +{${–ŠùgåúDÆh‡b8ÃnGçØjقi†S6uµ?süÃBOB +̑ۄù¬ô7“;}L[Vp“M5d@v‰9RM؋Ž5™qúP‹Fô¶%ÏIçÖꌌl’ûB+|@VµѰ᱊íÆ-¬ “š­õ÷€—KËrÅ<]3ÐÐÒ"W°Ä̹6›}®Ùþ +:1; +V¿ÁŠ|Pœ2í9S»Òt+àÑŽÈ—œ’s‰V•ÅãÓ)WbÕ +)׍PÓTïBl c“Dcl;¥çAO@Ñ±‘ܔͥÚcŸDèñ* +góŠªOÄ?a‘º6[ç,žšUrÁ+™òZcŠŸÁˆ7u”(vr]šLU¿¢®{ð@ʶb\ÿMWŽ£_·Œ?!üÉ/›Ã’чMm1dÜHAû“è+ŸǚþÀ‚^.endstream +endobj +3949 0 obj << +/Type /Page +/Contents 3950 0 R +/Resources 3948 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3814 0 R +>> endobj +3951 0 obj << +/D [3949 0 R /XYZ 71.731 729.265 null] +>> endobj +3952 0 obj << +/D [3949 0 R /XYZ 71.731 718.306 null] +>> endobj +3953 0 obj << +/D [3949 0 R /XYZ 71.731 718.306 null] +>> endobj +3954 0 obj << +/D [3949 0 R /XYZ 201.593 708.344 null] +>> endobj +3955 0 obj << +/D [3949 0 R /XYZ 289.432 708.344 null] +>> endobj +3956 0 obj << +/D [3949 0 R /XYZ 71.731 653.385 null] +>> endobj +3957 0 obj << +/D [3949 0 R /XYZ 71.731 653.385 null] +>> endobj +3958 0 obj << +/D [3949 0 R /XYZ 327.928 642.59 null] +>> endobj +3959 0 obj << +/D [3949 0 R /XYZ 431.327 642.59 null] +>> endobj +3960 0 obj << +/D [3949 0 R /XYZ 119.552 629.639 null] +>> endobj +3961 0 obj << +/D [3949 0 R /XYZ 280.235 629.639 null] +>> endobj +3962 0 obj << +/D [3949 0 R /XYZ 71.731 607.557 null] +>> endobj +3963 0 obj << +/D [3949 0 R /XYZ 71.731 607.557 null] +>> endobj +3964 0 obj << +/D [3949 0 R /XYZ 160.219 596.762 null] +>> endobj +3965 0 obj << +/D [3949 0 R /XYZ 71.731 583.691 null] +>> endobj +3966 0 obj << +/D [3949 0 R /XYZ 166.376 533.196 null] +>> endobj +3967 0 obj << +/D [3949 0 R /XYZ 239.819 498.406 null] +>> endobj +3968 0 obj << +/D [3949 0 R /XYZ 347.414 498.406 null] +>> endobj +3969 0 obj << +/D [3949 0 R /XYZ 71.731 458.711 null] +>> endobj +3970 0 obj << +/D [3949 0 R /XYZ 334.123 451.956 null] +>> endobj +3971 0 obj << +/D [3949 0 R /XYZ 71.731 416.923 null] +>> endobj +3972 0 obj << +/D [3949 0 R /XYZ 71.731 416.923 null] +>> endobj +3973 0 obj << +/D [3949 0 R /XYZ 71.731 384.18 null] +>> endobj +3974 0 obj << +/D [3949 0 R /XYZ 71.731 384.18 null] +>> endobj +3975 0 obj << +/D [3949 0 R /XYZ 327.908 373.251 null] +>> endobj +3976 0 obj << +/D [3949 0 R /XYZ 71.731 360.18 null] +>> endobj +3977 0 obj << +/D [3949 0 R /XYZ 71.731 345.236 null] +>> endobj +3978 0 obj << +/D [3949 0 R /XYZ 158.405 333.7 null] +>> endobj +3979 0 obj << +/D [3949 0 R /XYZ 71.731 305.804 null] +>> endobj +3980 0 obj << +/D [3949 0 R /XYZ 71.731 305.804 null] +>> endobj +3981 0 obj << +/D [3949 0 R /XYZ 149.141 294.148 null] +>> endobj +3982 0 obj << +/D [3949 0 R /XYZ 71.731 293.054 null] +>> endobj +3983 0 obj << +/D [3949 0 R /XYZ 149.141 282.492 null] +>> endobj +3984 0 obj << +/D [3949 0 R /XYZ 71.731 281.548 null] +>> endobj +3985 0 obj << +/D [3949 0 R /XYZ 149.141 270.835 null] +>> endobj +3986 0 obj << +/D [3949 0 R /XYZ 71.731 269.891 null] +>> endobj +3987 0 obj << +/D [3949 0 R /XYZ 149.141 259.179 null] +>> endobj +3988 0 obj << +/D [3949 0 R /XYZ 71.731 258.235 null] +>> endobj +3989 0 obj << +/D [3949 0 R /XYZ 149.141 247.523 null] +>> endobj +3990 0 obj << +/D [3949 0 R /XYZ 71.731 246.579 null] +>> endobj +3991 0 obj << +/D [3949 0 R /XYZ 149.141 235.866 null] +>> endobj +3992 0 obj << +/D [3949 0 R /XYZ 71.731 234.773 null] +>> endobj +3993 0 obj << +/D [3949 0 R /XYZ 149.141 224.21 null] +>> endobj +3994 0 obj << +/D [3949 0 R /XYZ 71.731 203.191 null] +>> endobj +3995 0 obj << +/D [3949 0 R /XYZ 71.731 203.191 null] +>> endobj +3996 0 obj << +/D [3949 0 R /XYZ 459.135 191.333 null] +>> endobj +3997 0 obj << +/D [3949 0 R /XYZ 322.429 165.431 null] +>> endobj +1046 0 obj << +/D [3949 0 R /XYZ 71.731 137.371 null] +>> endobj +3948 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4000 0 obj << +/Length 1319 +/Filter /FlateDecode +>> +stream +xÚµXKoã6ŸçWèЃ +¬Q²^œ5û¶(Ð`ëö’́‘h[XY$9Ù`ÛÿÞrš‡eçÑ€QôhfŸo>)qË +?nEœE>\Œ„ya`¥»3×ÚÀ/—gœ, +2qF6«³óO^b%, }kµ¶—K·%Píþ6Ë™vUó =,C+¡Ê(‚L"€€Ïê0íù‘@ +|²ªÖ‡ª}“Òx¥nªœ +ÜC‘ò‚ +‡e(©*B_®dC?Ž±úË!ž,qMcŽX]Ì3v|ž0 +[÷XpõPWéë‡Ài^äèz;u¢ýFB¥Ø²JÖ8è¡«øyÛ5JNzÎðӎŽ—öÚ +ÅÁ2±³‰ +Ñ°è¥ì®d†ºF£×ˆD€ˆ³@Lÿúy­¯è~œV¯›üN–ïôžíç]¯%Œ­»†’¢ö¥Jכª«h‡tÇ$%—RB§¡ò|æsïÙÌ®˜­›ŒìæÔºj“x +>Â"Š?J›,+"©Ëª}Gìb9ô¢!²ÆEv'³#ˆýg#þpLKØ +C܋)Cdü5 +mf€Ïí¹˜ŠyüojÂ0˜À4¥W );*€¯Þò?*iÆ æÿ:©»?ÁåœF ÁRÀ63dftSh +åÇRíoñ8¥Ñ²Qôäåf‚’ƒñýÕãËA=4j¥vÅJ_î͕ŽÑ¹öscOO3Ææ%ӄ}QîiÑR4üÞ +ŠUj®›jg8«÷Ý÷\³SâÜj;^2ã:i¥˜ÒȺ©$Þ> +ˆ§ÄZrÛ1ç‚7aøã‘FÒ³/߂ա“LÈÑS÷y·%iÞ՚˜qŒ¿-Ÿx°Ánþ—ÏoÊò€K©W=aø::Ci]5‡Ì˜Ö7ˆ‰šÖGEù +¹\ +@ÜÈRBoÎ7ùÐ>w§Õ²ž€G'Õ¿ºŒÒðW‹ŒÑQMÃÚ÷³j &8ópæƒú]'ñsŸDL²pR’9,šÞîšÃƒ:ª˜¶o +N얲€×‚BjŒ–=ÂTŸ +Ö/9ü8ÙЌi¿UzfﶥÞäÄ"|:ÁL÷7ñÌýÔ©im[o›þ!Ø5a]gGV§<Ü, +Sѹœ©7Ô .hMÃ;œš“Fœ1ÍŜ +à•ì4°‰Œa<^á߆ísÜ~ŽìšÓ3É +vN÷ɝS÷"ç®OøN6·¯jO)ó/°šL2p°šñlqðy‚>+,ᵆG~‡LfŸaêC1ÉD}›N|™Gúì(Í>endstream +endobj +3999 0 obj << +/Type /Page +/Contents 4000 0 R +/Resources 3998 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3814 0 R +>> endobj +4001 0 obj << +/D [3999 0 R /XYZ 71.731 729.265 null] +>> endobj +470 0 obj << +/D [3999 0 R /XYZ 312.83 705.748 null] +>> endobj +4002 0 obj << +/D [3999 0 R /XYZ 71.731 682.259 null] +>> endobj +4003 0 obj << +/D [3999 0 R /XYZ 197.299 672.871 null] +>> endobj +4004 0 obj << +/D [3999 0 R /XYZ 438.732 672.871 null] +>> endobj +4005 0 obj << +/D [3999 0 R /XYZ 360.555 646.968 null] +>> endobj +4006 0 obj << +/D [3999 0 R /XYZ 71.731 634.849 null] +>> endobj +4007 0 obj << +/D [3999 0 R /XYZ 71.731 634.849 null] +>> endobj +4008 0 obj << +/D [3999 0 R /XYZ 149.141 625.349 null] +>> endobj +3998 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4011 0 obj << +/Length 2000 +/Filter /FlateDecode +>> +stream +xÚµXYã6~Ÿ_áGÛb‹Ôœ@ +²‹ +$»AŠH° +h‰¶8­ +5þ÷©â!ë°»'@ +Ž(«XçWIw>üÑ]BIÀƒe„ÅÑ.¯ßø»3|ùî +µa˜‘(Í`}å£1J¶óf +þõðæþ[FwÌ'q”í +N“? ,ˆwÅÿöÿ.y§DðX’î3bž_êï +©dÛðÊüö­àjìÅ`Þ>0–à*Ù¿S‚Wª<üþðHKvÉâ + + IAºd$ÍPØÛì‰ü=oÌS6ª +- +ފVs‡UÓ*³xlÚ‹öOæM +èŸäöÓÀë’KÇÈnìÇŠ‘ÍùΒܗ¬ždU™UÍÑ6áY +”ug9+ûã0‚ŒãFûÏøOôö»TÄ,ŸM.îÐrˆGÉ"cçs;EŽg³ÈÛfÆRxÓà êšÅÅxqÏÁzÖpj +qg–ã&Z’¶ +ј Þ·°<™¥öÔìç#9˜= + +òqD±”ŠJi ‘#9±!¥;šF#Œ©ç‚F„E¡66#ÔÂæ{YÍ`­ŽxXôÝÚçùšøW•x.Œ€I¢9/Bl\ ‹£]Þ֝¬Ža֞ÒaëºÖÅêÔZpqûqò)²ŸšUkÙv¢çhŒEP-xcLB\” +\é@â Õõí¹çõT«Ÿk˜‡©Ñž&Üš,ð}ÛQ™w '=ªÖ@N¶ã`~P=Ï-­'<¥²ß:ÈHD¡áƒ¡¶" ʏÄÐ<”v÷©­*“OÆ&øÉ:ÑS²v"&¬À +ïÅxƒÉFÅBÿ4‘ +ÂK$ýE=O4ü"¬ë¿2¢h—†ؖ¥(€mHþGÛü +5g‹ŸýµÃ* +kMp +/­í›o +ŠºIYB"Æ}‰³àjiu4ތÈÔ֙zkFš&%qABÂ4Œ&nýŒˆ·{^¿bŒâ¿v5OÔGQ:St +ôàë7 +°Aþñ4¢—r® +áÑ&ܯÿýe–¢v%uJž¶¶L>£ãy5ºôÎ. +²4ÅØkQàdAb©ò²p» +­è4#10žãтØjH¶õùÁ‚;L8ÓzÌžýY\ŠÄFa +)I¢/R8¶T® +Q–.[ ‹"rz!$‹Ÿœœ +ÑmèYԄ݆ÞVÜ@ï%ñ+Æ(~ò|-†Ÿ]–ºZ>ekÕZ\}ð}æ"È{ÛÓ +,ÿ&·Ð‹#⃂¯EÒ'aèâœFÐñÀüý(+å9zšÞ²1åÑcY!X¢rj=6+deŠó + +øàGþ¶®R?è»äX4GïGóŒïž*ïU{l5Cíɍ©Ô +Ç €Ñõ˜TòŠ˜2ªtž†NÔ + +Ô +Ì +U=âÈyê· +Æ®ç +Û¬c`vðýpчNäòdÉ-kT|9 +òªŒ°dfŠ6“²áýóu÷ r&K~n‰ì R ÛäW#Â?ó +k +ÐEïÜ-³ù©”X)Ë+­q׋OÏÂÎŒëDõø2aM­ª[ÆbðTK“I²³-6 +gd°šð~W¥$ +¢ +V` ó>ýh°ˆ+‚h +¹3Õ·“ÙùŒÙ c +/ŸÆA™Õ:—7öM{ +žŸ¥@ò'óÖãürݑ†*«—Nü˜xÌÇH«#|Åé‘"înÔÓL’ðåz:#ºYO + +Z +ܬ§WÄœ^O_¿bŒâßÍ{öŠŠBaáG>ˆk¥ÔM†G +àhù +ëhŒ¬£Ûê0K„‹5Šd€I]”ŒÛN‡µiÙT +K7ùiÏÎÂJšSæM²4qèeŒ^hnBԒ ‹Â›ÝÊz + /É^²]Ž{8æ¢ËÏ£9EmÃU›b1;ÆáЩtά +xšêJ™ÃÌfƒXJ^›%ömHºvPCÞKwtׁ¹ÞŠlÁڭɶ'6„Ù-=ÇÇL8CÀÉCï&„C +@1I–CÃRά1/ªÎõ9õm} +ƒÐߊlÔŠÜ­p5eÎèrà +öemŽk +(‚˜°ÐÍEºCˆÃ +â¶WWòNiÓ7uBgŠœ¹;{»Cõäù·Úítÿ?ËüёçCg^¶ú2Jal‰n(¬·ýCé@Ó=j{҄V5Œ.‹ +xš|êÀí±¯ÝNºak}‘ ¥SUÛô[&üD­:·î]5Ž]L6ƒ`oûlÂH9çڑè‹ÖµAi/ÞøšÚ’ËåG‚× +§C€Õj)„Ï/qf–x#q’‚Æ>I&›l÷Žxñ°ŸîØf8^6LyƒC6÷€_îIV©jòán‘#0QWR=o.V6÷ +óiÒÌ6‡[÷ %ñ¹ ¥³+ +›<ï]JIu±Å\Ñ ˜ç·h³Ÿ3 +u¥šº«ž Ù9.þÓ*qe€c€ß©ùöŽåU¢æÏ.UÌUš·°|Î2NI +sË +£¹ùÓ(? +b³ž?š†Ð‹Ù$‰Œ3äÊFV€Å³ê`†·f5Æ9øØ[dW1IКi”<ºa€ePu àÄÈÞ +ÊsãLXC¿œÝ@Jå„Dþí©¹m/-~gyÔ8pšž²Ò—Ÿ”èÍÄÛƒé«l¯ÛÃò,¹Úë- +w!1ív6uE`: +SÇ=ÆkIöö+éO°È%¿endstream +endobj +4010 0 obj << +/Type /Page +/Contents 4011 0 R +/Resources 4009 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4052 0 R +>> endobj +4012 0 obj << +/D [4010 0 R /XYZ 71.731 729.265 null] +>> endobj +1047 0 obj << +/D [4010 0 R /XYZ 71.731 718.306 null] +>> endobj +474 0 obj << +/D [4010 0 R /XYZ 472.151 703.236 null] +>> endobj +4013 0 obj << +/D [4010 0 R /XYZ 71.731 672.579 null] +>> endobj +4014 0 obj << +/D [4010 0 R /XYZ 252.392 663.903 null] +>> endobj +4015 0 obj << +/D [4010 0 R /XYZ 218.144 650.952 null] +>> endobj +1048 0 obj << +/D [4010 0 R /XYZ 71.731 648.795 null] +>> endobj +478 0 obj << +/D [4010 0 R /XYZ 282.566 605.698 null] +>> endobj +4016 0 obj << +/D [4010 0 R /XYZ 71.731 581.942 null] +>> endobj +4017 0 obj << +/D [4010 0 R /XYZ 71.731 581.942 null] +>> endobj +4018 0 obj << +/D [4010 0 R /XYZ 71.731 524.836 null] +>> endobj +4019 0 obj << +/D [4010 0 R /XYZ 71.731 524.836 null] +>> endobj +4020 0 obj << +/D [4010 0 R /XYZ 191.082 514.041 null] +>> endobj +4021 0 obj << +/D [4010 0 R /XYZ 71.731 491.959 null] +>> endobj +4022 0 obj << +/D [4010 0 R /XYZ 71.731 491.959 null] +>> endobj +4023 0 obj << +/D [4010 0 R /XYZ 71.731 490.714 null] +>> endobj +4024 0 obj << +/D [4010 0 R /XYZ 137.484 473.693 null] +>> endobj +4025 0 obj << +/D [4010 0 R /XYZ 424.176 473.693 null] +>> endobj +4026 0 obj << +/D [4010 0 R /XYZ 285.259 460.741 null] +>> endobj +4027 0 obj << +/D [4010 0 R /XYZ 71.731 458.585 null] +>> endobj +4028 0 obj << +/D [4010 0 R /XYZ 137.484 442.809 null] +>> endobj +4029 0 obj << +/D [4010 0 R /XYZ 402.568 442.809 null] +>> endobj +4030 0 obj << +/D [4010 0 R /XYZ 242.111 429.857 null] +>> endobj +4031 0 obj << +/D [4010 0 R /XYZ 71.731 401.797 null] +>> endobj +4032 0 obj << +/D [4010 0 R /XYZ 71.731 386.853 null] +>> endobj +4033 0 obj << +/D [4010 0 R /XYZ 194.772 377.354 null] +>> endobj +4034 0 obj << +/D [4010 0 R /XYZ 124.533 336.507 null] +>> endobj +4035 0 obj << +/D [4010 0 R /XYZ 137.484 318.574 null] +>> endobj +4036 0 obj << +/D [4010 0 R /XYZ 396.759 318.574 null] +>> endobj +4037 0 obj << +/D [4010 0 R /XYZ 71.731 303.466 null] +>> endobj +4038 0 obj << +/D [4010 0 R /XYZ 137.484 287.69 null] +>> endobj +4039 0 obj << +/D [4010 0 R /XYZ 173.728 261.787 null] +>> endobj +4040 0 obj << +/D [4010 0 R /XYZ 289.712 261.787 null] +>> endobj +4041 0 obj << +/D [4010 0 R /XYZ 416.695 261.787 null] +>> endobj +4042 0 obj << +/D [4010 0 R /XYZ 137.484 248.836 null] +>> endobj +4043 0 obj << +/D [4010 0 R /XYZ 71.731 247.621 null] +>> endobj +4044 0 obj << +/D [4010 0 R /XYZ 71.731 232.677 null] +>> endobj +4045 0 obj << +/D [4010 0 R /XYZ 176.337 222.236 null] +>> endobj +4046 0 obj << +/D [4010 0 R /XYZ 71.731 184.378 null] +>> endobj +4047 0 obj << +/D [4010 0 R /XYZ 137.484 158.475 null] +>> endobj +4048 0 obj << +/D [4010 0 R /XYZ 71.731 156.318 null] +>> endobj +4049 0 obj << +/D [4010 0 R /XYZ 71.731 141.374 null] +>> endobj +4050 0 obj << +/D [4010 0 R /XYZ 190.289 131.875 null] +>> endobj +4051 0 obj << +/D [4010 0 R /XYZ 343.674 131.875 null] +>> endobj +4009 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F29 790 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4055 0 obj << +/Length 2287 +/Filter /FlateDecode +>> +stream +xڝY]Û¶}ϯð[m ŠEJÔÇò°·HŠMP4{qQ4EÀ•ž¶Y(¹ÿûΈCJ²”íŠØ[Z~̜9s8CóM|“p–„ð!2&b¹Éϯ‚Íþóã+N#ö4d?óßûW‡·"Ûd,‹ÃÍýã&”’¥¡Ø$¡`©›ûâí'ÕöÚìöBیÙÏ»¢(û²©UeŸßî¹Õª¿˜]˜luo£lûQˆÄþÿC¯U՟vÞÿüêÍœ7J +Îp»gÌŠ! +³Ãh4›óŒI07– “ð4{¿×µzšôþ\æfÇÓm³ï¬¯ÑŠÃ[)7),ã̇µƒaæ—Æ|ú + +F‰dÜ& +wƒÊÎ:V•Ÿw<Øj;zj”ˆY”ÐhoL7â0_;–àvø÷v퇝¶—Þ>\:M[*ûñ]ݘ³ªŸ³OyS +qŒµã[ +}/«ÁºÍ^@Tƒ0Ùì¹`™äÃVÔ +íq*‹BÓD°tÇåöž“[U7G£ÚS™*|[]agKƒÍ +y“$sŸë&¯þx}÷ۏ.ÝÎiHn?•Ñ©(;œÚ9ßÎgUp0¡Öö¡UŠ+ë#‘òþD¯›vÊM5„ÿx9ëšü,o<«c™OÎÆ2²oŠXRŽÌh¯õÔ~7Z`“3 +¬ +¬ßW¥³zjYòhš3¡3IG! `£\×úKûaâˆFHüôh?{‡ÒÀtý +Ï©E`åJ–6d`*+ +ž2~‡U‰ÈÊá4Âá‚ù +&#Œ4š<çuáÃíãXUÍNÈí=÷ã0l§Ì­©­A>x#g'±}*!7 +Fm¥{]]}eo”¹Ze[pêÀ˓£¬» +Ìß×ê¬×„ d!Í(žïïÞœYÆ_D,é" +ŒÆ%‰žÎ_˜Îڐ?Ž¯.&2`éçèÈ£„ +2vtTç“Z#d3!#¡X®0à”sj'’íºc(ÊÎ÷§“Š¢ñÙ¥–0ïÃ(dٍȝ‰ôÔõå†2b£oÜÎlBÂ^TdÁQËq—ÊfŒq†”uÃ!p—Bû +Ý¿†åüëUiäЎÅÒbÐÝé:'û›G²Ñ†šÙ'ÁЀ’\¯i§²µýÀÏ +`‡ê#ZlOIDǎÈÖ(5 +PJŠ[¡Ÿ®±Løâðš.E}äXُ.Pç0àâܱEÅ¥*ì£ÁG +sšLI9œÉ +ž“®ÚÃ]ÓâÍ +{ÂjoáÀk¿Ü5ðË- +ê÷ +ÐŠŽi +ˆ>Wï(ÝýÜŒ‘ÇMY8gMô¬;cLU + +5R¢ôE(² +ÆV ʹ +I#Ý“39&%X +Ÿì]ZÂB!€ž@Æ8ãäÑÿ:oÃgmj]ÑÒMq©\":? ÉÐ3;ôeð +<`~9”_ÒØ×g EvËŠ®š¡ÿxtütn‡dI4WTê™ à£ŠtzÅnx(¯c’ùÕõè7†Ç +VОT̯‘J+·26·Œît>JI®Œ~ŒTŽ +ˆŠMœÍž¬ Êp©/óK¥Ì‘ùDúTïEÁ +VÈšþf‚® +WÌ +)ãLÕÝ|d6GèA“0ê[Z +ÿ‡²Úg𜥜 +fŒÄm<œeï؉K_–·­®)Îü+z鲩ÖÎ;Ç7£©°ÙßX°Ù +­µñ±Ö·³Ï +rnz€xŒf( \S§b'‹ä‡%ÈÌdÚµ»B³}ö¶ÐPuô)Â[©Ô|j,µÅÉ¢û/f +ò²rË8Ký=ˆïQ>cÊŸþðû‡û7ùôîîוÊ3IŒnnGÀ×öVŸÇŠµœ`±}akDT* + Çjšòkj=ÎÂt™0 +Ì«²Å*X‰7ª›óq„}†‚GÄ¡ä\+Ã\¡h/cʪ/:ßúÑ,j +’™xrÈlš~fÇé'• +qlä +œúä†k"š%ðiÈž/ù'ÀŽÎ4fifQ®™ôù%{ÐúT! +8)’4šuž–.W,Òwýàµô„@·ÊuÝ®q÷Ìý0€;«vve»$G«Í$$úÅߊÝÆí +jðÁ¬@= ^ +Ɲ÷æxFšä€Â>\á>ä^ +ÊŸ² €G–­s`±`’°4Xöôtt®wôšCQ8OðžÅ\ µ¹îÜ=ÔkI$Ÿráá!ïz㛻÷»P +¿phM‡š}»ºð,cQt«.³÷˜ewš2+͇“‹xóúu×Ô$ۈ Åa<óýkfŠ†ÈçÌ\œÇL|%áÔÏ_’MdpŽšÙé~’G­Ù¥^:Gxoí1D+ö® +¿GØPÉ4¥9” +»® œ“ž×ߊDÎ5 àp~‚Ùîâî—frCê¯LÊó›ä¢Tã­ÛКGÿóÃ¥®Šs‡Ê:Ih‚çµSXÖrZ,&o0ð¿))\×[º;$ÈÊýj{èiõonEFÜø¹œ³œç!“ÁŒù ++–5µ +ò +Š3ƒ àáu¿Êõä‚}„lyFbpÜ¥ÂxY„rêÁ£ + +/à ˜£¥Q7€Ïˆ>A³_m‡2ý‰~ڂ3-åɳ?~C¿}I +°,ÍÜ*ˆVš|å«åNI[.Bendstream +endobj +4054 0 obj << +/Type /Page +/Contents 4055 0 R +/Resources 4053 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4052 0 R +>> endobj +4056 0 obj << +/D [4054 0 R /XYZ 71.731 729.265 null] +>> endobj +4057 0 obj << +/D [4054 0 R /XYZ 71.731 670.486 null] +>> endobj +4058 0 obj << +/D [4054 0 R /XYZ 71.731 670.486 null] +>> endobj +4059 0 obj << +/D [4054 0 R /XYZ 219.117 657.534 null] +>> endobj +4060 0 obj << +/D [4054 0 R /XYZ 285.737 657.534 null] +>> endobj +4061 0 obj << +/D [4054 0 R /XYZ 71.731 622.501 null] +>> endobj +4062 0 obj << +/D [4054 0 R /XYZ 71.731 622.501 null] +>> endobj +4063 0 obj << +/D [4054 0 R /XYZ 341.557 598.755 null] +>> endobj +4064 0 obj << +/D [4054 0 R /XYZ 71.731 550.77 null] +>> endobj +4065 0 obj << +/D [4054 0 R /XYZ 71.731 550.77 null] +>> endobj +4066 0 obj << +/D [4054 0 R /XYZ 215.441 539.975 null] +>> endobj +4067 0 obj << +/D [4054 0 R /XYZ 387.425 539.975 null] +>> endobj +4068 0 obj << +/D [4054 0 R /XYZ 433.92 539.975 null] +>> endobj +4069 0 obj << +/D [4054 0 R /XYZ 119.552 527.024 null] +>> endobj +4070 0 obj << +/D [4054 0 R /XYZ 460.847 527.024 null] +>> endobj +4071 0 obj << +/D [4054 0 R /XYZ 490.177 527.024 null] +>> endobj +4072 0 obj << +/D [4054 0 R /XYZ 175.721 514.072 null] +>> endobj +4073 0 obj << +/D [4054 0 R /XYZ 185.125 501.121 null] +>> endobj +4074 0 obj << +/D [4054 0 R /XYZ 353.273 501.121 null] +>> endobj +4075 0 obj << +/D [4054 0 R /XYZ 438.213 501.121 null] +>> endobj +4076 0 obj << +/D [4054 0 R /XYZ 71.731 488.07 null] +>> endobj +4077 0 obj << +/D [4054 0 R /XYZ 71.731 473.126 null] +>> endobj +4078 0 obj << +/D [4054 0 R /XYZ 345.306 449.913 null] +>> endobj +4079 0 obj << +/D [4054 0 R /XYZ 391.801 449.913 null] +>> endobj +4080 0 obj << +/D [4054 0 R /XYZ 267.703 438.257 null] +>> endobj +4081 0 obj << +/D [4054 0 R /XYZ 76.712 408.668 null] +>> endobj +482 0 obj << +/D [4054 0 R /XYZ 153.609 350.645 null] +>> endobj +4082 0 obj << +/D [4054 0 R /XYZ 71.731 347.676 null] +>> endobj +4083 0 obj << +/D [4054 0 R /XYZ 71.731 332.732 null] +>> endobj +4084 0 obj << +/D [4054 0 R /XYZ 71.731 251.218 null] +>> endobj +4085 0 obj << +/D [4054 0 R /XYZ 211.416 238.267 null] +>> endobj +4086 0 obj << +/D [4054 0 R /XYZ 379.504 225.315 null] +>> endobj +4087 0 obj << +/D [4054 0 R /XYZ 251.148 212.364 null] +>> endobj +4088 0 obj << +/D [4054 0 R /XYZ 71.731 190.282 null] +>> endobj +4089 0 obj << +/D [4054 0 R /XYZ 119.552 166.536 null] +>> endobj +4090 0 obj << +/D [4054 0 R /XYZ 278.485 166.536 null] +>> endobj +4091 0 obj << +/D [4054 0 R /XYZ 318.992 153.584 null] +>> endobj +4092 0 obj << +/D [4054 0 R /XYZ 147.507 140.633 null] +>> endobj +4093 0 obj << +/D [4054 0 R /XYZ 352.216 140.633 null] +>> endobj +4094 0 obj << +/D [4054 0 R /XYZ 182.087 127.681 null] +>> endobj +4095 0 obj << +/D [4054 0 R /XYZ 378.906 114.73 null] +>> endobj +4053 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4098 0 obj << +/Length 2164 +/Filter /FlateDecode +>> +stream +xÚ­YÛnä6}÷WèaQ›€D]ÈC²È,`7Ƌ`‘ 6j‰íÖZ—Ž(ã¿ßâUb«§g’1 +»ÕYuX¬:uD“à 2‚²>hhʂª»ÃÁ#<ùÇ +1#"3$ZùîánÿŽAŠ4 +ŽAÌÊcd1E9£ÁCýKø÷Syžøž‹(Ãaôç·uÝLÍЗ­þþn—±—Ó<îâ,äî&EøÒL??ñ²N»_~žûþÁb” éîl3d +;[`R p3œ£8IìŸw p©üS”ꋧ +Á!{ފ{}gèÛ{ÅœA;Â8}«ê¹åÿþ]’9žN•ë4Cq*ÑJ§¢ìNeÓÿ÷ÔÔ += +zøi +#’çfôsÓëãø°£8œ›¶6a~85Âó¯®&€í@~E,)‚ˆPT˜ +Œ=F€ éÍčÁédl~.ÇrK×ÖRœ^,Š¥àÛ%e%Ô.Ƀi ÷Ãd.8¯y­¯Ë~GXøÒ +£ +ö#`xãs#¬3ïYnÇ0>{¥Y;ÉÂqbÖN”ÿš‹jlÊKÂÂò0H7ååîœ_£oT€E]š]€OñÜLÕÉÚŽ;Ê£ü’†‡}ó\ +á +è Ê¡gYúúÍ ŽŒ[èø7ø™2\LՁ{«Ã +‹ráÅÞÞ6œ€‘:h率ô1èƒÔÍCåKßXûÞî +—•ž¥Êøw2óôªd˜õGÛôó—µãröÌí÷ÈŸ›‘ +oúy +Ζ<\v믌—%ú±‡ŸãýdÒà?;"w{6izf;þTÊù:”e¥>mó؏ݟm{ +g±ÿmîËÌ€‡ÑøÛ."áþ °m‚DXŽf¶hOMeHå<4ýd–«6ttœûj͏zéó3«ÿ·˜Ëø(e¡©Ý +Nwcî²¢|ÿ SiiÅUûåÎ @2Ìce7ë8ŒÎÛx9åÞV¬E.ëAoC?ižêþÌpsÔ×ÕН›Öå’ÒIÇjŒcé¥lZ“‰¿`óºòe!ÉÕÐÀ˜>Î#¿Ÿì5 +µì/XõÛU:áLåFª +†”’BSãéofX¶ ++ !X>¬jb{ébÿ€,ï5†} +ÅRIÒƗ³È˜‰xcé—yëÊ'“ÒÝh +ï•íV-4Iø±y|mÓ5?o+8I!‰+l8ˆ¡å“™£vP^@¿RŽÁ”Æ(É©Á”ýé0š\Ýà2fWž”Šø2L¹W.L.nqØ«lHÛƒâVæBÚBòªÌU£ +u®Õ +IAº,€H!( +Pn¿ßýò+jPy?Àïÿà÷ùNŽ),, š(â`äÁñîýÝOΐ€œ‚$ÉnѓíÀ‘ȉ⌡") PŽjgi: +&¬@$‹µ.U} +,‘å hŸ°››,™IñT€(&ˆåš§#Á§;àÚi%ž6RP0" +8~¥È0J©UdF<é PèÀãBQŒŸ’\]¡ƒ•Ç8¶I5ôÈh²(uZ){Çå‘]-ü‚Ò2ÄÄÄhVžjºsÛpa-Øè)¹%÷  + +Ì57°+û +¢ [²¥š5Ó̧°hÝ€ÇÙÅAy³]dÉ~µ0ðh ‚ÖHŒÖžÆ+‡,(ˆ +˜˜ [?¶&ðŒ¯dߐ +ì‘×ÛXç ôk˪YÁ€Yp/¢*ûº# ÆìŽ_w¶ùÞuœî6Êsc0¢qÝÊg›(â}yÀ[ +ÁÉÐ|ó¯oÿùýÖ¡1ÊHv±’êTöü"sø.Æáò¯æ©T²§Ýd•5!†ŽO'™:·ŒŸ5֑Ãëæ(ÃQÍíäÛѯöõ‚‚šæ$˂UÉÿUúˆ ð¥j%jà×±YŒèkðaþ*|HtٜÞæÃ8†ÝÏñ!ý,RŸ;'Mª‹'™6ú­A*·HœyÕš­—~ï-ÔWx2ývZœ“9>‹i‹ŠBs¶²â`ŒBCSªUéKÉÉ'Þ«|þ(¯¥š + áÅ'~eUó8‚(¶ +Å^_]‘a2qݱ%ñ‘Ÿ[ɂeeŸšzz±ëä벙ÒsKü +¯@÷>gZð>+^g-ô +í +-ô§~jª²•âÆìû;ù² +2~ +/*Œv•nö[®§y<™ÄiyYûÊñ:—}S¹.ã¯Äu"-†_ +„'—²Åya’âý‹˜x‡ºòŒM +†¡'Ø#Ÿ¥¯œH̶™Ø—UÊlsIl7ÓÎ[¿KhÍåôŠ—{êÓÛC—Õ)(ÎC¿ +[ÐöZ«WãýI +]QÅ«ð(ýz +Åä+mL +~~Ij »Å€DŸ&ì“&% +±ŒÞfÒø“Lš{Êò瓭ñk)`”;e¿>-ÚZO1htvyŒ·ÊB˜•Ñð¯j=pÑ¿±©Õ«#°g'þH¢ÏýL*c‚’ÔOæò0Ìfv3‰µ²h *ûŠ¯ÚÀtš-1MNºŠYžÝ +ÄÑ$ŽšMVü'O‰ß«ËyºRu2Û¯UeØŽs/ +åq²mքòþºð`îÍj•Y[éLšØB³ýÈë +òpù¢Ì}/ +ØJr/ù.N›éêŽyÕ&_vœÝŸ/HŽc‰e +wÚ +SüÓfž‡ÃåÈÙV˜lyîšùZÿXä_%ÛWÓáQ^ Ê.‚ŠÊãÛÿ4ƒ—­œdWÿgÆ`bØ3DÆ-Ï?ñ®ÅŒõôè ÷êendstream +endobj +4097 0 obj << +/Type /Page +/Contents 4098 0 R +/Resources 4096 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4052 0 R +>> endobj +4099 0 obj << +/D [4097 0 R /XYZ 71.731 729.265 null] +>> endobj +4100 0 obj << +/D [4097 0 R /XYZ 71.731 741.22 null] +>> endobj +4101 0 obj << +/D [4097 0 R /XYZ 71.731 718.306 null] +>> endobj +4102 0 obj << +/D [4097 0 R /XYZ 286.913 708.344 null] +>> endobj +4103 0 obj << +/D [4097 0 R /XYZ 232.158 695.392 null] +>> endobj +4104 0 obj << +/D [4097 0 R /XYZ 119.552 669.489 null] +>> endobj +4105 0 obj << +/D [4097 0 R /XYZ 71.731 648.284 null] +>> endobj +4106 0 obj << +/D [4097 0 R /XYZ 119.552 623.661 null] +>> endobj +4107 0 obj << +/D [4097 0 R /XYZ 71.731 585.639 null] +>> endobj +4108 0 obj << +/D [4097 0 R /XYZ 130.311 576.139 null] +>> endobj +4109 0 obj << +/D [4097 0 R /XYZ 149.679 576.139 null] +>> endobj +4110 0 obj << +/D [4097 0 R /XYZ 130.311 564.483 null] +>> endobj +4111 0 obj << +/D [4097 0 R /XYZ 149.679 564.483 null] +>> endobj +4112 0 obj << +/D [4097 0 R /XYZ 130.311 552.827 null] +>> endobj +4113 0 obj << +/D [4097 0 R /XYZ 149.679 552.827 null] +>> endobj +4114 0 obj << +/D [4097 0 R /XYZ 130.311 541.171 null] +>> endobj +4115 0 obj << +/D [4097 0 R /XYZ 149.679 541.171 null] +>> endobj +4116 0 obj << +/D [4097 0 R /XYZ 130.311 529.514 null] +>> endobj +4117 0 obj << +/D [4097 0 R /XYZ 149.679 529.514 null] +>> endobj +4118 0 obj << +/D [4097 0 R /XYZ 130.311 517.858 null] +>> endobj +4119 0 obj << +/D [4097 0 R /XYZ 149.679 517.858 null] +>> endobj +4120 0 obj << +/D [4097 0 R /XYZ 130.311 506.202 null] +>> endobj +4121 0 obj << +/D [4097 0 R /XYZ 149.679 506.202 null] +>> endobj +4122 0 obj << +/D [4097 0 R /XYZ 71.731 494.545 null] +>> endobj +4123 0 obj << +/D [4097 0 R /XYZ 166.376 439.069 null] +>> endobj +4124 0 obj << +/D [4097 0 R /XYZ 277.002 427.592 null] +>> endobj +4125 0 obj << +/D [4097 0 R /XYZ 166.376 415.935 null] +>> endobj +4126 0 obj << +/D [4097 0 R /XYZ 226.289 404.279 null] +>> endobj +4127 0 obj << +/D [4097 0 R /XYZ 352.663 404.279 null] +>> endobj +4128 0 obj << +/D [4097 0 R /XYZ 166.376 392.623 null] +>> endobj +4129 0 obj << +/D [4097 0 R /XYZ 71.731 372.745 null] +>> endobj +4130 0 obj << +/D [4097 0 R /XYZ 166.376 317.268 null] +>> endobj +4131 0 obj << +/D [4097 0 R /XYZ 315.781 305.791 null] +>> endobj +4132 0 obj << +/D [4097 0 R /XYZ 239.765 270.822 null] +>> endobj +4133 0 obj << +/D [4097 0 R /XYZ 71.731 250.945 null] +>> endobj +4134 0 obj << +/D [4097 0 R /XYZ 166.376 195.468 null] +>> endobj +4135 0 obj << +/D [4097 0 R /XYZ 207.244 183.991 null] +>> endobj +4136 0 obj << +/D [4097 0 R /XYZ 241.54 160.678 null] +>> endobj +4137 0 obj << +/D [4097 0 R /XYZ 166.376 149.022 null] +>> endobj +4138 0 obj << +/D [4097 0 R /XYZ 353.906 149.022 null] +>> endobj +4139 0 obj << +/D [4097 0 R /XYZ 315.879 137.366 null] +>> endobj +4140 0 obj << +/D [4097 0 R /XYZ 283.924 125.709 null] +>> endobj +4141 0 obj << +/D [4097 0 R /XYZ 71.731 118.407 null] +>> endobj +4096 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R /F47 1176 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4144 0 obj << +/Length 2117 +/Filter /FlateDecode +>> +stream +xÚ¥X[oãž~ϯðÛØ@̈ºXÒûÐ-f¶³Ø[‘h±³(h‰Ž¹‘HW”&“ßCòº9é +A`J"yÎ÷+I7üÑMNIžÀO\’ømªö&Ú<—ïn(ÎØã”ýdη7wãrS’òl +N›$ËH‘Ä›<‰I‘Å›‡ú×íŸÎìÒón·³h[÷ûǺœP’5îùã.϶œõC·Kò-×ð6-·Ÿã8wßï{ΚþŒûíáû›A©,ŠÄˆ{Cí$íâl³§1)3jæüóæ×ߢM +s¿‡ÿßáÿùÆÌNâˆDy¶¡€,“MÇ7§›û›¿„­"Øã@IÅomâû‰«MìI údYJ +<Ò +MI’ + +‘Ž8$9l%YæŽH¶£Ùö +°œäÅV*â©ûÙ»ŸOíE¶£mÏ$NýAÈ +¶ÃW÷“ƒ­nHœû˜Š›Ìh¥ï©±(p +gŇ3wK4ZÂ>Žª +üp܁ÈA4µvϟ£(–øMÉ·õø +e‘ØíéöäžûórSþâ[¯»ûœtêbÜ +ži^ +k(JÙÁj^)iTy +:Ž» [™ý8ÊaGeÉÝÅà†  +Ej?!Ïæ+C‰=-ê)²rÛ?`jªŠ~P’lŸ¥{Ý^®šhàß÷Üü’P£*&ëq— [EÝÿøËu•*Œâ –£çɐ¹RÜSÝ°Þ +ip‹[œ +·±™ž!ù":3Šº˜ªâ&ŸÛAá˜#où7Ñ;ÐIä‘ŒwÊÅ4NHLSÔNH +z¹EäN³ȫüZ)ڒ'³‘šÐ/¿€`ÃÔ7Ѳ€¥yIÒ<ßLŠÁÿZXZ²õÞLŒÿ:7-QP}fj$%AÅãŒDYêj„žŒ¿b[ÅÞüu=z]7\öõe +Ÿœ«ŠkíÝVŒ5B`º’ÌñësG‡ +Ÿ€µý³ŒõKœ2hðæEÌ¢ï¬ì¿GS?Û﹄äEMòڃKô°{«Æ +?T𚟠+<Ãél¹å¡:Mi!Vªm¹ xØæåS6¯— +Eÿ2†5kŽZÔºŠYŸŽÁ\ÖØ£’SˆÀ] +þìÖÐWËäŠ.È@iSþ§>ñ×+¶p¡ïíÙ¯«¿IH8•^<6caê£z¬0­Ÿ–Gìໟ~þñÃÈ%±-¿+`‰é ‹ +µ~¬Û5.ÈHiŒj¡/ +êf9N²zºd– [&Ù£¯ºF:XI΋ËØä$}ÄßD+|9'ÑOœºüÁ·Š¯ñ¡ŽÚˆO¢ym%<ÕíŽÁžg}­–ªÓ9à0³š1\±›ä¡*©iÍñâß:W¡&êíygዊÈáx±l%'ÛùºÂñUÑ£¡(Å4³àõ ó}‘J]C +'ää[Ç+ƒíiíɶ°|5™Ž÷9 +äãÑ)Í!՚4)7wÎñі<9qcž/æuxcú +7ò=94?2å­;=YðÕæøœ(­Å±Á5–Qó–UOnäÈ3¢dÕœ\pµb„žRçµqš2D»Ò-ží +ü +»µÞEŒËž³˜ùû {ZDÖsÛù'ùÄ«^ŒØ›;ô +XgU@ùÐðyŒg¶DØ\“ÏNAÛ7ºÖ +á·RC§qQtŽ% ä_:®¹ôËQÈ s”ÀBýu·~ù ýHà ØÛN¢µl–_AÁ +f€“ç ñšhoúpTää]K +Oƒ†ª@·#/ž†%&gŽ5†Ñö^=/”!‡ +©¶žzÖíh±}äýBÖ +¢ÿÂ÷°Â$éNÑ,’&ÂÇÝÈåi +†óu?_i_IÌ\ûå’ÿ[" ©ŠRßNâád +r +ELx#{P÷ÀËY÷‚#¶GX†íLI>ºÒ­§Vë@-kÔ8l\¢4"4>Ì,mڎ ¡Ò +uæ %éµ·=87ØT_xœêëý¢‚CVï}Q`ßIv,Š`ˆŒôDÝõîè<ç +næ9G˜âŽt +8O=M"üžLŒÚ{¡u~ãgLUð6% ôþӀ®tcœl‡Ì + +]Õ#¥cÐÝÝÑO›U€Œ„32Áû,4_æTÇ$6 +š\•ö + + kÕ.5ìç[Í©À‹3ºpÉkï€>;†§Ù“Y+ +rU?uHás'kÀâuðà, + g®.m¥{žBž} +£÷ºNðÚw+kÖ0uó® >ÓMœ`é| +æQ4^Œ "Hssï‡!µâùïËÂk(kÞð8ìîVIʇ·è¯•et@àî¶êJéÂ.ÐÚf +ž9ôBŸ‡¿ƒŽ¯ºž% +$q +žkÂÍҔ‘$ÓJŒôµ +ú¬&Ž1\’OÒ'ºB~h I¥ÑövVS'Òm3le=>;À)»˜yÂB_QÒßw”b'ë4šzn${WkïšX7v#ŠÄ.Õ ;BAú"*WPÓ +Œ +‡VAó7ïéÇ)«kú +ZöN 8Å +ÊWîÖגþ•f2endstream +endobj +4143 0 obj << +/Type /Page +/Contents 4144 0 R +/Resources 4142 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4052 0 R +>> endobj +4145 0 obj << +/D [4143 0 R /XYZ 71.731 729.265 null] +>> endobj +4146 0 obj << +/D [4143 0 R /XYZ 166.376 670.002 null] +>> endobj +4147 0 obj << +/D [4143 0 R /XYZ 166.376 594.662 null] +>> endobj +4148 0 obj << +/D [4143 0 R /XYZ 370.224 571.452 null] +>> endobj +4149 0 obj << +/D [4143 0 R /XYZ 289.59 559.796 null] +>> endobj +4150 0 obj << +/D [4143 0 R /XYZ 71.731 531.649 null] +>> endobj +4151 0 obj << +/D [4143 0 R /XYZ 139.477 513.398 null] +>> endobj +4152 0 obj << +/D [4143 0 R /XYZ 76.712 485.104 null] +>> endobj +4153 0 obj << +/D [4143 0 R /XYZ 71.731 465.179 null] +>> endobj +4154 0 obj << +/D [4143 0 R /XYZ 471.39 453.523 null] +>> endobj +1049 0 obj << +/D [4143 0 R /XYZ 71.731 392.352 null] +>> endobj +486 0 obj << +/D [4143 0 R /XYZ 294.169 347.098 null] +>> endobj +4155 0 obj << +/D [4143 0 R /XYZ 71.731 323.342 null] +>> endobj +4156 0 obj << +/D [4143 0 R /XYZ 380.441 314.221 null] +>> endobj +4157 0 obj << +/D [4143 0 R /XYZ 320.377 275.367 null] +>> endobj +4158 0 obj << +/D [4143 0 R /XYZ 71.731 253.285 null] +>> endobj +4159 0 obj << +/D [4143 0 R /XYZ 71.731 253.285 null] +>> endobj +4160 0 obj << +/D [4143 0 R /XYZ 71.731 220.542 null] +>> endobj +4161 0 obj << +/D [4143 0 R /XYZ 177.634 209.613 null] +>> endobj +4162 0 obj << +/D [4143 0 R /XYZ 352.346 196.662 null] +>> endobj +4163 0 obj << +/D [4143 0 R /XYZ 186.968 183.71 null] +>> endobj +4164 0 obj << +/D [4143 0 R /XYZ 71.731 137.783 null] +>> endobj +4165 0 obj << +/D [4143 0 R /XYZ 146.67 111.979 null] +>> endobj +4142 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4168 0 obj << +/Length 564 +/Filter /FlateDecode +>> +stream +xڝ”ËŽÛ †÷y +–¶”`ÀÆØËÞRµªŠ‹qW.ˆMÆV +¬LÞŸ`pnN§£*RÀpàÿø9 + +ùaÀ0d±iHIJA¹[ ðlf>/°XùÕEÌûb­Ir˜§1(¶ Šf1,&0£ÕÏàCÍ÷ZôáŠPäе着эìxëŸ×!£àzèØB™Ñ$žanþQ +Þê:üU|]|*NP”`hå^Áö!slvÆÆ8‡Ôà2”Á8IFìïSþÖtÃËÒõu-,AŽNR™Å©]L3ˆ±•³«¢}/Ks)`Žã܇ƔNz—jÙÉ¡¿±ûñǗž·Ñð¶Èø—d0ÃìÕÒx™UFŠM¢lÚÅ +'G)gs¥?†kÂendstream +endobj +4167 0 obj << +/Type /Page +/Contents 4168 0 R +/Resources 4166 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4052 0 R +>> endobj +4169 0 obj << +/D [4167 0 R /XYZ 71.731 729.265 null] +>> endobj +4170 0 obj << +/D [4167 0 R /XYZ 71.731 718.306 null] +>> endobj +4171 0 obj << +/D [4167 0 R /XYZ 177.663 708.344 null] +>> endobj +4172 0 obj << +/D [4167 0 R /XYZ 160.478 695.392 null] +>> endobj +4173 0 obj << +/D [4167 0 R /XYZ 71.731 647.407 null] +>> endobj +4166 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4176 0 obj << +/Length 1919 +/Filter /FlateDecode +>> +stream +xڝXIì¶Ÿ¿_ч +ºáG”ZÛ +؉$€sÉAàç[Í +ÑO[Diíƒ{ªÄ"µŸy@0‡Ö©å«í+ñƒüp–„ðd,ˆ£C^}òoð毟88Ÿ3¥\ïŒô¢€³08x3?Œ~zþKÀÏâ(;ŒÞœ?dA^¯?ÿTˆ¶—ÝÉ +’ôÈ}f.þ,Û²9þñQɺ7ÏúÆüv²jNüØKs[4º×§_^ÿ>êâ +x„º|° ÔñQ +æ$ú'ÙÍÕ\ÿb~_ +vÝÑ«º—iHË✖‚F/ +Xš$£-ªBšþ/òªÎËá*µ¹懄yÁ93Á³Û‰Ãû\•ª£WðÌÂ'CàYs3¿}A‡òR¹—V¢c +hø‘™Û×Bé•p-kq)åˆ bÆ–EŽG3XÙ/æâ‚Ð +ªŒ’O5]èŸéHçEÕ¢sۊü‹x³ ܚŽÜS·S +o²›Œke'zU¿ÍMÔOK݋²tþW ^åtš]„–¥ªå™`tæ*z¯É’¡mê +hP +2›úÉŸ¿:©o-»÷Ž’ŒÈ›ú³ïoîþÕ¡RA*ô. +¶Qƒ°Ví ßÉÿª“$ëòXI¹È²5ÝÜåŒ÷PÒՙŠ›R2+x–€¯ÎYäMÕvJ¯³€Òâ®óNµœ)„ð<?‡,MSP3™û8%þ‘éb§j8Ë O˜³}!(úweµ\ä".Ö¡ +Œh›šl¹R9$!¡$ôtðxA±.ð¥Z}~ +% ùìGŸÅù*MUeÿdœ8LJœˆG¡eaF^<º{.›\”ÏÒës + +0Kè4háëL»^ôt8án*H«ëŸáÌbh»ó²Ø¢€)¹0Z‹!-GqŸ~|uÍ?€F>8|Ÿ;<<{ƛ +2bÔZZøO°AÙb +ûx°Öú)‹`®|€ßžùPÿZêÿ#ÌuP¹( +e]jn›B™‹zŒNbêô< +dY’-Rõÿ]>Nq4uriû­ZVì¢% +ÍFÎJ¹“Ég@4 +)7fŠ|ȹm9‘秛âµ6˜Vüµ‚-š±Z±ë-ó|>×F +˜âYƉ:hÛuï +¬·MzþŸ +dï†z5€œå^§í U•|r–`Œé”—.ĺ•¹º­;÷¬µ|MaߎæB +l†NiÀNæ/Óã8g}ž9Ž4 "À;f†ŒýšÃ +%Éy:DììsÂëo5Ñ1˙n§”–HW çÀ2ÏE)šiLb–F$Hty¡z°|èäV'’Í šÇDþ:h"eÂü”šÝÜ +"’Úä\œ!Ö]3ŽævDZF0˜Œí­ÊG†ašËšÂ$²È»&kFh +Ç;c.äC)H'˜1°Db&ê8^cïܚ·”„ÚéÈDKš ðN67ێŸ,ec +zò@¢6æ#Ü|©MhÌÝ +ËÖÒ +t)Šj–H+)ê9H +©&Ëñ¢hMÿ¬(<Ô±œã¢lÑ·þ*¬e«rsä;ó3ÔWÙé +ž€qÒZ éι +::Ožmü)= +_}ž$²M1‰>²UZ#” +"•«Y +.²¿£RÖ +E“D3 +HÐ +æd“ôÞØ°¹ +SóŠ<²jq&#$òäì˜ +Òg‹³“&ɂw%FÇ«À?ZÏz·i6fÏ[R#cýn:J·ô‚ +lK·<Ñ:³c—]o«!Üv8›oÖ×}Wg·{×Xßb³V›ýcFëŠöÀTü(Ñ  «³¡ýXŽ²ùvJÁãUµô«ýiåU5`Rö;Žd±!+·-ôÅzû4MàeFý„Ÿ—덹)v]üN$îô„0¶kL%Ÿ€ÄØwš="]–᳈™r¥œ(Äf¶©v‡wÄ1 +bÒG/VCÕ=Áøfž‘DÛíw#×ÙÇùq¬*ûé — Ùxýw¡JùÑäÓb +:nÒ-†Œ2SÖ3NÌg8Z!O‹s¬A¹^o‡>ÍmË­#þÒÚ€ñœø‚fÓá +Ǚ°Ó²Ÿ€šŸ}Þ`;ÓvÈÚYX³¿>ìéo² +ñ¯ÖtÊÍÑAªõ舫Ž‹ºøÆØÛ,-”‡QÊÎIöÁÎ2O¢Äg ‹Oà\ȵ;1‘Ÿ—õ“eH²û0îUsEZov• e v—Km!Õ²Gzš +ãXí±ôyôœ²”'»[,ðŠ#f‡ÍŠÑ +!!‹ÝùœŽöd|­‰ŸÖn5ý2WØâendstream +endobj +4175 0 obj << +/Type /Page +/Contents 4176 0 R +/Resources 4174 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4052 0 R +/Annots [ 4186 0 R ] +>> endobj +4186 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [251.246 518.858 308.531 527.77] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY-LAYOUT) >> +>> endobj +4177 0 obj << +/D [4175 0 R /XYZ 71.731 729.265 null] +>> endobj +1050 0 obj << +/D [4175 0 R /XYZ 71.731 718.306 null] +>> endobj +490 0 obj << +/D [4175 0 R /XYZ 468.494 703.236 null] +>> endobj +1051 0 obj << +/D [4175 0 R /XYZ 71.731 692.504 null] +>> endobj +494 0 obj << +/D [4175 0 R /XYZ 399.509 651.526 null] +>> endobj +4178 0 obj << +/D [4175 0 R /XYZ 71.731 628.037 null] +>> endobj +4179 0 obj << +/D [4175 0 R /XYZ 71.731 628.037 null] +>> endobj +4180 0 obj << +/D [4175 0 R /XYZ 182.356 579.795 null] +>> endobj +4181 0 obj << +/D [4175 0 R /XYZ 71.731 557.713 null] +>> endobj +4182 0 obj << +/D [4175 0 R /XYZ 263.44 546.918 null] +>> endobj +4183 0 obj << +/D [4175 0 R /XYZ 119.552 533.967 null] +>> endobj +4184 0 obj << +/D [4175 0 R /XYZ 223.491 533.967 null] +>> endobj +4185 0 obj << +/D [4175 0 R /XYZ 119.552 521.015 null] +>> endobj +4187 0 obj << +/D [4175 0 R /XYZ 259.735 508.064 null] +>> endobj +4188 0 obj << +/D [4175 0 R /XYZ 162.71 495.112 null] +>> endobj +4189 0 obj << +/D [4175 0 R /XYZ 71.731 480.004 null] +>> endobj +4190 0 obj << +/D [4175 0 R /XYZ 71.731 465.06 null] +>> endobj +4191 0 obj << +/D [4175 0 R /XYZ 241.728 455.561 null] +>> endobj +4192 0 obj << +/D [4175 0 R /XYZ 71.731 425.38 null] +>> endobj +4193 0 obj << +/D [4175 0 R /XYZ 71.731 366.096 null] +>> endobj +4194 0 obj << +/D [4175 0 R /XYZ 71.731 318.111 null] +>> endobj +4195 0 obj << +/D [4175 0 R /XYZ 423.03 307.317 null] +>> endobj +4196 0 obj << +/D [4175 0 R /XYZ 71.731 259.332 null] +>> endobj +4197 0 obj << +/D [4175 0 R /XYZ 71.731 236.418 null] +>> endobj +4198 0 obj << +/D [4175 0 R /XYZ 71.731 236.418 null] +>> endobj +4199 0 obj << +/D [4175 0 R /XYZ 138.919 226.918 null] +>> endobj +4200 0 obj << +/D [4175 0 R /XYZ 71.731 225.825 null] +>> endobj +4201 0 obj << +/D [4175 0 R /XYZ 71.731 205.899 null] +>> endobj +4202 0 obj << +/D [4175 0 R /XYZ 297.956 172.024 null] +>> endobj +4203 0 obj << +/D [4175 0 R /XYZ 76.712 143.73 null] +>> endobj +4204 0 obj << +/D [4175 0 R /XYZ 71.731 48.817 null] +>> endobj +4174 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R /F44 1165 0 R /F51 1285 0 R /F47 1176 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4208 0 obj << +/Length 2338 +/Filter /FlateDecode +>> +stream +xÚ¥Ymã¶þŸ¿Â +ÔVŽHœß·æ.×\€ h²ýP$Á +–¹kueÉåÝž¿Ÿ3 +RïÞÝKqسl‡gžyᘯ|øÇW gI/"c"ŽVùñÆ_=À7ÿžáV³"Þ@æ뻛íG‘­2–ÅÁêî~Ä>óÓx•‚¥‘XÝí^¿?ÈS«š'"Í}FÔ©¬/GUµôŸ­éµÙÉZ +7|]·Š>:Ժ՛_ù殃 Îñ"à \"Zy\°,â(óûÍÏ¿ú«=È~ÿ¿ç”àN¢gY¬µº¿ùé柝*t)œLŒ€„“ Ÿ+ñx +3À%)è-ÈWkêx*Ž²˜ ++üŽÑZ5ºší‚ùôPß#TcRÎâ(6žŽ< +dQ1ùd=eIçïuç+Š4ž°ªÛùÉyÄà#I‘•6µ»Á®èù +W‡gžDËÀ#ˆó8 ê•q‘ÕüLì+Z5Ñ[—û +`˜à -žï¯™>ÐwnëÌIŸXj‘Ã5Ù+ +œAÀâ[+{Ok¥Ý ™‡"cjZ•·jO +ák6MÌa’±0IVƒ$÷gfÀ)çz((þü=Lœ1áræå‹3‡àÖº +]n;šj¯Ç1¡Õ)65©µ$5—P«ñ}ñpvXŸ°ËÐÊ·“Œ0b‘ +B(§‹,2¶œ +w +ËæšàišLE³5N7œjù¹’Gµ=5õ=ä%=·Ï|–€ÑÙ5ŸÛ' F.v[LXvÓw-íµ,€¿hp"'”ˆG#“^w‚M·×-Ÿ±µÙŽDp•Hš¹øt?I’²l”Ü_Ÿ(úà +‘5*G{Ó6‰Û†ozSÿN{;­Ãø +}vãÌ-†ÝsWgôÜQ!öÜãšËa°$K»Dr%ùЀèá_Ìþ¡«éßÉànÁÕü¿°ÝëàÅí'Šqûè²ÚRIÉü`­Ù䇛ŒŽUíA¶Öìáò³FîUª÷£“ï«ÉNõUÝé(•Ôí°ŒÛü8œ#ˆ¢Ò%EIQî5ž+ár¹R2hšˆ,;ËúdHHáæCPøbÄ«¶®KÝ#~?jjšMè»ÀuµÊŸÕ-P× + 8+Ýæ6š€,J¹+ÕxÖ19X Ý­ +ý‚Èÿ0ðós‹:®sÔOXÖx™£œÐuŽZ4Ix£óíÞÀї¶Ÿ(Æ횊ô„þ»› +-5}æ")»±’éP–¬íˆosÉíD>Ôg'êX<÷`Y?U—„_]wǏ€šÏ$‹¹Ë>ˆþøÓß­–3° j +º ;zs«šDPéɇŽ&¹¬ÆXñîÍl˜ +†'tAòB螂”FBÅéÝž„ËŠwNÓ +QØË+`öðŸooêcäãiœOqx—,áê¡r7jCÀ,Lr ú;ðípôbÇ.G9žŠCEÎU‡O§ +¥ +ìèw¶ñ¡{33š˜ÅåÇiµ`@hY—™Ð &B/àHLÕü +‡Ã.h­sš¹n -س!hYäÐIÐŒ€2‡“{įÕ`r’ +™ùØÛ釺ú[;šä<(ûÞm«MwҎ÷•ZŸ‰çÚ~4˜üx‰Ï„éOúùÏ‘b2›2„Ž(֔ýÌEêÇØEK3 +èÂx,Fî}_Ÿ\éf2œ^=Œé7à‚í4„5çÚ·?|ÿ͖Á‰¶Å +C¢œ0Ô:2?ƒë˜£÷Ìèä2}èÈÜÖy]^™YA‡=Åäñ +Â]„£áÒÛçFËedYÆ‘-{+ +яìFÝ;Aã> endobj +4209 0 obj << +/D [4207 0 R /XYZ 71.731 729.265 null] +>> endobj +4210 0 obj << +/D [4207 0 R /XYZ 166.376 670.002 null] +>> endobj +4211 0 obj << +/D [4207 0 R /XYZ 227.66 649.659 null] +>> endobj +4212 0 obj << +/D [4207 0 R /XYZ 280.83 626.346 null] +>> endobj +4213 0 obj << +/D [4207 0 R /XYZ 166.376 604.426 null] +>> endobj +498 0 obj << +/D [4207 0 R /XYZ 263.069 542.491 null] +>> endobj +4214 0 obj << +/D [4207 0 R /XYZ 71.731 519.596 null] +>> endobj +4215 0 obj << +/D [4207 0 R /XYZ 71.731 519.596 null] +>> endobj +4216 0 obj << +/D [4207 0 R /XYZ 71.731 516.727 null] +>> endobj +4217 0 obj << +/D [4207 0 R /XYZ 137.484 498.894 null] +>> endobj +4218 0 obj << +/D [4207 0 R /XYZ 336.217 498.894 null] +>> endobj +4219 0 obj << +/D [4207 0 R /XYZ 71.731 483.786 null] +>> endobj +4220 0 obj << +/D [4207 0 R /XYZ 137.484 468.01 null] +>> endobj +4221 0 obj << +/D [4207 0 R /XYZ 365.906 468.01 null] +>> endobj +4222 0 obj << +/D [4207 0 R /XYZ 176.776 455.059 null] +>> endobj +4223 0 obj << +/D [4207 0 R /XYZ 260.343 455.059 null] +>> endobj +4224 0 obj << +/D [4207 0 R /XYZ 333.867 455.059 null] +>> endobj +4225 0 obj << +/D [4207 0 R /XYZ 137.484 429.156 null] +>> endobj +4226 0 obj << +/D [4207 0 R /XYZ 361.643 429.156 null] +>> endobj +4227 0 obj << +/D [4207 0 R /XYZ 71.731 394.122 null] +>> endobj +4228 0 obj << +/D [4207 0 R /XYZ 184.527 370.376 null] +>> endobj +4229 0 obj << +/D [4207 0 R /XYZ 124.533 356.18 null] +>> endobj +4230 0 obj << +/D [4207 0 R /XYZ 137.484 338.247 null] +>> endobj +4231 0 obj << +/D [4207 0 R /XYZ 398.234 338.247 null] +>> endobj +4232 0 obj << +/D [4207 0 R /XYZ 71.731 323.139 null] +>> endobj +4233 0 obj << +/D [4207 0 R /XYZ 137.484 307.363 null] +>> endobj +4234 0 obj << +/D [4207 0 R /XYZ 76.712 277.774 null] +>> endobj +4235 0 obj << +/D [4207 0 R /XYZ 71.731 262.83 null] +>> endobj +4236 0 obj << +/D [4207 0 R /XYZ 310.831 251.173 null] +>> endobj +4237 0 obj << +/D [4207 0 R /XYZ 71.731 244.305 null] +>> endobj +4238 0 obj << +/D [4207 0 R /XYZ 157.912 234.536 null] +>> endobj +4239 0 obj << +/D [4207 0 R /XYZ 187.859 222.879 null] +>> endobj +4240 0 obj << +/D [4207 0 R /XYZ 71.731 215.903 null] +>> endobj +4241 0 obj << +/D [4207 0 R /XYZ 222.388 206.242 null] +>> endobj +4242 0 obj << +/D [4207 0 R /XYZ 139.477 194.586 null] +>> endobj +4243 0 obj << +/D [4207 0 R /XYZ 353.924 194.586 null] +>> endobj +4244 0 obj << +/D [4207 0 R /XYZ 290.666 182.929 null] +>> endobj +4245 0 obj << +/D [4207 0 R /XYZ 401.986 182.929 null] +>> endobj +4246 0 obj << +/D [4207 0 R /XYZ 225.956 171.273 null] +>> endobj +4247 0 obj << +/D [4207 0 R /XYZ 71.731 164.404 null] +>> endobj +4248 0 obj << +/D [4207 0 R /XYZ 71.731 131.129 null] +>> endobj +4249 0 obj << +/D [4207 0 R /XYZ 71.731 131.129 null] +>> endobj +4250 0 obj << +/D [4207 0 R /XYZ 161.265 122.526 null] +>> endobj +4251 0 obj << +/D [4207 0 R /XYZ 71.731 121.542 null] +>> endobj +4252 0 obj << +/D [4207 0 R /XYZ 161.265 112.035 null] +>> endobj +4206 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4256 0 obj << +/Length 1264 +/Filter /FlateDecode +>> +stream +xÚœWIÛ6ŸÏ¯ÐQ"Z€ö4È¡+RôèKÐGŠ-b(Q‘šÌèïã&˖gÒN‹ŽE>œõ{ +qÃFER!’gAÝÞÅÁN~¹ÃŽ"r$тæûÝÝögRªò$Ø +‚$Q\æA‘Tf$Øíhh¯Ø°‰H‡8Fvñ#ë +<µ¬Sö]Iû +6I²vƒC©˜ÝjäšÆÍ»_ï~ÚÍêd£„Œš°#Y)œŠA +çZaœT(-Š ˆK”ÀVøã§q('^”aM;»P +s«ql¶cÝۗG®9)Gsêywœéí¢§ãž‰pØ7ÃÇ! +Ý>=RÞœ±ë©S\ØåiCÎÒÙ&‰Ã'®®XÖÓ0X×iu&Ò‚`à§`‰1.Â’Q^€Jc +#‚ì—¿Q- +fál‚<\ÉÚëHºö,ò4*’ ²fwÆANÏqed}Š³XȚŠQQÅö|€ +ŒÕ»Œƒ-¡">wŽeæ ä +6n5ßcˆH–ƒÀžšáŸæ$v{ō=GE›(ãp”ÓP3»ŽZò{»­ÕQtž§BŒZ[ì^QËîÀãJƕˆ=;ÐIš‹oVâþ†Etš›þáxSˈ€@qÛIîlɆ+V«iðî¹Rž–mÑØ۝žÖôÈÞ8·25õnYŒW¯qܜÖÿÆÍDháþ+;d¯žì4Ø<}4ö¬æ^/ƒñ +¿gO¬þV譋^í~à_©bߒpìö偝^cˆjûsùÀšÊ2[>| +&JóbY?°« »¹"ÉîS +Š@L÷ï€/ +ëcùç^ºè.QXŸšÑªœàU%JMámÅ(•2GŽ{òÝCìG»> endobj +4257 0 obj << +/D [4255 0 R /XYZ 71.731 729.265 null] +>> endobj +4258 0 obj << +/D [4255 0 R /XYZ 71.731 718.306 null] +>> endobj +4205 0 obj << +/D [4255 0 R /XYZ 71.731 680.448 null] +>> endobj +502 0 obj << +/D [4255 0 R /XYZ 394.464 641.076 null] +>> endobj +4259 0 obj << +/D [4255 0 R /XYZ 71.731 628.144 null] +>> endobj +4260 0 obj << +/D [4255 0 R /XYZ 71.731 395.746 null] +>> endobj +506 0 obj << +/D [4255 0 R /XYZ 312.35 362.521 null] +>> endobj +4261 0 obj << +/D [4255 0 R /XYZ 71.731 339.935 null] +>> endobj +4262 0 obj << +/D [4255 0 R /XYZ 137.534 329.644 null] +>> endobj +4263 0 obj << +/D [4255 0 R /XYZ 71.731 314.536 null] +>> endobj +4264 0 obj << +/D [4255 0 R /XYZ 71.731 299.592 null] +>> endobj +4265 0 obj << +/D [4255 0 R /XYZ 71.731 286.64 null] +>> endobj +4266 0 obj << +/D [4255 0 R /XYZ 139.477 270.864 null] +>> endobj +4267 0 obj << +/D [4255 0 R /XYZ 71.731 248.782 null] +>> endobj +4268 0 obj << +/D [4255 0 R /XYZ 329.163 237.988 null] +>> endobj +4269 0 obj << +/D [4255 0 R /XYZ 71.731 200.877 null] +>> endobj +4270 0 obj << +/D [4255 0 R /XYZ 71.731 185.769 null] +>> endobj +4271 0 obj << +/D [4255 0 R /XYZ 139.477 169.993 null] +>> endobj +4272 0 obj << +/D [4255 0 R /XYZ 293.318 157.041 null] +>> endobj +4254 0 obj << +/Font << /F29 790 0 R /F44 1165 0 R /F21 781 0 R /F46 1173 0 R /F27 788 0 R /F11 2374 0 R /F68 1635 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4275 0 obj << +/Length 1423 +/Filter /FlateDecode +>> +stream +xÚÅXϯ£6Ÿ¿¿"ÇDÚøa0T«Jín·jO•6Rm8ÁZˆû6=ôoïÛàÉËîŸm•ÌxfŸï›À+~xÅ0b$F$ +VÉéÁ[ +áÎÏجؚ%[g͏»‡Çw$^Å(éjwXÑÐC^®%( +Èj—þ±~“ñªõfKo=€Oފ*/Ï'QŽú[êcœ¡l-NŒ.[¡/eeÓ6›¿v¿>üŽÜ F”ÜtØ,™9Œñè0Æ1 +ÀQæEˆú~ïðkµÄÅÆe +1?«ê6¯“L¶"i»Z蕮AŸ!P³ôûeK±¹ªZÈ¢iyžëHÿô¯¬ZY<‡s< +ÚzÆ +òa× +š êÍ;wŠÇ!?˜äù ǜFÔñÓùŒ +[*¿w™AŠÉ„uœIjYM±ì +}²‡²VÏøñÚ,‹£ŸÇõ!É%pÁc·‰Œõ¹’ ,<›™læ;=m°·.»<µþtmZnH n¬ +ûdÄ +£8Ð1€oÅàƒÞü•þ#Ãsµ‰Ón]ì"kN‘ +R£Ìœå +ïò¶’Ѓ’ö䍃~.÷â“H + +Ì؇(¢ÌÒeζ-)Â>_žÿ¿ Ì/"pÁ‘Æ/E`ÇÜUÛ5_D`~Ðì^þ.’µ‰Šœ78X‹f€§cAŸWŒ¢5šÞµa7ol’=R7í©Uúy‘Z²æç +ýpœÁÑú؝F¢+[%5ØoTÛTW¢8 +NŒ“ōxö²àõy/. +‡3®b ‚oË'Bù¿ä# +Ùº¹W=~¡0d/¥ +ÇÜUõØ5Ÿ£ +žä¹fý- +»*嶣 +ÙóF€”Ì?XÀՕ‘æ¹-À·D7+ÉáײÊ殒L6 Âà²&> +ý _sFÀFU XdR' Kq(G³êÃQ_lº}*¡ZŽ%Ô +žsž{q) ]&æ‘a†âˆ8¬Uög†|p̆o7=Û¹+OM楙ßO2[PTÉ¥àââpž;FŒaÏ¿ôìQ¯ +#Š> endobj +4276 0 obj << +/D [4274 0 R /XYZ 71.731 729.265 null] +>> endobj +4277 0 obj << +/D [4274 0 R /XYZ 71.731 718.306 null] +>> endobj +4278 0 obj << +/D [4274 0 R /XYZ 71.731 706.187 null] +>> endobj +4279 0 obj << +/D [4274 0 R /XYZ 139.477 690.411 null] +>> endobj +4280 0 obj << +/D [4274 0 R /XYZ 71.731 655.377 null] +>> endobj +4281 0 obj << +/D [4274 0 R /XYZ 185.862 644.583 null] +>> endobj +4282 0 obj << +/D [4274 0 R /XYZ 71.731 620.423 null] +>> endobj +4283 0 obj << +/D [4274 0 R /XYZ 71.731 605.315 null] +>> endobj +4284 0 obj << +/D [4274 0 R /XYZ 139.477 589.539 null] +>> endobj +4285 0 obj << +/D [4274 0 R /XYZ 71.731 554.506 null] +>> endobj +4286 0 obj << +/D [4274 0 R /XYZ 185.862 543.711 null] +>> endobj +4287 0 obj << +/D [4274 0 R /XYZ 71.731 519.552 null] +>> endobj +4288 0 obj << +/D [4274 0 R /XYZ 71.731 504.443 null] +>> endobj +4289 0 obj << +/D [4274 0 R /XYZ 139.477 488.667 null] +>> endobj +4290 0 obj << +/D [4274 0 R /XYZ 71.731 466.585 null] +>> endobj +4291 0 obj << +/D [4274 0 R /XYZ 185.862 455.791 null] +>> endobj +4292 0 obj << +/D [4274 0 R /XYZ 71.731 436.613 null] +>> endobj +510 0 obj << +/D [4274 0 R /XYZ 315.985 401.146 null] +>> endobj +4293 0 obj << +/D [4274 0 R /XYZ 71.731 378.561 null] +>> endobj +4294 0 obj << +/D [4274 0 R /XYZ 137.534 368.269 null] +>> endobj +4295 0 obj << +/D [4274 0 R /XYZ 383.788 368.269 null] +>> endobj +4296 0 obj << +/D [4274 0 R /XYZ 71.731 333.235 null] +>> endobj +4297 0 obj << +/D [4274 0 R /XYZ 119.552 309.489 null] +>> endobj +4298 0 obj << +/D [4274 0 R /XYZ 122.869 296.538 null] +>> endobj +4299 0 obj << +/D [4274 0 R /XYZ 122.869 283.587 null] +>> endobj +4300 0 obj << +/D [4274 0 R /XYZ 182.326 270.635 null] +>> endobj +4301 0 obj << +/D [4274 0 R /XYZ 71.731 257.644 null] +>> endobj +514 0 obj << +/D [4274 0 R /XYZ 332.418 220.055 null] +>> endobj +4302 0 obj << +/D [4274 0 R /XYZ 71.731 216.863 null] +>> endobj +518 0 obj << +/D [4274 0 R /XYZ 298.925 185.584 null] +>> endobj +4303 0 obj << +/D [4274 0 R /XYZ 71.731 162.999 null] +>> endobj +4304 0 obj << +/D [4274 0 R /XYZ 119.552 139.756 null] +>> endobj +4305 0 obj << +/D [4274 0 R /XYZ 376.895 139.756 null] +>> endobj +4306 0 obj << +/D [4274 0 R /XYZ 71.731 136.354 null] +>> endobj +4273 0 obj << +/Font << /F29 790 0 R /F11 2374 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F68 1635 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4309 0 obj << +/Length 1898 +/Filter /FlateDecode +>> +stream +xÚÍYYoäD~ϯ˜€ÌHq§Û·Bâ< $f +Ðî>8vOܬ/ٞÌüvªúðI€€ÐJÝu|UõUµ‡m(üc›€‘À?vDlßÛ$ÅÝ<À›ï®˜^aé%Öh͗û«Ûoíh‘Èw6ûÃÆñ)¡¡¿ +›„žœÙ§o·_eqÝñfgÙ +Ý2JÔÅ׌ΫsÁËNÝw•úÛìœ`ˋ +ÛV +W²ªíÚÝûýWßì{s<›ÇŸh°^²4˜m#‘ç¡ÅŒEÄKÇu¥Å`$ì$6š„Û/Ò +£ÛT”êŸ=Öu +þ€ÕêÉa×òÜÄ¥þÛàÓ÷f¢ãIwl8zbtc!VA 5ïw!RnÇiª.”>Ó¡ÒHÆeÕeÖž=s5Œ +j˜J}P‡j>[ڐÀôk–­ˆs=œäóËn”Y¿ +[mvÒðØÄÌÖ'G»ûŽR;筒뇛äú(7‚è93Ë]xfÁò¹åc  +‹Š–?%$Uy«±‚HyàäÆb6€“ëßQÂŽ^n’ŸTu'ª² +wÌ+]qÌ#®ÏþmÇãXY,JȔ +cžOìÐÈAšcىB{3ž£[ƒW¢ +ºÐÍlJ|×hWš¶KÕ.ÔZŸ6©h «æ¬a<àz€Ý +‰A]qJŸB)ÒfшJÚsÛƒè¬òhË¡6øœ@l(;ìó] ß]e³Æ-R2ò`.íûÜšzÎcÄ^è#â=]Ô¯×\Ö?$sƒDz,@NžÐ̛ÚØ&ʶ‹ó< +¬ЧUڞ>DTu¬ßó¢ÎûšVÕ»’!„ΐÆ/y#’K%9$rMҋvL +©ÖÊԂÉÌRº5›8#r”(œ”j!JQ +‹I‰ÎIUËÍŠ*;¢- +w +dlŸÌ +÷ +G÷ŠŸvÝrÉüÖj«ê†[·5ŽµüØ\’FÔ]»Ú(<ˆ Uj÷C +PA|ÌMökSÇ@#ºŽˆ¶¬ìØuª»¡Àjg{ÛS9Ë`„²_ø8SzSj€O2_Vôp¥D×ËY Ö²â¶U +¢1¡Ç,ûš¬p£aW^%qŸÊUãäDsoföI.Q›–Æ]|·z‰ÄOt"ÎÅï#á±JãÞ#•kh€ì +xžw ù\Üó–æӁ3|:èMœi +ÍÈü‚-7+¶Ð€„}\:²°  ÇO"Ï5w™Ó9~¶˜Ó™ä¥a@]° +Ôwž™ þqKT\嬿4Ž$vßKO¢ËtÅâW +<ï9ûž/ßê±DÆI‚¥GÝK6šáž©ùžÀ|äêùîŠxgGÛ³º9á2EŒv¥£ÄQ×£àˆçɄGžHù?V¿.‹µš³ü*€U&泐ft[2ºL€u3A~Ç&8ÃIEeˆ9DHØ4E#­•‹’Oö|j6ž-Y`åµñSÀ™ç)È@ߔ%Œì‰NPµù0õé[Z•×Zn.>à2ŸšÉ>Ö­ù¬–êWÃæõÐuçz..AªŠV8ù_òLúºœïQš3ËiTWI¢‚¹³ +jrʔ,Y’Ÿeø*€Ñ +.ÇU +SZýlÏûÓ ++°?`L—ÇŽ†óñqnïõki%ôjŸEŠYfŸè•A¿F0›Fö–œéSèŸVÆózÙW,œiœ{YMžK^ÕMõ(§ +Œ‰ÕŸ$NHß&֋ªGÞ@ažÈ‰ipþ¶ùòڄÿu|1r™Ì³‘wrž8ˆdªTÞà1ì€ê}ñNf^ÜëҖ"˳Fèp·Ru×IÎãòúF­¹N«S™WqÚ?E’ñäCÛ$ýÃû£Èû%Xÿò©îÐׯ‚·šºÞ¿RpÑî)Q×* +Š=ñ +,øQ(ž†XBæîôï 0\†,žøKÉ°dñC‰f;’^‚ÖGÞ¿q,5ý Žä•hendstream +endobj +4308 0 obj << +/Type /Page +/Contents 4309 0 R +/Resources 4307 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4253 0 R +/Annots [ 4316 0 R ] +>> endobj +4316 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [232.347 647.407 289.632 656.319] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY-LAYOUT) >> +>> endobj +4310 0 obj << +/D [4308 0 R /XYZ 71.731 729.265 null] +>> endobj +4311 0 obj << +/D [4308 0 R /XYZ 71.731 741.22 null] +>> endobj +522 0 obj << +/D [4308 0 R /XYZ 366.208 708.344 null] +>> endobj +4312 0 obj << +/D [4308 0 R /XYZ 71.731 685.759 null] +>> endobj +4313 0 obj << +/D [4308 0 R /XYZ 409.437 675.467 null] +>> endobj +4314 0 obj << +/D [4308 0 R /XYZ 215.013 662.516 null] +>> endobj +4315 0 obj << +/D [4308 0 R /XYZ 427.803 662.516 null] +>> endobj +4317 0 obj << +/D [4308 0 R /XYZ 71.731 627.482 null] +>> endobj +4318 0 obj << +/D [4308 0 R /XYZ 308.002 616.687 null] +>> endobj +4319 0 obj << +/D [4308 0 R /XYZ 71.731 600.334 null] +>> endobj +526 0 obj << +/D [4308 0 R /XYZ 420.232 567.024 null] +>> endobj +4320 0 obj << +/D [4308 0 R /XYZ 71.731 544.624 null] +>> endobj +4321 0 obj << +/D [4308 0 R /XYZ 71.731 524.698 null] +>> endobj +4322 0 obj << +/D [4308 0 R /XYZ 175.72 488.319 null] +>> endobj +4323 0 obj << +/D [4308 0 R /XYZ 221.916 475.367 null] +>> endobj +4324 0 obj << +/D [4308 0 R /XYZ 321.93 475.367 null] +>> endobj +4325 0 obj << +/D [4308 0 R /XYZ 427.323 475.367 null] +>> endobj +4326 0 obj << +/D [4308 0 R /XYZ 144.458 462.416 null] +>> endobj +4327 0 obj << +/D [4308 0 R /XYZ 71.731 459.014 null] +>> endobj +530 0 obj << +/D [4308 0 R /XYZ 344.163 425.704 null] +>> endobj +4328 0 obj << +/D [4308 0 R /XYZ 71.731 403.118 null] +>> endobj +4329 0 obj << +/D [4308 0 R /XYZ 332.491 392.827 null] +>> endobj +4330 0 obj << +/D [4308 0 R /XYZ 119.552 366.924 null] +>> endobj +4331 0 obj << +/D [4308 0 R /XYZ 329.124 366.924 null] +>> endobj +4332 0 obj << +/D [4308 0 R /XYZ 71.731 353.559 null] +>> endobj +534 0 obj << +/D [4308 0 R /XYZ 345.343 316.344 null] +>> endobj +4333 0 obj << +/D [4308 0 R /XYZ 71.731 313.152 null] +>> endobj +4334 0 obj << +/D [4308 0 R /XYZ 71.731 298.208 null] +>> endobj +4335 0 obj << +/D [4308 0 R /XYZ 266.268 289.743 null] +>> endobj +4336 0 obj << +/D [4308 0 R /XYZ 427.231 289.743 null] +>> endobj +4337 0 obj << +/D [4308 0 R /XYZ 71.731 205.26 null] +>> endobj +4338 0 obj << +/D [4308 0 R /XYZ 71.731 205.26 null] +>> endobj +4339 0 obj << +/D [4308 0 R /XYZ 71.731 180.189 null] +>> endobj +4340 0 obj << +/D [4308 0 R /XYZ 71.731 180.189 null] +>> endobj +4341 0 obj << +/D [4308 0 R /XYZ 143.761 170.69 null] +>> endobj +4342 0 obj << +/D [4308 0 R /XYZ 71.731 157.626 null] +>> endobj +4343 0 obj << +/D [4308 0 R /XYZ 143.761 147.377 null] +>> endobj +4344 0 obj << +/D [4308 0 R /XYZ 71.731 123.016 null] +>> endobj +4345 0 obj << +/D [4308 0 R /XYZ 143.761 112.408 null] +>> endobj +4307 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F11 2374 0 R /F68 1635 0 R /F46 1173 0 R /F34 797 0 R /F44 1165 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4348 0 obj << +/Length 1905 +/Filter /FlateDecode +>> +stream +xÚœYKÛ6ŸçWøhk®HQ¯ -4Í=ŽA±·¶Y¢mb%Q¥l\ôÇw(’2õr¶è¢X`%KÃáÌpæû†Þxð‡7F‘’ ›¬|ãmNðæá +6{#²wdÞ?Ÿ¹ÿH’M‚’Ðß< +7~è!/7‘OP +ÍcþûöÇsZ·¬ÙíIàm±‡ôÍVâR²ªÕ¿[¡¯ÍΏ¶¬Üá­h™~t²•»?~óÓã`N@0òÉMƒÈÜàèj0Æ +ÀÐȋ‘Oioð;=m!NúF +‰gcP‘JcuÓUúæ™ +Ÿ;(!šlŸvØÛ²ÚòJ9pÿ‘†›æû¹)AØÀX5k[Ö÷0å‘ +© ”ê~ˆßœ +³WŽ¢~d&Ê2­r#í8G1¢ 5ú³Žr +„+üÆÁö²âãQ +ؑ<«No•îÍÞèۓÅIÐkåÕQL—ÆÆ4„ž‡~²Ž6Áófz +V‚< +Ëèš›/£Ÿ +á°2ÊŽOP~á9“vŽ¢)Ӗ + +{å•lSH¹¢`¹~’ +RSÞ9“œéŽxÛ/**)/ÒCÁœá0ÖHÕiö”ž˜D:j„ÀŠ Ö–,­ÖÂÄ1ŠòZasÔ­†ÍÊ(Û~c¥Ž›úg#'E×dÆÛ6mà­yslD©^¥Î<Çýa/69hÔÌÕ§¬02Ý!ç +ËZѬåf®°C•—X;Ù²Ò`Ë¢ +]ÕI–›%‰<šžXE %6™Œžˆ#/s/Ö0i“ë§Óœ– +ã« +õ‘çÛ`|7×! +Ǝ–¹€Ž'Fä‡y$!ýƒx +In +ùv,!” +Ë>TCÑ:Jß\CUˆ4_ÍbXÓÀâµ²øªn=‹Œ2ñƒk¢©ÝµL +–\/§áá€Äü êŸ»â†ä-3Рs¬áÇËdäCÕ}z°â§*m»ÆŒùà +ŒSmÈE1]géäÐçž®“Œ3‡qøÎbw>‚ +óãJ6x Ôå„%!„ŒŸ ,Ãä¿Ô%$’ +*š3™Z4•OžÏ +×Ô/ìˆPà[;DÅìôoµšO +‚ôý +I8*íçkçZ.cËŸwsUL1¶äÙ5łš× |™†‚WO +®ŠÁ¡ŠKõuÁˆ‘ˆŒLѵTFF`ä<š°”7S +€éÁšçzßìpŒ +¥cr!Ÿ`â0³Eô5"Ã3˞d“­! +ÁCújHâš[E+£ÛW0ïµ-5 +Ú¢Xi։”W7ê•Z.ÿõêU¯F +¢0$£ZY¬ár ž\ÔÒ +@©»XeØø×Z'<œX”(X»‚gޞõ]%î! +ÔF°à¹6ÌaŸÞ^ižæÅ*9QL +øŸVJ]Õ­§”‘QöœïmsYéÀ«Ô.ÓŒŸU/bóf’l˜É +Õ59eW¶¹¶.rN48Ë)|3ÇÜô¯º0ØN)L +6!0•I7é+@±÷Â~+yy¿5DnŠ)€8ÑíŸkœòTá<Ÿ¹Æ^UwªQIÆ +5Þ@ªemXÚÚý?Ž#” +ÛÑU¢ÕËÆT'ò•ÛªŒ°Ö)BM°vLjÍòHÁ–šÌÑÛQ‹^ +µx +µ5M(ՑŸ=#* ‰mx‡ÄIu4} š Æ£h®yŽâÿ_®Ù×HŠå9å•æž׬àm€€ñ¬q:X + +Ö¥ÉJéYöäÇ3·Ë\CL_U4 +^ +1 +u«ˆiezµÃI&}ë†í-Ô·s +Õ;8@§ížˆ÷„3os" +Õl³€'ÄË.ò` +;øel|è£!QUù·Œá +ìOÝí»ë)Ž`¿:‰° +£€ú#nºªâ•"e«=–­r·G +ž7G=vÑcŒÝ7èQ×1@jçdŒ‡‡ú(äNÿèê> endobj +4349 0 obj << +/D [4347 0 R /XYZ 71.731 729.265 null] +>> endobj +4350 0 obj << +/D [4347 0 R /XYZ 71.731 718.306 null] +>> endobj +4351 0 obj << +/D [4347 0 R /XYZ 261.687 708.344 null] +>> endobj +4352 0 obj << +/D [4347 0 R /XYZ 71.731 673.31 null] +>> endobj +4353 0 obj << +/D [4347 0 R /XYZ 71.731 658.366 null] +>> endobj +4354 0 obj << +/D [4347 0 R /XYZ 71.731 647.472 null] +>> endobj +4355 0 obj << +/D [4347 0 R /XYZ 139.477 629.639 null] +>> endobj +4356 0 obj << +/D [4347 0 R /XYZ 71.731 617.519 null] +>> endobj +4357 0 obj << +/D [4347 0 R /XYZ 71.731 606.625 null] +>> endobj +4358 0 obj << +/D [4347 0 R /XYZ 139.477 588.792 null] +>> endobj +4359 0 obj << +/D [4347 0 R /XYZ 275.585 588.792 null] +>> endobj +4360 0 obj << +/D [4347 0 R /XYZ 249.593 575.841 null] +>> endobj +4361 0 obj << +/D [4347 0 R /XYZ 71.731 563.721 null] +>> endobj +4362 0 obj << +/D [4347 0 R /XYZ 71.731 552.827 null] +>> endobj +4363 0 obj << +/D [4347 0 R /XYZ 139.477 534.994 null] +>> endobj +4364 0 obj << +/D [4347 0 R /XYZ 265.951 522.042 null] +>> endobj +4365 0 obj << +/D [4347 0 R /XYZ 440.634 522.042 null] +>> endobj +4366 0 obj << +/D [4347 0 R /XYZ 139.477 509.091 null] +>> endobj +4367 0 obj << +/D [4347 0 R /XYZ 164.373 509.091 null] +>> endobj +4368 0 obj << +/D [4347 0 R /XYZ 186.51 509.091 null] +>> endobj +4369 0 obj << +/D [4347 0 R /XYZ 211.984 509.091 null] +>> endobj +4370 0 obj << +/D [4347 0 R /XYZ 235.237 509.091 null] +>> endobj +4371 0 obj << +/D [4347 0 R /XYZ 272.029 509.091 null] +>> endobj +4372 0 obj << +/D [4347 0 R /XYZ 71.731 497.106 null] +>> endobj +4373 0 obj << +/D [4347 0 R /XYZ 71.731 486.077 null] +>> endobj +4374 0 obj << +/D [4347 0 R /XYZ 139.477 468.244 null] +>> endobj +4375 0 obj << +/D [4347 0 R /XYZ 391.37 468.244 null] +>> endobj +4376 0 obj << +/D [4347 0 R /XYZ 71.731 443.173 null] +>> endobj +4377 0 obj << +/D [4347 0 R /XYZ 71.731 432.279 null] +>> endobj +4378 0 obj << +/D [4347 0 R /XYZ 139.477 414.446 null] +>> endobj +4379 0 obj << +/D [4347 0 R /XYZ 139.477 401.494 null] +>> endobj +4380 0 obj << +/D [4347 0 R /XYZ 300.053 401.494 null] +>> endobj +4381 0 obj << +/D [4347 0 R /XYZ 354.877 388.543 null] +>> endobj +4382 0 obj << +/D [4347 0 R /XYZ 154.7 375.592 null] +>> endobj +4383 0 obj << +/D [4347 0 R /XYZ 314.788 375.592 null] +>> endobj +4384 0 obj << +/D [4347 0 R /XYZ 71.731 363.472 null] +>> endobj +4385 0 obj << +/D [4347 0 R /XYZ 71.731 352.578 null] +>> endobj +4386 0 obj << +/D [4347 0 R /XYZ 139.477 334.745 null] +>> endobj +4387 0 obj << +/D [4347 0 R /XYZ 314.13 334.745 null] +>> endobj +4388 0 obj << +/D [4347 0 R /XYZ 71.731 296.722 null] +>> endobj +4389 0 obj << +/D [4347 0 R /XYZ 71.731 285.828 null] +>> endobj +4390 0 obj << +/D [4347 0 R /XYZ 139.477 267.995 null] +>> endobj +4391 0 obj << +/D [4347 0 R /XYZ 378.189 267.995 null] +>> endobj +4392 0 obj << +/D [4347 0 R /XYZ 71.731 265.838 null] +>> endobj +538 0 obj << +/D [4347 0 R /XYZ 260.417 233.524 null] +>> endobj +4393 0 obj << +/D [4347 0 R /XYZ 71.731 211.124 null] +>> endobj +4394 0 obj << +/D [4347 0 R /XYZ 71.731 211.124 null] +>> endobj +4395 0 obj << +/D [4347 0 R /XYZ 71.731 165.988 null] +>> endobj +4396 0 obj << +/D [4347 0 R /XYZ 71.731 165.988 null] +>> endobj +4397 0 obj << +/D [4347 0 R /XYZ 71.731 132.737 null] +>> endobj +4398 0 obj << +/D [4347 0 R /XYZ 71.731 132.737 null] +>> endobj +4346 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F68 1635 0 R /F34 797 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4401 0 obj << +/Length 1453 +/Filter /FlateDecode +>> +stream +xÚ¥Xk«ã6ý~EžŸlXk-ù©¥-ôµwY(,4 +BÛŠ­$f ++õc³þøŽ¬‘íÄNšíráú%ŽÎœ9š˜®|ø£«„’$€ã„ÅÑ*;<ù« ++åB +2 +ôÝ<ÌÁä³vÏ+ÕÎüv +1d$Œé}Téÿ@ŒKT!>þõ(³b{6ÐDeŽªk +f'éÏ· +s~ÍŠ;Ù`®÷ǟ\ª”¹¹Ü©K14m®lhÕîe}*I4ƕGiHbGF8*íÀ *|_n]9[™ÙÕWÖµ + +ùp¡ã€×€ +'”ÌIõWžVw±ä +”‚îÂä1±ä +€ +Ïc°˜øì‹Åb¢-)% >å)åK =€”³êÚc-·@¶Ä|?÷Só»gs#+U%'y!;Ž‹ß +(“’þÎo +|®Ôó # +š‹\hª +Pc†/ +KQ Àbhä|n1͌®@UAcž#ŸDiÿ:¬’HO€N®œËe°07õ +ÒìÍí¢Úê›jΌ•LÒÇZï +ÔiŠQ!§¢,Qž{¥u{2W€•jøÑVÀCmoŽã°º€%³ì5­ØˆfÂmÅÅ'º²Õ¬ŸÂ +Áž[mÀx.ôª>iD¢(ÅƘˆ^SO/í׎)*QŸ-Šei-ÿ(²ºœ& +Sx/²Ä„$Lè”dŠ4÷Ҏ’™kuÔ4·+ÒÐëyvÆy"†Y‰^±|‹âËå/ëp7Š™Ð†5ÞuT“œfIxžAy­ŸøŸú2}«”0Ñ×Ê/ë£ô§ +,·ê[¯Æޛ7(S(k[S­š7@ł{4°°ÐôËc!%Œ[Á 3Ì ‹Äfªé6yQƒ‹+X +9¯ì„°:±¯}–€KÅìBœwót+OIÈ­mŠ:Û?î^›aq:Óî\¹ë4LBhœL¢Ì#@« +þŒà­œÄŸÓQ,—•GNÒ4˜WWüXuÝS¬1çžØí¶™†Ôf‚!=òQùíµþ +3ßäŸüs¥üT•Jä_]¹q + + + ·>pKõXÚµ:\9p^4m]l4Únt–“Ü4E+Qş4nY›e3ZK©º/ +nÛ»JŽ]-¯+•Žíd±-Õ¢Ì)‹§ñ%ó5‰»ò +jkù7`èà +Y +(‹Þ'ç +H@œîŽ“í +ƒþ×·°ÕB/;ýð¢(ÏÕç +XÐáÇ֕Š+s;˜.gÎ÷.¥ÔY¿•;Péù$ +ÀŒ¡Y2 +â/॰Ïv¢Ž]BŸ"»ÓèÊۚ£æ]K%“o0Eá4E)¢¥i†—*ó3 ÎÄñ{ +Þ.0æ¹ïH:sqÒR}KWœ"®+îðQâðô0À/ÏØ]!èÀÁ”âÁa¥È­µˆÃÞŽX:Œ®׃). +A#7 +œ©ª +ޒ.ãÎg‘µåǚŸ +æb²áUÝŽ¯†‘L»†±L5  7Œœ;™q)Ó3•÷ +¢ +ÝËY—6Ç»E‹ +x1LAŚAºHaáŽ.T +ÙyëØg-ª¡šlb.KÕOz•Š ã¡SŸVêT,ì&a0¯T× +ŽoRß·K² +xxoÈ)R‘àÿJ +j€_wƒºÚ y]­~í£þ'ók7Ê$‚£_^%íf‡ +Ä/€ÓZ%BíÅÞws2„pà +l(|„ðð.áäú +~O S’Òäî—qÈìƒK{#O¹¢§çɍo%ó™þ:Á¢ +endstream +endobj +4400 0 obj << +/Type /Page +/Contents 4401 0 R +/Resources 4399 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4253 0 R +>> endobj +4402 0 obj << +/D [4400 0 R /XYZ 71.731 729.265 null] +>> endobj +4403 0 obj << +/D [4400 0 R /XYZ 71.731 718.306 null] +>> endobj +4404 0 obj << +/D [4400 0 R /XYZ 71.731 718.306 null] +>> endobj +4405 0 obj << +/D [4400 0 R /XYZ 71.731 673.31 null] +>> endobj +4406 0 obj << +/D [4400 0 R /XYZ 71.731 673.31 null] +>> endobj +4407 0 obj << +/D [4400 0 R /XYZ 71.731 636.199 null] +>> endobj +542 0 obj << +/D [4400 0 R /XYZ 262.94 598.984 null] +>> endobj +4408 0 obj << +/D [4400 0 R /XYZ 71.731 576.089 null] +>> endobj +4409 0 obj << +/D [4400 0 R /XYZ 71.731 550.999 null] +>> endobj +546 0 obj << +/D [4400 0 R /XYZ 261.745 518.685 null] +>> endobj +4410 0 obj << +/D [4400 0 R /XYZ 71.731 496.285 null] +>> endobj +4411 0 obj << +/D [4400 0 R /XYZ 71.731 496.285 null] +>> endobj +4412 0 obj << +/D [4400 0 R /XYZ 71.731 472.443 null] +>> endobj +550 0 obj << +/D [4400 0 R /XYZ 273.327 435.228 null] +>> endobj +4413 0 obj << +/D [4400 0 R /XYZ 71.731 412.333 null] +>> endobj +4414 0 obj << +/D [4400 0 R /XYZ 360.844 402.351 null] +>> endobj +4415 0 obj << +/D [4400 0 R /XYZ 218.051 389.4 null] +>> endobj +4416 0 obj << +/D [4400 0 R /XYZ 71.731 387.243 null] +>> endobj +554 0 obj << +/D [4400 0 R /XYZ 261.745 354.929 null] +>> endobj +4417 0 obj << +/D [4400 0 R /XYZ 71.731 332.529 null] +>> endobj +4418 0 obj << +/D [4400 0 R /XYZ 71.731 308.687 null] +>> endobj +558 0 obj << +/D [4400 0 R /XYZ 303.669 271.472 null] +>> endobj +4419 0 obj << +/D [4400 0 R /XYZ 71.731 248.577 null] +>> endobj +4420 0 obj << +/D [4400 0 R /XYZ 245.468 225.644 null] +>> endobj +4421 0 obj << +/D [4400 0 R /XYZ 473.55 225.644 null] +>> endobj +4422 0 obj << +/D [4400 0 R /XYZ 119.552 212.692 null] +>> endobj +4423 0 obj << +/D [4400 0 R /XYZ 71.731 210.536 null] +>> endobj +4424 0 obj << +/D [4400 0 R /XYZ 71.731 195.592 null] +>> endobj +4425 0 obj << +/D [4400 0 R /XYZ 422.425 162.78 null] +>> endobj +4426 0 obj << +/D [4400 0 R /XYZ 239.791 139.467 null] +>> endobj +4427 0 obj << +/D [4400 0 R /XYZ 76.712 121.534 null] +>> endobj +4399 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F11 2374 0 R /F27 788 0 R /F21 781 0 R /F46 1173 0 R /F68 1635 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4430 0 obj << +/Length 1762 +/Filter /FlateDecode +>> +stream +xÚÍXYoäD~ϯåiFŠ;Ÿ‹„!ŽˆÍ +$à¡ÇîŒM<¶ñ±Ùðë©ê®ö=É‚@«ìøhWUßWÕÕmmLøgm‹üس}oÏÌÍÞܜY4 !ÆhÌçwg—×vŽ‰Xä;›»ûã›Ì +ýMàØ,ôìÍ]òóö‹”W­šw†í™[ËdêâJTyùtE«îÛRýÖ;'؊ãÎږ­PÒ²i›Ý¯w_Ÿ}y×Ãñl‹9ö³€iÈ°µ±,y +"¶¬ˆy€40Cæž®D + ÁWøƒùƒpûŠqö‹iÚ±º/«6+ +‰èòÚqï͍~Žbïv–¹u£_«Ñ–5Œv +f›|„ƒ?YZ +XàFôzdiiÈ1Y¹4òSõÞ†÷èp¢ÞߥU×C“ž6 Ümy¯^4ü˜òŒ +JZàaRîloûXä%O˜zD–Üm"î +ïòVœÉõ{ +wu-€Ê¢=WOÖÌÑD` +oŒÈfŠão +ËŠ,‰YšÑBáfä+ðéy>qà™Ì +­ÉxLPr;ÛÜ>íBs˚T=Ž|*b|óÐÔø/ƒš¹õ)ŠÒG€—Ç#/uó˜å9=ƒ€l@JRŸ)ºÛuÙd‡‚·]-Ȑ +?>/»:Šá-¯÷<Ïi„䟪P]^ƒÇ!à“~ۑÅ|×!–ÉÈ +Çe¯EÕtû$«EܖõÓÎ÷¶£pöéNû̵ ‹àS7˜Dõ£ó#¹h×Qš¶M(¯Ô —b#Åmoongá%>xQ”€ œ˜(IBɚ˜ +B¢$5ø +=¯š=>ê²<9-£àeT +.×8ù-ŽUYs LÞ +*‘Fhp-Ž} +PõUõBO^a< +òR!9H¬‹d‘zœf1gÍI¶ߏÙJE-.V +ãq¶|4ß}Yy;M~ô>+ú dEӂô"SñøôtµhëL`œQøu€ ,Ñ< +ÄOLr«wI-adPOŠ×ªÕDô¡n‡ +‰—×qZ= +.Õ0? +†Aõ7pZýÇf`ùñѕ¬ +À œ–|°ðtù˜ß¿ž§< +šW +êƒ4ŽTñKùD|¡CÄ vã’6VòÂÌrà§*‰9Áãtfš vÕŽOžq©+Lß\VQH’!ut–Kr“Wz¬grøÏúËbZ24U=­šÆÇ1ýnŒÆ8°MIžÑœ[~è)ç–€Ú :­²±C°÷+ÁŽË9;ôÅY/ŠèeŠåP€ýI2¢Ù¥s,íLpŸ¡ù6<‡Ñÿžð`C@FŒÄ+Œhñ’ôÕBÙÔÄuVQ>ˆBÔŒ¯ÍIWgÅažF³zà[Ì2IžŒÌ +8•Iчéø£ž +Ÿå.ˆþòú"!,‹ü©_$‡B%· 4L`a}/ +yܵ|Ÿc^5kù˜g}w]ñŠyD+e­GÑöí§bš!Çu&9ÙÛZ™ŽÇŒ²VÚ,ôÎåö³7o~Œ2^`ì߀ý•²C?ڛ0¬šðÈÛД«ÈíÎešœ +GÞ %QªœÇçOóŠP»#Ô`ÄÔ°¿S}"|ÔŠ²ç’WbÞÐÊ[l +ÕÕ§ìô]U«æ!KÄÌ@-~ßG°†—²o‡²o‡ß'‰ŽS7h +E¹ +‚+5’lY|Ï×ݚŠÇ¡ƒcªcŒ ¶Ù;l +é~ñ4äpMŸ¡€3ˆí–I‰÷€ýÎ5傇^î +˜š:Òm»ÿßè7 +e;úêÖxû“NmÜ1Ñ$M™sžŽh +  +J +òîû¢oNÑ]Õ@ýpû­±ç ž|yŠ€Œ§™³Š%“*€z©ÅôÍ +äY*rúï/faWå +Ñg0ñܺÜ`|tDD›C +g(Y–‰Ñ;¡8kÒ²ÓÌþÖ +Š*‘„ÿ@1žûŒYiI’¡w<§Ø!]©ÍŠ–Ӎ"Xƒ9Áèì+H]qNf°}”ä?ÐÒ0«·=êüJJ +ªÐê5zµîÔ(w€$é;­NBùœ!pÎ÷À> +Î ÚEØ9¯Èhy€©²˜åΑ?à`óÐÄU•g1€T‰ø +âÿ1ÍâtŠ0+âŒKŽålny8}:%ÞQ>ŒmIJJN +u Ü\B?³¬Çs"kZÓÇfÆõžZ«°K‹ + +Ìù9ÜÈ"lÄô)œa€"¯–%êzéEb¢ÔDŽ<ËiÎÏi,Çd¬I4žîø€âoŸÒø)Tû׫§ŽŠýÇ—h¢àG±rj‚þ³g—vßòÝ¥§2Øü€˜Ž«Ý +ÐZ>w = +Yœg{a„† ˆ(> endobj +4431 0 obj << +/D [4429 0 R /XYZ 71.731 729.265 null] +>> endobj +562 0 obj << +/D [4429 0 R /XYZ 261.745 708.344 null] +>> endobj +4432 0 obj << +/D [4429 0 R /XYZ 71.731 685.944 null] +>> endobj +4433 0 obj << +/D [4429 0 R /XYZ 71.731 685.944 null] +>> endobj +4434 0 obj << +/D [4429 0 R /XYZ 71.731 651.208 null] +>> endobj +566 0 obj << +/D [4429 0 R /XYZ 298.418 611.935 null] +>> endobj +4435 0 obj << +/D [4429 0 R /XYZ 71.731 589.04 null] +>> endobj +4436 0 obj << +/D [4429 0 R /XYZ 411.195 579.059 null] +>> endobj +4437 0 obj << +/D [4429 0 R /XYZ 71.731 576.902 null] +>> endobj +570 0 obj << +/D [4429 0 R /XYZ 261.745 544.588 null] +>> endobj +4438 0 obj << +/D [4429 0 R /XYZ 71.731 522.188 null] +>> endobj +4439 0 obj << +/D [4429 0 R /XYZ 71.731 522.188 null] +>> endobj +4440 0 obj << +/D [4429 0 R /XYZ 71.731 498.346 null] +>> endobj +574 0 obj << +/D [4429 0 R /XYZ 270.916 461.131 null] +>> endobj +4441 0 obj << +/D [4429 0 R /XYZ 71.731 438.236 null] +>> endobj +4442 0 obj << +/D [4429 0 R /XYZ 187.337 402.351 null] +>> endobj +4443 0 obj << +/D [4429 0 R /XYZ 71.731 367.318 null] +>> endobj +4444 0 obj << +/D [4429 0 R /XYZ 119.552 343.572 null] +>> endobj +4445 0 obj << +/D [4429 0 R /XYZ 122.869 330.62 null] +>> endobj +4446 0 obj << +/D [4429 0 R /XYZ 122.869 317.669 null] +>> endobj +4447 0 obj << +/D [4429 0 R /XYZ 182.326 304.717 null] +>> endobj +4448 0 obj << +/D [4429 0 R /XYZ 71.731 302.934 null] +>> endobj +4449 0 obj << +/D [4429 0 R /XYZ 71.731 287.99 null] +>> endobj +4450 0 obj << +/D [4429 0 R /XYZ 71.731 236.172 null] +>> endobj +4451 0 obj << +/D [4429 0 R /XYZ 230.018 214.854 null] +>> endobj +4452 0 obj << +/D [4429 0 R /XYZ 139.477 203.198 null] +>> endobj +4453 0 obj << +/D [4429 0 R /XYZ 76.712 185.265 null] +>> endobj +578 0 obj << +/D [4429 0 R /XYZ 261.745 149.798 null] +>> endobj +4454 0 obj << +/D [4429 0 R /XYZ 71.731 127.398 null] +>> endobj +4455 0 obj << +/D [4429 0 R /XYZ 71.731 127.398 null] +>> endobj +4428 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F34 797 0 R /F11 2374 0 R /F27 788 0 R /F46 1173 0 R /F68 1635 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4459 0 obj << +/Length 1819 +/Filter /FlateDecode +>> +stream +xÚµYmoÛ6þž_aä“ +Ä +Iœ퀟wC +« + +X‡A¶èX«-j$µ$E~üŽ"©w;N!lKÔñî¹»ç +*d†áÌ"‚">h‚hÌ6‡ +<»;ï.ˆ]±ŽK–5/W×oi2KPz³Õvæ +á8œE +Eq@g«ìù«]Z*&Kà9ÁÈ|yÍÊ=¿?°B™ßŠ›O±ð¢9;,Ȝ+f.ížTrñçê׋7«Æ€äѓÛ%#‡=¿u˜àh„cäù~íðr™Š‰ç›Ýsœëõ[B:`œ +^ùÌÜïŒPä'ö¶33¶»’8¶Ë~6÷iÔ¹õœ™ÕΑŠÍ.Wl£*Áúš­Ï«|Ÿ™Ÿ[.A0·P¯v9À)͏Ü~V’e}7Ì¥Âíw‰®7ŒøŠ1œ +/ÍE^ªœÖÊVðCû„1[†1 +£h¶$%¶Ž +=3Qúá,†(Ã:ÊQJm”°Ó6¿‘×fY·Ë|áŒgc3"aÔ@îàîZ€BhícñC#<ÊJà¡(qY»²9)0Jśì8 ×y‘Š{óœL7ßÒ}ÃOæyá +kÖf¹€ +sX>òsIü%ijà’&âòÛÍ1ÜâӞŏâF’ãeÚµ€Æœ°Œb'à®fš Ó\ÿ.ž3!¡Š&ú +œŠ8:¯¿:–&ÃÞþS[ +L΀)÷­MkzØ¥¹œxÏ+óåV{Ð^êHCÚ +üXI»bmwr¶lãôSCÁûmŒ“Œ›‰z\)Š0íՃ¬Öm +ÁT^ð #Û +æ\ +R5• ÑØ?/!¢* +„†€<‰³ +{¹6מ€ +Ûºº:€ßêê•l¿µTr Mï÷š­óŽèù히a/:ýœE@Gˆ{Œüæ.·¥ú!/ª»IÛ¢<\Zžrv­¿}ú8ùDë¡/ö™÷Ÿ–_~?ʇWf#M§]wm&$oJç² +qõ—Ï•µÿ¹^£'Ý%¯w­ñÏŠJž¢0HÎ+ù2•²f.² KyøÌ¢~ÙÎïŽ +Æ8i~3MNw5Cmªº›!aÛEr4Æ7ûŒ‘Y=w-m›¥7̋›)*'C:ÂŒ "ÄóIî +¢à4€mB‡T€6Í>Ap&‹à7ŽUS9áUÚt ÝúÓ¬M«öjÚ#/F$ +ÏK)/†”Ô×iZÙ¶ +’±m=Nªœ’ŠQ̹Òì2™˜Øƒ)ì†lèl–A«) +fpŸ— +mbRœzѹêõEY²b¢5<Ô =/GÜù„gº1ÒYŸ ¿XBæ«÷nøà +i©ýH¡Ûz9Žy¡Æ +#¬X +"âÎ!Ð +±!2p‰ sŠâyŠÏ@Úàý"Æs$w沞U0šÆá^’AÖ[†Ýðáѡ·9 öO¬šÕz¶>íÁI 911h JwÆ«gÁý"rsÀoĂ>7e9;:€ÑÒíö{šˆ +¿!ôÇ^ +9af¢û«U±]CAÕŸ~³ãÞÂtúSp÷HÜǑӃ{ÜèPB=bSCÖ/í`4¥‘ïMÆ +Üh¯ +^,Í"]~Ž—¶ì—[^p՛Uã‘6µ÷æl^PØ(ìŒpªàÿ˜ÃVväé>ÿîÈTûêÏU UÊdëyKã):C¶–õ4| +oÿ)àÇ(&ÑÉŽKFÿ5ˆ>åEΊŽ6IŽŒðïôÔa0endstream +endobj +4458 0 obj << +/Type /Page +/Contents 4459 0 R +/Resources 4457 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4456 0 R +>> endobj +4460 0 obj << +/D [4458 0 R /XYZ 71.731 729.265 null] +>> endobj +4461 0 obj << +/D [4458 0 R /XYZ 71.731 718.306 null] +>> endobj +4462 0 obj << +/D [4458 0 R /XYZ 71.731 718.306 null] +>> endobj +4463 0 obj << +/D [4458 0 R /XYZ 134.774 695.392 null] +>> endobj +4464 0 obj << +/D [4458 0 R /XYZ 119.552 682.441 null] +>> endobj +4465 0 obj << +/D [4458 0 R /XYZ 71.731 661.108 null] +>> endobj +4466 0 obj << +/D [4458 0 R /XYZ 71.731 661.108 null] +>> endobj +4467 0 obj << +/D [4458 0 R /XYZ 442.254 649.564 null] +>> endobj +4468 0 obj << +/D [4458 0 R /XYZ 71.731 614.531 null] +>> endobj +4469 0 obj << +/D [4458 0 R /XYZ 71.731 614.531 null] +>> endobj +4470 0 obj << +/D [4458 0 R /XYZ 296.447 590.785 null] +>> endobj +4471 0 obj << +/D [4458 0 R /XYZ 71.731 542.8 null] +>> endobj +4472 0 obj << +/D [4458 0 R /XYZ 71.731 542.8 null] +>> endobj +4473 0 obj << +/D [4458 0 R /XYZ 71.731 509.923 null] +>> endobj +4474 0 obj << +/D [4458 0 R /XYZ 71.731 509.923 null] +>> endobj +4475 0 obj << +/D [4458 0 R /XYZ 71.731 477.046 null] +>> endobj +4476 0 obj << +/D [4458 0 R /XYZ 71.731 477.046 null] +>> endobj +4477 0 obj << +/D [4458 0 R /XYZ 71.731 452.887 null] +>> endobj +582 0 obj << +/D [4458 0 R /XYZ 286.367 415.671 null] +>> endobj +4478 0 obj << +/D [4458 0 R /XYZ 71.731 392.776 null] +>> endobj +4479 0 obj << +/D [4458 0 R /XYZ 71.731 334.81 null] +>> endobj +4480 0 obj << +/D [4458 0 R /XYZ 166.306 324.015 null] +>> endobj +4481 0 obj << +/D [4458 0 R /XYZ 71.731 288.981 null] +>> endobj +4482 0 obj << +/D [4458 0 R /XYZ 71.731 256.105 null] +>> endobj +4483 0 obj << +/D [4458 0 R /XYZ 165.758 245.31 null] +>> endobj +4484 0 obj << +/D [4458 0 R /XYZ 191.545 219.407 null] +>> endobj +4485 0 obj << +/D [4458 0 R /XYZ 71.731 184.374 null] +>> endobj +4486 0 obj << +/D [4458 0 R /XYZ 119.552 160.628 null] +>> endobj +4487 0 obj << +/D [4458 0 R /XYZ 71.731 125.594 null] +>> endobj +4488 0 obj << +/D [4458 0 R /XYZ 165.2 114.799 null] +>> endobj +4457 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F11 2374 0 R /F27 788 0 R /F46 1173 0 R /F68 1635 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4491 0 obj << +/Length 1916 +/Filter /FlateDecode +>> +stream +xÚÕYY‹ÜF~ß_1ì‹gÀjëVËĆ$Ž +‡LŒ†@ +LŠgŠ±®ŽZÞ]ãŸêK££w= +!8,ìèè.U}õÕ%+þ‚U ,‚Ÿ0Gaš¬ŠêÂ_ +àΫ‹À¬ðÌoŽæ‡«‹'/Ã|•£<VWûU”úÈÇé*‹B„“puµûsýã‘Ž‚ò&þ:ð‘>xAÛ²¹­h-ô¹hô/ßDٚV›`ݪ/ +›Nt›¿®~¹øéjP'  +÷*l–,ÎN +AŽP4ó1ŠâX)üÞOü—ð/0QÁ݄ÉúÓ&HÖF)q4[ÒђÕælG@sAäÅÇúJÑŽ›À_ßê363wÓQ®Ås+HsÄ8-DÍ© +QpCꚿ~€×°Ngx+~›ÒK_%æÖàMMc°®X=Ø:@Lø¡¯@öŒ©& +òQŠŠµÅ‘˜­×²SŸ%åš†Ï +;@¡‹–?±ep7D—r„ïRs}Ý]M€.‹Šb +n[é;ÞŽF0ŽŒU0[ú"*2lŒ•ª6œ>éŽM_ÚéRÊvVŽqeÝÀIùhjŸŽô¶„ó„Šœ8Ow©Ð +Šj”Á­Z×L +œº)Ê%£NàdÊi`Ìœ×GihòNÿî¡ÇšqbézْÉÆÎ쮙`€dŸ +Š]tÑßAS©ý¿HUmïÀNÒu +ÌȆŠsép)kžvƒº3›w¥¡]ÁY+Ÿ’wa‘fm;êºàIy’šÔ‡”Aƒê%ҍ6 +RÿŽ~o[Z0‰T1f% +*ðÐ]‚rÀÈŽ_ƒ4 +·œ±ílS=Î'€YèWõ6Õ«VH +öY +Nýšç(õÿËÐ0Ývýö1iâ& +NÕD7%œ.8Œ"®2 +Àáø<ŸñŸþ¢ºÐ¶ú²£Û/bû9„ƒ¶_:èxašã¬óJG‹s ~`eÛ+­çYږ +Vo€$±@%· +Œ ÿ€>c*]‚9—ÓÄg^úµ +‡fÓÖ +YÿÞÕìæôR²•ïGԕ}énÚoTä£ +Ύ–{ó.ò s?ïÝ2ROô¶{$Äð0÷>ƒ€m+OåõïÆD⯬îoœ²y[]êf`k”øýÍoÎ +Ê×s]̞ŸßxïþXzf$ +$[䱺ÆPä-u.gÙàmoä¿Uk‹}œ'œíKúÞÐÂÁxè€Ã$?ñ-î’ +eÙy\~#³’”â~ó, +§/•ÞŠ^ÑÏṏRùút҃(kå[¢;¬M¿=k§ïwÁ«µ +69ÔÞeyäŽ\Ž†nËñ¹Èhùüۂì4G}ü™Å|ô‰1ÂAvïg¡Ó’ÅW¡Ä‡ša–èÑÏ¿ã‹ÎòQÿ¿Ëendstream +endobj +4490 0 obj << +/Type /Page +/Contents 4491 0 R +/Resources 4489 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4456 0 R +>> endobj +4492 0 obj << +/D [4490 0 R /XYZ 71.731 729.265 null] +>> endobj +4493 0 obj << +/D [4490 0 R /XYZ 71.731 718.306 null] +>> endobj +4494 0 obj << +/D [4490 0 R /XYZ 408.844 708.344 null] +>> endobj +4495 0 obj << +/D [4490 0 R /XYZ 71.731 693.235 null] +>> endobj +4496 0 obj << +/D [4490 0 R /XYZ 71.731 678.291 null] +>> endobj +4497 0 obj << +/D [4490 0 R /XYZ 278.974 668.792 null] +>> endobj +4498 0 obj << +/D [4490 0 R /XYZ 139.477 657.136 null] +>> endobj +4499 0 obj << +/D [4490 0 R /XYZ 139.477 645.479 null] +>> endobj +4500 0 obj << +/D [4490 0 R /XYZ 76.712 628.842 null] +>> endobj +4501 0 obj << +/D [4490 0 R /XYZ 71.731 608.917 null] +>> endobj +4502 0 obj << +/D [4490 0 R /XYZ 71.731 555.315 null] +>> endobj +4503 0 obj << +/D [4490 0 R /XYZ 154.433 522.341 null] +>> endobj +4504 0 obj << +/D [4490 0 R /XYZ 76.712 504.409 null] +>> endobj +586 0 obj << +/D [4490 0 R /XYZ 268.392 468.941 null] +>> endobj +4505 0 obj << +/D [4490 0 R /XYZ 71.731 446.542 null] +>> endobj +4506 0 obj << +/D [4490 0 R /XYZ 71.731 446.542 null] +>> endobj +4507 0 obj << +/D [4490 0 R /XYZ 71.731 415.75 null] +>> endobj +4508 0 obj << +/D [4490 0 R /XYZ 71.731 415.75 null] +>> endobj +4509 0 obj << +/D [4490 0 R /XYZ 146.67 390.237 null] +>> endobj +4510 0 obj << +/D [4490 0 R /XYZ 71.731 368.155 null] +>> endobj +4511 0 obj << +/D [4490 0 R /XYZ 71.731 368.155 null] +>> endobj +4512 0 obj << +/D [4490 0 R /XYZ 158.007 344.408 null] +>> endobj +4513 0 obj << +/D [4490 0 R /XYZ 71.731 322.326 null] +>> endobj +4514 0 obj << +/D [4490 0 R /XYZ 71.731 322.326 null] +>> endobj +4515 0 obj << +/D [4490 0 R /XYZ 219.157 298.58 null] +>> endobj +4516 0 obj << +/D [4490 0 R /XYZ 71.731 276.498 null] +>> endobj +4517 0 obj << +/D [4490 0 R /XYZ 71.731 276.498 null] +>> endobj +4518 0 obj << +/D [4490 0 R /XYZ 296.447 252.752 null] +>> endobj +4519 0 obj << +/D [4490 0 R /XYZ 71.731 204.767 null] +>> endobj +4520 0 obj << +/D [4490 0 R /XYZ 71.731 204.767 null] +>> endobj +4521 0 obj << +/D [4490 0 R /XYZ 71.731 171.891 null] +>> endobj +4522 0 obj << +/D [4490 0 R /XYZ 71.731 171.891 null] +>> endobj +4523 0 obj << +/D [4490 0 R /XYZ 71.731 139.014 null] +>> endobj +4524 0 obj << +/D [4490 0 R /XYZ 71.731 139.014 null] +>> endobj +4489 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F68 1635 0 R /F21 781 0 R /F44 1165 0 R /F88 1647 0 R /F34 797 0 R /F11 2374 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4527 0 obj << +/Length 1734 +/Filter /FlateDecode +>> +stream +xÚ¥XmoÛ6þî_¡"#R/”Šm@³® + +ÛûÐ#Ó6Yòô’ÔEüîø"ɖ“+‚DE +ï +>÷ðê +ðC=N àÁrÂÒÄ+ö‹ÐÛ—ŸԎì`2æfµž~Ãr/'yy«¥! ³Ôã#YÂŒÕúÿÃN +:Ù,–„> +‰iŒ–‡²>îeՙ÷®6Ïfq_î—Ô¯;iºvuÛµË÷«·‹Wƒ; £$bÏ:l‡Ì +ŽâÑaJs’€£<ÌHÇÚá šê@UªÃ5!>>‰“(ÉÁ<Ž{m]®jÎQ¢TŸ¬ãÝÎ6þ +CVÚv«¶\%ºŸŸ&áhe©* mjz×¢Ø;ŽÕÚŒuÕÊzÀV+Ë4ñ_ØIç.ÁÔ?”¢ŒØÊHn÷œÔÆ©—A ©Æ%&)@fÝšR3&ÍÆ1,%YîÀøvnƒšrû÷ð‚Jê,|?‡;'é€öú²XÊæaIؕ$Ÿuqºœ‡fñ"y:no³€™_X›³uã˜DÐzb›i +öx +yB²Ð¡×°£)¡Ñ°ËŸ»ì«°£ +H$1àñŒ¶Í +äˆqXöjf’nö‡³ü(J5Ø±ˆsÈ'˜T–¢SuuÉA»à©e]ˆò;3šÒIê2¢ìñ©5Nxìà,êý +³mfV +Sö4è oîë+Ä9Nýú€î‹ÒŒ9ËúE"þõ&}'m/I‹‰­ß1õ‘Äš³f +vÐ÷Ñj~|T + +g?ªnw6«†S^.±Sª]:;¶ýšÎ­<“é+€TÓvWvӜ4]!™Zp_‚H­¯^žŒi²èԒ%ŸqÖš–= +Þ(°d%Ž=eÁ9À(.ŒË*pV +è2ªŠ†# +OTïNnj'ÀN|/ ¯B±6²ÞN,»ç +q +^8ȁӚ>ô.ÎéòC€@y%ýÁóç2†ÉeéæœÄaö +È^J»ŒhçŽÁù%Z'Éš% wIMäŠ{t.cÀ +¹“3ÒZÁŠDó})ÿF€àÏà„€ +ülCžeƒ“‚æNm&3Š‡Lk‚(ä$£ËIH@¶p +ä%”³Âë +% +ýã2 +}ÒîLw_Y‘˜¯žÃj§7!æÓäþ£A7΀£û©iøiŸ +óhÅ~'Te§»•Áî‹ÎÚYR¿~9ÀÎ"ÓUÝ·&‹¹Ó2“ä™g»ûVUÛ +»AéâÓ¡—Ü +=Z›r’3>GšaƒtÕ€D1‰9=Ú} +Ùª0» +ón4ì»Â3ñEî\Ò^š +¯Ÿ œýæâBéóâ;œ©«Ý€z<ÍÙǝҜžÈ™£êîE~f+œÎéÉ,bŽÂ¥éƒ£OÎêVšÂÎB.D1<¡"¢ôŸÅ»÷¡·†ö-ü~€ßÇŽÀÆö.ŒFz›Åíâ÷Á`Ï3ÂÂgm˜¹vÜÌDàŒ XÊǚ~<Ë#œ}Ù1%²&ÑTy¡t +Ôä) +ÂÌ‹“ÌPì×ÊR«.áx Ç ©)\yfu¿-)$ù+ýwõ³é“&þƒjêÊ +IÐù€)æL‰; +QZ°© Úg†1¿;Û¶œ€–> +w²±ŽhŠî¥‡á¶^ WåÚ.ÑLe)Y²§/ôí +î0/[iWj]CEݬ9ã`mž×²+ÐïëµÜà|їÝuÛ[| +gÏÍOÎôÕTžkµÑ& ,‡ÖŠ©÷ΒèNƒ5ÝHߺwñIœÿí'ä³þœ4¬ +·Ø¶ip#ઠ¿! +äœü1”ã1ˆÅȶÿÉۈfpτÒDZ¯H¢i@:C59MNÕªiïŸ,Ù ™.ù‘Ý®¶ÀÝŒ4ϕã +ÜôԃmDàÜϵN€igs¡º†’Ñ“›Ìíp.„ +s|©µt5”ý"E{4-ŒV;_'êW4Rtî4¹ÍãáµÕ/šDXŠšJ4ÖèYPè~{á:÷kW}ÛztZ>!Jcu8Ÿ[{qe<œd'5 +‚¶uebœ1ÏcÝ»žƒlÀle«EB}%÷¶žº­*ÎîÏÝΕj&š{ûZª{ +ÙËÉU +ê*sÂU, +«˜– Ñcø0†ÅÀcw2‘kš’6j«ïÿiúïŒË؄Êa#›Ó +_ëÖŽxôŸŸ­X£ÓÄÿ«ïÅœ]¶9ì?¯åÝçîîƒÆ¡†Å+Þ68Üoϳ×&AœA¥ÆŸýÑ8dö¢$Lõ¹g‡˜L¢OüwgŸÔ¿A3±«endstream +endobj +4526 0 obj << +/Type /Page +/Contents 4527 0 R +/Resources 4525 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4456 0 R +>> endobj +4528 0 obj << +/D [4526 0 R /XYZ 71.731 729.265 null] +>> endobj +4529 0 obj << +/D [4526 0 R /XYZ 71.731 718.306 null] +>> endobj +4530 0 obj << +/D [4526 0 R /XYZ 71.731 718.306 null] +>> endobj +4531 0 obj << +/D [4526 0 R /XYZ 134.217 695.392 null] +>> endobj +4532 0 obj << +/D [4526 0 R /XYZ 71.731 675.01 null] +>> endobj +4533 0 obj << +/D [4526 0 R /XYZ 71.731 675.01 null] +>> endobj +4534 0 obj << +/D [4526 0 R /XYZ 239.72 662.516 null] +>> endobj +4535 0 obj << +/D [4526 0 R /XYZ 71.731 640.433 null] +>> endobj +4536 0 obj << +/D [4526 0 R /XYZ 71.731 640.433 null] +>> endobj +4537 0 obj << +/D [4526 0 R /XYZ 71.731 607.557 null] +>> endobj +4538 0 obj << +/D [4526 0 R /XYZ 71.731 607.557 null] +>> endobj +4539 0 obj << +/D [4526 0 R /XYZ 156.622 557.908 null] +>> endobj +4540 0 obj << +/D [4526 0 R /XYZ 201.175 557.908 null] +>> endobj +4541 0 obj << +/D [4526 0 R /XYZ 246.74 557.908 null] +>> endobj +4542 0 obj << +/D [4526 0 R /XYZ 270.875 557.908 null] +>> endobj +4543 0 obj << +/D [4526 0 R /XYZ 311.509 557.908 null] +>> endobj +4544 0 obj << +/D [4526 0 R /XYZ 362.418 557.908 null] +>> endobj +4545 0 obj << +/D [4526 0 R /XYZ 71.731 544.458 null] +>> endobj +590 0 obj << +/D [4526 0 R /XYZ 303.898 507.328 null] +>> endobj +4546 0 obj << +/D [4526 0 R /XYZ 71.731 484.433 null] +>> endobj +4547 0 obj << +/D [4526 0 R /XYZ 450.901 474.451 null] +>> endobj +4548 0 obj << +/D [4526 0 R /XYZ 71.731 472.294 null] +>> endobj +594 0 obj << +/D [4526 0 R /XYZ 268.392 439.98 null] +>> endobj +4549 0 obj << +/D [4526 0 R /XYZ 71.731 417.58 null] +>> endobj +4550 0 obj << +/D [4526 0 R /XYZ 71.731 417.58 null] +>> endobj +4551 0 obj << +/D [4526 0 R /XYZ 71.731 395.506 null] +>> endobj +598 0 obj << +/D [4526 0 R /XYZ 260.688 356.523 null] +>> endobj +4552 0 obj << +/D [4526 0 R /XYZ 71.731 353.331 null] +>> endobj +4553 0 obj << +/D [4526 0 R /XYZ 166.376 299.823 null] +>> endobj +1052 0 obj << +/D [4526 0 R /XYZ 71.731 240.007 null] +>> endobj +602 0 obj << +/D [4526 0 R /XYZ 438.76 201.621 null] +>> endobj +4554 0 obj << +/D [4526 0 R /XYZ 71.731 177.866 null] +>> endobj +4555 0 obj << +/D [4526 0 R /XYZ 71.731 177.866 null] +>> endobj +4556 0 obj << +/D [4526 0 R /XYZ 294.544 168.745 null] +>> endobj +4557 0 obj << +/D [4526 0 R /XYZ 71.731 143.674 null] +>> endobj +4558 0 obj << +/D [4526 0 R /XYZ 71.731 143.674 null] +>> endobj +4559 0 obj << +/D [4526 0 R /XYZ 143.761 134.174 null] +>> endobj +4560 0 obj << +/D [4526 0 R /XYZ 71.731 133.081 null] +>> endobj +4561 0 obj << +/D [4526 0 R /XYZ 143.761 122.518 null] +>> endobj +4525 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F27 788 0 R /F46 1173 0 R /F68 1635 0 R /F11 2374 0 R /F55 1335 0 R /F21 781 0 R /F44 1165 0 R /F47 1176 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4564 0 obj << +/Length 1928 +/Filter /FlateDecode +>> +stream +xڍXI¯Û6ŸçWøP6ðD“ÔÞC]ÒŠh› ~ZŽ=Èm«O-yu~}‡âP¢¿>˜’†3Ùo6² + +ۄŒ„.üñ˜ðÀ߀×Wts†/?ŸbHá ‰cÑ|ûøjÿ†Ç›˜Ä»yE?à’„ìa).#d–‰ãŠŽ€Dah‰û^ +ó€ŒÃϣč +¿öø™¯0Œ +D*†?˜¥T„`ßÀ# +Z—õ¿äe÷ï +i-t°U&*Ù.ÅqDÔÖÿ§÷ÎÇß5Cí‡2[rö#sù‘ERçS=—üœ‚ +YüšZI HÎ6À.z1Ï%\å + ßô˜W€) +Œ™ +{0‡‘šãÒíM¿|©ÀAŒÁ +Œ,Xu +ŸjÍîw§©Dš+§(2‘`Ÿ +zñbn\/I^Ö)ywXjùʏ +í°{ªÀÔòÔÛeŸjy +ÕéÍý€PŠÜÍHà‡hë®NqK–Cè¶Òœ—Qº}0,ºF¯ò“þ¿)+ÈN?€]ÓÊkþyÇüí`ƒŒÙ1Ï0@òú‹F„³µI^®íšHÉô»O;u&Xq>Ý8^D8‹_ö{äûhُ•6¥JkM›EoÜý +ÝJçêÙV¥lõ"é@W؝“›a™·yRXf²x +“Fy‰OYÒ&ꍢDé*lœ;QsíM +mÐŒåß³D\G”øŽœÈî|A—¶s'àág<€3šÓ•€0À‡¶<Ò8Ø6Õye„Kü8Sª«Œ&G)Û;q;uÝoPdW|Ç}âQ“ +Þ(­$b¥I£ËUš + +|ù·*W7€°Y¡†ÊK(õ7Ÿ +A¯jCâŒ4}¡žš4e£;@P +! +ÎâsÑ.ƒœéE/‰6$/‰ž±Q¢¿Áð{V‰Â@݂PU¶RU”ÙÔmYÞŽèQÝ+Ž+9Q1ô‰²I^±b€™ò +ÌPg& 0r AÓf9Cž„:öqð0ÅmŽ*BQŸ”·Áäflù4•?€éá)Š“cwC_JûêÌtv†5ÆÍþ®é0É£b«YÀéþYš²õ\(•¹žñS)ÚÞÁRË|à ázX¡‚r +]šŸ€O¥64¹œ04ú·púŸkÓ¶AÖÞÿ:2cÐ$øœ.ô +!³ÙFßõizŸÝªàj7ŽÝ¡¶Ýۓn +n}1QuW.;G×eÿ¿q„.Á㊎.ZÔ¡èÁÚœÛ.йVµ(HVA{/Rý€µu,âŠ~šht0Qe©Uê™.Ó­jÅMà +YkhdûúœæðLçNúa[&É˥؈’ 6-¶®ìî$'£‰p¥Âdát +N×äÉ€•~ ‚õZûìAË™žßŒOúšKoè*7›dŠØ¶AçÊz1ú#æ¯*ÖÜÕÌq}NÂÀŸô¿kþ~B@»÷¿“zp‡V‰G°1Ëë +LG¯çÀª\™Ršóí»ŠÞ7uºW•ŒÏ5ù±ƒ£2F©;ÎSžªÂº¹‡}îFÁJ£ÕSAh‹·:ƒé<€çՃ‚«ºpbªé¡–³‰Ý\䯫ouA+Q +îð‡†x0õÐ +i„L«@^ÁØ# +`[߀7€Å›Ê¥x¬Sß8玆YWONldŠJBfâߧ:“ÓpS`7Šx4ƒ‡Aî¹+­ég„Rj\^ÈÙ¢U5,éc–2ÕgŒÿA«LšôµœŒ!=o5>ºrl÷àñõkýoÁ$=9ªg[›ZcÂ"wŠÓôª!í/ëIŠ-eéÀ0ýS‚¶in*à[q}˜YFÔµŽȄº?>EäU4 +v +“Xk +Y +eæù"òô2Éîx +Ð^š;—}^_ìxµ0RY+W‘;e3 !ãvÙäX6`œB8êé~É +×Kf_ý“ù•ÁL~×!«¯FŠµÎß¿øÔO)ýd +y¥Ž= +^É®Ä™ +bejœ’0€Í¡/`ãY;q(Fc¬ +=5>Ã&-N ._!M8Ðð˜@荗;G +ÏL¶N›èžÇћÁS!Ô8 +j +üCSÚ?¡1æ2\š®tžÓ‚Y‡œ?¯Ô0haŠ JÎỏC$ê9m„V3qXɍܙKŒutZ ®Å0nÙ^™ÂÀ±ðÅKՑdq§êÓŠ€ÀpÑçwîC—¢þ “˜Cendstream +endobj +4563 0 obj << +/Type /Page +/Contents 4564 0 R +/Resources 4562 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4456 0 R +/Annots [ 4580 0 R ] +>> endobj +4580 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [265.005 534.202 314.848 542.684] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +4565 0 obj << +/D [4563 0 R /XYZ 71.731 729.265 null] +>> endobj +4566 0 obj << +/D [4563 0 R /XYZ 71.731 718.306 null] +>> endobj +4567 0 obj << +/D [4563 0 R /XYZ 461.078 708.344 null] +>> endobj +4568 0 obj << +/D [4563 0 R /XYZ 292.751 695.392 null] +>> endobj +4569 0 obj << +/D [4563 0 R /XYZ 407.589 695.392 null] +>> endobj +4570 0 obj << +/D [4563 0 R /XYZ 464.854 695.392 null] +>> endobj +4571 0 obj << +/D [4563 0 R /XYZ 151.651 682.441 null] +>> endobj +4572 0 obj << +/D [4563 0 R /XYZ 235.387 682.441 null] +>> endobj +4573 0 obj << +/D [4563 0 R /XYZ 71.731 680.404 null] +>> endobj +4574 0 obj << +/D [4563 0 R /XYZ 71.731 665.46 null] +>> endobj +4575 0 obj << +/D [4563 0 R /XYZ 334.897 655.841 null] +>> endobj +4576 0 obj << +/D [4563 0 R /XYZ 76.712 627.547 null] +>> endobj +4577 0 obj << +/D [4563 0 R /XYZ 71.731 607.621 null] +>> endobj +4578 0 obj << +/D [4563 0 R /XYZ 76.712 567.671 null] +>> endobj +4579 0 obj << +/D [4563 0 R /XYZ 71.731 547.746 null] +>> endobj +4581 0 obj << +/D [4563 0 R /XYZ 213.681 512.777 null] +>> endobj +4582 0 obj << +/D [4563 0 R /XYZ 76.712 494.844 null] +>> endobj +606 0 obj << +/D [4563 0 R /XYZ 281.389 455.472 null] +>> endobj +4583 0 obj << +/D [4563 0 R /XYZ 71.731 452.28 null] +>> endobj +610 0 obj << +/D [4563 0 R /XYZ 243.788 421.001 null] +>> endobj +4584 0 obj << +/D [4563 0 R /XYZ 71.731 400.927 null] +>> endobj +4585 0 obj << +/D [4563 0 R /XYZ 161.883 388.125 null] +>> endobj +4586 0 obj << +/D [4563 0 R /XYZ 345.333 388.125 null] +>> endobj +4587 0 obj << +/D [4563 0 R /XYZ 119.552 375.173 null] +>> endobj +4588 0 obj << +/D [4563 0 R /XYZ 275.516 375.173 null] +>> endobj +4589 0 obj << +/D [4563 0 R /XYZ 472.317 375.173 null] +>> endobj +4590 0 obj << +/D [4563 0 R /XYZ 71.731 340.14 null] +>> endobj +4591 0 obj << +/D [4563 0 R /XYZ 232.457 329.345 null] +>> endobj +4592 0 obj << +/D [4563 0 R /XYZ 161.075 316.394 null] +>> endobj +4593 0 obj << +/D [4563 0 R /XYZ 71.731 294.311 null] +>> endobj +4594 0 obj << +/D [4563 0 R /XYZ 155.796 270.565 null] +>> endobj +4595 0 obj << +/D [4563 0 R /XYZ 71.731 254.212 null] +>> endobj +614 0 obj << +/D [4563 0 R /XYZ 234.499 220.902 null] +>> endobj +4596 0 obj << +/D [4563 0 R /XYZ 71.731 198.316 null] +>> endobj +4597 0 obj << +/D [4563 0 R /XYZ 71.731 162.954 null] +>> endobj +4598 0 obj << +/D [4563 0 R /XYZ 71.731 162.954 null] +>> endobj +4599 0 obj << +/D [4563 0 R /XYZ 148.603 153.455 null] +>> endobj +4600 0 obj << +/D [4563 0 R /XYZ 250.281 153.455 null] +>> endobj +4601 0 obj << +/D [4563 0 R /XYZ 71.731 132.436 null] +>> endobj +4562 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R /F44 1165 0 R /F46 1173 0 R /F47 1176 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4604 0 obj << +/Length 1600 +/Filter /FlateDecode +>> +stream +xÚÕXYÛ6~ß_áGˆh +")èC“4i‹6 +(ä–h[] +†Žnœ_ß¡Hɒ¥õ&mÓ,R¢æâ73E~d! ’ +.4DTðE”ÝàÅ +žŒž!n +ç–xƒ5O67ëç4\„(l±Ù-˜Àb!E§‹Münùô Žµ.W +åxI0²ƒgú˜§Lçµ× +œ–+&—:[‘eQk{ëPTuµú°ùñæ»Mo§1zÕ`·dj°<LHˆ8*q€˜ï·oNñëW?ÛÁ]’ŠvŽuÒ"RµŽí$kscàú¹/ÈV6E!æ`Œ‘ºnªr]•Ñú=æ8NªºL¶M€Ûð²W +u”ì’ +’5è}³NX ¬Ì¡œ”r‚œVŠ‹åyU«4Mòœ‹%8o.<ÆعðŒ%n;ÆNYƒ +ô â”9ùyáv'ɓ:QiòIOMâñ°³šîb·U•‹Ü,Vµ2wìL5u‘)ZD`÷i%8žb“ña'Úz¡ᰓñ •ø¡ð92X>i’4¶^ÃLåöúý+ïí¯vxTъâå-èÂKXÿ3`ÀUÊVÃ󀬜×eãv•ùCˆ#Îú +XGEþ +cºoÊ æ€ûùŽ[Ÿäç +jUєQ€€ÔQ]”§nêŒüpy‚EöÞ±Ô;]– +ðŠ#(¯ +õBøØ%“ššO}Ž +=™º]µA±¯é#løԃù b¹M1`:ˆ‘vM©«&u1¬E“ÆãäQÎݪœ»— +TŽMÓ".€pú+• +T’£{l0b[ÛÇE9c"•-Ilætñ„ƒ‡iÔ–P×dgÝ{oªŸÁºðÞìŽ4ːŒ’²ÇÃ(&ó*$’ÿú +‘ÈÔCJ(F +2Çó1Džs”ÍçšœŒ)RU&ՃIJ(o(” +`Àf/¡CÕÑôvRä# ¥»k^ŒsªŒì‘8juhãìVÃQÂ-œpûÜ'ûfž2Á¢SòÊ«£ŽÕIWí¢0òÊØôhÆßšÓÞTº3È +€ée†¿N£ +üNôGš§î! gÔ¯‡á"!‡R;û§ +MKyóÜU’±FÎQè‡3MfF б€ +»—‰Ñ®s©)+=рÆ0šIÄ|܀ïјgz›tQü_ +øùÇ\۟åCø{,=D6€Ò`Äáh1,tüÜ#Öۙ]#pŠŸK9ú#¬,ê£þž:jö8zþž7üüé>Æú +€Á_û\{^2ùZ˱€Ã»è€Øb÷|iªú«ž¬ˆendstream +endobj +4603 0 obj << +/Type /Page +/Contents 4604 0 R +/Resources 4602 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4456 0 R +>> endobj +4605 0 obj << +/D [4603 0 R /XYZ 71.731 729.265 null] +>> endobj +4606 0 obj << +/D [4603 0 R /XYZ 71.731 741.22 null] +>> endobj +4607 0 obj << +/D [4603 0 R /XYZ 71.731 718.306 null] +>> endobj +4608 0 obj << +/D [4603 0 R /XYZ 232.457 708.344 null] +>> endobj +4609 0 obj << +/D [4603 0 R /XYZ 161.075 695.392 null] +>> endobj +4610 0 obj << +/D [4603 0 R /XYZ 71.731 682.027 null] +>> endobj +618 0 obj << +/D [4603 0 R /XYZ 355.257 644.812 null] +>> endobj +4611 0 obj << +/D [4603 0 R /XYZ 71.731 621.695 null] +>> endobj +4612 0 obj << +/D [4603 0 R /XYZ 156.084 611.935 null] +>> endobj +4613 0 obj << +/D [4603 0 R /XYZ 448.645 611.935 null] +>> endobj +4614 0 obj << +/D [4603 0 R /XYZ 256.228 598.984 null] +>> endobj +4615 0 obj << +/D [4603 0 R /XYZ 433.253 598.984 null] +>> endobj +4616 0 obj << +/D [4603 0 R /XYZ 187.337 586.032 null] +>> endobj +4617 0 obj << +/D [4603 0 R /XYZ 71.731 582.63 null] +>> endobj +622 0 obj << +/D [4603 0 R /XYZ 349.704 545.415 null] +>> endobj +4618 0 obj << +/D [4603 0 R /XYZ 71.731 542.223 null] +>> endobj +4619 0 obj << +/D [4603 0 R /XYZ 71.731 527.279 null] +>> endobj +4620 0 obj << +/D [4603 0 R /XYZ 71.731 469.3 null] +>> endobj +4621 0 obj << +/D [4603 0 R /XYZ 156.084 456.349 null] +>> endobj +4622 0 obj << +/D [4603 0 R /XYZ 448.645 456.349 null] +>> endobj +4623 0 obj << +/D [4603 0 R /XYZ 326.245 443.397 null] +>> endobj +4624 0 obj << +/D [4603 0 R /XYZ 71.731 439.995 null] +>> endobj +626 0 obj << +/D [4603 0 R /XYZ 394.178 402.78 null] +>> endobj +4625 0 obj << +/D [4603 0 R /XYZ 71.731 379.662 null] +>> endobj +4626 0 obj << +/D [4603 0 R /XYZ 156.084 369.903 null] +>> endobj +4627 0 obj << +/D [4603 0 R /XYZ 461.038 369.903 null] +>> endobj +4628 0 obj << +/D [4603 0 R /XYZ 204.064 356.951 null] +>> endobj +4629 0 obj << +/D [4603 0 R /XYZ 426.319 356.951 null] +>> endobj +4630 0 obj << +/D [4603 0 R /XYZ 493.178 356.951 null] +>> endobj +4631 0 obj << +/D [4603 0 R /XYZ 194.809 344 null] +>> endobj +4632 0 obj << +/D [4603 0 R /XYZ 71.731 309.34 null] +>> endobj +4633 0 obj << +/D [4603 0 R /XYZ 272.825 298.172 null] +>> endobj +4634 0 obj << +/D [4603 0 R /XYZ 119.552 285.22 null] +>> endobj +4635 0 obj << +/D [4603 0 R /XYZ 239.421 285.22 null] +>> endobj +4636 0 obj << +/D [4603 0 R /XYZ 71.731 270.112 null] +>> endobj +4637 0 obj << +/D [4603 0 R /XYZ 71.731 255.168 null] +>> endobj +4638 0 obj << +/D [4603 0 R /XYZ 290.164 234.012 null] +>> endobj +4639 0 obj << +/D [4603 0 R /XYZ 405.873 234.012 null] +>> endobj +4640 0 obj << +/D [4603 0 R /XYZ 71.731 206.117 null] +>> endobj +630 0 obj << +/D [4603 0 R /XYZ 349.69 166.745 null] +>> endobj +4641 0 obj << +/D [4603 0 R /XYZ 71.731 143.628 null] +>> endobj +4642 0 obj << +/D [4603 0 R /XYZ 156.084 133.868 null] +>> endobj +4643 0 obj << +/D [4603 0 R /XYZ 355.674 133.868 null] +>> endobj +4644 0 obj << +/D [4603 0 R /XYZ 119.552 120.917 null] +>> endobj +4645 0 obj << +/D [4603 0 R /XYZ 341.806 120.917 null] +>> endobj +4646 0 obj << +/D [4603 0 R /XYZ 405.905 120.917 null] +>> endobj +4602 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F21 781 0 R /F34 797 0 R /F44 1165 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4649 0 obj << +/Length 737 +/Filter /FlateDecode +>> +stream +xڝUK›0ŸçWp+H× +ŠÇ>¶jϹTÝ=8@w FØt•þúÚxHؐ]©U€`Çóüæ3‰°û‘('(gîC +D3 +•ÇŽöîä늀ÆTÖ3›ÕÝ=-¢‹6»ˆea‘E9£HpmªŸñ§ƒìlÝ'kÊqL0 +‹Ïu×èÓ±nmØ[ +Ÿ}Âòž>&$Ö¶¢ƒ6Ö$›ï«/›s8œÄ蛃Ê2àü0!â.Ð + +ÄÒt +žÔ}_›N·•j÷ÞïÝ}šEÂ]Éü^ Ô¥ˆG]T™2šÌ­ÒaÓ2yVMV[šÒ?€ R}]ZݟÂVºBluBxüÛÿÕWÚF}yûææØ +”?ðý5;U5¡<~žº±U²õ‰DkÁPZdњPT@ +;Y>É=øÙ&ǃjÆê„Ž‚cÝ?ç“ Ñ +ŽÖ +y6Þÿ‘¯18õ4ª²ž­ë*ÈBFn±ÓM" +杖¬*e•neT Øq +‘™ ©@ªûjœ7¬ÃÑ9ê –¯šr7BKY:C¶ƒ¿( §Ðë}mCœàd^¯|ò%q1km—a +egœ_ºKQ!ȕ·Ðåz{ëK«.LØÿY=ÔMç^Úô—ÄÛ6ém›#lMÙ«.Ìï•aŽØ¬îmµôàÆXpqËEÙ)œ4Ì=M!!hRÊ\wr@e> +mŠ):£À­_@Ý +˜›²÷ÀvÄë4ÉÁóŒþ§(' +\·ÚNCîð+õçFËÜ +^LÁ^X@Z¹•vr°ú(­*eÓÀtgÈv²o¬;’~H€^¿8)vUÆ9 “Œ^–,Ôèò’Úœ’Š +a>5­“­'w +4î +-RÍ2”çÓéÝ¿R™§Bû.á<^pÙÙÈÈDòt%÷÷Âc}|Çã/êcNƺèj›?Bð$Š ’¿ùh^To&ÇbŽ(AÅG@púÊ{·tõöBendstream +endobj +4648 0 obj << +/Type /Page +/Contents 4649 0 R +/Resources 4647 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4659 0 R +>> endobj +4650 0 obj << +/D [4648 0 R /XYZ 71.731 729.265 null] +>> endobj +4651 0 obj << +/D [4648 0 R /XYZ 179.038 708.344 null] +>> endobj +4652 0 obj << +/D [4648 0 R /XYZ 160.219 649.564 null] +>> endobj +4653 0 obj << +/D [4648 0 R /XYZ 236.213 649.564 null] +>> endobj +4654 0 obj << +/D [4648 0 R /XYZ 316.183 649.564 null] +>> endobj +4655 0 obj << +/D [4648 0 R /XYZ 413.427 649.564 null] +>> endobj +4656 0 obj << +/D [4648 0 R /XYZ 71.731 627.616 null] +>> endobj +4657 0 obj << +/D [4648 0 R /XYZ 272.267 616.687 null] +>> endobj +4658 0 obj << +/D [4648 0 R /XYZ 205.608 603.736 null] +>> endobj +4647 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4662 0 obj << +/Length 1908 +/Filter /FlateDecode +>> +stream +xÚ¥XYÛ6~ß_᧮¬ž"%ê MÓ€)Š6@܇¢)ZŠmueQб»î¯ïPˆ×€ +ÀqôT¡«`Õ"/Âu©ï;׿ّM[çÕ +'׀( +F85˃$Rw¿äe÷|ÿŸæüíçw:¬h ¶ÂÀ’Ï”AB\LÇ\öŠqŠ{¿”ÒFY»0 +àGR#ÔµyÍïÕ +¬SäPü–Ù‡Ô«ß}'×€1ô]ْGnV-ƒD‰GÕÜwUX°µà}ʋBݝxa¶gîê<˜Å+†L%(Ó]˶îöŒnLl[_Š +¢îLjŽD­žžžï\/ŽGó!d§DîD}m‡,ºñ Ä +0¿Š–¿RƒâÌ +žº“62ðª_ +†Ãòæ¡:ÚqgœL:sß¹4ê&uúÃo +žáRê9ëZÖ[\ðF®ÕÃjëbx+åNªåÅ©ŠÃʞìš +·ý^zDžX¹7.õ&©™šÕò®j*Ž;Pî0”Õ蛙)ÿñ‘­ÊÔ+ +% + ¡Bÿ³£Œ„®u#òRGYÑ÷rGYè_é(cl‰KÚaŠÔžADXÃï‡Ô Íeo(Ípð‰Ì0<%ŠÀÿÏhÃ~„œÚÑö”·'ïX +_rãÐùÞM©³ýé+ *q~ûúáX÷aÅ +"yћÜit<“Avtû œœÙr«Å~šwš0ӑ¬ÒÁªµª¡ŒX˜22æ6:Š;È8_†é»’$@q4 +É¡z=ôƒ‘œÔGqœŽÚÛUlC iH_Àö tÛZäEl/õ}¶çú×°=2 e:ŠãNZñ Ž³”5-gE{AU®!<À(µ8ðô 8Y0ܺ”:ÍÀëå”ÖW±kÔãÛ%¥£ÔŠK”ÅÊT‡8G¡X3bõ(ÁÃÍtÙ1]Í0«ÙÝtÀdŒn¡·*0.âA'ø—ÓÎð7MŒX9lºYÞÌØÛC)\9O&0&Ò{~àecÄ/¢Óƒ•ÉŸVSU°Œ+e$cóQâ«Öõñ0ÛÇö2¶Œ- +èHhF[U»Aìp]À+uN – +jq +R%¯IšŠB.™‰šç²íɺŒ›ù +M#Ë«bìdÇÇ( +’Iš€5Ï 3™†pœ€LtÅÞzà°&/, [ë +3•¬›Ë”vÛ2¹5–ûV\þáSÈY +ûGiª$LeÆ×é–ô֟9uŠ1<¬Ÿ?åç)‡:ò’׬å*ÜiÿŽú»}nùˋÆÚ|/êÅC,ÚZümp0’ÃÑŠbµ> endobj +4663 0 obj << +/D [4661 0 R /XYZ 71.731 729.265 null] +>> endobj +1053 0 obj << +/D [4661 0 R /XYZ 71.731 718.306 null] +>> endobj +634 0 obj << +/D [4661 0 R /XYZ 346.114 703.236 null] +>> endobj +1054 0 obj << +/D [4661 0 R /XYZ 71.731 692.184 null] +>> endobj +638 0 obj << +/D [4661 0 R /XYZ 166.466 651.526 null] +>> endobj +4664 0 obj << +/D [4661 0 R /XYZ 71.731 627.77 null] +>> endobj +4665 0 obj << +/D [4661 0 R /XYZ 71.731 598.624 null] +>> endobj +4666 0 obj << +/D [4661 0 R /XYZ 71.731 598.624 null] +>> endobj +4667 0 obj << +/D [4661 0 R /XYZ 71.731 597.379 null] +>> endobj +4668 0 obj << +/D [4661 0 R /XYZ 129.514 578.3 null] +>> endobj +4669 0 obj << +/D [4661 0 R /XYZ 129.514 578.3 null] +>> endobj +4670 0 obj << +/D [4661 0 R /XYZ 455.937 578.3 null] +>> endobj +4671 0 obj << +/D [4661 0 R /XYZ 451.912 565.349 null] +>> endobj +4672 0 obj << +/D [4661 0 R /XYZ 71.731 563.192 null] +>> endobj +4673 0 obj << +/D [4661 0 R /XYZ 129.514 547.416 null] +>> endobj +4674 0 obj << +/D [4661 0 R /XYZ 129.514 547.416 null] +>> endobj +4675 0 obj << +/D [4661 0 R /XYZ 384.785 547.416 null] +>> endobj +4676 0 obj << +/D [4661 0 R /XYZ 440.146 547.416 null] +>> endobj +4677 0 obj << +/D [4661 0 R /XYZ 71.731 532.308 null] +>> endobj +4678 0 obj << +/D [4661 0 R /XYZ 71.731 517.364 null] +>> endobj +4679 0 obj << +/D [4661 0 R /XYZ 174.841 507.865 null] +>> endobj +4680 0 obj << +/D [4661 0 R /XYZ 124.533 455.362 null] +>> endobj +4681 0 obj << +/D [4661 0 R /XYZ 129.514 437.429 null] +>> endobj +4682 0 obj << +/D [4661 0 R /XYZ 129.514 437.429 null] +>> endobj +4683 0 obj << +/D [4661 0 R /XYZ 393.921 437.429 null] +>> endobj +4684 0 obj << +/D [4661 0 R /XYZ 129.514 424.477 null] +>> endobj +4685 0 obj << +/D [4661 0 R /XYZ 328.496 424.477 null] +>> endobj +4686 0 obj << +/D [4661 0 R /XYZ 71.731 422.321 null] +>> endobj +4687 0 obj << +/D [4661 0 R /XYZ 129.514 406.545 null] +>> endobj +4688 0 obj << +/D [4661 0 R /XYZ 129.514 406.545 null] +>> endobj +4689 0 obj << +/D [4661 0 R /XYZ 383.997 406.545 null] +>> endobj +4690 0 obj << +/D [4661 0 R /XYZ 71.731 355.735 null] +>> endobj +4691 0 obj << +/D [4661 0 R /XYZ 168.797 342.784 null] +>> endobj +4692 0 obj << +/D [4661 0 R /XYZ 220.99 342.784 null] +>> endobj +4693 0 obj << +/D [4661 0 R /XYZ 71.731 283.905 null] +>> endobj +4694 0 obj << +/D [4661 0 R /XYZ 71.731 238.076 null] +>> endobj +4695 0 obj << +/D [4661 0 R /XYZ 71.731 238.076 null] +>> endobj +4696 0 obj << +/D [4661 0 R /XYZ 204.562 225.225 null] +>> endobj +4697 0 obj << +/D [4661 0 R /XYZ 71.731 203.277 null] +>> endobj +4698 0 obj << +/D [4661 0 R /XYZ 207.272 192.348 null] +>> endobj +4699 0 obj << +/D [4661 0 R /XYZ 362.639 192.348 null] +>> endobj +4700 0 obj << +/D [4661 0 R /XYZ 324.611 166.445 null] +>> endobj +1055 0 obj << +/D [4661 0 R /XYZ 71.731 137.514 null] +>> endobj +4660 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F29 790 0 R /F34 797 0 R /F44 1165 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4703 0 obj << +/Length 1905 +/Filter /FlateDecode +>> +stream +xڕXKÛ6Ÿï¯ð-6`Ñ¢¬‡ + @vÛ€K5ÐCÓ-Ñ6YR$j7î¯ïð1zQ6ìaµZŠœ™ï›ofH>üÐEBI² +_ÁžqŽH¯Oþâ +ÿùù‰Úž]â +ÖŒ +ž6Ÿ‚ýbOöñvq8-B?!»8Y$ۀì¢`qÈþZþxa•äõÊ +"I)1ðŽ­ +Œ™¿~â8¯è²Xý}øíéã¡;5 +(Ùí²K\»è‚&$ ‘2 +ýó#’„;m˜(c’Ýò×Bò³µþ,Oæ·ŒpóÀW4Z~[Q VKvTO9W¶Â1ÉÀ}ð +Žõ”÷I¢OùÈҋñ±a× + +ùwŒìŽ97ïÓREAºƌ`øþZ‰œg +nðE[£6ž­âh¹6oå +Ió$ì÷mÃ3óôv᮲§AÐ +&ۚ«ÅáÞ8®¬»2‘7Ê?±G²šö†ÙŠŽPæåù³ïh9/d-8Z]Û·¯ÚEð©j1Ï,ü/øŒŸ”#¬Íåzìp}«dy®Yu)Ës»Ÿ‘uYœÍs +֔W7 +œÿàҙŒfƒpŒŒ2 +UñÐXnà +K’ØäëiY(óÏmœ¢Š.ò¡1µ«›Ž•Åñ°ZĕÛ@ +.má±ÎóŽ-ÇUà‰<›ÀYˆ¯-ÇPÙÇaÐMÄS&EiqynžLÐEnb$N:(^}ã1à&XD˯æÇßÖCŽ§à +ÇhˆÓ„ymŒÖŠÚÝn7’å4=®è嫲”å­=á€ù +^ +K9mC +ƒŒ=¬vþ²œœÇ:ïjõ±—qÜiu/¹†D +ÃYV‡ucSÈfJ<ý±çñBI†wd +ÿÁlE‹ +lkêú{Ê6ŸÐõKà2ÖÃUæÀX¯}³« +՟™(\Êq>" +5.6LB‹–öÿÌk몘ª +äëÙ>ú„€2‡ ÅÛDsüÊ!ÄlF£žÛíïÊÝÀ®F ªZÝŽ+ýžš€©ÖžJŸ[EÑÒîQ¶²j¥Mô_'Â\sEZ^dxˆÖn‡të“0 +IÔ­l±Š(þYYµßá–Nš:ÞÚÓ%f +²×>·µbêãÜ0üøjWùe%Æ|Ó'ëÛ8=Q‰N·aU> ]ú + +>ž©>æe_lÌÃLÉYOãЋŠn) +ˆQüìG>îÖäüµìà®xjäõý\I +c{5Ÿ{2/t‘ëê³@}²bSÜS•Â’e³ü?ÕºBL;®ŒiؙÏÔo!žŸ&äž#Æ°ãÀt¶nÏãÖº‡Ÿz£Àßëo^îÿ1ctZÆèD»GŒŠ¯X·Ç¶=¯­6 +Ú]íQ” ¡?$íëã2«˜U֑ +JcxÄm¿§(6c¿Ÿ +P +–6Ÿ™fQZ߯LŠ“Ñ^à‡dO÷#b +úäÁ +¬w1J/<ý‚6«ò>AÈ +çy¬£¬kæ˜8_$”hSåëlXóo}ZN +ËCŸà +|íTìR6r=Ãÿ¶Ø=ÞïlfùAFXŠéÚç>»º9oÇ-p¿Õ¿_EÙ6ùži@$ð7ìQéã}¬KsN± +j· ++}Í¿¶¢æ“þ°ªÛ +à +Àf¢aMïàò&ãzt­Šdn~±‚å·ù$&†¢‘]Œõø£ÒáîŽÆ6¡Çjbºz­pšy•³tRÑ +ù¬t + + Áôð+æ*Û/¥¢ÁÛšžAªOd­«t]Ae3š±'4ÄÉ¡ªWÛdÉ;î8RA÷±qrø?3¢JN΀ÓÓÈõ£(–bÀª€¥†P}KD×ãtTœN**3Ñž! +ÔÛýe\YªÒ'EŠ9>¥¶_„€á¬ˆ[y”l"iY) +OäbB#7ÞØ‡TèÎÈ 2f +(Ò~às“m/ÚŠ·¶:ÂëÍE\ÇY¢ +°*BPƒ‡Ó”Íysr›¡1Jãò.ûúñËø( +†ŸÃÁe€+I)Ò6gõj7/§žÏ‘þ“Š¬{L + •(*bÒ·VeÓ¥B9wìäƒ)i<ŠeÙŽ +rÚ"(QPLYÞªœl;dõ€`ŠåÆaŽy&0ÐWݕpՓJïïOf±›šžþyÆ¡ÛÌ<¶‹ˆw_øíʉÛÈrÿÙû$ÎÞ'yæËñ\„ÎõŒŒŠ­œm“õŽa<0%! Ž:Žs&P?€I +[•õN97¥9‚m º˜•[¿[9> endobj +4704 0 obj << +/D [4702 0 R /XYZ 71.731 729.265 null] +>> endobj +642 0 obj << +/D [4702 0 R /XYZ 327.532 705.748 null] +>> endobj +4705 0 obj << +/D [4702 0 R /XYZ 71.731 681.992 null] +>> endobj +4706 0 obj << +/D [4702 0 R /XYZ 134.217 646.968 null] +>> endobj +4707 0 obj << +/D [4702 0 R /XYZ 71.731 611.935 null] +>> endobj +4708 0 obj << +/D [4702 0 R /XYZ 71.731 579.058 null] +>> endobj +4709 0 obj << +/D [4702 0 R /XYZ 71.731 579.058 null] +>> endobj +4710 0 obj << +/D [4702 0 R /XYZ 229.1 568.263 null] +>> endobj +4711 0 obj << +/D [4702 0 R /XYZ 71.731 546.316 null] +>> endobj +4712 0 obj << +/D [4702 0 R /XYZ 71.731 513.304 null] +>> endobj +4713 0 obj << +/D [4702 0 R /XYZ 207.83 502.51 null] +>> endobj +4714 0 obj << +/D [4702 0 R /XYZ 71.731 467.476 null] +>> endobj +4715 0 obj << +/D [4702 0 R /XYZ 207.511 417.827 null] +>> endobj +4716 0 obj << +/D [4702 0 R /XYZ 71.731 369.842 null] +>> endobj +4717 0 obj << +/D [4702 0 R /XYZ 201.025 346.096 null] +>> endobj +4718 0 obj << +/D [4702 0 R /XYZ 71.731 324.014 null] +>> endobj +4719 0 obj << +/D [4702 0 R /XYZ 208.697 313.22 null] +>> endobj +4720 0 obj << +/D [4702 0 R /XYZ 260.891 313.22 null] +>> endobj +4721 0 obj << +/D [4702 0 R /XYZ 71.731 254.341 null] +>> endobj +4722 0 obj << +/D [4702 0 R /XYZ 71.731 208.512 null] +>> endobj +4723 0 obj << +/D [4702 0 R /XYZ 71.731 208.512 null] +>> endobj +4724 0 obj << +/D [4702 0 R /XYZ 204.562 195.661 null] +>> endobj +4725 0 obj << +/D [4702 0 R /XYZ 71.731 173.713 null] +>> endobj +4726 0 obj << +/D [4702 0 R /XYZ 207.272 162.784 null] +>> endobj +4727 0 obj << +/D [4702 0 R /XYZ 362.639 162.784 null] +>> endobj +4728 0 obj << +/D [4702 0 R /XYZ 324.611 136.881 null] +>> endobj +4729 0 obj << +/D [4702 0 R /XYZ 71.731 121.773 null] +>> endobj +4701 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4732 0 obj << +/Length 1722 +/Filter /FlateDecode +>> +stream +xÚ¥XK“œ6ŸÏ¯àŠj—E +!·Ä‰]öÁ©ÄãòÁöAšAYˆ^Ï¿O +=xî&•ÔÖ, +ˆV÷×_Ý +òBøC^†‚ì‡(¢4ñŠfzWžóf‡ÌŠ{³ä~²æçÓîáu”{y§ïtñâ0 +Žiæe‡(8&‘w*?û¯*ÜvDìï£$ô +ôÉRô‚v7ýí"éu|¶ÿzz·ûõävM" +¢ý:$°}”x÷( +ò©5í> +œÖŸƒÏŸðyکՇ( +Â,ñPçOï²û°ûݙ +œû4 +’ä%úQœleà +¥ànŸ€q +di<‚„<‡8U(EÇ48†ÈKs@+;(}Ú§¡ÿÓïߟ£0xx +ÇÞ` + +€Ð V1 +P +ÑðÄGIÙàˎ>ևV‚7-­I©/HÜT˜2ý +ì¡ÿ]ýè;|ޣܯ‰ŸwŒ™™:S†!e°øflãb +þ#ŸšGJ*;XŸžÕŸ£ÜìD¥ +AÁ éN“lp—ñNß +œl+­—=«‰”úüŠLñÞøRš6„Gu—šƒW¹ßàYÊ \›‡Œ¥’ÈÂúgwÂgŸ‡ +ßöQfà,Xò-Îò Î2o’¿ÿƄ:á1`Yô?H9åTdY4ãTD(Q1ՙäÇJø‡@þªŠ„u–ø÷=y: +P֑ëP–£lRÚÀÕH•é”Ÿœèêœ + ƒ“^}2ŸØ#և|Q¥Þ=H"Ÿ)g¬8HÒõí>ï*2.\‡sFH)Í}nŒö°’uŽ&Ìïh +qî/·éMá +.Y¢jíPQµXÊ' +¥µ„Ôì^sµŸ¹ +‹}ÚU6ÌMÏ-艜&&Nk™3ó¿X0Kã¹ábË¥€çÚ,mk +[Ä8õ%L§Š2ú1N«ñÀ}\Óҙ(Ìú +.æ¬ÅíkØ›KºÖi]Î)*. ›‡$0+Y™\3úd<€ +§mK°trB&`çE2ìŽ@–»í@uq +ÒÀpGG'!#؂õ% +£ZÅé’ +]‡aÐë‰ +얓zøØr¶b%µ×^âe +úwkÒÀÆ6Ö9ƒÙ@§+ïšc=i+ҌDy +ê[­ºÉEz¡Ó2ª +ð:°BÜÚÎUÊ¥àžpYlúÁˆp +ŒSe3E›‚’ËZÂN +:у©rŒn]å +×7Iü=cÎÁVðB·‘ÉsüÜ9zd\eïIuGä_å¶M¢+v}°hØ\®áµ»@ƒñ + +Åú!ûB9wéëÚL<e;Sy\šzJ€‘špDöñM6¹œojÁó@?@w$ +Øwrãp_‹Ùƒ5ªŸX¹®oW܁é8Ӟvo{NœqžÛŠ›ŠvªLגà +ÐÁñßô­SE¶ëªä–ŠzZ1d4lãÃ5(ÜVhQQBŠêP©Á°ä€Ô +͊;5䢋ö!;Ö +¥áv×ÕJïæƞhmŠœŒÝ /àld‹ +aº‰š® +Șa!ŸžÉ\ù»@^È1~Æ%ÛAžèÆþs&µ®23î‡Q¬^kzi–žmõµ„‘rÙò¥ +wž™1XÅ$vÖtVÆ,D£I6ÁÈ¡|·X(-ä[P”Α 2j· +EKœ­MÆH1&_N +›mm|†€ +E +PQ)w +Dªß[ŸqÑõØéI +å|ÊâL!uŽ7‡ùº'•V§Ìñ|³@JR_Šã-ÀÃ׆`6•õ5ÝdXröà + +ýUUY +H +-²²‚Î\êj«éY`Ꭰ+Ÿ +Žª±r ß ßšà +Þ1:=^¬3 ‚™Œ¯bÚ|—³ +²“ù`‚œ¢;«96wÎ0£vœ+1$\‘ +ƍF'Ê®Ó$uÜæìùÞäžóãXbÿZÚ`ƒ1 O0ò“‘ìË.ê€.)ŒŒu\˜,M†ÍéØb[Óëêý@Š ‘à‚’ˆrYÆN‡ŠÒÛ!ÕÓ•‹w„’LëºtµFAQÆ[æE[çÍ%ç£^Ú.Œ1—ºú­gRyŒ· +Ep¹ðCñÁ6óncGó:hbûgbúçÐ^50ŸÜ2Óá±ßÎË3åœÅIÿnŠ6röknaàS:1É€¬Æ|žæ:*¶ +}nšâ.ùsEZô[•„»åT©Ä³­Fe +4žÏ,#Ç'ï]5oGk5Ù]6^oòž a« +MÃá« +Á¯7‘}R*ë^”ì~‹+Ì;| +Ž({ñ7»qÉê'»$Lƒ0̬•#aöÌïpë­þ¿äNEendstream +endobj +4731 0 obj << +/Type /Page +/Contents 4732 0 R +/Resources 4730 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4659 0 R +>> endobj +4733 0 obj << +/D [4731 0 R /XYZ 71.731 729.265 null] +>> endobj +4734 0 obj << +/D [4731 0 R /XYZ 166.376 677.774 null] +>> endobj +1056 0 obj << +/D [4731 0 R /XYZ 71.731 636.564 null] +>> endobj +646 0 obj << +/D [4731 0 R /XYZ 328.496 598.178 null] +>> endobj +4735 0 obj << +/D [4731 0 R /XYZ 71.731 574.422 null] +>> endobj +4736 0 obj << +/D [4731 0 R /XYZ 161.883 565.301 null] +>> endobj +4737 0 obj << +/D [4731 0 R /XYZ 71.731 504.365 null] +>> endobj +4738 0 obj << +/D [4731 0 R /XYZ 71.731 458.537 null] +>> endobj +1057 0 obj << +/D [4731 0 R /XYZ 71.731 418.437 null] +>> endobj +650 0 obj << +/D [4731 0 R /XYZ 202.05 375.34 null] +>> endobj +4739 0 obj << +/D [4731 0 R /XYZ 71.731 355.199 null] +>> endobj +4740 0 obj << +/D [4731 0 R /XYZ 71.731 294.478 null] +>> endobj +4741 0 obj << +/D [4731 0 R /XYZ 71.731 248.65 null] +>> endobj +1058 0 obj << +/D [4731 0 R /XYZ 71.731 195.599 null] +>> endobj +654 0 obj << +/D [4731 0 R /XYZ 178.913 152.501 null] +>> endobj +4742 0 obj << +/D [4731 0 R /XYZ 71.731 132.361 null] +>> endobj +4743 0 obj << +/D [4731 0 R /XYZ 236.193 106.673 null] +>> endobj +4744 0 obj << +/D [4731 0 R /XYZ 471.1 106.673 null] +>> endobj +4730 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F44 1165 0 R /F27 788 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4747 0 obj << +/Length 1862 +/Filter /FlateDecode +>> +stream +xڍXKÛ6Ÿï¯ðÑÖZK¶lùØŠMÐ +Ò ] ‡Šh‰¶‰•H +€v³ûë3#>DQrZ,°–(jžßÌ|TºØÀ_º8€Éa +?Ù1Éöù¢lî6‹ +<ùp—Ú +k»e +ìùùñîá}v\ +“ã~»xÙÄjÐ3özœžCoÿãª@·oeõ„wAœ³D YÖ¶/›ÍVàÓ—!ÁëY.MZ2~qçUíïÎ +Ÿu¬S1tkÖ0 +™4 GtRâlQ@4å+µÚ2'•qí=¿é­Û2ÀŸ7:Ö柘[LSß>F·EcùwŒŠÊ:î\cöþ‰›ÐUmŒ­žq™ð’šjÑWå†÷/Ì¡ +—é8 +þõ±µØ†æ°ó‡+M€îÚžÔ4kè›à4p +ŒUešê>î+ÎMö{ç ÜžuƒbVc}Ô +g_ÇúèdÅ!ÉwÇ4 +qÀ`fŸuŒ‚)]ê:à-ÈoD§] FŸŸ­òJë:°dàD~˹sl!d1ª†H0œQ®I`õ +}Í;ͱ™ +žr°®Öñ°št-Óôú*û³«¿”Ž§R€ŽAS Z?éÙWw õ6“#:ãqŽSý +~ûÐؑ‘<ÇqF#Ĺ/jŒ +\Ÿt²o`÷Ã9EãŠ^‹K(*N˜W[y +2ï#ÁVYú‰§Hs%ŒÏ€ªŒÒòiB +EÓÖTÓ0&A_‹ ±Ž”ƒG‰€$Èn ÄPÚR¹aÌÝ¥È%+`Ö8?\ÝS| +ðò$IIg)¯XÀwŸvàÐzb'§Á® +1B)õ>7ŸßA4XéðÄ8„© sÌxYƒc]å©@©bÆÍŸuÄü¿§|Ä®%Ž­ÀûŽÏ +&¯ÓFxcÜ5n°²¹QeLhõ˜50¿äk$ +Nî„ÔðêârͲb +;cØÊcöã«À‡ãÀbR]Û™ËC’)„7(²zŒ:=æœ÷:átS0ãÇ gsʟù|îêò±[&†–se› ðHõg'Ԙç8†ö­©¡ëÎê› +;Ñ°ËUû’˜ŠË á86¥ã€ƒi!ÐT&û¶ôŠ˜ýlƟ™n]s‚mQoœc˜a_ÇòœÏŠv•Xˉ¬P‚ +ÿôùã‡>ŸáØ;‡ 2QyÊ?õ<û·(i€Ô +4ú×q÷iØ· õ§~˜¢­€ƒ+ub +H +°}uãÌáŒ÷Hôïy~ƒÄ[=sj™¢ÅÅŒ“V7ƒ +Ä®GååR¢“%݄²ÜÏð£í!ÙÃÐû¿üèñ£n`ªŽV~„i5Jå:; +“í.eÔ×þnۇj9N©Ì³¿­Š¥Àµi» +3mÎ7fÝÁiۇ +~`°\ÍNwôõlckÓ6°Ë)“tíS·6°A»wÂèO3Š‚øO0=§éj7YzԘŒÔvò`ÚüAXß̉ГŸbw ++3WòÎÚÂDáèýƒY@žyr¢îû4£R›äÁz™þ€KíÂ,Žáïìµ@ÞƊŽVʁΠʒ™hýǧ +1; +Ìê+4ϝ/Ûq]YU9^áºbeÊÞ1!ÉWìŽê:þž’ÄŸAí·W88éá‡_g‡-“³ùfŸl!ùv +†-Ý7ŸžNU}éûendstream +endobj +4746 0 obj << +/Type /Page +/Contents 4747 0 R +/Resources 4745 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4659 0 R +>> endobj +4748 0 obj << +/D [4746 0 R /XYZ 71.731 729.265 null] +>> endobj +4749 0 obj << +/D [4746 0 R /XYZ 71.731 673.31 null] +>> endobj +4750 0 obj << +/D [4746 0 R /XYZ 71.731 627.482 null] +>> endobj +4751 0 obj << +/D [4746 0 R /XYZ 71.731 569.076 null] +>> endobj +4752 0 obj << +/D [4746 0 R /XYZ 436.071 532.005 null] +>> endobj +4753 0 obj << +/D [4746 0 R /XYZ 71.731 509.923 null] +>> endobj +4754 0 obj << +/D [4746 0 R /XYZ 345.433 499.128 null] +>> endobj +4755 0 obj << +/D [4746 0 R /XYZ 71.731 451.143 null] +>> endobj +4756 0 obj << +/D [4746 0 R /XYZ 475.852 440.349 null] +>> endobj +4757 0 obj << +/D [4746 0 R /XYZ 71.731 392.364 null] +>> endobj +4758 0 obj << +/D [4746 0 R /XYZ 71.731 322.69 null] +>> endobj +4759 0 obj << +/D [4746 0 R /XYZ 357.228 283.935 null] +>> endobj +4760 0 obj << +/D [4746 0 R /XYZ 71.731 235.95 null] +>> endobj +4745 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4763 0 obj << +/Length 1633 +/Filter /FlateDecode +>> +stream +xÚ­X[oÛ6~ϯð[m ¢EJÔåÁÀ28Í:Ž)֞Æuh‰‰‰ê6In +ûï;IÝ,%[aˆhûø\¿óCã + +xácä;ð !" +]Dé +œx€O®/°–pÝÑ „óć%9daõüž»X¿!xAläÑp±»oØ"Ž·ØÅ,/‹‚g±ø¶²ˆ,/‘zŸU­Nùœ~µÈ³Jœž_{™—êE}Xá%WgŽŽòì³m“‡cÉWî~ç,⡀*kUTŠ¢–4žaL¥g FÁ9¬|BXûqÍ3^²DÁ_„(ô +)ïú( „‚P鶬GQ¬2‹7| +éò!^Ç|Eèòëú˜‰oòϱœdÇ€ñáâj×&cÈ.% +ê(pñTŽ rGÙ?Ûj`BíB9zêT9z1`'D®ï·&e»ƒÌ$µ—<«ËŒÞ>©7 +VtÉê/y©Þšsõ×6FOlRVµ1šM(Õi*˜N +ò$Iö,ú‚û`2$P^`·rp«ÊÁ'ø +¯77+‡./ß_Í"b±Cr6dwê摭eÈ. là +uèŒÞªC–†öVrL׌=è­ßžÞ"Ë^c™¥82i3É#–T5«y,Êu"ö능` +/™ÈÖ +SO§ä‚ِw¥€ç'iÕ1ºaˆ 6SœlD¬Nf6UZDŒå‘äZä%¢'–A=Ÿ3¬$žµ;P¢ãÄwžbÁw'ÀóÚq:š™ D>źŽßû +l^nn¯n¶ÏTf«ëúg«@§nŸZæ™ +4ÛD¿ãU,†U¡úÌ­”‰DSša[Š +Qž ¯y_R +ÄqÉ«JsÆ[m,ϒ§í“^[N‡˜"¬UvYsžœž(¯‡|¢ +§jñÃßo~ÙÞÜå÷w +ñ܁C^ÕÿL0Œë ›šo7GMÁ.kñhԌSFéÒp£!ž ÆŸ·E(Öc5æOür0¢®qK#ÑñÀL +¡’G¢@›Ëív‰Žç Ï +Î +кY$™Á[ÞxÛºlµQ†;̹!d¹€Í³6eØ?Æ5¯ +ñŽRöMW"P +ܜ‡šöŽ³,k!:r§RÍÎ#ë<±|Žk5ëfƒ|'áÃ-â‘'ɋÛC] ++móéív¶jv[ûيÖj›¯™iJ&7åb×°=ÖMU=엎 çRY°^õaŸ`(;Š°õB“êEóí¶êÕîCË%ÿë(J£GÜ«Z}gNý6RLéíV£Çp&çí~¹ÜxÛՙeSC‡ l:ž\¹t)ÙĊ÷'³&µ;±Žkš±áC +’jàþ'7”¯|‚?(¢¶¯eeÕM) +;[HÈ$ +EÊAXqm¹ùéÃín—„z +sž ˜=u³È42j7Ó”Ä>:cºiË×r¬éØŠW‡á•hŒ¥är=j€D0ZŸŒL3•ñ³>œsCŸ‡`Ônš)Ø2Ð7£›òÍÝø«™ÚúÍâ Ûfdî·7rA0sà_O4a7& +ÜÌ]@++òÊd§ü*ú.w¿ŒÔ)süu +݀0 ”CùEjeI}‚fÐ>h +‹žcŸ +Ð=u³€62ÿ +ÐíKj€1Üi¡šÝ‚Ô¥R^_œìõ¡í‚Ž&3©¯0ÀÚaóۇw¿®°ŒÞ‚áw³™täҳͬžºùLjéöUÖñµö\Ó~ +óñ¯ª?¡wz±œÓ0ï¿578bXœRf䓞+Yö ˜øê`Aî,u$”ŸžèÖ»çRCOùþþXE¬iGˆ#yUšqZÕò¥ ++¥„€xòjbi «Q¹ïÍ#j{Èñœ +Œ]é +Ûáؔþ=ôÔÔ¿Õš9endstream +endobj +4762 0 obj << +/Type /Page +/Contents 4763 0 R +/Resources 4761 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4659 0 R +/Annots [ 4773 0 R ] +>> endobj +4773 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [139.477 497.357 186.52 505.895] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +4764 0 obj << +/D [4762 0 R /XYZ 71.731 729.265 null] +>> endobj +1119 0 obj << +/D [4762 0 R /XYZ 71.731 718.306 null] +>> endobj +658 0 obj << +/D [4762 0 R /XYZ 127.983 676.38 null] +>> endobj +1120 0 obj << +/D [4762 0 R /XYZ 71.731 665.648 null] +>> endobj +662 0 obj << +/D [4762 0 R /XYZ 172.199 624.67 null] +>> endobj +4765 0 obj << +/D [4762 0 R /XYZ 71.731 624.455 null] +>> endobj +4766 0 obj << +/D [4762 0 R /XYZ 71.731 609.511 null] +>> endobj +4767 0 obj << +/D [4762 0 R /XYZ 71.731 594.617 null] +>> endobj +4768 0 obj << +/D [4762 0 R /XYZ 139.477 578.841 null] +>> endobj +4769 0 obj << +/D [4762 0 R /XYZ 71.731 541.536 null] +>> endobj +4770 0 obj << +/D [4762 0 R /XYZ 71.731 527.868 null] +>> endobj +4771 0 obj << +/D [4762 0 R /XYZ 139.477 512.092 null] +>> endobj +4772 0 obj << +/D [4762 0 R /XYZ 296.716 512.092 null] +>> endobj +4774 0 obj << +/D [4762 0 R /XYZ 71.731 487.394 null] +>> endobj +4775 0 obj << +/D [4762 0 R /XYZ 71.731 474.069 null] +>> endobj +4776 0 obj << +/D [4762 0 R /XYZ 139.477 458.294 null] +>> endobj +4777 0 obj << +/D [4762 0 R /XYZ 379.973 458.294 null] +>> endobj +4778 0 obj << +/D [4762 0 R /XYZ 71.731 446.174 null] +>> endobj +4779 0 obj << +/D [4762 0 R /XYZ 71.731 435.28 null] +>> endobj +4780 0 obj << +/D [4762 0 R /XYZ 139.477 417.447 null] +>> endobj +4781 0 obj << +/D [4762 0 R /XYZ 166.197 404.495 null] +>> endobj +4782 0 obj << +/D [4762 0 R /XYZ 460.5 404.495 null] +>> endobj +4783 0 obj << +/D [4762 0 R /XYZ 71.731 392.376 null] +>> endobj +4784 0 obj << +/D [4762 0 R /XYZ 71.731 379.424 null] +>> endobj +4785 0 obj << +/D [4762 0 R /XYZ 139.477 363.648 null] +>> endobj +4786 0 obj << +/D [4762 0 R /XYZ 71.731 338.578 null] +>> endobj +4787 0 obj << +/D [4762 0 R /XYZ 71.731 327.683 null] +>> endobj +4788 0 obj << +/D [4762 0 R /XYZ 139.477 309.85 null] +>> endobj +4789 0 obj << +/D [4762 0 R /XYZ 381.597 296.899 null] +>> endobj +4790 0 obj << +/D [4762 0 R /XYZ 431.967 296.899 null] +>> endobj +4791 0 obj << +/D [4762 0 R /XYZ 71.731 284.779 null] +>> endobj +4792 0 obj << +/D [4762 0 R /XYZ 71.731 273.885 null] +>> endobj +4793 0 obj << +/D [4762 0 R /XYZ 139.477 256.052 null] +>> endobj +4794 0 obj << +/D [4762 0 R /XYZ 71.731 218.03 null] +>> endobj +4795 0 obj << +/D [4762 0 R /XYZ 71.731 207.135 null] +>> endobj +4796 0 obj << +/D [4762 0 R /XYZ 139.477 189.302 null] +>> endobj +4797 0 obj << +/D [4762 0 R /XYZ 71.731 177.183 null] +>> endobj +4798 0 obj << +/D [4762 0 R /XYZ 71.731 165.208 null] +>> endobj +4799 0 obj << +/D [4762 0 R /XYZ 139.477 148.455 null] +>> endobj +4800 0 obj << +/D [4762 0 R /XYZ 71.731 48.817 null] +>> endobj +4761 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F29 790 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4803 0 obj << +/Length 1998 +/Filter /FlateDecode +>> +stream +xÚ­YÛnÛH}ÏWó +0i6¯âƒ°g6 +ßf¬™$˜ +m²-qÃÛ4ÉMô÷SÍîjÞD'X~)«««Î9UM‘• +d+táÉ,'ðWqþÊ^íà?¿Œ"ÊÂT&æÀæjûêü­"+ +ÜÕöyå׊üUè:ÖÆwVÛäO㲪X‘€ßÖŠãÛÆ¥%?oÒº‘Wå³ú¬šŽ,jyó\®‰Áåu³gòÂ:Ëâ?¶íìZŸvCC}]Ç<­šõ_Û¿ºÞêp}‡X®ó↔É|Ca¿!B"ˇ„öÆr=¯Û‘i²‚>eÌÌӘ—fÝ0š5û‹òýoŸÿX×7.oŠ¡§ ²-c9–ÁÅà?ÓO +;q +Ëö ø»yðndyaš—ìÊQ‹ÀÎß¹ÞÐ"+ËÝ}M›=îJúA‰¥ñ™,ÁÓÚ±VT<^â +žYßØ­}ƒåŽÓjŸÆò_û4IàŸF!oûÚRù¥ø&c–ˆbeŠ]„Ñʄ­GdRŠ¢Œ³‹‡‹I÷à3ðN–ôÞÝrҕóM™çŽH䞲ŽPÈ­(¯Ób'oRý.ˆ!6• +Ën,]™œÊ×dcìڜM%È2õ¬2〉åŸy™Ë«Ç-,ôöýZÿ¹Ë²-¶ +–hÑÜ +àõ8†évt àbo +j9† +7?ý„Ž}›åUs@ŒpÈ|IŠ;Œˆ€ +#€u†A +×Ú3J0ʊç’Ç,׉F +mDö³¬¡˜+àbÕ6ŠCÀ‡Èñs(-jx*3 +š³‹»µ—·×KŒòƒÈÚâOÄš»EF¡ú÷ +ó®¢îDã +Á.¶ ò€Œ†¢2`C§q^°ÚÀŠA·bZ`€D®ŠùžŠÅ\ +=Û" +ꊚwɏøò,b‡ÊèÐflîÇñ,›( +šê€íՌËÂóž ÙB +› ›;UºÉBÄò Œ +Xo#ë +J\×·Âh3BbÿŽWìÿ¶EÜS@(?’à« ô‘Ù'EôŠ?Æ/Ð +ØÅã§Çíõíç[ðuù°EXöñ +ÿA±w· +Eeƒ +¿I‹VM8e‘ +úB ÑIl_ÖÉ +Š$Me™$걄ˆ­+‰Aõ“˜­§y–ú +Kµ–" 'JžHrx +¢žœ +Jn³ÇkVTT­»ŒR4JسØm³æìX4(¬¯×Ÿ +zã +ïÅjώè^œ¥ lçk‘ЬÄ£ˆP÷\v×‚^³%æ<©Í À]²$-69ÔýQ +u2ŸgsŽóþxÈçVN«£“”³é壥žäœÕ p‰n^ + + +b©S{ŧ +Žòé‰Öì⊜]9K4òÜÀrO7# +Ü-ÒmºL±fD™ÄDÊ­ŠÒ +&µe92“!p(wÃtÖé® MËÇJ +Iܵ + + +û»ëáÒsªPɯ+3E(N‘ŠåóÊm?ˆžï‹Y3˜HhÓ +)NÇD€z¬®ºÒœ;ui£ºÊO(vèm !¢™±iu=8žDoå9.œœ£!Ž1F³šM +ɚ +ԟk†-Ïß@# _^]ÙŒŒúđXýç ÖÐ4Ãq®P­ +Ð-y£¡v8ó‰ò·%O&gY 3ôy\èŸ9yîɃ6"Ð?ßÜŒ¿ŸÛ"Žoy¶ñé/y]ôƒs·‹^1qh +Ò%¡ +j¡ó(¡õþ—ýþÐs¢|ò¯iÍÎú¶7.žèú%W©ýKçڝ +ÓBðîX¥üq¥Ÿå™ ü_¬ñ­ + NV§ÞÝr”sXŠ·7À9m–ÚV&†„Ý‘ãðQŒvgw¬àE~šÿÎÎ+á¡nvÐS஄ãDÆÎËä)^J’z°‰èTIž[LÚtªÒVUÉ­å»Y€̝~ÓŸŒÁ+€z{xüõFôAŠ¡ÿâŸK†B°Ê|[€ßîß^œ‘€“fâmTg9—yÝuð9< ++·E‰¥m3M!ø0$ß-%œ³6a‹•‚‰ž„'{™4p·\)eóc•Ò0~Pé:çû·ª£ÊñHÞüÆþnS®‡aM€ô©ÒË{N¹:Ä'}ý³"“‚>ß. + ùï>.e”llè'ò»ÅŒ¢ˆûAE©FqÐØ +,€ýž@Œn€hšŒÓ˜ëjŠÃ +Ռòx?)èøMÇÓnyñzG&SKûlš +oœzj8ËÌeÓuB+tÛ +Þ}<J‹ó#‡mßò + +'œÄM9BAà[ž¿0ý&LŸD[ì +Ä ÀýÉúÂÀÝrÙ•ÍŽ/èX›TI?¬=(5³ÎJñV㫲òÞÝëlÃõâ#†^Zë¶Z—-5莝M†gýâ+cô +úèZ”8Чj®k`³ÇþUïË6KƘ“ó{ +,†Q|Ž/!ßšßm^©Ã +œ‚ð0§ƒž%??ÑøK²ŒVóɹDí•x‰Â—@“}H=«å8®Ïµ*Ê·åDÊ[Ì'.Yq8Çw +èq8.Ù©‡pS¿¡x˜ÂeéMf?²ø6œšÂœˆÀ ±~™/õcòendstream +endobj +4802 0 obj << +/Type /Page +/Contents 4803 0 R +/Resources 4801 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4845 0 R +/Annots [ 4824 0 R ] +>> endobj +4824 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [408.984 421.255 458.797 430.167] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +4804 0 obj << +/D [4802 0 R /XYZ 71.731 729.265 null] +>> endobj +4805 0 obj << +/D [4802 0 R /XYZ 71.731 718.306 null] +>> endobj +4806 0 obj << +/D [4802 0 R /XYZ 71.731 707.163 null] +>> endobj +4807 0 obj << +/D [4802 0 R /XYZ 139.477 690.411 null] +>> endobj +4808 0 obj << +/D [4802 0 R /XYZ 153.036 690.411 null] +>> endobj +4809 0 obj << +/D [4802 0 R /XYZ 71.731 667.397 null] +>> endobj +4810 0 obj << +/D [4802 0 R /XYZ 139.477 649.564 null] +>> endobj +4811 0 obj << +/D [4802 0 R /XYZ 71.731 598.59 null] +>> endobj +4812 0 obj << +/D [4802 0 R /XYZ 71.731 587.696 null] +>> endobj +4813 0 obj << +/D [4802 0 R /XYZ 139.477 569.863 null] +>> endobj +4814 0 obj << +/D [4802 0 R /XYZ 306.479 569.863 null] +>> endobj +4815 0 obj << +/D [4802 0 R /XYZ 360.735 569.863 null] +>> endobj +4816 0 obj << +/D [4802 0 R /XYZ 453.756 569.863 null] +>> endobj +4817 0 obj << +/D [4802 0 R /XYZ 71.731 544.792 null] +>> endobj +4818 0 obj << +/D [4802 0 R /XYZ 71.731 532.817 null] +>> endobj +4819 0 obj << +/D [4802 0 R /XYZ 139.477 516.065 null] +>> endobj +4820 0 obj << +/D [4802 0 R /XYZ 139.477 477.21 null] +>> endobj +4821 0 obj << +/D [4802 0 R /XYZ 71.731 465.091 null] +>> endobj +4822 0 obj << +/D [4802 0 R /XYZ 71.731 452.857 null] +>> endobj +4823 0 obj << +/D [4802 0 R /XYZ 139.477 436.364 null] +>> endobj +4825 0 obj << +/D [4802 0 R /XYZ 71.731 398.341 null] +>> endobj +4826 0 obj << +/D [4802 0 R /XYZ 71.731 387.447 null] +>> endobj +4827 0 obj << +/D [4802 0 R /XYZ 139.477 369.614 null] +>> endobj +4828 0 obj << +/D [4802 0 R /XYZ 71.731 344.543 null] +>> endobj +4829 0 obj << +/D [4802 0 R /XYZ 71.731 331.592 null] +>> endobj +4830 0 obj << +/D [4802 0 R /XYZ 139.477 315.816 null] +>> endobj +4831 0 obj << +/D [4802 0 R /XYZ 71.731 303.696 null] +>> endobj +4832 0 obj << +/D [4802 0 R /XYZ 71.731 290.745 null] +>> endobj +4833 0 obj << +/D [4802 0 R /XYZ 139.477 274.969 null] +>> endobj +4834 0 obj << +/D [4802 0 R /XYZ 71.731 249.898 null] +>> endobj +4835 0 obj << +/D [4802 0 R /XYZ 71.731 236.947 null] +>> endobj +4836 0 obj << +/D [4802 0 R /XYZ 139.477 221.171 null] +>> endobj +4837 0 obj << +/D [4802 0 R /XYZ 71.731 209.051 null] +>> endobj +4838 0 obj << +/D [4802 0 R /XYZ 71.731 196.1 null] +>> endobj +4839 0 obj << +/D [4802 0 R /XYZ 139.477 180.324 null] +>> endobj +4840 0 obj << +/D [4802 0 R /XYZ 392.386 180.324 null] +>> endobj +4841 0 obj << +/D [4802 0 R /XYZ 139.477 167.372 null] +>> endobj +4842 0 obj << +/D [4802 0 R /XYZ 71.731 155.253 null] +>> endobj +4843 0 obj << +/D [4802 0 R /XYZ 71.731 142.301 null] +>> endobj +4844 0 obj << +/D [4802 0 R /XYZ 139.477 126.526 null] +>> endobj +4801 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4848 0 obj << +/Length 1611 +/Filter /FlateDecode +>> +stream +xÚœXKoÛ8ŸçWø°šiQo +º@Ò<6‹Ž)ï¡è +Y¢m"²(HÔŠù÷;zYiî"@$YÃáÌ7ß<(Œ°á/BŒB.NŒœÀ_€Ç +{±‡7wXI¬”Ȫ'sµ¹Xß:ñ"Fqà.6» +‹]û‹ÐuPä;‹MöÕº,KRdôûråø¶u‰äõÖ\Þ±º–œ²¢–;¶ÄV%ïùÈŽNYñ·m;ûŠZº¡¥~®ÓŠ–|ùmóçÅÍƘë;¹Î›)‘©CaçÆ1òÁ“ÐŽëy­G«)’mNV%¯’”ŒwÖK‚ØF +Ƨ¶vÃMïÍøjŒÄŽƒl¬ì©›ZéÆÈ +C³¥°ò3©(Ëhšäù«*=ôYÞŸ +ÀªNàâÅVF¶KǶšý^¿ * ç ,ÎÞ©Ç"S7[V©(RÅWR«?z_žMPl#ÇS¯»+Ђu/8¹ßÔ@Õ–¶ +è2ÔpvLx¿Ô™rÄ UÈй +rbwPWêW(ÇÁNj +ÊߊžªFMVÎÙÆ;g«ý=uóAV2ÂÄÍAc5èªÒîZ'uFz”¢çГI1¬‡ +ú>öÖM©{EÚ3 ™³}·Lœß +šz,Iª—Ø·tŸI! IÑ® +¿œ +*’*º +ŸîS‘^ÐvSÁ¬Dí:2®V +XÍ{äÕäö€ZE™€2ÕNš`º&Ô0Èގû 14* +8XÀŽXo¶ž)Ãe€1Šv¢a&)Í¡Té€)†¶FAŽ¶Jc + -Ú÷ +ñµ[E­x+ï9°æÝhyÍi® +e!ò®ÉÔÉ/AÃ-USpz +b +ŠîDPµ_ª"W!rDÿÝAÿ +Qè"'ãª’Ž +á~Y¥)íðtdY#ùmáZ’j'†ˆÖkxN2u¯'Ào©ø Š%!÷\Ok™¢¬Z‰1ROŠ +©ÉˆI‰†.Í))øŠ™ÑCŒ·235—~”##ã¡Fxª㠖µ“Þ ƛ°ŸŽüu”)Ñ9ØŸ>6š!íØd‘v°Å˜Rç•ØÔL¢.³SYðBò\¶e©ሃaq«h±’~òô0Wš]ÇFn蟫P÷ÔÍj-#ÌýúááþæÓFMŠŸ +À\ÛúòM>˜€.€œ]’{dç +0ÖðŸ5\÷PSU +^ÿD³;2ÈÛz%Ï3`:!\è\`öÔ͂©e~˜œã’2eU%.í¢F³TµÙŸ Kdu«gat#Dg +zêæaT2ÿŒ€A‡Èè¡ûCFܬÏÛj†D#R +OLç'*V™ðC­g„ +:ËxŠÐæýöÇãǛŸyà©Û€º+5ÃÀúÃÀÖ +ÍÞÌ +y(ŠÎv쩛 +«–ùµa + +윑ڄûé¯ûëõÓÝýµ|ÜÒBž`ÓÎè© Ðؐ%<Ù&5ùáùó¹µìýӗ§ÍÍÇ>U.?φÄÅȎŒ³ +€S7%óЊ?ТùŸŸ­ˆœ®ž®×%)àª;qþ*È9Â~“þ‰Ìœ&Ñ`T“ßpª‚äF#‘OåØ68 +ŽGº•³í–˜Iz¬è"Nmuç†6.#ÜÚnÕ*ï5®ŒöãÏT÷±¡šÀiw£¿> endobj +4849 0 obj << +/D [4847 0 R /XYZ 71.731 729.265 null] +>> endobj +4850 0 obj << +/D [4847 0 R /XYZ 71.731 718.306 null] +>> endobj +4851 0 obj << +/D [4847 0 R /XYZ 71.731 706.187 null] +>> endobj +4852 0 obj << +/D [4847 0 R /XYZ 139.477 690.411 null] +>> endobj +4853 0 obj << +/D [4847 0 R /XYZ 139.477 677.46 null] +>> endobj +4854 0 obj << +/D [4847 0 R /XYZ 71.731 665.34 null] +>> endobj +4855 0 obj << +/D [4847 0 R /XYZ 71.731 652.389 null] +>> endobj +4856 0 obj << +/D [4847 0 R /XYZ 139.477 636.613 null] +>> endobj +4857 0 obj << +/D [4847 0 R /XYZ 71.731 624.493 null] +>> endobj +4858 0 obj << +/D [4847 0 R /XYZ 71.731 613.599 null] +>> endobj +4859 0 obj << +/D [4847 0 R /XYZ 139.477 595.766 null] +>> endobj +4860 0 obj << +/D [4847 0 R /XYZ 71.731 585.704 null] +>> endobj +4861 0 obj << +/D [4847 0 R /XYZ 71.731 570.695 null] +>> endobj +4862 0 obj << +/D [4847 0 R /XYZ 139.477 554.919 null] +>> endobj +4863 0 obj << +/D [4847 0 R /XYZ 71.731 529.848 null] +>> endobj +4864 0 obj << +/D [4847 0 R /XYZ 71.731 516.897 null] +>> endobj +4865 0 obj << +/D [4847 0 R /XYZ 139.477 501.121 null] +>> endobj +1121 0 obj << +/D [4847 0 R /XYZ 71.731 455.128 null] +>> endobj +666 0 obj << +/D [4847 0 R /XYZ 477.27 412.031 null] +>> endobj +4866 0 obj << +/D [4847 0 R /XYZ 71.731 388.542 null] +>> endobj +4867 0 obj << +/D [4847 0 R /XYZ 71.731 364.046 null] +>> endobj +4868 0 obj << +/D [4847 0 R /XYZ 71.731 349.102 null] +>> endobj +4869 0 obj << +/D [4847 0 R /XYZ 71.731 336.151 null] +>> endobj +4870 0 obj << +/D [4847 0 R /XYZ 139.477 320.375 null] +>> endobj +4871 0 obj << +/D [4847 0 R /XYZ 71.731 308.255 null] +>> endobj +4872 0 obj << +/D [4847 0 R /XYZ 71.731 297.361 null] +>> endobj +4873 0 obj << +/D [4847 0 R /XYZ 139.477 279.528 null] +>> endobj +4874 0 obj << +/D [4847 0 R /XYZ 71.731 267.408 null] +>> endobj +4875 0 obj << +/D [4847 0 R /XYZ 71.731 256.514 null] +>> endobj +4876 0 obj << +/D [4847 0 R /XYZ 139.477 238.681 null] +>> endobj +4877 0 obj << +/D [4847 0 R /XYZ 71.731 213.61 null] +>> endobj +4878 0 obj << +/D [4847 0 R /XYZ 71.731 202.716 null] +>> endobj +4879 0 obj << +/D [4847 0 R /XYZ 139.477 184.883 null] +>> endobj +4880 0 obj << +/D [4847 0 R /XYZ 71.731 161.869 null] +>> endobj +4881 0 obj << +/D [4847 0 R /XYZ 71.731 147.837 null] +>> endobj +4882 0 obj << +/D [4847 0 R /XYZ 139.477 131.084 null] +>> endobj +4883 0 obj << +/D [4847 0 R /XYZ 300.82 105.182 null] +>> endobj +1122 0 obj << +/D [4847 0 R /XYZ 71.731 98.043 null] +>> endobj +4846 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F11 2374 0 R /F21 781 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4886 0 obj << +/Length 1828 +/Filter /FlateDecode +>> +stream +xÚ­XKsÛ6ŸçWèjƂð}ðÁq +×mb{l%NšMAÆÈáÊzèoï‚øŠ™jtàCàr÷Ûo¿]ÏLøᙇ‘gÁˆžÎ,Ú¿3g[øçú +V+jÉ¢µæÃêÝò f +\k¶ÚÌ,l¡À™yAŸCf«õwã"M)_³ŸóqLãÉãg–ò,ÙšcZ°„çòb“̱‘ÉóbGå ZF ÿÛ4ɶÌæ–gšÛy”±Ž˜ÿXýþîjU»ëŒ,òj@jÉ0 <à +"Øi`Ly¶/#B–ˆÂó;íþú^^<²-‹2£¹ŒNž<^ÖN‡"ÂåÇ°ŸÂœ +Á‘!Ȓ†?± +†Ûàƒ×€j{ÈŸÀò·Z¹X +X±[lÓíùý< ÆÅ +cl¬~룀q€ +H„kyȱ‚1²8iýÓ?րapÕŽ±–9‰XË[lÈöŒú•Âݯ¹ÊÕ5/ï¯UZy|™cÇ Û +åõZÍVŸ+èäq'ŠŠG+MŽŽ|ŠY$ϟçØv€Ýc—c5•èfN +cC£‚‰éƒü«Ìi6·MãL_–!žÇG/L€âžŠ+K’âL{嘌ËäÙîÌ8ܪ"lä|Åò—hËËt»g3Æ·ò7L768ȳ|ìbù†‹cyöÔžºF•[ +ìšØ`»M’hG£çŒÜŸ_þvuùÄòøõËO +ßšãSñ€en’'zðø2Ù§P2:Šòœº¹Ÿz§:ž²ƒNV+-»eÞv‘[#?Ž‡‚€šOŒ‡Ùqî:†bV +–€ªºÚ—Z¯4ø ©éŽ)ujbÆÕœ€,ÒR?sÔY²Á)ÜáP +îw¡Ž5Ɇ‘@ ¶ïŒˆ¥V +vT‹Í²žõÈ/Q÷Ëœbo#ÛŽÆȳIÏ?ÝÜBînnW“Ž +lëdŽiÌMÓF­™€M +®Ð +Ÿ¥Y +%×î9À zÍ@1Diuu*yïÙSöZº†:u³©íðë³1é¡)öŸ>ö㍲ +M ÑӜÀkT yQÛÉhšd:þ~$MžS:Z†d^»=.\ª× +œ™ˆX®ê¶ê—1£ŒX>‚¢.Àԋ8ª–È +öŸ°âøF¿s)ŸbºàŽ8¯’ìù<’Ö“iŠ`šbšMLÿT +m™›dš^3`hšØS¹_לÌWHӂ2р Uõ<òŽ¡Œù:Œ­<ÊB”ÔÝœ#N¯Ÿ×,¯ ¥<ʎÃJ#gù&2ý“µ„–¹IäôáçGé¥jÛÒÕzØhÜ*,JË‚Z÷%gQU¡¯Á¡Š^qŽ'ñ' èó©ðhÌMã¡ÖtF©V–å +ü&F¬˜×1ªî=¶Õ#ýÔòZdɺŒššÔC>"e”G#-)OŬ4žIšIg ϺÒ{~7¡*§?èæ;‰°Œµ*ÖŠú6˜Šã)ŒžçJ\ÂlÝ JndD;„€$Ê&CZݙ*ã(lZï^4Ø +Tª%œØ©w%úl*‰¡4£‹ +øšó‰çH(¡ˆh$-J¯‡ó@’ÆQ¹21R +­M›‘BÙ/ò.&lŸ&yÎêÖýŽÑïƍ7¢ý‘˳tª  +XŽONUÐ-s“­× +®Ý'¶.ÿÐ,YÒOÄÖåÓõVýõøp¯šx–I”Ä]ÄÃŒð¢EIýOœl_é?5ëʪÕêÞ3̘`­,ŒŒèXèÌ$°ÇÍõÛ"Ø.7ôŽv¡Ðš˜ÂX³€}tšp +ƒŽHÏ ­o›Èu}5þ®vº¢‡#{N‹nÜM „û&Ž—0.i#ž¹ôKÚåÔnà5FAˆ]lÇ™*© Lurš*EÎõX3{Û®^^?Çë @“F +Xã¥RÍû1{:daúœûYáÇTí`/@Ÿu²Úi™›¬ +œF8ýýv†Ÿi|ÓÄ»ÛÏÀ?Óøë‡jBñú¹î̋=ÅËËŽ“kd*6ÿ)ÈÍh¡éù­ŠrºßÏ +ÇP\]ª‚rêª-õÞ²mFìÀv†6ה +æ0–¹§VŸõ„êý±Œéû.5kÌyž§º5WûºVue‹/ +ݺj²Q· +ÆaȍãEeç·sË1.Ÿ\õò4òŸ~®Cº}¬ +A°àüþîaîB'é-TOGÿÆÜ4ýÕ©uZ +;»ÃŽE»·úŒ˜› Ù­ù¬5Bu%;ð> endobj +4887 0 obj << +/D [4885 0 R /XYZ 71.731 729.265 null] +>> endobj +670 0 obj << +/D [4885 0 R /XYZ 110.964 683.368 null] +>> endobj +4888 0 obj << +/D [4885 0 R /XYZ 71.731 683.153 null] +>> endobj +4889 0 obj << +/D [4885 0 R /XYZ 71.731 668.209 null] +>> endobj +4890 0 obj << +/D [4885 0 R /XYZ 71.731 653.315 null] +>> endobj +4891 0 obj << +/D [4885 0 R /XYZ 139.477 637.539 null] +>> endobj +4892 0 obj << +/D [4885 0 R /XYZ 174.067 624.588 null] +>> endobj +4893 0 obj << +/D [4885 0 R /XYZ 71.731 612.842 null] +>> endobj +4894 0 obj << +/D [4885 0 R /XYZ 71.731 601.574 null] +>> endobj +4895 0 obj << +/D [4885 0 R /XYZ 139.477 583.741 null] +>> endobj +4896 0 obj << +/D [4885 0 R /XYZ 286.136 583.741 null] +>> endobj +4897 0 obj << +/D [4885 0 R /XYZ 139.477 570.79 null] +>> endobj +4898 0 obj << +/D [4885 0 R /XYZ 185.962 570.79 null] +>> endobj +4899 0 obj << +/D [4885 0 R /XYZ 71.731 558.67 null] +>> endobj +4900 0 obj << +/D [4885 0 R /XYZ 71.731 545.719 null] +>> endobj +4901 0 obj << +/D [4885 0 R /XYZ 139.477 529.943 null] +>> endobj +1123 0 obj << +/D [4885 0 R /XYZ 71.731 509.853 null] +>> endobj +674 0 obj << +/D [4885 0 R /XYZ 322.556 466.756 null] +>> endobj +4902 0 obj << +/D [4885 0 R /XYZ 71.731 463.192 null] +>> endobj +4903 0 obj << +/D [4885 0 R /XYZ 71.731 448.248 null] +>> endobj +4904 0 obj << +/D [4885 0 R /XYZ 71.731 438.761 null] +>> endobj +4905 0 obj << +/D [4885 0 R /XYZ 139.477 420.928 null] +>> endobj +4906 0 obj << +/D [4885 0 R /XYZ 71.731 408.808 null] +>> endobj +4907 0 obj << +/D [4885 0 R /XYZ 71.731 395.857 null] +>> endobj +4908 0 obj << +/D [4885 0 R /XYZ 139.477 380.081 null] +>> endobj +4909 0 obj << +/D [4885 0 R /XYZ 71.731 367.961 null] +>> endobj +4910 0 obj << +/D [4885 0 R /XYZ 71.731 355.01 null] +>> endobj +4911 0 obj << +/D [4885 0 R /XYZ 139.477 339.234 null] +>> endobj +4912 0 obj << +/D [4885 0 R /XYZ 71.731 277.366 null] +>> endobj +4913 0 obj << +/D [4885 0 R /XYZ 71.731 262.357 null] +>> endobj +4914 0 obj << +/D [4885 0 R /XYZ 139.477 246.582 null] +>> endobj +4915 0 obj << +/D [4885 0 R /XYZ 350.145 233.63 null] +>> endobj +4916 0 obj << +/D [4885 0 R /XYZ 71.731 208.679 null] +>> endobj +4917 0 obj << +/D [4885 0 R /XYZ 71.731 195.608 null] +>> endobj +4918 0 obj << +/D [4885 0 R /XYZ 139.477 179.832 null] +>> endobj +4919 0 obj << +/D [4885 0 R /XYZ 185.125 166.88 null] +>> endobj +4920 0 obj << +/D [4885 0 R /XYZ 301.638 166.88 null] +>> endobj +4921 0 obj << +/D [4885 0 R /XYZ 71.731 143.867 null] +>> endobj +4922 0 obj << +/D [4885 0 R /XYZ 71.731 128.858 null] +>> endobj +4923 0 obj << +/D [4885 0 R /XYZ 139.477 113.082 null] +>> endobj +4924 0 obj << +/D [4885 0 R /XYZ 191.551 100.131 null] +>> endobj +4884 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4927 0 obj << +/Length 1916 +/Filter /FlateDecode +>> +stream +xÚ­Y[oÛ6~ϯ0öd-R¢.: k“¶C› +tèŠA‘èXš,i’ÜÔÿ~‡ä¡®–Û‡ ŠšÃsýÎ + +]ØðG>%Ÿ?,$Ìã‹xa/ +áÍë +Š’X=š?7ë.BzÎb³]8Ô!!_ø#g‹MòeyU–"OÒ+‹q{yEôﻎnôªØâoÙ€E^ë‡m±¢ËJ¯›Ð +²Ž‹üÛf‡jåøKÜ®ã*-›Õ×Í_כV]Î(qØYƒdjßDžŸ¿ðí€8®«,Š²JDÉ€»ÎòP +P5ÑžY{©œË–h_éÍš,³4Ž€•DïÜÁÉ¢jôC~Ø?ˆªFF"+VŒ/Ÿ4j3W¿šÄ‡ŽÒÚ¡çYÈ ÷<°LªX­\Ÿ,ŠéúÄç>’•U*¥|O30‚/Šß*ÅôZºž,,‡ºà.gaQ1ÖÁ­Eõ]ž9_MHAã +‹ +Õ.³¬§ŽÙYYñ؝xñæÃýf +6 +‡90÷žKž{2nŒž!,zoÆ¿m„)š`»â +»Ù©ï——ïÞ^ßn4À>ÜŸ[QÛ^þýU?o + w +q”$°¢®‡ n± +–#ZG +CŽ) +Œ£\/ + +ºŠHóË.ŠôŠÜM2œ¯THl +UÆÅÅŸ„ˆ'–a ÚwªMŠ0ºcí|%¶*ˆ‡¬_¡ƒäE>)‰&ú%í"P¡ +à(ô&UTÁ0ŗؓî`Uȃ†9U-9nŠê8š|zVÏ"ٚQj§8°b+Æ7®×·Ÿ°²guŒkâ¢ëìÕ±Ùµv +òÄðYêJfK”ÉtÙv+œèEÝJ)jxªHcL +—0ž‰œ.ҚÆêÍi&EšjO«4\ÃóÂ5ÉyÙC6ªD›K/ú-M”f5˜^÷î`4`Ö)\ª«¯Þ~œK:ÄñŸ-YzìfýihÉšFÕÑ@Ôà³ÅQ2Èȓ§7˜òº&m* +ìB +®ÖÒÓØÄ +Í%W͙zêa>át<«+FÏPœ»™-?Œ3Â!vÏåÑŽÝŒG‘Šó(xH)«—jÓ«žkár +²I¥—Þøu_{.q95Ÿþ +US3 +Ž +{&šß«V +Œ?ÁÊLÐOUÚ4jƒÕÌäù +äæó:KÖӏÔ¥$ŽÍì‹U÷_ÕÀŠc2‡RL +'„\“Å`z9S>Ž~–B²uÂ0÷\ïØÍ +i)dnŠî³¹D‡œg_G‡f¢“xWÞ?ï]*Ië^qÙîZ}º³™â»ˆîq­—LJ|Ï +Lè]ÞùOJûH•À÷çgÊáæžÏà +»ÙšA +÷æŽ3ŠÛè±T=ÜäíÉ9׀A\OÕHžÙ‰µ”? +« +1 +†?öÙıÝS™ÓìK•7›3•’ÝvügszÇnÞéH3púȹO;ž} +÷eÿŠˆ3Zd^Ǖ +¡ +Ñ×íœA +Пi󬈒zü«÷9ŠœÔµâGSÉ»s,ELïšw¯ï¬:}̍ü2ªšÑw–ž:À§¯ÚÓ}]9 + Á'dP: +ÁðæÃûë +?$¶MÇxéCÿMà0Ýûgÿ‘БLþÀmO +H" +QêÌ|㟊úBeòendstream +endobj +4926 0 obj << +/Type /Page +/Contents 4927 0 R +/Resources 4925 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4845 0 R +/Annots [ 4939 0 R 4946 0 R ] +>> endobj +4939 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [138.082 476.997 184.577 485.535] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +4946 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [139.477 334.123 189.29 340.977] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +4928 0 obj << +/D [4926 0 R /XYZ 71.731 729.265 null] +>> endobj +4929 0 obj << +/D [4926 0 R /XYZ 71.731 741.22 null] +>> endobj +4930 0 obj << +/D [4926 0 R /XYZ 435.043 708.344 null] +>> endobj +4931 0 obj << +/D [4926 0 R /XYZ 71.731 685.33 null] +>> endobj +4932 0 obj << +/D [4926 0 R /XYZ 71.731 670.321 null] +>> endobj +4933 0 obj << +/D [4926 0 R /XYZ 139.477 654.545 null] +>> endobj +4934 0 obj << +/D [4926 0 R /XYZ 71.731 616.523 null] +>> endobj +4935 0 obj << +/D [4926 0 R /XYZ 71.731 603.572 null] +>> endobj +4936 0 obj << +/D [4926 0 R /XYZ 139.477 587.796 null] +>> endobj +1124 0 obj << +/D [4926 0 R /XYZ 71.731 580.658 null] +>> endobj +678 0 obj << +/D [4926 0 R /XYZ 154.45 537.56 null] +>> endobj +4937 0 obj << +/D [4926 0 R /XYZ 71.731 517.42 null] +>> endobj +4938 0 obj << +/D [4926 0 R /XYZ 336.486 504.683 null] +>> endobj +4940 0 obj << +/D [4926 0 R /XYZ 71.731 476.997 null] +>> endobj +4941 0 obj << +/D [4926 0 R /XYZ 71.731 462.053 null] +>> endobj +4942 0 obj << +/D [4926 0 R /XYZ 76.712 410.935 null] +>> endobj +4943 0 obj << +/D [4926 0 R /XYZ 71.731 391.01 null] +>> endobj +4944 0 obj << +/D [4926 0 R /XYZ 71.731 375.901 null] +>> endobj +4945 0 obj << +/D [4926 0 R /XYZ 139.477 360.126 null] +>> endobj +4947 0 obj << +/D [4926 0 R /XYZ 71.731 324.16 null] +>> endobj +4948 0 obj << +/D [4926 0 R /XYZ 71.731 311.209 null] +>> endobj +4949 0 obj << +/D [4926 0 R /XYZ 139.477 293.376 null] +>> endobj +4950 0 obj << +/D [4926 0 R /XYZ 266.37 293.376 null] +>> endobj +4951 0 obj << +/D [4926 0 R /XYZ 71.731 281.256 null] +>> endobj +4952 0 obj << +/D [4926 0 R /XYZ 71.731 270.362 null] +>> endobj +4953 0 obj << +/D [4926 0 R /XYZ 139.477 252.529 null] +>> endobj +4954 0 obj << +/D [4926 0 R /XYZ 303.928 252.529 null] +>> endobj +4955 0 obj << +/D [4926 0 R /XYZ 467.353 252.529 null] +>> endobj +4956 0 obj << +/D [4926 0 R /XYZ 71.731 240.41 null] +>> endobj +4957 0 obj << +/D [4926 0 R /XYZ 71.731 229.515 null] +>> endobj +4958 0 obj << +/D [4926 0 R /XYZ 139.477 211.682 null] +>> endobj +4959 0 obj << +/D [4926 0 R /XYZ 278.265 211.682 null] +>> endobj +4960 0 obj << +/D [4926 0 R /XYZ 71.731 186.611 null] +>> endobj +4961 0 obj << +/D [4926 0 R /XYZ 71.731 175.717 null] +>> endobj +4962 0 obj << +/D [4926 0 R /XYZ 139.477 157.884 null] +>> endobj +4963 0 obj << +/D [4926 0 R /XYZ 322.26 157.884 null] +>> endobj +4964 0 obj << +/D [4926 0 R /XYZ 71.731 145.764 null] +>> endobj +4965 0 obj << +/D [4926 0 R /XYZ 71.731 132.813 null] +>> endobj +4966 0 obj << +/D [4926 0 R /XYZ 139.477 117.037 null] +>> endobj +4967 0 obj << +/D [4926 0 R /XYZ 351.609 104.086 null] +>> endobj +4925 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R /F34 797 0 R /F44 1165 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4970 0 obj << +/Length 887 +/Filter /FlateDecode +>> +stream +xÚ­V]o›0}ϯà€áøÃà +:µY;ekµEÓŠ®ªÜà4H¢`ÚõßïL> +€éEÊ5øúúÜs®/&†q$A’¡¢pŠ‹v +aæó€Xߺø;>Ÿ&ƒáˆFN„¢€9“™ÃC‘p$£(ԙķîÙr©³8ùëùT`÷ +ÕvœŠ +å3k—&ɳ¢~˜å +qWõØÌu=@ÃižýÁ˜>–+Iן.Š«diŒ»É—ÁÅdWP‚=˜ui'$· !™H +"Æù:#ßNÌÜoÀøÕª?Ž®Æ¯Q4˃#NH +Šxƒ™×v˜PŠ0Ä;áڈY„ž”›-+ē†ÂY™Šõh©Ì|_€ +Ï[–•@•ú}g38Ö3`W•©•2)ªü‡# +8!À Öp"Š$‹×@†ÚL‡ÕÚ$+ŒJÓûL-4<“ÕŽ^ºÏ=E‘ +ìÒÊ +UNŽÏš@„÷ˆì‰’æÇéÁÁüdzlÃõëa}öô8 dòí Î!æY€0 +-}ç7£_Cˆ9,Ôb®’쟊ߊ +K$"ÙŠœ +Ðw1ŸL⣇$‰<ãÛpýŒ[Ÿc¿¹:ƒq ü`­ÃÆL»Œ¯Ê¬UïžOjjº ž@TˆŽªÇ + Ö©ÁÜ,ÒcDDáÉ4ØFë•ÀºTPo\|÷Bìþ³fðúÛXÅîï»úùD@|3{9ù:¶ß(Smɞçz¥_÷ŽrµÒ™i/l¶˜Š ÌW/ydÅ +týª‰º‰ÆI±LՋŽßÙC†H(_ÃÞ¢šŽìš +QÀ:ª‚ +†$—]U}ŒÈ¡"nŒˆºg +!ĝ\ö–áKz²Ú؆ë/ësìùŽùüϹ +‘ Qó +ŠõÓ°‰Õ":€C&Â=žmu&¶bê¥ +äMòõW7<*ܧdª‹mÖ +Åniš4ÍŠ)Ó³B5Ý+ÏRËDY4mšìžu€Ÿš,Éì¥AÙX±Ò‹ê:gûÅn +Ùû<QØý]ÞÜø·.­ +¿ÀbpG³.BxÏeŒœÕ?“÷«endstream +endobj +4969 0 obj << +/Type /Page +/Contents 4970 0 R +/Resources 4968 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4845 0 R +>> endobj +4971 0 obj << +/D [4969 0 R /XYZ 71.731 729.265 null] +>> endobj +4972 0 obj << +/D [4969 0 R /XYZ 71.731 718.306 null] +>> endobj +4973 0 obj << +/D [4969 0 R /XYZ 71.731 706.187 null] +>> endobj +4974 0 obj << +/D [4969 0 R /XYZ 139.477 690.411 null] +>> endobj +4975 0 obj << +/D [4969 0 R /XYZ 332.242 690.411 null] +>> endobj +4976 0 obj << +/D [4969 0 R /XYZ 71.731 665.34 null] +>> endobj +4977 0 obj << +/D [4969 0 R /XYZ 139.477 649.564 null] +>> endobj +4978 0 obj << +/D [4969 0 R /XYZ 275.515 649.564 null] +>> endobj +4979 0 obj << +/D [4969 0 R /XYZ 71.731 637.445 null] +>> endobj +4980 0 obj << +/D [4969 0 R /XYZ 71.731 624.493 null] +>> endobj +4981 0 obj << +/D [4969 0 R /XYZ 139.477 608.717 null] +>> endobj +4982 0 obj << +/D [4969 0 R /XYZ 278.833 608.717 null] +>> endobj +4983 0 obj << +/D [4969 0 R /XYZ 71.731 596.598 null] +>> endobj +4984 0 obj << +/D [4969 0 R /XYZ 71.731 585.704 null] +>> endobj +4985 0 obj << +/D [4969 0 R /XYZ 139.477 567.87 null] +>> endobj +4986 0 obj << +/D [4969 0 R /XYZ 222.664 554.919 null] +>> endobj +4987 0 obj << +/D [4969 0 R /XYZ 71.731 542.8 null] +>> endobj +4988 0 obj << +/D [4969 0 R /XYZ 71.731 531.905 null] +>> endobj +4989 0 obj << +/D [4969 0 R /XYZ 139.477 514.072 null] +>> endobj +4990 0 obj << +/D [4969 0 R /XYZ 277.996 514.072 null] +>> endobj +4991 0 obj << +/D [4969 0 R /XYZ 71.731 501.953 null] +>> endobj +4992 0 obj << +/D [4969 0 R /XYZ 71.731 491.059 null] +>> endobj +4993 0 obj << +/D [4969 0 R /XYZ 139.477 473.225 null] +>> endobj +4968 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4996 0 obj << +/Length 2497 +/Filter /FlateDecode +>> +stream +xÚå[Û’Ûž}÷Wèm¥*C€àm+IŎ“Sv­k=»/Ù»ùÁ+â£(LW·ûÄ ¢Õíîß맫vù§GâdýÉÏ7yÓÊ«z/?·uYfÕN~)òjƒ×LYœÚŒ®šÍnÿ%àpŒ9œÝD,€^"¬ÿUìœüg¿í†€IŒBBV‘¡8!ÖQjÏ0’ÃŒW)J£€ÃŽâè€=† +bDjƒöðê™)|jÀæðÞ«ç0öÐ_{Þ.ce])oœ#„#€áæ?]*iž5òS>„\. +“%4w™aät™¶á N—Yà®»loq™ ïyûúŒ b õׇó††ëú +œz.@>ÆÊuïÛì^ú,W>lL^@{lƒCh‹·£&dWËϪnåÅYøžŠ‹}û( +™›÷}oäöœ²á£ÜŸŸÂ-ðýÞæ{ÞÛo°¿î(ÛM8ï¿ì<š 0NÔ +Œ©ë“ápÏðá9Úµiü¬f)ߏ恻 +‚ÌœçC‚Ò$žâùÞÈíyeÃ{OݞŸÂ-ðüÞæyÞóîòjçe»tyÓüYºÞ= +@x ++þ€ŠÃh8F1MÕí×ïŒ}cÓ¶(E4 +”ñ_ŠS‹}„}ÿç†K‰RÐTÎÕ’|ýNþÂ{Ìė_ýÐÏCÒ$¯ZvŒÊ¶ +naiÄY%.êK{šóê ­·uU±-€˜üJðö:ˆ©‘sK}1É( +ev©ÊKÑæÞQÝȶnjb +Çw3Šä§×âhoäf”²á] +݌šÂ-`ÔÞÆ(Þóvæª% åS}n-„ +c YF(ބ’ꥌÓÑ`@)X§t–R$ÐÍýMN· +ÕµÙ¹ +Ÿ=Z=ç0, ˆŽ-â'Γm‘³ªõš|§ìäú€‹HšC! +}:à~Üe6Ú²šåM±X÷ÌrÇ0rrGÛð.ENîXà®sgoᎠïYFŠ¢„.£J&ÂÎaڍÒC +tYša07÷MQs]à«JGy{o¡4Œ"JÂù~&Kú/$ò{ÖNj$?襟 +qòX»ž‘b¹!†&CÜhbhŒ"Úú:èLWÊšÔk ;­J_ì哠ÏîI/1i2Cè%»ãÁãrx®V{>°úy—±ó­¶ýýƒñVê+ÏàÙùƒÎúçó&%zF·àu™ +d>Ê +ú:.¹•ù(€²f^yœ‘[yʆ£ÅnåMá(o +oSžïS6š‹¬'WÞBÙÅû»µøW/;ž(øóð«ï“‚}ñè0Öâ#ߜøHŠ(ÌÖŒøz#·ø” +GKÜâ›Â-ßÞ&>Þ+­œô}òÄvŽ1_™åÅ5å% +)yŒððXÒc +”Í¥»àq“ +¬0yhÝA&/]t¬Q]©| +#§èŽ +GK¢³À]ÝÞ":^2}—µÙ]Ö°«Ë»%ñS°~ف +}ž©YãuN&?~zõòí{‹ˆ# +â?*Qè!ž†4Ÿ0#Štú£‚™g‹>WØ­ ‚B Rý†å‘]ÂÄ3l,Š4#öŒ}·"Šh +1†·)ÂÀ—Š8Éœ›â²c +jž4¢_¹(xàk®9]tÍœ;‹Ë/¯_œW ÷MËJ‹``Š¡÷„ +*™GH +aŠˆŸ|ŠF”@À¥rM#A„â”Îk€·qjD™žV,h +42†·iÄÀ÷NûpûKÕI§s.öæ×j"aø +e¯–ËŒÊŠ›m]5µœRJ —§¿7WÉ +äE»H†›yF—§®jÐày v&NJ +!@÷1ÝjþFØ6ùõàÞ'«úH@Ÿ”üŸøO@×jA² +ãoIƒb8bhY¡6ÇÏõ᜕|×»?×/!}X(Ók² ûÑ@ƒÿ9‘Ä!ĞhV†K‘ÚDHÒ}zkA»®É ŒE”&Ÿ÷ÆBT +'~Úí +ŠA”\û{œ}h;{ŠP’<q×Ê/ŒñZôKöR +’úâ€RŸ! Õ÷Äû/œ +æ +Vy!÷ +åƒòÍøQ€ÿѬjÏ9k€%«EŠ8A$dÏ€Š<•8]p<(õNY{ì4;Œ>r âԌÄqž%ÙM)øÌ‹€·qŠD™‘žÚ-h +D2†·‰ÄÀ÷~ëòÆo—Šõ +þÆÓôՈ߱.=ßÖ;IþԛaÅÂÛPn͛qœ7÷˜êæE0¶ÇL +OêT Q8Y4”õÝþÒl³–Mg²#£|•BðAuÞ€Ã}}‘6nje‰§9ËS^°ñ& +TZY¡9$^ÈØ1G®Áð«ïkÿ(HŒÓƒ,³¶å¶Ðâ÷S?ó`€× +ýéoÙyzÇt2¯•šYp2"x³ŒímœŒU&‚±îƒ| +ÚƎámŒ5𜷖ž„öãž¿wWZ +uŸ{k{AŠóQ²k+zÒMmŒCº ™è>‘Q‘ŸdM“ +XӋÏBò(Eq·Ÿ]Tçh6w}eºndxÛY‹NJêןæ¢4N +â`–󆍋óÚDpÞý‚í:ç'ðΛøÞ/Ö¥L’F_¢ÀÈv;ïaløk[QASà,}ÊC˜;E^Õ1 ú}qAºV˜l­Éx/ØïéW%'mˆÒ‚±1(Å(Hç§mf)7nHÖIÛþ + +Ÿn ó7T êÍ¢+›yôQCÂß®ä@Ñ/š£øyñ°Œê’Ø +s,Å £•SÈÒi¬‰nðî¯7<€ÜŽõ¬vÙöÒfw›v' +Ue¿q. ~ŒŽ§‹êÏÇŒ(†=ûQ²Õ¯deD‹4Z%Ðb$wXcšó’h°ªèûÓ÷ÅÃkT_,K*ŸEѕ² + +ƒùí|ÃÆ˔‰ˆeîW:,h +bÙÞË +|ïŸ_Ñ©ò1kŽ^uIe«É¢@üŸÀ†±wªn2UÁû8LŠ×€çîÈàÆ|ˆŠëí‘m?4—Òúà` .k¶nc%o•B^ïm +?ŠÒ~QòoÚìÜ6Zo:ï«þ|wóÞQƒ×k +¬1@ÇÖ»aøÖBµ +šæ%ÅÇŒag©±ÝvKëý¥2¬þõÒ°ý¥žì2“•Œ]ŒËºHéç*+5D‘c9Q›úïš ÛWæÊÂëM&Ê +ýbu€[‘gáJý7Ìê?mýŠendstream +endobj +4995 0 obj << +/Type /Page +/Contents 4996 0 R +/Resources 4994 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4845 0 R +/Annots [ 5065 0 R ] +>> endobj +5065 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [441.394 180.216 491.207 189.128] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +4997 0 obj << +/D [4995 0 R /XYZ 71.731 729.265 null] +>> endobj +1125 0 obj << +/D [4995 0 R /XYZ 71.731 718.306 null] +>> endobj +682 0 obj << +/D [4995 0 R /XYZ 484.959 703.236 null] +>> endobj +1126 0 obj << +/D [4995 0 R /XYZ 71.731 692.504 null] +>> endobj +686 0 obj << +/D [4995 0 R /XYZ 172.199 651.526 null] +>> endobj +4998 0 obj << +/D [4995 0 R /XYZ 71.731 631.386 null] +>> endobj +4999 0 obj << +/D [4995 0 R /XYZ 71.731 631.386 null] +>> endobj +5000 0 obj << +/D [4995 0 R /XYZ 71.731 627.942 null] +>> endobj +5001 0 obj << +/D [4995 0 R /XYZ 137.484 606.782 null] +>> endobj +5002 0 obj << +/D [4995 0 R /XYZ 137.484 606.782 null] +>> endobj +5003 0 obj << +/D [4995 0 R /XYZ 71.731 605.487 null] +>> endobj +5004 0 obj << +/D [4995 0 R /XYZ 137.484 588.849 null] +>> endobj +5005 0 obj << +/D [4995 0 R /XYZ 137.484 588.849 null] +>> endobj +5006 0 obj << +/D [4995 0 R /XYZ 71.731 586.692 null] +>> endobj +5007 0 obj << +/D [4995 0 R /XYZ 137.484 570.916 null] +>> endobj +5008 0 obj << +/D [4995 0 R /XYZ 137.484 570.916 null] +>> endobj +5009 0 obj << +/D [4995 0 R /XYZ 71.731 568.759 null] +>> endobj +5010 0 obj << +/D [4995 0 R /XYZ 137.484 552.983 null] +>> endobj +5011 0 obj << +/D [4995 0 R /XYZ 137.484 552.983 null] +>> endobj +5012 0 obj << +/D [4995 0 R /XYZ 71.731 538.249 null] +>> endobj +5013 0 obj << +/D [4995 0 R /XYZ 137.484 522.099 null] +>> endobj +5014 0 obj << +/D [4995 0 R /XYZ 137.484 522.099 null] +>> endobj +5015 0 obj << +/D [4995 0 R /XYZ 71.731 507.365 null] +>> endobj +5016 0 obj << +/D [4995 0 R /XYZ 137.484 491.215 null] +>> endobj +5017 0 obj << +/D [4995 0 R /XYZ 137.484 491.215 null] +>> endobj +5018 0 obj << +/D [4995 0 R /XYZ 446.922 491.215 null] +>> endobj +5019 0 obj << +/D [4995 0 R /XYZ 137.484 478.264 null] +>> endobj +5020 0 obj << +/D [4995 0 R /XYZ 71.731 476.241 null] +>> endobj +5021 0 obj << +/D [4995 0 R /XYZ 137.484 460.331 null] +>> endobj +5022 0 obj << +/D [4995 0 R /XYZ 137.484 460.331 null] +>> endobj +5023 0 obj << +/D [4995 0 R /XYZ 433.642 460.331 null] +>> endobj +5024 0 obj << +/D [4995 0 R /XYZ 137.484 447.379 null] +>> endobj +5025 0 obj << +/D [4995 0 R /XYZ 71.731 445.357 null] +>> endobj +5026 0 obj << +/D [4995 0 R /XYZ 137.484 429.447 null] +>> endobj +5027 0 obj << +/D [4995 0 R /XYZ 137.484 429.447 null] +>> endobj +5028 0 obj << +/D [4995 0 R /XYZ 443.136 429.447 null] +>> endobj +5029 0 obj << +/D [4995 0 R /XYZ 137.484 416.495 null] +>> endobj +5030 0 obj << +/D [4995 0 R /XYZ 71.731 414.473 null] +>> endobj +5031 0 obj << +/D [4995 0 R /XYZ 137.484 398.563 null] +>> endobj +5032 0 obj << +/D [4995 0 R /XYZ 137.484 398.563 null] +>> endobj +5033 0 obj << +/D [4995 0 R /XYZ 473.965 398.563 null] +>> endobj +5034 0 obj << +/D [4995 0 R /XYZ 165.151 385.611 null] +>> endobj +5035 0 obj << +/D [4995 0 R /XYZ 71.731 383.589 null] +>> endobj +5036 0 obj << +/D [4995 0 R /XYZ 137.484 367.678 null] +>> endobj +5037 0 obj << +/D [4995 0 R /XYZ 137.484 367.678 null] +>> endobj +5038 0 obj << +/D [4995 0 R /XYZ 137.484 354.727 null] +>> endobj +5039 0 obj << +/D [4995 0 R /XYZ 212.652 354.727 null] +>> endobj +5040 0 obj << +/D [4995 0 R /XYZ 71.731 352.57 null] +>> endobj +5041 0 obj << +/D [4995 0 R /XYZ 137.484 336.794 null] +>> endobj +5042 0 obj << +/D [4995 0 R /XYZ 137.484 336.794 null] +>> endobj +5043 0 obj << +/D [4995 0 R /XYZ 483.544 336.794 null] +>> endobj +5044 0 obj << +/D [4995 0 R /XYZ 177.046 323.843 null] +>> endobj +5045 0 obj << +/D [4995 0 R /XYZ 71.731 321.82 null] +>> endobj +5046 0 obj << +/D [4995 0 R /XYZ 137.484 305.91 null] +>> endobj +5047 0 obj << +/D [4995 0 R /XYZ 137.484 305.91 null] +>> endobj +5048 0 obj << +/D [4995 0 R /XYZ 500.59 305.91 null] +>> endobj +5049 0 obj << +/D [4995 0 R /XYZ 196.692 292.959 null] +>> endobj +5050 0 obj << +/D [4995 0 R /XYZ 71.731 290.802 null] +>> endobj +5051 0 obj << +/D [4995 0 R /XYZ 137.484 275.026 null] +>> endobj +5052 0 obj << +/D [4995 0 R /XYZ 137.484 275.026 null] +>> endobj +5053 0 obj << +/D [4995 0 R /XYZ 484.232 275.026 null] +>> endobj +5054 0 obj << +/D [4995 0 R /XYZ 71.731 259.918 null] +>> endobj +5055 0 obj << +/D [4995 0 R /XYZ 137.484 244.142 null] +>> endobj +5056 0 obj << +/D [4995 0 R /XYZ 137.484 244.142 null] +>> endobj +5057 0 obj << +/D [4995 0 R /XYZ 288.487 231.19 null] +>> endobj +5058 0 obj << +/D [4995 0 R /XYZ 71.731 229.033 null] +>> endobj +5059 0 obj << +/D [4995 0 R /XYZ 137.484 213.257 null] +>> endobj +5060 0 obj << +/D [4995 0 R /XYZ 137.484 213.257 null] +>> endobj +5061 0 obj << +/D [4995 0 R /XYZ 443.804 213.257 null] +>> endobj +5062 0 obj << +/D [4995 0 R /XYZ 71.731 198.523 null] +>> endobj +5063 0 obj << +/D [4995 0 R /XYZ 137.484 182.373 null] +>> endobj +5064 0 obj << +/D [4995 0 R /XYZ 137.484 182.373 null] +>> endobj +5066 0 obj << +/D [4995 0 R /XYZ 505.124 182.373 null] +>> endobj +5067 0 obj << +/D [4995 0 R /XYZ 218.56 169.422 null] +>> endobj +5068 0 obj << +/D [4995 0 R /XYZ 137.484 156.47 null] +>> endobj +5069 0 obj << +/D [4995 0 R /XYZ 71.731 155.063 null] +>> endobj +5070 0 obj << +/D [4995 0 R /XYZ 137.484 138.538 null] +>> endobj +5071 0 obj << +/D [4995 0 R /XYZ 137.484 138.538 null] +>> endobj +5072 0 obj << +/D [4995 0 R /XYZ 137.484 125.586 null] +>> endobj +5073 0 obj << +/D [4995 0 R /XYZ 71.731 110.478 null] +>> endobj +4994 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F29 790 0 R /F11 2374 0 R /F34 797 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5076 0 obj << +/Length 2555 +/Filter /FlateDecode +>> +stream +xÚÍZێãž}Ÿ¯ð£Žž"u_dd‚ì A‚ +2 +A6j‹m#K +]¶§÷ëSŒŠ’HÙ$3ƒ~ì.ñ”ªN«ŠÆ»þð.Ã(‹àB +DÒdwŒŒ w'øÏ»7XIJ$°dÞ>ŸùîGRì +T€Ñîñy%1Šãl—Eå Ù=VÿÞÿþz¥MÅ> +’„û·H^ÿÂúAÞµÏòzl/—²©ä‡š +ðŸ¡Jâ:°¶éÿyüó›?>‚QD6uŽŠ +eù. !*vŠ`BPÃk +9Šâxz­lz-%£Eø[á +-õÁQ†â|³Ð–× ]=³†·¬º\˜ã¿røï~Äx’+P +R¡øÿoå¿íe2”Å +úwÙ +¢lZ¯#§Zêwۋ +HžOßËÿ8w*ۊDúÿ¡\mhåµð£Boy­42_ +˜š§šÈ/Q¡"š +‡ë8šÀ¹ó­ø+_À'7ß(‹)úŒ7º”Ÿ”>àr.ç~§µüê¹í”Že­Ÿâš°æŽŽYi +O7ãsñ +§’ÑYx£s +u;8—ØŽØŽÀ¶6rŽÈC_!4/À‘~hêŠÈ%`Ço0" ¯Å]ÁcÅ­®œ( +ê7›ó[œˆ&LÔ¶ƒIÉý/âiöüJü°R(íeq +͒mO2^ ++®-l\^"¯Ñî`òÞEe +rãÚã!ʊ¯Áåj† *‡ò©ì]|N +”ã/É穈Ί +Z=ùéç0$ Wšä1J3ìRe•Àú9LÂÑ,KHTÑç:ŽõãEæ5úÈPã»A°Fí11FiªÃ‹õ¯åp +ìå6(“Û%”%ãå¶ÜÆ~n¯ÑîàöÞÅm +?( +³žÇº*:”`ª•R(|±NÞm+öüªž«æÛ{mèÀ×ÓÛ»Xï{͈$lÆ +íØQ¥±¶¢J–ï€/ +íqšYêÚñú`RönG•v,X^®œô­RÖv-‡šÿЮ;D“ãØMûgM»ÁUI„(É­ŽL2ØÐŒ]™ŠbKÈÅZ†£ù§žÛQŒ‚wD± +tßÐi»X +Úe9Z +žÙ}Ž&ÅW +]ë€B~Ñq{Óã‹C ÿÙqÅ@~h;F­Éyšm ¯E±¹Ÿ@o¯ß`â$äg¢’á/êŸÇ8àî`âÞÅD +ž×l ýPµ£#FÁE€k‚BHÓÍó)óß +/WUÎ8Så€+íø0rjŽÎŠÌ`+kö«˜S:ûtŒùÙ@Ÿ +Ÿß¥ªOTŸþ:Ê ‚Ëq8àÉbÛq–×qZf»IwÀÝvÜ +Þá8>xoí +칎‰>(mꂿÍ| ¿ÜÄ—?5õ«Ž®#„ŒÚÙrÐöĚ²S¢ú¬¥Ë:žŽÝµU-ŠÓ)4›Étn ù}¡d¶«lÜ +ŸX»|aÁ/>‚ +˜8µp +m$ yl{uYy‰ZÕuåª3Šß4ðŸ2h'ðåWnÚæÇü ®fTRÏm?ø]ÄÉɍ> endobj +5077 0 obj << +/D [5075 0 R /XYZ 71.731 729.265 null] +>> endobj +5078 0 obj << +/D [5075 0 R /XYZ 137.484 708.344 null] +>> endobj +5079 0 obj << +/D [5075 0 R /XYZ 137.484 708.344 null] +>> endobj +5080 0 obj << +/D [5075 0 R /XYZ 71.731 693.235 null] +>> endobj +5081 0 obj << +/D [5075 0 R /XYZ 137.484 677.46 null] +>> endobj +5082 0 obj << +/D [5075 0 R /XYZ 137.484 677.46 null] +>> endobj +5083 0 obj << +/D [5075 0 R /XYZ 71.731 662.351 null] +>> endobj +5084 0 obj << +/D [5075 0 R /XYZ 137.484 646.575 null] +>> endobj +5085 0 obj << +/D [5075 0 R /XYZ 137.484 646.575 null] +>> endobj +5086 0 obj << +/D [5075 0 R /XYZ 363.187 646.575 null] +>> endobj +5087 0 obj << +/D [5075 0 R /XYZ 71.731 631.467 null] +>> endobj +5088 0 obj << +/D [5075 0 R /XYZ 137.484 615.691 null] +>> endobj +5089 0 obj << +/D [5075 0 R /XYZ 137.484 615.691 null] +>> endobj +5090 0 obj << +/D [5075 0 R /XYZ 305.164 602.74 null] +>> endobj +5091 0 obj << +/D [5075 0 R /XYZ 71.731 600.956 null] +>> endobj +5092 0 obj << +/D [5075 0 R /XYZ 137.484 584.807 null] +>> endobj +5093 0 obj << +/D [5075 0 R /XYZ 137.484 584.807 null] +>> endobj +5094 0 obj << +/D [5075 0 R /XYZ 308.003 584.807 null] +>> endobj +5095 0 obj << +/D [5075 0 R /XYZ 71.731 583.367 null] +>> endobj +5096 0 obj << +/D [5075 0 R /XYZ 137.484 566.874 null] +>> endobj +5097 0 obj << +/D [5075 0 R /XYZ 137.484 566.874 null] +>> endobj +5098 0 obj << +/D [5075 0 R /XYZ 71.731 564.717 null] +>> endobj +5099 0 obj << +/D [5075 0 R /XYZ 137.484 548.941 null] +>> endobj +5100 0 obj << +/D [5075 0 R /XYZ 137.484 548.941 null] +>> endobj +5101 0 obj << +/D [5075 0 R /XYZ 71.731 546.785 null] +>> endobj +5102 0 obj << +/D [5075 0 R /XYZ 137.484 531.009 null] +>> endobj +5103 0 obj << +/D [5075 0 R /XYZ 137.484 531.009 null] +>> endobj +5104 0 obj << +/D [5075 0 R /XYZ 71.731 530.889 null] +>> endobj +5105 0 obj << +/D [5075 0 R /XYZ 137.484 513.076 null] +>> endobj +5106 0 obj << +/D [5075 0 R /XYZ 137.484 513.076 null] +>> endobj +5107 0 obj << +/D [5075 0 R /XYZ 263.955 513.076 null] +>> endobj +1127 0 obj << +/D [5075 0 R /XYZ 71.731 493.898 null] +>> endobj +690 0 obj << +/D [5075 0 R /XYZ 177.932 448.644 null] +>> endobj +5108 0 obj << +/D [5075 0 R /XYZ 71.731 448.428 null] +>> endobj +5109 0 obj << +/D [5075 0 R /XYZ 71.731 444.985 null] +>> endobj +5110 0 obj << +/D [5075 0 R /XYZ 137.484 423.825 null] +>> endobj +5111 0 obj << +/D [5075 0 R /XYZ 137.484 423.825 null] +>> endobj +5112 0 obj << +/D [5075 0 R /XYZ 373.887 423.825 null] +>> endobj +5113 0 obj << +/D [5075 0 R /XYZ 392.337 423.825 null] +>> endobj +5114 0 obj << +/D [5075 0 R /XYZ 435.226 423.825 null] +>> endobj +5115 0 obj << +/D [5075 0 R /XYZ 480.685 423.825 null] +>> endobj +5116 0 obj << +/D [5075 0 R /XYZ 217.703 410.873 null] +>> endobj +5117 0 obj << +/D [5075 0 R /XYZ 314.001 410.873 null] +>> endobj +5118 0 obj << +/D [5075 0 R /XYZ 71.731 408.716 null] +>> endobj +5119 0 obj << +/D [5075 0 R /XYZ 71.731 393.772 null] +>> endobj +5120 0 obj << +/D [5075 0 R /XYZ 258.89 384.273 null] +>> endobj +5121 0 obj << +/D [5075 0 R /XYZ 399.35 384.273 null] +>> endobj +5122 0 obj << +/D [5075 0 R /XYZ 76.712 343.426 null] +>> endobj +5123 0 obj << +/D [5075 0 R /XYZ 137.484 325.493 null] +>> endobj +5124 0 obj << +/D [5075 0 R /XYZ 137.484 325.493 null] +>> endobj +5125 0 obj << +/D [5075 0 R /XYZ 300.999 325.493 null] +>> endobj +5126 0 obj << +/D [5075 0 R /XYZ 71.731 323.337 null] +>> endobj +5127 0 obj << +/D [5075 0 R /XYZ 137.484 307.561 null] +>> endobj +5128 0 obj << +/D [5075 0 R /XYZ 137.484 307.561 null] +>> endobj +5129 0 obj << +/D [5075 0 R /XYZ 195.995 294.609 null] +>> endobj +5130 0 obj << +/D [5075 0 R /XYZ 271.162 294.609 null] +>> endobj +5131 0 obj << +/D [5075 0 R /XYZ 71.731 292.452 null] +>> endobj +5132 0 obj << +/D [5075 0 R /XYZ 137.484 276.676 null] +>> endobj +5133 0 obj << +/D [5075 0 R /XYZ 137.484 276.676 null] +>> endobj +5134 0 obj << +/D [5075 0 R /XYZ 71.731 274.639 null] +>> endobj +5135 0 obj << +/D [5075 0 R /XYZ 137.484 258.744 null] +>> endobj +5136 0 obj << +/D [5075 0 R /XYZ 137.484 258.744 null] +>> endobj +1128 0 obj << +/D [5075 0 R /XYZ 71.731 251.606 null] +>> endobj +694 0 obj << +/D [5075 0 R /XYZ 142.537 208.508 null] +>> endobj +5137 0 obj << +/D [5075 0 R /XYZ 71.731 204.945 null] +>> endobj +5138 0 obj << +/D [5075 0 R /XYZ 71.731 201.502 null] +>> endobj +5139 0 obj << +/D [5075 0 R /XYZ 137.484 183.689 null] +>> endobj +5140 0 obj << +/D [5075 0 R /XYZ 137.484 183.689 null] +>> endobj +5141 0 obj << +/D [5075 0 R /XYZ 71.731 181.532 null] +>> endobj +5142 0 obj << +/D [5075 0 R /XYZ 137.484 165.756 null] +>> endobj +5143 0 obj << +/D [5075 0 R /XYZ 137.484 165.756 null] +>> endobj +5144 0 obj << +/D [5075 0 R /XYZ 71.731 163.6 null] +>> endobj +5145 0 obj << +/D [5075 0 R /XYZ 137.484 147.824 null] +>> endobj +5146 0 obj << +/D [5075 0 R /XYZ 137.484 147.824 null] +>> endobj +5147 0 obj << +/D [5075 0 R /XYZ 313.977 147.824 null] +>> endobj +5148 0 obj << +/D [5075 0 R /XYZ 71.731 145.667 null] +>> endobj +5149 0 obj << +/D [5075 0 R /XYZ 137.484 129.891 null] +>> endobj +5150 0 obj << +/D [5075 0 R /XYZ 137.484 129.891 null] +>> endobj +5151 0 obj << +/D [5075 0 R /XYZ 71.731 114.783 null] +>> endobj +5074 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F11 2374 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5155 0 obj << +/Length 429 +/Filter /FlateDecode +>> +stream +xڍSMÓ0Œ÷Wø˜H䭟?òl XÄ"! +rQ“m-5j‚Xþ=N펡éV(‡gÇ㙱=÷2B 鋰 rͶ͆³_ùŒÁˆÈ"$[` +‹ÍӰ̂Í%+ž™Ô +”"FR€Ñ‚Õ÷äCß×må^ÒLhžgGZ Hq׳ŽÈ– VàM + +-„?7 •º +Œ.›A3f:˜†kG( ”QlÁ4Ë]׋|ܳ–_Üë5ñ$Ÿ}›äž8csO<ކõ%)—Ëc*)ÙÝ ‘ òõþ>ɛðBY֗Ãð»;QVï֜:¯$@[šÒ 66Òþdù¥¬ê­kÊCØT¹¿WiŒ +« +€»-}¬’§yœÓÌ2ù@€WZq-õV:þ=endstream +endobj +5154 0 obj << +/Type /Page +/Contents 5155 0 R +/Resources 5153 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5152 0 R +>> endobj +5156 0 obj << +/D [5154 0 R /XYZ 71.731 729.265 null] +>> endobj +5157 0 obj << +/D [5154 0 R /XYZ 137.484 708.344 null] +>> endobj +5158 0 obj << +/D [5154 0 R /XYZ 137.484 708.344 null] +>> endobj +5159 0 obj << +/D [5154 0 R /XYZ 394.121 708.344 null] +>> endobj +5153 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F11 2374 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5162 0 obj << +/Length 1808 +/Filter /FlateDecode +>> +stream +xڕXێÛ6}߯0‡µˆ)Q—[`“n‚¶A ûRló@Ëôš]YrtÙÄýúÅ!u›"ÈJ–Fsã™3Cҕÿè*Š$àÂRÂ"ŸÊŽWþêÞŒ¿¢(†)áI +÷ +/=Î( ØÊ(xsõê +£+擈§«ûœ3â„Ñê~÷°Ÿ=d±Sß6 +‹“õ[b®Tݘ»ro®YYüåûì±­D£ÊB?Œ×úI.Qð€Ÿ×›Ï÷¿vViLåÚªށaÚÙ{K(Úx/ +Y‰ +?ˆW)I£@ˇ1I@0’Äq÷ÕýA[áþ‚ðй÷û²27µØÐõñ  +©Ú\ +q”;c4ŒV ŽQG$ýÎ^-º/«lî +÷Iê§(·=¥;¹ßP-ÚŒ!æÉm^—ænAæ%º€s +ŠÎµS.2ðÍŒ+æ>zŒÅ$fáÊ£Œ€Ü$ô•lŒ4pjœ$6MÜÿћ_¢@Ky™ +ri}±‰†$B®·6œ¢±¯'e6ê(A9E;n±v€¢Jm7Ì_·œ +“Ȟģ[Oð‡®ÑèWÕ +Ў 6a˜xY +|q”Ecó+uʧàs|N¥žŠW6ÞZfƒ$MUîÚLâËŠ‹Vê1k>iª6kÚ +­w•â„/c3õ³l„ÊÑHo +Üß© +ãëgµk­5ˆ¹RÖ!ƒ +Ì 3?b¿Öé +ØRuÖÖõxWw÷Ž[X +çaDRš,ҏ•ñB†† œ(ÒNÿ1Ì;'áÔx@S„m£ÈEÓ5ÚòO}U|=šì°ŠKøXª)+ñ—SC‘8.zhe.º8U4ËNHèÌ80zĒËÆQæ²ñ‰¢Y‚ ð»Š +8#>Tϐ‚êCÙ柭Ž¬òø(wHtƒüêç +@W<"_wœ˜©\5ÝKúÚÚisÌu(u‘|ueWËïëÅ÷§ª<É*?/ÔP_:rg–Û™œ€ž&1 ‚x¥¯O;¶geŒÐ,õSE +UAg +ς˜€ì%ã(rÑöDÍdÕöÊ®¬*^Áß²Å6 7,Z?o(×ôT› +ÐÁ„Bûçi2!Ûmâ ÄšQâع£ÃÎP?3€ƒ$ò††Ä¶o“ŸzÞÁ +?µ}Ѷa˜ ZܞçêyDÂ0ÆÏRì 'KÚB«6b¶ƒÜô +©õòK +š +b +Ëm¥ã™î—O²Y°1ÂC>îìwÊ +Ë3„:ŽF˜ +µ¶£8Ûâ±%ö¬çììt,u•Æ8Ðfï? +@mˆÖ“ç#Çy?©ÀÈÉY€bÏ"o划’Ù@NBU5Fó›^k©sqž¶«¢Žó‡°Å^Ë¢ÖPiT‘)QÔ0sØŠ*[ûX7LƒÖÂòوԮo®Ç‘ÈsÃ7r‡ŽŸÉEñ„¥¡ŠŽi`Fè+|֍ +¢j\ +õcÎõ‹ëI„8ÞØ\Ü!æÏÍÁ}ŸÕ̹r2oè +ªêfÕFpþ‰}#+ûlŸÖ `ÕUÔÃÝïï>/®aä†a›(õX€s»Á48Ó­A +ðÐmíà +Å+÷ސ$Ž¢2¬Æëd6""'f9î‡éqë¡­-§•O5›>%š² ȕ1ñzaÃà“vUzD`DÕÒ/6^äkåÚ}g¯Â\pmÝÁ—ÜPãƒ#|-‡óy$h6BOòLo\AMŽÀK6~ åPƒ‡[(žƒN–6ˆøŽ‰à’‰ðæ;íٔ +6nï4|-­lË2—aø¬kI+ª'0ޗ]¡EP&ñ®:ä—ËŒûX'Óu+M ž*:>’îJ¯‹›€¯«Öòß°¶ ³~9f?»ù iŬW÷ª¶ZâðG`AÇùÿv +Ìü·ï]&Eî|øXNÜöÇ +“ÿ_ +ËEucãœf>³K²u”zf +5è‰=‘Ú$ˆí4sà¢&î + / pœ#.Îêdk* +ˆÁ£œ®©u'=}Á£ØþúŒ‡YÖVø\/ì­ÕɞHèmi­³¶à‡ŠŒ0! +Ë÷cÙȧìJ|Û³2!ÄÛ⡈@§€öéÛ)W™jdŽÎɎhµ#9=Dé&TjãÁc^S°CÀeæ¡ó̏üŸÓçÈíˆ$nÒÑ0³ 6©'n QݯìÌ +?qßnCèèî”eKžÀf.Q‡iÏ TiŒWfb‡Ÿm[ªÚ%£’N•q¥<⓿ۮ¡jëR›?ë?&I.—¢YdvßÖr’oˆ°Ædâ™Ó­¹|zÿ -C¯Ý~Nu»RâøŇ¹‡ +X4èxç æ$Žìì#^®öè€Àx¯u˜×˜<_çqbð”ņ^škW¿šÈÚš;ícîC²ÈîðPŸÐxqۀ^/bv +ÃiðÀP":NJ“©)<‘œ›úøkNòendstream +endobj +5161 0 obj << +/Type /Page +/Contents 5162 0 R +/Resources 5160 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5152 0 R +/Annots [ 5169 0 R 5170 0 R 5171 0 R ] +>> endobj +5169 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [274.509 544.761 319.34 553.673] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +5170 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [426.796 544.761 471.628 553.673] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +5171 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [187.337 518.858 237.15 527.77] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +5163 0 obj << +/D [5161 0 R /XYZ 71.731 729.265 null] +>> endobj +1129 0 obj << +/D [5161 0 R /XYZ 71.731 718.306 null] +>> endobj +698 0 obj << +/D [5161 0 R /XYZ 513.633 703.236 null] +>> endobj +1130 0 obj << +/D [5161 0 R /XYZ 71.731 692.184 null] +>> endobj +702 0 obj << +/D [5161 0 R /XYZ 172.199 651.526 null] +>> endobj +5164 0 obj << +/D [5161 0 R /XYZ 71.731 631.386 null] +>> endobj +5165 0 obj << +/D [5161 0 R /XYZ 222.485 618.649 null] +>> endobj +5166 0 obj << +/D [5161 0 R /XYZ 296.367 618.649 null] +>> endobj +5167 0 obj << +/D [5161 0 R /XYZ 119.552 605.698 null] +>> endobj +5168 0 obj << +/D [5161 0 R /XYZ 71.731 570.664 null] +>> endobj +5172 0 obj << +/D [5161 0 R /XYZ 71.731 498.933 null] +>> endobj +5173 0 obj << +/D [5161 0 R /XYZ 274.38 488.139 null] +>> endobj +5174 0 obj << +/D [5161 0 R /XYZ 362.926 488.139 null] +>> endobj +5175 0 obj << +/D [5161 0 R /XYZ 411.633 488.139 null] +>> endobj +5176 0 obj << +/D [5161 0 R /XYZ 243.506 475.187 null] +>> endobj +5177 0 obj << +/D [5161 0 R /XYZ 264.029 475.187 null] +>> endobj +5178 0 obj << +/D [5161 0 R /XYZ 199.78 449.284 null] +>> endobj +5179 0 obj << +/D [5161 0 R /XYZ 291.924 449.284 null] +>> endobj +5180 0 obj << +/D [5161 0 R /XYZ 71.731 426.271 null] +>> endobj +5181 0 obj << +/D [5161 0 R /XYZ 71.731 311.787 null] +>> endobj +5182 0 obj << +/D [5161 0 R /XYZ 71.731 265.21 null] +>> endobj +5183 0 obj << +/D [5161 0 R /XYZ 71.731 252.258 null] +>> endobj +5184 0 obj << +/D [5161 0 R /XYZ 71.731 237.314 null] +>> endobj +5185 0 obj << +/D [5161 0 R /XYZ 76.712 211.177 null] +>> endobj +5186 0 obj << +/D [5161 0 R /XYZ 71.731 191.252 null] +>> endobj +5187 0 obj << +/D [5161 0 R /XYZ 371.084 179.596 null] +>> endobj +5188 0 obj << +/D [5161 0 R /XYZ 161.408 156.283 null] +>> endobj +5189 0 obj << +/D [5161 0 R /XYZ 247.43 156.283 null] +>> endobj +5190 0 obj << +/D [5161 0 R /XYZ 76.712 138.35 null] +>> endobj +5160 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F46 1173 0 R /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5193 0 obj << +/Length 1469 +/Filter /FlateDecode +>> +stream +xÚ­XYoÛF~÷¯`P–€pœ»äò0Ю)Œ$hÝ'Û+j-æ’Šâßً"EZ–ÛB€x +¿¹Ÿ™%q0üˆzp 1¢s’ü;+xòù„ ׈ž=™ßïNÎohìÄ(<çîÉñ|‚"ƜУp€ÎÝò~vUU¢XŠ?ç.exvôñ6mZ}V>écRÓÕŠž6ãs2kÓ²ÐÏäƒLùJÞoæwœ|ºëìc”  +ôÀˆŒ= ñ‘çÒBbÄÀô‡(ò‰ráøú0š]—àŒŽ€gÊx=Ü;®t= +õ{;Ym{Z$ÙŠéܲ®‹Bz[§¢Ñ×Oe­Oš27^¯ËŠ}À +7ðG +˜‘n6UUÖ­XêË)×'Œ|ÑÅ&_ˆzšör]‚ÞŠ-x.Î/!IÒé¡(fÚõeZ‹€Mç”Í~H8Ñ îeýŠU&ÕûñLáš[ùÆŠXðd­Ï6‰&šxÍ[s7K‹ÿVžÛšÙ—Û­æb +Š§YfᲗ¡‚Zð¡;šŒé“ÉYŽb/¬žwN2ëc„‘“™Ø®SëUÎ÷Žsk„ +Ùj“qyuý³†C %vÙÌy›¬­ÇíÚF€L,w€iH¹äúÀ_Xešj²è6}ž©µMñ±[Tc‚öIöžàåS—ª—Š¹±ï¥ï%!pc„ãôœ‚þ‹ZdLžÈ9)Ø[ˆóӎXSœ +e•„>"‘oÖáÎœp¶Ã–o¯hãtì£( +Ìë݂|-1&ÚŒcªN +c„Ãá‚­šsÐiœL«=ð€Ìspšëy~ãù=Ã(Ô%/6†mv+Ðmê|ìózŽåÝÒ|/a5[ +ýHD#á Ô]-QyFóه³‰Säû6Cv‘?Õe±×d\Fè,„2ÝÁ_žŸ=Ï?Pã1Ä|›ÉmW3@¡ +j£1m +sÁ +ȋ©EºŽË‚£Ëþt +¡^uüßTÆôR 3Ž;Öf–¶`\ƪöãJâùšU@beôe¿,©%Ϙ^ø¿ÌÝÛ +(ÏTåSgPìÔQœ=wP’+òNWlä +¡²• +èÐÉ +ô†êGØU”íA³žŽëÝfÓf +FóXtª°HÍvñ¿?š +P?¬VÅ¿‹ñé+1ž°\jM[~ ìObŒe8¡G¥ÁZ®©Q“4ÖÈqu،QÔ +Q7iŠ: +œªÇD¶¯µHæϞ'Ú/T=€”œ,+U»³‹®‘]Á¶«58+ž±$ÃrÖbn€ŸÍ4ph +˜?98Z·'€'Ǟ +û@ÒÄ¿ú1 +i€>†êô†v-rXùFêþmo–ÌËÚ*hA<Íz“$¯Å޺$ +ÆÑ`Ξ¿jaLXÈ,mZќ÷ŸáÖùÿŸ³ß59`ô< +ó€Ïpêúžñ€íð)y3šlŠe7o¢7UÁ0SU#ŠjånDj =$íÞp +³`5 +¿õýªÌÒ€·ãìÍÌj3?2NmgÇÙnÀ)‰£É’heܞК&î +WIš?a +Tod«ßR5YÖ\3T~êï·z‰êÍ¥ +g?ƲÃé1t*q» +÷BŒ'h›”|ªÔ3 +kÙp +vY¿jIp¢›OIÏ2VŠ±ãìîDšiO’M­·™òéRTíú±âízªÓ(Ô~ŸÑ_|Þ0À¢õóg>SùÔÀðà‡¬Èè;ƒœy`‰‘º€M¯|r«úEræendstream +endobj +5192 0 obj << +/Type /Page +/Contents 5193 0 R +/Resources 5191 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5152 0 R +/Annots [ 5206 0 R 5221 0 R ] +>> endobj +5206 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [243.256 295.697 295.56 304.609] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +5221 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [119.552 204.041 171.855 212.953] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +5194 0 obj << +/D [5192 0 R /XYZ 71.731 729.265 null] +>> endobj +5195 0 obj << +/D [5192 0 R /XYZ 71.731 741.22 null] +>> endobj +706 0 obj << +/D [5192 0 R /XYZ 248.694 707.841 null] +>> endobj +5196 0 obj << +/D [5192 0 R /XYZ 71.731 687.736 null] +>> endobj +5197 0 obj << +/D [5192 0 R /XYZ 128.129 649.061 null] +>> endobj +5198 0 obj << +/D [5192 0 R /XYZ 71.731 626.979 null] +>> endobj +5199 0 obj << +/D [5192 0 R /XYZ 293.736 603.233 null] +>> endobj +5200 0 obj << +/D [5192 0 R /XYZ 247.391 590.282 null] +>> endobj +5201 0 obj << +/D [5192 0 R /XYZ 71.731 568.2 null] +>> endobj +5202 0 obj << +/D [5192 0 R /XYZ 129.235 557.405 null] +>> endobj +5203 0 obj << +/D [5192 0 R /XYZ 199.232 557.405 null] +>> endobj +5204 0 obj << +/D [5192 0 R /XYZ 71.731 545.285 null] +>> endobj +1131 0 obj << +/D [5192 0 R /XYZ 71.731 374.936 null] +>> endobj +710 0 obj << +/D [5192 0 R /XYZ 221.434 330.731 null] +>> endobj +5205 0 obj << +/D [5192 0 R /XYZ 71.731 310.591 null] +>> endobj +5207 0 obj << +/D [5192 0 R /XYZ 71.731 275.772 null] +>> endobj +5208 0 obj << +/D [5192 0 R /XYZ 71.731 275.772 null] +>> endobj +5209 0 obj << +/D [5192 0 R /XYZ 174.684 264.978 null] +>> endobj +5210 0 obj << +/D [5192 0 R /XYZ 222.833 264.978 null] +>> endobj +5211 0 obj << +/D [5192 0 R /XYZ 308.342 264.978 null] +>> endobj +5212 0 obj << +/D [5192 0 R /XYZ 360.735 264.978 null] +>> endobj +5213 0 obj << +/D [5192 0 R /XYZ 422.532 264.978 null] +>> endobj +5214 0 obj << +/D [5192 0 R /XYZ 477.326 264.978 null] +>> endobj +5215 0 obj << +/D [5192 0 R /XYZ 119.552 252.026 null] +>> endobj +5216 0 obj << +/D [5192 0 R /XYZ 172.941 252.026 null] +>> endobj +5217 0 obj << +/D [5192 0 R /XYZ 226.33 252.026 null] +>> endobj +5218 0 obj << +/D [5192 0 R /XYZ 279.72 252.026 null] +>> endobj +5219 0 obj << +/D [5192 0 R /XYZ 333.109 252.026 null] +>> endobj +5220 0 obj << +/D [5192 0 R /XYZ 71.731 230.616 null] +>> endobj +5222 0 obj << +/D [5192 0 R /XYZ 71.731 184.116 null] +>> endobj +5223 0 obj << +/D [5192 0 R /XYZ 71.731 184.116 null] +>> endobj +5224 0 obj << +/D [5192 0 R /XYZ 137.962 173.321 null] +>> endobj +5225 0 obj << +/D [5192 0 R /XYZ 71.731 152.181 null] +>> endobj +5226 0 obj << +/D [5192 0 R /XYZ 71.731 152.181 null] +>> endobj +5227 0 obj << +/D [5192 0 R /XYZ 137.962 140.445 null] +>> endobj +1132 0 obj << +/D [5192 0 R /XYZ 71.731 137.984 null] +>> endobj +5191 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R /F46 1173 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5230 0 obj << +/Length 614 +/Filter /FlateDecode +>> +stream +xÚµ–Oo›0Æïù +áϱ™ŽIY—V›ªnZ³S×C–8h·~ûŸÆΒÇ專ƒ?öÏÏûŸ“ÃE"IdÐÐ +ÑTD‹ÍGk蹧;Éø@óa6zsI³(CYÊ¢Ù*bœ %D$ +–F³å]<Ùnu¹Ìÿ&c*p|l{7­œ«V¶]TåŒéú¡Nˆˆç ‰ÛŒ*mŸé(ŽÓoÍû&¹Ÿ} +MgÿÖ'(AŒ +8I߉ˆD”ca ,äªsp˜YµTñ­6k{ÔuÞ>Ù7Ýê¡u +eÛ- +æ”ûšp‰0Æ&(RvSÞêÅÞÝ/=_æåzgUàFëc{sÄ3¥ÒLBŒþvšñÈqp飞(ldendstream +endobj +5229 0 obj << +/Type /Page +/Contents 5230 0 R +/Resources 5228 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5152 0 R +/Annots [ 5233 0 R ] +>> endobj +5233 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [204.492 670.714 256.796 679.626] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +5231 0 obj << +/D [5229 0 R /XYZ 71.731 729.265 null] +>> endobj +1133 0 obj << +/D [5229 0 R /XYZ 71.731 741.22 null] +>> endobj +714 0 obj << +/D [5229 0 R /XYZ 254.918 705.748 null] +>> endobj +5232 0 obj << +/D [5229 0 R /XYZ 71.731 682.259 null] +>> endobj +5234 0 obj << +/D [5229 0 R /XYZ 71.731 618.047 null] +>> endobj +5235 0 obj << +/D [5229 0 R /XYZ 71.731 587.093 null] +>> endobj +5236 0 obj << +/D [5229 0 R /XYZ 71.731 587.093 null] +>> endobj +5237 0 obj << +/D [5229 0 R /XYZ 203.018 574.241 null] +>> endobj +5238 0 obj << +/D [5229 0 R /XYZ 71.731 552.293 null] +>> endobj +5239 0 obj << +/D [5229 0 R /XYZ 71.731 552.293 null] +>> endobj +5240 0 obj << +/D [5229 0 R /XYZ 196.373 541.364 null] +>> endobj +5241 0 obj << +/D [5229 0 R /XYZ 71.731 519.416 null] +>> endobj +5242 0 obj << +/D [5229 0 R /XYZ 71.731 519.416 null] +>> endobj +5243 0 obj << +/D [5229 0 R /XYZ 217.683 508.487 null] +>> endobj +5244 0 obj << +/D [5229 0 R /XYZ 71.731 486.54 null] +>> endobj +5245 0 obj << +/D [5229 0 R /XYZ 71.731 486.54 null] +>> endobj +5246 0 obj << +/D [5229 0 R /XYZ 210.022 475.611 null] +>> endobj +5247 0 obj << +/D [5229 0 R /XYZ 71.731 453.663 null] +>> endobj +5248 0 obj << +/D [5229 0 R /XYZ 71.731 453.663 null] +>> endobj +5249 0 obj << +/D [5229 0 R /XYZ 200.617 442.734 null] +>> endobj +5250 0 obj << +/D [5229 0 R /XYZ 71.731 420.786 null] +>> endobj +5251 0 obj << +/D [5229 0 R /XYZ 71.731 420.786 null] +>> endobj +5252 0 obj << +/D [5229 0 R /XYZ 203.356 409.857 null] +>> endobj +5253 0 obj << +/D [5229 0 R /XYZ 71.731 387.91 null] +>> endobj +5254 0 obj << +/D [5229 0 R /XYZ 71.731 387.91 null] +>> endobj +5255 0 obj << +/D [5229 0 R /XYZ 184.737 376.981 null] +>> endobj +5256 0 obj << +/D [5229 0 R /XYZ 71.731 355.033 null] +>> endobj +5257 0 obj << +/D [5229 0 R /XYZ 71.731 355.033 null] +>> endobj +5258 0 obj << +/D [5229 0 R /XYZ 184.737 344.104 null] +>> endobj +5259 0 obj << +/D [5229 0 R /XYZ 71.731 322.156 null] +>> endobj +5260 0 obj << +/D [5229 0 R /XYZ 71.731 322.156 null] +>> endobj +5261 0 obj << +/D [5229 0 R /XYZ 184.737 311.227 null] +>> endobj +5262 0 obj << +/D [5229 0 R /XYZ 71.731 289.28 null] +>> endobj +5263 0 obj << +/D [5229 0 R /XYZ 71.731 289.28 null] +>> endobj +5264 0 obj << +/D [5229 0 R /XYZ 184.737 278.35 null] +>> endobj +5265 0 obj << +/D [5229 0 R /XYZ 71.731 256.403 null] +>> endobj +5266 0 obj << +/D [5229 0 R /XYZ 71.731 256.403 null] +>> endobj +5267 0 obj << +/D [5229 0 R /XYZ 184.737 245.474 null] +>> endobj +5268 0 obj << +/D [5229 0 R /XYZ 71.731 223.526 null] +>> endobj +5269 0 obj << +/D [5229 0 R /XYZ 71.731 223.526 null] +>> endobj +5270 0 obj << +/D [5229 0 R /XYZ 191.212 212.597 null] +>> endobj +5271 0 obj << +/D [5229 0 R /XYZ 71.731 190.649 null] +>> endobj +5272 0 obj << +/D [5229 0 R /XYZ 71.731 190.649 null] +>> endobj +5273 0 obj << +/D [5229 0 R /XYZ 179.765 179.72 null] +>> endobj +5274 0 obj << +/D [5229 0 R /XYZ 71.731 157.773 null] +>> endobj +5275 0 obj << +/D [5229 0 R /XYZ 71.731 157.773 null] +>> endobj +5276 0 obj << +/D [5229 0 R /XYZ 178.101 146.844 null] +>> endobj +5277 0 obj << +/D [5229 0 R /XYZ 71.731 124.896 null] +>> endobj +5278 0 obj << +/D [5229 0 R /XYZ 71.731 124.896 null] +>> endobj +5279 0 obj << +/D [5229 0 R /XYZ 188.612 113.967 null] +>> endobj +5228 0 obj << +/Font << /F29 790 0 R /F21 781 0 R /F27 788 0 R /F34 797 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5282 0 obj << +/Length 1016 +/Filter /FlateDecode +>> +stream +xÚÅWmoÛ6þž_¡|’4D,I‘¢Ô!¶.0t@؇,™¶ +ʒ')­ýïw$OŽü2O) +LœÜ=÷Ü +y'æQø1O1¢bXxFx"œb}Eœ%Œù튡D„"ÑHæçÙ՛_yæe$Kbo¶ðbÁH*¥§b+÷fóûà§ÍF×órF\Òà=q뇲ëÝU³pkÑÔQʗOmÈd‡,èËŠvï̋J£üÆ<ï‡ÙïWw³=?ɉùEP䢌eDsES +a=èŽaôE·e¿3fAC|ŽT€#ºÎwŽåãÀ¶Ö{7­j,žU%ð )ªÖ zãdçú1ä4xZâ}Y/B.ƒoëŠ/‹Aö«‰” +YOÖyû/uۆð®ð2¯t۟úÂ9%‚2dDP€yL΀‘ˆâ„% +‰„H+öž“T•šeÈh°,ë¥{ЯZÝ­šjޝÚŠ€ +™RQÊ"}ÒÅsÎW:Ÿ; [’vZ'SADÆœ„§«Îf}‰FB.ícǏ€NØŸ™ÍüEã(sÙø1þΙ]4-&µiõP +}^V +D„œ=-©ˆAq+Å1®‰»‡Ä<œf€ +ÿ®îÛRwg0åþëŸÜŽ0ɶ»âÖ)ÁÎ7 +$F ʄ³+©²»=¡n·›õÞmãŒr·Ý&ŒX ‹rQêöa_6güCܱ{Û²î§PâDp9’. +© ” +î8Hð „dBÒ,ùþ„÷`kíºj§DÁ’Wțà +súÇVèêi®'SpÎ2ñ‚`fˆ!ŠRQŠŠ^!ˆ{°=·œvÇ|>eû)8±ùKˆ• +Kí¿ˆYØ1¯_ò>Ì»I„Öš²‘2œÎEkܲ#Ä +gÄÃX*ãÞC ˆÿ­gCËÎ_±gC(`ŒIâô S³ÕÁeâlîlœÍ€¥‡Vcã!²³ñ°«ÿƒœüëájhTþíðäëª,VH}h^pPëvÓê^ÏñM‡jyUíAm)m +ˆœ +0 +/òÚæÒ4$ÆI†ŠßÔÕn*٘ŸmbÿÅÀèj&2À±ón›¯70I²ݳû‹Ý~Òߐ*2Ó? +¡ê› +TÇÙ÷< +±ô¯/ãŽÝbnê<&fŠm€÷¡Œš›ëܺÒöGÐýé6¯—x¹h›õH×?ôÈ7u6€›0­Üšê +L˜Ðí+Œ9RÈ< ð7gœrQÂÉÓìrŒ­©³ƒç0/ŽæN‰s矡Û}aŸÕ~ø„~WÖo࿱á ÎñuÿíãèÛã)?‹DJRŠ.~8=‹œ|uHšŽ.1Ægÿò‰sjê×a‚¿endstream +endobj +5281 0 obj << +/Type /Page +/Contents 5282 0 R +/Resources 5280 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5152 0 R +/Annots [ 5289 0 R ] +>> endobj +5289 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [204.492 626.811 249.324 635.722] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +5283 0 obj << +/D [5281 0 R /XYZ 71.731 729.265 null] +>> endobj +5284 0 obj << +/D [5281 0 R /XYZ 71.731 741.22 null] +>> endobj +5285 0 obj << +/D [5281 0 R /XYZ 71.731 718.306 null] +>> endobj +5286 0 obj << +/D [5281 0 R /XYZ 71.731 718.306 null] +>> endobj +5287 0 obj << +/D [5281 0 R /XYZ 212.084 708.344 null] +>> endobj +718 0 obj << +/D [5281 0 R /XYZ 268.605 661.844 null] +>> endobj +5288 0 obj << +/D [5281 0 R /XYZ 71.731 638.089 null] +>> endobj +5290 0 obj << +/D [5281 0 R /XYZ 71.731 606.885 null] +>> endobj +5291 0 obj << +/D [5281 0 R /XYZ 71.731 606.885 null] +>> endobj +5292 0 obj << +/D [5281 0 R /XYZ 71.731 574.143 null] +>> endobj +5293 0 obj << +/D [5281 0 R /XYZ 71.731 543.189 null] +>> endobj +5294 0 obj << +/D [5281 0 R /XYZ 71.731 543.189 null] +>> endobj +5295 0 obj << +/D [5281 0 R /XYZ 179.765 530.337 null] +>> endobj +5296 0 obj << +/D [5281 0 R /XYZ 71.731 508.39 null] +>> endobj +5297 0 obj << +/D [5281 0 R /XYZ 71.731 508.39 null] +>> endobj +5298 0 obj << +/D [5281 0 R /XYZ 181.977 497.461 null] +>> endobj +5299 0 obj << +/D [5281 0 R /XYZ 71.731 475.513 null] +>> endobj +5300 0 obj << +/D [5281 0 R /XYZ 71.731 475.513 null] +>> endobj +5301 0 obj << +/D [5281 0 R /XYZ 176.448 464.584 null] +>> endobj +5302 0 obj << +/D [5281 0 R /XYZ 71.731 442.636 null] +>> endobj +5303 0 obj << +/D [5281 0 R /XYZ 71.731 442.636 null] +>> endobj +5304 0 obj << +/D [5281 0 R /XYZ 186.968 431.707 null] +>> endobj +5305 0 obj << +/D [5281 0 R /XYZ 71.731 409.759 null] +>> endobj +5306 0 obj << +/D [5281 0 R /XYZ 71.731 409.759 null] +>> endobj +5307 0 obj << +/D [5281 0 R /XYZ 192.866 398.83 null] +>> endobj +5308 0 obj << +/D [5281 0 R /XYZ 71.731 376.883 null] +>> endobj +5309 0 obj << +/D [5281 0 R /XYZ 71.731 376.883 null] +>> endobj +5310 0 obj << +/D [5281 0 R /XYZ 189.728 365.954 null] +>> endobj +5311 0 obj << +/D [5281 0 R /XYZ 71.731 344.006 null] +>> endobj +5312 0 obj << +/D [5281 0 R /XYZ 71.731 344.006 null] +>> endobj +5313 0 obj << +/D [5281 0 R /XYZ 196.771 333.077 null] +>> endobj +5314 0 obj << +/D [5281 0 R /XYZ 71.731 311.129 null] +>> endobj +5315 0 obj << +/D [5281 0 R /XYZ 71.731 311.129 null] +>> endobj +5316 0 obj << +/D [5281 0 R /XYZ 199.133 300.2 null] +>> endobj +5317 0 obj << +/D [5281 0 R /XYZ 71.731 278.253 null] +>> endobj +5318 0 obj << +/D [5281 0 R /XYZ 71.731 278.253 null] +>> endobj +5319 0 obj << +/D [5281 0 R /XYZ 218.789 267.324 null] +>> endobj +5320 0 obj << +/D [5281 0 R /XYZ 71.731 245.241 null] +>> endobj +1134 0 obj << +/D [5281 0 R /XYZ 71.731 192.19 null] +>> endobj +722 0 obj << +/D [5281 0 R /XYZ 347.055 149.093 null] +>> endobj +5321 0 obj << +/D [5281 0 R /XYZ 71.731 125.337 null] +>> endobj +5280 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F34 797 0 R /F21 781 0 R /F55 1335 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5324 0 obj << +/Length 905 +/Filter /FlateDecode +>> +stream +xÚœW]oÓ0}߯ÈR‰ۉã‰‡Ñ + + ±òŽMS–ºmÔ6‰wcÿžëØýöÚ2Q4ivãcß{îÇqB< +Äãñ*™—Íΰ7‚•ÏgÄ"ºÒ]Ã|쟜ûD +'ˆC¯?ôˆ „1‡Fêõ7þyUÉbÿº”a¿‡Ìx•7ÊÌÊ¡³²žÅ˜Žæu@˜ŸÄWyY˜5œ0•_éçMp×ÿzvÙ_úÇ(A!ÝËÀBv„ÑŠ!1ðœã +QÔ2žù¥f՝6lù +‹œ®æÉy‹º,TËæœÁ­Ÿ¹‰»*GyÑËlrž©< ØÔÿä³¢—ÀÆXoL"SíŸÞ÷P–S™»nDQÎ,ê–RnâÔ! +3Q¥›§\ecÄâ­Ea +‚?^f‡2ˆvYu P"bK.Þ"÷¥P²^²K§zŠ +FÖñFB +7=Bwèµç?jçÒ©yò Փ”¶b2íCãtÜÅaŒ‘“k©kÎä¡ÎÕsKÃáqÌÅléñc +vž +£ïº +Vhk ++æé°¬Ídªšé°Pn„ Þdñ}>U¹«¶Â'£2ÓF«EÇjbPQг&OÝ€3 +˜7P*Œùît1ðà Ñr® +$9͊N—/°º'aк„Cñ2C$Ž«]° ÑÚê¡Xë!O|Ý3Åþ$/FæÉPÿlmÁ‰¬ +95óY9˜·¡ +y݂J5ɕ«u84Ù +]¶’Õ±L`ï dÝ|Óôd+ÌàÆ +)ŒÿJ +7=RC÷ŸR’øªžË£€qh”«Y¢¡ˆ]öI$øMÈ!ÒÇh%CI(þ¿VƳÃþ_ô]Í'PœööjϵaË5õŒ²=w!}QÕy¥-ÙˆßÃBxn1ÃiÒŠdƒôÃq«ª@œl^iÛb³ÉßuIÀÛ'cn†˜Ø—³ëçFÉY/ÚbpuG|¡›é`PËæøj[æk±qã5¯ißgúoá€ÎÓš–Õb±lüE³ŽÒys¶G^ÚöRÖçõA×êÃÕgt-+ÿœyKê^À^ºÈw +XÐðÀŒ¹°$Ò|.1Õy 6û÷G­å°Ì~Âòb@ ‹““„£ªËìŸ^š6aÐaٌÄöŠóR5¬د”(A á{¿cVÏ†uoƋS4+Bé +_ +»Šþœ0a‘endstream +endobj +5323 0 obj << +/Type /Page +/Contents 5324 0 R +/Resources 5322 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5368 0 R +>> endobj +5325 0 obj << +/D [5323 0 R /XYZ 71.731 729.265 null] +>> endobj +5326 0 obj << +/D [5323 0 R /XYZ 71.731 718.306 null] +>> endobj +5327 0 obj << +/D [5323 0 R /XYZ 71.731 718.306 null] +>> endobj +5328 0 obj << +/D [5323 0 R /XYZ 71.731 655.442 null] +>> endobj +5329 0 obj << +/D [5323 0 R /XYZ 71.731 655.442 null] +>> endobj +5330 0 obj << +/D [5323 0 R /XYZ 204.173 642.59 null] +>> endobj +5331 0 obj << +/D [5323 0 R /XYZ 71.731 620.643 null] +>> endobj +5332 0 obj << +/D [5323 0 R /XYZ 71.731 620.643 null] +>> endobj +5333 0 obj << +/D [5323 0 R /XYZ 211.376 609.714 null] +>> endobj +5334 0 obj << +/D [5323 0 R /XYZ 71.731 587.766 null] +>> endobj +5335 0 obj << +/D [5323 0 R /XYZ 71.731 587.766 null] +>> endobj +5336 0 obj << +/D [5323 0 R /XYZ 184.757 576.837 null] +>> endobj +5337 0 obj << +/D [5323 0 R /XYZ 71.731 554.755 null] +>> endobj +5338 0 obj << +/D [5323 0 R /XYZ 71.731 554.755 null] +>> endobj +5339 0 obj << +/D [5323 0 R /XYZ 208.557 543.96 null] +>> endobj +5340 0 obj << +/D [5323 0 R /XYZ 71.731 521.878 null] +>> endobj +5341 0 obj << +/D [5323 0 R /XYZ 71.731 521.878 null] +>> endobj +5342 0 obj << +/D [5323 0 R /XYZ 190.286 511.083 null] +>> endobj +1135 0 obj << +/D [5323 0 R /XYZ 71.731 507.681 null] +>> endobj +726 0 obj << +/D [5323 0 R /XYZ 401.695 464.584 null] +>> endobj +5343 0 obj << +/D [5323 0 R /XYZ 71.731 440.828 null] +>> endobj +5344 0 obj << +/D [5323 0 R /XYZ 71.731 409.625 null] +>> endobj +5345 0 obj << +/D [5323 0 R /XYZ 71.731 409.625 null] +>> endobj +5346 0 obj << +/D [5323 0 R /XYZ 71.731 377.421 null] +>> endobj +5347 0 obj << +/D [5323 0 R /XYZ 71.731 345.929 null] +>> endobj +5348 0 obj << +/D [5323 0 R /XYZ 71.731 345.929 null] +>> endobj +5349 0 obj << +/D [5323 0 R /XYZ 208.188 333.077 null] +>> endobj +5350 0 obj << +/D [5323 0 R /XYZ 71.731 311.712 null] +>> endobj +5351 0 obj << +/D [5323 0 R /XYZ 71.731 311.712 null] +>> endobj +5352 0 obj << +/D [5323 0 R /XYZ 215.391 300.2 null] +>> endobj +5353 0 obj << +/D [5323 0 R /XYZ 71.731 280.096 null] +>> endobj +5354 0 obj << +/D [5323 0 R /XYZ 71.731 280.096 null] +>> endobj +5355 0 obj << +/D [5323 0 R /XYZ 198.993 267.324 null] +>> endobj +5356 0 obj << +/D [5323 0 R /XYZ 71.731 245.241 null] +>> endobj +5357 0 obj << +/D [5323 0 R /XYZ 71.731 245.241 null] +>> endobj +5358 0 obj << +/D [5323 0 R /XYZ 188.771 234.447 null] +>> endobj +5359 0 obj << +/D [5323 0 R /XYZ 71.731 212.365 null] +>> endobj +5360 0 obj << +/D [5323 0 R /XYZ 71.731 212.365 null] +>> endobj +5361 0 obj << +/D [5323 0 R /XYZ 207.292 201.57 null] +>> endobj +5362 0 obj << +/D [5323 0 R /XYZ 71.731 179.488 null] +>> endobj +5363 0 obj << +/D [5323 0 R /XYZ 71.731 179.488 null] +>> endobj +5364 0 obj << +/D [5323 0 R /XYZ 211.924 168.693 null] +>> endobj +5365 0 obj << +/D [5323 0 R /XYZ 71.731 133.66 null] +>> endobj +5366 0 obj << +/D [5323 0 R /XYZ 71.731 133.66 null] +>> endobj +5367 0 obj << +/D [5323 0 R /XYZ 199.352 122.865 null] +>> endobj +5322 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F27 788 0 R /F55 1335 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5371 0 obj << +/Length 945 +/Filter /FlateDecode +>> +stream +xÚœV]oÛ6}ϯÐ[e`bø!~šÀ +²4)²eØP»Om( + +‘IA’“úߏ)ÙªäÔÀ°!@š«{Ï9÷ðš(€æ +N̂€ +²í +žÌ›ÈGD>$:Šùmuqy‹“  #Áj +AiÀ 6+Vù—𪪀ʋï‹S^·ÞMë®ôÚ­™V_!ÄO»zh˜.PØZ¹wöE)}|eŸ7‹o«ß/nV>Š øM>d€Ä%€ä + +@âžcðÇÓPv°”,ÿ6"ÔÙ'­Û;]5Õ¯Ïå­á.L*fS%@n‹Û +iž×²i\懂1aõcîòµO·ÿp€UUëì¡6 + +¥R¹|Е¬S§Œ—ŒÂ§ZV¶b!"Ä\`øƌ’ü˜!NÂåŸiålÓÊäBù±T0ˆl›9û‰H÷Z?望2!DÄô?Ö©ÔV§Ç Î4ÌÆ8Í(˜ð‘fsš` nÀQ +3Š9æI3@»O®·žç"ŒÞÈlaø\š'÷dmouín–Ÿï>\.?Þ}p·ÎósJø +Gâ/evØ,™æŠÂûÓ +ãÝG_–»"·˜ž¿M‹ŒCoT[²yÿ3 +¯ +ž‚á‹ý'gºÎ“ŸZ—2UóMçtÒôwèïŸvkóZŽÙÆ÷^ýâ£àL”1Áž¶–]ƒ)©ÈNÂøHƒÛÍ÷¬Üås€„é9Œ=Ü*m7SF8ˆ° £+·äEm:©ëýÁ¥©ÊÝMÑzs7»ÇÜÐð¡Š-GL¥Ý†Š{°®õö‡ +“Y.~ÿ¥Êœ7=‚€Å#Ïk%gÑe©7Ü£ßT2+¬m +:™÷å +ûÕZ!Ý/ +ÁÙ>Z”ù®œ;€/dãÃf +DeS]×ZµécTϝC=>ÓÌNŒúH¬fÖ*„‚$Šc«tú;ï×E»èÌ{†'€ç!_ºfx0@øtü™Jž«D]¥ +yÝû`x«Úð @ŒÎ;ý¶jf3˜è%]W3 + ÀN°÷ŶhÐœ3ÌïŽ×_šC@ÞLå·£qäڙÁ‹ˆÙZIÒMÞجnöŠófïVïTë.ÎoÌ]þ/æXóÆÐeg]—¯KwÞÔĂÿïSמåΙºXÎð rwªµÇ +Ï.-çF5Ÿ¶’óÒ¹‰.ý‹Å––ýXk_¥T“p|êô‡âXø›ÇæCÈäÔL¡ÝܬÏbq!LN +p§¥þö_Mendstream +endobj +5370 0 obj << +/Type /Page +/Contents 5371 0 R +/Resources 5369 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5368 0 R +>> endobj +5372 0 obj << +/D [5370 0 R /XYZ 71.731 729.265 null] +>> endobj +5373 0 obj << +/D [5370 0 R /XYZ 71.731 741.22 null] +>> endobj +5374 0 obj << +/D [5370 0 R /XYZ 71.731 718.306 null] +>> endobj +5375 0 obj << +/D [5370 0 R /XYZ 71.731 718.306 null] +>> endobj +5376 0 obj << +/D [5370 0 R /XYZ 217.623 708.344 null] +>> endobj +5377 0 obj << +/D [5370 0 R /XYZ 71.731 673.31 null] +>> endobj +5378 0 obj << +/D [5370 0 R /XYZ 71.731 673.31 null] +>> endobj +5379 0 obj << +/D [5370 0 R /XYZ 232.577 662.516 null] +>> endobj +1136 0 obj << +/D [5370 0 R /XYZ 71.731 646.162 null] +>> endobj +730 0 obj << +/D [5370 0 R /XYZ 344.644 603.064 null] +>> endobj +5380 0 obj << +/D [5370 0 R /XYZ 71.731 579.309 null] +>> endobj +5381 0 obj << +/D [5370 0 R /XYZ 71.731 548.106 null] +>> endobj +5382 0 obj << +/D [5370 0 R /XYZ 71.731 548.106 null] +>> endobj +5383 0 obj << +/D [5370 0 R /XYZ 71.731 515.901 null] +>> endobj +5384 0 obj << +/D [5370 0 R /XYZ 71.731 484.41 null] +>> endobj +5385 0 obj << +/D [5370 0 R /XYZ 71.731 484.41 null] +>> endobj +5386 0 obj << +/D [5370 0 R /XYZ 198.644 471.558 null] +>> endobj +5387 0 obj << +/D [5370 0 R /XYZ 71.731 450.193 null] +>> endobj +5388 0 obj << +/D [5370 0 R /XYZ 71.731 450.193 null] +>> endobj +5389 0 obj << +/D [5370 0 R /XYZ 206.056 438.681 null] +>> endobj +5390 0 obj << +/D [5370 0 R /XYZ 71.731 403.647 null] +>> endobj +5391 0 obj << +/D [5370 0 R /XYZ 71.731 403.647 null] +>> endobj +5392 0 obj << +/D [5370 0 R /XYZ 209.932 392.853 null] +>> endobj +5393 0 obj << +/D [5370 0 R /XYZ 71.731 372.748 null] +>> endobj +5394 0 obj << +/D [5370 0 R /XYZ 71.731 372.748 null] +>> endobj +5395 0 obj << +/D [5370 0 R /XYZ 206.345 359.976 null] +>> endobj +5396 0 obj << +/D [5370 0 R /XYZ 71.731 337.894 null] +>> endobj +5397 0 obj << +/D [5370 0 R /XYZ 71.731 337.894 null] +>> endobj +5398 0 obj << +/D [5370 0 R /XYZ 187.237 327.099 null] +>> endobj +1137 0 obj << +/D [5370 0 R /XYZ 71.731 323.697 null] +>> endobj +734 0 obj << +/D [5370 0 R /XYZ 336.949 280.6 null] +>> endobj +5399 0 obj << +/D [5370 0 R /XYZ 71.731 256.844 null] +>> endobj +5400 0 obj << +/D [5370 0 R /XYZ 71.731 225.641 null] +>> endobj +5401 0 obj << +/D [5370 0 R /XYZ 71.731 225.641 null] +>> endobj +5402 0 obj << +/D [5370 0 R /XYZ 71.731 193.437 null] +>> endobj +5403 0 obj << +/D [5370 0 R /XYZ 71.731 161.945 null] +>> endobj +5404 0 obj << +/D [5370 0 R /XYZ 71.731 161.945 null] +>> endobj +5405 0 obj << +/D [5370 0 R /XYZ 208.039 149.093 null] +>> endobj +5406 0 obj << +/D [5370 0 R /XYZ 71.731 127.728 null] +>> endobj +5407 0 obj << +/D [5370 0 R /XYZ 71.731 127.728 null] +>> endobj +5408 0 obj << +/D [5370 0 R /XYZ 215.242 116.216 null] +>> endobj +5369 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5411 0 obj << +/Length 1141 +/Filter /FlateDecode +>> +stream +xÚœWQoÛ6~ϯÐÀØ@͐”(Jö4ÉÚ¢i»ÅyJ‹¶h[ˆL¢”,ÿ~€xŽ,K :`ô ’:ÞÝw÷ݑ"6 8A<4/š"³`¹=ÁÁÚ|ùí„€Ä +Df2—󓳚)Jã0˜¯‚0"(a,à!5o̳‡ÉÅn'U–ÿ5Q†'ï‘{ÎuíFåÊœ—¥úŽ1]7Ք°‰˜’I—Ê}³ + ò;»®§?æŸN®ç{ÿ%(€o"‘‚0ê’"f<ç8Aaµî€õèiJðDVyýr[6ªŸÍµÎÕúWëÇٍÁœq«SDflÚÍZ>µ›œ +坩(F!§ öRîðkŽµÆœ5·º*+7Ø:»0±ž˜HiäÔ"™‘(A1ãÁÌ&ƒóQ(_Û`Ÿ +%D&ÿƒDÕœ,ãJça×û\>¶yÄxΝíDœ™ÎbŒ'.|íسjF&?†ða(Šùß­S`‡»2÷úF[§P_2J;S-êÆ×ÁøœÎ»˜)ëŠAÌ9Â3ŠRFZ'„öe³ÝŠ™–;Q‰Zfn±0ÕõÎY;ú²€ +˜B=BVªr +þoÀ•]%—2;b[‡’CI@8¢„µÙ‰8JÌÊÌ0‚¹Ô Ôƀ'm’ŠO +F³²²Ó– +fÒh #Wîz„f ŒÇèe×'6RXwχ¬Á°)n7=Ü[7¹±1’lÜÓ­ê*—ú +•NÎj¿/ŒG¶Â\™2EÄ×Ô¢, +)ÔVŒ(”;%§}–éçŒ^n jÔ;Â¯IY®,ÃV£µ +S&Q/XÈŸˆí( +CÏÔWÇʄU9WW»²È—# +#‰É]›“‘*:j +Ê$ +¥Xš¶øùðõö*î¢(J‹óÙSÿÉÎDÑxV›+/F¡ ”—;µN[ÇmŸ@$E%ÏaTùZ••„`‹º6gÖ$_X67µÔ°^”kˆ[·°®œSӘM`U•N›?êÎäÊRG4EmŠä*CîR/[mÉ`cú`JÆô] +÷‡ýzÏUÖIGèpŒmž÷yŠG萘s'!·Mž9&؞4Âr†˜¹A +óà¢ëcý[ÂýÇ+HßóFú˜=ûwµƒSd¬Ï}w;ˆ²[Èõ>¿˜FˆÒ~ãýCšµ§M–DkÐL0ž1ŒmÊö”Ùk4^y:‚øÇÕŸÝz¹œʟ‚F•µúŠQ<;`I^¿v°Bà ”«£Foãü³Ýœ`hçW¢ +¡åØŠœ‰­KßÉúêòC©Ç® Œ"N}KÊnÊQÂbD؀¯V倖ûð^]B–Ü +\ +ªFéѪ?÷ýb) +ë†Í/äûnS6EÖϬj¶æzµZ}sÜM-jÒ¿3dY%µ>jŠßŒu%ï~ÿŒ~*|¯ +Œ›ª»ðµgÀhø’aüŸŽÆa¡ïƒ—yš +eJª‹•ۍȕ‹ÔÑ¿üº˜ûpBø›?7Èà߆a{Ǎœë?¡Ñ+¿!CSy‡jŽendstream +endobj +5410 0 obj << +/Type /Page +/Contents 5411 0 R +/Resources 5409 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5368 0 R +>> endobj +5412 0 obj << +/D [5410 0 R /XYZ 71.731 729.265 null] +>> endobj +5413 0 obj << +/D [5410 0 R /XYZ 71.731 741.22 null] +>> endobj +5414 0 obj << +/D [5410 0 R /XYZ 71.731 718.306 null] +>> endobj +5415 0 obj << +/D [5410 0 R /XYZ 71.731 718.306 null] +>> endobj +5416 0 obj << +/D [5410 0 R /XYZ 221.837 708.344 null] +>> endobj +5417 0 obj << +/D [5410 0 R /XYZ 71.731 653.385 null] +>> endobj +5418 0 obj << +/D [5410 0 R /XYZ 71.731 653.385 null] +>> endobj +5419 0 obj << +/D [5410 0 R /XYZ 181.13 642.59 null] +>> endobj +1138 0 obj << +/D [5410 0 R /XYZ 71.731 626.237 null] +>> endobj +738 0 obj << +/D [5410 0 R /XYZ 292.998 583.139 null] +>> endobj +5420 0 obj << +/D [5410 0 R /XYZ 71.731 559.384 null] +>> endobj +5421 0 obj << +/D [5410 0 R /XYZ 71.731 528.18 null] +>> endobj +5422 0 obj << +/D [5410 0 R /XYZ 71.731 528.18 null] +>> endobj +5423 0 obj << +/D [5410 0 R /XYZ 71.731 495.976 null] +>> endobj +5424 0 obj << +/D [5410 0 R /XYZ 71.731 464.484 null] +>> endobj +5425 0 obj << +/D [5410 0 R /XYZ 71.731 464.484 null] +>> endobj +5426 0 obj << +/D [5410 0 R /XYZ 188.662 451.632 null] +>> endobj +5427 0 obj << +/D [5410 0 R /XYZ 71.731 430.268 null] +>> endobj +5428 0 obj << +/D [5410 0 R /XYZ 71.731 430.268 null] +>> endobj +5429 0 obj << +/D [5410 0 R /XYZ 186.649 418.756 null] +>> endobj +5430 0 obj << +/D [5410 0 R /XYZ 71.731 371.488 null] +>> endobj +5431 0 obj << +/D [5410 0 R /XYZ 71.731 371.488 null] +>> endobj +5432 0 obj << +/D [5410 0 R /XYZ 208.248 359.976 null] +>> endobj +1139 0 obj << +/D [5410 0 R /XYZ 71.731 343.622 null] +>> endobj +742 0 obj << +/D [5410 0 R /XYZ 194.2 300.525 null] +>> endobj +5433 0 obj << +/D [5410 0 R /XYZ 71.731 280.385 null] +>> endobj +5434 0 obj << +/D [5410 0 R /XYZ 71.731 245.566 null] +>> endobj +5435 0 obj << +/D [5410 0 R /XYZ 71.731 245.566 null] +>> endobj +5436 0 obj << +/D [5410 0 R /XYZ 71.731 213.362 null] +>> endobj +5437 0 obj << +/D [5410 0 R /XYZ 71.731 181.87 null] +>> endobj +5438 0 obj << +/D [5410 0 R /XYZ 71.731 181.87 null] +>> endobj +5439 0 obj << +/D [5410 0 R /XYZ 172.273 169.018 null] +>> endobj +5440 0 obj << +/D [5410 0 R /XYZ 71.731 133.985 null] +>> endobj +5441 0 obj << +/D [5410 0 R /XYZ 71.731 133.985 null] +>> endobj +5442 0 obj << +/D [5410 0 R /XYZ 177.245 123.19 null] +>> endobj +5409 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5445 0 obj << +/Length 1328 +/Filter /FlateDecode +>> +stream +xڝWQoÛ6~ϯ0 + +³™)Q” +ì!Mš:E²‰Û=ŽEÁHŒ-T& +Qn’¿£HɒEgC ¢¥Ó +¿ïð$€?¬9 3A8™›Ì0¶Çe\|Ò¢òÁ"(Ædkf +TŠÃp„ê\I)2—c®[` +[5Ÿ\nûPLÚ +Í7k^ÈcˆÒ‘ˆŽÝ6žŽ~2WUå +`,„ +‡{`[cŠcp1AA<÷©KIhÛ +éÖ ‚ÌI%ÅÑ$ + +Šxé +È7?Í?Q-uÍ7[. $ŠÛ:|Pª\zFØž +¯ÕÊñ.ªŸŠÛÕÅF4íÏGåîg«²ÒåŒ4_ }ŒqUí^" ++xŸƒYƒ^@(è8D!¿ºK$wYì"u¢dªØ +ÑÑŸ{Vuš²¬³›ãé›1SE6¢â~+²âñÅ5úN×jӕñŠ­ò®€7@†Å°/ +à‘Ò©·ë“ÅÊã3°g¥LÉ{š¹ò©Y„"ÚîU7VcD0&"2î|váä[wì + +’^ȬÜåî­ + +ŽŽCÞ]ƒRìê‡TÆë“{ïáʼn$¡ +ƒ}&÷,VŒ×ÆëV&¯n]Œ<¯`ã©Fÿ%3‹"@°—M J~‘Ì +%Ÿá€&e{º0Žÿä +{>˜VegÞ3¯`¿Þ3a€X +‹çECìKÃ0ϊ²š_ü]ÓØažþûÃ÷ççg/RÆØñ¶ÓMš~ +ـ^ u}簙˜gFL>-·wWŸŸ& õÃá!éŠyñ|9cÑôeëû>‰à€ÀÚSìâì~1_^}xwºž9;·K¿jÆ8=Ž¶†XÃ> endobj +5446 0 obj << +/D [5444 0 R /XYZ 71.731 729.265 null] +>> endobj +5447 0 obj << +/D [5444 0 R /XYZ 71.731 741.22 null] +>> endobj +5448 0 obj << +/D [5444 0 R /XYZ 71.731 718.306 null] +>> endobj +5449 0 obj << +/D [5444 0 R /XYZ 71.731 718.306 null] +>> endobj +5450 0 obj << +/D [5444 0 R /XYZ 175.79 708.344 null] +>> endobj +5451 0 obj << +/D [5444 0 R /XYZ 71.731 653.758 null] +>> endobj +5452 0 obj << +/D [5444 0 R /XYZ 71.731 653.758 null] +>> endobj +5453 0 obj << +/D [5444 0 R /XYZ 193.105 642.59 null] +>> endobj +5454 0 obj << +/D [5444 0 R /XYZ 71.731 620.508 null] +>> endobj +5455 0 obj << +/D [5444 0 R /XYZ 71.731 620.508 null] +>> endobj +5456 0 obj << +/D [5444 0 R /XYZ 213.02 609.714 null] +>> endobj +5457 0 obj << +/D [5444 0 R /XYZ 71.731 587.631 null] +>> endobj +5458 0 obj << +/D [5444 0 R /XYZ 71.731 587.631 null] +>> endobj +5459 0 obj << +/D [5444 0 R /XYZ 182.574 576.837 null] +>> endobj +5460 0 obj << +/D [5444 0 R /XYZ 71.731 554.755 null] +>> endobj +5461 0 obj << +/D [5444 0 R /XYZ 71.731 554.755 null] +>> endobj +5462 0 obj << +/D [5444 0 R /XYZ 190.196 543.96 null] +>> endobj +1140 0 obj << +/D [5444 0 R /XYZ 71.731 529.664 null] +>> endobj +746 0 obj << +/D [5444 0 R /XYZ 235.344 484.509 null] +>> endobj +5463 0 obj << +/D [5444 0 R /XYZ 71.731 464.369 null] +>> endobj +5464 0 obj << +/D [5444 0 R /XYZ 71.731 429.55 null] +>> endobj +5465 0 obj << +/D [5444 0 R /XYZ 71.731 429.55 null] +>> endobj +5466 0 obj << +/D [5444 0 R /XYZ 71.731 397.346 null] +>> endobj +5467 0 obj << +/D [5444 0 R /XYZ 71.731 365.854 null] +>> endobj +5468 0 obj << +/D [5444 0 R /XYZ 71.731 365.854 null] +>> endobj +5469 0 obj << +/D [5444 0 R /XYZ 160.647 353.002 null] +>> endobj +5470 0 obj << +/D [5444 0 R /XYZ 71.731 331.294 null] +>> endobj +5471 0 obj << +/D [5444 0 R /XYZ 71.731 331.294 null] +>> endobj +5472 0 obj << +/D [5444 0 R /XYZ 192.736 320.126 null] +>> endobj +5473 0 obj << +/D [5444 0 R /XYZ 71.731 298.043 null] +>> endobj +5474 0 obj << +/D [5444 0 R /XYZ 71.731 298.043 null] +>> endobj +5475 0 obj << +/D [5444 0 R /XYZ 184.009 287.249 null] +>> endobj +5476 0 obj << +/D [5444 0 R /XYZ 71.731 252.589 null] +>> endobj +5477 0 obj << +/D [5444 0 R /XYZ 71.731 252.589 null] +>> endobj +5478 0 obj << +/D [5444 0 R /XYZ 205.23 241.421 null] +>> endobj +5479 0 obj << +/D [5444 0 R /XYZ 71.731 208.444 null] +>> endobj +5480 0 obj << +/D [5444 0 R /XYZ 71.731 208.444 null] +>> endobj +5481 0 obj << +/D [5444 0 R /XYZ 170.072 195.593 null] +>> endobj +5482 0 obj << +/D [5444 0 R /XYZ 71.731 173.51 null] +>> endobj +5483 0 obj << +/D [5444 0 R /XYZ 71.731 173.51 null] +>> endobj +5484 0 obj << +/D [5444 0 R /XYZ 184.208 162.716 null] +>> endobj +5485 0 obj << +/D [5444 0 R /XYZ 71.731 140.634 null] +>> endobj +5486 0 obj << +/D [5444 0 R /XYZ 71.731 140.634 null] +>> endobj +5487 0 obj << +/D [5444 0 R /XYZ 169.325 129.839 null] +>> endobj +5443 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5490 0 obj << +/Length 1409 +/Filter /FlateDecode +>> +stream +xÚÍXYoã6~ϯð›m fHJÔ±EÒlÓf‘iíö¥ÛÙ¢c:\ +qòï;I +í +²º0`‘ùæ›ΈL0üÈÄ'ÈwàACD=6Ù€xòo~Ÿ zÆBOYôæüžºžŒ¡á$D¡çLVۉã06ñ + +O:YÅÍ®ö{žÅâyŸ  +Ï®‘zމ²R­|«ž›<ûŒ1}¬‹9a³hNf•È3õNŸHžž¿—ãåüïÕ§‹ŸV­|Œäгô”Çí"’û8@Žë6–ŒºËóýjN‚™HùòèË€À*O®ò +„a=nŠ— + Ä¥šEýno#Jšžõ™R_ºÍ*^<Í)€NÔȚWÎ5ö +Ž]‘Y”îÕôË著F7 +{þ RGöá,võÙd!ñ}ƒç4˜'6(Œ"Ÿ-d̟Ə‘8. +°7Bk™wŒ%Už£:1— › +[É/˜ +¿Ô“OA |Ä@ˆ>’{¥‰ßj^ó«M%æÏžäŸ +Yè!J-ô:‡“¢ÌNèëÚ¥zùRþ©y{ž +ð +7œý+eéðm¥4QRžDE +1ìhX^sìC!M'uÌï#°»ÎòÛl+µ”[€ +°a¬/i +ËÃʱ䳌Ò]$2ÝáOó™ñBT‚[l”ž¹àÒÇøW†ÑR‘%}Ôl¢)4ùå.¯“Xic­W¥DXÏÌ屓•n(ý‘Pê`!Ò}Ž©¬'œšÑ©È¶ùTµ +v‘=èK©Kõ +ŸÏ‹ªç1W<ÔIõAfyŠ)ÑðDÙ/z3–%úôhN¥ +I_IŽNä¹êÍAT;ÕJÄz_(i$N¬’ F¡Å +ðÀªmôßåÀÁÆ~€0 +_Í>šRÀ»²ZIbÊ΀ƒ‘ýŒÂ€"’\Ÿ:Œì€Ë£ÿ;ÐÎÿE# _e÷<uj±‚rˆû +"Üõ‘ï: +CéûŒ€¢§i£Š1ÿï@>yÿcW·CÓ+ÿ¿ˆÇíbÃÈ Ÿ)îe\Žíø€‡Ÿx%÷2ì@ +}æÁ +އù/Ð ×I?ümà+™WÍ\¥¿¶ŒÓ2lí‹|+nMiHÀ^‘­ÁýL[ª®ä“ZiQ*ï;©75°5oêrt +¶›>ôñß~\žRyc{(Õ +®„WEßñ<Ì Í7­5 +yžÎ3î2íTpL`‡ßÀŸ.»E`Œ–EÁ‰ô'æ÷€è\¡[¹ä +Æ}ô,Ò:íÊ +ãCƒú£ÉÚzõG +ª;ÏÅØøêæt +B EqlPµ^g +Ö¶·V‘k±POhƀ-þyÀY®y1¬9›Êì${ì°¶ÖÖÓNf*³£ìžœ©»ò€©~Z¯1_űòð²Ž`÷ +Ä|“Ì|Ã÷‚gÕ2KÄã@ +›ѱÐìÐtù¢£3Še”.@ŒP=k/ N"£.dmÔÆæï<‰^ìå±Lô•¬·ŠÈ(Vg‘yÈaôôÔ!(äyœZ+ïèkޖ€OTœUߛ:ôôu`Á+¿î°î„Í–õúŸ©læ +YN[•U!ÀŒÆ%4ƒ‹Ö +¡Œ®Ë*OÛðšš[µÅÖÆU.ƒq«ŠRIÓ)ã +€ÐA€­€¶¹‡à +Âù>y&µé) +ӛ"O?L»=<‘†iw*‘ÙLïF$à§WYl«ÀU\ÖOF’S®¡à. +›Bʓ5º‘zš‹ºD +Qú0³’D5ÌÛÃNlvª™Öf)kõ¶:º~§ƒ~ŠƒhîUèŠÊ܏. gƒÌé ’Ä˜quœtAB£ãoeúSž €øg?öuSFßú\ÕÄóÍ.RBœŸåÆGýÀeHRendstream +endobj +5489 0 obj << +/Type /Page +/Contents 5490 0 R +/Resources 5488 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5368 0 R +>> endobj +5491 0 obj << +/D [5489 0 R /XYZ 71.731 729.265 null] +>> endobj +5492 0 obj << +/D [5489 0 R /XYZ 71.731 718.306 null] +>> endobj +5493 0 obj << +/D [5489 0 R /XYZ 71.731 718.306 null] +>> endobj +5494 0 obj << +/D [5489 0 R /XYZ 182.615 708.344 null] +>> endobj +5495 0 obj << +/D [5489 0 R /XYZ 71.731 653.758 null] +>> endobj +5496 0 obj << +/D [5489 0 R /XYZ 71.731 653.758 null] +>> endobj +5497 0 obj << +/D [5489 0 R /XYZ 215.78 642.59 null] +>> endobj +5498 0 obj << +/D [5489 0 R /XYZ 71.731 620.508 null] +>> endobj +5499 0 obj << +/D [5489 0 R /XYZ 71.731 620.508 null] +>> endobj +5500 0 obj << +/D [5489 0 R /XYZ 206.355 609.714 null] +>> endobj +5501 0 obj << +/D [5489 0 R /XYZ 71.731 563.666 null] +>> endobj +5502 0 obj << +/D [5489 0 R /XYZ 71.731 563.666 null] +>> endobj +5503 0 obj << +/D [5489 0 R /XYZ 207.611 550.934 null] +>> endobj +5504 0 obj << +/D [5489 0 R /XYZ 71.731 504.887 null] +>> endobj +5505 0 obj << +/D [5489 0 R /XYZ 71.731 504.887 null] +>> endobj +5506 0 obj << +/D [5489 0 R /XYZ 224.866 492.154 null] +>> endobj +5507 0 obj << +/D [5489 0 R /XYZ 71.731 444.169 null] +>> endobj +5508 0 obj << +/D [5489 0 R /XYZ 71.731 444.169 null] +>> endobj +5509 0 obj << +/D [5489 0 R /XYZ 209.932 433.375 null] +>> endobj +5510 0 obj << +/D [5489 0 R /XYZ 71.731 385.39 null] +>> endobj +5511 0 obj << +/D [5489 0 R /XYZ 71.731 385.39 null] +>> endobj +5512 0 obj << +/D [5489 0 R /XYZ 186.301 374.595 null] +>> endobj +5513 0 obj << +/D [5489 0 R /XYZ 71.731 339.562 null] +>> endobj +5514 0 obj << +/D [5489 0 R /XYZ 71.731 339.562 null] +>> endobj +5515 0 obj << +/D [5489 0 R /XYZ 180.393 328.767 null] +>> endobj +5516 0 obj << +/D [5489 0 R /XYZ 71.731 306.685 null] +>> endobj +5517 0 obj << +/D [5489 0 R /XYZ 71.731 306.685 null] +>> endobj +5518 0 obj << +/D [5489 0 R /XYZ 179.466 295.89 null] +>> endobj +5519 0 obj << +/D [5489 0 R /XYZ 71.731 273.808 null] +>> endobj +5520 0 obj << +/D [5489 0 R /XYZ 71.731 273.808 null] +>> endobj +5521 0 obj << +/D [5489 0 R /XYZ 193.125 263.014 null] +>> endobj +5522 0 obj << +/D [5489 0 R /XYZ 71.731 240.932 null] +>> endobj +5523 0 obj << +/D [5489 0 R /XYZ 71.731 240.932 null] +>> endobj +5524 0 obj << +/D [5489 0 R /XYZ 182.784 230.137 null] +>> endobj +5525 0 obj << +/D [5489 0 R /XYZ 71.731 208.055 null] +>> endobj +5526 0 obj << +/D [5489 0 R /XYZ 71.731 208.055 null] +>> endobj +5527 0 obj << +/D [5489 0 R /XYZ 177.255 197.26 null] +>> endobj +5528 0 obj << +/D [5489 0 R /XYZ 71.731 175.178 null] +>> endobj +5529 0 obj << +/D [5489 0 R /XYZ 71.731 175.178 null] +>> endobj +5530 0 obj << +/D [5489 0 R /XYZ 188.323 164.384 null] +>> endobj +5531 0 obj << +/D [5489 0 R /XYZ 71.731 143.243 null] +>> endobj +5532 0 obj << +/D [5489 0 R /XYZ 71.731 143.243 null] +>> endobj +5533 0 obj << +/D [5489 0 R /XYZ 200.497 131.507 null] +>> endobj +5488 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5536 0 obj << +/Length 1652 +/Filter /FlateDecode +>> +stream +xÚœXKoã6ŸçWøˆ’"õX ‡lÚŽiS{uNÝ +d‰± ëaHò&Û_ß¡HʒÅ$[ -DŽ8$gŸ™ùf(2ÃðGf!A¡#ðYZ\àÙf~Ÿ FÂ3"Þ@æãúâúŽÆ³Ł?[?Í|FPÄù,ô)<élý1¿9 +D™É— +G9žß"ý|M«GՓ~ŠUùcº=Ö +ÂçɂÌ[Y•zNMäÂÈÔûfñçú׋ŸÖœ~œäÓ7-0" +|v²€qÐ<Äòë,ø,Úß™ßÉŒõªþA +}}fF°*P«B†"Á)JÄÀSéçÑúü©ªM|ø±˜ŽããØn+ˆÅžK‘j²ëÕhkÔ +(U@pšÓŸ'ÑÖ +[YˆÏ¢V +Uÿ„‹ÍùÿÒ- +iÒGÔ_·ÃùœÏôVp—˜èoÁ2»Œ‘ÅÁRÿ¥²@íwyÚPZÜ:‡ª6[øáu› +:Ghž)‡°Ã-›Þ9ïç×z²y +<*²ÇÆ P@bìY—I!”VWöÇ£ÉÜj5Ƒš8Ü&ŸAç„çŽ`‚G€ŠŽÄG«µÓ<ŠŽl\霄␟ÇCµÕEö-&ŠÌ(xóž^éȀˆîž×nN )b€á(>êª|G'Ì×yoój«}ÅïÆ +ßšyìBx5^Ò&é^vUÓ*˜õ¯.QA.­ŠƒbPÈU=¡Ô|%g<Â0 + –Œ˜U¡“îß +'~ÅüÆÑyú +àÐH^u¶žuD|kZÕ.Øeˆ\6„Hg +[ېŸbô°'Ç®§·<¯”CM³4fû5 +³utj}Ó?jŠÀ¢¯ê_R¶'ª4:)³$?Ufó>Í¥°ÂBáõÒ±Kzl“M.šï–LÑ.> +ºµšsWØc–à<艧~„À!|âF8ÂؐîDvÌ{Tµ¬jÙ2ÀâX÷“Cçºt?aåòFXZ,ãÈ̹|5¶1F1™ÄöýêAÒÕyq†üÈÚŽ98ž(+ˆý×­Ÿ_ÙŠ +NT±œÌ«Í·V˜Šë ¬§œìT>ûp 25‡“ÎzKÑ-±õÏaib™M+Ñ8]L X{¯z +º¹íÞÚg!J·êàêý + †W +÷Nƒ‘Ô5·ÊšÏ: ÄªtD0Ca_LLð ‡I +261鶮JH"/—û.-F1,†ŸïM|ã®;,D‘?²êè/IARì;“\Ž ‘5bSUpÛ)§6ø! +#‡ +@j=ݔÇbcƒÌÖϝ9Û¡åK—hsÜd²†f +rÖÞ'N +Ž>(0$ˁô» +Å`õôÔç +ò¶Ï²åt»ñŸiÿ0]îClÛ»é+E.ÄÜÁ^?œ€â0Œ +sÜ7²]ÿ«;3 +äUs–³‰ž Í~yݚn»é!‡LRHt F~@Gè*E’Ž=Ú|ó†G +x‘¹ØP +hjÜv}ǂAºøŠœÉ; (ŠãŸ?s„8æ#ß•fõÛ-šáºÑ +±Àî’\é>aIÍ!g³Mٙ£X`›CÆuÄ›$UP«:šß§ @M¡žW*Ö³†œŽ]»Úe +lžssՃ7]’ëwf2˜? +Yg6 +q|æ1Ūóh¬Ûí=*ù6ŸòîL)ïC² +83ë«ã%~¹ü ‡øe¹Tš^™ØI[fáiÕ_¢®ìªåx•‰×L€²HT[bT|Ž±~™äù¥m{ˆ>Ôa +2ßËX„"ŸùEí$2ù õa +Ú]Ô¡œîþö5=êoì ˆendstream +endobj +5535 0 obj << +/Type /Page +/Contents 5536 0 R +/Resources 5534 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5368 0 R +>> endobj +5537 0 obj << +/D [5535 0 R /XYZ 71.731 729.265 null] +>> endobj +5538 0 obj << +/D [5535 0 R /XYZ 71.731 741.22 null] +>> endobj +5539 0 obj << +/D [5535 0 R /XYZ 71.731 718.306 null] +>> endobj +5540 0 obj << +/D [5535 0 R /XYZ 71.731 718.306 null] +>> endobj +5541 0 obj << +/D [5535 0 R /XYZ 194.4 708.344 null] +>> endobj +5542 0 obj << +/D [5535 0 R /XYZ 71.731 675.367 null] +>> endobj +5543 0 obj << +/D [5535 0 R /XYZ 71.731 675.367 null] +>> endobj +5544 0 obj << +/D [5535 0 R /XYZ 197.718 662.516 null] +>> endobj +5545 0 obj << +/D [5535 0 R /XYZ 71.731 629.539 null] +>> endobj +5546 0 obj << +/D [5535 0 R /XYZ 71.731 629.539 null] +>> endobj +5547 0 obj << +/D [5535 0 R /XYZ 182.704 616.687 null] +>> endobj +5548 0 obj << +/D [5535 0 R /XYZ 71.731 594.605 null] +>> endobj +5549 0 obj << +/D [5535 0 R /XYZ 71.731 594.605 null] +>> endobj +5550 0 obj << +/D [5535 0 R /XYZ 193.693 583.811 null] +>> endobj +5551 0 obj << +/D [5535 0 R /XYZ 71.731 548.777 null] +>> endobj +5552 0 obj << +/D [5535 0 R /XYZ 71.731 548.777 null] +>> endobj +5553 0 obj << +/D [5535 0 R /XYZ 188.482 537.983 null] +>> endobj +5554 0 obj << +/D [5535 0 R /XYZ 71.731 505.006 null] +>> endobj +5555 0 obj << +/D [5535 0 R /XYZ 71.731 505.006 null] +>> endobj +5556 0 obj << +/D [5535 0 R /XYZ 178.171 492.154 null] +>> endobj +5557 0 obj << +/D [5535 0 R /XYZ 71.731 471.274 null] +>> endobj +5558 0 obj << +/D [5535 0 R /XYZ 71.731 471.274 null] +>> endobj +5559 0 obj << +/D [5535 0 R /XYZ 187.676 459.278 null] +>> endobj +5560 0 obj << +/D [5535 0 R /XYZ 71.731 437.196 null] +>> endobj +5561 0 obj << +/D [5535 0 R /XYZ 71.731 437.196 null] +>> endobj +5562 0 obj << +/D [5535 0 R /XYZ 192.657 426.401 null] +>> endobj +5563 0 obj << +/D [5535 0 R /XYZ 71.731 391.367 null] +>> endobj +5564 0 obj << +/D [5535 0 R /XYZ 71.731 358.491 null] +>> endobj +5565 0 obj << +/D [5535 0 R /XYZ 71.731 358.491 null] +>> endobj +5566 0 obj << +/D [5535 0 R /XYZ 180.313 347.696 null] +>> endobj +5567 0 obj << +/D [5535 0 R /XYZ 71.731 325.614 null] +>> endobj +5568 0 obj << +/D [5535 0 R /XYZ 71.731 325.614 null] +>> endobj +5569 0 obj << +/D [5535 0 R /XYZ 173.937 314.819 null] +>> endobj +5570 0 obj << +/D [5535 0 R /XYZ 71.731 292.737 null] +>> endobj +5571 0 obj << +/D [5535 0 R /XYZ 71.731 292.737 null] +>> endobj +5572 0 obj << +/D [5535 0 R /XYZ 200.866 281.943 null] +>> endobj +5573 0 obj << +/D [5535 0 R /XYZ 71.731 260.234 null] +>> endobj +5574 0 obj << +/D [5535 0 R /XYZ 71.731 260.234 null] +>> endobj +5575 0 obj << +/D [5535 0 R /XYZ 224.307 249.066 null] +>> endobj +5576 0 obj << +/D [5535 0 R /XYZ 71.731 228.961 null] +>> endobj +5577 0 obj << +/D [5535 0 R /XYZ 71.731 228.961 null] +>> endobj +5578 0 obj << +/D [5535 0 R /XYZ 207.152 216.189 null] +>> endobj +5579 0 obj << +/D [5535 0 R /XYZ 71.731 183.213 null] +>> endobj +5580 0 obj << +/D [5535 0 R /XYZ 71.731 183.213 null] +>> endobj +5581 0 obj << +/D [5535 0 R /XYZ 190.544 170.361 null] +>> endobj +5582 0 obj << +/D [5535 0 R /XYZ 200.398 170.361 null] +>> endobj +5583 0 obj << +/D [5535 0 R /XYZ 249.702 157.41 null] +>> endobj +5584 0 obj << +/D [5535 0 R /XYZ 71.731 135.328 null] +>> endobj +5585 0 obj << +/D [5535 0 R /XYZ 71.731 135.328 null] +>> endobj +5586 0 obj << +/D [5535 0 R /XYZ 185.015 124.533 null] +>> endobj +5534 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5589 0 obj << +/Length 1355 +/Filter /FlateDecode +>> +stream +xÚÍX]o£8}ï¯Èc¢Ýl0†•ö!3vgÕªUK¥JÛՊ€› !a2ŸÌoßkl'LŠû©ÑHMn|ï9÷ÜÀþá Èyp!"€›3w²‚o.Ï°¶˜k“yÇæ]|æ\h¡(ð&ñóÄó1 +)0À•Lâì·éb»åe–™Í u§ï‘º^å¢QwÕ³ºŠUùäºdµ«g˜N“ž6yUªïä×ö[ù¹˜ý +ÿzö!ÞÇG F +9‰@› +xþÆ¢9sCäù~‹à㪬 špÊYƳŸ¥kç`†ð«@þ*À(¢ +ŒHómÒ¬ÿšùŠQ†„ +Ž§>òI  +Ÿa +SëAãË5Í:]ôN–×<•ŽTõ«6Õ‰ +ËIkž4ô¢iê|)»Ö<Û µþ;Ѓ +].« +:°‡Þø¯yl˜u˜9PeŸXÁ:÷ +eÝÄúfОõàA_¶›C%Ëè +ÉNp€]x + +žù€„¯ÿyþ¡O +óp ŸÚ +]7F‡ÍöõšýM–VÐyGPXÊpg­ø +”¡ +ÍæÉ΂¹ûvE¿üqbvòõÐÁdðvˆº°[A+Ñ&&áȋœ¡«?™FŸ¿endstream +endobj +5588 0 obj << +/Type /Page +/Contents 5589 0 R +/Resources 5587 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5641 0 R +>> endobj +5590 0 obj << +/D [5588 0 R /XYZ 71.731 729.265 null] +>> endobj +5591 0 obj << +/D [5588 0 R /XYZ 71.731 741.22 null] +>> endobj +5592 0 obj << +/D [5588 0 R /XYZ 71.731 718.306 null] +>> endobj +5593 0 obj << +/D [5588 0 R /XYZ 71.731 718.306 null] +>> endobj +5594 0 obj << +/D [5588 0 R /XYZ 181.509 708.344 null] +>> endobj +5595 0 obj << +/D [5588 0 R /XYZ 71.731 653.385 null] +>> endobj +5596 0 obj << +/D [5588 0 R /XYZ 71.731 653.385 null] +>> endobj +5597 0 obj << +/D [5588 0 R /XYZ 198.286 642.59 null] +>> endobj +5598 0 obj << +/D [5588 0 R /XYZ 71.731 620.508 null] +>> endobj +5599 0 obj << +/D [5588 0 R /XYZ 71.731 620.508 null] +>> endobj +5600 0 obj << +/D [5588 0 R /XYZ 197.728 609.714 null] +>> endobj +5601 0 obj << +/D [5588 0 R /XYZ 71.731 587.631 null] +>> endobj +5602 0 obj << +/D [5588 0 R /XYZ 71.731 587.631 null] +>> endobj +5603 0 obj << +/D [5588 0 R /XYZ 186.48 576.837 null] +>> endobj +5604 0 obj << +/D [5588 0 R /XYZ 71.731 543.861 null] +>> endobj +5605 0 obj << +/D [5588 0 R /XYZ 71.731 543.861 null] +>> endobj +5606 0 obj << +/D [5588 0 R /XYZ 187.406 531.009 null] +>> endobj +5607 0 obj << +/D [5588 0 R /XYZ 71.731 509.3 null] +>> endobj +5608 0 obj << +/D [5588 0 R /XYZ 71.731 509.3 null] +>> endobj +5609 0 obj << +/D [5588 0 R /XYZ 189.708 498.132 null] +>> endobj +5610 0 obj << +/D [5588 0 R /XYZ 390.001 498.132 null] +>> endobj +5611 0 obj << +/D [5588 0 R /XYZ 71.731 476.05 null] +>> endobj +5612 0 obj << +/D [5588 0 R /XYZ 71.731 476.05 null] +>> endobj +5613 0 obj << +/D [5588 0 R /XYZ 214.714 465.255 null] +>> endobj +5614 0 obj << +/D [5588 0 R /XYZ 71.731 443.173 null] +>> endobj +5615 0 obj << +/D [5588 0 R /XYZ 71.731 443.173 null] +>> endobj +5616 0 obj << +/D [5588 0 R /XYZ 183.133 432.379 null] +>> endobj +5617 0 obj << +/D [5588 0 R /XYZ 71.731 410.296 null] +>> endobj +5618 0 obj << +/D [5588 0 R /XYZ 71.731 410.296 null] +>> endobj +5619 0 obj << +/D [5588 0 R /XYZ 185.135 399.502 null] +>> endobj +5620 0 obj << +/D [5588 0 R /XYZ 71.731 364.468 null] +>> endobj +5621 0 obj << +/D [5588 0 R /XYZ 71.731 364.468 null] +>> endobj +5622 0 obj << +/D [5588 0 R /XYZ 197.628 353.674 null] +>> endobj +5623 0 obj << +/D [5588 0 R /XYZ 71.731 318.64 null] +>> endobj +5624 0 obj << +/D [5588 0 R /XYZ 71.731 318.64 null] +>> endobj +5625 0 obj << +/D [5588 0 R /XYZ 171.716 307.846 null] +>> endobj +5626 0 obj << +/D [5588 0 R /XYZ 71.731 273.186 null] +>> endobj +5627 0 obj << +/D [5588 0 R /XYZ 71.731 273.186 null] +>> endobj +5628 0 obj << +/D [5588 0 R /XYZ 193.304 262.017 null] +>> endobj +5629 0 obj << +/D [5588 0 R /XYZ 71.731 239.935 null] +>> endobj +5630 0 obj << +/D [5588 0 R /XYZ 71.731 239.935 null] +>> endobj +5631 0 obj << +/D [5588 0 R /XYZ 193.643 229.141 null] +>> endobj +5632 0 obj << +/D [5588 0 R /XYZ 71.731 207.059 null] +>> endobj +5633 0 obj << +/D [5588 0 R /XYZ 71.731 207.059 null] +>> endobj +5634 0 obj << +/D [5588 0 R /XYZ 186.659 196.264 null] +>> endobj +5635 0 obj << +/D [5588 0 R /XYZ 71.731 174.182 null] +>> endobj +5636 0 obj << +/D [5588 0 R /XYZ 71.731 174.182 null] +>> endobj +5637 0 obj << +/D [5588 0 R /XYZ 224.019 163.387 null] +>> endobj +5638 0 obj << +/D [5588 0 R /XYZ 71.731 128.354 null] +>> endobj +5639 0 obj << +/D [5588 0 R /XYZ 71.731 128.354 null] +>> endobj +5640 0 obj << +/D [5588 0 R /XYZ 190.903 117.559 null] +>> endobj +5587 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F46 1173 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5644 0 obj << +/Length 1470 +/Filter /FlateDecode +>> +stream +xÚÕX[oÛ6}ϯð[d¬fEêÞaÀ²^†ÃV,.`Ý#Ñ6Q™4D9©ÿý>Þ,Y’Û¬íK €(^ŸsxŸ‹Œg!üáY†QAC +DÒdVn/ÂÙÞü~ÝŒ +›²èÍùmyñü +)f*Òh¶\Í¢£þù€šÃÊT¯ÌC”%)œ€—üt{{;_€!˜ÛØv¡GÌ"’uÇ¥ÊãÌ-úHHf1^U•ÛØVíïچ–Ž²–yò`O +ÜÚþª‘[÷~ãž2FƒíóNÖŒÔô +æi kOþÇ9JÃh¶Ð7˜e +þ÷Š5áì$Aq†¿vú=°O1ÇE‡Ùúhž$BΊáâ§Üô.y*pɹÝè©À~Üø©ÀÏFžô‹W²®åœ$ÁëÓ\a +hã3ÄLQìCà ±À¢{ýŠÖïÕ +B)Xv¯Ía͋1õá‰GÝ°€ÜÈòÓ +‡k'˜O J²Ø‘x'eÍšS +‡ˆdɈêk—1÷B±ö™íWÒ¶BúŽ +Yw¡Ÿq°¥Âݔ:Zè³lv0Ý6@Œc—¶—®F‹íՄ@@\è;B +KýÔ_ˆ^çA+í}Óêž+æƌu0xrro2ˆHš-oí(`Ж5g¢uƒT¹ +¥)z#ú,£(·•ÌèS¿’_1G˜¥Ÿ-ÚÐÁÄfË· +EæEÑ)âJœ‡÷Œš*%2Þ/ß_¿+ª”0Ô +Q|Øðrc»{e,‡^I5 +Qjƒ +fx6˜a‚ŬgZríCwÁÈ,ý4ˆ(úÝ×­ +0š€ +CûšuÔHÙZÝLÄ©0EqœŸ§çÙ^©ÝÊæ +EyT8vz.̛ð $ +yÐ;SbvtúßÒÏNêØ¢rCõÌ{—Ç寗Ü Vìz;.îšb•s(BØÓ× +Ýë¢å%íª\9á°Úc¿è°òÉøj°ü¯˜DµßídÓvvCfÙ@ÆвåŽvËî9}g:sÓ#x¹1%4hãoŠÂbÅ'>Þj»ß(‰ŽÎÇÄ."–­AG‰ôÔøðUñ†•úC6‡ÇD¿±ŠAY”ŽDÜ6|÷Jn)ø²Ò×7Fý7ۜRúžÁµWp: ãâìg +—¶¿‘ªtëÞüìLì"È +;r`‘9øUÒöª,Ùn*Å*Bò(²ã³rj›=szÚ« öhU5€Ý=ž4óIج'†âë¹õ^x×w!"Gʇ>Á5={‰.~̲׵·@Ü£° +E=µŽfvL•Ÿ@!k¹žrw˜È3ÏÁሻXŸrãt=‡hÊ +jåÜ ; ++ýPb + +¯Pd tšf +‡³ì©AGÎo7îÓµáªÇ0çÛQçŠ@L +ã©–q^«¯Êê?+ÓS6ܛ8Ùðö0•Ê0Ê +òµ bƒPw +uy,Å¥ö/Z÷k +âO(R;VBÈ÷Ûuth³;jw +—z€cΟèüÂê +iv¢g$ +OÞËLJ +™û}®ý¿ëÑ¥ëÃ>]¥6t’“ð8Y +áa`hðq®C/œws¢«ŠÉ/‰"säSŠÉéúÛMì·w°Åøë +£" +Ȉ®¶ƒŽ« +ˆöbzì™ÂÏ|lºž®‡6r_Wvž>бtj®Zæœ +qËç‚6.²,;æ€þO{î—Ç8G9|û}é·ÉnÊè§ÉŠÎøuS4|LŠ3¿"Žúgoq8endstream +endobj +5643 0 obj << +/Type /Page +/Contents 5644 0 R +/Resources 5642 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5641 0 R +>> endobj +5645 0 obj << +/D [5643 0 R /XYZ 71.731 729.265 null] +>> endobj +5646 0 obj << +/D [5643 0 R /XYZ 71.731 718.306 null] +>> endobj +5647 0 obj << +/D [5643 0 R /XYZ 71.731 718.306 null] +>> endobj +5648 0 obj << +/D [5643 0 R /XYZ 200.308 708.344 null] +>> endobj +5649 0 obj << +/D [5643 0 R /XYZ 71.731 653.385 null] +>> endobj +5650 0 obj << +/D [5643 0 R /XYZ 71.731 653.385 null] +>> endobj +5651 0 obj << +/D [5643 0 R /XYZ 175.023 642.59 null] +>> endobj +5652 0 obj << +/D [5643 0 R /XYZ 71.731 620.508 null] +>> endobj +5653 0 obj << +/D [5643 0 R /XYZ 71.731 620.508 null] +>> endobj +5654 0 obj << +/D [5643 0 R /XYZ 175.023 609.714 null] +>> endobj +5655 0 obj << +/D [5643 0 R /XYZ 71.731 587.631 null] +>> endobj +5656 0 obj << +/D [5643 0 R /XYZ 71.731 587.631 null] +>> endobj +5657 0 obj << +/D [5643 0 R /XYZ 175.023 576.837 null] +>> endobj +5658 0 obj << +/D [5643 0 R /XYZ 71.731 554.755 null] +>> endobj +5659 0 obj << +/D [5643 0 R /XYZ 71.731 554.755 null] +>> endobj +5660 0 obj << +/D [5643 0 R /XYZ 175.023 543.96 null] +>> endobj +5661 0 obj << +/D [5643 0 R /XYZ 71.731 521.878 null] +>> endobj +5662 0 obj << +/D [5643 0 R /XYZ 71.731 489.001 null] +>> endobj +5663 0 obj << +/D [5643 0 R /XYZ 71.731 489.001 null] +>> endobj +5664 0 obj << +/D [5643 0 R /XYZ 182.126 478.207 null] +>> endobj +5665 0 obj << +/D [5643 0 R /XYZ 71.731 432.279 null] +>> endobj +5666 0 obj << +/D [5643 0 R /XYZ 71.731 432.279 null] +>> endobj +5667 0 obj << +/D [5643 0 R /XYZ 206.943 419.427 null] +>> endobj +5668 0 obj << +/D [5643 0 R /XYZ 71.731 397.719 null] +>> endobj +5669 0 obj << +/D [5643 0 R /XYZ 71.731 397.719 null] +>> endobj +5670 0 obj << +/D [5643 0 R /XYZ 207.391 386.55 null] +>> endobj +5671 0 obj << +/D [5643 0 R /XYZ 71.731 338.939 null] +>> endobj +5672 0 obj << +/D [5643 0 R /XYZ 71.731 338.939 null] +>> endobj +5673 0 obj << +/D [5643 0 R /XYZ 183.153 327.771 null] +>> endobj +5674 0 obj << +/D [5643 0 R /XYZ 71.731 305.689 null] +>> endobj +5675 0 obj << +/D [5643 0 R /XYZ 71.731 305.689 null] +>> endobj +5676 0 obj << +/D [5643 0 R /XYZ 193.862 294.894 null] +>> endobj +5677 0 obj << +/D [5643 0 R /XYZ 71.731 259.861 null] +>> endobj +5678 0 obj << +/D [5643 0 R /XYZ 71.731 259.861 null] +>> endobj +5679 0 obj << +/D [5643 0 R /XYZ 217.454 249.066 null] +>> endobj +5680 0 obj << +/D [5643 0 R /XYZ 71.731 201.081 null] +>> endobj +5681 0 obj << +/D [5643 0 R /XYZ 71.731 201.081 null] +>> endobj +5682 0 obj << +/D [5643 0 R /XYZ 201.344 190.286 null] +>> endobj +5683 0 obj << +/D [5643 0 R /XYZ 71.731 155.253 null] +>> endobj +5684 0 obj << +/D [5643 0 R /XYZ 71.731 155.253 null] +>> endobj +5685 0 obj << +/D [5643 0 R /XYZ 189.429 144.458 null] +>> endobj +5686 0 obj << +/D [5643 0 R /XYZ 71.731 122.376 null] +>> endobj +5687 0 obj << +/D [5643 0 R /XYZ 71.731 122.376 null] +>> endobj +5688 0 obj << +/D [5643 0 R /XYZ 185.135 111.582 null] +>> endobj +5642 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5691 0 obj << +/Length 1587 +/Filter /FlateDecode +>> +stream +xڕXÛnÛ8}ÏWøÑÆÖ4)‰ºèÙ$]d7èûPŽÅ‚–h›ˆné$þû +J€îI»Éř9gæÌÐdá,‚.N„ +Ÿ.âì/ðäÏ +bV¬Í’uoÍۋÍ'ZD(òÝÅv¿p=‚BJëÀÕYl“oË«²äy"^Vk‡âå5j®÷Bªæ®Ø7מȿcì +NՊÐ%[‘¥EÞ<ÓRn֗ú{¹ú±ýëâvÛúG +‚\çÍ̒I®×E@H„(x +๞WGðÀÕ¯ðòIÿãÕ]®xµg1¯œØ|€ˆCØÀׄùQõ›wŸVkã%K’ŠKÙ¬v‚Î +õ‘ +֚Õß +'hbÜ +M°z}µ4(ˆ$Eí̊%8d 2°e§T‰µ]€»»â6!ÍudÊÞqíâbM<a/‚E†GÉ«'Í + Q/–Çâ”&ÍýIš÷ +yš¿<E~èŒNxãøeœ7!±4Õ™ŸØíî>®\ºŒº¹ùüïÕǯÆÉ¢¹ +\ +¿‚]PƒqŸRŒXët +|CŠÂ)ÔùŸ( +Oå +‘‹(q +5’?Õ«§ +zÀ`0eÌ8µژÁ“³Ì„˜Öö›{^U°€, +(ÏGnˆŽûìÏ8-ÏÊŠË„#‘ðšè†UÈí0€V‡ä7/ñc +yPr»]ÆT|ÿž +œr,€êBŠS&2nRcw +­SÁs +,L|ôž¬xÌ¡SçÐ/ø7ˆ +êH i +xÉ*Šø}qsŒBه–ª]Q€œå3„bäބÐ;#Sª:ñwšHv°`ì«"kî±×äïµf,!Ö~ܖZ‘ŠŸ6‹™Ígiâéè£Ô7ô‘Ú?x«¯=híx±JÛ£BhëáÔ)Vk÷Ø­_Ù:c"o›Šxœ•iї€h< <²ÿ®¶Ú‹›NS. +õg +›ä?M÷뚙튄KÈÛ{‘ 5“=F¶zž'r>{Ȍ k +mÍkF9s% +èy­L/ýtÑMpk +¿œRwðr]äé¹eïšžEÞ8ê/7ŸV·ŒŠ•èZÛLÜ>44ìþRÕÐIÜç“e °þÛe×ý­¶Y£Äۜ à€ìy–5ù?'Û0 +Áb +Q†ƒh?óŒUò²×>­*¡¢¢­˜W:!ŠBMƒu0ÂÄËòd”ûܔ¿F¶mm£4ZÊ*[c©îÝÏugي +” žÃ¢kØVŠr[mbõ߶×CϑüÝÈÝŽˆÁ‡ŒâƒAñii·©Ã`_gè䌗 +8mŝ©ã+‚QVEÜN8"ksý—B˜}äe hSa‰<~”§¬mV¶JÅ*e»2Óeh4%*Ô;ûÈv¹Âf÷”vªÍ@Ã5JM‘ @!h]˜^€Bøf +3­ +ºFà +Œ„ËÛ˜Úò†˜Q©™·z ~õ@梛˜-Ÿ,·é¶ªb•éƹ®ŽlgóÄ®6 +Ô¶È +*–ɍŒ+Q*Ù >žÁÝ0@{põÁµù!Ü®Y÷5çˆ^ˆãjlŽ¬TÖá`lÚsCŒiÚ®yÓôx#mú÷ž=貶(9ƒQåp9#º.öážhúV“ª1|L™ +Nª·¹ª——?ë`ÿ@Ÿ.² +’q~Œ +|+i›ý)M7º +7ªØÔÜ®ÖppÈŠŸ: +ÓÁV—†l;Ôäs›éY[IcMNÎv¥0Bàâš+muO:—sÈ +é• +l$hÝ\Š¢¹þbœíŠ> endobj +5712 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [387.504 384.718 426.517 393.63] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +5692 0 obj << +/D [5690 0 R /XYZ 71.731 729.265 null] +>> endobj +5693 0 obj << +/D [5690 0 R /XYZ 71.731 741.22 null] +>> endobj +5694 0 obj << +/D [5690 0 R /XYZ 71.731 718.306 null] +>> endobj +5695 0 obj << +/D [5690 0 R /XYZ 71.731 718.306 null] +>> endobj +5696 0 obj << +/D [5690 0 R /XYZ 205.249 708.344 null] +>> endobj +5697 0 obj << +/D [5690 0 R /XYZ 71.731 673.31 null] +>> endobj +5698 0 obj << +/D [5690 0 R /XYZ 71.731 673.31 null] +>> endobj +5699 0 obj << +/D [5690 0 R /XYZ 193.065 662.516 null] +>> endobj +5700 0 obj << +/D [5690 0 R /XYZ 71.731 627.482 null] +>> endobj +5701 0 obj << +/D [5690 0 R /XYZ 71.731 627.482 null] +>> endobj +5702 0 obj << +/D [5690 0 R /XYZ 198.834 616.687 null] +>> endobj +5703 0 obj << +/D [5690 0 R /XYZ 71.731 568.702 null] +>> endobj +5704 0 obj << +/D [5690 0 R /XYZ 71.731 568.702 null] +>> endobj +5705 0 obj << +/D [5690 0 R /XYZ 210.28 557.908 null] +>> endobj +5706 0 obj << +/D [5690 0 R /XYZ 71.731 535.826 null] +>> endobj +5707 0 obj << +/D [5690 0 R /XYZ 71.731 535.826 null] +>> endobj +5708 0 obj << +/D [5690 0 R /XYZ 185.155 525.031 null] +>> endobj +5709 0 obj << +/D [5690 0 R /XYZ 71.731 502.949 null] +>> endobj +5710 0 obj << +/D [5690 0 R /XYZ 172.124 492.154 null] +>> endobj +1141 0 obj << +/D [5690 0 R /XYZ 71.731 462.849 null] +>> endobj +750 0 obj << +/D [5690 0 R /XYZ 185.592 419.752 null] +>> endobj +5711 0 obj << +/D [5690 0 R /XYZ 71.731 399.612 null] +>> endobj +5713 0 obj << +/D [5690 0 R /XYZ 71.731 364.793 null] +>> endobj +5714 0 obj << +/D [5690 0 R /XYZ 71.731 364.793 null] +>> endobj +5715 0 obj << +/D [5690 0 R /XYZ 71.731 332.589 null] +>> endobj +5716 0 obj << +/D [5690 0 R /XYZ 71.731 301.097 null] +>> endobj +5717 0 obj << +/D [5690 0 R /XYZ 71.731 301.097 null] +>> endobj +5718 0 obj << +/D [5690 0 R /XYZ 193.314 288.245 null] +>> endobj +5719 0 obj << +/D [5690 0 R /XYZ 71.731 266.297 null] +>> endobj +5720 0 obj << +/D [5690 0 R /XYZ 71.731 266.297 null] +>> endobj +5721 0 obj << +/D [5690 0 R /XYZ 159.362 255.368 null] +>> endobj +5722 0 obj << +/D [5690 0 R /XYZ 71.731 233.286 null] +>> endobj +5723 0 obj << +/D [5690 0 R /XYZ 71.731 233.286 null] +>> endobj +5724 0 obj << +/D [5690 0 R /XYZ 198.844 222.492 null] +>> endobj +5725 0 obj << +/D [5690 0 R /XYZ 71.731 202.387 null] +>> endobj +5726 0 obj << +/D [5690 0 R /XYZ 71.731 202.387 null] +>> endobj +5727 0 obj << +/D [5690 0 R /XYZ 172.812 189.615 null] +>> endobj +5728 0 obj << +/D [5690 0 R /XYZ 71.731 167.533 null] +>> endobj +5729 0 obj << +/D [5690 0 R /XYZ 71.731 167.533 null] +>> endobj +5730 0 obj << +/D [5690 0 R /XYZ 183.342 156.738 null] +>> endobj +5731 0 obj << +/D [5690 0 R /XYZ 71.731 134.656 null] +>> endobj +5732 0 obj << +/D [5690 0 R /XYZ 71.731 134.656 null] +>> endobj +5733 0 obj << +/D [5690 0 R /XYZ 187.586 123.862 null] +>> endobj +5689 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5736 0 obj << +/Length 1805 +/Filter /FlateDecode +>> +stream +xÚµXÛrÛ6}÷Wè­ÔŒà=3éĵº7i'jûä!‹5(ŒDÑßw,(R”i3ŒÃÛb±—³gb +ÿØ$f$öáÂS£p²Ú^ÐÉ|ùù‚¡Ä +Ef=™Ÿó×<€$üÉb=ñF’0œÄ>‡+Ÿ,òÞÕn'd^|ÎxHœkb¯÷EÝØ;µ¶×•’)åm5e¡—M™×JÚoúC)P~§ß×ÓO‹7·‹ÎŸ3âóg=@‘‘~pô€±”„`yLâñàœh^e#ª·ªy©÷¿Xé%aBx 7Ѳ¥öˈðøš•„:‰œÇ֓¿Š žSåµ}” +#’•¥šòÐÛ‹ÜŸ(0 +[Q©ëìA»GßòY ÁM +û8 +Z~%ó3–GŒPþý†Wâs[TÎ؏4€W÷÷paÿÊúPÿŒñïªsQHÊýÿÃø +ÓPŠ¬Ã(X.Å9—žô'K}çPä +ºYÞ[qÎ!XK4·Py=ö) „3ä”ÓkŸ–¢Ù +!»ºªÁ|±j›B£ê‹./\ÔêsÖ3J cñi>nÄ:k˳E@IˆV-•‚ÐÉó¶ÇáÈvÐkor±ž2€?ì`_€ +õŸ•’[!õË 5)º{÷ë­YWjkïæ¢YÍwY]ïóKT|w{ÿrŸ,äŒÞ\j{&³”’l˜1NR$šßŠ)÷®ŠŒ1oq÷r^ƒü‹y[Wx·,tòíx¡A€ãlÂbHGhBÄ$7³ "AšÍׄùšïâÄ». +ðà\BqY/ЋMà +I°è +Th ÿecµV•Ï¡í˜R–‡izÄŹ§l€)äËqîéÀ–hø§±åtî[ÙT +@·­«œ¥²|³œ[ì7 +°ûŸAœÏH”"˜6ªnd¶¯ê¬l^}UÛ1¯ÕØì™]8D¶8m'̇4òdâ‡>æs¶Ÿ8™YOȶÄÞv§Šì~œLDÄmž0hPÏïmEžßzšFïü£C¢ÀöLr„±Ýµ +Š)³‹µ²È-Æ #BËT4h˜<,\¢]nžBF‡ÍRÜqE³q„ÜI® +&\5hÜ +‰­>å +ŠoÈÐýýF×öjƒõå4¶Òr¢Fb'þš[ Kãö¥Síjr_”åÐ- +ܺ +Ì;اϠ¡ÐÌë7.8—nÀk» +;£®<¯ Ó` +ßáppô¹Ò4ÙÙ$*a³TÔC­[ÑlT>ðŒώ!~h³ +(Ež0:L + +QænÝMŽÞ}˵ccu.Nžž+òĎ|p*;Mæ&«]Vq/BHÇÒ'9ìPižÑŠÎôœÃÐßGÙ¯ +Ë­¢íil݂Ú5±vw¬˜L¢C«X=: +ŽÓeJʎ&zVbÝÖ.,ËÃÙlº‚•Ã‚ŽÙ +À‰ã +Ž;ÖâQCŒ9™qNh7ä^÷mÓêšFlw®Áüžx®úZÝ<ÍñCš°·=ˆŒ‰%é&»EãÆ’0rÓÄ/ò”,VY-.qUÚg`ÃďšxfJ"hv“®Ø»MªÅPoTë +ÒCFŒ +é§!Œ€@Éa€éúóŇOt’µ¿¿¿áo¡ +}N + +‘4õ'•˜¬/Þ_üÞiÒ¹’DÁsJìb'8R2söÌRh?i¯}€© +|L"xêqà|=£˜Ô_éñùÏÛ«iJœ + + +“ºäAX#'±i³a‚V¥–S®'êmmÇ![p£òŒhìÜOB®T +eoçqxamžš"Ò-œ™×Î>¶$møå×îP‰ŠšÌ©¡)·ºéJúh›.4=ÑõI>LŒŒÇÒCØØs?&~â’KgÖ[÷æ|kjғ0ƒ¹,UÛØÛVjþ©œœ·²Òö1O•V +Ff'@_šißt`Fä*x±nè®ÄØ1hÖzvµg¥5k +Ö +ê±wpdŽ¢î0åNI Ú’à¶VöºÖJ² +Kð"o +œiP¢€±1®µ³ˆvΖÚweãóˆç›%@/—ÊŽ³qµeõ#s„öº5˜Æôˆ'ð”ˆÉûjoZFµÆÙÔ@žG”Ä)  p +÷_ÉÒg ¡@e3-È¿ƒ»g‰®¢ÎˆÐ»ÿٟق„$p?÷+[HÁ%À:Š^òÙ?ˆ +õž­þ +Ë–endstream +endobj +5735 0 obj << +/Type /Page +/Contents 5736 0 R +/Resources 5734 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5641 0 R +/Annots [ 5759 0 R ] +>> endobj +5759 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [136.428 350.845 181.26 359.757] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +5737 0 obj << +/D [5735 0 R /XYZ 71.731 729.265 null] +>> endobj +5738 0 obj << +/D [5735 0 R /XYZ 71.731 718.306 null] +>> endobj +5739 0 obj << +/D [5735 0 R /XYZ 71.731 718.306 null] +>> endobj +5740 0 obj << +/D [5735 0 R /XYZ 177.793 708.344 null] +>> endobj +5741 0 obj << +/D [5735 0 R /XYZ 71.731 653.385 null] +>> endobj +5742 0 obj << +/D [5735 0 R /XYZ 71.731 653.385 null] +>> endobj +5743 0 obj << +/D [5735 0 R /XYZ 174.475 642.59 null] +>> endobj +5744 0 obj << +/D [5735 0 R /XYZ 71.731 620.508 null] +>> endobj +5745 0 obj << +/D [5735 0 R /XYZ 71.731 620.508 null] +>> endobj +5746 0 obj << +/D [5735 0 R /XYZ 179.456 609.714 null] +>> endobj +5747 0 obj << +/D [5735 0 R /XYZ 71.731 589.609 null] +>> endobj +5748 0 obj << +/D [5735 0 R /XYZ 71.731 589.609 null] +>> endobj +5749 0 obj << +/D [5735 0 R /XYZ 170.052 576.837 null] +>> endobj +1142 0 obj << +/D [5735 0 R /XYZ 71.731 560.857 null] +>> endobj +754 0 obj << +/D [5735 0 R /XYZ 175.057 517.386 null] +>> endobj +5750 0 obj << +/D [5735 0 R /XYZ 71.731 497.245 null] +>> endobj +5751 0 obj << +/D [5735 0 R /XYZ 227.794 484.509 null] +>> endobj +5752 0 obj << +/D [5735 0 R /XYZ 71.731 462.427 null] +>> endobj +5753 0 obj << +/D [5735 0 R /XYZ 71.731 462.427 null] +>> endobj +5754 0 obj << +/D [5735 0 R /XYZ 71.731 430.223 null] +>> endobj +5755 0 obj << +/D [5735 0 R /XYZ 71.731 398.731 null] +>> endobj +5756 0 obj << +/D [5735 0 R /XYZ 71.731 398.731 null] +>> endobj +5757 0 obj << +/D [5735 0 R /XYZ 151.242 385.879 null] +>> endobj +5758 0 obj << +/D [5735 0 R /XYZ 71.731 365.774 null] +>> endobj +5760 0 obj << +/D [5735 0 R /XYZ 71.731 330.92 null] +>> endobj +5761 0 obj << +/D [5735 0 R /XYZ 241.593 268.32 null] +>> endobj +5762 0 obj << +/D [5735 0 R /XYZ 427.823 268.32 null] +>> endobj +5763 0 obj << +/D [5735 0 R /XYZ 119.552 255.368 null] +>> endobj +5764 0 obj << +/D [5735 0 R /XYZ 71.731 253.212 null] +>> endobj +5765 0 obj << +/D [5735 0 R /XYZ 166.376 202.716 null] +>> endobj +5766 0 obj << +/D [5735 0 R /XYZ 230.153 179.583 null] +>> endobj +5767 0 obj << +/D [5735 0 R /XYZ 198.591 167.927 null] +>> endobj +5768 0 obj << +/D [5735 0 R /XYZ 166.376 136.161 null] +>> endobj +5734 0 obj << +/Font << /F29 790 0 R /F34 797 0 R /F55 1335 0 R /F27 788 0 R /F21 781 0 R /F44 1165 0 R /F51 1285 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5771 0 obj << +/Length 1460 +/Filter /FlateDecode +>> +stream +xÚ­XKÛ6Ÿï¯ðÑ֌H‰–Ô[ƒ&Š4ía +Ú +®Ek‰ÕÃ%©lœ_ß¡ø°$KÛ +Œ+* +ÎÌ÷̓CáUÿð*Å(áArDvtµ¯o¢U ¿|žÁN"IrD³ +Ö3?n)Á(&«í@ÁÛ»›7ï ^‘íhŸº;#QŒHŒ[ݯ> +ySˆo›-I³õ/›8Z#»þ(”¶«ö`ŸÓì‘)nߟDáÕ¯ +µùçîW0•®r”ïbc)IQŠ·qŽbpËXº{2i4To5;ÙÅS[võ%¢‘€?ØŸ +°Ñh.V¹-\)VºýÙÖvuê*~k—ÚÛªÚÒ.—_7˜®¹Ü$Ñډ±fhq`r_ ÞôIî­)d20.°ŸÅåԂ«˜­„䪫ŽóœqÜägn(pœDýFýÒ^²‡w(ËvNB¶B×/ê'«±m<ðVNÀ¯=G@\ɧX_Q0 é’hÉ÷­,DSž7 +¶i‚Rœ96pï2“R§¿š?>j}œæ.xËʋ¶R”¢a:–Œn5÷9£ô_Ø©hÕ¬>"×GŽã؁Ë1]å\dõéȕs˜5vñ8 €lÄwîL?ºTÖÅÒ3Ž<&EÔŵj78Z—r§k~žÌ‚˜ B3'm«m®ŠsïLe3Ä€/²1ÁcqA +Yj+ý7ð +b{š+B§] +#ížâš‰JChÄ+ϊwŠ÷?NhshIØù_{î "z+d|DVŠo=8ÈR~6ôMâ\Š!æ쪯—‚';ˈpš¹æ{ +áêY"$C“Qžë¶Þ +2®m\æŒ7ÄùjQmí +š×iå}mõ“]5]Í¥ØzËçϟgÜVZ†ŽvµÒyZ™ +Ivl%ø +“{ÖùÐéI?²š%kTÕcðÛô +çÍÔS¡l˜M!mՑï-øP1Â{S¹$sﺵÏ#— ׀»#dW +ån“ÆšS¢„’îä\ÁùÌìóêLš²Ø¬”9' +î\ÿ +ää\r^+8ßBáúÚìèÚix˔Øî“ù?G~Ý*= ­šîx„—aE!LT|Wáo(ӕ/GDQžáIçšU9[I˜&NR +|ó¡!7¹}x +SD05·8%t·Ú&í؁»‘àožÏ{Ϝ:'ËÑ܄è›Ùqóî.Œ+Ã,ñ63 +ɒ¹‰† d2ëLŸaöÁ„ (: +š³ÃÏðL +Q$IÓ`Òøx߈;_ÌÁ×ùô + +&7!ێRÔLºŽúl‚Ò«8 +;18@šé5(ÇI`Fچ?ËI”¡$N¯ÆÉYÝ2'NÆx÷—íd>£éknH°G·o„Ÿî?~œšðCT8`žŒ¢b:ɱá€p;SE£ä2Á°¢Î̹k +À³Ðž'Ž‡ù` +ñ‹)ªä¯ÇÒôÎ¥`Æ4A»8¿V0êƒéeF3÷Sh\/ÐùbnC#ó—™x_ƒmè[„c”æäj°Ïê–a;™ì +€ÛÜ} +«rÝs.IA<Ù] +î@Ý"\/3‚ëÝì“\èÓhP­Y,Áì?’á +f”_-Áꖡ;™ôQ{Zñêð?UËÔÓ(3¹zµô +š[åeú;¹kDO|ÿ¬:×[ÕqÿòØ»&L>ĝIk$Ñz[p3›4œ=V“q™!è€òô`fõN-²D#”Dôj,Õ-³ädŒ‹ŸÞý99dngžþÅ áÖ~¯Fw4hsœ·ŒÒ¬9M€Ã.\%ÝIÓôþy:~ZnF¬³<5ŽL/ç^džÙÕX=«[fÕÉ×þ0Æüõ`,Œðn‚³€¶œ) +ær4ø~îÉõa€7LMCZÜ'«$Cž‰¶Nb{±@‡_\¢ +Šáœ@ö$'ŽÉԔû„viê?Ööԛendstream +endobj +5770 0 obj << +/Type /Page +/Contents 5771 0 R +/Resources 5769 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5641 0 R +>> endobj +5772 0 obj << +/D [5770 0 R /XYZ 71.731 729.265 null] +>> endobj +1143 0 obj << +/D [5770 0 R /XYZ 71.731 718.306 null] +>> endobj +758 0 obj << +/D [5770 0 R /XYZ 414.349 703.236 null] +>> endobj +5773 0 obj << +/D [5770 0 R /XYZ 71.731 672.579 null] +>> endobj +5774 0 obj << +/D [5770 0 R /XYZ 317.099 663.903 null] +>> endobj +5775 0 obj << +/D [5770 0 R /XYZ 177.384 650.952 null] +>> endobj +5776 0 obj << +/D [5770 0 R /XYZ 244.602 625.049 null] +>> endobj +5777 0 obj << +/D [5770 0 R /XYZ 71.731 602.967 null] +>> endobj +5778 0 obj << +/D [5770 0 R /XYZ 310.862 592.172 null] +>> endobj +5779 0 obj << +/D [5770 0 R /XYZ 225.533 540.367 null] +>> endobj +1144 0 obj << +/D [5770 0 R /XYZ 71.731 538.329 null] +>> endobj +762 0 obj << +/D [5770 0 R /XYZ 171.682 495.112 null] +>> endobj +5780 0 obj << +/D [5770 0 R /XYZ 71.731 494.897 null] +>> endobj +5781 0 obj << +/D [5770 0 R /XYZ 71.731 479.953 null] +>> endobj +5782 0 obj << +/D [5770 0 R /XYZ 71.731 465.06 null] +>> endobj +5783 0 obj << +/D [5770 0 R /XYZ 139.477 449.284 null] +>> endobj +5784 0 obj << +/D [5770 0 R /XYZ 71.731 437.165 null] +>> endobj +5785 0 obj << +/D [5770 0 R /XYZ 71.731 424.213 null] +>> endobj +5786 0 obj << +/D [5770 0 R /XYZ 139.477 408.437 null] +>> endobj +5787 0 obj << +/D [5770 0 R /XYZ 71.731 383.367 null] +>> endobj +5788 0 obj << +/D [5770 0 R /XYZ 71.731 370.415 null] +>> endobj +5789 0 obj << +/D [5770 0 R /XYZ 139.477 354.639 null] +>> endobj +5790 0 obj << +/D [5770 0 R /XYZ 71.731 342.52 null] +>> endobj +5791 0 obj << +/D [5770 0 R /XYZ 71.731 329.568 null] +>> endobj +5792 0 obj << +/D [5770 0 R /XYZ 139.477 313.792 null] +>> endobj +5793 0 obj << +/D [5770 0 R /XYZ 71.731 301.673 null] +>> endobj +5794 0 obj << +/D [5770 0 R /XYZ 71.731 288.721 null] +>> endobj +5795 0 obj << +/D [5770 0 R /XYZ 139.477 272.946 null] +>> endobj +5796 0 obj << +/D [5770 0 R /XYZ 71.731 260.826 null] +>> endobj +5797 0 obj << +/D [5770 0 R /XYZ 71.731 247.875 null] +>> endobj +5798 0 obj << +/D [5770 0 R /XYZ 139.477 232.099 null] +>> endobj +5799 0 obj << +/D [5770 0 R /XYZ 71.731 219.979 null] +>> endobj +5800 0 obj << +/D [5770 0 R /XYZ 71.731 207.028 null] +>> endobj +5801 0 obj << +/D [5770 0 R /XYZ 139.477 191.252 null] +>> endobj +5802 0 obj << +/D [5770 0 R /XYZ 71.731 181.19 null] +>> endobj +5803 0 obj << +/D [5770 0 R /XYZ 71.731 166.181 null] +>> endobj +5804 0 obj << +/D [5770 0 R /XYZ 139.477 150.405 null] +>> endobj +5805 0 obj << +/D [5770 0 R /XYZ 279.222 150.405 null] +>> endobj +5806 0 obj << +/D [5770 0 R /XYZ 71.731 138.286 null] +>> endobj +5807 0 obj << +/D [5770 0 R /XYZ 71.731 125.334 null] +>> endobj +5808 0 obj << +/D [5770 0 R /XYZ 139.477 109.558 null] +>> endobj +5809 0 obj << +/D [5770 0 R /XYZ 71.731 48.817 null] +>> endobj +5769 0 obj << +/Font << /F21 781 0 R /F27 788 0 R /F29 790 0 R /F34 797 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5812 0 obj << +/Length 1132 +/Filter /FlateDecode +>> +stream +xÚµ˜Kã6 +€ïó+|L€ +%¿ÛÎ6˜¢hhzêÅV +wý,»Ýù÷¥lÊV+³Œ!(òI‘ŠŽ +ԉ(‰<ž°„°0pÒêÁurøe÷@QâE + +™öO?±ÄIHzÎþèx1%±ï;‘ÇH +0gŸý¹ùx>‹:+ŸmYànžÉxý¥Ýx× +ÇkÆ;~àRŒO_\—‰rK7™ÜþµÿùáÓ~²$`”xì®­(rkk4ÛJiB°1rcâÍÊÖ^Š¶È®ԒaâŸÒ¥ñž1~¹ŸN¶Qƈëƒq†º[㌄øQ4-©Œûãåù’XwBXi߶¢FžÊ‡ñ®@¹v)¶,Øü£þq-úÅ +\Arr)ÎÓTH‰K4ønޕ=n)Œ/J Z(QÌÀ7p€Î#ž˜Ðiޞ­<}ž†þjcX8oyeå + +Ñh5γ:;g”YæŒ +žàžŸ +àeÇÛNï¿Bö;"l,‚0"ñj(fmV(b žZïy'ښ—ã“ö6Ÿs +êÀ@Ë1š³²o—c{&ôɎwœŽRdqÙj™kš³sDeܧoÆ +š9܏µ­ì¯ +—Œ:ñ¥ÝÛ—'›¯~ +­2†:«¯ZF™öãI€_e_]:•6µªÅyßò®hj£:•~Ž”ÏϹ.8ó1‘!0<þŸkw +ïN¯êÀƂŠø +ÏVˆ~@> endobj +5813 0 obj << +/D [5811 0 R /XYZ 71.731 729.265 null] +>> endobj +1145 0 obj << +/D [5811 0 R /XYZ 71.731 741.22 null] +>> endobj +5814 0 obj << +/D [5811 0 R /XYZ 71.731 718.306 null] +>> endobj +5815 0 obj << +/D [5811 0 R /XYZ 71.731 708.244 null] +>> endobj +5816 0 obj << +/D [5811 0 R /XYZ 139.477 690.411 null] +>> endobj +5817 0 obj << +/D [5811 0 R /XYZ 71.731 665.34 null] +>> endobj +5818 0 obj << +/D [5811 0 R /XYZ 139.477 649.564 null] +>> endobj +5819 0 obj << +/D [5811 0 R /XYZ 71.731 637.445 null] +>> endobj +5820 0 obj << +/D [5811 0 R /XYZ 71.731 624.493 null] +>> endobj +5821 0 obj << +/D [5811 0 R /XYZ 139.477 608.717 null] +>> endobj +5822 0 obj << +/D [5811 0 R /XYZ 71.731 596.598 null] +>> endobj +5823 0 obj << +/D [5811 0 R /XYZ 71.731 585.704 null] +>> endobj +5824 0 obj << +/D [5811 0 R /XYZ 139.477 567.87 null] +>> endobj +5825 0 obj << +/D [5811 0 R /XYZ 71.731 555.751 null] +>> endobj +5826 0 obj << +/D [5811 0 R /XYZ 71.731 544.857 null] +>> endobj +5827 0 obj << +/D [5811 0 R /XYZ 139.477 527.024 null] +>> endobj +5828 0 obj << +/D [5811 0 R /XYZ 71.731 516.961 null] +>> endobj +5829 0 obj << +/D [5811 0 R /XYZ 71.731 504.01 null] +>> endobj +5830 0 obj << +/D [5811 0 R /XYZ 139.477 486.177 null] +>> endobj +5831 0 obj << +/D [5811 0 R /XYZ 71.731 474.057 null] +>> endobj +5832 0 obj << +/D [5811 0 R /XYZ 71.731 461.106 null] +>> endobj +5833 0 obj << +/D [5811 0 R /XYZ 139.477 445.33 null] +>> endobj +5834 0 obj << +/D [5811 0 R /XYZ 71.731 433.211 null] +>> endobj +5835 0 obj << +/D [5811 0 R /XYZ 71.731 420.259 null] +>> endobj +5836 0 obj << +/D [5811 0 R /XYZ 139.477 404.483 null] +>> endobj +5837 0 obj << +/D [5811 0 R /XYZ 71.731 392.364 null] +>> endobj +5838 0 obj << +/D [5811 0 R /XYZ 71.731 379.412 null] +>> endobj +5839 0 obj << +/D [5811 0 R /XYZ 139.477 363.636 null] +>> endobj +5840 0 obj << +/D [5811 0 R /XYZ 71.731 338.565 null] +>> endobj +5841 0 obj << +/D [5811 0 R /XYZ 71.731 325.614 null] +>> endobj +5842 0 obj << +/D [5811 0 R /XYZ 139.477 309.838 null] +>> endobj +5843 0 obj << +/D [5811 0 R /XYZ 71.731 297.719 null] +>> endobj +5844 0 obj << +/D [5811 0 R /XYZ 71.731 284.767 null] +>> endobj +5845 0 obj << +/D [5811 0 R /XYZ 139.477 268.991 null] +>> endobj +5846 0 obj << +/D [5811 0 R /XYZ 71.731 256.872 null] +>> endobj +5847 0 obj << +/D [5811 0 R /XYZ 71.731 245.978 null] +>> endobj +5848 0 obj << +/D [5811 0 R /XYZ 139.477 228.144 null] +>> endobj +5849 0 obj << +/D [5811 0 R /XYZ 71.731 216.025 null] +>> endobj +5850 0 obj << +/D [5811 0 R /XYZ 71.731 205.131 null] +>> endobj +5851 0 obj << +/D [5811 0 R /XYZ 139.477 187.298 null] +>> endobj +5852 0 obj << +/D [5811 0 R /XYZ 71.731 175.178 null] +>> endobj +5853 0 obj << +/D [5811 0 R /XYZ 71.731 162.227 null] +>> endobj +5854 0 obj << +/D [5811 0 R /XYZ 139.477 146.451 null] +>> endobj +5855 0 obj << +/D [5811 0 R /XYZ 71.731 134.331 null] +>> endobj +5856 0 obj << +/D [5811 0 R /XYZ 71.731 121.38 null] +>> endobj +5857 0 obj << +/D [5811 0 R /XYZ 139.477 105.604 null] +>> endobj +5810 0 obj << +/Font << /F29 790 0 R /F27 788 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5860 0 obj << +/Length 1009 +/Filter /FlateDecode +>> +stream +xÚµ—]œ6†ï÷WpÉ\¬×6Ãe¢m’¶iU5Ó«6ŠXð +V`“íö×çÛà +ã™D¢ŠŽ +Âáðú9>Ã?p‚x +ÍMXP4w8ØÝ·wÄXÜ“{Çæõöîá +͂ +eIlwA””ÆqÀ#ŠRFƒmùwøêx‡Rþ»¹§ +‡H¯ïe?è_íN¯e>äOy/ôÕ?SQoHXö›Û_î~ÚNJ%(¢Wµ“¥V>k%$C +4rœ¢4+­œèŸÈBœ¿Ñš&F1!—^IQœÁçÎù:‰#”" +ƒ:ÇÝR]”¡˜óé•JÝûv¿—‡œŽÛ +æ +¬åðb@vzíDÓ#à$¡Þ“ÁÊ°~RÖ§NØŽm7ôp µuP{戊€Ü' +ñ8ªÑ(¥> endobj +5861 0 obj << +/D [5859 0 R /XYZ 71.731 729.265 null] +>> endobj +5862 0 obj << +/D [5859 0 R /XYZ 71.731 718.306 null] +>> endobj +5863 0 obj << +/D [5859 0 R /XYZ 71.731 708.244 null] +>> endobj +5864 0 obj << +/D [5859 0 R /XYZ 139.477 690.411 null] +>> endobj +766 0 obj << +/D [5859 0 R /XYZ 177.398 640.175 null] +>> endobj +5865 0 obj << +/D [5859 0 R /XYZ 71.731 639.96 null] +>> endobj +5866 0 obj << +/D [5859 0 R /XYZ 71.731 625.016 null] +>> endobj +5867 0 obj << +/D [5859 0 R /XYZ 71.731 612.18 null] +>> endobj +5868 0 obj << +/D [5859 0 R /XYZ 139.477 594.347 null] +>> endobj +5869 0 obj << +/D [5859 0 R /XYZ 71.731 569.276 null] +>> endobj +5870 0 obj << +/D [5859 0 R /XYZ 71.731 557.301 null] +>> endobj +5871 0 obj << +/D [5859 0 R /XYZ 139.477 540.549 null] +>> endobj +5872 0 obj << +/D [5859 0 R /XYZ 71.731 528.429 null] +>> endobj +5873 0 obj << +/D [5859 0 R /XYZ 71.731 515.478 null] +>> endobj +5874 0 obj << +/D [5859 0 R /XYZ 139.477 499.702 null] +>> endobj +5875 0 obj << +/D [5859 0 R /XYZ 71.731 487.583 null] +>> endobj +5876 0 obj << +/D [5859 0 R /XYZ 71.731 474.631 null] +>> endobj +5877 0 obj << +/D [5859 0 R /XYZ 139.477 458.855 null] +>> endobj +5878 0 obj << +/D [5859 0 R /XYZ 71.731 446.736 null] +>> endobj +5879 0 obj << +/D [5859 0 R /XYZ 71.731 433.784 null] +>> endobj +5880 0 obj << +/D [5859 0 R /XYZ 139.477 418.008 null] +>> endobj +5881 0 obj << +/D [5859 0 R /XYZ 71.731 405.889 null] +>> endobj +5882 0 obj << +/D [5859 0 R /XYZ 71.731 394.995 null] +>> endobj +5883 0 obj << +/D [5859 0 R /XYZ 139.477 377.162 null] +>> endobj +5884 0 obj << +/D [5859 0 R /XYZ 71.731 365.042 null] +>> endobj +5885 0 obj << +/D [5859 0 R /XYZ 71.731 354.148 null] +>> endobj +5886 0 obj << +/D [5859 0 R /XYZ 139.477 336.315 null] +>> endobj +1146 0 obj << +/D [5859 0 R /XYZ 71.731 329.177 null] +>> endobj +770 0 obj << +/D [5859 0 R /XYZ 164.022 286.079 null] +>> endobj +5887 0 obj << +/D [5859 0 R /XYZ 71.731 282.249 null] +>> endobj +5888 0 obj << +/D [5859 0 R /XYZ 71.731 267.305 null] +>> endobj +5889 0 obj << +/D [5859 0 R /XYZ 71.731 256.027 null] +>> endobj +5890 0 obj << +/D [5859 0 R /XYZ 139.477 240.251 null] +>> endobj +5891 0 obj << +/D [5859 0 R /XYZ 71.731 215.554 null] +>> endobj +5892 0 obj << +/D [5859 0 R /XYZ 71.731 202.229 null] +>> endobj +5893 0 obj << +/D [5859 0 R /XYZ 139.477 186.453 null] +>> endobj +5894 0 obj << +/D [5859 0 R /XYZ 71.731 174.333 null] +>> endobj +5895 0 obj << +/D [5859 0 R /XYZ 71.731 161.382 null] +>> endobj +5896 0 obj << +/D [5859 0 R /XYZ 139.477 145.606 null] +>> endobj +5897 0 obj << +/D [5859 0 R /XYZ 71.731 133.486 null] +>> endobj +5898 0 obj << +/D [5859 0 R /XYZ 71.731 120.535 null] +>> endobj +5899 0 obj << +/D [5859 0 R /XYZ 139.477 104.759 null] +>> endobj +5858 0 obj << +/Font << /F29 790 0 R /F27 788 0 R /F21 781 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5901 0 obj << +/Type /Encoding +/Differences [ 0 /Gamma/Delta/Theta/Lambda/Xi/Pi/Sigma/Upsilon/Phi/Psi/Omega/alpha/beta/gamma/delta/epsilon1/zeta/eta/theta/iota/kappa/lambda/mu/nu/xi/pi/rho/sigma/tau/upsilon/phi/chi/psi/omega/epsilon/theta1/pi1/rho1/sigma1/phi1/arrowlefttophalf/arrowleftbothalf/arrowrighttophalf/arrowrightbothalf/arrowhookleft/arrowhookright/triangleright/triangleleft/zerooldstyle/oneoldstyle/twooldstyle/threeoldstyle/fouroldstyle/fiveoldstyle/sixoldstyle/sevenoldstyle/eightoldstyle/nineoldstyle/period/comma/less/slash/greater/star/partialdiff/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/flat/natural/sharp/slurbelow/slurabove/lscript/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/dotlessi/dotlessj/weierstrass/vector/tie/psi 129/.notdef 160/space/Gamma/Delta/Theta/Lambda/Xi/Pi/Sigma/Upsilon/Phi/Psi 171/.notdef 173/Omega/alpha/beta/gamma/delta/epsilon1/zeta/eta/theta/iota/kappa/lambda/mu/nu/xi/pi/rho/sigma/tau/upsilon/phi/chi/psi/tie 197/.notdef] +>> endobj +2373 0 obj << +/Length1 793 +/Length2 1151 +/Length3 532 +/Length 1728 +/Filter /FlateDecode +>> +stream +xÚíRiTSבª¡¬2©€j=,Œy1„„!Š†Q‰¹7ä–ä^ŒÜ@R*©Ê²ˆ.EE©°ªÔ¥–X +WÀ‰ŽŠðËçCªVEÀé]°®®ÒŸïýzëóçìogïï|gÓÜ"e +„m„C0”`p˜ +!’J% +6 Ïl6 +F +Âa9`h°œ€ +€#xƒUZ5àz6_ÈóòøÂÒõ8’ª"€G}’Ä" +Œ# +9 +€rBkÈ +¹È0z&©Õ`Ýä +°΀ñLbR8 +! +l„S”šÔ$A•࿃!múûT&Œg¢€Ç”L: EBªÖVRX«1²LjùoȚ^Ò +ÚyߌؒÞäùèg÷ç÷2/ØÖG<àð«š#E3koßzý4/msg¿ÙîkÈ}š”’T~6b +óÏ{Å×& +†b՘¹æÊüÄϝߘ©mw{Òî؆r©ÍM£ß«9lºN9ÐIá +L[lŽ+¬’ g/ôŸSaVû¹ãü[šÃ¥¿Î +ìŠ +݌öH +rKÃb%Ñ£ +ŽW:)jšýBkšÖpCÛúV?z©ÐÒ°¶À)­¡‹ëWÂIoÚG[—2þšöے]3Ÿ%œ|Ù÷⭁ÚúH‘ífåzrF¬§ÏÁ€LÏaz›j{ý +“[Œ\õÕ}BÖg·ÒЮù{À@N˘Ä næ»Ü:ö +»™Ky +×ì¯ø›tœç·ÍŠœ‰b• þ2úé@Õã]n5 +ä&‡%ô¥œ‹ºíy¥®ñbu°s]áÌ$SsHHõ’æÙXï`à|7ç +Ÿs +D‰–( ÚmŸÔ£+~š:Ÿãě_tBè}šç•ïÐO¥ÑŠŠ‘£Þ‹òl‡¶.HÛÍ|µ<ÛçW› +áu)ú.ŸºSŠç-ÛEå0ÖîO;Q^»C£"˜³ïž á1ÇŠ"çü3QóÊrŒÔ{„o~ŸœÞNÛpµî áP +ù²* +‰ÇœkmCqÔrr<;“{nÍžobê› +ÿ£ë×dïÙüèÉí‹vn ízÔtñç¥yo·ö†jí +ÅÍ + fôþqãÝûÁàÖó‡ +µî~qß,õo¥Ö_üÇØʵ +®£2*›­Ž÷,² +˜ A-Uš:äb¹(Oõ0»š€ÎßKž¹¢Š–t΂väõ©êÒVž¥wåio7"b¬JˆÊ–JΚ—[Íž;sìi©«å9ŸåÐõ0~cÅn(àNeäúÑÊ ¿{ÝÚ|ç«#E¿œõ’*¥odûRæ+³ôº®yYÍÝe + +*tA +mg×dÉýꌡi‹Õ<|µ$úÎZÕ±ã†óµ°{ +gk¬@Ç}q,®³ÀæÃÜ¢UTê&Ô°Ž~Lw >¬ÌÒl×å¬è +M÷¥˜Ücx +Ú‘¡G[±`ûÕ}MNíÌü|QY`÷ÍÝ#ªäÆÎåù¿ Ñ²FêD{õ9œè|–û,|±ÀfփO®Åþ]J +p좞5ézkwñ_™“Xô€b†œXÙÛgÞø,+òHA5µn€ý.Êÿ +üOPša9N`9žFù7±’µendstream +endobj +2374 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5901 0 R +/FirstChar 60 +/LastChar 62 +/Widths 5902 0 R +/BaseFont /DOMXAL+CMMI10 +/FontDescriptor 2372 0 R +>> endobj +2372 0 obj << +/Ascent 694 +/CapHeight 683 +/Descent -194 +/FontName /DOMXAL+CMMI10 +/ItalicAngle -14 +/StemV 72 +/XHeight 431 +/FontBBox [-32 -250 1048 750] +/Flags 4 +/CharSet (/less/greater) +/FontFile 2373 0 R +>> endobj +5902 0 obj +[778 0 778 ] +endobj +1646 0 obj << +/Length1 790 +/Length2 1151 +/Length3 532 +/Length 1734 +/Filter /FlateDecode +>> +stream +xÚíRkTSWUJ€Ä¥ÂÐփÁyAÂSk$ ÑÄPØ^’KžÜ +7 ’IðA +¢Â V(AZÁ¡€€ +ªLfDyš€†òš‚XŠ +¥*SpŒ««ôgç׬¹çÏùö·ÏþöÝç8Ø +ò]Yb,öÇP ++Ló + +/жT*ÑÁƒÃÁP?H{š—lQJÝ +P=ŒnÞ +w¢à`±* +‘D)€gý +É°d0Žˆ ð E,3hˆ )àc"VšÈ€%•‚ís'ä`;,‡ñxXL&Òh@Œˆ – (‘2g)Ä€Ç,VÆŸiÅÞÜ` +8ÍÛ\ +&Å*U1 +I€„`†i°ÁËÃÖbq¥TÉæäç‚ú]’!RÕ˜,V©€qÀÃÄ0Ž.Š†Á +Þx°QÊw±P‰®4w2Õ}GäþH,E¢( Iåð<£âÅN +ñÍû îò÷ÛäŒp±óœPAU, +š¿’çkÚ¯µ!" +I»©d*•f ֛]ø¢Y›Q&FP  3˜ÂqHE€€è +PӂŠá' +SÈ(Š0 +†`A$†çn•I),—Ï¡ + +P$s/ÏÞ +öû?c³±µ+Ý +žÒ†Q4x0š‰¿%î@‘8% +èTO7O·yT€ÄqUÌ?)CjoêHÄ4 +'À"¢Ÿù +ŽþòRrñþ͝%„õò÷²‹߬Ó~—íC +ð±ìÂ/wà&-ŽÑH©yæOAeq$ã›K,M“šOÑÞ³h"­ZÿußdB4¶g¯Qs~cý +YÞÑGú5ñ—'z?œŒ¯#T?Šyœµùé˜qñݞ™gûcŽý _ž%þða&1<¿&8þ8x¢uzœ‹`úsÍ«÷äL­œÕÛÔ÷ߎé#e{ +ÏçœÕóÍÓÝ܊Œ §âëÐ÷}Y +š©í¡Kß·yÌD/ÍXmð6§$Ârš[ïuB~ .sWïï㜌1èg€­þÅ*Ï,«Ë!ýz©þ|±K÷ºâèö^HH_ûmgþª/OÈnwqöiœœž±5Ýå4œHž†VÕ? +ùè_Ÿ'GüvY³¯n±Ÿ5kkQܑ_²†©wŠ>$ +±š n{àô‚›o*Ë.bMršŒ€ +~|«óÙ%áûSŠîŽß +•ë²ŽØgîïº1ò=»§j©ÕÏê<“$Э\ç÷Å2Ní«éŽšº•C¹0aï·µ„`z`„ÑÞŠ3ï[ídÎÒõ“k9üÉB)㓠;,Š²ÀX÷b{Ý8³ÁoùŽè‰ñ睊Šˆ¯n5«7çºy=Êdåi5ú©3:p¡@¯ÛBrËp‹ î +úÛf[”·2vZ_[zy2îÊ{Òýà»°ò„t¡é€o@ן%ŠAbÖê2oM»ó>kNO~2©È>ôϲŽ Ò%5/Üמœðjh·³ËߛŽ[l +ûZÛ,ô%Ý,þø`Š'/îl67  ©¹ºBù§Ï2ÇÓ,ý¹1éšÒ¬Z£O4ûÞšo +Ë?zy{OáAZ=»„³ñIÍ1]PfÒêäkÇÏ_œJÝþ• +¶JkɛŸo[XêøÅšô°cbõŀuíçÔ-‘;mŽz÷<éîke +ÏŸ³çíQÒ¥2ûSKžûvXº +š|÷/­ß=‹;VZK*õöaØs7$?±‚cæ&ä¶Ï,®°Ô +œ­Œ<“š +uÂnœxÿþÊW÷tü³ïæÝHÛí€\Ìò{§¥Ÿ,‹+ß_¶Ö¿ßøn4÷<9^ŽZŸžRs©ø§m˝Î^ÓUjoªž6WnrµNJ +ϵ +¢eÌ<v.t‘ÌŽ\µ-ȑ +öËڙc\@JyÌæäšnvÒ +úŒVûĂ3êá}w_K_ªP¬¡oš^•óèÈàyUÆÛKê;yº±š rH‡œtÓŽ²Û [¿ÜL×±ûEC;w8 +† +¯hŸ],jgÚôÕ—Ö +JêüˆÿøŸIaW`2!þ”†ž»endstream +endobj +1647 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5901 0 R +/FirstChar 60 +/LastChar 62 +/Widths 5903 0 R +/BaseFont /IZFDOK+CMMI8 +/FontDescriptor 1645 0 R +>> endobj +1645 0 obj << +/Ascent 694 +/CapHeight 683 +/Descent -194 +/FontName /IZFDOK+CMMI8 +/ItalicAngle -14 +/StemV 78 +/XHeight 431 +/FontBBox [-24 -250 1110 750] +/Flags 4 +/CharSet (/less/greater) +/FontFile 1646 0 R +>> endobj +5903 0 obj +[826 0 826 ] +endobj +1634 0 obj << +/Length1 790 +/Length2 1151 +/Length3 532 +/Length 1737 +/Filter /FlateDecode +>> +stream +xÚíR{<”é +/l9¢¬Kr"™ +͌ádw09bK¹.ïÌŒÃËÌûòΌ\"•8nÝ%¬ +«MG²VÎ!6#·6›D5Úʖ=Õä2mIì`ûìçØ?Ïùë|ÎûüóüŸ¿ïóý}ßïóXšùúÛ2yށ¡b[ +‘â\ÙlPmÉd‚¥¥+CbCÝ 1ì( + +씀= Ó +©öŽT*ÁžbqI8-V®Öó$:` +a +áB(`CâhXšÒàBàqXœDLø͟?Xã 0H P኎BPiޒÊÇ}æIâ>Ž`\€2¬lZ•I +† +’æHޘj¬òòß°µT|‡D ð†„óòóAý¡ + AÒoL'Ã8`c<G—R÷À‹ÞØ0‘—v=Đá2Ñ( +l)ۈäm‹8"ځ$Â<_D̍|H ‚på-u¢ŠoÁÉÃÓwWÈN›Å‹]èùB*HŠƒùwòBMùœVE„#‰ ”L$“)*¢j}Ø +/™ÅB¹A£€ +• +‡’d•” +• +R(Ayp"€U†ID«ŽU0©€á„ù[¥‘I‹Dóè"`HQó/OÞ<öÇ?sqÁSlíÀ֎ªEŠSJNýwb ŠÄK`7@%;Ðí +äJp +FÅ +OJ•Ú‡šš‚†áD˜KßÞN1 +u™•i¬³=4¬EÆEç3n5ŸRäD +{ìô§>Œþvl:¡{X7©Z{ú +g5‰Ç§Ö1÷u€ø“?ÐíÐYgýe±¿Š‚;ö™Z§Ž]¶FXš=,ß8Wo£°P>IhÖšñ¡ÐË +_䬚ŒïýdZìþîA¹öžÅO§ áÒF¯x÷ÏOŽ}7ýÜ +;‹ÉÏu®+VêÍÊ +ezcÐ)bäJÙêýEÛgV‘­ù?v(%±åA_0vú;jÓî)oFŒð)îª +2]ñvÆo8šk*äD³œšùööÃ="À:îÈ3¯vYÉÌ\Ûiò7âÐÉÇ·Œfõ5 +é +«-i9•ŒüŸNíÑÍ%[>B*£]ÿÈ[V#mzõywÔÝK«ŒtËÜ9³y-#&j«Ë-朞£ßXèMEúèz¡ˆU2ÞÓW„ŸÚ”nEܞjRÍcû†í{¯UÞy’•?0Sþt덆î+3^G¡¬éنšR_ãò(Ÿ˜\%97ÁÞºœ¿>ÜíçœÚâáîà Ÿ‚ËÙœŸù +*·|bq}ÖÿйÝ!†4“xÌ7ïB}†îÍöæÀ­-7š :!ÙýÔzã`gIćhöZ‡”Þ=²O.É,ËŽ6ÚñRþøǧbViï[VÇ9Û^Ptåù7·â:Ã<'4Õ0A²áÄÅwɑé>]9žs÷¿³)°þ—ŒÏ"]­QxSPŠÙ˜]9È1Ê*øé*³/ÄTRŒŠ¶Ú˜ØÑòWUÆ1žX†òNÔ^ªÚâê}håóówC’êî­»R(]{&·íwŒ`QÂî˜qÌÞžŒ_㬡ÓÛ û˶¯ðh*äù]ì&ŸŠŸG£vóÝ€†œŠAfú6êH+z‡ëö×áI +¬Ïžíʘºz+Z~“^îÞ3¯Çvî°Ê•;,›‰¹ó÷a¶÷ª’9xwm²yFs­ûÐ6ëO}Æ[î?®–žÌÎV^o¬k:Zã/8QûK1닝uRã#]ÖüÏ/Ÿ +îûê‘ÎÑöӓÁŽS'o¹Ô‹tÑÏ)kù¡œÙöç¶c©/GÛÖ««[ !}­Y¯ÐÖÚÚ÷ß±Þ¢CôôÓk/Wo>U»Ä·FVO㊌þI»ƒ£7sãó/ǝƒl"§“Oê·¥ +>PâmòÒÁ«ücYžÃ©#oFœ€ôގ°rŸÚ$Œ1Wš(LȬÕÊíæ¿êmÃ{/Ÿ3ÖWÛÛ +ŒÜYÖpä=믛÷˜™FÒöëÍô2œ5Ž9R:sâÀ„òø²_uÚÖSš¶ŒÔ¯N7Þ÷õ„Á +‡ÓÙtu]ûæ⋹w’B“o¿výX¶©sÄëíj fE–ÿ;mc©.×k8$/cèÙd¢ÈV\+œC×)ÉÿáGø¿Àÿ„WCžBx,áWÇ!¥0endstream +endobj +1635 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5901 0 R +/FirstChar 60 +/LastChar 62 +/Widths 5904 0 R +/BaseFont /IKPQZJ+CMMI9 +/FontDescriptor 1633 0 R +>> endobj +1633 0 obj << +/Ascent 694 +/CapHeight 683 +/Descent -194 +/FontName /IKPQZJ+CMMI9 +/ItalicAngle -14 +/StemV 74 +/XHeight 431 +/FontBBox [-29 -250 1075 750] +/Flags 4 +/CharSet (/less/greater) +/FontFile 1634 0 R +>> endobj +5904 0 obj +[799 0 799 ] +endobj +5905 0 obj << +/Type /Encoding +/Differences [ 0 /.notdef 1/dotaccent/fi/fl/fraction/hungarumlaut/Lslash/lslash/ogonek/ring 10/.notdef 11/breve/minus 13/.notdef 14/Zcaron/zcaron/caron/dotlessi/dotlessj/ff/ffi/ffl 22/.notdef 30/grave/quotesingle/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 127/.notdef 128/Euro 129/.notdef 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 141/.notdef 147/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 157/.notdef 159/Ydieresis 160/.notdef 161/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis] +>> endobj +1581 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Courier-Oblique +>> endobj +1335 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Courier-BoldOblique +>> endobj +1285 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Helvetica-Oblique +>> endobj +1176 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Courier-Bold +>> endobj +1173 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Courier +>> endobj +1165 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Helvetica +>> endobj +797 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Times-Bold +>> endobj +790 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Times-Italic +>> endobj +788 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Times-Roman +>> endobj +781 0 obj << +/Type /Font +/Subtype /Type1 +/Encoding 5905 0 R +/BaseFont /Helvetica-Bold +>> endobj +782 0 obj << +/Type /Pages +/Count 6 +/Parent 5906 0 R +/Kids [774 0 R 784 0 R 792 0 R 933 0 R 1060 0 R 1148 0 R] +>> endobj +1200 0 obj << +/Type /Pages +/Count 6 +/Parent 5906 0 R +/Kids [1160 0 R 1202 0 R 1234 0 R 1276 0 R 1323 0 R 1393 0 R] +>> endobj +1480 0 obj << +/Type /Pages +/Count 6 +/Parent 5906 0 R +/Kids [1434 0 R 1482 0 R 1520 0 R 1574 0 R 1614 0 R 1637 0 R] +>> endobj +1698 0 obj << +/Type /Pages +/Count 6 +/Parent 5906 0 R +/Kids [1693 0 R 1700 0 R 1733 0 R 1784 0 R 1833 0 R 1845 0 R] +>> endobj +1925 0 obj << +/Type /Pages +/Count 6 +/Parent 5906 0 R +/Kids [1878 0 R 1927 0 R 1961 0 R 1986 0 R 2015 0 R 2062 0 R] +>> endobj +2112 0 obj << +/Type /Pages +/Count 6 +/Parent 5906 0 R +/Kids [2084 0 R 2114 0 R 2151 0 R 2171 0 R 2200 0 R 2236 0 R] +>> endobj +2292 0 obj << +/Type /Pages +/Count 6 +/Parent 5907 0 R +/Kids [2270 0 R 2294 0 R 2330 0 R 2383 0 R 2405 0 R 2429 0 R] +>> endobj +2476 0 obj << +/Type /Pages +/Count 6 +/Parent 5907 0 R +/Kids [2449 0 R 2478 0 R 2499 0 R 2530 0 R 2546 0 R 2598 0 R] +>> endobj +2686 0 obj << +/Type /Pages +/Count 6 +/Parent 5907 0 R +/Kids [2646 0 R 2688 0 R 2721 0 R 2761 0 R 2809 0 R 2832 0 R] +>> endobj +2897 0 obj << +/Type /Pages +/Count 6 +/Parent 5907 0 R +/Kids [2864 0 R 2899 0 R 2931 0 R 2964 0 R 2992 0 R 3023 0 R] +>> endobj +3090 0 obj << +/Type /Pages +/Count 6 +/Parent 5907 0 R +/Kids [3051 0 R 3092 0 R 3107 0 R 3142 0 R 3153 0 R 3182 0 R] +>> endobj +3220 0 obj << +/Type /Pages +/Count 6 +/Parent 5907 0 R +/Kids [3203 0 R 3222 0 R 3234 0 R 3251 0 R 3274 0 R 3309 0 R] +>> endobj +3393 0 obj << +/Type /Pages +/Count 6 +/Parent 5908 0 R +/Kids [3354 0 R 3395 0 R 3439 0 R 3460 0 R 3502 0 R 3535 0 R] +>> endobj +3607 0 obj << +/Type /Pages +/Count 6 +/Parent 5908 0 R +/Kids [3576 0 R 3609 0 R 3665 0 R 3699 0 R 3727 0 R 3767 0 R] +>> endobj +3814 0 obj << +/Type /Pages +/Count 6 +/Parent 5908 0 R +/Kids [3786 0 R 3816 0 R 3876 0 R 3897 0 R 3949 0 R 3999 0 R] +>> endobj +4052 0 obj << +/Type /Pages +/Count 6 +/Parent 5908 0 R +/Kids [4010 0 R 4054 0 R 4097 0 R 4143 0 R 4167 0 R 4175 0 R] +>> endobj +4253 0 obj << +/Type /Pages +/Count 6 +/Parent 5908 0 R +/Kids [4207 0 R 4255 0 R 4274 0 R 4308 0 R 4347 0 R 4400 0 R] +>> endobj +4456 0 obj << +/Type /Pages +/Count 6 +/Parent 5908 0 R +/Kids [4429 0 R 4458 0 R 4490 0 R 4526 0 R 4563 0 R 4603 0 R] +>> endobj +4659 0 obj << +/Type /Pages +/Count 6 +/Parent 5909 0 R +/Kids [4648 0 R 4661 0 R 4702 0 R 4731 0 R 4746 0 R 4762 0 R] +>> endobj +4845 0 obj << +/Type /Pages +/Count 6 +/Parent 5909 0 R +/Kids [4802 0 R 4847 0 R 4885 0 R 4926 0 R 4969 0 R 4995 0 R] +>> endobj +5152 0 obj << +/Type /Pages +/Count 6 +/Parent 5909 0 R +/Kids [5075 0 R 5154 0 R 5161 0 R 5192 0 R 5229 0 R 5281 0 R] +>> endobj +5368 0 obj << +/Type /Pages +/Count 6 +/Parent 5909 0 R +/Kids [5323 0 R 5370 0 R 5410 0 R 5444 0 R 5489 0 R 5535 0 R] +>> endobj +5641 0 obj << +/Type /Pages +/Count 6 +/Parent 5909 0 R +/Kids [5588 0 R 5643 0 R 5690 0 R 5735 0 R 5770 0 R 5811 0 R] +>> endobj +5900 0 obj << +/Type /Pages +/Count 1 +/Parent 5909 0 R +/Kids [5859 0 R] +>> endobj +5906 0 obj << +/Type /Pages +/Count 36 +/Parent 5910 0 R +/Kids [782 0 R 1200 0 R 1480 0 R 1698 0 R 1925 0 R 2112 0 R] +>> endobj +5907 0 obj << +/Type /Pages +/Count 36 +/Parent 5910 0 R +/Kids [2292 0 R 2476 0 R 2686 0 R 2897 0 R 3090 0 R 3220 0 R] +>> endobj +5908 0 obj << +/Type /Pages +/Count 36 +/Parent 5910 0 R +/Kids [3393 0 R 3607 0 R 3814 0 R 4052 0 R 4253 0 R 4456 0 R] +>> endobj +5909 0 obj << +/Type /Pages +/Count 31 +/Parent 5910 0 R +/Kids [4659 0 R 4845 0 R 5152 0 R 5368 0 R 5641 0 R 5900 0 R] +>> endobj +5910 0 obj << +/Type /Pages +/Count 139 +/Kids [5906 0 R 5907 0 R 5908 0 R 5909 0 R] +>> endobj +5911 0 obj << +/Type /Outlines +/First 3 0 R +/Last 759 0 R +/Count 17 +>> endobj +771 0 obj << +/Title 772 0 R +/A 769 0 R +/Parent 759 0 R +/Prev 767 0 R +>> endobj +767 0 obj << +/Title 768 0 R +/A 765 0 R +/Parent 759 0 R +/Prev 763 0 R +/Next 771 0 R +>> endobj +763 0 obj << +/Title 764 0 R +/A 761 0 R +/Parent 759 0 R +/Next 767 0 R +>> endobj +759 0 obj << +/Title 760 0 R +/A 757 0 R +/Parent 5911 0 R +/Prev 699 0 R +/First 763 0 R +/Last 771 0 R +/Count -3 +>> endobj +755 0 obj << +/Title 756 0 R +/A 753 0 R +/Parent 699 0 R +/Prev 751 0 R +>> endobj +751 0 obj << +/Title 752 0 R +/A 749 0 R +/Parent 699 0 R +/Prev 747 0 R +/Next 755 0 R +>> endobj +747 0 obj << +/Title 748 0 R +/A 745 0 R +/Parent 699 0 R +/Prev 743 0 R +/Next 751 0 R +>> endobj +743 0 obj << +/Title 744 0 R +/A 741 0 R +/Parent 699 0 R +/Prev 739 0 R +/Next 747 0 R +>> endobj +739 0 obj << +/Title 740 0 R +/A 737 0 R +/Parent 699 0 R +/Prev 735 0 R +/Next 743 0 R +>> endobj +735 0 obj << +/Title 736 0 R +/A 733 0 R +/Parent 699 0 R +/Prev 731 0 R +/Next 739 0 R +>> endobj +731 0 obj << +/Title 732 0 R +/A 729 0 R +/Parent 699 0 R +/Prev 727 0 R +/Next 735 0 R +>> endobj +727 0 obj << +/Title 728 0 R +/A 725 0 R +/Parent 699 0 R +/Prev 723 0 R +/Next 731 0 R +>> endobj +723 0 obj << +/Title 724 0 R +/A 721 0 R +/Parent 699 0 R +/Prev 719 0 R +/Next 727 0 R +>> endobj +719 0 obj << +/Title 720 0 R +/A 717 0 R +/Parent 699 0 R +/Prev 715 0 R +/Next 723 0 R +>> endobj +715 0 obj << +/Title 716 0 R +/A 713 0 R +/Parent 699 0 R +/Prev 711 0 R +/Next 719 0 R +>> endobj +711 0 obj << +/Title 712 0 R +/A 709 0 R +/Parent 699 0 R +/Prev 703 0 R +/Next 715 0 R +>> endobj +707 0 obj << +/Title 708 0 R +/A 705 0 R +/Parent 703 0 R +>> endobj +703 0 obj << +/Title 704 0 R +/A 701 0 R +/Parent 699 0 R +/Next 711 0 R +/First 707 0 R +/Last 707 0 R +/Count -1 +>> endobj +699 0 obj << +/Title 700 0 R +/A 697 0 R +/Parent 5911 0 R +/Prev 683 0 R +/Next 759 0 R +/First 703 0 R +/Last 755 0 R +/Count -13 +>> endobj +695 0 obj << +/Title 696 0 R +/A 693 0 R +/Parent 683 0 R +/Prev 691 0 R +>> endobj +691 0 obj << +/Title 692 0 R +/A 689 0 R +/Parent 683 0 R +/Prev 687 0 R +/Next 695 0 R +>> endobj +687 0 obj << +/Title 688 0 R +/A 685 0 R +/Parent 683 0 R +/Next 691 0 R +>> endobj +683 0 obj << +/Title 684 0 R +/A 681 0 R +/Parent 5911 0 R +/Prev 659 0 R +/Next 699 0 R +/First 687 0 R +/Last 695 0 R +/Count -3 +>> endobj +679 0 obj << +/Title 680 0 R +/A 677 0 R +/Parent 659 0 R +/Prev 675 0 R +>> endobj +675 0 obj << +/Title 676 0 R +/A 673 0 R +/Parent 659 0 R +/Prev 671 0 R +/Next 679 0 R +>> endobj +671 0 obj << +/Title 672 0 R +/A 669 0 R +/Parent 659 0 R +/Prev 667 0 R +/Next 675 0 R +>> endobj +667 0 obj << +/Title 668 0 R +/A 665 0 R +/Parent 659 0 R +/Prev 663 0 R +/Next 671 0 R +>> endobj +663 0 obj << +/Title 664 0 R +/A 661 0 R +/Parent 659 0 R +/Next 667 0 R +>> endobj +659 0 obj << +/Title 660 0 R +/A 657 0 R +/Parent 5911 0 R +/Prev 635 0 R +/Next 683 0 R +/First 663 0 R +/Last 679 0 R +/Count -5 +>> endobj +655 0 obj << +/Title 656 0 R +/A 653 0 R +/Parent 635 0 R +/Prev 651 0 R +>> endobj +651 0 obj << +/Title 652 0 R +/A 649 0 R +/Parent 635 0 R +/Prev 647 0 R +/Next 655 0 R +>> endobj +647 0 obj << +/Title 648 0 R +/A 645 0 R +/Parent 635 0 R +/Prev 643 0 R +/Next 651 0 R +>> endobj +643 0 obj << +/Title 644 0 R +/A 641 0 R +/Parent 635 0 R +/Prev 639 0 R +/Next 647 0 R +>> endobj +639 0 obj << +/Title 640 0 R +/A 637 0 R +/Parent 635 0 R +/Next 643 0 R +>> endobj +635 0 obj << +/Title 636 0 R +/A 633 0 R +/Parent 5911 0 R +/Prev 491 0 R +/Next 659 0 R +/First 639 0 R +/Last 655 0 R +/Count -5 +>> endobj +631 0 obj << +/Title 632 0 R +/A 629 0 R +/Parent 603 0 R +/Prev 627 0 R +>> endobj +627 0 obj << +/Title 628 0 R +/A 625 0 R +/Parent 603 0 R +/Prev 623 0 R +/Next 631 0 R +>> endobj +623 0 obj << +/Title 624 0 R +/A 621 0 R +/Parent 603 0 R +/Prev 619 0 R +/Next 627 0 R +>> endobj +619 0 obj << +/Title 620 0 R +/A 617 0 R +/Parent 603 0 R +/Prev 607 0 R +/Next 623 0 R +>> endobj +615 0 obj << +/Title 616 0 R +/A 613 0 R +/Parent 607 0 R +/Prev 611 0 R +>> endobj +611 0 obj << +/Title 612 0 R +/A 609 0 R +/Parent 607 0 R +/Next 615 0 R +>> endobj +607 0 obj << +/Title 608 0 R +/A 605 0 R +/Parent 603 0 R +/Next 619 0 R +/First 611 0 R +/Last 615 0 R +/Count -2 +>> endobj +603 0 obj << +/Title 604 0 R +/A 601 0 R +/Parent 491 0 R +/Prev 495 0 R +/First 607 0 R +/Last 631 0 R +/Count -5 +>> endobj +599 0 obj << +/Title 600 0 R +/A 597 0 R +/Parent 495 0 R +/Prev 591 0 R +>> endobj +595 0 obj << +/Title 596 0 R +/A 593 0 R +/Parent 591 0 R +>> endobj +591 0 obj << +/Title 592 0 R +/A 589 0 R +/Parent 495 0 R +/Prev 583 0 R +/Next 599 0 R +/First 595 0 R +/Last 595 0 R +/Count -1 +>> endobj +587 0 obj << +/Title 588 0 R +/A 585 0 R +/Parent 583 0 R +>> endobj +583 0 obj << +/Title 584 0 R +/A 581 0 R +/Parent 495 0 R +/Prev 575 0 R +/Next 591 0 R +/First 587 0 R +/Last 587 0 R +/Count -1 +>> endobj +579 0 obj << +/Title 580 0 R +/A 577 0 R +/Parent 575 0 R +>> endobj +575 0 obj << +/Title 576 0 R +/A 573 0 R +/Parent 495 0 R +/Prev 567 0 R +/Next 583 0 R +/First 579 0 R +/Last 579 0 R +/Count -1 +>> endobj +571 0 obj << +/Title 572 0 R +/A 569 0 R +/Parent 567 0 R +>> endobj +567 0 obj << +/Title 568 0 R +/A 565 0 R +/Parent 495 0 R +/Prev 559 0 R +/Next 575 0 R +/First 571 0 R +/Last 571 0 R +/Count -1 +>> endobj +563 0 obj << +/Title 564 0 R +/A 561 0 R +/Parent 559 0 R +>> endobj +559 0 obj << +/Title 560 0 R +/A 557 0 R +/Parent 495 0 R +/Prev 551 0 R +/Next 567 0 R +/First 563 0 R +/Last 563 0 R +/Count -1 +>> endobj +555 0 obj << +/Title 556 0 R +/A 553 0 R +/Parent 551 0 R +>> endobj +551 0 obj << +/Title 552 0 R +/A 549 0 R +/Parent 495 0 R +/Prev 543 0 R +/Next 559 0 R +/First 555 0 R +/Last 555 0 R +/Count -1 +>> endobj +547 0 obj << +/Title 548 0 R +/A 545 0 R +/Parent 543 0 R +>> endobj +543 0 obj << +/Title 544 0 R +/A 541 0 R +/Parent 495 0 R +/Prev 535 0 R +/Next 551 0 R +/First 547 0 R +/Last 547 0 R +/Count -1 +>> endobj +539 0 obj << +/Title 540 0 R +/A 537 0 R +/Parent 535 0 R +>> endobj +535 0 obj << +/Title 536 0 R +/A 533 0 R +/Parent 495 0 R +/Prev 515 0 R +/Next 543 0 R +/First 539 0 R +/Last 539 0 R +/Count -1 +>> endobj +531 0 obj << +/Title 532 0 R +/A 529 0 R +/Parent 515 0 R +/Prev 527 0 R +>> endobj +527 0 obj << +/Title 528 0 R +/A 525 0 R +/Parent 515 0 R +/Prev 523 0 R +/Next 531 0 R +>> endobj +523 0 obj << +/Title 524 0 R +/A 521 0 R +/Parent 515 0 R +/Prev 519 0 R +/Next 527 0 R +>> endobj +519 0 obj << +/Title 520 0 R +/A 517 0 R +/Parent 515 0 R +/Next 523 0 R +>> endobj +515 0 obj << +/Title 516 0 R +/A 513 0 R +/Parent 495 0 R +/Prev 503 0 R +/Next 535 0 R +/First 519 0 R +/Last 531 0 R +/Count -4 +>> endobj +511 0 obj << +/Title 512 0 R +/A 509 0 R +/Parent 503 0 R +/Prev 507 0 R +>> endobj +507 0 obj << +/Title 508 0 R +/A 505 0 R +/Parent 503 0 R +/Next 511 0 R +>> endobj +503 0 obj << +/Title 504 0 R +/A 501 0 R +/Parent 495 0 R +/Prev 499 0 R +/Next 515 0 R +/First 507 0 R +/Last 511 0 R +/Count -2 +>> endobj +499 0 obj << +/Title 500 0 R +/A 497 0 R +/Parent 495 0 R +/Next 503 0 R +>> endobj +495 0 obj << +/Title 496 0 R +/A 493 0 R +/Parent 491 0 R +/Next 603 0 R +/First 499 0 R +/Last 599 0 R +/Count -12 +>> endobj +491 0 obj << +/Title 492 0 R +/A 489 0 R +/Parent 5911 0 R +/Prev 475 0 R +/Next 635 0 R +/First 495 0 R +/Last 603 0 R +/Count -2 +>> endobj +487 0 obj << +/Title 488 0 R +/A 485 0 R +/Parent 475 0 R +/Prev 479 0 R +>> endobj +483 0 obj << +/Title 484 0 R +/A 481 0 R +/Parent 479 0 R +>> endobj +479 0 obj << +/Title 480 0 R +/A 477 0 R +/Parent 475 0 R +/Next 487 0 R +/First 483 0 R +/Last 483 0 R +/Count -1 +>> endobj +475 0 obj << +/Title 476 0 R +/A 473 0 R +/Parent 5911 0 R +/Prev 467 0 R +/Next 491 0 R +/First 479 0 R +/Last 487 0 R +/Count -2 +>> endobj +471 0 obj << +/Title 472 0 R +/A 469 0 R +/Parent 467 0 R +>> endobj +467 0 obj << +/Title 468 0 R +/A 465 0 R +/Parent 5911 0 R +/Prev 447 0 R +/Next 475 0 R +/First 471 0 R +/Last 471 0 R +/Count -1 +>> endobj +463 0 obj << +/Title 464 0 R +/A 461 0 R +/Parent 459 0 R +>> endobj +459 0 obj << +/Title 460 0 R +/A 457 0 R +/Parent 447 0 R +/Prev 455 0 R +/First 463 0 R +/Last 463 0 R +/Count -1 +>> endobj +455 0 obj << +/Title 456 0 R +/A 453 0 R +/Parent 447 0 R +/Prev 451 0 R +/Next 459 0 R +>> endobj +451 0 obj << +/Title 452 0 R +/A 449 0 R +/Parent 447 0 R +/Next 455 0 R +>> endobj +447 0 obj << +/Title 448 0 R +/A 445 0 R +/Parent 5911 0 R +/Prev 371 0 R +/Next 467 0 R +/First 451 0 R +/Last 459 0 R +/Count -3 +>> endobj +443 0 obj << +/Title 444 0 R +/A 441 0 R +/Parent 371 0 R +/Prev 439 0 R +>> endobj +439 0 obj << +/Title 440 0 R +/A 437 0 R +/Parent 371 0 R +/Prev 435 0 R +/Next 443 0 R +>> endobj +435 0 obj << +/Title 436 0 R +/A 433 0 R +/Parent 371 0 R +/Prev 423 0 R +/Next 439 0 R +>> endobj +431 0 obj << +/Title 432 0 R +/A 429 0 R +/Parent 423 0 R +/Prev 427 0 R +>> endobj +427 0 obj << +/Title 428 0 R +/A 425 0 R +/Parent 423 0 R +/Next 431 0 R +>> endobj +423 0 obj << +/Title 424 0 R +/A 421 0 R +/Parent 371 0 R +/Prev 419 0 R +/Next 435 0 R +/First 427 0 R +/Last 431 0 R +/Count -2 +>> endobj +419 0 obj << +/Title 420 0 R +/A 417 0 R +/Parent 371 0 R +/Prev 415 0 R +/Next 423 0 R +>> endobj +415 0 obj << +/Title 416 0 R +/A 413 0 R +/Parent 371 0 R +/Prev 411 0 R +/Next 419 0 R +>> endobj +411 0 obj << +/Title 412 0 R +/A 409 0 R +/Parent 371 0 R +/Prev 407 0 R +/Next 415 0 R +>> endobj +407 0 obj << +/Title 408 0 R +/A 405 0 R +/Parent 371 0 R +/Prev 403 0 R +/Next 411 0 R +>> endobj +403 0 obj << +/Title 404 0 R +/A 401 0 R +/Parent 371 0 R +/Prev 391 0 R +/Next 407 0 R +>> endobj +399 0 obj << +/Title 400 0 R +/A 397 0 R +/Parent 391 0 R +/Prev 395 0 R +>> endobj +395 0 obj << +/Title 396 0 R +/A 393 0 R +/Parent 391 0 R +/Next 399 0 R +>> endobj +391 0 obj << +/Title 392 0 R +/A 389 0 R +/Parent 371 0 R +/Prev 387 0 R +/Next 403 0 R +/First 395 0 R +/Last 399 0 R +/Count -2 +>> endobj +387 0 obj << +/Title 388 0 R +/A 385 0 R +/Parent 371 0 R +/Prev 383 0 R +/Next 391 0 R +>> endobj +383 0 obj << +/Title 384 0 R +/A 381 0 R +/Parent 371 0 R +/Prev 379 0 R +/Next 387 0 R +>> endobj +379 0 obj << +/Title 380 0 R +/A 377 0 R +/Parent 371 0 R +/Prev 375 0 R +/Next 383 0 R +>> endobj +375 0 obj << +/Title 376 0 R +/A 373 0 R +/Parent 371 0 R +/Next 379 0 R +>> endobj +371 0 obj << +/Title 372 0 R +/A 369 0 R +/Parent 5911 0 R +/Prev 235 0 R +/Next 447 0 R +/First 375 0 R +/Last 443 0 R +/Count -14 +>> endobj +367 0 obj << +/Title 368 0 R +/A 365 0 R +/Parent 235 0 R +/Prev 363 0 R +>> endobj +363 0 obj << +/Title 364 0 R +/A 361 0 R +/Parent 235 0 R +/Prev 359 0 R +/Next 367 0 R +>> endobj +359 0 obj << +/Title 360 0 R +/A 357 0 R +/Parent 235 0 R +/Prev 355 0 R +/Next 363 0 R +>> endobj +355 0 obj << +/Title 356 0 R +/A 353 0 R +/Parent 235 0 R +/Prev 351 0 R +/Next 359 0 R +>> endobj +351 0 obj << +/Title 352 0 R +/A 349 0 R +/Parent 235 0 R +/Prev 331 0 R +/Next 355 0 R +>> endobj +347 0 obj << +/Title 348 0 R +/A 345 0 R +/Parent 331 0 R +/Prev 343 0 R +>> endobj +343 0 obj << +/Title 344 0 R +/A 341 0 R +/Parent 331 0 R +/Prev 339 0 R +/Next 347 0 R +>> endobj +339 0 obj << +/Title 340 0 R +/A 337 0 R +/Parent 331 0 R +/Prev 335 0 R +/Next 343 0 R +>> endobj +335 0 obj << +/Title 336 0 R +/A 333 0 R +/Parent 331 0 R +/Next 339 0 R +>> endobj +331 0 obj << +/Title 332 0 R +/A 329 0 R +/Parent 235 0 R +/Prev 319 0 R +/Next 351 0 R +/First 335 0 R +/Last 347 0 R +/Count -4 +>> endobj +327 0 obj << +/Title 328 0 R +/A 325 0 R +/Parent 319 0 R +/Prev 323 0 R +>> endobj +323 0 obj << +/Title 324 0 R +/A 321 0 R +/Parent 319 0 R +/Next 327 0 R +>> endobj +319 0 obj << +/Title 320 0 R +/A 317 0 R +/Parent 235 0 R +/Prev 315 0 R +/Next 331 0 R +/First 323 0 R +/Last 327 0 R +/Count -2 +>> endobj +315 0 obj << +/Title 316 0 R +/A 313 0 R +/Parent 235 0 R +/Prev 311 0 R +/Next 319 0 R +>> endobj +311 0 obj << +/Title 312 0 R +/A 309 0 R +/Parent 235 0 R +/Prev 303 0 R +/Next 315 0 R +>> endobj +307 0 obj << +/Title 308 0 R +/A 305 0 R +/Parent 303 0 R +>> endobj +303 0 obj << +/Title 304 0 R +/A 301 0 R +/Parent 235 0 R +/Prev 299 0 R +/Next 311 0 R +/First 307 0 R +/Last 307 0 R +/Count -1 +>> endobj +299 0 obj << +/Title 300 0 R +/A 297 0 R +/Parent 235 0 R +/Prev 251 0 R +/Next 303 0 R +>> endobj +295 0 obj << +/Title 296 0 R +/A 293 0 R +/Parent 251 0 R +/Prev 291 0 R +>> endobj +291 0 obj << +/Title 292 0 R +/A 289 0 R +/Parent 251 0 R +/Prev 287 0 R +/Next 295 0 R +>> endobj +287 0 obj << +/Title 288 0 R +/A 285 0 R +/Parent 251 0 R +/Prev 279 0 R +/Next 291 0 R +>> endobj +283 0 obj << +/Title 284 0 R +/A 281 0 R +/Parent 279 0 R +>> endobj +279 0 obj << +/Title 280 0 R +/A 277 0 R +/Parent 251 0 R +/Prev 275 0 R +/Next 287 0 R +/First 283 0 R +/Last 283 0 R +/Count -1 +>> endobj +275 0 obj << +/Title 276 0 R +/A 273 0 R +/Parent 251 0 R +/Prev 271 0 R +/Next 279 0 R +>> endobj +271 0 obj << +/Title 272 0 R +/A 269 0 R +/Parent 251 0 R +/Prev 267 0 R +/Next 275 0 R +>> endobj +267 0 obj << +/Title 268 0 R +/A 265 0 R +/Parent 251 0 R +/Prev 259 0 R +/Next 271 0 R +>> endobj +263 0 obj << +/Title 264 0 R +/A 261 0 R +/Parent 259 0 R +>> endobj +259 0 obj << +/Title 260 0 R +/A 257 0 R +/Parent 251 0 R +/Prev 255 0 R +/Next 267 0 R +/First 263 0 R +/Last 263 0 R +/Count -1 +>> endobj +255 0 obj << +/Title 256 0 R +/A 253 0 R +/Parent 251 0 R +/Next 259 0 R +>> endobj +251 0 obj << +/Title 252 0 R +/A 249 0 R +/Parent 235 0 R +/Prev 247 0 R +/Next 299 0 R +/First 255 0 R +/Last 295 0 R +/Count -9 +>> endobj +247 0 obj << +/Title 248 0 R +/A 245 0 R +/Parent 235 0 R +/Prev 243 0 R +/Next 251 0 R +>> endobj +243 0 obj << +/Title 244 0 R +/A 241 0 R +/Parent 235 0 R +/Prev 239 0 R +/Next 247 0 R +>> endobj +239 0 obj << +/Title 240 0 R +/A 237 0 R +/Parent 235 0 R +/Next 243 0 R +>> endobj +235 0 obj << +/Title 236 0 R +/A 233 0 R +/Parent 5911 0 R +/Prev 147 0 R +/Next 371 0 R +/First 239 0 R +/Last 367 0 R +/Count -15 +>> endobj +231 0 obj << +/Title 232 0 R +/A 229 0 R +/Parent 227 0 R +>> endobj +227 0 obj << +/Title 228 0 R +/A 225 0 R +/Parent 147 0 R +/Prev 223 0 R +/First 231 0 R +/Last 231 0 R +/Count -1 +>> endobj +223 0 obj << +/Title 224 0 R +/A 221 0 R +/Parent 147 0 R +/Prev 219 0 R +/Next 227 0 R +>> endobj +219 0 obj << +/Title 220 0 R +/A 217 0 R +/Parent 147 0 R +/Prev 203 0 R +/Next 223 0 R +>> endobj +215 0 obj << +/Title 216 0 R +/A 213 0 R +/Parent 203 0 R +/Prev 211 0 R +>> endobj +211 0 obj << +/Title 212 0 R +/A 209 0 R +/Parent 203 0 R +/Prev 207 0 R +/Next 215 0 R +>> endobj +207 0 obj << +/Title 208 0 R +/A 205 0 R +/Parent 203 0 R +/Next 211 0 R +>> endobj +203 0 obj << +/Title 204 0 R +/A 201 0 R +/Parent 147 0 R +/Prev 199 0 R +/Next 219 0 R +/First 207 0 R +/Last 215 0 R +/Count -3 +>> endobj +199 0 obj << +/Title 200 0 R +/A 197 0 R +/Parent 147 0 R +/Prev 195 0 R +/Next 203 0 R +>> endobj +195 0 obj << +/Title 196 0 R +/A 193 0 R +/Parent 147 0 R +/Prev 187 0 R +/Next 199 0 R +>> endobj +191 0 obj << +/Title 192 0 R +/A 189 0 R +/Parent 187 0 R +>> endobj +187 0 obj << +/Title 188 0 R +/A 185 0 R +/Parent 147 0 R +/Prev 179 0 R +/Next 195 0 R +/First 191 0 R +/Last 191 0 R +/Count -1 +>> endobj +183 0 obj << +/Title 184 0 R +/A 181 0 R +/Parent 179 0 R +>> endobj +179 0 obj << +/Title 180 0 R +/A 177 0 R +/Parent 147 0 R +/Prev 171 0 R +/Next 187 0 R +/First 183 0 R +/Last 183 0 R +/Count -1 +>> endobj +175 0 obj << +/Title 176 0 R +/A 173 0 R +/Parent 171 0 R +>> endobj +171 0 obj << +/Title 172 0 R +/A 169 0 R +/Parent 147 0 R +/Prev 167 0 R +/Next 179 0 R +/First 175 0 R +/Last 175 0 R +/Count -1 +>> endobj +167 0 obj << +/Title 168 0 R +/A 165 0 R +/Parent 147 0 R +/Prev 163 0 R +/Next 171 0 R +>> endobj +163 0 obj << +/Title 164 0 R +/A 161 0 R +/Parent 147 0 R +/Prev 151 0 R +/Next 167 0 R +>> endobj +159 0 obj << +/Title 160 0 R +/A 157 0 R +/Parent 151 0 R +/Prev 155 0 R +>> endobj +155 0 obj << +/Title 156 0 R +/A 153 0 R +/Parent 151 0 R +/Next 159 0 R +>> endobj +151 0 obj << +/Title 152 0 R +/A 149 0 R +/Parent 147 0 R +/Next 163 0 R +/First 155 0 R +/Last 159 0 R +/Count -2 +>> endobj +147 0 obj << +/Title 148 0 R +/A 145 0 R +/Parent 5911 0 R +/Prev 103 0 R +/Next 235 0 R +/First 151 0 R +/Last 227 0 R +/Count -12 +>> endobj +143 0 obj << +/Title 144 0 R +/A 141 0 R +/Parent 103 0 R +/Prev 139 0 R +>> endobj +139 0 obj << +/Title 140 0 R +/A 137 0 R +/Parent 103 0 R +/Prev 135 0 R +/Next 143 0 R +>> endobj +135 0 obj << +/Title 136 0 R +/A 133 0 R +/Parent 103 0 R +/Prev 131 0 R +/Next 139 0 R +>> endobj +131 0 obj << +/Title 132 0 R +/A 129 0 R +/Parent 103 0 R +/Prev 127 0 R +/Next 135 0 R +>> endobj +127 0 obj << +/Title 128 0 R +/A 125 0 R +/Parent 103 0 R +/Prev 123 0 R +/Next 131 0 R +>> endobj +123 0 obj << +/Title 124 0 R +/A 121 0 R +/Parent 103 0 R +/Prev 119 0 R +/Next 127 0 R +>> endobj +119 0 obj << +/Title 120 0 R +/A 117 0 R +/Parent 103 0 R +/Prev 115 0 R +/Next 123 0 R +>> endobj +115 0 obj << +/Title 116 0 R +/A 113 0 R +/Parent 103 0 R +/Prev 111 0 R +/Next 119 0 R +>> endobj +111 0 obj << +/Title 112 0 R +/A 109 0 R +/Parent 103 0 R +/Prev 107 0 R +/Next 115 0 R +>> endobj +107 0 obj << +/Title 108 0 R +/A 105 0 R +/Parent 103 0 R +/Next 111 0 R +>> endobj +103 0 obj << +/Title 104 0 R +/A 101 0 R +/Parent 5911 0 R +/Prev 15 0 R +/Next 147 0 R +/First 107 0 R +/Last 143 0 R +/Count -10 +>> endobj +99 0 obj << +/Title 100 0 R +/A 97 0 R +/Parent 15 0 R +/Prev 63 0 R +>> endobj +95 0 obj << +/Title 96 0 R +/A 93 0 R +/Parent 87 0 R +/Prev 91 0 R +>> endobj +91 0 obj << +/Title 92 0 R +/A 89 0 R +/Parent 87 0 R +/Next 95 0 R +>> endobj +87 0 obj << +/Title 88 0 R +/A 85 0 R +/Parent 63 0 R +/Prev 75 0 R +/First 91 0 R +/Last 95 0 R +/Count -2 +>> endobj +83 0 obj << +/Title 84 0 R +/A 81 0 R +/Parent 75 0 R +/Prev 79 0 R +>> endobj +79 0 obj << +/Title 80 0 R +/A 77 0 R +/Parent 75 0 R +/Next 83 0 R +>> endobj +75 0 obj << +/Title 76 0 R +/A 73 0 R +/Parent 63 0 R +/Prev 71 0 R +/Next 87 0 R +/First 79 0 R +/Last 83 0 R +/Count -2 +>> endobj +71 0 obj << +/Title 72 0 R +/A 69 0 R +/Parent 63 0 R +/Prev 67 0 R +/Next 75 0 R +>> endobj +67 0 obj << +/Title 68 0 R +/A 65 0 R +/Parent 63 0 R +/Next 71 0 R +>> endobj +63 0 obj << +/Title 64 0 R +/A 61 0 R +/Parent 15 0 R +/Prev 59 0 R +/Next 99 0 R +/First 67 0 R +/Last 87 0 R +/Count -4 +>> endobj +59 0 obj << +/Title 60 0 R +/A 57 0 R +/Parent 15 0 R +/Prev 55 0 R +/Next 63 0 R +>> endobj +55 0 obj << +/Title 56 0 R +/A 53 0 R +/Parent 15 0 R +/Prev 51 0 R +/Next 59 0 R +>> endobj +51 0 obj << +/Title 52 0 R +/A 49 0 R +/Parent 15 0 R +/Prev 43 0 R +/Next 55 0 R +>> endobj +47 0 obj << +/Title 48 0 R +/A 45 0 R +/Parent 43 0 R +>> endobj +43 0 obj << +/Title 44 0 R +/A 41 0 R +/Parent 15 0 R +/Prev 39 0 R +/Next 51 0 R +/First 47 0 R +/Last 47 0 R +/Count -1 +>> endobj +39 0 obj << +/Title 40 0 R +/A 37 0 R +/Parent 15 0 R +/Prev 31 0 R +/Next 43 0 R +>> endobj +35 0 obj << +/Title 36 0 R +/A 33 0 R +/Parent 31 0 R +>> endobj +31 0 obj << +/Title 32 0 R +/A 29 0 R +/Parent 15 0 R +/Prev 27 0 R +/Next 39 0 R +/First 35 0 R +/Last 35 0 R +/Count -1 +>> endobj +27 0 obj << +/Title 28 0 R +/A 25 0 R +/Parent 15 0 R +/Prev 23 0 R +/Next 31 0 R +>> endobj +23 0 obj << +/Title 24 0 R +/A 21 0 R +/Parent 15 0 R +/Prev 19 0 R +/Next 27 0 R +>> endobj +19 0 obj << +/Title 20 0 R +/A 17 0 R +/Parent 15 0 R +/Next 23 0 R +>> endobj +15 0 obj << +/Title 16 0 R +/A 13 0 R +/Parent 5911 0 R +/Prev 11 0 R +/Next 103 0 R +/First 19 0 R +/Last 99 0 R +/Count -11 +>> endobj +11 0 obj << +/Title 12 0 R +/A 9 0 R +/Parent 5911 0 R +/Prev 7 0 R +/Next 15 0 R +>> endobj +7 0 obj << +/Title 8 0 R +/A 5 0 R +/Parent 5911 0 R +/Prev 3 0 R +/Next 11 0 R +>> endobj +3 0 obj << +/Title 4 0 R +/A 1 0 R +/Parent 5911 0 R +/Next 7 0 R +>> endobj +5912 0 obj << +/Names [(0:100) 1238 0 R (0:1001) 1981 0 R (0:1002) 1982 0 R (0:1003) 1983 0 R (0:101) 1239 0 R (0:102) 1240 0 R (0:103) 1241 0 R (0:1030) 1989 0 R (0:1031) 1990 0 R (0:1032) 1991 0 R (0:1033) 1992 0 R (0:104) 1242 0 R (0:105) 1243 0 R (0:106) 1244 0 R (0:1068) 1994 0 R (0:1069) 1995 0 R (0:107) 1245 0 R (0:1070) 1996 0 R (0:1071) 1997 0 R (0:1072) 1998 0 R (0:1073) 1999 0 R (0:1074) 2000 0 R (0:1075) 2001 0 R (0:1076) 2002 0 R (0:1077) 2003 0 R (0:1078) 2004 0 R (0:1079) 2005 0 R (0:108) 1246 0 R (0:1080) 2006 0 R (0:1081) 2007 0 R (0:1082) 2008 0 R (0:1083) 2009 0 R (0:1084) 2010 0 R (0:1085) 2011 0 R (0:1086) 2012 0 R (0:1087) 2013 0 R (0:1088) 2019 0 R (0:1089) 2020 0 R (0:109) 1247 0 R (0:1090) 2021 0 R (0:1091) 2022 0 R (0:1092) 2023 0 R (0:1093) 2024 0 R (0:1094) 2025 0 R (0:1095) 2026 0 R (0:1096) 2027 0 R (0:1097) 2028 0 R (0:1098) 2029 0 R (0:1099) 2030 0 R (0:110) 1248 0 R (0:1100) 2031 0 R (0:1101) 2032 0 R (0:1102) 2033 0 R (0:1103) 2034 0 R (0:1104) 2035 0 R (0:1106) 2036 0 R (0:1109) 2037 0 R (0:111) 1249 0 R (0:1110) 2038 0 R (0:1112) 2040 0 R (0:1114) 2042 0 R (0:1115) 2043 0 R (0:1116) 2044 0 R (0:1117) 2045 0 R (0:1119) 2047 0 R (0:112) 1250 0 R (0:1120) 2048 0 R (0:1121) 2049 0 R (0:1122) 2050 0 R (0:1123) 2051 0 R (0:1124) 2052 0 R (0:1125) 2053 0 R (0:1126) 2054 0 R (0:1127) 2055 0 R (0:1129) 2056 0 R (0:113) 1251 0 R (0:1130) 2057 0 R (0:1131) 2058 0 R (0:1132) 2059 0 R (0:1133) 2060 0 R (0:1135) 2018 0 R (0:1137) 2065 0 R (0:1138) 2066 0 R (0:1139) 2067 0 R (0:114) 1252 0 R (0:1140) 2068 0 R (0:1141) 2069 0 R (0:1142) 2070 0 R (0:1143) 2071 0 R (0:1144) 2072 0 R (0:1145) 2073 0 R (0:1146) 2074 0 R (0:1147) 2075 0 R (0:1148) 2076 0 R (0:1149) 2077 0 R (0:115) 1253 0 R (0:1150) 2078 0 R (0:1151) 2079 0 R (0:1152) 2080 0 R (0:1153) 2081 0 R (0:1154) 2082 0 R (0:1157) 2088 0 R (0:1158) 2089 0 R (0:116) 1254 0 R (0:1160) 2090 0 R (0:1161) 2091 0 R (0:1162) 2092 0 R (0:1163) 2093 0 R (0:1164) 2094 0 R (0:1165) 2095 0 R (0:1166) 2096 0 R (0:1167) 2097 0 R (0:1169) 2098 0 R (0:117) 1255 0 R (0:1171) 2099 0 R (0:1172) 2100 0 R (0:1173) 2101 0 R (0:1174) 2102 0 R (0:1175) 2103 0 R (0:1176) 2104 0 R (0:1178) 2105 0 R (0:1179) 2106 0 R (0:118) 1256 0 R (0:1180) 2107 0 R (0:1181) 2108 0 R (0:1182) 2109 0 R (0:1183) 2110 0 R (0:1184) 2111 0 R (0:1186) 2087 0 R (0:1187) 2118 0 R (0:1188) 2119 0 R (0:1189) 2120 0 R (0:119) 1257 0 R (0:1190) 2121 0 R (0:1191) 2122 0 R (0:1193) 2123 0 R (0:1194) 2124 0 R (0:1195) 2125 0 R (0:1196) 2126 0 R (0:1197) 2127 0 R (0:1198) 2128 0 R (0:120) 1258 0 R (0:1200) 2129 0 R (0:1201) 2130 0 R (0:1202) 2131 0 R (0:1203) 2132 0 R (0:1204) 2133 0 R (0:1205) 2134 0 R (0:1206) 2135 0 R (0:1208) 2136 0 R (0:1209) 2137 0 R (0:121) 1259 0 R (0:1210) 2138 0 R (0:1211) 2139 0 R (0:1212) 2140 0 R (0:1213) 2141 0 R (0:1214) 2142 0 R (0:1216) 2143 0 R (0:1217) 2144 0 R (0:1218) 2145 0 R (0:1219) 2146 0 R (0:122) 1260 0 R (0:1220) 2147 0 R (0:1221) 2148 0 R (0:1222) 2149 0 R (0:1224) 2154 0 R (0:1225) 2155 0 R (0:1226) 2156 0 R (0:1227) 2157 0 R (0:1228) 2158 0 R (0:1229) 2117 0 R (0:123) 1261 0 R (0:1232) 2159 0 R (0:1233) 2160 0 R (0:1234) 2161 0 R (0:1235) 2162 0 R (0:1236) 2163 0 R (0:1237) 2164 0 R (0:1238) 2165 0 R (0:1239) 2166 0 R (0:124) 1262 0 R (0:1240) 2167 0 R (0:1241) 2168 0 R (0:1244) 2174 0 R (0:1245) 2175 0 R (0:1246) 2176 0 R (0:1247) 2177 0 R (0:1248) 2178 0 R (0:1249) 2179 0 R (0:125) 1263 0 R (0:1250) 2180 0 R (0:1252) 2182 0 R (0:1253) 2183 0 R (0:1255) 2185 0 R (0:1256) 2186 0 R (0:1257) 2187 0 R (0:1258) 2188 0 R (0:1259) 2189 0 R (0:126) 1264 0 R (0:1260) 2190 0 R (0:1262) 2191 0 R (0:1263) 2192 0 R (0:1264) 2193 0 R (0:1265) 2194 0 R (0:1266) 2195 0 R (0:1267) 2196 0 R (0:1268) 2197 0 R (0:1269) 2198 0 R (0:127) 1265 0 R (0:1271) 2203 0 R (0:1273) 2205 0 R (0:1277) 2207 0 R (0:1278) 2208 0 R (0:128) 1266 0 R (0:1280) 2209 0 R (0:1281) 2210 0 R (0:1282) 2211 0 R (0:1283) 2212 0 R (0:1284) 2213 0 R (0:1285) 2214 0 R (0:1286) 2215 0 R (0:1287) 2216 0 R (0:1288) 2217 0 R (0:129) 1267 0 R (0:1290) 2218 0 R (0:1291) 2219 0 R (0:1292) 2220 0 R (0:1293) 2221 0 R (0:1294) 2222 0 R (0:1295) 2223 0 R (0:1296) 2224 0 R (0:1299) 2225 0 R (0:130) 1268 0 R (0:1300) 2226 0 R (0:1301) 2227 0 R (0:1302) 2228 0 R (0:1303) 2229 0 R (0:1304) 2230 0 R (0:1306) 2231 0 R (0:1308) 2233 0 R (0:1309) 2234 0 R (0:131) 1269 0 R (0:1310) 2239 0 R (0:1311) 2240 0 R (0:1312) 2241 0 R (0:1313) 2242 0 R (0:1314) 2243 0 R (0:1315) 2244 0 R (0:1316) 2245 0 R (0:1318) 2247 0 R (0:1319) 2248 0 R (0:132) 1270 0 R (0:1320) 2249 0 R (0:1321) 2250 0 R (0:1322) 2251 0 R (0:1323) 2252 0 R (0:1324) 2253 0 R (0:1325) 2254 0 R (0:1326) 2255 0 R (0:1327) 2256 0 R (0:1329) 2257 0 R (0:133) 1271 0 R (0:1330) 2258 0 R (0:1331) 2259 0 R (0:1332) 2260 0 R (0:1333) 2261 0 R (0:1334) 2262 0 R (0:1335) 2263 0 R (0:1336) 2264 0 R (0:1337) 2265 0 R (0:1338) 2266 0 R (0:1339) 2267 0 R (0:1340) 2268 0 R (0:1342) 2273 0 R (0:1344) 2275 0 R (0:1348) 2277 0 R (0:1349) 2278 0 R (0:1351) 2279 0 R (0:1352) 2280 0 R (0:1353) 2281 0 R (0:1354) 2282 0 R (0:1355) 2283 0 R (0:1356) 2284 0 R (0:1357) 2285 0 R (0:1359) 2286 0 R (0:136) 1272 0 R (0:1362) 2288 0 R (0:1363) 2289 0 R (0:1364) 2290 0 R (0:1365) 2291 0 R (0:1368) 2298 0 R (0:1369) 2299 0 R (0:137) 1273 0 R (0:1373) 2301 0 R (0:1374) 2302 0 R (0:1375) 2303 0 R (0:1376) 2304 0 R (0:1377) 2305 0 R (0:1378) 2306 0 R (0:1379) 2307 0 R (0:138) 1274 0 R (0:1380) 2308 0 R (0:1381) 2309 0 R (0:1382) 2310 0 R (0:1383) 2311 0 R (0:1384) 2312 0 R (0:1386) 2313 0 R (0:1387) 2314 0 R (0:1388) 2315 0 R (0:1389) 2316 0 R (0:139) 1278 0 R (0:1390) 2317 0 R (0:1391) 2318 0 R (0:1394) 2319 0 R (0:1396) 2320 0 R (0:1397) 2321 0 R (0:1398) 2322 0 R (0:1399) 2323 0 R (0:14) 1150 0 R (0:140) 1279 0 R (0:1400) 2324 0 R (0:1401) 2325 0 R (0:1403) 2326 0 R (0:1404) 2327 0 R (0:1405) 2328 0 R (0:1407) 2297 0 R (0:1408) 2334 0 R (0:1409) 2335 0 R (0:141) 1280 0 R (0:1410) 2336 0 R (0:1411) 2337 0 R (0:1412) 2338 0 R (0:1414) 2339 0 R (0:1415) 2340 0 R (0:1416) 2341 0 R (0:1417) 2342 0 R (0:1418) 2343 0 R (0:1419) 2344 0 R (0:1421) 2345 0 R (0:1422) 2346 0 R (0:1423) 2347 0 R (0:1424) 2348 0 R (0:1425) 2349 0 R (0:1426) 2350 0 R (0:1428) 2351 0 R (0:1429) 2352 0 R (0:143) 1281 0 R (0:1430) 2353 0 R (0:1431) 2354 0 R (0:1432) 2355 0 R (0:1433) 2356 0 R (0:1435) 2357 0 R (0:1436) 2358 0 R (0:1437) 2359 0 R (0:1438) 2360 0 R (0:1439) 2361 0 R (0:144) 1282 0 R (0:1440) 2362 0 R (0:1443) 2364 0 R (0:1444) 2365 0 R (0:1445) 2366 0 R (0:1446) 2367 0 R (0:1447) 2368 0 R (0:1448) 2369 0 R (0:1449) 2370 0 R (0:145) 1283 0 R (0:1450) 2371 0 R (0:1451) 2375 0 R (0:1452) 2376 0 R (0:1453) 2377 0 R (0:1454) 2378 0 R (0:1455) 2379 0 R (0:1456) 2380 0 R (0:1457) 2381 0 R (0:1458) 2386 0 R (0:1459) 2387 0 R (0:1462) 2388 0 R (0:1464) 2389 0 R (0:1465) 2390 0 R (0:1466) 2391 0 R (0:1467) 2392 0 R (0:1468) 2393 0 R (0:1469) 2394 0 R (0:147) 1287 0 R (0:1470) 2395 0 R (0:1471) 2396 0 R (0:1472) 2397 0 R (0:1473) 2398 0 R (0:1474) 2399 0 R (0:1475) 2400 0 R (0:1476) 2401 0 R (0:1477) 2402 0 R (0:1478) 2403 0 R (0:1479) 2408 0 R (0:148) 1288 0 R (0:1480) 2409 0 R (0:1481) 2410 0 R (0:1482) 2411 0 R (0:1485) 2413 0 R (0:1487) 2414 0 R (0:1488) 2415 0 R (0:1489) 2416 0 R (0:149) 1289 0 R (0:1490) 2417 0 R (0:1491) 2418 0 R (0:1492) 2419 0 R (0:1493) 2420 0 R (0:1494) 2421 0 R (0:1495) 2422 0 R (0:1496) 2423 0 R (0:1497) 2424 0 R (0:1498) 2425 0 R (0:1499) 2426 0 R (0:15) 1151 0 R (0:150) 1290 0 R (0:1500) 2427 0 R (0:1501) 2433 0 R (0:1502) 2434 0 R (0:1503) 2435 0 R (0:1504) 2436 0 R (0:1505) 2437 0 R (0:1506) 2438 0 R (0:1509) 2439 0 R (0:1510) 2440 0 R (0:1511) 2441 0 R (0:1512) 2442 0 R (0:1513) 2443 0 R (0:1514) 2444 0 R (0:1515) 2445 0 R (0:1516) 2446 0 R (0:1517) 2447 0 R (0:1518) 2452 0 R (0:1519) 2453 0 R (0:152) 1292 0 R (0:1520) 2432 0 R (0:1521) 2454 0 R (0:1522) 2455 0 R (0:1523) 2456 0 R (0:1524) 2457 0 R (0:1525) 2458 0 R (0:1528) 2459 0 R (0:1529) 2460 0 R (0:153) 1293 0 R (0:1530) 2461 0 R (0:1531) 2462 0 R (0:1532) 2463 0 R (0:154) 1294 0 R (0:156) 1296 0 R (0:1562) 2465 0 R (0:1563) 2466 0 R (0:1564) 2467 0 R (0:1565) 2468 0 R (0:1566) 2469 0 R (0:1567) 2470 0 R (0:1568) 2471 0 R (0:157) 1297 0 R (0:1571) 2472 0 R (0:1573) 2473 0 R (0:1574) 2474 0 R (0:1575) 2475 0 R (0:1576) 2481 0 R (0:1577) 2482 0 R (0:1578) 2483 0 R (0:1579) 2484 0 R (0:158) 1298 0 R (0:1580) 2485 0 R (0:1581) 2486 0 R (0:1582) 2487 0 R (0:1584) 2488 0 R (0:1585) 2489 0 R (0:1586) 2490 0 R (0:1587) 2491 0 R (0:1588) 2492 0 R (0:1589) 2493 0 R (0:159) 1299 0 R (0:1590) 2494 0 R (0:1592) 2495 0 R (0:1593) 2496 0 R (0:1594) 2497 0 R (0:1595) 2502 0 R (0:1596) 2503 0 R (0:1597) 2504 0 R (0:1598) 2505 0 R (0:1599) 2506 0 R (0:16) 1152 0 R (0:160) 1300 0 R (0:1600) 2507 0 R (0:1601) 2508 0 R (0:1602) 2509 0 R (0:1603) 2510 0 R (0:1604) 2511 0 R (0:1605) 2512 0 R (0:1606) 2513 0 R (0:1608) 2514 0 R (0:1609) 2515 0 R (0:161) 1301 0 R (0:1610) 2516 0 R (0:1611) 2517 0 R (0:1612) 2518 0 R (0:1613) 2519 0 R (0:1614) 2520 0 R (0:1615) 2521 0 R (0:1616) 2522 0 R (0:1617) 2523 0 R (0:1618) 2524 0 R (0:1619) 2525 0 R (0:1621) 2526 0 R (0:1622) 2527 0 R (0:1625) 2533 0 R (0:1626) 2534 0 R (0:1627) 2535 0 R (0:1628) 2536 0 R (0:1629) 2537 0 R (0:163) 1302 0 R (0:1630) 2538 0 R (0:1631) 2539 0 R (0:1632) 2540 0 R (0:1633) 2541 0 R (0:1635) 2542 0 R (0:1636) 2543 0 R (0:1637) 2544 0 R (0:1641) 2549 0 R (0:1642) 2550 0 R (0:1643) 2551 0 R (0:1644) 2552 0 R (0:1645) 2553 0 R (0:1646) 2554 0 R (0:1647) 2555 0 R (0:1648) 2556 0 R (0:1649) 2557 0 R (0:165) 1304 0 R (0:1650) 2558 0 R (0:1652) 2559 0 R (0:1653) 2560 0 R (0:1654) 2561 0 R (0:1655) 2562 0 R (0:1656) 2563 0 R (0:1657) 2564 0 R (0:1658) 2565 0 R (0:1659) 2566 0 R (0:166) 1305 0 R (0:1660) 2567 0 R (0:1663) 2568 0 R (0:1664) 2569 0 R (0:1665) 2570 0 R (0:1666) 2571 0 R (0:1667) 2572 0 R (0:1668) 2573 0 R (0:167) 1306 0 R (0:1672) 2577 0 R (0:1673) 2578 0 R (0:1674) 2579 0 R (0:1675) 2580 0 R (0:1676) 2581 0 R (0:1677) 2582 0 R (0:1678) 2583 0 R (0:1679) 2584 0 R (0:168) 1307 0 R (0:1680) 2585 0 R (0:1681) 2586 0 R (0:1682) 2587 0 R (0:1683) 2588 0 R (0:1684) 2589 0 R (0:1685) 2590 0 R (0:1686) 2591 0 R (0:1687) 2592 0 R (0:1688) 2593 0 R (0:1689) 2594 0 R (0:169) 1308 0 R (0:1690) 2595 0 R (0:1691) 2596 0 R (0:1692) 2601 0 R (0:1693) 2602 0 R (0:1694) 2603 0 R (0:1695) 2604 0 R (0:1696) 2605 0 R (0:1697) 2606 0 R (0:1698) 2607 0 R (0:1699) 2608 0 R (0:17) 1153 0 R (0:170) 1309 0 R (0:1700) 2609 0 R (0:1701) 2610 0 R (0:1702) 2611 0 R (0:1703) 2612 0 R (0:1704) 2613 0 R (0:1705) 2614 0 R (0:1706) 2615 0 R (0:1707) 2616 0 R (0:1708) 2617 0 R (0:1709) 2618 0 R (0:171) 1310 0 R (0:1710) 2619 0 R (0:1711) 2620 0 R (0:1714) 2621 0 R (0:1715) 2622 0 R (0:1716) 2623 0 R (0:1717) 2624 0 R (0:1718) 2625 0 R (0:1719) 2626 0 R (0:172) 1311 0 R (0:1720) 2627 0 R (0:1721) 2628 0 R (0:1722) 2629 0 R (0:1723) 2630 0 R (0:1724) 2631 0 R (0:1725) 2632 0 R (0:1726) 2633 0 R (0:1727) 2634 0 R (0:1728) 2635 0 R (0:1729) 2636 0 R (0:173) 1312 0 R (0:1730) 2637 0 R (0:1731) 2638 0 R (0:1732) 2639 0 R (0:1733) 2640 0 R (0:1734) 2641 0 R (0:1735) 2642 0 R (0:1736) 2643 0 R (0:1737) 2644 0 R (0:174) 1313 0 R (0:1740) 2650 0 R (0:1741) 2651 0 R (0:1742) 2652 0 R (0:1743) 2653 0 R (0:1744) 2654 0 R (0:1745) 2655 0 R (0:1746) 2656 0 R (0:1747) 2657 0 R (0:1748) 2658 0 R (0:1749) 2659 0 R (0:175) 1314 0 R (0:1750) 2660 0 R (0:1751) 2661 0 R (0:1752) 2662 0 R (0:1753) 2663 0 R (0:1754) 2664 0 R (0:1755) 2665 0 R (0:1756) 2666 0 R (0:1757) 2667 0 R (0:1758) 2668 0 R (0:1759) 2669 0 R (0:176) 1315 0 R (0:1760) 2670 0 R (0:1761) 2671 0 R (0:1762) 2672 0 R (0:1763) 2673 0 R (0:1764) 2674 0 R (0:1765) 2675 0 R (0:1766) 2676 0 R (0:1767) 2677 0 R (0:1768) 2678 0 R (0:1769) 2679 0 R (0:177) 1316 0 R (0:1773) 2681 0 R (0:1776) 2682 0 R (0:1777) 2683 0 R (0:1778) 2684 0 R (0:1779) 2685 0 R (0:178) 1317 0 R (0:1781) 2692 0 R (0:1782) 2693 0 R (0:1783) 2694 0 R (0:1784) 2649 0 R (0:1786) 2695 0 R (0:1787) 2696 0 R (0:1788) 2697 0 R (0:1789) 2698 0 R (0:1791) 2699 0 R (0:1792) 2700 0 R (0:1793) 2701 0 R (0:1794) 2702 0 R (0:1795) 2703 0 R (0:1797) 2704 0 R (0:1798) 2705 0 R (0:1799) 2706 0 R (0:18) 1154 0 R (0:180) 1318 0 R (0:1800) 2707 0 R (0:1802) 2708 0 R (0:1803) 2709 0 R (0:1804) 2710 0 R (0:1805) 2711 0 R (0:1807) 2712 0 R (0:1808) 2713 0 R (0:1809) 2714 0 R (0:181) 1319 0 R (0:1810) 2715 0 R (0:1811) 2716 0 R (0:1813) 2717 0 R (0:1814) 2718 0 R (0:1815) 2719 0 R (0:1817) 2724 0 R (0:1818) 2725 0 R (0:1819) 2726 0 R (0:182) 1320 0 R (0:1821) 2691 0 R (0:1822) 2727 0 R (0:1823) 2728 0 R (0:1825) 2729 0 R (0:1826) 2730 0 R (0:1827) 2731 0 R (0:1829) 2732 0 R (0:183) 1326 0 R (0:1830) 2733 0 R (0:1831) 2734 0 R (0:1833) 2735 0 R (0:1834) 2736 0 R (0:1835) 2737 0 R (0:1836) 2738 0 R (0:1838) 2740 0 R (0:1839) 2741 0 R (0:1841) 2742 0 R (0:1842) 2743 0 R (0:1843) 2744 0 R (0:1844) 2745 0 R (0:1845) 2746 0 R (0:1846) 2747 0 R (0:1847) 2748 0 R (0:1848) 2749 0 R (0:185) 1328 0 R (0:1851) 2751 0 R (0:1852) 2752 0 R (0:1853) 2753 0 R (0:1854) 2754 0 R (0:1855) 2755 0 R (0:1856) 2756 0 R (0:1857) 2757 0 R (0:1858) 2758 0 R (0:1859) 2764 0 R (0:186) 1329 0 R (0:1861) 2766 0 R (0:1862) 2767 0 R (0:1864) 2768 0 R (0:1865) 2769 0 R (0:1866) 2770 0 R (0:1869) 2772 0 R (0:187) 1330 0 R (0:1870) 2773 0 R (0:1871) 2774 0 R (0:1872) 2775 0 R (0:1873) 2776 0 R (0:1874) 2777 0 R (0:1875) 2778 0 R (0:1876) 2779 0 R (0:1877) 2780 0 R (0:1878) 2781 0 R (0:1879) 2782 0 R (0:1880) 2783 0 R (0:1881) 2784 0 R (0:1882) 2785 0 R (0:1883) 2786 0 R (0:1884) 2787 0 R (0:1885) 2788 0 R (0:1886) 2789 0 R (0:1887) 2790 0 R (0:1888) 2791 0 R (0:1889) 2792 0 R (0:189) 1332 0 R (0:1890) 2793 0 R (0:1891) 2794 0 R (0:1892) 2795 0 R (0:1893) 2796 0 R (0:1894) 2797 0 R (0:1895) 2798 0 R (0:1896) 2799 0 R (0:1897) 2800 0 R (0:1898) 2801 0 R (0:1899) 2802 0 R (0:19) 1155 0 R (0:190) 1333 0 R (0:1900) 2803 0 R (0:1901) 2804 0 R (0:1902) 2805 0 R (0:1903) 2806 0 R (0:1904) 2813 0 R (0:1905) 2814 0 R (0:1906) 2815 0 R (0:1907) 2816 0 R (0:1908) 2817 0 R (0:1909) 2818 0 R (0:191) 1336 0 R (0:1910) 2819 0 R (0:1911) 2820 0 R (0:1912) 2821 0 R (0:1913) 2822 0 R (0:1914) 2823 0 R (0:1917) 2825 0 R (0:1918) 2826 0 R (0:1919) 2827 0 R (0:192) 1337 0 R (0:1920) 2828 0 R (0:1921) 2829 0 R (0:1922) 2830 0 R (0:1924) 2836 0 R (0:1925) 2837 0 R (0:1926) 2838 0 R (0:1927) 2812 0 R (0:1928) 2839 0 R (0:1929) 2840 0 R (0:1930) 2841 0 R (0:1931) 2842 0 R (0:1933) 2843 0 R (0:1934) 2844 0 R (0:1935) 2845 0 R (0:1936) 2846 0 R (0:1937) 2847 0 R (0:1938) 2848 0 R (0:1939) 2849 0 R (0:194) 1339 0 R (0:1942) 2850 0 R (0:1943) 2851 0 R (0:1944) 2852 0 R (0:1945) 2853 0 R (0:1946) 2854 0 R (0:1947) 2855 0 R (0:1948) 2856 0 R (0:1949) 2857 0 R (0:195) 1340 0 R (0:1950) 2858 0 R (0:1952) 2860 0 R (0:1953) 2861 0 R (0:1954) 2862 0 R (0:1955) 2867 0 R (0:1957) 2835 0 R (0:196) 1341 0 R (0:1961) 2869 0 R (0:1962) 2870 0 R (0:1963) 2871 0 R (0:1964) 2872 0 R (0:1965) 2873 0 R (0:1967) 2875 0 R (0:1968) 2876 0 R (0:1969) 2877 0 R (0:197) 1342 0 R (0:1970) 2878 0 R (0:1971) 2879 0 R (0:1972) 2880 0 R (0:1973) 2881 0 R (0:1974) 2882 0 R (0:1975) 2883 0 R (0:1976) 2884 0 R (0:1977) 2885 0 R (0:1980) 2887 0 R (0:1981) 2888 0 R (0:1982) 2889 0 R (0:1983) 2890 0 R (0:1984) 2891 0 R (0:1985) 2892 0 R (0:1986) 2893 0 R (0:1988) 2894 0 R (0:199) 1344 0 R (0:1991) 2896 0 R (0:1992) 2902 0 R (0:1993) 2903 0 R (0:1994) 2904 0 R (0:1995) 2905 0 R (0:1996) 2906 0 R (0:1998) 2907 0 R (0:1999) 2908 0 R (0:20) 1156 0 R (0:200) 1345 0 R (0:2002) 2910 0 R (0:2003) 2911 0 R (0:2004) 2912 0 R (0:2005) 2913 0 R (0:2006) 2914 0 R (0:2007) 2915 0 R (0:2008) 2916 0 R (0:201) 1346 0 R (0:2010) 2917 0 R (0:2011) 2918 0 R (0:2014) 2919 0 R (0:2015) 2920 0 R (0:2016) 2921 0 R (0:2017) 2922 0 R (0:2018) 2923 0 R (0:2019) 2924 0 R (0:2020) 2925 0 R (0:2021) 2926 0 R (0:2022) 2927 0 R (0:2023) 2928 0 R (0:2024) 2929 0 R (0:2025) 2934 0 R (0:2026) 2935 0 R (0:2028) 2936 0 R (0:2029) 2937 0 R (0:203) 1348 0 R (0:2030) 2938 0 R (0:2032) 2939 0 R (0:2033) 2940 0 R (0:2034) 2941 0 R (0:2035) 2942 0 R (0:2036) 2943 0 R (0:2037) 2944 0 R (0:2038) 2945 0 R (0:2039) 2946 0 R (0:204) 1349 0 R (0:2040) 2947 0 R (0:2041) 2948 0 R (0:2042) 2949 0 R (0:2043) 2950 0 R (0:2044) 2951 0 R (0:2045) 2952 0 R (0:2046) 2953 0 R (0:2047) 2954 0 R (0:2048) 2955 0 R (0:2049) 2956 0 R (0:205) 1350 0 R (0:2052) 2958 0 R (0:2053) 2959 0 R (0:2056) 2960 0 R (0:2057) 2961 0 R (0:2058) 2962 0 R (0:2059) 2967 0 R (0:2060) 2968 0 R (0:2061) 2969 0 R (0:2063) 2971 0 R (0:2065) 2972 0 R (0:2066) 2973 0 R (0:2067) 2974 0 R (0:2068) 2975 0 R (0:207) 1352 0 R (0:2071) 2976 0 R (0:2072) 2977 0 R (0:2073) 2978 0 R (0:2074) 2979 0 R (0:2075) 2980 0 R (0:2076) 2981 0 R (0:2077) 2982 0 R (0:2078) 2983 0 R (0:2079) 2984 0 R (0:208) 1353 0 R (0:2080) 2985 0 R (0:2081) 2986 0 R (0:2082) 2987 0 R (0:2083) 2988 0 R (0:2084) 2989 0 R (0:2086) 2990 0 R (0:2089) 2997 0 R (0:209) 1354 0 R (0:2090) 2998 0 R (0:2091) 2999 0 R (0:2092) 3000 0 R (0:2093) 3001 0 R (0:2094) 3002 0 R (0:2095) 3003 0 R (0:2096) 3004 0 R (0:2097) 3005 0 R (0:2098) 3006 0 R (0:2099) 3007 0 R (0:21) 1157 0 R (0:2100) 3008 0 R (0:2101) 3009 0 R (0:2102) 3010 0 R (0:2103) 3011 0 R (0:2104) 3012 0 R (0:2105) 3013 0 R (0:2106) 3014 0 R (0:2107) 3015 0 R (0:2108) 3016 0 R (0:2109) 3017 0 R (0:211) 1356 0 R (0:2110) 3018 0 R (0:2111) 3019 0 R (0:2114) 3020 0 R (0:2115) 3021 0 R (0:2116) 3026 0 R (0:2117) 3027 0 R (0:2118) 3028 0 R (0:2119) 2995 0 R (0:212) 1357 0 R (0:2121) 3029 0 R (0:2122) 3030 0 R (0:2123) 3031 0 R (0:2124) 3032 0 R (0:2125) 3033 0 R (0:2126) 3034 0 R (0:2127) 3035 0 R (0:2128) 3036 0 R (0:2129) 3037 0 R (0:213) 1358 0 R (0:2132) 3038 0 R (0:2133) 3039 0 R (0:2134) 3040 0 R (0:2135) 3041 0 R (0:2136) 3042 0 R (0:2137) 3043 0 R (0:2138) 3044 0 R (0:214) 1359 0 R (0:2141) 3045 0 R (0:2142) 3046 0 R (0:2143) 3047 0 R (0:2144) 3048 0 R (0:2145) 3049 0 R (0:2146) 3054 0 R (0:2147) 3055 0 R (0:2149) 3056 0 R (0:2150) 3057 0 R (0:2151) 3058 0 R (0:2152) 3059 0 R (0:2153) 3060 0 R (0:2154) 3061 0 R (0:2155) 3062 0 R (0:2156) 3063 0 R (0:2157) 3064 0 R (0:2158) 3065 0 R (0:2159) 3066 0 R (0:216) 1361 0 R (0:2160) 3067 0 R (0:2161) 3068 0 R (0:2162) 3069 0 R (0:2163) 3070 0 R (0:2164) 3071 0 R (0:2165) 3072 0 R (0:2168) 3074 0 R (0:2169) 3075 0 R (0:217) 1362 0 R (0:2170) 3076 0 R (0:2171) 3077 0 R (0:2172) 3078 0 R (0:2173) 3079 0 R (0:2174) 3080 0 R (0:2175) 3081 0 R (0:2176) 3082 0 R (0:2177) 3083 0 R (0:2178) 3084 0 R (0:2179) 3085 0 R (0:218) 1363 0 R (0:2180) 3086 0 R (0:2181) 3087 0 R (0:2182) 3088 0 R (0:2183) 3089 0 R (0:2185) 3095 0 R (0:2186) 3096 0 R (0:2187) 3097 0 R (0:2188) 3098 0 R (0:2189) 3099 0 R (0:2192) 3101 0 R (0:2193) 3102 0 R (0:2194) 3103 0 R (0:2195) 3104 0 R (0:2199) 3110 0 R (0:22) 1158 0 R (0:220) 1365 0 R (0:2200) 3111 0 R (0:2202) 3112 0 R (0:2203) 3113 0 R (0:2204) 3114 0 R (0:2205) 3115 0 R (0:2206) 3116 0 R (0:2207) 3117 0 R (0:2208) 3118 0 R (0:2209) 3119 0 R (0:221) 1366 0 R (0:2210) 3120 0 R (0:2211) 3121 0 R (0:2212) 3122 0 R (0:2213) 3123 0 R (0:2215) 3124 0 R (0:2216) 3125 0 R (0:2217) 3126 0 R (0:2218) 3127 0 R (0:2220) 3128 0 R (0:2222) 3130 0 R (0:2223) 3131 0 R (0:2224) 3132 0 R (0:2225) 3133 0 R (0:2226) 3134 0 R (0:2227) 3135 0 R (0:2228) 3136 0 R (0:223) 1368 0 R (0:2230) 3137 0 R (0:2231) 3138 0 R (0:2232) 3139 0 R (0:2233) 3145 0 R (0:2234) 3146 0 R (0:2237) 3147 0 R (0:2238) 3148 0 R (0:2239) 3149 0 R (0:224) 1369 0 R (0:2243) 3156 0 R (0:2244) 3157 0 R (0:2245) 3158 0 R (0:2246) 3159 0 R (0:2247) 3160 0 R (0:2248) 3161 0 R (0:2249) 3162 0 R (0:225) 1370 0 R (0:2250) 3163 0 R (0:2251) 3164 0 R (0:2254) 3166 0 R (0:2255) 3167 0 R (0:2256) 3168 0 R (0:2257) 3169 0 R (0:2258) 3170 0 R (0:2259) 3171 0 R (0:2260) 3172 0 R (0:2261) 3173 0 R (0:2262) 3174 0 R (0:2263) 3175 0 R (0:2264) 3176 0 R (0:2265) 3177 0 R (0:2266) 3178 0 R (0:2267) 3179 0 R (0:2268) 3180 0 R (0:2269) 3186 0 R (0:227) 1372 0 R (0:2270) 3187 0 R (0:2271) 3188 0 R (0:2272) 3189 0 R (0:2273) 3190 0 R (0:2274) 3191 0 R (0:2275) 3192 0 R (0:2276) 3193 0 R (0:2279) 3195 0 R (0:228) 1373 0 R (0:2280) 3196 0 R (0:2281) 3197 0 R (0:2282) 3198 0 R (0:2283) 3199 0 R (0:2285) 3200 0 R (0:2288) 3201 0 R (0:2289) 3206 0 R (0:229) 1374 0 R (0:2290) 3207 0 R (0:2291) 3185 0 R (0:2293) 3208 0 R (0:2294) 3209 0 R (0:2295) 3210 0 R (0:2296) 3211 0 R (0:230) 1375 0 R (0:2300) 3213 0 R (0:2301) 3214 0 R (0:2302) 3215 0 R (0:2303) 3216 0 R (0:2304) 3217 0 R (0:2305) 3218 0 R (0:2306) 3219 0 R (0:2307) 3225 0 R (0:231) 1376 0 R (0:2310) 3226 0 R (0:2311) 3227 0 R (0:2312) 3228 0 R (0:2313) 3229 0 R (0:2314) 3230 0 R (0:2315) 3231 0 R (0:2316) 3232 0 R (0:2317) 3237 0 R (0:232) 1377 0 R (0:2320) 3238 0 R (0:2321) 3239 0 R (0:2322) 3240 0 R (0:2323) 3241 0 R (0:2324) 3242 0 R (0:2325) 3243 0 R (0:2326) 3244 0 R (0:2327) 3245 0 R (0:2328) 3246 0 R (0:233) 1378 0 R (0:2331) 3247 0 R (0:2332) 3248 0 R (0:2333) 3249 0 R (0:2334) 3254 0 R (0:2335) 3255 0 R (0:2336) 3256 0 R (0:2337) 3257 0 R (0:2338) 3258 0 R (0:2339) 3259 0 R (0:234) 1379 0 R (0:2340) 3260 0 R (0:2342) 3261 0 R (0:2343) 3262 0 R (0:2344) 3263 0 R (0:2345) 3264 0 R (0:2346) 3265 0 R (0:2347) 3266 0 R (0:2348) 3267 0 R (0:2349) 3268 0 R (0:2350) 3269 0 R (0:2351) 3270 0 R (0:2352) 3271 0 R (0:2353) 3272 0 R (0:2357) 3277 0 R (0:2358) 3278 0 R (0:2359) 3279 0 R (0:236) 1381 0 R (0:2360) 3280 0 R (0:2361) 3281 0 R (0:2362) 3282 0 R (0:2363) 3283 0 R (0:2365) 3284 0 R (0:2366) 3285 0 R (0:2367) 3286 0 R (0:2368) 3287 0 R (0:2369) 3288 0 R (0:2370) 3289 0 R (0:2371) 3290 0 R (0:2374) 3291 0 R (0:2375) 3292 0 R (0:2376) 3293 0 R (0:2377) 3294 0 R (0:2378) 3295 0 R (0:2379) 3296 0 R (0:2380) 3297 0 R (0:2381) 3298 0 R (0:2383) 3300 0 R (0:2384) 3301 0 R (0:2385) 3302 0 R (0:2386) 3303 0 R (0:2387) 3304 0 R (0:2388) 3305 0 R (0:2389) 3306 0 R (0:2390) 3312 0 R (0:2391) 3313 0 R (0:2392) 3307 0 R (0:2396) 3314 0 R (0:2397) 3315 0 R (0:2398) 3316 0 R (0:2399) 3317 0 R (0:240) 1383 0 R (0:2400) 3318 0 R (0:2401) 3319 0 R (0:2402) 3320 0 R (0:2403) 3321 0 R (0:2406) 3322 0 R (0:2407) 3323 0 R (0:2408) 3324 0 R (0:2409) 3325 0 R (0:241) 1384 0 R (0:2410) 3326 0 R (0:2411) 3327 0 R (0:2412) 3328 0 R (0:2414) 3329 0 R (0:2415) 3330 0 R (0:2416) 3331 0 R (0:2417) 3332 0 R (0:2418) 3333 0 R (0:2419) 3334 0 R (0:242) 1385 0 R (0:2420) 3335 0 R (0:2421) 3336 0 R (0:2422) 3337 0 R (0:2423) 3338 0 R (0:2424) 3339 0 R (0:2425) 3340 0 R (0:2426) 3341 0 R (0:2427) 3342 0 R (0:2428) 3343 0 R (0:2429) 3344 0 R (0:243) 1386 0 R (0:2430) 3345 0 R (0:2432) 3346 0 R (0:2433) 3347 0 R (0:2434) 3348 0 R (0:2435) 3349 0 R (0:2436) 3350 0 R (0:2437) 3351 0 R (0:2438) 3352 0 R (0:244) 1387 0 R (0:2440) 3357 0 R (0:2441) 3358 0 R (0:2442) 3359 0 R (0:2443) 3360 0 R (0:2444) 3361 0 R (0:2445) 3362 0 R (0:2447) 3363 0 R (0:2448) 3364 0 R (0:2449) 3365 0 R (0:245) 1388 0 R (0:2450) 3366 0 R (0:2452) 3367 0 R (0:2453) 3368 0 R (0:2454) 3369 0 R (0:2455) 3370 0 R (0:2456) 3371 0 R (0:2459) 3372 0 R (0:246) 1389 0 R (0:2460) 3373 0 R (0:2461) 3374 0 R (0:2462) 3375 0 R (0:2463) 3376 0 R (0:2464) 3377 0 R (0:2465) 3378 0 R (0:2466) 3379 0 R (0:2467) 3380 0 R (0:2468) 3381 0 R (0:2469) 3382 0 R (0:247) 1390 0 R (0:2470) 3383 0 R (0:2471) 3384 0 R (0:2472) 3385 0 R (0:2473) 3386 0 R (0:2474) 3387 0 R (0:2475) 3388 0 R (0:2476) 3389 0 R (0:2477) 3390 0 R (0:2478) 3391 0 R (0:2479) 3392 0 R (0:248) 1391 0 R (0:2480) 3398 0 R (0:2481) 3399 0 R (0:2482) 3400 0 R (0:2483) 3401 0 R (0:2484) 3402 0 R (0:2485) 3403 0 R (0:2486) 3404 0 R (0:2487) 3405 0 R (0:2488) 3406 0 R (0:2489) 3407 0 R (0:249) 1396 0 R (0:2490) 3408 0 R (0:2491) 3409 0 R (0:2492) 3410 0 R (0:2493) 3411 0 R (0:2494) 3412 0 R (0:2495) 3413 0 R (0:2496) 3414 0 R (0:2497) 3415 0 R (0:2499) 3417 0 R (0:25) 1162 0 R (0:250) 1397 0 R (0:2500) 3418 0 R (0:2501) 3419 0 R (0:2502) 3420 0 R (0:2503) 3421 0 R (0:2504) 3422 0 R (0:2505) 3423 0 R (0:2506) 3424 0 R (0:2507) 3425 0 R (0:2508) 3426 0 R (0:2509) 3427 0 R (0:251) 1398 0 R (0:2510) 3428 0 R (0:2511) 3429 0 R (0:2512) 3430 0 R (0:2513) 3431 0 R (0:2514) 3432 0 R (0:2515) 3433 0 R (0:2516) 3434 0 R (0:2519) 3435 0 R (0:252) 1399 0 R (0:2520) 3436 0 R (0:2521) 3437 0 R (0:2522) 3442 0 R (0:2523) 3443 0 R (0:2524) 3444 0 R (0:2527) 3445 0 R (0:2528) 3446 0 R (0:2529) 3447 0 R (0:253) 1400 0 R (0:2530) 3448 0 R (0:2532) 3449 0 R (0:2533) 3450 0 R (0:2534) 3451 0 R (0:2535) 3452 0 R (0:2536) 3453 0 R (0:2537) 3454 0 R (0:254) 1401 0 R (0:2540) 3456 0 R (0:2541) 3457 0 R (0:2542) 3458 0 R (0:2543) 3463 0 R (0:2544) 3464 0 R (0:2545) 3465 0 R (0:2546) 3466 0 R (0:2547) 3467 0 R (0:2548) 3468 0 R (0:2549) 3469 0 R (0:255) 1402 0 R (0:2551) 3470 0 R (0:2552) 3471 0 R (0:2553) 3472 0 R (0:2555) 3474 0 R (0:2556) 3475 0 R (0:2557) 3476 0 R (0:2558) 3477 0 R (0:2559) 3478 0 R (0:2560) 3479 0 R (0:2561) 3480 0 R (0:2562) 3481 0 R (0:2563) 3482 0 R (0:2564) 3483 0 R (0:2567) 3485 0 R (0:2568) 3486 0 R (0:2569) 3487 0 R (0:257) 1404 0 R (0:2570) 3488 0 R (0:2572) 3489 0 R (0:2573) 3490 0 R (0:2574) 3491 0 R (0:2575) 3492 0 R (0:2576) 3493 0 R (0:2577) 3494 0 R (0:2578) 3495 0 R (0:2579) 3496 0 R (0:258) 1405 0 R (0:2580) 3497 0 R (0:2581) 3498 0 R (0:2582) 3499 0 R (0:2583) 3500 0 R (0:2585) 3505 0 R (0:2586) 3506 0 R (0:2587) 3507 0 R (0:2589) 3510 0 R (0:259) 1406 0 R (0:2590) 3511 0 R (0:2591) 3512 0 R (0:2592) 3513 0 R (0:2593) 3514 0 R (0:2594) 3515 0 R (0:2595) 3516 0 R (0:2596) 3517 0 R (0:2597) 3518 0 R (0:2598) 3519 0 R (0:260) 1407 0 R (0:2601) 3520 0 R (0:2602) 3521 0 R (0:2603) 3522 0 R (0:2604) 3523 0 R (0:2605) 3524 0 R (0:2606) 3525 0 R (0:2607) 3526 0 R (0:2608) 3527 0 R (0:2609) 3528 0 R (0:261) 1408 0 R (0:2610) 3529 0 R (0:2611) 3530 0 R (0:2612) 3531 0 R (0:2615) 3532 0 R (0:2616) 3533 0 R (0:2617) 3539 0 R (0:2618) 3540 0 R (0:262) 1409 0 R (0:2621) 3541 0 R (0:2622) 3542 0 R (0:2623) 3543 0 R (0:2624) 3544 0 R (0:2625) 3545 0 R (0:2626) 3546 0 R (0:2627) 3547 0 R (0:2629) 3548 0 R (0:263) 1410 0 R (0:2630) 3549 0 R (0:2631) 3550 0 R (0:2633) 3551 0 R (0:2634) 3552 0 R (0:2635) 3553 0 R (0:2637) 3554 0 R (0:2638) 3555 0 R (0:2639) 3556 0 R (0:264) 1411 0 R (0:2641) 3557 0 R (0:2642) 3558 0 R (0:2643) 3559 0 R (0:2645) 3560 0 R (0:2646) 3561 0 R (0:2647) 3562 0 R (0:2649) 3563 0 R (0:265) 1412 0 R (0:2650) 3564 0 R (0:2651) 3565 0 R (0:2653) 3566 0 R (0:2654) 3567 0 R (0:2655) 3568 0 R (0:2657) 3569 0 R (0:2658) 3570 0 R (0:2659) 3571 0 R (0:2661) 3572 0 R (0:2662) 3573 0 R (0:2663) 3574 0 R (0:2665) 3580 0 R (0:2666) 3581 0 R (0:2667) 3582 0 R (0:2668) 3538 0 R (0:2669) 3583 0 R (0:2670) 3584 0 R (0:2671) 3585 0 R (0:2672) 3586 0 R (0:2673) 3587 0 R (0:2675) 3589 0 R (0:2676) 3590 0 R (0:2677) 3591 0 R (0:2678) 3592 0 R (0:2679) 3593 0 R (0:268) 1413 0 R (0:269) 1414 0 R (0:27) 1163 0 R (0:270) 1415 0 R (0:2703) 3595 0 R (0:2704) 3596 0 R (0:2705) 3597 0 R (0:271) 1416 0 R (0:272) 1417 0 R (0:2720) 3599 0 R (0:2722) 3600 0 R (0:2725) 3601 0 R (0:2726) 3602 0 R (0:2727) 3603 0 R (0:2728) 3604 0 R (0:2729) 3605 0 R (0:273) 1418 0 R (0:2730) 3606 0 R (0:2731) 3613 0 R (0:2732) 3579 0 R (0:2735) 3614 0 R (0:2736) 3615 0 R (0:2738) 3616 0 R (0:2739) 3617 0 R (0:274) 1419 0 R (0:2740) 3618 0 R (0:2741) 3619 0 R (0:2742) 3620 0 R (0:2743) 3621 0 R (0:2744) 3622 0 R (0:2745) 3623 0 R (0:2746) 3624 0 R (0:2747) 3625 0 R (0:2748) 3626 0 R (0:2749) 3627 0 R (0:275) 1420 0 R (0:2750) 3628 0 R (0:2751) 3629 0 R (0:2752) 3630 0 R (0:2753) 3631 0 R (0:2754) 3632 0 R (0:2755) 3633 0 R (0:2756) 3634 0 R (0:2757) 3635 0 R (0:2758) 3636 0 R (0:2759) 3637 0 R (0:276) 1421 0 R (0:2760) 3638 0 R (0:2761) 3639 0 R (0:2762) 3640 0 R (0:2763) 3641 0 R (0:2764) 3642 0 R (0:2765) 3643 0 R (0:2766) 3644 0 R (0:2767) 3645 0 R (0:2768) 3646 0 R (0:2769) 3647 0 R (0:277) 1422 0 R (0:2770) 3648 0 R (0:2771) 3649 0 R (0:2772) 3650 0 R (0:2773) 3651 0 R (0:2774) 3652 0 R (0:2775) 3653 0 R (0:2776) 3654 0 R (0:2777) 3655 0 R (0:2778) 3656 0 R (0:2779) 3657 0 R (0:278) 1423 0 R (0:2780) 3658 0 R (0:2781) 3659 0 R (0:2782) 3660 0 R (0:2783) 3661 0 R (0:2784) 3662 0 R (0:2785) 3663 0 R (0:2787) 3668 0 R (0:2788) 3669 0 R (0:2789) 3670 0 R (0:279) 1424 0 R (0:2790) 3612 0 R (0:2792) 3671 0 R (0:2793) 3672 0 R (0:2794) 3673 0 R (0:2796) 3674 0 R (0:2797) 3675 0 R (0:280) 1425 0 R (0:2800) 3676 0 R (0:2801) 3677 0 R (0:2802) 3678 0 R (0:2803) 3679 0 R (0:2804) 3680 0 R (0:2805) 3681 0 R (0:2806) 3682 0 R (0:2807) 3683 0 R (0:2808) 3684 0 R (0:2809) 3685 0 R (0:281) 1426 0 R (0:2811) 3686 0 R (0:2812) 3687 0 R (0:2813) 3688 0 R (0:2814) 3689 0 R (0:2815) 3690 0 R (0:2816) 3691 0 R (0:2819) 3692 0 R (0:282) 1427 0 R (0:2820) 3693 0 R (0:2821) 3694 0 R (0:2822) 3695 0 R (0:2823) 3696 0 R (0:2826) 3702 0 R (0:2827) 3703 0 R (0:2828) 3704 0 R (0:2829) 3705 0 R (0:283) 1428 0 R (0:2830) 3706 0 R (0:2831) 3707 0 R (0:2832) 3708 0 R (0:2833) 3709 0 R (0:2836) 3711 0 R (0:2837) 3712 0 R (0:2838) 3713 0 R (0:2839) 3714 0 R (0:2840) 3715 0 R (0:2841) 3716 0 R (0:2843) 3717 0 R (0:2844) 3718 0 R (0:2845) 3719 0 R (0:2846) 3720 0 R (0:2847) 3721 0 R (0:2848) 3722 0 R (0:2849) 3723 0 R (0:2850) 3724 0 R (0:2852) 3725 0 R (0:2855) 3730 0 R (0:2856) 3731 0 R (0:2857) 3732 0 R (0:2858) 3733 0 R (0:2859) 3734 0 R (0:286) 1430 0 R (0:2860) 3735 0 R (0:2861) 3736 0 R (0:2862) 3737 0 R (0:2863) 3738 0 R (0:2864) 3739 0 R (0:2865) 3740 0 R (0:2866) 3741 0 R (0:2867) 3742 0 R (0:287) 1431 0 R (0:2870) 3743 0 R (0:2871) 3744 0 R (0:2872) 3745 0 R (0:2876) 3747 0 R (0:2877) 3748 0 R (0:2878) 3749 0 R (0:2879) 3750 0 R (0:288) 1432 0 R (0:2880) 3751 0 R (0:2881) 3752 0 R (0:2882) 3753 0 R (0:2883) 3754 0 R (0:2884) 3755 0 R (0:2885) 3756 0 R (0:2886) 3757 0 R (0:2887) 3758 0 R (0:2888) 3759 0 R (0:2889) 3760 0 R (0:289) 1437 0 R (0:2890) 3761 0 R (0:2891) 3762 0 R (0:2892) 3763 0 R (0:2893) 3764 0 R (0:2894) 3765 0 R (0:2895) 3770 0 R (0:2896) 3771 0 R (0:2898) 3772 0 R (0:2899) 3773 0 R (0:29) 1167 0 R (0:290) 1438 0 R (0:2900) 3774 0 R (0:2901) 3775 0 R (0:2902) 3776 0 R (0:2903) 3777 0 R (0:2905) 3778 0 R (0:2906) 3779 0 R (0:2907) 3780 0 R (0:2908) 3781 0 R (0:2909) 3782 0 R (0:291) 1439 0 R (0:2910) 3783 0 R (0:2911) 3784 0 R (0:2914) 3789 0 R (0:2915) 3790 0 R (0:2918) 3791 0 R (0:2919) 3792 0 R (0:292) 1440 0 R (0:2924) 3795 0 R (0:2925) 3796 0 R (0:2926) 3797 0 R (0:2927) 3798 0 R (0:2928) 3799 0 R (0:2929) 3800 0 R (0:293) 1441 0 R (0:2930) 3801 0 R (0:2931) 3802 0 R (0:2932) 3803 0 R (0:2933) 3804 0 R (0:2934) 3805 0 R (0:2936) 3806 0 R (0:2939) 3807 0 R (0:294) 1442 0 R (0:2940) 3808 0 R (0:2941) 3809 0 R (0:2942) 3810 0 R (0:2943) 3811 0 R (0:2944) 3812 0 R (0:2945) 3813 0 R (0:2946) 3819 0 R (0:2947) 3820 0 R (0:2948) 3821 0 R (0:2949) 3822 0 R (0:295) 1443 0 R (0:2950) 3823 0 R (0:2951) 3824 0 R (0:2952) 3825 0 R (0:2953) 3826 0 R (0:2954) 3827 0 R (0:2955) 3828 0 R (0:2956) 3829 0 R (0:2957) 3830 0 R (0:2958) 3831 0 R (0:2959) 3832 0 R (0:296) 1444 0 R (0:2960) 3833 0 R (0:2961) 3834 0 R (0:2962) 3835 0 R (0:2963) 3836 0 R (0:2964) 3837 0 R (0:2965) 3838 0 R (0:2966) 3839 0 R (0:2967) 3840 0 R (0:2968) 3841 0 R (0:2969) 3842 0 R (0:297) 1445 0 R (0:2970) 3843 0 R (0:2971) 3844 0 R (0:2972) 3845 0 R (0:2973) 3846 0 R (0:2974) 3847 0 R (0:2975) 3848 0 R (0:2976) 3849 0 R (0:2977) 3850 0 R (0:2978) 3851 0 R (0:2979) 3852 0 R (0:298) 1446 0 R (0:2980) 3853 0 R (0:2981) 3854 0 R (0:2982) 3855 0 R (0:2984) 3857 0 R (0:2985) 3858 0 R (0:2986) 3859 0 R (0:2987) 3860 0 R (0:2988) 3861 0 R (0:2989) 3862 0 R (0:299) 1447 0 R (0:2990) 3863 0 R (0:2991) 3864 0 R (0:2992) 3865 0 R (0:2993) 3866 0 R (0:2994) 3867 0 R (0:2995) 3868 0 R (0:2996) 3869 0 R (0:2997) 3870 0 R (0:2998) 3871 0 R (0:2999) 3872 0 R (0:300) 1448 0 R (0:3000) 3873 0 R (0:3001) 3874 0 R (0:3002) 3879 0 R (0:3003) 3880 0 R (0:3004) 3881 0 R (0:3005) 3882 0 R (0:3006) 3883 0 R (0:3007) 3884 0 R (0:3008) 3885 0 R (0:3009) 3886 0 R (0:301) 1449 0 R (0:3010) 3887 0 R (0:3011) 3888 0 R (0:3012) 3889 0 R (0:3013) 3890 0 R (0:3014) 3891 0 R (0:3017) 3893 0 R (0:3018) 3894 0 R (0:3019) 3895 0 R (0:302) 1450 0 R (0:3022) 3900 0 R (0:3025) 3903 0 R (0:3026) 3904 0 R (0:3027) 3905 0 R (0:3028) 3906 0 R (0:3029) 3907 0 R (0:303) 1451 0 R (0:3030) 3908 0 R (0:3031) 3909 0 R (0:3032) 3910 0 R (0:3033) 3911 0 R (0:3034) 3912 0 R (0:3035) 3913 0 R (0:3036) 3914 0 R (0:3037) 3915 0 R (0:3038) 3916 0 R (0:3039) 3917 0 R (0:304) 1452 0 R (0:3040) 3918 0 R (0:3041) 3919 0 R (0:3043) 3921 0 R (0:3044) 3922 0 R (0:3045) 3923 0 R (0:3046) 3924 0 R (0:3047) 3925 0 R (0:3048) 3926 0 R (0:3049) 3927 0 R (0:305) 1453 0 R (0:3050) 3928 0 R (0:3051) 3929 0 R (0:3052) 3930 0 R (0:3053) 3931 0 R (0:3054) 3932 0 R (0:3056) 3933 0 R (0:3057) 3934 0 R (0:3059) 3936 0 R (0:306) 1454 0 R (0:3061) 3937 0 R (0:3062) 3938 0 R (0:3063) 3939 0 R (0:3064) 3940 0 R (0:3065) 3941 0 R (0:3066) 3942 0 R (0:3067) 3943 0 R (0:3068) 3944 0 R (0:3069) 3945 0 R (0:307) 1455 0 R (0:3070) 3946 0 R (0:3071) 3952 0 R (0:3072) 3953 0 R (0:3073) 3954 0 R (0:3074) 3955 0 R (0:3075) 3947 0 R (0:3077) 3956 0 R (0:3078) 3957 0 R (0:3079) 3958 0 R (0:308) 1456 0 R (0:3080) 3959 0 R (0:3081) 3960 0 R (0:3082) 3961 0 R (0:3083) 3962 0 R (0:3084) 3963 0 R (0:3085) 3964 0 R (0:3086) 3965 0 R (0:3088) 3966 0 R (0:3089) 3967 0 R (0:309) 1457 0 R (0:3090) 3968 0 R (0:3091) 3969 0 R (0:3092) 3970 0 R (0:3093) 3971 0 R (0:3094) 3972 0 R (0:3095) 3973 0 R (0:3096) 3974 0 R (0:3097) 3975 0 R (0:3098) 3976 0 R (0:310) 1458 0 R (0:3100) 3977 0 R (0:3101) 3978 0 R (0:3102) 3979 0 R (0:3103) 3980 0 R (0:3104) 3981 0 R (0:3105) 3982 0 R (0:3106) 3983 0 R (0:3107) 3984 0 R (0:3108) 3985 0 R (0:3109) 3986 0 R (0:311) 1459 0 R (0:3110) 3987 0 R (0:3111) 3988 0 R (0:3112) 3989 0 R (0:3113) 3990 0 R (0:3114) 3991 0 R (0:3115) 3992 0 R (0:3116) 3993 0 R (0:3117) 3994 0 R (0:3118) 3995 0 R (0:3119) 3996 0 R (0:312) 1460 0 R (0:3120) 3997 0 R (0:3123) 4002 0 R (0:3124) 4003 0 R (0:3125) 4004 0 R (0:3126) 4005 0 R (0:3127) 4006 0 R (0:3128) 4007 0 R (0:3129) 4008 0 R (0:3132) 4013 0 R (0:3133) 4014 0 R (0:3134) 4015 0 R (0:3137) 4016 0 R (0:3138) 4017 0 R (0:3139) 4018 0 R (0:314) 1461 0 R (0:3140) 4019 0 R (0:3141) 4020 0 R (0:3142) 4021 0 R (0:3143) 4022 0 R (0:3144) 4023 0 R (0:3145) 4024 0 R (0:3146) 4025 0 R (0:3147) 4026 0 R (0:3148) 4027 0 R (0:3149) 4028 0 R (0:315) 1462 0 R (0:3150) 4029 0 R (0:3151) 4030 0 R (0:3152) 4031 0 R (0:3154) 4032 0 R (0:3155) 4033 0 R (0:3156) 4034 0 R (0:3157) 4035 0 R (0:3158) 4036 0 R (0:3159) 4037 0 R (0:316) 1463 0 R (0:3160) 4038 0 R (0:3161) 4039 0 R (0:3162) 4040 0 R (0:3163) 4041 0 R (0:3164) 4042 0 R (0:3165) 4043 0 R (0:3167) 4044 0 R (0:3168) 4045 0 R (0:3169) 4046 0 R (0:317) 1464 0 R (0:3170) 4047 0 R (0:3171) 4048 0 R (0:3173) 4049 0 R (0:3174) 4050 0 R (0:3175) 4051 0 R (0:3176) 4057 0 R (0:3177) 4058 0 R (0:3178) 4059 0 R (0:3179) 4060 0 R (0:318) 1465 0 R (0:3180) 4061 0 R (0:3181) 4062 0 R (0:3182) 4063 0 R (0:3183) 4064 0 R (0:3184) 4065 0 R (0:3185) 4066 0 R (0:3186) 4067 0 R (0:3187) 4068 0 R (0:3188) 4069 0 R (0:3189) 4070 0 R (0:319) 1466 0 R (0:3190) 4071 0 R (0:3191) 4072 0 R (0:3192) 4073 0 R (0:3193) 4074 0 R (0:3194) 4075 0 R (0:3195) 4076 0 R (0:3197) 4077 0 R (0:3198) 4078 0 R (0:3199) 4079 0 R (0:320) 1467 0 R (0:3200) 4080 0 R (0:3203) 4082 0 R (0:3205) 4083 0 R (0:3206) 4084 0 R (0:3207) 4085 0 R (0:3208) 4086 0 R (0:3209) 4087 0 R (0:3210) 4088 0 R (0:3211) 4089 0 R (0:3212) 4090 0 R (0:3213) 4091 0 R (0:3214) 4092 0 R (0:3215) 4093 0 R (0:3216) 4094 0 R (0:3217) 4095 0 R (0:3218) 4101 0 R (0:3219) 4102 0 R (0:3220) 4103 0 R (0:3221) 4104 0 R (0:3222) 4105 0 R (0:3223) 4106 0 R (0:3224) 4107 0 R (0:3225) 4108 0 R (0:3226) 4109 0 R (0:3227) 4110 0 R (0:3228) 4111 0 R (0:3229) 4112 0 R (0:323) 1468 0 R (0:3230) 4113 0 R (0:3231) 4114 0 R (0:3232) 4115 0 R (0:3233) 4116 0 R (0:3234) 4117 0 R (0:3235) 4118 0 R (0:3236) 4119 0 R (0:3237) 4120 0 R (0:3238) 4121 0 R (0:3239) 4122 0 R (0:324) 1469 0 R (0:3241) 4123 0 R (0:3242) 4124 0 R (0:3243) 4125 0 R (0:3244) 4126 0 R (0:3245) 4127 0 R (0:3246) 4128 0 R (0:3247) 4129 0 R (0:3249) 4130 0 R (0:325) 1470 0 R (0:3250) 4131 0 R (0:3251) 4132 0 R (0:3252) 4133 0 R (0:3254) 4134 0 R (0:3255) 4135 0 R (0:3256) 4136 0 R (0:3257) 4137 0 R (0:3258) 4138 0 R (0:3259) 4139 0 R (0:326) 1471 0 R (0:3260) 4140 0 R (0:3261) 4141 0 R (0:3263) 4146 0 R (0:3264) 4147 0 R (0:3265) 4148 0 R (0:3266) 4149 0 R (0:3267) 4100 0 R (0:3269) 4150 0 R (0:327) 1472 0 R (0:3270) 4151 0 R (0:3271) 4152 0 R (0:3273) 4153 0 R (0:3274) 4154 0 R (0:3277) 4155 0 R (0:3278) 4156 0 R (0:3279) 4157 0 R (0:328) 1473 0 R (0:3280) 4158 0 R (0:3281) 4159 0 R (0:3282) 4160 0 R (0:3283) 4161 0 R (0:3284) 4162 0 R (0:3285) 4163 0 R (0:3286) 4164 0 R (0:3287) 4165 0 R (0:3288) 4170 0 R (0:3289) 4171 0 R (0:329) 1474 0 R (0:3290) 4172 0 R (0:3291) 4173 0 R (0:3296) 4178 0 R (0:3297) 4179 0 R (0:3298) 4180 0 R (0:3299) 4181 0 R (0:33) 1169 0 R (0:330) 1475 0 R (0:3300) 4182 0 R (0:3301) 4183 0 R (0:3302) 4184 0 R (0:3303) 4185 0 R (0:3305) 4187 0 R (0:3306) 4188 0 R (0:3307) 4189 0 R (0:3309) 4190 0 R (0:331) 1476 0 R (0:3310) 4191 0 R (0:3311) 4192 0 R (0:3312) 4193 0 R (0:3313) 4194 0 R (0:3314) 4195 0 R (0:3315) 4196 0 R (0:3316) 4197 0 R (0:3317) 4198 0 R (0:3318) 4199 0 R (0:3319) 4200 0 R (0:332) 1477 0 R (0:3321) 4201 0 R (0:3322) 4202 0 R (0:3323) 4203 0 R (0:3325) 4210 0 R (0:3326) 4211 0 R (0:3327) 4212 0 R (0:3328) 4213 0 R (0:333) 1478 0 R (0:3331) 4214 0 R (0:3332) 4215 0 R (0:3333) 4216 0 R (0:3334) 4217 0 R (0:3335) 4218 0 R (0:3336) 4219 0 R (0:3337) 4220 0 R (0:3338) 4221 0 R (0:3339) 4222 0 R (0:334) 1479 0 R (0:3340) 4223 0 R (0:3341) 4224 0 R (0:3342) 4225 0 R (0:3343) 4226 0 R (0:3344) 4227 0 R (0:3345) 4228 0 R (0:3346) 4229 0 R (0:3347) 4230 0 R (0:3348) 4231 0 R (0:3349) 4232 0 R (0:335) 1485 0 R (0:3350) 4233 0 R (0:3351) 4234 0 R (0:3353) 4235 0 R (0:3354) 4236 0 R (0:3355) 4237 0 R (0:3356) 4238 0 R (0:3357) 4239 0 R (0:3358) 4240 0 R (0:3359) 4241 0 R (0:336) 1486 0 R (0:3360) 4242 0 R (0:3361) 4243 0 R (0:3362) 4244 0 R (0:3363) 4245 0 R (0:3364) 4246 0 R (0:3365) 4247 0 R (0:3366) 4248 0 R (0:3367) 4249 0 R (0:3368) 4250 0 R (0:3369) 4251 0 R (0:3370) 4252 0 R (0:3371) 4258 0 R (0:3374) 4259 0 R (0:3377) 4261 0 R (0:3378) 4262 0 R (0:3379) 4263 0 R (0:338) 1488 0 R (0:3381) 4264 0 R (0:3382) 4265 0 R (0:3383) 4266 0 R (0:3384) 4267 0 R (0:3385) 4268 0 R (0:3387) 4269 0 R (0:3388) 4270 0 R (0:3389) 4271 0 R (0:339) 1489 0 R (0:3390) 4272 0 R (0:3392) 4277 0 R (0:3393) 4278 0 R (0:3394) 4279 0 R (0:3395) 4280 0 R (0:3396) 4281 0 R (0:3398) 4282 0 R (0:3399) 4283 0 R (0:34) 1170 0 R (0:340) 1490 0 R (0:3400) 4284 0 R (0:3401) 4285 0 R (0:3402) 4286 0 R (0:3404) 4287 0 R (0:3405) 4288 0 R (0:3406) 4289 0 R (0:3407) 4290 0 R (0:3408) 4291 0 R (0:341) 1491 0 R (0:3411) 4293 0 R (0:3412) 4294 0 R (0:3413) 4295 0 R (0:3414) 4296 0 R (0:3415) 4297 0 R (0:3416) 4298 0 R (0:3417) 4299 0 R (0:3418) 4300 0 R (0:3421) 4302 0 R (0:3423) 4303 0 R (0:3424) 4304 0 R (0:3425) 4305 0 R (0:3426) 4306 0 R (0:3428) 4312 0 R (0:3429) 4313 0 R (0:343) 1493 0 R (0:3430) 4314 0 R (0:3431) 4315 0 R (0:3433) 4317 0 R (0:3434) 4318 0 R (0:3435) 4319 0 R (0:3437) 4320 0 R (0:3438) 4321 0 R (0:3439) 4322 0 R (0:344) 1494 0 R (0:3440) 4323 0 R (0:3441) 4324 0 R (0:3442) 4325 0 R (0:3443) 4326 0 R (0:3444) 4327 0 R (0:3446) 4328 0 R (0:3447) 4329 0 R (0:3448) 4330 0 R (0:3449) 4331 0 R (0:3452) 4333 0 R (0:3454) 4334 0 R (0:3455) 4335 0 R (0:3456) 4336 0 R (0:3457) 4337 0 R (0:3458) 4338 0 R (0:3459) 4339 0 R (0:3460) 4340 0 R (0:3461) 4341 0 R (0:3462) 4342 0 R (0:3463) 4343 0 R (0:3464) 4344 0 R (0:3465) 4345 0 R (0:3466) 4350 0 R (0:3467) 4351 0 R (0:3468) 4311 0 R (0:347) 1495 0 R (0:3470) 4352 0 R (0:3472) 4353 0 R (0:3473) 4354 0 R (0:3474) 4355 0 R (0:3476) 4356 0 R (0:3477) 4357 0 R (0:3478) 4358 0 R (0:3479) 4359 0 R (0:348) 1496 0 R (0:3480) 4360 0 R (0:3482) 4361 0 R (0:3483) 4362 0 R (0:3484) 4363 0 R (0:3485) 4364 0 R (0:3486) 4365 0 R (0:3487) 4366 0 R (0:3488) 4367 0 R (0:3489) 4368 0 R (0:349) 1497 0 R (0:3490) 4369 0 R (0:3491) 4370 0 R (0:3492) 4371 0 R (0:3494) 4372 0 R (0:3495) 4373 0 R (0:3496) 4374 0 R (0:3497) 4375 0 R (0:3499) 4376 0 R (0:35) 1171 0 R (0:350) 1498 0 R (0:3500) 4377 0 R (0:3501) 4378 0 R (0:3502) 4379 0 R (0:3503) 4380 0 R (0:3504) 4381 0 R (0:3505) 4382 0 R (0:3506) 4383 0 R (0:3508) 4384 0 R (0:3509) 4385 0 R (0:351) 1499 0 R (0:3510) 4386 0 R (0:3511) 4387 0 R (0:3513) 4388 0 R (0:3514) 4389 0 R (0:3515) 4390 0 R (0:3516) 4391 0 R (0:3519) 4393 0 R (0:352) 1500 0 R (0:3520) 4394 0 R (0:3521) 4395 0 R (0:3522) 4396 0 R (0:3523) 4397 0 R (0:3524) 4398 0 R (0:3525) 4403 0 R (0:3526) 4404 0 R (0:3527) 4405 0 R (0:3528) 4406 0 R (0:353) 1501 0 R (0:3531) 4408 0 R (0:3534) 4410 0 R (0:3535) 4411 0 R (0:3538) 4413 0 R (0:3539) 4414 0 R (0:354) 1502 0 R (0:3540) 4415 0 R (0:3543) 4417 0 R (0:3546) 4419 0 R (0:3547) 4420 0 R (0:3548) 4421 0 R (0:3549) 4422 0 R (0:355) 1503 0 R (0:3550) 4423 0 R (0:3552) 4424 0 R (0:3553) 4425 0 R (0:3554) 4426 0 R (0:3557) 4432 0 R (0:3558) 4433 0 R (0:356) 1504 0 R (0:3561) 4435 0 R (0:3562) 4436 0 R (0:3565) 4438 0 R (0:3566) 4439 0 R (0:3569) 4441 0 R (0:357) 1505 0 R (0:3570) 4442 0 R (0:3571) 4443 0 R (0:3572) 4444 0 R (0:3573) 4445 0 R (0:3574) 4446 0 R (0:3575) 4447 0 R (0:3576) 4448 0 R (0:3578) 4449 0 R (0:3579) 4450 0 R (0:358) 1506 0 R (0:3580) 4451 0 R (0:3581) 4452 0 R (0:3584) 4454 0 R (0:3585) 4455 0 R (0:3586) 4461 0 R (0:3587) 4462 0 R (0:3588) 4463 0 R (0:3589) 4464 0 R (0:3590) 4465 0 R (0:3591) 4466 0 R (0:3592) 4467 0 R (0:3593) 4468 0 R (0:3594) 4469 0 R (0:3595) 4470 0 R (0:3596) 4471 0 R (0:3597) 4472 0 R (0:3598) 4473 0 R (0:3599) 4474 0 R (0:36) 1174 0 R (0:360) 1507 0 R (0:3600) 4475 0 R (0:3601) 4476 0 R (0:3604) 4478 0 R (0:3605) 4479 0 R (0:3606) 4480 0 R (0:3607) 4481 0 R (0:3608) 4482 0 R (0:3609) 4483 0 R (0:361) 1508 0 R (0:3610) 4484 0 R (0:3611) 4485 0 R (0:3612) 4486 0 R (0:3613) 4487 0 R (0:3614) 4488 0 R (0:3615) 4493 0 R (0:3616) 4494 0 R (0:3617) 4495 0 R (0:3619) 4496 0 R (0:362) 1509 0 R (0:3620) 4497 0 R (0:3621) 4498 0 R (0:3622) 4499 0 R (0:3623) 4500 0 R (0:3625) 4501 0 R (0:3626) 4502 0 R (0:3627) 4503 0 R (0:363) 1510 0 R (0:3630) 4505 0 R (0:3631) 4506 0 R (0:3632) 4507 0 R (0:3633) 4508 0 R (0:3634) 4509 0 R (0:3635) 4510 0 R (0:3636) 4511 0 R (0:3637) 4512 0 R (0:3638) 4513 0 R (0:3639) 4514 0 R (0:364) 1511 0 R (0:3640) 4515 0 R (0:3641) 4516 0 R (0:3642) 4517 0 R (0:3643) 4518 0 R (0:3644) 4519 0 R (0:3645) 4520 0 R (0:3646) 4521 0 R (0:3647) 4522 0 R (0:3648) 4523 0 R (0:3649) 4524 0 R (0:3650) 4529 0 R (0:3651) 4530 0 R (0:3652) 4531 0 R (0:3653) 4532 0 R (0:3654) 4533 0 R (0:3655) 4534 0 R (0:3656) 4535 0 R (0:3657) 4536 0 R (0:3658) 4537 0 R (0:3659) 4538 0 R (0:3660) 4539 0 R (0:3661) 4540 0 R (0:3662) 4541 0 R (0:3663) 4542 0 R (0:3664) 4543 0 R (0:3665) 4544 0 R (0:3668) 4546 0 R (0:3669) 4547 0 R (0:367) 1512 0 R (0:3672) 4549 0 R (0:3673) 4550 0 R (0:3676) 4552 0 R (0:3678) 4553 0 R (0:368) 1513 0 R (0:3681) 4554 0 R (0:3682) 4555 0 R (0:3683) 4556 0 R (0:3684) 4557 0 R (0:3685) 4558 0 R (0:3686) 4559 0 R (0:3687) 4560 0 R (0:3688) 4561 0 R (0:3689) 4566 0 R (0:369) 1514 0 R (0:3690) 4567 0 R (0:3691) 4568 0 R (0:3692) 4569 0 R (0:3693) 4570 0 R (0:3694) 4571 0 R (0:3695) 4572 0 R (0:3696) 4573 0 R (0:3698) 4574 0 R (0:3699) 4575 0 R (0:37) 1177 0 R (0:370) 1515 0 R (0:3700) 4576 0 R (0:3702) 4577 0 R (0:3703) 4578 0 R (0:3705) 4579 0 R (0:3707) 4581 0 R (0:371) 1516 0 R (0:3712) 4584 0 R (0:3713) 4585 0 R (0:3714) 4586 0 R (0:3715) 4587 0 R (0:3716) 4588 0 R (0:3717) 4589 0 R (0:3718) 4590 0 R (0:3719) 4591 0 R (0:372) 1517 0 R (0:3720) 4592 0 R (0:3721) 4593 0 R (0:3722) 4594 0 R (0:3725) 4596 0 R (0:3726) 4597 0 R (0:3727) 4598 0 R (0:3728) 4599 0 R (0:3729) 4600 0 R (0:373) 1518 0 R (0:3730) 4601 0 R (0:3731) 4607 0 R (0:3732) 4608 0 R (0:3733) 4609 0 R (0:3736) 4611 0 R (0:3737) 4612 0 R (0:3738) 4613 0 R (0:3739) 4614 0 R (0:3740) 4615 0 R (0:3741) 4616 0 R (0:3744) 4618 0 R (0:3746) 4619 0 R (0:3747) 4620 0 R (0:3748) 4621 0 R (0:3749) 4622 0 R (0:3750) 4623 0 R (0:3753) 4625 0 R (0:3754) 4626 0 R (0:3755) 4627 0 R (0:3756) 4628 0 R (0:3757) 4629 0 R (0:3758) 4630 0 R (0:3759) 4631 0 R (0:376) 1523 0 R (0:3760) 4632 0 R (0:3761) 4633 0 R (0:3762) 4634 0 R (0:3763) 4635 0 R (0:3764) 4636 0 R (0:3766) 4637 0 R (0:3767) 4638 0 R (0:3768) 4639 0 R (0:3771) 4641 0 R (0:3772) 4642 0 R (0:3773) 4643 0 R (0:3774) 4644 0 R (0:3775) 4645 0 R (0:3776) 4646 0 R (0:3777) 4651 0 R (0:3778) 4606 0 R (0:378) 1524 0 R (0:3780) 4652 0 R (0:3781) 4653 0 R (0:3782) 4654 0 R (0:3783) 4655 0 R (0:3784) 4656 0 R (0:3785) 4657 0 R (0:3786) 4658 0 R (0:379) 1525 0 R (0:3791) 4664 0 R (0:3792) 4665 0 R (0:3793) 4666 0 R (0:3794) 4667 0 R (0:3795) 4668 0 R (0:3796) 4669 0 R (0:3797) 4670 0 R (0:3798) 4671 0 R (0:3799) 4672 0 R (0:38) 1178 0 R (0:380) 1526 0 R (0:3800) 4673 0 R (0:3801) 4674 0 R (0:3802) 4675 0 R (0:3803) 4676 0 R (0:3804) 4677 0 R (0:3806) 4678 0 R (0:3807) 4679 0 R (0:3808) 4680 0 R (0:3809) 4681 0 R (0:381) 1527 0 R (0:3810) 4682 0 R (0:3811) 4683 0 R (0:3812) 4684 0 R (0:3813) 4685 0 R (0:3814) 4686 0 R (0:3815) 4687 0 R (0:3816) 4688 0 R (0:3817) 4689 0 R (0:3818) 4690 0 R (0:3819) 4691 0 R (0:3820) 4692 0 R (0:3821) 4693 0 R (0:3822) 4694 0 R (0:3823) 4695 0 R (0:3824) 4696 0 R (0:3825) 4697 0 R (0:3826) 4698 0 R (0:3827) 4699 0 R (0:3828) 4700 0 R (0:3831) 4705 0 R (0:3832) 4706 0 R (0:3833) 4707 0 R (0:3834) 4708 0 R (0:3835) 4709 0 R (0:3836) 4710 0 R (0:3837) 4711 0 R (0:3838) 4712 0 R (0:3839) 4713 0 R (0:384) 1528 0 R (0:3840) 4714 0 R (0:3841) 4715 0 R (0:3842) 4716 0 R (0:3843) 4717 0 R (0:3844) 4718 0 R (0:3845) 4719 0 R (0:3846) 4720 0 R (0:3847) 4721 0 R (0:3848) 4722 0 R (0:3849) 4723 0 R (0:385) 1529 0 R (0:3850) 4724 0 R (0:3851) 4725 0 R (0:3852) 4726 0 R (0:3853) 4727 0 R (0:3854) 4728 0 R (0:3855) 4729 0 R (0:3857) 4734 0 R (0:386) 1530 0 R (0:3860) 4735 0 R (0:3861) 4736 0 R (0:3862) 4737 0 R (0:3863) 4738 0 R (0:3866) 4739 0 R (0:3867) 4740 0 R (0:3868) 4741 0 R (0:387) 1531 0 R (0:3871) 4742 0 R (0:3872) 4743 0 R (0:3873) 4744 0 R (0:3874) 4749 0 R (0:3875) 4750 0 R (0:3876) 4751 0 R (0:3877) 4752 0 R (0:3878) 4753 0 R (0:3879) 4754 0 R (0:388) 1532 0 R (0:3880) 4755 0 R (0:3881) 4756 0 R (0:3882) 4757 0 R (0:3883) 4758 0 R (0:3884) 4759 0 R (0:3885) 4760 0 R (0:389) 1533 0 R (0:3890) 4765 0 R (0:3892) 4766 0 R (0:3893) 4767 0 R (0:3894) 4768 0 R (0:3896) 4769 0 R (0:3897) 4770 0 R (0:3898) 4771 0 R (0:3899) 4772 0 R (0:39) 1179 0 R (0:3902) 4774 0 R (0:3903) 4775 0 R (0:3904) 4776 0 R (0:3905) 4777 0 R (0:3907) 4778 0 R (0:3908) 4779 0 R (0:3909) 4780 0 R (0:391) 1535 0 R (0:3910) 4781 0 R (0:3911) 4782 0 R (0:3913) 4783 0 R (0:3914) 4784 0 R (0:3915) 4785 0 R (0:3917) 4786 0 R (0:3918) 4787 0 R (0:3919) 4788 0 R (0:392) 1536 0 R (0:3920) 4789 0 R (0:3921) 4790 0 R (0:3923) 4791 0 R (0:3924) 4792 0 R (0:3925) 4793 0 R (0:3927) 4794 0 R (0:3928) 4795 0 R (0:3929) 4796 0 R (0:393) 1537 0 R (0:3931) 4797 0 R (0:3932) 4798 0 R (0:3933) 4799 0 R (0:3935) 4805 0 R (0:3936) 4806 0 R (0:3937) 4807 0 R (0:3938) 4808 0 R (0:394) 1538 0 R (0:3940) 4800 0 R (0:3941) 4809 0 R (0:3942) 4810 0 R (0:3944) 4811 0 R (0:3945) 4812 0 R (0:3946) 4813 0 R (0:3947) 4814 0 R (0:3948) 4815 0 R (0:3949) 4816 0 R (0:395) 1539 0 R (0:3951) 4817 0 R (0:3952) 4818 0 R (0:3953) 4819 0 R (0:3954) 4820 0 R (0:3956) 4821 0 R (0:3957) 4822 0 R (0:3958) 4823 0 R (0:396) 1540 0 R (0:3961) 4825 0 R (0:3962) 4826 0 R (0:3963) 4827 0 R (0:3965) 4828 0 R (0:3966) 4829 0 R (0:3967) 4830 0 R (0:3969) 4831 0 R (0:397) 1541 0 R (0:3970) 4832 0 R (0:3971) 4833 0 R (0:3973) 4834 0 R (0:3974) 4835 0 R (0:3975) 4836 0 R (0:3977) 4837 0 R (0:3978) 4838 0 R (0:3979) 4839 0 R (0:398) 1542 0 R (0:3980) 4840 0 R (0:3981) 4841 0 R (0:3983) 4842 0 R (0:3984) 4843 0 R (0:3985) 4844 0 R (0:3987) 4850 0 R (0:3988) 4851 0 R (0:3989) 4852 0 R (0:399) 1543 0 R (0:3990) 4853 0 R (0:3992) 4854 0 R (0:3993) 4855 0 R (0:3994) 4856 0 R (0:3996) 4857 0 R (0:3997) 4858 0 R (0:3998) 4859 0 R (0:40) 1180 0 R (0:400) 1544 0 R (0:4000) 4860 0 R (0:4001) 4861 0 R (0:4002) 4862 0 R (0:4004) 4863 0 R (0:4005) 4864 0 R (0:4006) 4865 0 R (0:4009) 4866 0 R (0:401) 1545 0 R (0:4010) 4867 0 R (0:4012) 4868 0 R (0:4013) 4869 0 R (0:4014) 4870 0 R (0:4016) 4871 0 R (0:4017) 4872 0 R (0:4018) 4873 0 R (0:4020) 4874 0 R (0:4021) 4875 0 R (0:4022) 4876 0 R (0:4024) 4877 0 R (0:4025) 4878 0 R (0:4026) 4879 0 R (0:4028) 4880 0 R (0:4029) 4881 0 R (0:403) 1546 0 R (0:4030) 4882 0 R (0:4031) 4883 0 R (0:4034) 4888 0 R (0:4036) 4889 0 R (0:4037) 4890 0 R (0:4038) 4891 0 R (0:4039) 4892 0 R (0:404) 1547 0 R (0:4041) 4893 0 R (0:4042) 4894 0 R (0:4043) 4895 0 R (0:4044) 4896 0 R (0:4045) 4897 0 R (0:4046) 4898 0 R (0:4048) 4899 0 R (0:4049) 4900 0 R (0:405) 1548 0 R (0:4050) 4901 0 R (0:4053) 4902 0 R (0:4055) 4903 0 R (0:4056) 4904 0 R (0:4057) 4905 0 R (0:4059) 4906 0 R (0:406) 1549 0 R (0:4060) 4907 0 R (0:4061) 4908 0 R (0:4063) 4909 0 R (0:4064) 4910 0 R (0:4065) 4911 0 R (0:4067) 4912 0 R (0:4068) 4913 0 R (0:4069) 4914 0 R (0:407) 1550 0 R (0:4070) 4915 0 R (0:4072) 4916 0 R (0:4073) 4917 0 R (0:4074) 4918 0 R (0:4075) 4919 0 R (0:4076) 4920 0 R (0:4078) 4921 0 R (0:4079) 4922 0 R (0:4080) 4923 0 R (0:4081) 4924 0 R (0:4082) 4930 0 R (0:4084) 4931 0 R (0:4085) 4932 0 R (0:4086) 4933 0 R (0:4088) 4934 0 R (0:4089) 4935 0 R (0:4090) 4936 0 R (0:4093) 4937 0 R (0:4094) 4938 0 R (0:4096) 4940 0 R (0:4098) 4941 0 R (0:4099) 4942 0 R (0:41) 1181 0 R (0:410) 1552 0 R (0:4101) 4943 0 R (0:4102) 4944 0 R (0:4103) 4945 0 R (0:4106) 4947 0 R (0:4107) 4948 0 R (0:4108) 4949 0 R (0:4109) 4950 0 R (0:411) 1553 0 R (0:4111) 4951 0 R (0:4112) 4952 0 R (0:4113) 4953 0 R (0:4114) 4954 0 R (0:4115) 4955 0 R (0:4117) 4956 0 R (0:4118) 4957 0 R (0:4119) 4958 0 R (0:412) 1554 0 R (0:4120) 4959 0 R (0:4122) 4960 0 R (0:4123) 4961 0 R (0:4124) 4962 0 R (0:4125) 4963 0 R (0:4127) 4964 0 R (0:4128) 4965 0 R (0:4129) 4966 0 R (0:413) 1555 0 R (0:4130) 4967 0 R (0:4132) 4972 0 R (0:4133) 4973 0 R (0:4134) 4974 0 R (0:4135) 4975 0 R (0:4137) 4929 0 R (0:4138) 4976 0 R (0:4139) 4977 0 R (0:4140) 4978 0 R (0:4142) 4979 0 R (0:4143) 4980 0 R (0:4144) 4981 0 R (0:4145) 4982 0 R (0:4147) 4983 0 R (0:4148) 4984 0 R (0:4149) 4985 0 R (0:415) 1556 0 R (0:4150) 4986 0 R (0:4152) 4987 0 R (0:4153) 4988 0 R (0:4154) 4989 0 R (0:4155) 4990 0 R (0:4157) 4991 0 R (0:4158) 4992 0 R (0:4159) 4993 0 R (0:416) 1557 0 R (0:4164) 4998 0 R (0:4165) 4999 0 R (0:4166) 5000 0 R (0:4167) 5001 0 R (0:4168) 5002 0 R (0:4169) 5003 0 R (0:417) 1558 0 R (0:4170) 5004 0 R (0:4171) 5005 0 R (0:4172) 5006 0 R (0:4173) 5007 0 R (0:4174) 5008 0 R (0:4175) 5009 0 R (0:4176) 5010 0 R (0:4177) 5011 0 R (0:4178) 5012 0 R (0:4179) 5013 0 R (0:418) 1559 0 R (0:4180) 5014 0 R (0:4181) 5015 0 R (0:4182) 5016 0 R (0:4183) 5017 0 R (0:4184) 5018 0 R (0:4185) 5019 0 R (0:4186) 5020 0 R (0:4187) 5021 0 R (0:4188) 5022 0 R (0:4189) 5023 0 R (0:419) 1560 0 R (0:4190) 5024 0 R (0:4191) 5025 0 R (0:4192) 5026 0 R (0:4193) 5027 0 R (0:4194) 5028 0 R (0:4195) 5029 0 R (0:4196) 5030 0 R (0:4197) 5031 0 R (0:4198) 5032 0 R (0:4199) 5033 0 R (0:42) 1182 0 R (0:420) 1561 0 R (0:4200) 5034 0 R (0:4201) 5035 0 R (0:4202) 5036 0 R (0:4203) 5037 0 R (0:4204) 5038 0 R (0:4205) 5039 0 R (0:4206) 5040 0 R (0:4207) 5041 0 R (0:4208) 5042 0 R (0:4209) 5043 0 R (0:421) 1562 0 R (0:4210) 5044 0 R (0:4211) 5045 0 R (0:4212) 5046 0 R (0:4213) 5047 0 R (0:4214) 5048 0 R (0:4215) 5049 0 R (0:4216) 5050 0 R (0:4217) 5051 0 R (0:4218) 5052 0 R (0:4219) 5053 0 R (0:4220) 5054 0 R (0:4221) 5055 0 R (0:4222) 5056 0 R (0:4223) 5057 0 R (0:4224) 5058 0 R (0:4225) 5059 0 R (0:4226) 5060 0 R (0:4227) 5061 0 R (0:4228) 5062 0 R (0:4229) 5063 0 R (0:423) 1563 0 R (0:4230) 5064 0 R (0:4232) 5066 0 R (0:4233) 5067 0 R (0:4234) 5068 0 R (0:4235) 5069 0 R (0:4236) 5070 0 R (0:4237) 5071 0 R (0:4238) 5072 0 R (0:4239) 5073 0 R (0:424) 1564 0 R (0:4240) 5078 0 R (0:4241) 5079 0 R (0:4242) 5080 0 R (0:4243) 5081 0 R (0:4244) 5082 0 R (0:4245) 5083 0 R (0:4246) 5084 0 R (0:4247) 5085 0 R (0:4248) 5086 0 R (0:4249) 5087 0 R (0:425) 1565 0 R (0:4250) 5088 0 R (0:4251) 5089 0 R (0:4252) 5090 0 R (0:4253) 5091 0 R (0:4254) 5092 0 R (0:4255) 5093 0 R (0:4256) 5094 0 R (0:4257) 5095 0 R (0:4258) 5096 0 R (0:4259) 5097 0 R (0:426) 1566 0 R (0:4260) 5098 0 R (0:4261) 5099 0 R (0:4262) 5100 0 R (0:4263) 5101 0 R (0:4264) 5102 0 R (0:4265) 5103 0 R (0:4266) 5104 0 R (0:4267) 5105 0 R (0:4268) 5106 0 R (0:4269) 5107 0 R (0:427) 1567 0 R (0:4273) 5108 0 R (0:4274) 5109 0 R (0:4275) 5110 0 R (0:4276) 5111 0 R (0:4277) 5112 0 R (0:4278) 5113 0 R (0:4279) 5114 0 R (0:428) 1568 0 R (0:4280) 5115 0 R (0:4281) 5116 0 R (0:4282) 5117 0 R (0:4283) 5118 0 R (0:4285) 5119 0 R (0:4286) 5120 0 R (0:4287) 5121 0 R (0:4288) 5122 0 R (0:4289) 5123 0 R (0:429) 1569 0 R (0:4290) 5124 0 R (0:4291) 5125 0 R (0:4292) 5126 0 R (0:4293) 5127 0 R (0:4294) 5128 0 R (0:4295) 5129 0 R (0:4296) 5130 0 R (0:4297) 5131 0 R (0:4298) 5132 0 R (0:4299) 5133 0 R (0:43) 1183 0 R (0:430) 1570 0 R (0:4300) 5134 0 R (0:4301) 5135 0 R (0:4302) 5136 0 R (0:4306) 5137 0 R (0:4307) 5138 0 R (0:4308) 5139 0 R (0:4309) 5140 0 R (0:431) 1571 0 R (0:4310) 5141 0 R (0:4311) 5142 0 R (0:4312) 5143 0 R (0:4313) 5144 0 R (0:4314) 5145 0 R (0:4315) 5146 0 R (0:4316) 5147 0 R (0:4317) 5148 0 R (0:4318) 5149 0 R (0:4319) 5150 0 R (0:4320) 5151 0 R (0:4321) 5157 0 R (0:4322) 5158 0 R (0:4323) 5159 0 R (0:4328) 5164 0 R (0:4329) 5165 0 R (0:4330) 5166 0 R (0:4331) 5167 0 R (0:4332) 5168 0 R (0:4336) 5172 0 R (0:4337) 5173 0 R (0:4338) 5174 0 R (0:4339) 5175 0 R (0:4340) 5176 0 R (0:4341) 5177 0 R (0:4342) 5178 0 R (0:4343) 5179 0 R (0:4344) 5180 0 R (0:4345) 5181 0 R (0:4346) 5182 0 R (0:4347) 5183 0 R (0:4349) 5184 0 R (0:4350) 5185 0 R (0:4352) 5186 0 R (0:4353) 5187 0 R (0:4354) 5188 0 R (0:4355) 5189 0 R (0:4358) 5196 0 R (0:4359) 5197 0 R (0:4360) 5198 0 R (0:4361) 5199 0 R (0:4362) 5200 0 R (0:4363) 5201 0 R (0:4364) 5202 0 R (0:4365) 5203 0 R (0:4366) 5204 0 R (0:4369) 5205 0 R (0:4371) 5207 0 R (0:4372) 5208 0 R (0:4373) 5209 0 R (0:4374) 5210 0 R (0:4375) 5211 0 R (0:4376) 5212 0 R (0:4377) 5213 0 R (0:4378) 5214 0 R (0:4379) 5215 0 R (0:4380) 5216 0 R (0:4381) 5217 0 R (0:4382) 5218 0 R (0:4383) 5219 0 R (0:4384) 5220 0 R (0:4386) 5222 0 R (0:4387) 5223 0 R (0:4388) 5224 0 R (0:4389) 5225 0 R (0:4390) 5226 0 R (0:4391) 5227 0 R (0:4394) 5232 0 R (0:4396) 5195 0 R (0:4398) 5234 0 R (0:4399) 5235 0 R (0:44) 1184 0 R (0:4400) 5236 0 R (0:4401) 5237 0 R (0:4402) 5238 0 R (0:4403) 5239 0 R (0:4404) 5240 0 R (0:4405) 5241 0 R (0:4406) 5242 0 R (0:4407) 5243 0 R (0:4408) 5244 0 R (0:4409) 5245 0 R (0:4410) 5246 0 R (0:4411) 5247 0 R (0:4412) 5248 0 R (0:4413) 5249 0 R (0:4414) 5250 0 R (0:4415) 5251 0 R (0:4416) 5252 0 R (0:4417) 5253 0 R (0:4418) 5254 0 R (0:4419) 5255 0 R (0:4420) 5256 0 R (0:4421) 5257 0 R (0:4422) 5258 0 R (0:4423) 5259 0 R (0:4424) 5260 0 R (0:4425) 5261 0 R (0:4426) 5262 0 R (0:4427) 5263 0 R (0:4428) 5264 0 R (0:4429) 5265 0 R (0:4430) 5266 0 R (0:4431) 5267 0 R (0:4432) 5268 0 R (0:4433) 5269 0 R (0:4434) 5270 0 R (0:4435) 5271 0 R (0:4436) 5272 0 R (0:4437) 5273 0 R (0:4438) 5274 0 R (0:4439) 5275 0 R (0:4440) 5276 0 R (0:4441) 5277 0 R (0:4442) 5278 0 R (0:4443) 5279 0 R (0:4444) 5285 0 R (0:4445) 5286 0 R (0:4446) 5287 0 R (0:4449) 5288 0 R (0:4451) 5290 0 R (0:4452) 5291 0 R (0:4453) 5292 0 R (0:4454) 5293 0 R (0:4455) 5294 0 R (0:4456) 5295 0 R (0:4457) 5296 0 R (0:4458) 5297 0 R (0:4459) 5298 0 R (0:4460) 5299 0 R (0:4461) 5300 0 R (0:4462) 5301 0 R (0:4463) 5302 0 R (0:4464) 5303 0 R (0:4465) 5304 0 R (0:4466) 5305 0 R (0:4467) 5306 0 R (0:4468) 5307 0 R (0:4469) 5308 0 R (0:4470) 5309 0 R (0:4471) 5310 0 R (0:4472) 5311 0 R (0:4473) 5312 0 R (0:4474) 5313 0 R (0:4475) 5314 0 R (0:4476) 5315 0 R (0:4477) 5316 0 R (0:4478) 5317 0 R (0:4479) 5318 0 R (0:4480) 5319 0 R (0:4481) 5320 0 R (0:4484) 5321 0 R (0:4485) 5326 0 R (0:4486) 5327 0 R (0:4487) 5284 0 R (0:4488) 5328 0 R (0:4489) 5329 0 R (0:4490) 5330 0 R (0:4491) 5331 0 R (0:4492) 5332 0 R (0:4493) 5333 0 R (0:4494) 5334 0 R (0:4495) 5335 0 R (0:4496) 5336 0 R (0:4497) 5337 0 R (0:4498) 5338 0 R (0:4499) 5339 0 R (0:45) 1185 0 R (0:4500) 5340 0 R (0:4501) 5341 0 R (0:4502) 5342 0 R (0:4505) 5343 0 R (0:4506) 5344 0 R (0:4507) 5345 0 R (0:4508) 5346 0 R (0:4509) 5347 0 R (0:4510) 5348 0 R (0:4511) 5349 0 R (0:4512) 5350 0 R (0:4513) 5351 0 R (0:4514) 5352 0 R (0:4515) 5353 0 R (0:4516) 5354 0 R (0:4517) 5355 0 R (0:4518) 5356 0 R (0:4519) 5357 0 R (0:4520) 5358 0 R (0:4521) 5359 0 R (0:4522) 5360 0 R (0:4523) 5361 0 R (0:4524) 5362 0 R (0:4525) 5363 0 R (0:4526) 5364 0 R (0:4527) 5365 0 R (0:4528) 5366 0 R (0:4529) 5367 0 R (0:4530) 5374 0 R (0:4531) 5375 0 R (0:4532) 5376 0 R (0:4533) 5377 0 R (0:4534) 5378 0 R (0:4535) 5379 0 R (0:4538) 5380 0 R (0:4539) 5381 0 R (0:4540) 5382 0 R (0:4541) 5383 0 R (0:4542) 5384 0 R (0:4543) 5385 0 R (0:4544) 5386 0 R (0:4545) 5387 0 R (0:4546) 5388 0 R (0:4547) 5389 0 R (0:4548) 5390 0 R (0:4549) 5391 0 R (0:4550) 5392 0 R (0:4551) 5393 0 R (0:4552) 5394 0 R (0:4553) 5395 0 R (0:4554) 5396 0 R (0:4555) 5397 0 R (0:4556) 5398 0 R (0:4559) 5399 0 R (0:4560) 5400 0 R (0:4561) 5401 0 R (0:4562) 5402 0 R (0:4563) 5403 0 R (0:4564) 5404 0 R (0:4565) 5405 0 R (0:4566) 5406 0 R (0:4567) 5407 0 R (0:4568) 5408 0 R (0:4569) 5414 0 R (0:4570) 5415 0 R (0:4571) 5416 0 R (0:4572) 5373 0 R (0:4575) 5417 0 R (0:4576) 5418 0 R (0:4577) 5419 0 R (0:4580) 5420 0 R (0:4581) 5421 0 R (0:4582) 5422 0 R (0:4583) 5423 0 R (0:4584) 5424 0 R (0:4585) 5425 0 R (0:4586) 5426 0 R (0:4587) 5427 0 R (0:4588) 5428 0 R (0:4589) 5429 0 R (0:4590) 5430 0 R (0:4591) 5431 0 R (0:4592) 5432 0 R (0:4595) 5433 0 R (0:4596) 5434 0 R (0:4597) 5435 0 R (0:4598) 5436 0 R (0:4599) 5437 0 R (0:46) 1186 0 R (0:4600) 5438 0 R (0:4601) 5439 0 R (0:4602) 5440 0 R (0:4603) 5441 0 R (0:4604) 5442 0 R (0:4605) 5448 0 R (0:4606) 5449 0 R (0:4607) 5450 0 R (0:4608) 5413 0 R (0:4611) 5451 0 R (0:4612) 5452 0 R (0:4613) 5453 0 R (0:4614) 5454 0 R (0:4615) 5455 0 R (0:4616) 5456 0 R (0:4617) 5457 0 R (0:4618) 5458 0 R (0:4619) 5459 0 R (0:4620) 5460 0 R (0:4621) 5461 0 R (0:4622) 5462 0 R (0:4625) 5463 0 R (0:4626) 5464 0 R (0:4627) 5465 0 R (0:4628) 5466 0 R (0:4629) 5467 0 R (0:4630) 5468 0 R (0:4631) 5469 0 R (0:4632) 5470 0 R (0:4633) 5471 0 R (0:4634) 5472 0 R (0:4635) 5473 0 R (0:4636) 5474 0 R (0:4637) 5475 0 R (0:4638) 5476 0 R (0:4639) 5477 0 R (0:4640) 5478 0 R (0:4641) 5479 0 R (0:4642) 5480 0 R (0:4643) 5481 0 R (0:4644) 5482 0 R (0:4645) 5483 0 R (0:4646) 5484 0 R (0:4647) 5485 0 R (0:4648) 5486 0 R (0:4649) 5487 0 R (0:4650) 5492 0 R (0:4651) 5493 0 R (0:4652) 5494 0 R (0:4653) 5447 0 R (0:4656) 5495 0 R (0:4657) 5496 0 R (0:4658) 5497 0 R (0:4659) 5498 0 R (0:4660) 5499 0 R (0:4661) 5500 0 R (0:4662) 5501 0 R (0:4663) 5502 0 R (0:4664) 5503 0 R (0:4665) 5504 0 R (0:4666) 5505 0 R (0:4667) 5506 0 R (0:4668) 5507 0 R (0:4669) 5508 0 R (0:4670) 5509 0 R (0:4671) 5510 0 R (0:4672) 5511 0 R (0:4673) 5512 0 R (0:4674) 5513 0 R (0:4675) 5514 0 R (0:4676) 5515 0 R (0:4677) 5516 0 R (0:4678) 5517 0 R (0:4679) 5518 0 R (0:4680) 5519 0 R (0:4681) 5520 0 R (0:4682) 5521 0 R (0:4683) 5522 0 R (0:4684) 5523 0 R (0:4685) 5524 0 R (0:4686) 5525 0 R (0:4687) 5526 0 R (0:4688) 5527 0 R (0:4689) 5528 0 R (0:4690) 5529 0 R (0:4691) 5530 0 R (0:4692) 5531 0 R (0:4693) 5532 0 R (0:4694) 5533 0 R (0:4695) 5539 0 R (0:4696) 5540 0 R (0:4697) 5541 0 R (0:4698) 5542 0 R (0:4699) 5543 0 R (0:47) 1187 0 R (0:4700) 5544 0 R (0:4701) 5545 0 R (0:4702) 5546 0 R (0:4703) 5547 0 R (0:4704) 5548 0 R (0:4705) 5549 0 R (0:4706) 5550 0 R (0:4707) 5551 0 R (0:4708) 5552 0 R (0:4709) 5553 0 R (0:4710) 5554 0 R (0:4711) 5555 0 R (0:4712) 5556 0 R (0:4713) 5557 0 R (0:4714) 5558 0 R (0:4715) 5559 0 R (0:4716) 5560 0 R (0:4717) 5561 0 R (0:4718) 5562 0 R (0:4719) 5563 0 R (0:4720) 5564 0 R (0:4721) 5565 0 R (0:4722) 5566 0 R (0:4723) 5567 0 R (0:4724) 5568 0 R (0:4725) 5569 0 R (0:4726) 5570 0 R (0:4727) 5571 0 R (0:4728) 5572 0 R (0:4729) 5573 0 R (0:4730) 5574 0 R (0:4731) 5575 0 R (0:4732) 5576 0 R (0:4733) 5577 0 R (0:4734) 5578 0 R (0:4735) 5579 0 R (0:4736) 5580 0 R (0:4737) 5581 0 R (0:4738) 5582 0 R (0:4739) 5583 0 R (0:4740) 5584 0 R (0:4741) 5585 0 R (0:4742) 5586 0 R (0:4743) 5592 0 R (0:4744) 5593 0 R (0:4745) 5594 0 R (0:4746) 5538 0 R (0:4749) 5595 0 R (0:4750) 5596 0 R (0:4751) 5597 0 R (0:4752) 5598 0 R (0:4753) 5599 0 R (0:4754) 5600 0 R (0:4755) 5601 0 R (0:4756) 5602 0 R (0:4757) 5603 0 R (0:4758) 5604 0 R (0:4759) 5605 0 R (0:4760) 5606 0 R (0:4761) 5607 0 R (0:4762) 5608 0 R (0:4763) 5609 0 R (0:4764) 5610 0 R (0:4765) 5611 0 R (0:4766) 5612 0 R (0:4767) 5613 0 R (0:4768) 5614 0 R (0:4769) 5615 0 R (0:4770) 5616 0 R (0:4771) 5617 0 R (0:4772) 5618 0 R (0:4773) 5619 0 R (0:4774) 5620 0 R (0:4775) 5621 0 R (0:4776) 5622 0 R (0:4777) 5623 0 R (0:4778) 5624 0 R (0:4779) 5625 0 R (0:4780) 5626 0 R (0:4781) 5627 0 R (0:4782) 5628 0 R (0:4783) 5629 0 R (0:4784) 5630 0 R (0:4785) 5631 0 R (0:4786) 5632 0 R (0:4787) 5633 0 R (0:4788) 5634 0 R (0:4789) 5635 0 R (0:479) 1578 0 R (0:4790) 5636 0 R (0:4791) 5637 0 R (0:4792) 5638 0 R (0:4793) 5639 0 R (0:4794) 5640 0 R (0:4795) 5646 0 R (0:4796) 5647 0 R (0:4797) 5648 0 R (0:4798) 5591 0 R (0:48) 1188 0 R (0:480) 1579 0 R (0:4801) 5649 0 R (0:4802) 5650 0 R (0:4803) 5651 0 R (0:4804) 5652 0 R (0:4805) 5653 0 R (0:4806) 5654 0 R (0:4807) 5655 0 R (0:4808) 5656 0 R (0:4809) 5657 0 R (0:481) 1582 0 R (0:4810) 5658 0 R (0:4811) 5659 0 R (0:4812) 5660 0 R (0:4813) 5661 0 R (0:4814) 5662 0 R (0:4815) 5663 0 R (0:4816) 5664 0 R (0:4817) 5665 0 R (0:4818) 5666 0 R (0:4819) 5667 0 R (0:482) 1583 0 R (0:4820) 5668 0 R (0:4821) 5669 0 R (0:4822) 5670 0 R (0:4823) 5671 0 R (0:4824) 5672 0 R (0:4825) 5673 0 R (0:4826) 5674 0 R (0:4827) 5675 0 R (0:4828) 5676 0 R (0:4829) 5677 0 R (0:483) 1584 0 R (0:4830) 5678 0 R (0:4831) 5679 0 R (0:4832) 5680 0 R (0:4833) 5681 0 R (0:4834) 5682 0 R (0:4835) 5683 0 R (0:4836) 5684 0 R (0:4837) 5685 0 R (0:4838) 5686 0 R (0:4839) 5687 0 R (0:484) 1585 0 R (0:4840) 5688 0 R (0:4841) 5694 0 R (0:4842) 5695 0 R (0:4843) 5696 0 R (0:4844) 5697 0 R (0:4845) 5698 0 R (0:4846) 5699 0 R (0:4847) 5700 0 R (0:4848) 5701 0 R (0:4849) 5702 0 R (0:485) 1586 0 R (0:4850) 5703 0 R (0:4851) 5704 0 R (0:4852) 5705 0 R (0:4853) 5706 0 R (0:4854) 5707 0 R (0:4855) 5708 0 R (0:4856) 5709 0 R (0:4857) 5710 0 R (0:486) 1587 0 R (0:4860) 5711 0 R (0:4862) 5713 0 R (0:4863) 5714 0 R (0:4864) 5715 0 R (0:4865) 5716 0 R (0:4866) 5717 0 R (0:4867) 5718 0 R (0:4868) 5719 0 R (0:4869) 5720 0 R (0:487) 1588 0 R (0:4870) 5721 0 R (0:4871) 5722 0 R (0:4872) 5723 0 R (0:4873) 5724 0 R (0:4874) 5725 0 R (0:4875) 5726 0 R (0:4876) 5727 0 R (0:4877) 5728 0 R (0:4878) 5729 0 R (0:4879) 5730 0 R (0:488) 1589 0 R (0:4880) 5731 0 R (0:4881) 5732 0 R (0:4882) 5733 0 R (0:4883) 5738 0 R (0:4884) 5739 0 R (0:4885) 5740 0 R (0:4886) 5693 0 R (0:4889) 5741 0 R (0:489) 1590 0 R (0:4890) 5742 0 R (0:4891) 5743 0 R (0:4892) 5744 0 R (0:4893) 5745 0 R (0:4894) 5746 0 R (0:4895) 5747 0 R (0:4896) 5748 0 R (0:4897) 5749 0 R (0:49) 1189 0 R (0:490) 1591 0 R (0:4900) 5750 0 R (0:4901) 5751 0 R (0:4902) 5752 0 R (0:4903) 5753 0 R (0:4904) 5754 0 R (0:4905) 5755 0 R (0:4906) 5756 0 R (0:4907) 5757 0 R (0:4908) 5758 0 R (0:491) 1592 0 R (0:4910) 5760 0 R (0:4911) 5761 0 R (0:4912) 5762 0 R (0:4913) 5763 0 R (0:4914) 5764 0 R (0:4916) 5765 0 R (0:4917) 5766 0 R (0:4918) 5767 0 R (0:4919) 5768 0 R (0:492) 1593 0 R (0:4922) 5773 0 R (0:4923) 5774 0 R (0:4924) 5775 0 R (0:4925) 5776 0 R (0:4926) 5777 0 R (0:4927) 5778 0 R (0:4928) 5779 0 R (0:493) 1594 0 R (0:4931) 5780 0 R (0:4933) 5781 0 R (0:4934) 5782 0 R (0:4935) 5783 0 R (0:4937) 5784 0 R (0:4938) 5785 0 R (0:4939) 5786 0 R (0:494) 1595 0 R (0:4941) 5787 0 R (0:4942) 5788 0 R (0:4943) 5789 0 R (0:4945) 5790 0 R (0:4946) 5791 0 R (0:4947) 5792 0 R (0:4949) 5793 0 R (0:495) 1596 0 R (0:4950) 5794 0 R (0:4951) 5795 0 R (0:4953) 5796 0 R (0:4954) 5797 0 R (0:4955) 5798 0 R (0:4957) 5799 0 R (0:4958) 5800 0 R (0:4959) 5801 0 R (0:496) 1597 0 R (0:4961) 5802 0 R (0:4962) 5803 0 R (0:4963) 5804 0 R (0:4964) 5805 0 R (0:4966) 5806 0 R (0:4967) 5807 0 R (0:4968) 5808 0 R (0:497) 1598 0 R (0:4970) 5814 0 R (0:4971) 5815 0 R (0:4972) 5816 0 R (0:4974) 5809 0 R (0:4975) 5817 0 R (0:4976) 5818 0 R (0:4978) 5819 0 R (0:4979) 5820 0 R (0:498) 1599 0 R (0:4980) 5821 0 R (0:4982) 5822 0 R (0:4983) 5823 0 R (0:4984) 5824 0 R (0:4986) 5825 0 R (0:4987) 5826 0 R (0:4988) 5827 0 R (0:499) 1600 0 R (0:4990) 5828 0 R (0:4991) 5829 0 R (0:4992) 5830 0 R (0:4994) 5831 0 R (0:4995) 5832 0 R (0:4996) 5833 0 R (0:4998) 5834 0 R (0:4999) 5835 0 R (0:50) 1190 0 R (0:500) 1601 0 R (0:5000) 5836 0 R (0:5002) 5837 0 R (0:5003) 5838 0 R (0:5004) 5839 0 R (0:5006) 5840 0 R (0:5007) 5841 0 R (0:5008) 5842 0 R (0:501) 1602 0 R (0:5010) 5843 0 R (0:5011) 5844 0 R (0:5012) 5845 0 R (0:5014) 5846 0 R (0:5015) 5847 0 R (0:5016) 5848 0 R (0:5018) 5849 0 R (0:5019) 5850 0 R (0:502) 1603 0 R (0:5020) 5851 0 R (0:5022) 5852 0 R (0:5023) 5853 0 R (0:5024) 5854 0 R (0:5026) 5855 0 R (0:5027) 5856 0 R (0:5028) 5857 0 R (0:5030) 5862 0 R (0:5031) 5863 0 R (0:5032) 5864 0 R (0:5035) 5865 0 R (0:5037) 5866 0 R (0:5038) 5867 0 R (0:5039) 5868 0 R (0:5041) 5869 0 R (0:5042) 5870 0 R (0:5043) 5871 0 R (0:5045) 5872 0 R (0:5046) 5873 0 R (0:5047) 5874 0 R (0:5049) 5875 0 R (0:5050) 5876 0 R (0:5051) 5877 0 R (0:5053) 5878 0 R (0:5054) 5879 0 R (0:5055) 5880 0 R (0:5057) 5881 0 R (0:5058) 5882 0 R (0:5059) 5883 0 R (0:5061) 5884 0 R (0:5062) 5885 0 R (0:5063) 5886 0 R (0:5066) 5887 0 R (0:5068) 5888 0 R (0:5069) 5889 0 R (0:507) 1606 0 R (0:5070) 5890 0 R (0:5072) 5891 0 R (0:5073) 5892 0 R (0:5074) 5893 0 R (0:5076) 5894 0 R (0:5077) 5895 0 R (0:5078) 5896 0 R (0:508) 1607 0 R (0:5080) 5897 0 R (0:5081) 5898 0 R (0:5082) 5899 0 R (0:51) 1191 0 R (0:52) 1192 0 R (0:528) 1610 0 R (0:53) 1193 0 R (0:530) 1611 0 R (0:531) 1612 0 R (0:532) 1577 0 R (0:54) 1194 0 R (0:55) 1195 0 R (0:554) 1620 0 R (0:555) 1621 0 R (0:56) 1196 0 R (0:57) 1197 0 R (0:58) 1198 0 R (0:59) 1199 0 R (0:594) 1624 0 R (0:595) 1625 0 R (0:62) 1204 0 R (0:63) 1205 0 R (0:634) 1627 0 R (0:635) 1628 0 R (0:636) 1629 0 R (0:637) 1630 0 R (0:638) 1631 0 R (0:639) 1632 0 R (0:64) 1206 0 R (0:640) 1640 0 R (0:641) 1641 0 R (0:642) 1642 0 R (0:643) 1643 0 R (0:644) 1644 0 R (0:645) 1648 0 R (0:646) 1649 0 R (0:647) 1650 0 R (0:648) 1651 0 R (0:649) 1652 0 R (0:65) 1207 0 R (0:650) 1653 0 R (0:651) 1654 0 R (0:652) 1655 0 R (0:653) 1656 0 R (0:654) 1657 0 R (0:655) 1658 0 R (0:656) 1659 0 R (0:657) 1660 0 R (0:658) 1661 0 R (0:659) 1662 0 R (0:66) 1208 0 R (0:660) 1663 0 R (0:661) 1664 0 R (0:662) 1665 0 R (0:663) 1666 0 R (0:664) 1667 0 R (0:665) 1668 0 R (0:666) 1669 0 R (0:667) 1670 0 R (0:668) 1671 0 R (0:669) 1672 0 R (0:67) 1209 0 R (0:670) 1673 0 R (0:672) 1674 0 R (0:673) 1675 0 R (0:674) 1676 0 R (0:675) 1677 0 R (0:676) 1678 0 R (0:677) 1679 0 R (0:678) 1680 0 R (0:679) 1681 0 R (0:68) 1210 0 R (0:680) 1682 0 R (0:681) 1683 0 R (0:682) 1684 0 R (0:683) 1685 0 R (0:684) 1686 0 R (0:685) 1687 0 R (0:686) 1688 0 R (0:687) 1689 0 R (0:688) 1690 0 R (0:689) 1691 0 R (0:69) 1211 0 R (0:690) 1696 0 R (0:692) 1697 0 R (0:697) 1703 0 R (0:698) 1704 0 R (0:699) 1705 0 R (0:70) 1212 0 R (0:700) 1706 0 R (0:701) 1707 0 R (0:702) 1708 0 R (0:703) 1709 0 R (0:704) 1710 0 R (0:705) 1711 0 R (0:706) 1712 0 R (0:707) 1713 0 R (0:708) 1714 0 R (0:709) 1715 0 R (0:710) 1716 0 R (0:711) 1717 0 R (0:712) 1718 0 R (0:713) 1719 0 R (0:714) 1720 0 R (0:715) 1721 0 R (0:716) 1722 0 R (0:717) 1723 0 R (0:720) 1724 0 R (0:721) 1725 0 R (0:722) 1726 0 R (0:723) 1727 0 R (0:724) 1728 0 R (0:725) 1729 0 R (0:726) 1730 0 R (0:729) 1731 0 R (0:73) 1213 0 R (0:730) 1736 0 R (0:731) 1737 0 R (0:732) 1738 0 R (0:733) 1739 0 R (0:734) 1740 0 R (0:735) 1741 0 R (0:736) 1742 0 R (0:737) 1743 0 R (0:738) 1744 0 R (0:739) 1745 0 R (0:74) 1214 0 R (0:740) 1746 0 R (0:741) 1747 0 R (0:742) 1748 0 R (0:743) 1749 0 R (0:744) 1750 0 R (0:745) 1751 0 R (0:746) 1752 0 R (0:747) 1753 0 R (0:748) 1754 0 R (0:749) 1755 0 R (0:750) 1756 0 R (0:751) 1757 0 R (0:752) 1758 0 R (0:753) 1759 0 R (0:754) 1760 0 R (0:755) 1761 0 R (0:756) 1762 0 R (0:757) 1763 0 R (0:758) 1764 0 R (0:759) 1765 0 R (0:76) 1215 0 R (0:760) 1766 0 R (0:761) 1767 0 R (0:762) 1768 0 R (0:763) 1769 0 R (0:764) 1770 0 R (0:765) 1771 0 R (0:766) 1772 0 R (0:767) 1773 0 R (0:768) 1774 0 R (0:769) 1775 0 R (0:77) 1216 0 R (0:770) 1776 0 R (0:771) 1777 0 R (0:772) 1778 0 R (0:773) 1779 0 R (0:774) 1780 0 R (0:777) 1781 0 R (0:778) 1782 0 R (0:779) 1787 0 R (0:78) 1217 0 R (0:780) 1788 0 R (0:781) 1789 0 R (0:782) 1790 0 R (0:783) 1791 0 R (0:784) 1792 0 R (0:785) 1793 0 R (0:786) 1794 0 R (0:787) 1795 0 R (0:788) 1796 0 R (0:789) 1797 0 R (0:79) 1218 0 R (0:790) 1798 0 R (0:791) 1799 0 R (0:792) 1800 0 R (0:793) 1801 0 R (0:794) 1802 0 R (0:795) 1803 0 R (0:796) 1804 0 R (0:797) 1805 0 R (0:798) 1806 0 R (0:799) 1807 0 R (0:80) 1219 0 R (0:800) 1808 0 R (0:801) 1809 0 R (0:802) 1810 0 R (0:803) 1811 0 R (0:804) 1812 0 R (0:805) 1813 0 R (0:806) 1814 0 R (0:807) 1815 0 R (0:808) 1816 0 R (0:81) 1220 0 R (0:810) 1818 0 R (0:811) 1819 0 R (0:812) 1820 0 R (0:815) 1821 0 R (0:816) 1822 0 R (0:817) 1823 0 R (0:818) 1824 0 R (0:821) 1825 0 R (0:822) 1826 0 R (0:823) 1827 0 R (0:824) 1828 0 R (0:825) 1829 0 R (0:826) 1830 0 R (0:827) 1836 0 R (0:828) 1837 0 R (0:83) 1221 0 R (0:831) 1838 0 R (0:832) 1839 0 R (0:834) 1841 0 R (0:835) 1842 0 R (0:836) 1848 0 R (0:837) 1849 0 R (0:838) 1850 0 R (0:839) 1851 0 R (0:84) 1222 0 R (0:840) 1852 0 R (0:841) 1853 0 R (0:842) 1854 0 R (0:843) 1855 0 R (0:844) 1856 0 R (0:845) 1857 0 R (0:846) 1858 0 R (0:847) 1859 0 R (0:848) 1860 0 R (0:849) 1861 0 R (0:85) 1223 0 R (0:850) 1862 0 R (0:853) 1863 0 R (0:854) 1864 0 R (0:856) 1866 0 R (0:857) 1867 0 R (0:86) 1224 0 R (0:860) 1868 0 R (0:862) 1870 0 R (0:863) 1871 0 R (0:864) 1872 0 R (0:866) 1874 0 R (0:867) 1875 0 R (0:87) 1225 0 R (0:870) 1881 0 R (0:871) 1882 0 R (0:872) 1883 0 R (0:873) 1884 0 R (0:874) 1885 0 R (0:875) 1886 0 R (0:876) 1887 0 R (0:877) 1888 0 R (0:878) 1889 0 R (0:879) 1890 0 R (0:88) 1226 0 R (0:880) 1891 0 R (0:881) 1892 0 R (0:882) 1893 0 R (0:883) 1894 0 R (0:884) 1895 0 R (0:885) 1896 0 R (0:886) 1897 0 R (0:887) 1898 0 R (0:888) 1899 0 R (0:889) 1900 0 R (0:89) 1227 0 R (0:890) 1901 0 R (0:891) 1902 0 R (0:892) 1903 0 R (0:893) 1904 0 R (0:894) 1905 0 R (0:895) 1906 0 R (0:896) 1907 0 R (0:897) 1908 0 R (0:898) 1909 0 R (0:899) 1910 0 R (0:90) 1228 0 R (0:900) 1911 0 R (0:901) 1912 0 R (0:902) 1913 0 R (0:903) 1914 0 R (0:904) 1915 0 R (0:905) 1916 0 R (0:906) 1917 0 R (0:907) 1918 0 R (0:908) 1919 0 R (0:909) 1920 0 R (0:910) 1921 0 R (0:911) 1922 0 R (0:912) 1923 0 R (0:913) 1924 0 R (0:916) 1930 0 R (0:917) 1931 0 R (0:918) 1932 0 R (0:919) 1933 0 R (0:92) 1229 0 R (0:923) 1935 0 R (0:924) 1936 0 R (0:925) 1937 0 R (0:926) 1938 0 R (0:927) 1939 0 R (0:928) 1940 0 R (0:93) 1230 0 R (0:931) 1942 0 R (0:932) 1943 0 R (0:933) 1944 0 R (0:94) 1231 0 R (0:95) 1232 0 R (0:969) 1946 0 R (0:970) 1947 0 R (0:971) 1948 0 R (0:972) 1949 0 R (0:973) 1950 0 R (0:974) 1951 0 R (0:975) 1952 0 R (0:976) 1953 0 R (0:977) 1954 0 R (0:978) 1955 0 R (0:979) 1956 0 R (0:98) 1236 0 R (0:980) 1957 0 R (0:981) 1958 0 R (0:982) 1959 0 R (0:983) 1964 0 R (0:984) 1965 0 R (0:985) 1966 0 R (0:986) 1967 0 R (0:987) 1968 0 R (0:988) 1969 0 R (0:989) 1970 0 R (0:99) 1237 0 R (0:991) 1972 0 R (0:992) 1973 0 R (0:993) 1974 0 R (0:994) 1975 0 R (0:997) 1977 0 R (0:998) 1978 0 R (0:999) 1979 0 R (0:ALL-EXCEPT) 929 0 R (0:AUTH-CRED) 3710 0 R (0:BASCLT) 925 0 R (0:BASIC-CONFIGURATION) 911 0 R (0:CALLING-EXTERNAL-PROGRAMS) 1044 0 R (0:CHANGE-CODES) 2957 0 R (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) 1135 0 R (0:CHECKING-FOR-SUID-FILES) 1136 0 R (0:CHECKING-MOUNTS) 1137 0 R (0:CHECKING-USERFILES) 1138 0 R (0:CHROOT) 1035 0 R (0:CLASSES) 1976 0 R (0:CLIENT-INTEGRITY) 1056 0 R (0:CLIENT-SERVER-CONNECTIVITY) 1123 0 R (0:CLIENTS) 1029 0 R (0:COMMAND-LINE) 1125 0 R (0:COMMAND-LINE-GENERAL) 1126 0 R (0:COMMAND-LINE-YULE) 1128 0 R (0:COMPILATION-CHECKS) 1121 0 R (0:COMPILATION-OPTIONS) 1119 0 R (0:COMPILATION-OPTIONS-GENERAL) 1120 0 R (0:CONDITIONALS) 5190 0 R (0:CONFIGFACILITY) 913 0 R (0:CONFIGFILE) 1130 0 R (0:CONFIGFILE-CLIENTS) 1142 0 R (0:CONFIGURATION-EMAIL) 915 0 R (0:CONFIGURATION-EXTERNAL) 918 0 R (0:CONFIGURATION-FILE-DOWNLOAD) 3455 0 R (0:CONFIGURATION-LOGSERVER) 917 0 R (0:CONSOLEDETAILS) 919 0 R (0:CONTROLLING-THE-DAEMON) 903 0 R (0:CUSTOMRPM) 4583 0 R (0:DAEMONTOOL) 902 0 R (0:DATABASE) 1139 0 R (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) 1031 0 R (0:DATABASE-FIELDS) 1143 0 R (0:DATABASE-FILE-DOWNLOAD) 3484 0 R (0:DATABASEFILE) 1018 0 R (0:DEB) 4640 0 R (0:DEFTRUST) 1321 0 R (0:DEPLOY-BUILD) 4440 0 R (0:DEPLOY-BUILD-OPT) 4453 0 R (0:DEPLOY-CHECKSRC) 4434 0 R (0:DEPLOY-CHECKSRC-OPT) 4437 0 R (0:DEPLOY-CLEAN) 4412 0 R (0:DEPLOY-CLEAN-OPT) 4416 0 R (0:DEPLOY-CUSTOMIZE) 4301 0 R (0:DEPLOY-DOWNLOAD) 4418 0 R (0:DEPLOY-DOWNLOAD-OPT) 4427 0 R (0:DEPLOY-INFO) 4407 0 R (0:DEPLOY-INFO-OPT) 4409 0 R (0:DEPLOY-INSTALL) 4477 0 R (0:DEPLOY-INSTALL-OPT) 4504 0 R (0:DEPLOY-LAYOUT) 4205 0 R (0:DEPLOY-LAYOUT-ARCHPKG) 4292 0 R (0:DEPLOY-LAYOUT-CONFIGS) 4260 0 R (0:DEPLOY-MISC) 4551 0 R (0:DEPLOY-REQ) 4204 0 R (0:DEPLOY-SCRIPT) 4332 0 R (0:DEPLOY-SH-GENERAL) 4392 0 R (0:DEPLOY-UNINSTALL) 4545 0 R (0:DEPLOY-UNINSTALL-OPT) 4548 0 R (0:DEPLOY.SH) 1051 0 R (0:DEPLOYMENT) 1050 0 R (0:DESIGN) 1058 0 R (0:DROPROOT) 1028 0 R (0:DYNUP) 1843 0 R (0:EMAILDETAILS) 2169 0 R (0:ENABLING-LOGGING-TO-THE-SERVER) 1030 0 R (0:EXTERN) 1041 0 R (0:EXTERNAL) 1141 0 R (0:FILE-MONITOR) 924 0 R (0:FILE-SIGNATURES) 927 0 R (0:FILE-SPECIFICATION) 2750 0 R (0:FILEDEF) 928 0 R (0:FILES-TO-CHECK) 1131 0 R (0:GCM) 1033 0 R (0:GEN-DB-FIELDS) 1144 0 R (0:GENERAL) 1027 0 R (0:HARDLINKCHECK) 2886 0 R (0:HASH-FUNCTION) 926 0 R (0:HIDING-THE-EXECUTABLE) 1048 0 R (0:HLOFFSETS) 2895 0 R (0:HOW-TO-INVOKE) 901 0 R (0:HPUX) 4610 0 R (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) 908 0 R (0:INDEX) 779 0 R (0:INITIALIZING-UPDATING-CHECKING) 931 0 R (0:INSTALLATION) 888 0 R (0:INSTALLATION-BUILD) 893 0 R (0:INSTALLATION-CONFIGURE) 892 0 R (0:INSTALLATION-CUSTOMIZE) 895 0 R (0:INSTALLATION-DOWNLOAD) 891 0 R (0:INSTALLATION-FILES) 1618 0 R (0:INSTALLATION-INITIALIZE) 896 0 R (0:INSTALLATION-INSTALL) 894 0 R (0:INSTALLATION-OVERVIEW) 889 0 R (0:INSTALLATION-REQUIREMENTS) 890 0 R (0:INSTALLATION-RUNNING) 897 0 R (0:INSTALLED-CLIENT) 1619 0 R (0:INSTALLED-SERVER) 1623 0 R (0:INTRO) 887 0 R (0:KERNELDEF) 1020 0 R (0:KERNELDEF-CONFIG) 3140 0 R (0:KERNELDEF-ERRORS) 3194 0 R (0:KERNELDEF-HOW) 3165 0 R (0:KERNELDEF-WHAT) 3151 0 R (0:KEYPAD) 1055 0 R (0:KHIDE) 4081 0 R (0:LAYOUT) 898 0 R (0:LAYOUT-DETAILS) 1551 0 R (0:LIBWRAP) 1036 0 R (0:LOG-FILE-ROTATION) 906 0 R (0:LOGDEF) 912 0 R (0:LOGFILE) 1831 0 R (0:LOGGING-THRESHOLDS) 1133 0 R (0:LOGSERVERDETAILS) 2287 0 R (0:MISCELLANEOUS) 1140 0 R (0:MOD-DB-FIELDS) 1145 0 R (0:MODULES) 1024 0 R (0:MONDEF) 1021 0 R (0:MOUNTCHECK) 1022 0 R (0:MYSQL-CFG) 2528 0 R (0:NAGIOS) 921 0 R (0:NATIVE-PACKAGES) 1052 0 R (0:OBSCURE) 2909 0 R (0:OPENPGP-SIGNATURES) 1122 0 R (0:OPTIONS-CONFIGURATION-FILE) 909 0 R (0:PACKING-THE-EXECUTABLE) 1049 0 R (0:PAGING) 3892 0 R (0:PATHS) 1124 0 R (0:PERFORMANCE-TUNING) 1025 0 R (0:PERFORMANCE-TUNING-SERVER) 1040 0 R (0:PID-FILE) 905 0 R (0:PIPES) 1042 0 R (0:POLICY) 1876 0 R (0:POLRULES) 2771 0 R (0:PRELINK) 2759 0 R (0:PRELUDE8) 2412 0 R (0:PRELUDE9) 2333 0 R (0:PRELUDECL) 2363 0 R (0:PRELUDEDETAILS) 920 0 R (0:RECDEP) 2807 0 R (0:RPM) 4582 0 R (0:RUNTIME-CLIENT) 1605 0 R (0:RUNTIME-FILES) 1604 0 R (0:RUNTIME-SERVER) 1609 0 R (0:SAMHAIN-COMMAND-LINE) 1127 0 R (0:SAMHAINADMIN) 1046 0 R (0:SECOND-SCHEDULE) 2996 0 R (0:SECURITY-DESIGN) 1053 0 R (0:SECURITY-USAGE) 1054 0 R (0:SEND-COMMANDS) 1037 0 R (0:SERVER-LOGGING) 1032 0 R (0:SERVER-SECURITY) 1057 0 R (0:SERVER-STATUS-INFORMATION) 1034 0 R (0:SERVER-TO-SERVER) 1039 0 R (0:SEVERITY-OF-EVENTS) 1132 0 R (0:SEVERITYDEF) 1941 0 R (0:SIGNALS) 904 0 R (0:SIGNED-FILES) 1045 0 R (0:SOL) 4617 0 R (0:SQLDETAILS) 923 0 R (0:STEALTHMODE) 1047 0 R (0:SUIDCHK) 1019 0 R (0:SUIDCHK-CONFIG) 3100 0 R (0:SUIDCHK-QUARANTINE) 3073 0 R (0:SUPPLY-COMMANDS) 3697 0 R (0:SUPPORT) 910 0 R (0:SUPPRESS) 2824 0 R (0:SYS-DB-FIELDS) 1146 0 R (0:SYSLOGDETAILS) 922 0 R (0:SYSTEM-V-MESSAGE-QUEUE) 1043 0 R (0:TARGETS) 1429 0 R (0:TBZ2) 4624 0 R (0:TESTSUITE) 899 0 R (0:THE-CONFIGURATION-FILE) 1129 0 R (0:THRESHOLDS) 914 0 R (0:TIMING-FILE-CHECKS) 930 0 R (0:TRUSTEDEXAMPLE) 916 0 R (0:UDP) 1038 0 R (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) 907 0 R (0:USAGE) 900 0 R (0:USERCHECK) 1023 0 R (0:VANILLARPM) 4595 0 R (0:WATCHING-LOGIN-LOGOUT-EVENTS) 1134 0 R (0:YULE) 1026 0 R (1.0) 2 0 R (10.0) 466 0 R (10.66.1) 470 0 R (11.0) 474 0 R (11.67.1) 478 0 R (11.67.37.2) 482 0 R (11.68.1) 486 0 R (12.0) 490 0 R (12.69.1) 494 0 R (12.69.38.2) 498 0 R (12.69.39.2) 502 0 R (12.69.39.7.3) 506 0 R (12.69.39.8.3) 510 0 R (12.69.40.10.3) 522 0 R (12.69.40.11.3) 526 0 R (12.69.40.12.3) 530 0 R (12.69.40.2) 514 0 R (12.69.40.9.3) 518 0 R (12.69.41.13.3) 538 0 R (12.69.41.2) 534 0 R (12.69.42.14.3) 546 0 R (12.69.42.2) 542 0 R (12.69.43.15.3) 554 0 R (12.69.43.2) 550 0 R (12.69.44.16.3) 562 0 R (12.69.44.2) 558 0 R (12.69.45.17.3) 570 0 R (12.69.45.2) 566 0 R (12.69.46.18.3) 578 0 R (12.69.46.2) 574 0 R (12.69.47.19.3) 586 0 R (12.69.47.2) 582 0 R (12.69.48.2) 590 0 R (12.69.48.20.3) 594 0 R (12.69.49.2) 598 0 R (12.70.1) 602 0 R (12.70.50.2) 606 0 R (12.70.50.21.3) 610 0 R (12.70.50.22.3) 614 0 R (12.70.51.2) 618 0 R (12.70.52.2) 622 0 R (12.70.53.2) 626 0 R (12.70.54.2) 630 0 R (13.0) 634 0 R (13.71.1) 638 0 R (13.72.1) 642 0 R (13.73.1) 646 0 R (13.74.1) 650 0 R (13.75.1) 654 0 R (14.0) 658 0 R (14.76.1) 662 0 R (14.77.1) 666 0 R (14.78.1) 670 0 R (14.79.1) 674 0 R (14.80.1) 678 0 R (15.0) 682 0 R (15.81.1) 686 0 R (15.82.1) 690 0 R (15.83.1) 694 0 R (16.0) 698 0 R (16.84.1) 702 0 R (16.84.55.2) 706 0 R (16.85.1) 710 0 R (16.86.1) 714 0 R (16.87.1) 718 0 R (16.88.1) 722 0 R (16.89.1) 726 0 R (16.90.1) 730 0 R (16.91.1) 734 0 R (16.92.1) 738 0 R (16.93.1) 742 0 R (16.94.1) 746 0 R (16.95.1) 750 0 R (16.96.1) 754 0 R (17.0) 758 0 R (17.97.1) 762 0 R (17.98.1) 766 0 R (17.99.1) 770 0 R (2.0) 6 0 R (3.0) 10 0 R (4.0) 14 0 R (4.1.1) 18 0 R (4.10.1) 62 0 R (4.10.3.2) 66 0 R (4.10.4.2) 70 0 R (4.10.5.1.3) 78 0 R (4.10.5.2) 74 0 R (4.10.5.2.3) 82 0 R (4.10.6.2) 86 0 R (4.10.6.3.3) 90 0 R (4.10.6.4.3) 94 0 R (4.11.1) 98 0 R (4.2.1) 22 0 R (4.3.1) 26 0 R (4.4.1) 30 0 R (4.4.1.2) 34 0 R (4.5.1) 38 0 R (4.6.1) 42 0 R (4.6.2.2) 46 0 R (4.7.1) 50 0 R (4.8.1) 54 0 R (4.9.1) 58 0 R (5.0) 102 0 R (5.12.1) 106 0 R (5.13.1) 110 0 R (5.14.1) 114 0 R (5.15.1) 118 0 R (5.16.1) 122 0 R (5.17.1) 126 0 R (5.18.1) 130 0 R (5.19.1) 134 0 R (5.20.1) 138 0 R (5.21.1) 142 0 R (6.0) 146 0 R (6.22.1) 150 0 R (6.22.7.2) 154 0 R (6.22.8.2) 158 0 R (6.23.1) 162 0 R (6.24.1) 166 0 R (6.25.1) 170 0 R (6.25.9.2) 174 0 R (6.26.1) 178 0 R (6.26.10.2) 182 0 R (6.27.1) 186 0 R (6.27.11.2) 190 0 R (6.28.1) 194 0 R (6.29.1) 198 0 R (6.30.1) 202 0 R (6.30.12.2) 206 0 R (6.30.13.2) 210 0 R (6.30.14.2) 214 0 R (6.31.1) 218 0 R (6.32.1) 222 0 R (6.33.1) 226 0 R (6.33.15.2) 230 0 R (7.0) 234 0 R (7.34.1) 238 0 R (7.35.1) 242 0 R (7.36.1) 246 0 R (7.37.1) 250 0 R (7.37.16.2) 254 0 R (7.37.17.2) 258 0 R (7.37.17.5.3) 262 0 R (7.37.18.2) 266 0 R (7.37.19.2) 270 0 R (7.37.20.2) 274 0 R (7.37.21.2) 278 0 R (7.37.21.6.3) 282 0 R (7.37.22.2) 286 0 R (7.37.23.2) 290 0 R (7.37.24.2) 294 0 R (7.38.1) 298 0 R (7.39.1) 302 0 R (7.39.25.2) 306 0 R (7.40.1) 310 0 R (7.41.1) 314 0 R (7.42.1) 318 0 R (7.42.26.2) 322 0 R (7.42.27.2) 326 0 R (7.43.1) 330 0 R (7.43.28.2) 334 0 R (7.43.29.2) 338 0 R (7.43.30.2) 342 0 R (7.43.31.2) 346 0 R (7.44.1) 350 0 R (7.45.1) 354 0 R (7.46.1) 358 0 R (7.47.1) 362 0 R (7.48.1) 366 0 R (8.0) 370 0 R (8.49.1) 374 0 R (8.50.1) 378 0 R (8.51.1) 382 0 R (8.52.1) 386 0 R (8.53.1) 390 0 R (8.53.32.2) 394 0 R (8.53.33.2) 398 0 R (8.54.1) 402 0 R (8.55.1) 406 0 R (8.56.1) 410 0 R (8.57.1) 414 0 R (8.58.1) 418 0 R (8.59.1) 422 0 R (8.59.34.2) 426 0 R (8.59.35.2) 430 0 R (8.60.1) 434 0 R (8.61.1) 438 0 R (8.62.1) 442 0 R (9.0) 446 0 R (9.63.1) 450 0 R (9.64.1) 454 0 R (9.65.1) 458 0 R (9.65.36.2) 462 0 R (Doc-Start) 778 0 R (page.1) 777 0 R (page.10) 1522 0 R (page.100) 4492 0 R (page.101) 4528 0 R (page.102) 4565 0 R (page.103) 4605 0 R (page.104) 4650 0 R (page.105) 4663 0 R (page.106) 4704 0 R (page.107) 4733 0 R (page.108) 4748 0 R (page.109) 4764 0 R (page.11) 1576 0 R (page.110) 4804 0 R (page.111) 4849 0 R (page.112) 4887 0 R (page.113) 4928 0 R (page.114) 4971 0 R (page.115) 4997 0 R (page.116) 5077 0 R (page.117) 5156 0 R (page.118) 5163 0 R (page.119) 5194 0 R (page.12) 1616 0 R (page.120) 5231 0 R (page.121) 5283 0 R (page.122) 5325 0 R (page.123) 5372 0 R (page.124) 5412 0 R (page.125) 5446 0 R (page.126) 5491 0 R (page.127) 5537 0 R (page.128) 5590 0 R (page.129) 5645 0 R (page.13) 1639 0 R (page.130) 5692 0 R (page.131) 5737 0 R (page.132) 5772 0 R (page.133) 5813 0 R (page.134) 5861 0 R (page.14) 1695 0 R (page.15) 1702 0 R (page.16) 1735 0 R (page.17) 1786 0 R (page.18) 1835 0 R (page.19) 1847 0 R (page.2) 786 0 R (page.20) 1880 0 R (page.21) 1929 0 R (page.22) 1963 0 R (page.23) 1988 0 R (page.24) 2017 0 R (page.25) 2064 0 R (page.26) 2086 0 R (page.27) 2116 0 R (page.28) 2153 0 R (page.29) 2173 0 R (page.3) 794 0 R (page.30) 2202 0 R (page.31) 2238 0 R (page.32) 2272 0 R (page.33) 2296 0 R (page.34) 2332 0 R (page.35) 2385 0 R (page.36) 2407 0 R (page.37) 2431 0 R (page.38) 2451 0 R (page.39) 2480 0 R (page.4) 935 0 R (page.40) 2501 0 R (page.41) 2532 0 R (page.42) 2548 0 R (page.43) 2600 0 R (page.44) 2648 0 R (page.45) 2690 0 R (page.46) 2723 0 R (page.47) 2763 0 R (page.48) 2811 0 R (page.49) 2834 0 R (page.5) 1062 0 R (page.50) 2866 0 R (page.51) 2901 0 R (page.52) 2933 0 R (page.53) 2966 0 R (page.54) 2994 0 R (page.55) 3025 0 R (page.56) 3053 0 R (page.57) 3094 0 R (page.58) 3109 0 R (page.59) 3144 0 R (page.6) 1325 0 R (page.60) 3155 0 R (page.61) 3184 0 R (page.62) 3205 0 R (page.63) 3224 0 R (page.64) 3236 0 R (page.65) 3253 0 R (page.66) 3276 0 R (page.67) 3311 0 R (page.68) 3356 0 R (page.69) 3397 0 R (page.7) 1395 0 R (page.70) 3441 0 R (page.71) 3462 0 R (page.72) 3504 0 R (page.73) 3537 0 R (page.74) 3578 0 R (page.75) 3611 0 R (page.76) 3667 0 R (page.77) 3701 0 R (page.78) 3729 0 R (page.79) 3769 0 R (page.8) 1436 0 R (page.80) 3788 0 R (page.81) 3818 0 R (page.82) 3878 0 R (page.83) 3899 0 R (page.84) 3951 0 R (page.85) 4001 0 R (page.86) 4012 0 R (page.87) 4056 0 R (page.88) 4099 0 R (page.89) 4145 0 R (page.9) 1484 0 R (page.90) 4169 0 R (page.91) 4177 0 R (page.92) 4209 0 R (page.93) 4257 0 R (page.94) 4276 0 R (page.95) 4310 0 R (page.96) 4349 0 R (page.97) 4402 0 R (page.98) 4431 0 R (page.99) 4460 0 R (table.1) 1572 0 R (table.10) 3594 0 R (table.11) 3598 0 R (table.2) 1608 0 R (table.3) 1617 0 R (table.4) 1622 0 R (table.5) 1626 0 R (table.6) 1945 0 R (table.7) 1984 0 R (table.8) 1993 0 R (table.9) 2464 0 R] +/Limits [(0:100) (table.9)] +>> endobj +5913 0 obj << +/Kids [5912 0 R] +>> endobj +5914 0 obj << +/Dests 5913 0 R +>> endobj +5915 0 obj << +/Type /Catalog +/Pages 5910 0 R +/Outlines 5911 0 R +/Names 5914 0 R +/PageMode /UseOutlines /URI<> /ViewerPreferences<<>> +/OpenAction 773 0 R +/PTEX.Fullbanner (This is pdfTeX, Version 3.14159-1.10b) +>> endobj +5916 0 obj << +/Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfTeX-1.10b)/Keywords() +/CreationDate (D:20060831210800) +>> endobj +xref +0 5917 +0000000780 65535 f +0000000009 00000 n +0000018711 00000 n +0000784067 00000 n +0000000048 00000 n +0000000073 00000 n +0000083865 00000 n +0000783982 00000 n +0000000112 00000 n +0000000147 00000 n +0000181147 00000 n +0000783895 00000 n +0000000186 00000 n +0000000228 00000 n +0000183394 00000 n +0000783767 00000 n +0000000268 00000 n +0000000322 00000 n +0000183706 00000 n +0000783693 00000 n +0000000364 00000 n +0000000396 00000 n +0000187560 00000 n +0000783606 00000 n +0000000438 00000 n +0000000474 00000 n +0000190900 00000 n +0000783519 00000 n +0000000516 00000 n +0000000560 00000 n +0000193308 00000 n +0000783395 00000 n +0000000602 00000 n +0000000648 00000 n +0000198671 00000 n +0000783334 00000 n +0000000692 00000 n +0000000749 00000 n +0000206535 00000 n +0000783247 00000 n +0000000791 00000 n +0000000820 00000 n +0000210498 00000 n +0000783123 00000 n +0000000862 00000 n +0000000893 00000 n +0000211638 00000 n +0000783062 00000 n +0000000937 00000 n +0000000985 00000 n +0000215770 00000 n +0000782975 00000 n +0000001027 00000 n +0000001060 00000 n +0000219756 00000 n +0000782888 00000 n +0000001102 00000 n +0000001158 00000 n +0000220958 00000 n +0000782801 00000 n +0000001200 00000 n +0000001235 00000 n +0000224396 00000 n +0000782677 00000 n +0000001278 00000 n +0000001329 00000 n +0000224838 00000 n +0000782603 00000 n +0000001374 00000 n +0000001432 00000 n +0000226358 00000 n +0000782516 00000 n +0000001477 00000 n +0000001520 00000 n +0000232103 00000 n +0000782392 00000 n +0000001565 00000 n +0000001605 00000 n +0000232228 00000 n +0000782318 00000 n +0000001652 00000 n +0000001701 00000 n +0000232542 00000 n +0000782244 00000 n +0000001748 00000 n +0000001783 00000 n +0000235167 00000 n +0000782133 00000 n +0000001828 00000 n +0000001870 00000 n +0000235291 00000 n +0000782059 00000 n +0000001917 00000 n +0000001966 00000 n +0000235605 00000 n +0000781985 00000 n +0000002013 00000 n +0000002048 00000 n +0000235917 00000 n +0000781910 00000 n +0000002091 00000 n +0000002130 00000 n +0000245361 00000 n +0000781777 00000 n +0000002171 00000 n +0000002221 00000 n +0000245486 00000 n +0000781698 00000 n +0000002265 00000 n +0000002303 00000 n +0000246944 00000 n +0000781605 00000 n +0000002347 00000 n +0000002413 00000 n +0000247513 00000 n +0000781512 00000 n +0000002457 00000 n +0000002504 00000 n +0000252944 00000 n +0000781419 00000 n +0000002548 00000 n +0000002580 00000 n +0000258116 00000 n +0000781326 00000 n +0000002624 00000 n +0000002657 00000 n +0000258495 00000 n +0000781233 00000 n +0000002701 00000 n +0000002743 00000 n +0000260823 00000 n +0000781140 00000 n +0000002787 00000 n +0000002848 00000 n +0000265030 00000 n +0000781047 00000 n +0000002892 00000 n +0000002950 00000 n +0000265407 00000 n +0000780954 00000 n +0000002994 00000 n +0000003066 00000 n +0000267882 00000 n +0000780875 00000 n +0000003110 00000 n +0000003161 00000 n +0000273356 00000 n +0000780741 00000 n +0000003202 00000 n +0000003268 00000 n +0000273735 00000 n +0000780623 00000 n +0000003312 00000 n +0000003344 00000 n +0000274243 00000 n +0000780544 00000 n +0000003390 00000 n +0000003432 00000 n +0000278352 00000 n +0000780465 00000 n +0000003478 00000 n +0000003512 00000 n +0000281800 00000 n +0000780372 00000 n +0000003556 00000 n +0000003609 00000 n +0000287484 00000 n +0000780279 00000 n +0000003653 00000 n +0000003730 00000 n +0000293950 00000 n +0000780147 00000 n +0000003774 00000 n +0000003804 00000 n +0000304783 00000 n +0000780082 00000 n +0000003850 00000 n +0000003910 00000 n +0000309194 00000 n +0000779950 00000 n +0000003954 00000 n +0000003987 00000 n +0000310459 00000 n +0000779885 00000 n +0000004034 00000 n +0000004091 00000 n +0000318363 00000 n +0000779753 00000 n +0000004135 00000 n +0000004170 00000 n +0000319122 00000 n +0000779688 00000 n +0000004217 00000 n +0000004251 00000 n +0000322064 00000 n +0000779595 00000 n +0000004295 00000 n +0000004339 00000 n +0000322315 00000 n +0000779502 00000 n +0000004383 00000 n +0000004415 00000 n +0000323584 00000 n +0000779370 00000 n +0000004459 00000 n +0000004491 00000 n +0000327963 00000 n +0000779291 00000 n +0000004538 00000 n +0000004600 00000 n +0000331151 00000 n +0000779198 00000 n +0000004647 00000 n +0000004710 00000 n +0000334551 00000 n +0000779119 00000 n +0000004757 00000 n +0000004820 00000 n +0000337971 00000 n +0000779026 00000 n +0000004864 00000 n +0000004915 00000 n +0000341424 00000 n +0000778933 00000 n +0000004959 00000 n +0000004991 00000 n +0000342372 00000 n +0000778815 00000 n +0000005035 00000 n +0000005073 00000 n +0000351438 00000 n +0000778750 00000 n +0000005120 00000 n +0000005175 00000 n +0000355154 00000 n +0000778616 00000 n +0000005216 00000 n +0000005286 00000 n +0000356480 00000 n +0000778537 00000 n +0000005330 00000 n +0000005369 00000 n +0000361622 00000 n +0000778444 00000 n +0000005413 00000 n +0000005466 00000 n +0000365520 00000 n +0000778351 00000 n +0000005510 00000 n +0000005550 00000 n +0000367544 00000 n +0000778219 00000 n +0000005594 00000 n +0000005662 00000 n +0000367732 00000 n +0000778140 00000 n +0000005709 00000 n +0000005755 00000 n +0000375037 00000 n +0000778008 00000 n +0000005802 00000 n +0000005857 00000 n +0000379272 00000 n +0000777943 00000 n +0000005906 00000 n +0000005940 00000 n +0000384340 00000 n +0000777850 00000 n +0000005987 00000 n +0000006055 00000 n +0000388470 00000 n +0000777757 00000 n +0000006102 00000 n +0000006187 00000 n +0000392292 00000 n +0000777664 00000 n +0000006234 00000 n +0000006281 00000 n +0000393431 00000 n +0000777532 00000 n +0000006328 00000 n +0000006369 00000 n +0000394065 00000 n +0000777467 00000 n +0000006418 00000 n +0000006488 00000 n +0000397340 00000 n +0000777374 00000 n +0000006535 00000 n +0000006587 00000 n +0000398038 00000 n +0000777281 00000 n +0000006634 00000 n +0000006680 00000 n +0000402718 00000 n +0000777202 00000 n +0000006727 00000 n +0000006792 00000 n +0000402969 00000 n +0000777109 00000 n +0000006836 00000 n +0000006914 00000 n +0000406036 00000 n +0000776977 00000 n +0000006958 00000 n +0000007001 00000 n +0000408850 00000 n +0000776912 00000 n +0000007048 00000 n +0000007098 00000 n +0000410429 00000 n +0000776819 00000 n +0000007142 00000 n +0000007202 00000 n +0000413566 00000 n +0000776726 00000 n +0000007246 00000 n +0000007298 00000 n +0000414133 00000 n +0000776594 00000 n +0000007342 00000 n +0000007414 00000 n +0000418469 00000 n +0000776515 00000 n +0000007461 00000 n +0000007514 00000 n +0000422083 00000 n +0000776436 00000 n +0000007561 00000 n +0000007601 00000 n +0000425242 00000 n +0000776304 00000 n +0000007645 00000 n +0000007696 00000 n +0000429203 00000 n +0000776225 00000 n +0000007743 00000 n +0000007784 00000 n +0000431791 00000 n +0000776132 00000 n +0000007831 00000 n +0000007885 00000 n +0000432487 00000 n +0000776039 00000 n +0000007932 00000 n +0000007988 00000 n +0000436248 00000 n +0000775960 00000 n +0000008035 00000 n +0000008077 00000 n +0000436752 00000 n +0000775867 00000 n +0000008121 00000 n +0000008177 00000 n +0000439068 00000 n +0000775774 00000 n +0000008221 00000 n +0000008283 00000 n +0000441258 00000 n +0000775681 00000 n +0000008327 00000 n +0000008392 00000 n +0000443651 00000 n +0000775588 00000 n +0000008436 00000 n +0000008469 00000 n +0000444343 00000 n +0000775509 00000 n +0000008513 00000 n +0000008557 00000 n +0000450242 00000 n +0000775375 00000 n +0000008598 00000 n +0000008649 00000 n +0000451258 00000 n +0000775296 00000 n +0000008693 00000 n +0000008725 00000 n +0000455382 00000 n +0000775203 00000 n +0000008769 00000 n +0000008822 00000 n +0000460779 00000 n +0000775110 00000 n +0000008866 00000 n +0000008911 00000 n +0000467011 00000 n +0000775017 00000 n +0000008955 00000 n +0000009010 00000 n +0000469491 00000 n +0000774885 00000 n +0000009054 00000 n +0000009151 00000 n +0000470251 00000 n +0000774806 00000 n +0000009198 00000 n +0000009243 00000 n +0000474612 00000 n +0000774727 00000 n +0000009290 00000 n +0000009330 00000 n +0000479340 00000 n +0000774634 00000 n +0000009374 00000 n +0000009435 00000 n +0000480227 00000 n +0000774541 00000 n +0000009479 00000 n +0000009528 00000 n +0000482438 00000 n +0000774448 00000 n +0000009572 00000 n +0000009624 00000 n +0000488556 00000 n +0000774355 00000 n +0000009668 00000 n +0000009699 00000 n +0000497222 00000 n +0000774262 00000 n +0000009743 00000 n +0000009814 00000 n +0000498361 00000 n +0000774130 00000 n +0000009858 00000 n +0000009911 00000 n +0000501090 00000 n +0000774051 00000 n +0000009958 00000 n +0000010015 00000 n +0000501723 00000 n +0000773972 00000 n +0000010062 00000 n +0000010118 00000 n +0000505407 00000 n +0000773879 00000 n +0000010162 00000 n +0000010202 00000 n +0000506359 00000 n +0000773786 00000 n +0000010246 00000 n +0000010292 00000 n +0000506675 00000 n +0000773707 00000 n +0000010336 00000 n +0000010380 00000 n +0000513182 00000 n +0000773574 00000 n +0000010421 00000 n +0000010479 00000 n +0000513434 00000 n +0000773495 00000 n +0000010523 00000 n +0000010553 00000 n +0000513687 00000 n +0000773402 00000 n +0000010597 00000 n +0000010644 00000 n +0000514573 00000 n +0000773284 00000 n +0000010688 00000 n +0000010738 00000 n +0000524029 00000 n +0000773219 00000 n +0000010785 00000 n +0000010836 00000 n +0000527684 00000 n +0000773086 00000 n +0000010878 00000 n +0000010964 00000 n +0000537576 00000 n +0000773021 00000 n +0000011009 00000 n +0000011057 00000 n +0000540554 00000 n +0000772888 00000 n +0000011099 00000 n +0000011157 00000 n +0000540871 00000 n +0000772770 00000 n +0000011202 00000 n +0000011248 00000 n +0000547503 00000 n +0000772705 00000 n +0000011296 00000 n +0000011379 00000 n +0000556922 00000 n +0000772626 00000 n +0000011424 00000 n +0000011471 00000 n +0000561451 00000 n +0000772493 00000 n +0000011513 00000 n +0000011571 00000 n +0000561577 00000 n +0000772374 00000 n +0000011616 00000 n +0000011673 00000 n +0000566310 00000 n +0000772295 00000 n +0000011721 00000 n +0000011761 00000 n +0000570677 00000 n +0000772163 00000 n +0000011809 00000 n +0000011868 00000 n +0000570866 00000 n +0000772084 00000 n +0000011918 00000 n +0000011972 00000 n +0000574548 00000 n +0000772005 00000 n +0000012022 00000 n +0000012076 00000 n +0000575184 00000 n +0000771873 00000 n +0000012124 00000 n +0000012174 00000 n +0000575310 00000 n +0000771794 00000 n +0000012224 00000 n +0000012277 00000 n +0000578189 00000 n +0000771701 00000 n +0000012328 00000 n +0000012392 00000 n +0000578697 00000 n +0000771608 00000 n +0000012443 00000 n +0000012517 00000 n +0000579267 00000 n +0000771529 00000 n +0000012568 00000 n +0000012627 00000 n +0000579648 00000 n +0000771397 00000 n +0000012675 00000 n +0000012729 00000 n +0000585616 00000 n +0000771332 00000 n +0000012780 00000 n +0000012825 00000 n +0000588231 00000 n +0000771200 00000 n +0000012873 00000 n +0000012915 00000 n +0000588419 00000 n +0000771135 00000 n +0000012966 00000 n +0000013012 00000 n +0000588671 00000 n +0000771003 00000 n +0000013060 00000 n +0000013103 00000 n +0000588986 00000 n +0000770938 00000 n +0000013154 00000 n +0000013200 00000 n +0000589175 00000 n +0000770806 00000 n +0000013248 00000 n +0000013294 00000 n +0000592006 00000 n +0000770741 00000 n +0000013345 00000 n +0000013391 00000 n +0000592258 00000 n +0000770609 00000 n +0000013439 00000 n +0000013485 00000 n +0000592510 00000 n +0000770544 00000 n +0000013536 00000 n +0000013582 00000 n +0000592762 00000 n +0000770412 00000 n +0000013630 00000 n +0000013673 00000 n +0000593649 00000 n +0000770347 00000 n +0000013724 00000 n +0000013770 00000 n +0000597164 00000 n +0000770215 00000 n +0000013818 00000 n +0000013864 00000 n +0000601020 00000 n +0000770150 00000 n +0000013915 00000 n +0000013962 00000 n +0000605602 00000 n +0000770018 00000 n +0000014010 00000 n +0000014058 00000 n +0000605855 00000 n +0000769953 00000 n +0000014109 00000 n +0000014156 00000 n +0000606104 00000 n +0000769874 00000 n +0000014204 00000 n +0000014244 00000 n +0000606357 00000 n +0000769756 00000 n +0000014289 00000 n +0000014351 00000 n +0000610506 00000 n +0000769638 00000 n +0000014399 00000 n +0000014442 00000 n +0000610631 00000 n +0000769559 00000 n +0000014493 00000 n +0000014533 00000 n +0000611457 00000 n +0000769480 00000 n +0000014584 00000 n +0000014624 00000 n +0000614252 00000 n +0000769387 00000 n +0000014672 00000 n +0000014724 00000 n +0000614760 00000 n +0000769294 00000 n +0000014772 00000 n +0000014826 00000 n +0000615265 00000 n +0000769201 00000 n +0000014874 00000 n +0000014933 00000 n +0000616339 00000 n +0000769122 00000 n +0000014981 00000 n +0000015034 00000 n +0000620792 00000 n +0000768989 00000 n +0000015076 00000 n +0000015123 00000 n +0000620918 00000 n +0000768910 00000 n +0000015168 00000 n +0000015199 00000 n +0000625718 00000 n +0000768817 00000 n +0000015244 00000 n +0000015297 00000 n +0000629618 00000 n +0000768724 00000 n +0000015342 00000 n +0000015395 00000 n +0000629997 00000 n +0000768631 00000 n +0000015440 00000 n +0000015476 00000 n +0000630309 00000 n +0000768552 00000 n +0000015521 00000 n +0000015554 00000 n +0000635796 00000 n +0000768419 00000 n +0000015596 00000 n +0000015670 00000 n +0000635921 00000 n +0000768340 00000 n +0000015715 00000 n +0000015747 00000 n +0000646287 00000 n +0000768247 00000 n +0000015792 00000 n +0000015861 00000 n +0000649785 00000 n +0000768154 00000 n +0000015906 00000 n +0000015981 00000 n +0000650797 00000 n +0000768061 00000 n +0000016026 00000 n +0000016077 00000 n +0000655530 00000 n +0000767982 00000 n +0000016122 00000 n +0000016152 00000 n +0000663214 00000 n +0000767849 00000 n +0000016194 00000 n +0000016254 00000 n +0000663340 00000 n +0000767770 00000 n +0000016299 00000 n +0000016331 00000 n +0000673109 00000 n +0000767677 00000 n +0000016376 00000 n +0000016408 00000 n +0000675081 00000 n +0000767598 00000 n +0000016453 00000 n +0000016482 00000 n +0000679871 00000 n +0000767464 00000 n +0000016524 00000 n +0000016590 00000 n +0000679997 00000 n +0000767346 00000 n +0000016635 00000 n +0000016667 00000 n +0000683880 00000 n +0000767281 00000 n +0000016715 00000 n +0000016754 00000 n +0000684576 00000 n +0000767188 00000 n +0000016799 00000 n +0000016838 00000 n +0000687298 00000 n +0000767095 00000 n +0000016883 00000 n +0000016926 00000 n +0000692168 00000 n +0000767002 00000 n +0000016971 00000 n +0000017014 00000 n +0000694313 00000 n +0000766909 00000 n +0000017059 00000 n +0000017112 00000 n +0000696875 00000 n +0000766816 00000 n +0000017157 00000 n +0000017217 00000 n +0000700357 00000 n +0000766723 00000 n +0000017262 00000 n +0000017315 00000 n +0000701683 00000 n +0000766630 00000 n +0000017360 00000 n +0000017411 00000 n +0000704414 00000 n +0000766537 00000 n +0000017456 00000 n +0000017504 00000 n +0000705360 00000 n +0000766444 00000 n +0000017549 00000 n +0000017583 00000 n +0000708843 00000 n +0000766351 00000 n +0000017628 00000 n +0000017667 00000 n +0000732903 00000 n +0000766258 00000 n +0000017712 00000 n +0000017746 00000 n +0000737552 00000 n +0000766179 00000 n +0000017791 00000 n +0000017824 00000 n +0000740700 00000 n +0000766060 00000 n +0000017866 00000 n +0000017921 00000 n +0000741272 00000 n +0000765981 00000 n +0000017966 00000 n +0000017998 00000 n +0000749140 00000 n +0000765888 00000 n +0000018043 00000 n +0000018075 00000 n +0000750657 00000 n +0000765809 00000 n +0000018120 00000 n +0000018151 00000 n +0000018408 00000 n +0000018771 00000 n +0000018203 00000 n +0000018528 00000 n +0000018589 00000 n +0000018650 00000 n +0000000787 00000 f +0000762091 00000 n +0000762187 00000 n +0000019734 00000 n +0000019553 00000 n +0000018843 00000 n +0000019673 00000 n +0000000789 00000 f +0000761998 00000 n +0000000796 00000 f +0000761904 00000 n +0000083925 00000 n +0000068561 00000 n +0000019832 00000 n +0000083804 00000 n +0000069413 00000 n +0000001164 00000 f +0000761812 00000 n +0000069563 00000 n +0000069712 00000 n +0000069869 00000 n +0000070025 00000 n +0000070191 00000 n +0000070356 00000 n +0000070525 00000 n +0000070693 00000 n +0000070858 00000 n +0000071022 00000 n +0000071189 00000 n +0000071355 00000 n +0000071518 00000 n +0000071680 00000 n +0000071845 00000 n +0000072009 00000 n +0000072175 00000 n +0000072340 00000 n +0000072508 00000 n +0000072675 00000 n +0000072838 00000 n +0000073002 00000 n +0000073152 00000 n +0000073301 00000 n +0000073455 00000 n +0000073608 00000 n +0000073758 00000 n +0000073907 00000 n +0000074065 00000 n +0000074222 00000 n +0000074377 00000 n +0000074531 00000 n +0000074698 00000 n +0000074864 00000 n +0000075016 00000 n +0000075167 00000 n +0000075320 00000 n +0000075472 00000 n +0000075634 00000 n +0000075795 00000 n +0000075975 00000 n +0000076155 00000 n +0000076335 00000 n +0000076514 00000 n +0000076685 00000 n +0000076855 00000 n +0000077007 00000 n +0000077158 00000 n +0000077321 00000 n +0000077484 00000 n +0000077635 00000 n +0000077785 00000 n +0000077944 00000 n +0000078102 00000 n +0000078257 00000 n +0000078411 00000 n +0000078575 00000 n +0000078738 00000 n +0000078896 00000 n +0000079053 00000 n +0000079221 00000 n +0000079388 00000 n +0000079555 00000 n +0000079721 00000 n +0000079880 00000 n +0000080038 00000 n +0000080196 00000 n +0000080353 00000 n +0000080504 00000 n +0000080654 00000 n +0000080811 00000 n +0000080967 00000 n +0000081121 00000 n +0000081274 00000 n +0000081430 00000 n +0000081585 00000 n +0000081736 00000 n +0000081886 00000 n +0000082044 00000 n +0000082201 00000 n +0000082361 00000 n +0000082520 00000 n +0000082672 00000 n +0000082823 00000 n +0000082978 00000 n +0000083132 00000 n +0000083295 00000 n +0000083457 00000 n +0000083631 00000 n +0000181085 00000 n +0000183332 00000 n +0000183644 00000 n +0000187500 00000 n +0000188891 00000 n +0000193246 00000 n +0000206473 00000 n +0000210436 00000 n +0000215708 00000 n +0000219694 00000 n +0000220896 00000 n +0000224334 00000 n +0000235855 00000 n +0000245299 00000 n +0000245424 00000 n +0000246882 00000 n +0000247451 00000 n +0000252882 00000 n +0000258054 00000 n +0000258433 00000 n +0000260761 00000 n +0000264969 00000 n +0000265345 00000 n +0000265851 00000 n +0000273294 00000 n +0000273674 00000 n +0000281738 00000 n +0000287423 00000 n +0000293888 00000 n +0000309132 00000 n +0000318301 00000 n +0000319439 00000 n +0000322253 00000 n +0000323522 00000 n +0000337909 00000 n +0000341362 00000 n +0000342311 00000 n +0000355092 00000 n +0000356418 00000 n +0000361562 00000 n +0000363214 00000 n +0000367482 00000 n +0000402907 00000 n +0000405975 00000 n +0000410367 00000 n +0000139585 00000 n +0000125827 00000 n +0000084036 00000 n +0000139524 00000 n +0000126633 00000 n +0000126790 00000 n +0000126946 00000 n +0000127098 00000 n +0000127249 00000 n +0000127403 00000 n +0000127556 00000 n +0000127707 00000 n +0000127857 00000 n +0000128012 00000 n +0000128166 00000 n +0000128319 00000 n +0000128471 00000 n +0000128622 00000 n +0000128772 00000 n +0000128935 00000 n +0000129097 00000 n +0000129246 00000 n +0000129394 00000 n +0000129546 00000 n +0000129697 00000 n +0000129850 00000 n +0000130002 00000 n +0000130153 00000 n +0000130303 00000 n +0000130478 00000 n +0000130652 00000 n +0000130833 00000 n +0000131013 00000 n +0000131171 00000 n +0000131329 00000 n +0000131476 00000 n +0000131623 00000 n +0000131793 00000 n +0000131962 00000 n +0000132113 00000 n +0000132263 00000 n +0000132414 00000 n +0000132564 00000 n +0000132722 00000 n +0000132879 00000 n +0000133027 00000 n +0000133174 00000 n +0000133335 00000 n +0000133495 00000 n +0000133665 00000 n +0000133834 00000 n +0000133985 00000 n +0000134135 00000 n +0000134283 00000 n +0000134430 00000 n +0000134597 00000 n +0000134763 00000 n +0000134933 00000 n +0000135102 00000 n +0000135259 00000 n +0000135415 00000 n +0000135572 00000 n +0000135728 00000 n +0000135884 00000 n +0000136039 00000 n +0000136205 00000 n +0000136370 00000 n +0000136537 00000 n +0000136703 00000 n +0000136858 00000 n +0000137013 00000 n +0000137168 00000 n +0000137322 00000 n +0000137483 00000 n +0000137643 00000 n +0000137803 00000 n +0000137962 00000 n +0000138122 00000 n +0000138281 00000 n +0000138433 00000 n +0000138584 00000 n +0000138745 00000 n +0000138905 00000 n +0000139063 00000 n +0000139221 00000 n +0000139373 00000 n +0000413503 00000 n +0000414070 00000 n +0000425179 00000 n +0000436689 00000 n +0000439005 00000 n +0000441196 00000 n +0000443588 00000 n +0000444280 00000 n +0000450179 00000 n +0000451195 00000 n +0000455319 00000 n +0000460716 00000 n +0000466948 00000 n +0000469428 00000 n +0000479277 00000 n +0000480164 00000 n +0000482376 00000 n +0000488493 00000 n +0000497159 00000 n +0000498298 00000 n +0000502737 00000 n +0000506296 00000 n +0000506612 00000 n +0000513119 00000 n +0000513371 00000 n +0000513624 00000 n +0000514510 00000 n +0000527621 00000 n +0000535758 00000 n +0000540491 00000 n +0000540808 00000 n +0000556859 00000 n +0000561388 00000 n +0000561514 00000 n +0000606294 00000 n +0000620729 00000 n +0000620855 00000 n +0000623328 00000 n +0000629555 00000 n +0000629934 00000 n +0000630246 00000 n +0000179964 00000 n +0000170166 00000 n +0000139683 00000 n +0000179901 00000 n +0000170805 00000 n +0000170970 00000 n +0000171134 00000 n +0000171306 00000 n +0000171478 00000 n +0000171642 00000 n +0000171805 00000 n +0000171969 00000 n +0000172132 00000 n +0000172303 00000 n +0000172473 00000 n +0000172623 00000 n +0000172772 00000 n +0000172930 00000 n +0000173087 00000 n +0000173253 00000 n +0000173418 00000 n +0000173583 00000 n +0000173747 00000 n +0000173910 00000 n +0000174072 00000 n +0000174240 00000 n +0000174407 00000 n +0000174563 00000 n +0000174718 00000 n +0000174878 00000 n +0000175037 00000 n +0000175201 00000 n +0000175364 00000 n +0000175527 00000 n +0000175690 00000 n +0000175863 00000 n +0000176035 00000 n +0000176215 00000 n +0000176394 00000 n +0000176563 00000 n +0000176731 00000 n +0000176892 00000 n +0000177052 00000 n +0000177215 00000 n +0000177378 00000 n +0000177531 00000 n +0000177683 00000 n +0000177842 00000 n +0000178000 00000 n +0000178154 00000 n +0000178307 00000 n +0000178470 00000 n +0000178632 00000 n +0000178793 00000 n +0000178953 00000 n +0000179111 00000 n +0000179269 00000 n +0000179427 00000 n +0000179584 00000 n +0000179743 00000 n +0000635733 00000 n +0000635858 00000 n +0000646224 00000 n +0000647487 00000 n +0000650734 00000 n +0000655467 00000 n +0000663151 00000 n +0000663277 00000 n +0000673046 00000 n +0000675018 00000 n +0000679808 00000 n +0000679934 00000 n +0000684513 00000 n +0000685973 00000 n +0000687236 00000 n +0000694251 00000 n +0000696812 00000 n +0000700294 00000 n +0000701620 00000 n +0000704351 00000 n +0000705297 00000 n +0000708780 00000 n +0000732840 00000 n +0000737489 00000 n +0000740637 00000 n +0000741209 00000 n +0000744743 00000 n +0000750594 00000 n +0000181776 00000 n +0000180962 00000 n +0000180063 00000 n +0000181208 00000 n +0000181271 00000 n +0000181334 00000 n +0000181398 00000 n +0000181461 00000 n +0000181523 00000 n +0000181585 00000 n +0000181648 00000 n +0000181712 00000 n +0000185481 00000 n +0000182860 00000 n +0000181875 00000 n +0000183456 00000 n +0000183519 00000 n +0000001172 00000 f +0000761720 00000 n +0000183014 00000 n +0000183581 00000 n +0000183182 00000 n +0000183768 00000 n +0000183831 00000 n +0000183894 00000 n +0000001175 00000 f +0000761630 00000 n +0000183958 00000 n +0000001284 00000 f +0000761535 00000 n +0000184022 00000 n +0000184085 00000 n +0000184148 00000 n +0000184212 00000 n +0000184276 00000 n +0000184340 00000 n +0000184404 00000 n +0000184468 00000 n +0000184532 00000 n +0000184596 00000 n +0000184660 00000 n +0000184723 00000 n +0000184786 00000 n +0000184850 00000 n +0000184914 00000 n +0000184977 00000 n +0000185039 00000 n +0000185102 00000 n +0000185165 00000 n +0000185228 00000 n +0000185291 00000 n +0000185355 00000 n +0000185419 00000 n +0000762307 00000 n +0000188953 00000 n +0000186804 00000 n +0000185622 00000 n +0000186928 00000 n +0000186992 00000 n +0000187055 00000 n +0000187118 00000 n +0000187182 00000 n +0000187246 00000 n +0000187309 00000 n +0000187372 00000 n +0000187436 00000 n +0000187622 00000 n +0000187685 00000 n +0000187748 00000 n +0000187811 00000 n +0000187874 00000 n +0000187938 00000 n +0000188002 00000 n +0000188066 00000 n +0000188130 00000 n +0000188193 00000 n +0000188255 00000 n +0000188319 00000 n +0000188383 00000 n +0000188447 00000 n +0000188511 00000 n +0000188573 00000 n +0000188637 00000 n +0000188700 00000 n +0000188763 00000 n +0000188827 00000 n +0000193558 00000 n +0000190776 00000 n +0000189080 00000 n +0000190962 00000 n +0000191025 00000 n +0000191089 00000 n +0000191152 00000 n +0000191215 00000 n +0000191279 00000 n +0000191343 00000 n +0000191406 00000 n +0000191470 00000 n +0000191533 00000 n +0000191597 00000 n +0000191660 00000 n +0000191724 00000 n +0000191787 00000 n +0000191850 00000 n +0000191914 00000 n +0000191977 00000 n +0000192041 00000 n +0000192104 00000 n +0000192168 00000 n +0000192232 00000 n +0000192295 00000 n +0000192358 00000 n +0000192421 00000 n +0000192485 00000 n +0000192548 00000 n +0000192612 00000 n +0000192675 00000 n +0000192738 00000 n +0000192801 00000 n +0000192865 00000 n +0000192928 00000 n +0000192992 00000 n +0000193056 00000 n +0000193119 00000 n +0000193182 00000 n +0000193370 00000 n +0000193433 00000 n +0000193495 00000 n +0000198920 00000 n +0000195721 00000 n +0000193698 00000 n +0000196512 00000 n +0000196576 00000 n +0000196640 00000 n +0000196703 00000 n +0000196766 00000 n +0000196830 00000 n +0000001334 00000 f +0000761435 00000 n +0000195893 00000 n +0000196894 00000 n +0000196957 00000 n +0000197021 00000 n +0000197085 00000 n +0000196043 00000 n +0000197149 00000 n +0000197212 00000 n +0000197276 00000 n +0000196197 00000 n +0000197340 00000 n +0000197402 00000 n +0000197466 00000 n +0000197529 00000 n +0000197592 00000 n +0000197656 00000 n +0000197719 00000 n +0000196362 00000 n +0000197782 00000 n +0000197846 00000 n +0000197910 00000 n +0000197974 00000 n +0000198037 00000 n +0000198101 00000 n +0000198164 00000 n +0000198227 00000 n +0000198291 00000 n +0000198354 00000 n +0000198418 00000 n +0000198481 00000 n +0000198544 00000 n +0000198608 00000 n +0000198733 00000 n +0000198796 00000 n +0000198858 00000 n +0000224775 00000 n +0000207167 00000 n +0000201445 00000 n +0000199088 00000 n +0000203742 00000 n +0000203805 00000 n +0000201698 00000 n +0000203869 00000 n +0000203933 00000 n +0000203996 00000 n +0000201851 00000 n +0000204059 00000 n +0000204123 00000 n +0000001580 00000 f +0000761333 00000 n +0000204187 00000 n +0000204250 00000 n +0000202006 00000 n +0000204314 00000 n +0000204378 00000 n +0000204442 00000 n +0000204505 00000 n +0000202160 00000 n +0000204569 00000 n +0000204633 00000 n +0000204696 00000 n +0000202312 00000 n +0000204760 00000 n +0000204824 00000 n +0000204887 00000 n +0000202467 00000 n +0000204951 00000 n +0000205015 00000 n +0000205078 00000 n +0000202622 00000 n +0000205142 00000 n +0000205206 00000 n +0000205270 00000 n +0000205333 00000 n +0000202778 00000 n +0000205397 00000 n +0000205461 00000 n +0000205524 00000 n +0000202938 00000 n +0000205587 00000 n +0000205649 00000 n +0000203096 00000 n +0000205713 00000 n +0000205777 00000 n +0000205840 00000 n +0000203254 00000 n +0000205904 00000 n +0000205967 00000 n +0000206030 00000 n +0000206092 00000 n +0000206155 00000 n +0000206217 00000 n +0000206281 00000 n +0000206345 00000 n +0000203411 00000 n +0000206409 00000 n +0000203561 00000 n +0000206596 00000 n +0000206659 00000 n +0000206723 00000 n +0000206786 00000 n +0000206849 00000 n +0000206913 00000 n +0000206976 00000 n +0000207039 00000 n +0000207103 00000 n +0000211890 00000 n +0000209056 00000 n +0000207321 00000 n +0000209362 00000 n +0000209425 00000 n +0000209488 00000 n +0000209552 00000 n +0000209616 00000 n +0000209679 00000 n +0000209742 00000 n +0000209806 00000 n +0000209201 00000 n +0000209869 00000 n +0000209932 00000 n +0000209995 00000 n +0000210058 00000 n +0000210122 00000 n +0000210185 00000 n +0000210248 00000 n +0000210311 00000 n +0000210374 00000 n +0000210560 00000 n +0000210623 00000 n +0000210686 00000 n +0000210749 00000 n +0000210813 00000 n +0000210876 00000 n +0000210939 00000 n +0000211003 00000 n +0000211067 00000 n +0000211130 00000 n +0000211194 00000 n +0000211257 00000 n +0000211321 00000 n +0000211385 00000 n +0000211448 00000 n +0000211511 00000 n +0000211575 00000 n +0000211700 00000 n +0000211763 00000 n +0000211826 00000 n +0000216594 00000 n +0000213560 00000 n +0000212030 00000 n +0000213684 00000 n +0000213747 00000 n +0000213810 00000 n +0000213873 00000 n +0000213936 00000 n +0000214000 00000 n +0000214063 00000 n +0000214127 00000 n +0000214190 00000 n +0000214253 00000 n +0000214317 00000 n +0000214380 00000 n +0000214443 00000 n +0000214506 00000 n +0000214570 00000 n +0000214632 00000 n +0000214695 00000 n +0000214758 00000 n +0000214822 00000 n +0000214885 00000 n +0000214949 00000 n +0000215012 00000 n +0000215075 00000 n +0000215139 00000 n +0000215202 00000 n +0000215265 00000 n +0000215327 00000 n +0000215391 00000 n +0000215454 00000 n +0000215517 00000 n +0000215581 00000 n +0000215644 00000 n +0000215832 00000 n +0000215895 00000 n +0000215958 00000 n +0000216022 00000 n +0000216086 00000 n +0000216149 00000 n +0000216213 00000 n +0000216276 00000 n +0000216340 00000 n +0000216404 00000 n +0000216467 00000 n +0000216531 00000 n +0000762432 00000 n +0000221464 00000 n +0000218653 00000 n +0000216748 00000 n +0000219126 00000 n +0000219189 00000 n +0000219253 00000 n +0000218807 00000 n +0000219317 00000 n +0000219379 00000 n +0000219441 00000 n +0000219505 00000 n +0000218959 00000 n +0000219568 00000 n +0000219630 00000 n +0000219818 00000 n +0000219881 00000 n +0000219944 00000 n +0000220007 00000 n +0000220070 00000 n +0000220134 00000 n +0000220197 00000 n +0000220261 00000 n +0000220324 00000 n +0000220388 00000 n +0000220452 00000 n +0000220516 00000 n +0000220579 00000 n +0000220642 00000 n +0000220705 00000 n +0000220768 00000 n +0000220832 00000 n +0000221020 00000 n +0000221083 00000 n +0000221147 00000 n +0000221210 00000 n +0000221273 00000 n +0000221337 00000 n +0000221400 00000 n +0000227753 00000 n +0000223967 00000 n +0000221632 00000 n +0000224271 00000 n +0000224458 00000 n +0000224521 00000 n +0000224583 00000 n +0000224647 00000 n +0000224711 00000 n +0000224899 00000 n +0000224961 00000 n +0000225024 00000 n +0000225088 00000 n +0000225152 00000 n +0000225216 00000 n +0000224112 00000 n +0000225279 00000 n +0000225342 00000 n +0000225405 00000 n +0000225469 00000 n +0000225532 00000 n +0000225596 00000 n +0000225660 00000 n +0000225723 00000 n +0000225786 00000 n +0000225850 00000 n +0000225914 00000 n +0000225977 00000 n +0000226040 00000 n +0000226104 00000 n +0000226168 00000 n +0000226231 00000 n +0000226295 00000 n +0000226420 00000 n +0000226483 00000 n +0000226546 00000 n +0000226610 00000 n +0000226673 00000 n +0000226736 00000 n +0000226800 00000 n +0000226864 00000 n +0000226928 00000 n +0000226992 00000 n +0000227056 00000 n +0000227119 00000 n +0000227181 00000 n +0000227245 00000 n +0000227309 00000 n +0000227373 00000 n +0000227436 00000 n +0000227500 00000 n +0000227564 00000 n +0000227627 00000 n +0000227690 00000 n +0000232791 00000 n +0000230264 00000 n +0000227935 00000 n +0000230388 00000 n +0000230451 00000 n +0000230513 00000 n +0000230576 00000 n +0000000000 00000 f +0000761235 00000 n +0000230640 00000 n +0000230704 00000 n +0000230767 00000 n +0000230830 00000 n +0000230894 00000 n +0000230957 00000 n +0000231021 00000 n +0000231085 00000 n +0000231148 00000 n +0000231212 00000 n +0000231276 00000 n +0000231339 00000 n +0000231403 00000 n +0000231467 00000 n +0000231530 00000 n +0000231594 00000 n +0000231658 00000 n +0000231721 00000 n +0000231785 00000 n +0000231849 00000 n +0000231912 00000 n +0000231976 00000 n +0000232040 00000 n +0000232165 00000 n +0000232290 00000 n +0000232353 00000 n +0000232416 00000 n +0000232479 00000 n +0000232604 00000 n +0000232666 00000 n +0000232729 00000 n +0000236357 00000 n +0000234854 00000 n +0000232931 00000 n +0000234978 00000 n +0000235041 00000 n +0000235104 00000 n +0000235229 00000 n +0000235353 00000 n +0000235416 00000 n +0000235479 00000 n +0000235542 00000 n +0000235667 00000 n +0000235729 00000 n +0000235792 00000 n +0000235979 00000 n +0000236042 00000 n +0000236105 00000 n +0000236168 00000 n +0000236231 00000 n +0000236294 00000 n +0000759180 00000 n +0000757158 00000 n +0000759016 00000 n +0000242137 00000 n +0000238847 00000 n +0000236498 00000 n +0000238971 00000 n +0000239034 00000 n +0000239097 00000 n +0000239160 00000 n +0000239223 00000 n +0000239286 00000 n +0000756915 00000 n +0000754896 00000 n +0000756751 00000 n +0000239350 00000 n +0000239413 00000 n +0000239476 00000 n +0000239539 00000 n +0000239602 00000 n +0000239665 00000 n +0000239729 00000 n +0000239793 00000 n +0000239856 00000 n +0000239920 00000 n +0000239984 00000 n +0000240047 00000 n +0000240110 00000 n +0000240173 00000 n +0000240236 00000 n +0000240300 00000 n +0000240364 00000 n +0000240427 00000 n +0000240491 00000 n +0000240555 00000 n +0000240618 00000 n +0000240682 00000 n +0000240746 00000 n +0000240809 00000 n +0000240873 00000 n +0000240937 00000 n +0000240999 00000 n +0000241062 00000 n +0000241125 00000 n +0000241187 00000 n +0000241250 00000 n +0000241313 00000 n +0000241377 00000 n +0000241440 00000 n +0000241503 00000 n +0000241567 00000 n +0000241630 00000 n +0000241693 00000 n +0000241756 00000 n +0000241820 00000 n +0000241883 00000 n +0000241946 00000 n +0000242009 00000 n +0000242073 00000 n +0000243195 00000 n +0000242881 00000 n +0000242306 00000 n +0000243005 00000 n +0000243068 00000 n +0000243131 00000 n +0000762557 00000 n +0000247639 00000 n +0000245112 00000 n +0000243295 00000 n +0000245236 00000 n +0000245549 00000 n +0000245612 00000 n +0000245675 00000 n +0000245737 00000 n +0000245800 00000 n +0000245864 00000 n +0000245928 00000 n +0000245991 00000 n +0000246055 00000 n +0000246119 00000 n +0000246182 00000 n +0000246246 00000 n +0000246310 00000 n +0000246374 00000 n +0000246438 00000 n +0000246502 00000 n +0000246565 00000 n +0000246628 00000 n +0000246691 00000 n +0000246755 00000 n +0000246818 00000 n +0000247006 00000 n +0000247069 00000 n +0000247132 00000 n +0000247196 00000 n +0000247260 00000 n +0000247323 00000 n +0000247387 00000 n +0000247576 00000 n +0000253133 00000 n +0000249848 00000 n +0000247751 00000 n +0000249972 00000 n +0000250035 00000 n +0000250098 00000 n +0000250161 00000 n +0000250224 00000 n +0000250288 00000 n +0000250351 00000 n +0000250415 00000 n +0000250478 00000 n +0000250542 00000 n +0000250605 00000 n +0000250669 00000 n +0000250733 00000 n +0000250797 00000 n +0000250858 00000 n +0000250919 00000 n +0000250982 00000 n +0000251046 00000 n +0000251110 00000 n +0000251174 00000 n +0000251237 00000 n +0000251300 00000 n +0000251363 00000 n +0000251426 00000 n +0000251489 00000 n +0000251553 00000 n +0000251617 00000 n +0000251680 00000 n +0000251744 00000 n +0000251808 00000 n +0000251871 00000 n +0000251934 00000 n +0000251997 00000 n +0000252060 00000 n +0000252124 00000 n +0000252188 00000 n +0000252251 00000 n +0000252314 00000 n +0000252378 00000 n +0000252438 00000 n +0000252501 00000 n +0000252565 00000 n +0000252629 00000 n +0000252693 00000 n +0000252756 00000 n +0000252819 00000 n +0000253007 00000 n +0000253070 00000 n +0000258937 00000 n +0000255597 00000 n +0000253232 00000 n +0000255895 00000 n +0000255958 00000 n +0000256021 00000 n +0000256085 00000 n +0000256149 00000 n +0000256211 00000 n +0000256274 00000 n +0000256337 00000 n +0000256400 00000 n +0000256464 00000 n +0000256528 00000 n +0000256590 00000 n +0000256654 00000 n +0000256718 00000 n +0000256782 00000 n +0000256846 00000 n +0000256909 00000 n +0000256973 00000 n +0000257037 00000 n +0000257100 00000 n +0000257164 00000 n +0000257228 00000 n +0000257292 00000 n +0000257355 00000 n +0000257418 00000 n +0000257481 00000 n +0000257544 00000 n +0000257608 00000 n +0000257672 00000 n +0000257735 00000 n +0000257799 00000 n +0000255742 00000 n +0000257863 00000 n +0000257926 00000 n +0000257990 00000 n +0000258179 00000 n +0000258242 00000 n +0000258305 00000 n +0000258369 00000 n +0000258558 00000 n +0000258620 00000 n +0000258682 00000 n +0000258746 00000 n +0000258810 00000 n +0000258874 00000 n +0000310396 00000 n +0000261140 00000 n +0000260276 00000 n +0000259063 00000 n +0000260572 00000 n +0000260635 00000 n +0000260698 00000 n +0000260886 00000 n +0000260949 00000 n +0000260421 00000 n +0000261013 00000 n +0000261077 00000 n +0000388407 00000 n +0000265913 00000 n +0000263315 00000 n +0000261266 00000 n +0000263954 00000 n +0000264017 00000 n +0000264080 00000 n +0000264144 00000 n +0000264208 00000 n +0000264271 00000 n +0000264333 00000 n +0000264397 00000 n +0000264460 00000 n +0000264524 00000 n +0000264587 00000 n +0000264651 00000 n +0000264714 00000 n +0000264778 00000 n +0000264842 00000 n +0000264905 00000 n +0000265093 00000 n +0000265155 00000 n +0000263478 00000 n +0000265218 00000 n +0000265281 00000 n +0000265469 00000 n +0000263629 00000 n +0000265532 00000 n +0000265596 00000 n +0000265660 00000 n +0000263787 00000 n +0000265723 00000 n +0000265787 00000 n +0000367670 00000 n +0000270737 00000 n +0000267695 00000 n +0000266025 00000 n +0000267819 00000 n +0000267944 00000 n +0000268007 00000 n +0000268071 00000 n +0000268134 00000 n +0000268198 00000 n +0000268262 00000 n +0000268325 00000 n +0000268388 00000 n +0000268451 00000 n +0000268514 00000 n +0000268577 00000 n +0000268641 00000 n +0000268704 00000 n +0000268768 00000 n +0000268831 00000 n +0000268895 00000 n +0000268958 00000 n +0000269021 00000 n +0000269084 00000 n +0000269147 00000 n +0000269210 00000 n +0000269274 00000 n +0000269338 00000 n +0000269401 00000 n +0000269465 00000 n +0000269529 00000 n +0000269592 00000 n +0000269656 00000 n +0000269719 00000 n +0000269783 00000 n +0000269846 00000 n +0000269910 00000 n +0000269973 00000 n +0000270037 00000 n +0000270101 00000 n +0000270165 00000 n +0000270228 00000 n +0000270292 00000 n +0000270356 00000 n +0000270420 00000 n +0000270483 00000 n +0000270547 00000 n +0000270609 00000 n +0000270673 00000 n +0000762682 00000 n +0000275446 00000 n +0000272931 00000 n +0000270863 00000 n +0000273231 00000 n +0000273419 00000 n +0000273482 00000 n +0000273546 00000 n +0000273610 00000 n +0000273076 00000 n +0000273798 00000 n +0000273861 00000 n +0000273924 00000 n +0000273988 00000 n +0000274052 00000 n +0000274116 00000 n +0000274180 00000 n +0000274306 00000 n +0000274369 00000 n +0000274433 00000 n +0000274496 00000 n +0000274559 00000 n +0000274621 00000 n +0000274685 00000 n +0000274749 00000 n +0000274812 00000 n +0000274875 00000 n +0000274937 00000 n +0000275001 00000 n +0000275065 00000 n +0000275129 00000 n +0000275192 00000 n +0000275256 00000 n +0000275319 00000 n +0000275383 00000 n +0000278857 00000 n +0000277063 00000 n +0000275559 00000 n +0000277528 00000 n +0000277591 00000 n +0000277655 00000 n +0000277718 00000 n +0000277782 00000 n +0000277845 00000 n +0000277909 00000 n +0000277973 00000 n +0000277217 00000 n +0000278035 00000 n +0000278099 00000 n +0000278163 00000 n +0000278226 00000 n +0000278289 00000 n +0000278415 00000 n +0000278478 00000 n +0000278541 00000 n +0000277374 00000 n +0000278605 00000 n +0000278668 00000 n +0000278731 00000 n +0000278794 00000 n +0000283133 00000 n +0000281238 00000 n +0000278970 00000 n +0000281362 00000 n +0000281425 00000 n +0000281488 00000 n +0000281550 00000 n +0000281612 00000 n +0000281675 00000 n +0000281863 00000 n +0000281926 00000 n +0000281989 00000 n +0000282052 00000 n +0000282115 00000 n +0000282178 00000 n +0000282242 00000 n +0000282306 00000 n +0000282370 00000 n +0000282433 00000 n +0000282497 00000 n +0000282561 00000 n +0000282624 00000 n +0000282688 00000 n +0000282752 00000 n +0000282816 00000 n +0000282880 00000 n +0000282943 00000 n +0000283007 00000 n +0000283071 00000 n +0000288876 00000 n +0000285531 00000 n +0000283246 00000 n +0000286154 00000 n +0000286217 00000 n +0000286279 00000 n +0000286343 00000 n +0000286407 00000 n +0000286470 00000 n +0000286533 00000 n +0000286597 00000 n +0000286661 00000 n +0000286725 00000 n +0000286788 00000 n +0000286852 00000 n +0000286916 00000 n +0000286980 00000 n +0000287042 00000 n +0000287106 00000 n +0000287170 00000 n +0000287234 00000 n +0000287297 00000 n +0000287360 00000 n +0000287547 00000 n +0000287609 00000 n +0000285694 00000 n +0000287673 00000 n +0000285851 00000 n +0000287737 00000 n +0000287800 00000 n +0000287864 00000 n +0000287928 00000 n +0000286003 00000 n +0000287992 00000 n +0000288055 00000 n +0000288118 00000 n +0000288180 00000 n +0000288243 00000 n +0000288306 00000 n +0000288369 00000 n +0000288433 00000 n +0000288496 00000 n +0000288559 00000 n +0000288622 00000 n +0000288686 00000 n +0000288749 00000 n +0000288813 00000 n +0000292160 00000 n +0000290833 00000 n +0000289003 00000 n +0000290957 00000 n +0000291020 00000 n +0000291084 00000 n +0000291147 00000 n +0000291210 00000 n +0000291273 00000 n +0000291336 00000 n +0000291399 00000 n +0000291462 00000 n +0000291525 00000 n +0000291589 00000 n +0000291653 00000 n +0000291716 00000 n +0000291779 00000 n +0000291843 00000 n +0000291907 00000 n +0000291971 00000 n +0000292034 00000 n +0000292097 00000 n +0000295533 00000 n +0000293639 00000 n +0000292328 00000 n +0000293763 00000 n +0000293826 00000 n +0000294013 00000 n +0000294076 00000 n +0000294140 00000 n +0000294203 00000 n +0000294266 00000 n +0000294330 00000 n +0000294394 00000 n +0000294457 00000 n +0000294520 00000 n +0000294583 00000 n +0000294646 00000 n +0000294709 00000 n +0000294772 00000 n +0000294835 00000 n +0000294899 00000 n +0000294963 00000 n +0000295027 00000 n +0000295089 00000 n +0000295152 00000 n +0000295215 00000 n +0000295279 00000 n +0000295343 00000 n +0000295407 00000 n +0000295469 00000 n +0000762807 00000 n +0000299501 00000 n +0000297223 00000 n +0000295687 00000 n +0000297347 00000 n +0000297410 00000 n +0000297472 00000 n +0000297535 00000 n +0000297599 00000 n +0000297663 00000 n +0000297727 00000 n +0000297790 00000 n +0000297853 00000 n +0000297915 00000 n +0000297979 00000 n +0000298043 00000 n +0000298107 00000 n +0000298170 00000 n +0000298233 00000 n +0000298296 00000 n +0000298360 00000 n +0000298424 00000 n +0000298487 00000 n +0000298550 00000 n +0000298614 00000 n +0000298676 00000 n +0000298739 00000 n +0000298803 00000 n +0000298867 00000 n +0000298931 00000 n +0000298994 00000 n +0000299058 00000 n +0000299121 00000 n +0000299184 00000 n +0000299248 00000 n +0000299312 00000 n +0000299376 00000 n +0000299437 00000 n +0000302144 00000 n +0000300944 00000 n +0000299614 00000 n +0000301068 00000 n +0000301131 00000 n +0000301194 00000 n +0000301257 00000 n +0000301321 00000 n +0000301385 00000 n +0000301449 00000 n +0000301512 00000 n +0000301574 00000 n +0000301638 00000 n +0000301702 00000 n +0000301766 00000 n +0000301829 00000 n +0000301892 00000 n +0000301955 00000 n +0000302018 00000 n +0000302081 00000 n +0000306298 00000 n +0000304254 00000 n +0000302271 00000 n +0000304720 00000 n +0000304846 00000 n +0000304909 00000 n +0000304973 00000 n +0000305037 00000 n +0000305100 00000 n +0000305163 00000 n +0000305226 00000 n +0000304408 00000 n +0000305289 00000 n +0000305353 00000 n +0000304568 00000 n +0000305416 00000 n +0000305478 00000 n +0000305541 00000 n +0000305604 00000 n +0000305667 00000 n +0000305729 00000 n +0000305792 00000 n +0000305855 00000 n +0000305919 00000 n +0000305982 00000 n +0000306045 00000 n +0000306109 00000 n +0000306172 00000 n +0000306235 00000 n +0000311094 00000 n +0000308318 00000 n +0000306453 00000 n +0000308941 00000 n +0000309004 00000 n +0000308481 00000 n +0000309068 00000 n +0000308633 00000 n +0000309257 00000 n +0000309320 00000 n +0000309383 00000 n +0000309446 00000 n +0000309509 00000 n +0000309573 00000 n +0000309637 00000 n +0000309701 00000 n +0000309764 00000 n +0000309828 00000 n +0000309891 00000 n +0000309955 00000 n +0000310018 00000 n +0000310081 00000 n +0000310144 00000 n +0000310207 00000 n +0000310270 00000 n +0000310333 00000 n +0000310521 00000 n +0000310584 00000 n +0000310648 00000 n +0000310712 00000 n +0000310776 00000 n +0000310840 00000 n +0000310903 00000 n +0000308784 00000 n +0000310966 00000 n +0000311030 00000 n +0000315838 00000 n +0000313640 00000 n +0000311248 00000 n +0000313939 00000 n +0000314002 00000 n +0000314065 00000 n +0000314129 00000 n +0000314193 00000 n +0000314256 00000 n +0000314320 00000 n +0000314384 00000 n +0000313785 00000 n +0000314447 00000 n +0000314510 00000 n +0000314573 00000 n +0000314636 00000 n +0000314699 00000 n +0000314761 00000 n +0000314825 00000 n +0000314888 00000 n +0000314951 00000 n +0000315014 00000 n +0000315077 00000 n +0000315140 00000 n +0000315204 00000 n +0000315267 00000 n +0000315330 00000 n +0000315394 00000 n +0000315457 00000 n +0000315521 00000 n +0000315584 00000 n +0000315648 00000 n +0000315712 00000 n +0000315776 00000 n +0000319501 00000 n +0000317653 00000 n +0000316006 00000 n +0000318110 00000 n +0000318173 00000 n +0000317807 00000 n +0000318237 00000 n +0000317959 00000 n +0000318426 00000 n +0000318489 00000 n +0000318552 00000 n +0000318615 00000 n +0000318678 00000 n +0000318742 00000 n +0000318806 00000 n +0000318870 00000 n +0000318933 00000 n +0000318996 00000 n +0000319059 00000 n +0000319185 00000 n +0000319248 00000 n +0000319312 00000 n +0000319376 00000 n +0000762932 00000 n +0000324277 00000 n +0000321643 00000 n +0000319641 00000 n +0000321939 00000 n +0000322002 00000 n +0000322127 00000 n +0000322190 00000 n +0000321788 00000 n +0000322377 00000 n +0000322439 00000 n +0000322503 00000 n +0000322567 00000 n +0000322630 00000 n +0000322693 00000 n +0000322757 00000 n +0000322820 00000 n +0000322884 00000 n +0000322948 00000 n +0000323012 00000 n +0000323076 00000 n +0000323139 00000 n +0000323202 00000 n +0000323266 00000 n +0000323330 00000 n +0000323394 00000 n +0000323458 00000 n +0000323647 00000 n +0000323710 00000 n +0000323773 00000 n +0000323836 00000 n +0000323899 00000 n +0000323963 00000 n +0000324026 00000 n +0000324088 00000 n +0000324151 00000 n +0000324214 00000 n +0000328970 00000 n +0000325815 00000 n +0000324445 00000 n +0000325939 00000 n +0000326002 00000 n +0000326064 00000 n +0000326127 00000 n +0000326191 00000 n +0000326255 00000 n +0000326319 00000 n +0000326382 00000 n +0000326445 00000 n +0000326508 00000 n +0000326572 00000 n +0000326636 00000 n +0000326700 00000 n +0000326763 00000 n +0000326826 00000 n +0000326889 00000 n +0000326952 00000 n +0000327015 00000 n +0000327078 00000 n +0000327141 00000 n +0000327204 00000 n +0000327267 00000 n +0000327330 00000 n +0000327393 00000 n +0000327456 00000 n +0000327519 00000 n +0000327582 00000 n +0000327645 00000 n +0000327709 00000 n +0000327773 00000 n +0000327837 00000 n +0000327900 00000 n +0000328024 00000 n +0000328087 00000 n +0000328150 00000 n +0000328213 00000 n +0000328275 00000 n +0000328337 00000 n +0000328400 00000 n +0000328464 00000 n +0000754652 00000 n +0000752638 00000 n +0000754487 00000 n +0000328528 00000 n +0000328591 00000 n +0000328655 00000 n +0000328719 00000 n +0000328782 00000 n +0000328845 00000 n +0000328908 00000 n +0000332227 00000 n +0000330836 00000 n +0000329110 00000 n +0000330960 00000 n +0000331023 00000 n +0000331087 00000 n +0000331213 00000 n +0000331276 00000 n +0000331339 00000 n +0000331403 00000 n +0000331467 00000 n +0000331531 00000 n +0000331595 00000 n +0000331658 00000 n +0000331722 00000 n +0000331786 00000 n +0000331849 00000 n +0000331912 00000 n +0000331975 00000 n +0000332039 00000 n +0000332102 00000 n +0000332165 00000 n +0000335566 00000 n +0000334047 00000 n +0000332437 00000 n +0000334171 00000 n +0000334234 00000 n +0000334297 00000 n +0000334361 00000 n +0000334424 00000 n +0000334488 00000 n +0000334614 00000 n +0000334677 00000 n +0000334740 00000 n +0000334803 00000 n +0000334867 00000 n +0000334931 00000 n +0000334995 00000 n +0000335059 00000 n +0000335122 00000 n +0000335185 00000 n +0000335248 00000 n +0000335312 00000 n +0000335376 00000 n +0000335439 00000 n +0000335502 00000 n +0000338606 00000 n +0000337280 00000 n +0000335734 00000 n +0000337404 00000 n +0000337467 00000 n +0000337529 00000 n +0000337592 00000 n +0000337655 00000 n +0000337718 00000 n +0000337782 00000 n +0000337845 00000 n +0000338033 00000 n +0000338096 00000 n +0000338160 00000 n +0000338224 00000 n +0000338288 00000 n +0000338351 00000 n +0000338415 00000 n +0000338479 00000 n +0000338543 00000 n +0000342688 00000 n +0000340731 00000 n +0000338746 00000 n +0000340855 00000 n +0000340918 00000 n +0000340981 00000 n +0000341045 00000 n +0000341108 00000 n +0000341172 00000 n +0000341235 00000 n +0000341298 00000 n +0000341487 00000 n +0000341550 00000 n +0000341613 00000 n +0000341677 00000 n +0000341739 00000 n +0000341802 00000 n +0000341865 00000 n +0000341928 00000 n +0000341992 00000 n +0000342056 00000 n +0000342119 00000 n +0000342183 00000 n +0000342247 00000 n +0000342435 00000 n +0000342498 00000 n +0000342561 00000 n +0000342625 00000 n +0000763057 00000 n +0000346127 00000 n +0000344865 00000 n +0000342856 00000 n +0000344989 00000 n +0000345052 00000 n +0000345116 00000 n +0000345179 00000 n +0000345242 00000 n +0000345305 00000 n +0000345369 00000 n +0000345433 00000 n +0000345496 00000 n +0000345559 00000 n +0000345622 00000 n +0000345686 00000 n +0000345749 00000 n +0000345812 00000 n +0000345875 00000 n +0000345938 00000 n +0000346001 00000 n +0000346064 00000 n +0000350049 00000 n +0000348150 00000 n +0000346282 00000 n +0000348274 00000 n +0000348337 00000 n +0000348400 00000 n +0000348464 00000 n +0000348527 00000 n +0000348590 00000 n +0000348654 00000 n +0000348717 00000 n +0000348780 00000 n +0000348844 00000 n +0000348907 00000 n +0000348970 00000 n +0000349034 00000 n +0000349097 00000 n +0000349160 00000 n +0000349223 00000 n +0000349287 00000 n +0000349350 00000 n +0000349414 00000 n +0000349477 00000 n +0000349540 00000 n +0000349604 00000 n +0000349668 00000 n +0000349732 00000 n +0000349796 00000 n +0000349859 00000 n +0000349922 00000 n +0000349986 00000 n +0000352262 00000 n +0000351251 00000 n +0000350231 00000 n +0000351375 00000 n +0000351501 00000 n +0000351564 00000 n +0000351627 00000 n +0000351690 00000 n +0000351754 00000 n +0000351818 00000 n +0000351882 00000 n +0000351946 00000 n +0000352010 00000 n +0000352073 00000 n +0000352136 00000 n +0000352199 00000 n +0000358188 00000 n +0000354409 00000 n +0000352389 00000 n +0000355029 00000 n +0000355216 00000 n +0000355279 00000 n +0000355343 00000 n +0000355406 00000 n +0000355469 00000 n +0000355533 00000 n +0000355597 00000 n +0000355660 00000 n +0000355723 00000 n +0000355787 00000 n +0000355850 00000 n +0000355913 00000 n +0000355977 00000 n +0000356041 00000 n +0000356104 00000 n +0000356166 00000 n +0000356228 00000 n +0000356291 00000 n +0000356354 00000 n +0000356543 00000 n +0000356606 00000 n +0000356670 00000 n +0000356733 00000 n +0000356796 00000 n +0000356859 00000 n +0000354572 00000 n +0000354725 00000 n +0000354877 00000 n +0000356923 00000 n +0000356986 00000 n +0000357049 00000 n +0000357112 00000 n +0000357175 00000 n +0000357237 00000 n +0000357300 00000 n +0000357364 00000 n +0000357427 00000 n +0000357490 00000 n +0000357554 00000 n +0000357618 00000 n +0000357681 00000 n +0000357745 00000 n +0000357808 00000 n +0000357871 00000 n +0000357934 00000 n +0000357996 00000 n +0000358060 00000 n +0000358124 00000 n +0000363276 00000 n +0000360106 00000 n +0000358301 00000 n +0000360230 00000 n +0000360293 00000 n +0000360357 00000 n +0000360421 00000 n +0000360484 00000 n +0000360548 00000 n +0000360611 00000 n +0000360674 00000 n +0000360737 00000 n +0000360801 00000 n +0000360865 00000 n +0000360929 00000 n +0000360993 00000 n +0000361057 00000 n +0000361120 00000 n +0000361183 00000 n +0000361247 00000 n +0000361310 00000 n +0000361374 00000 n +0000361436 00000 n +0000361498 00000 n +0000361685 00000 n +0000361748 00000 n +0000361812 00000 n +0000361876 00000 n +0000361940 00000 n +0000362004 00000 n +0000362067 00000 n +0000362131 00000 n +0000362194 00000 n +0000362258 00000 n +0000362322 00000 n +0000362386 00000 n +0000362450 00000 n +0000362514 00000 n +0000362578 00000 n +0000362642 00000 n +0000362706 00000 n +0000362769 00000 n +0000362832 00000 n +0000362895 00000 n +0000362959 00000 n +0000363023 00000 n +0000363086 00000 n +0000363150 00000 n +0000368047 00000 n +0000365098 00000 n +0000363416 00000 n +0000365395 00000 n +0000365458 00000 n +0000365583 00000 n +0000365646 00000 n +0000365709 00000 n +0000365773 00000 n +0000365836 00000 n +0000365899 00000 n +0000365962 00000 n +0000366025 00000 n +0000366089 00000 n +0000366151 00000 n +0000366214 00000 n +0000366276 00000 n +0000366340 00000 n +0000366402 00000 n +0000366466 00000 n +0000366529 00000 n +0000366593 00000 n +0000366656 00000 n +0000366720 00000 n +0000366784 00000 n +0000366847 00000 n +0000366911 00000 n +0000366974 00000 n +0000367038 00000 n +0000367101 00000 n +0000367165 00000 n +0000367228 00000 n +0000367292 00000 n +0000367355 00000 n +0000367419 00000 n +0000365243 00000 n +0000367607 00000 n +0000367795 00000 n +0000367858 00000 n +0000367921 00000 n +0000367983 00000 n +0000763182 00000 n +0000371341 00000 n +0000369320 00000 n +0000368159 00000 n +0000369444 00000 n +0000369507 00000 n +0000369569 00000 n +0000369632 00000 n +0000369695 00000 n +0000369759 00000 n +0000369822 00000 n +0000369885 00000 n +0000369949 00000 n +0000370012 00000 n +0000370075 00000 n +0000370138 00000 n +0000370202 00000 n +0000370266 00000 n +0000370329 00000 n +0000370391 00000 n +0000370454 00000 n +0000370518 00000 n +0000370581 00000 n +0000370643 00000 n +0000370706 00000 n +0000370770 00000 n +0000370834 00000 n +0000370897 00000 n +0000370960 00000 n +0000371024 00000 n +0000371088 00000 n +0000371151 00000 n +0000371214 00000 n +0000371277 00000 n +0000375606 00000 n +0000373032 00000 n +0000371441 00000 n +0000373330 00000 n +0000373393 00000 n +0000373456 00000 n +0000373519 00000 n +0000373583 00000 n +0000373646 00000 n +0000373710 00000 n +0000373773 00000 n +0000373836 00000 n +0000373900 00000 n +0000373963 00000 n +0000374026 00000 n +0000374089 00000 n +0000374152 00000 n +0000374215 00000 n +0000374279 00000 n +0000373177 00000 n +0000374343 00000 n +0000374406 00000 n +0000374469 00000 n +0000374532 00000 n +0000374596 00000 n +0000374660 00000 n +0000374724 00000 n +0000374788 00000 n +0000374852 00000 n +0000374913 00000 n +0000374974 00000 n +0000375100 00000 n +0000375163 00000 n +0000375226 00000 n +0000375289 00000 n +0000375353 00000 n +0000375416 00000 n +0000375479 00000 n +0000375542 00000 n +0000397975 00000 n +0000381557 00000 n +0000378474 00000 n +0000375760 00000 n +0000378770 00000 n +0000378833 00000 n +0000378619 00000 n +0000378896 00000 n +0000378958 00000 n +0000379021 00000 n +0000379084 00000 n +0000379147 00000 n +0000379211 00000 n +0000379334 00000 n +0000379397 00000 n +0000379460 00000 n +0000379524 00000 n +0000379587 00000 n +0000379651 00000 n +0000379715 00000 n +0000379778 00000 n +0000379842 00000 n +0000379906 00000 n +0000379969 00000 n +0000380033 00000 n +0000380096 00000 n +0000380160 00000 n +0000380223 00000 n +0000380285 00000 n +0000380348 00000 n +0000380412 00000 n +0000380476 00000 n +0000380539 00000 n +0000380602 00000 n +0000380666 00000 n +0000380730 00000 n +0000380792 00000 n +0000380856 00000 n +0000380919 00000 n +0000380983 00000 n +0000381046 00000 n +0000381110 00000 n +0000381174 00000 n +0000381238 00000 n +0000381302 00000 n +0000381366 00000 n +0000381430 00000 n +0000381494 00000 n +0000392229 00000 n +0000384783 00000 n +0000383337 00000 n +0000381725 00000 n +0000383461 00000 n +0000383524 00000 n +0000383586 00000 n +0000383650 00000 n +0000383712 00000 n +0000383774 00000 n +0000383837 00000 n +0000383900 00000 n +0000383963 00000 n +0000384026 00000 n +0000384089 00000 n +0000384152 00000 n +0000384214 00000 n +0000384277 00000 n +0000384403 00000 n +0000384465 00000 n +0000384529 00000 n +0000384593 00000 n +0000384657 00000 n +0000384720 00000 n +0000389293 00000 n +0000387098 00000 n +0000384923 00000 n +0000387400 00000 n +0000387463 00000 n +0000387525 00000 n +0000387588 00000 n +0000387652 00000 n +0000387716 00000 n +0000387779 00000 n +0000387841 00000 n +0000387904 00000 n +0000387967 00000 n +0000388030 00000 n +0000388093 00000 n +0000388156 00000 n +0000388218 00000 n +0000388281 00000 n +0000388344 00000 n +0000388533 00000 n +0000388596 00000 n +0000388659 00000 n +0000388722 00000 n +0000388785 00000 n +0000388847 00000 n +0000388910 00000 n +0000388974 00000 n +0000389038 00000 n +0000387243 00000 n +0000389102 00000 n +0000389165 00000 n +0000389229 00000 n +0000394191 00000 n +0000391639 00000 n +0000389420 00000 n +0000392102 00000 n +0000392165 00000 n +0000391793 00000 n +0000392355 00000 n +0000392418 00000 n +0000392481 00000 n +0000392544 00000 n +0000392607 00000 n +0000391949 00000 n +0000392671 00000 n +0000392734 00000 n +0000392797 00000 n +0000392861 00000 n +0000392924 00000 n +0000392986 00000 n +0000393050 00000 n +0000393114 00000 n +0000393178 00000 n +0000393242 00000 n +0000393305 00000 n +0000393368 00000 n +0000393494 00000 n +0000393557 00000 n +0000393621 00000 n +0000393685 00000 n +0000393748 00000 n +0000393812 00000 n +0000393876 00000 n +0000393939 00000 n +0000394002 00000 n +0000394128 00000 n +0000763307 00000 n +0000398797 00000 n +0000396645 00000 n +0000394331 00000 n +0000396769 00000 n +0000396832 00000 n +0000396896 00000 n +0000396960 00000 n +0000397024 00000 n +0000397088 00000 n +0000397151 00000 n +0000397214 00000 n +0000397277 00000 n +0000397403 00000 n +0000397466 00000 n +0000397529 00000 n +0000397593 00000 n +0000397657 00000 n +0000397721 00000 n +0000397785 00000 n +0000397848 00000 n +0000397911 00000 n +0000398101 00000 n +0000398164 00000 n +0000398227 00000 n +0000398291 00000 n +0000398354 00000 n +0000398417 00000 n +0000398481 00000 n +0000398545 00000 n +0000398609 00000 n +0000398671 00000 n +0000398733 00000 n +0000403223 00000 n +0000401008 00000 n +0000398951 00000 n +0000401132 00000 n +0000401195 00000 n +0000401259 00000 n +0000401322 00000 n +0000401385 00000 n +0000401449 00000 n +0000401512 00000 n +0000401575 00000 n +0000401639 00000 n +0000401702 00000 n +0000401766 00000 n +0000401830 00000 n +0000401893 00000 n +0000401956 00000 n +0000402020 00000 n +0000402084 00000 n +0000402148 00000 n +0000402211 00000 n +0000402274 00000 n +0000402337 00000 n +0000402399 00000 n +0000402463 00000 n +0000402527 00000 n +0000402591 00000 n +0000402655 00000 n +0000402781 00000 n +0000402844 00000 n +0000403032 00000 n +0000403095 00000 n +0000403159 00000 n +0000407049 00000 n +0000405110 00000 n +0000403377 00000 n +0000405406 00000 n +0000405469 00000 n +0000405532 00000 n +0000405596 00000 n +0000405255 00000 n +0000405659 00000 n +0000405722 00000 n +0000405785 00000 n +0000405849 00000 n +0000405912 00000 n +0000406099 00000 n +0000406161 00000 n +0000406225 00000 n +0000406288 00000 n +0000406351 00000 n +0000406415 00000 n +0000406478 00000 n +0000406541 00000 n +0000406604 00000 n +0000406668 00000 n +0000406731 00000 n +0000406795 00000 n +0000406859 00000 n +0000406923 00000 n +0000406986 00000 n +0000410619 00000 n +0000408538 00000 n +0000407203 00000 n +0000408662 00000 n +0000408725 00000 n +0000408787 00000 n +0000408911 00000 n +0000408974 00000 n +0000409037 00000 n +0000409100 00000 n +0000409163 00000 n +0000409227 00000 n +0000409290 00000 n +0000409353 00000 n +0000409417 00000 n +0000409480 00000 n +0000409543 00000 n +0000409607 00000 n +0000409670 00000 n +0000409733 00000 n +0000409796 00000 n +0000409859 00000 n +0000409922 00000 n +0000409986 00000 n +0000410049 00000 n +0000410113 00000 n +0000410176 00000 n +0000410240 00000 n +0000410303 00000 n +0000410492 00000 n +0000410555 00000 n +0000414511 00000 n +0000412552 00000 n +0000410759 00000 n +0000412676 00000 n +0000412739 00000 n +0000412802 00000 n +0000412865 00000 n +0000412929 00000 n +0000412993 00000 n +0000413057 00000 n +0000413121 00000 n +0000413185 00000 n +0000413249 00000 n +0000413312 00000 n +0000413376 00000 n +0000413439 00000 n +0000413629 00000 n +0000413692 00000 n +0000413755 00000 n +0000413819 00000 n +0000413882 00000 n +0000413945 00000 n +0000414008 00000 n +0000414196 00000 n +0000414259 00000 n +0000414322 00000 n +0000414385 00000 n +0000414448 00000 n +0000419552 00000 n +0000417013 00000 n +0000414651 00000 n +0000417137 00000 n +0000417200 00000 n +0000417263 00000 n +0000417326 00000 n +0000417389 00000 n +0000417452 00000 n +0000417516 00000 n +0000417580 00000 n +0000417644 00000 n +0000417707 00000 n +0000417771 00000 n +0000417835 00000 n +0000417899 00000 n +0000417962 00000 n +0000418025 00000 n +0000418088 00000 n +0000418151 00000 n +0000418215 00000 n +0000418279 00000 n +0000418342 00000 n +0000418406 00000 n +0000418532 00000 n +0000418595 00000 n +0000418659 00000 n +0000418723 00000 n +0000418787 00000 n +0000418851 00000 n +0000418915 00000 n +0000418978 00000 n +0000419042 00000 n +0000419106 00000 n +0000419170 00000 n +0000419233 00000 n +0000419297 00000 n +0000419361 00000 n +0000419425 00000 n +0000419489 00000 n +0000763432 00000 n +0000422399 00000 n +0000421335 00000 n +0000419720 00000 n +0000421637 00000 n +0000421700 00000 n +0000421764 00000 n +0000421828 00000 n +0000421892 00000 n +0000421956 00000 n +0000422020 00000 n +0000422146 00000 n +0000422209 00000 n +0000422273 00000 n +0000422336 00000 n +0000421480 00000 n +0000427145 00000 n +0000424809 00000 n +0000422554 00000 n +0000425116 00000 n +0000425305 00000 n +0000425368 00000 n +0000425431 00000 n +0000425495 00000 n +0000425558 00000 n +0000425621 00000 n +0000425684 00000 n +0000425748 00000 n +0000425811 00000 n +0000425874 00000 n +0000425937 00000 n +0000426001 00000 n +0000426065 00000 n +0000426129 00000 n +0000426192 00000 n +0000426255 00000 n +0000426319 00000 n +0000426382 00000 n +0000426445 00000 n +0000424954 00000 n +0000426508 00000 n +0000426572 00000 n +0000426636 00000 n +0000426700 00000 n +0000426764 00000 n +0000426828 00000 n +0000426892 00000 n +0000426955 00000 n +0000427018 00000 n +0000427081 00000 n +0000429140 00000 n +0000429519 00000 n +0000428649 00000 n +0000427299 00000 n +0000428951 00000 n +0000429014 00000 n +0000429077 00000 n +0000429266 00000 n +0000429329 00000 n +0000429393 00000 n +0000428794 00000 n +0000429456 00000 n +0000433495 00000 n +0000431604 00000 n +0000429660 00000 n +0000431728 00000 n +0000431854 00000 n +0000431917 00000 n +0000431981 00000 n +0000432044 00000 n +0000432108 00000 n +0000432171 00000 n +0000432235 00000 n +0000432299 00000 n +0000432362 00000 n +0000432426 00000 n +0000432550 00000 n +0000432612 00000 n +0000432675 00000 n +0000432738 00000 n +0000432801 00000 n +0000432864 00000 n +0000432927 00000 n +0000432989 00000 n +0000433051 00000 n +0000433115 00000 n +0000433179 00000 n +0000433242 00000 n +0000433305 00000 n +0000433368 00000 n +0000433432 00000 n +0000436878 00000 n +0000435431 00000 n +0000433608 00000 n +0000435555 00000 n +0000435618 00000 n +0000435680 00000 n +0000435743 00000 n +0000435805 00000 n +0000435867 00000 n +0000435930 00000 n +0000435994 00000 n +0000436058 00000 n +0000436122 00000 n +0000436185 00000 n +0000436311 00000 n +0000436374 00000 n +0000436438 00000 n +0000436501 00000 n +0000436564 00000 n +0000436627 00000 n +0000436815 00000 n +0000439573 00000 n +0000438260 00000 n +0000437005 00000 n +0000438562 00000 n +0000438625 00000 n +0000438688 00000 n +0000438751 00000 n +0000438815 00000 n +0000438878 00000 n +0000438942 00000 n +0000438405 00000 n +0000439131 00000 n +0000439194 00000 n +0000439257 00000 n +0000439320 00000 n +0000439383 00000 n +0000439446 00000 n +0000439510 00000 n +0000763557 00000 n +0000441762 00000 n +0000440946 00000 n +0000439699 00000 n +0000441070 00000 n +0000441133 00000 n +0000441321 00000 n +0000441384 00000 n +0000441447 00000 n +0000441510 00000 n +0000441573 00000 n +0000441636 00000 n +0000441699 00000 n +0000444592 00000 n +0000443338 00000 n +0000441888 00000 n +0000443462 00000 n +0000443525 00000 n +0000443713 00000 n +0000443774 00000 n +0000443835 00000 n +0000443899 00000 n +0000443963 00000 n +0000444027 00000 n +0000444090 00000 n +0000444152 00000 n +0000444216 00000 n +0000444406 00000 n +0000444469 00000 n +0000444529 00000 n +0000447485 00000 n +0000446096 00000 n +0000444718 00000 n +0000446220 00000 n +0000446283 00000 n +0000446346 00000 n +0000446409 00000 n +0000446472 00000 n +0000446535 00000 n +0000446599 00000 n +0000446663 00000 n +0000446726 00000 n +0000446789 00000 n +0000446852 00000 n +0000446916 00000 n +0000446980 00000 n +0000447043 00000 n +0000447107 00000 n +0000447170 00000 n +0000447232 00000 n +0000447296 00000 n +0000447359 00000 n +0000447422 00000 n +0000452335 00000 n +0000449820 00000 n +0000447625 00000 n +0000450116 00000 n +0000450305 00000 n +0000450368 00000 n +0000450431 00000 n +0000450494 00000 n +0000450558 00000 n +0000450622 00000 n +0000450686 00000 n +0000450749 00000 n +0000450813 00000 n +0000450876 00000 n +0000450940 00000 n +0000451004 00000 n +0000451068 00000 n +0000451132 00000 n +0000451321 00000 n +0000451384 00000 n +0000451447 00000 n +0000451511 00000 n +0000451575 00000 n +0000451639 00000 n +0000451702 00000 n +0000451766 00000 n +0000449965 00000 n +0000451830 00000 n +0000451894 00000 n +0000451957 00000 n +0000452020 00000 n +0000452083 00000 n +0000452146 00000 n +0000452210 00000 n +0000452273 00000 n +0000457413 00000 n +0000454497 00000 n +0000452475 00000 n +0000454621 00000 n +0000454684 00000 n +0000454747 00000 n +0000454811 00000 n +0000454874 00000 n +0000454938 00000 n +0000455001 00000 n +0000455065 00000 n +0000455128 00000 n +0000455192 00000 n +0000455255 00000 n +0000455444 00000 n +0000455507 00000 n +0000455571 00000 n +0000455635 00000 n +0000455699 00000 n +0000455762 00000 n +0000455826 00000 n +0000455889 00000 n +0000455952 00000 n +0000456014 00000 n +0000456078 00000 n +0000456142 00000 n +0000456206 00000 n +0000456270 00000 n +0000456334 00000 n +0000456396 00000 n +0000456460 00000 n +0000456524 00000 n +0000456587 00000 n +0000456649 00000 n +0000456713 00000 n +0000456776 00000 n +0000456839 00000 n +0000456903 00000 n +0000456967 00000 n +0000457030 00000 n +0000457093 00000 n +0000457157 00000 n +0000457221 00000 n +0000457285 00000 n +0000457349 00000 n +0000462176 00000 n +0000459580 00000 n +0000457553 00000 n +0000459704 00000 n +0000459767 00000 n +0000459830 00000 n +0000459893 00000 n +0000459957 00000 n +0000460020 00000 n +0000460083 00000 n +0000460146 00000 n +0000460209 00000 n +0000460272 00000 n +0000460336 00000 n +0000460399 00000 n +0000460461 00000 n +0000460524 00000 n +0000460588 00000 n +0000460652 00000 n +0000460842 00000 n +0000460905 00000 n +0000460969 00000 n +0000461033 00000 n +0000461096 00000 n +0000461159 00000 n +0000461222 00000 n +0000461285 00000 n +0000461348 00000 n +0000461412 00000 n +0000461476 00000 n +0000461539 00000 n +0000461603 00000 n +0000461666 00000 n +0000461729 00000 n +0000461793 00000 n +0000461857 00000 n +0000461921 00000 n +0000461985 00000 n +0000462049 00000 n +0000462113 00000 n +0000763682 00000 n +0000467264 00000 n +0000464304 00000 n +0000462316 00000 n +0000464602 00000 n +0000464665 00000 n +0000464728 00000 n +0000464792 00000 n +0000464855 00000 n +0000464918 00000 n +0000464982 00000 n +0000465045 00000 n +0000465109 00000 n +0000465172 00000 n +0000465235 00000 n +0000465299 00000 n +0000465362 00000 n +0000465425 00000 n +0000465488 00000 n +0000465552 00000 n +0000465616 00000 n +0000465680 00000 n +0000465744 00000 n +0000464449 00000 n +0000465808 00000 n +0000465871 00000 n +0000465935 00000 n +0000465998 00000 n +0000466062 00000 n +0000466125 00000 n +0000466188 00000 n +0000466251 00000 n +0000466315 00000 n +0000466378 00000 n +0000466442 00000 n +0000466505 00000 n +0000466569 00000 n +0000466632 00000 n +0000466695 00000 n +0000466758 00000 n +0000466822 00000 n +0000466884 00000 n +0000467074 00000 n +0000467137 00000 n +0000467201 00000 n +0000470503 00000 n +0000469053 00000 n +0000467404 00000 n +0000469177 00000 n +0000469240 00000 n +0000469303 00000 n +0000469365 00000 n +0000469554 00000 n +0000469617 00000 n +0000469681 00000 n +0000469745 00000 n +0000469808 00000 n +0000469871 00000 n +0000469935 00000 n +0000469999 00000 n +0000470061 00000 n +0000470124 00000 n +0000470188 00000 n +0000470313 00000 n +0000470376 00000 n +0000470440 00000 n +0000475693 00000 n +0000472922 00000 n +0000470657 00000 n +0000473218 00000 n +0000473281 00000 n +0000473344 00000 n +0000473406 00000 n +0000473470 00000 n +0000473533 00000 n +0000473597 00000 n +0000473661 00000 n +0000473724 00000 n +0000473787 00000 n +0000473851 00000 n +0000473067 00000 n +0000473914 00000 n +0000473977 00000 n +0000474041 00000 n +0000474104 00000 n +0000474167 00000 n +0000474230 00000 n +0000474294 00000 n +0000474358 00000 n +0000474421 00000 n +0000474485 00000 n +0000474549 00000 n +0000474675 00000 n +0000474738 00000 n +0000474802 00000 n +0000474865 00000 n +0000474928 00000 n +0000474992 00000 n +0000475056 00000 n +0000475120 00000 n +0000475183 00000 n +0000475247 00000 n +0000475310 00000 n +0000475374 00000 n +0000475438 00000 n +0000475502 00000 n +0000475566 00000 n +0000475630 00000 n +0000480417 00000 n +0000477937 00000 n +0000475847 00000 n +0000478391 00000 n +0000478454 00000 n +0000478517 00000 n +0000478581 00000 n +0000478091 00000 n +0000478241 00000 n +0000478644 00000 n +0000478707 00000 n +0000478771 00000 n +0000478834 00000 n +0000478897 00000 n +0000478960 00000 n +0000479023 00000 n +0000479086 00000 n +0000479149 00000 n +0000479213 00000 n +0000479402 00000 n +0000479465 00000 n +0000479528 00000 n +0000479591 00000 n +0000479655 00000 n +0000479719 00000 n +0000479781 00000 n +0000479845 00000 n +0000479909 00000 n +0000479972 00000 n +0000480036 00000 n +0000480100 00000 n +0000480290 00000 n +0000480353 00000 n +0000484651 00000 n +0000482000 00000 n +0000480571 00000 n +0000482124 00000 n +0000482187 00000 n +0000482249 00000 n +0000482312 00000 n +0000482501 00000 n +0000482564 00000 n +0000482627 00000 n +0000482691 00000 n +0000482755 00000 n +0000482818 00000 n +0000482881 00000 n +0000482944 00000 n +0000483007 00000 n +0000483070 00000 n +0000483134 00000 n +0000483197 00000 n +0000483260 00000 n +0000483324 00000 n +0000483387 00000 n +0000483449 00000 n +0000483513 00000 n +0000483576 00000 n +0000483639 00000 n +0000483702 00000 n +0000483764 00000 n +0000483827 00000 n +0000483891 00000 n +0000483954 00000 n +0000484017 00000 n +0000484081 00000 n +0000484144 00000 n +0000484207 00000 n +0000484271 00000 n +0000484334 00000 n +0000484397 00000 n +0000484461 00000 n +0000484524 00000 n +0000484587 00000 n +0000489000 00000 n +0000486809 00000 n +0000484777 00000 n +0000487105 00000 n +0000487168 00000 n +0000487230 00000 n +0000487293 00000 n +0000487356 00000 n +0000487420 00000 n +0000487483 00000 n +0000487547 00000 n +0000487611 00000 n +0000487675 00000 n +0000486954 00000 n +0000487739 00000 n +0000487801 00000 n +0000487863 00000 n +0000487926 00000 n +0000487989 00000 n +0000488052 00000 n +0000488115 00000 n +0000488178 00000 n +0000488241 00000 n +0000488304 00000 n +0000488367 00000 n +0000488430 00000 n +0000488619 00000 n +0000488682 00000 n +0000488746 00000 n +0000488809 00000 n +0000488872 00000 n +0000488936 00000 n +0000763807 00000 n +0000494571 00000 n +0000491086 00000 n +0000489155 00000 n +0000491210 00000 n +0000491273 00000 n +0000491335 00000 n +0000491398 00000 n +0000491460 00000 n +0000491523 00000 n +0000491586 00000 n +0000491650 00000 n +0000491714 00000 n +0000491777 00000 n +0000491840 00000 n +0000491903 00000 n +0000491967 00000 n +0000492030 00000 n +0000492094 00000 n +0000492157 00000 n +0000492221 00000 n +0000492284 00000 n +0000492347 00000 n +0000492411 00000 n +0000492475 00000 n +0000492538 00000 n +0000492602 00000 n +0000492666 00000 n +0000492729 00000 n +0000492793 00000 n +0000492856 00000 n +0000492920 00000 n +0000492984 00000 n +0000493047 00000 n +0000493111 00000 n +0000493175 00000 n +0000493238 00000 n +0000493302 00000 n +0000493366 00000 n +0000493429 00000 n +0000493492 00000 n +0000493555 00000 n +0000493619 00000 n +0000493683 00000 n +0000493746 00000 n +0000493809 00000 n +0000493873 00000 n +0000493937 00000 n +0000494001 00000 n +0000494065 00000 n +0000494129 00000 n +0000494193 00000 n +0000494256 00000 n +0000494319 00000 n +0000494382 00000 n +0000494444 00000 n +0000494508 00000 n +0000498803 00000 n +0000496464 00000 n +0000494726 00000 n +0000496588 00000 n +0000496651 00000 n +0000496714 00000 n +0000496778 00000 n +0000496842 00000 n +0000496906 00000 n +0000496970 00000 n +0000497033 00000 n +0000497095 00000 n +0000497285 00000 n +0000497348 00000 n +0000497412 00000 n +0000497476 00000 n +0000497538 00000 n +0000497600 00000 n +0000497663 00000 n +0000497725 00000 n +0000497789 00000 n +0000497853 00000 n +0000497916 00000 n +0000497978 00000 n +0000498042 00000 n +0000498106 00000 n +0000498170 00000 n +0000498234 00000 n +0000498424 00000 n +0000498487 00000 n +0000498550 00000 n +0000498613 00000 n +0000498677 00000 n +0000498740 00000 n +0000502800 00000 n +0000500903 00000 n +0000498985 00000 n +0000501027 00000 n +0000501153 00000 n +0000501216 00000 n +0000501280 00000 n +0000501343 00000 n +0000501407 00000 n +0000501471 00000 n +0000501532 00000 n +0000501596 00000 n +0000501660 00000 n +0000501786 00000 n +0000501849 00000 n +0000501913 00000 n +0000501977 00000 n +0000502041 00000 n +0000502105 00000 n +0000502167 00000 n +0000502230 00000 n +0000502292 00000 n +0000502356 00000 n +0000502420 00000 n +0000502483 00000 n +0000502547 00000 n +0000502611 00000 n +0000502674 00000 n +0000507941 00000 n +0000505047 00000 n +0000502954 00000 n +0000505344 00000 n +0000505469 00000 n +0000505532 00000 n +0000505595 00000 n +0000505658 00000 n +0000505721 00000 n +0000505785 00000 n +0000505849 00000 n +0000505912 00000 n +0000505976 00000 n +0000506040 00000 n +0000506104 00000 n +0000506168 00000 n +0000506232 00000 n +0000506421 00000 n +0000506484 00000 n +0000506548 00000 n +0000505192 00000 n +0000506738 00000 n +0000506801 00000 n +0000506862 00000 n +0000506926 00000 n +0000506989 00000 n +0000507053 00000 n +0000507117 00000 n +0000507181 00000 n +0000507244 00000 n +0000507307 00000 n +0000507370 00000 n +0000507433 00000 n +0000507497 00000 n +0000507561 00000 n +0000507625 00000 n +0000507688 00000 n +0000507751 00000 n +0000507814 00000 n +0000507878 00000 n +0000510700 00000 n +0000509559 00000 n +0000508067 00000 n +0000509683 00000 n +0000509746 00000 n +0000509810 00000 n +0000509873 00000 n +0000509937 00000 n +0000510000 00000 n +0000510063 00000 n +0000510127 00000 n +0000510191 00000 n +0000510254 00000 n +0000510317 00000 n +0000510381 00000 n +0000510445 00000 n +0000510509 00000 n +0000510572 00000 n +0000510636 00000 n +0000515080 00000 n +0000512591 00000 n +0000510840 00000 n +0000513056 00000 n +0000513245 00000 n +0000513308 00000 n +0000513497 00000 n +0000513560 00000 n +0000512745 00000 n +0000512896 00000 n +0000513750 00000 n +0000513813 00000 n +0000513876 00000 n +0000513938 00000 n +0000514002 00000 n +0000514065 00000 n +0000514128 00000 n +0000514192 00000 n +0000514256 00000 n +0000514320 00000 n +0000514384 00000 n +0000514447 00000 n +0000514636 00000 n +0000514699 00000 n +0000514762 00000 n +0000514826 00000 n +0000514888 00000 n +0000514952 00000 n +0000515016 00000 n +0000763932 00000 n +0000521278 00000 n +0000517421 00000 n +0000515220 00000 n +0000517720 00000 n +0000517783 00000 n +0000517846 00000 n +0000517910 00000 n +0000517974 00000 n +0000518038 00000 n +0000518101 00000 n +0000518164 00000 n +0000518227 00000 n +0000518291 00000 n +0000518353 00000 n +0000518417 00000 n +0000518481 00000 n +0000518544 00000 n +0000518607 00000 n +0000518670 00000 n +0000518734 00000 n +0000518798 00000 n +0000518862 00000 n +0000518925 00000 n +0000518988 00000 n +0000519051 00000 n +0000519115 00000 n +0000519179 00000 n +0000519242 00000 n +0000519305 00000 n +0000519369 00000 n +0000519433 00000 n +0000519497 00000 n +0000519561 00000 n +0000519623 00000 n +0000519687 00000 n +0000519751 00000 n +0000519815 00000 n +0000519879 00000 n +0000519943 00000 n +0000520007 00000 n +0000520070 00000 n +0000517566 00000 n +0000520134 00000 n +0000520197 00000 n +0000520261 00000 n +0000520325 00000 n +0000520389 00000 n +0000520452 00000 n +0000520516 00000 n +0000520579 00000 n +0000520642 00000 n +0000520706 00000 n +0000520769 00000 n +0000520832 00000 n +0000520895 00000 n +0000520959 00000 n +0000521023 00000 n +0000521087 00000 n +0000521151 00000 n +0000521214 00000 n +0000524279 00000 n +0000522954 00000 n +0000521391 00000 n +0000523078 00000 n +0000523141 00000 n +0000523204 00000 n +0000523267 00000 n +0000523331 00000 n +0000523394 00000 n +0000523457 00000 n +0000523521 00000 n +0000523584 00000 n +0000523647 00000 n +0000523711 00000 n +0000523775 00000 n +0000523839 00000 n +0000523903 00000 n +0000523966 00000 n +0000524091 00000 n +0000524154 00000 n +0000524217 00000 n +0000530537 00000 n +0000526762 00000 n +0000524419 00000 n +0000527558 00000 n +0000527745 00000 n +0000526934 00000 n +0000527089 00000 n +0000527808 00000 n +0000527872 00000 n +0000527936 00000 n +0000527999 00000 n +0000528062 00000 n +0000528126 00000 n +0000528189 00000 n +0000528253 00000 n +0000528317 00000 n +0000528381 00000 n +0000528444 00000 n +0000528507 00000 n +0000528570 00000 n +0000528633 00000 n +0000528696 00000 n +0000528760 00000 n +0000528824 00000 n +0000527246 00000 n +0000528888 00000 n +0000528951 00000 n +0000529015 00000 n +0000529077 00000 n +0000529141 00000 n +0000529205 00000 n +0000529269 00000 n +0000529332 00000 n +0000529396 00000 n +0000529460 00000 n +0000529524 00000 n +0000529588 00000 n +0000529651 00000 n +0000529713 00000 n +0000527400 00000 n +0000529777 00000 n +0000529839 00000 n +0000529903 00000 n +0000529967 00000 n +0000530031 00000 n +0000530094 00000 n +0000530157 00000 n +0000530220 00000 n +0000530283 00000 n +0000530347 00000 n +0000530411 00000 n +0000530475 00000 n +0000535821 00000 n +0000532659 00000 n +0000530705 00000 n +0000532783 00000 n +0000532846 00000 n +0000532909 00000 n +0000532972 00000 n +0000533036 00000 n +0000533100 00000 n +0000533163 00000 n +0000533226 00000 n +0000533289 00000 n +0000533352 00000 n +0000533416 00000 n +0000533480 00000 n +0000533543 00000 n +0000533606 00000 n +0000533670 00000 n +0000533733 00000 n +0000533797 00000 n +0000533861 00000 n +0000533925 00000 n +0000533988 00000 n +0000534052 00000 n +0000534115 00000 n +0000534178 00000 n +0000534240 00000 n +0000534302 00000 n +0000534366 00000 n +0000534428 00000 n +0000534491 00000 n +0000534553 00000 n +0000534616 00000 n +0000534679 00000 n +0000534743 00000 n +0000534806 00000 n +0000534870 00000 n +0000534933 00000 n +0000534997 00000 n +0000535060 00000 n +0000535124 00000 n +0000535187 00000 n +0000535251 00000 n +0000535314 00000 n +0000535378 00000 n +0000535441 00000 n +0000535504 00000 n +0000535567 00000 n +0000535630 00000 n +0000535694 00000 n +0000538083 00000 n +0000537389 00000 n +0000535989 00000 n +0000537513 00000 n +0000537638 00000 n +0000537701 00000 n +0000537765 00000 n +0000537829 00000 n +0000537893 00000 n +0000537956 00000 n +0000538019 00000 n +0000543221 00000 n +0000540304 00000 n +0000538223 00000 n +0000540428 00000 n +0000540617 00000 n +0000540680 00000 n +0000540744 00000 n +0000540934 00000 n +0000540997 00000 n +0000541060 00000 n +0000541123 00000 n +0000541186 00000 n +0000541250 00000 n +0000541313 00000 n +0000541376 00000 n +0000541439 00000 n +0000541503 00000 n +0000541567 00000 n +0000541631 00000 n +0000541694 00000 n +0000541758 00000 n +0000541822 00000 n +0000541886 00000 n +0000541949 00000 n +0000542012 00000 n +0000542076 00000 n +0000542140 00000 n +0000542204 00000 n +0000542268 00000 n +0000542331 00000 n +0000542394 00000 n +0000542458 00000 n +0000542522 00000 n +0000542586 00000 n +0000542650 00000 n +0000542713 00000 n +0000542776 00000 n +0000542840 00000 n +0000542903 00000 n +0000542967 00000 n +0000543030 00000 n +0000543093 00000 n +0000543157 00000 n +0000764057 00000 n +0000548457 00000 n +0000545729 00000 n +0000543361 00000 n +0000545853 00000 n +0000545916 00000 n +0000545979 00000 n +0000546042 00000 n +0000546106 00000 n +0000546170 00000 n +0000546233 00000 n +0000546296 00000 n +0000546360 00000 n +0000546422 00000 n +0000546484 00000 n +0000546548 00000 n +0000546612 00000 n +0000546675 00000 n +0000546739 00000 n +0000546803 00000 n +0000546867 00000 n +0000546931 00000 n +0000546995 00000 n +0000547059 00000 n +0000547123 00000 n +0000547185 00000 n +0000547248 00000 n +0000547312 00000 n +0000547376 00000 n +0000547440 00000 n +0000547566 00000 n +0000547629 00000 n +0000547692 00000 n +0000547755 00000 n +0000547819 00000 n +0000547883 00000 n +0000547947 00000 n +0000548010 00000 n +0000548074 00000 n +0000548138 00000 n +0000548202 00000 n +0000548266 00000 n +0000548330 00000 n +0000548394 00000 n +0000553735 00000 n +0000550870 00000 n +0000548625 00000 n +0000550994 00000 n +0000551057 00000 n +0000551119 00000 n +0000551182 00000 n +0000551246 00000 n +0000551310 00000 n +0000551374 00000 n +0000551437 00000 n +0000551501 00000 n +0000551564 00000 n +0000551628 00000 n +0000551692 00000 n +0000551756 00000 n +0000551820 00000 n +0000551884 00000 n +0000551948 00000 n +0000552012 00000 n +0000552076 00000 n +0000552140 00000 n +0000552204 00000 n +0000552268 00000 n +0000552332 00000 n +0000552396 00000 n +0000552460 00000 n +0000552523 00000 n +0000552587 00000 n +0000552651 00000 n +0000552715 00000 n +0000552779 00000 n +0000552843 00000 n +0000552907 00000 n +0000552970 00000 n +0000553034 00000 n +0000553098 00000 n +0000553162 00000 n +0000553225 00000 n +0000553289 00000 n +0000553353 00000 n +0000553416 00000 n +0000553480 00000 n +0000553544 00000 n +0000553608 00000 n +0000553672 00000 n +0000557682 00000 n +0000556101 00000 n +0000553903 00000 n +0000556225 00000 n +0000556288 00000 n +0000556352 00000 n +0000556416 00000 n +0000556480 00000 n +0000556543 00000 n +0000556606 00000 n +0000556670 00000 n +0000556733 00000 n +0000556796 00000 n +0000556985 00000 n +0000557048 00000 n +0000557112 00000 n +0000557176 00000 n +0000557239 00000 n +0000557302 00000 n +0000557365 00000 n +0000557429 00000 n +0000557493 00000 n +0000557556 00000 n +0000557619 00000 n +0000558922 00000 n +0000558481 00000 n +0000557836 00000 n +0000558605 00000 n +0000558668 00000 n +0000558731 00000 n +0000558795 00000 n +0000558859 00000 n +0000563282 00000 n +0000561022 00000 n +0000559022 00000 n +0000561325 00000 n +0000561640 00000 n +0000561703 00000 n +0000561766 00000 n +0000561830 00000 n +0000561893 00000 n +0000561956 00000 n +0000562020 00000 n +0000562084 00000 n +0000561167 00000 n +0000562148 00000 n +0000562212 00000 n +0000562275 00000 n +0000562338 00000 n +0000562400 00000 n +0000562464 00000 n +0000562526 00000 n +0000562589 00000 n +0000562652 00000 n +0000562715 00000 n +0000562778 00000 n +0000562841 00000 n +0000562904 00000 n +0000562968 00000 n +0000563031 00000 n +0000563094 00000 n +0000563158 00000 n +0000563220 00000 n +0000570614 00000 n +0000568851 00000 n +0000565869 00000 n +0000563450 00000 n +0000565993 00000 n +0000566056 00000 n +0000566120 00000 n +0000566183 00000 n +0000566246 00000 n +0000566373 00000 n +0000566436 00000 n +0000566499 00000 n +0000566562 00000 n +0000566626 00000 n +0000566690 00000 n +0000566753 00000 n +0000566816 00000 n +0000566879 00000 n +0000566943 00000 n +0000567007 00000 n +0000567071 00000 n +0000567135 00000 n +0000567199 00000 n +0000567262 00000 n +0000567326 00000 n +0000567389 00000 n +0000567453 00000 n +0000567517 00000 n +0000567580 00000 n +0000567644 00000 n +0000567707 00000 n +0000567769 00000 n +0000567833 00000 n +0000567896 00000 n +0000567960 00000 n +0000568024 00000 n +0000568087 00000 n +0000568151 00000 n +0000568215 00000 n +0000568279 00000 n +0000568343 00000 n +0000568407 00000 n +0000568471 00000 n +0000568534 00000 n +0000568597 00000 n +0000568660 00000 n +0000568724 00000 n +0000568787 00000 n +0000764182 00000 n +0000571688 00000 n +0000570364 00000 n +0000569019 00000 n +0000570488 00000 n +0000570551 00000 n +0000570740 00000 n +0000570803 00000 n +0000570928 00000 n +0000570991 00000 n +0000571055 00000 n +0000571118 00000 n +0000571181 00000 n +0000571243 00000 n +0000571307 00000 n +0000571370 00000 n +0000571434 00000 n +0000571497 00000 n +0000571560 00000 n +0000571624 00000 n +0000575627 00000 n +0000573347 00000 n +0000571843 00000 n +0000573471 00000 n +0000573534 00000 n +0000573597 00000 n +0000573660 00000 n +0000573724 00000 n +0000573787 00000 n +0000573851 00000 n +0000573914 00000 n +0000573977 00000 n +0000574041 00000 n +0000574104 00000 n +0000574168 00000 n +0000574231 00000 n +0000574294 00000 n +0000574358 00000 n +0000574421 00000 n +0000574485 00000 n +0000574611 00000 n +0000574674 00000 n +0000574738 00000 n +0000574802 00000 n +0000574865 00000 n +0000574929 00000 n +0000574993 00000 n +0000575057 00000 n +0000575121 00000 n +0000575247 00000 n +0000575373 00000 n +0000575436 00000 n +0000575500 00000 n +0000575564 00000 n +0000580532 00000 n +0000577760 00000 n +0000575781 00000 n +0000578064 00000 n +0000578127 00000 n +0000578252 00000 n +0000578315 00000 n +0000578379 00000 n +0000578443 00000 n +0000577905 00000 n +0000578507 00000 n +0000578570 00000 n +0000578634 00000 n +0000578760 00000 n +0000578823 00000 n +0000578886 00000 n +0000578949 00000 n +0000579013 00000 n +0000579076 00000 n +0000579140 00000 n +0000579204 00000 n +0000579330 00000 n +0000579393 00000 n +0000579457 00000 n +0000579521 00000 n +0000579585 00000 n +0000579711 00000 n +0000579774 00000 n +0000579837 00000 n +0000579901 00000 n +0000579965 00000 n +0000580027 00000 n +0000580089 00000 n +0000580152 00000 n +0000580215 00000 n +0000580278 00000 n +0000580341 00000 n +0000580405 00000 n +0000580468 00000 n +0000586057 00000 n +0000582700 00000 n +0000580714 00000 n +0000582824 00000 n +0000582887 00000 n +0000582950 00000 n +0000583014 00000 n +0000583076 00000 n +0000583139 00000 n +0000583202 00000 n +0000583266 00000 n +0000583329 00000 n +0000583392 00000 n +0000583456 00000 n +0000583520 00000 n +0000583584 00000 n +0000583647 00000 n +0000583710 00000 n +0000583774 00000 n +0000583838 00000 n +0000583902 00000 n +0000583966 00000 n +0000584030 00000 n +0000584093 00000 n +0000584157 00000 n +0000584221 00000 n +0000584285 00000 n +0000584348 00000 n +0000584411 00000 n +0000584475 00000 n +0000584538 00000 n +0000584601 00000 n +0000584664 00000 n +0000584728 00000 n +0000584792 00000 n +0000584856 00000 n +0000584920 00000 n +0000584982 00000 n +0000585046 00000 n +0000585109 00000 n +0000585172 00000 n +0000585236 00000 n +0000585299 00000 n +0000585362 00000 n +0000585425 00000 n +0000585489 00000 n +0000585553 00000 n +0000585679 00000 n +0000585742 00000 n +0000585805 00000 n +0000585868 00000 n +0000585931 00000 n +0000585994 00000 n +0000589808 00000 n +0000587731 00000 n +0000586197 00000 n +0000587855 00000 n +0000587918 00000 n +0000587981 00000 n +0000588044 00000 n +0000588106 00000 n +0000588168 00000 n +0000588293 00000 n +0000588356 00000 n +0000588482 00000 n +0000588545 00000 n +0000588608 00000 n +0000588734 00000 n +0000588797 00000 n +0000588861 00000 n +0000588923 00000 n +0000589049 00000 n +0000589112 00000 n +0000589238 00000 n +0000589301 00000 n +0000589365 00000 n +0000589428 00000 n +0000589492 00000 n +0000589555 00000 n +0000589618 00000 n +0000589681 00000 n +0000589745 00000 n +0000593838 00000 n +0000591819 00000 n +0000589976 00000 n +0000591943 00000 n +0000592069 00000 n +0000592132 00000 n +0000592195 00000 n +0000592321 00000 n +0000592383 00000 n +0000592447 00000 n +0000592573 00000 n +0000592636 00000 n +0000592699 00000 n +0000592825 00000 n +0000592888 00000 n +0000592952 00000 n +0000593015 00000 n +0000593079 00000 n +0000593142 00000 n +0000593206 00000 n +0000593270 00000 n +0000593333 00000 n +0000593395 00000 n +0000593458 00000 n +0000593522 00000 n +0000593586 00000 n +0000593712 00000 n +0000593775 00000 n +0000764307 00000 n +0000597921 00000 n +0000595906 00000 n +0000594006 00000 n +0000596030 00000 n +0000596093 00000 n +0000596156 00000 n +0000596219 00000 n +0000596283 00000 n +0000596347 00000 n +0000596410 00000 n +0000596473 00000 n +0000596537 00000 n +0000596600 00000 n +0000596663 00000 n +0000596727 00000 n +0000596788 00000 n +0000596849 00000 n +0000596912 00000 n +0000596975 00000 n +0000597038 00000 n +0000597101 00000 n +0000597227 00000 n +0000597290 00000 n +0000597352 00000 n +0000597416 00000 n +0000597479 00000 n +0000597542 00000 n +0000597605 00000 n +0000597669 00000 n +0000597732 00000 n +0000597796 00000 n +0000597859 00000 n +0000602343 00000 n +0000600072 00000 n +0000598075 00000 n +0000600196 00000 n +0000600259 00000 n +0000600322 00000 n +0000600386 00000 n +0000600449 00000 n +0000600512 00000 n +0000600576 00000 n +0000600640 00000 n +0000600704 00000 n +0000600767 00000 n +0000600830 00000 n +0000600893 00000 n +0000600957 00000 n +0000601083 00000 n +0000601146 00000 n +0000601209 00000 n +0000601271 00000 n +0000601333 00000 n +0000601396 00000 n +0000601459 00000 n +0000601522 00000 n +0000601586 00000 n +0000601649 00000 n +0000601712 00000 n +0000601775 00000 n +0000601838 00000 n +0000601901 00000 n +0000601965 00000 n +0000602028 00000 n +0000602091 00000 n +0000602154 00000 n +0000602217 00000 n +0000602280 00000 n +0000606926 00000 n +0000604340 00000 n +0000602525 00000 n +0000604464 00000 n +0000604527 00000 n +0000604590 00000 n +0000604653 00000 n +0000604717 00000 n +0000604779 00000 n +0000604841 00000 n +0000604904 00000 n +0000604967 00000 n +0000605030 00000 n +0000605093 00000 n +0000605156 00000 n +0000605220 00000 n +0000605284 00000 n +0000605347 00000 n +0000605411 00000 n +0000605475 00000 n +0000605539 00000 n +0000605665 00000 n +0000605728 00000 n +0000605792 00000 n +0000605917 00000 n +0000605979 00000 n +0000606041 00000 n +0000606167 00000 n +0000606230 00000 n +0000606419 00000 n +0000606482 00000 n +0000606545 00000 n +0000606609 00000 n +0000606672 00000 n +0000606735 00000 n +0000606799 00000 n +0000606862 00000 n +0000611900 00000 n +0000609131 00000 n +0000607122 00000 n +0000609428 00000 n +0000609491 00000 n +0000609554 00000 n +0000609618 00000 n +0000609682 00000 n +0000609746 00000 n +0000609810 00000 n +0000609874 00000 n +0000609938 00000 n +0000610001 00000 n +0000610063 00000 n +0000610127 00000 n +0000610190 00000 n +0000610253 00000 n +0000610316 00000 n +0000609276 00000 n +0000610379 00000 n +0000610443 00000 n +0000610569 00000 n +0000610694 00000 n +0000610757 00000 n +0000610821 00000 n +0000610885 00000 n +0000610949 00000 n +0000611013 00000 n +0000611077 00000 n +0000611139 00000 n +0000611203 00000 n +0000611267 00000 n +0000611330 00000 n +0000611394 00000 n +0000611520 00000 n +0000611583 00000 n +0000611646 00000 n +0000611709 00000 n +0000611773 00000 n +0000611837 00000 n +0000616784 00000 n +0000613749 00000 n +0000612068 00000 n +0000613873 00000 n +0000613936 00000 n +0000613998 00000 n +0000614061 00000 n +0000614125 00000 n +0000614189 00000 n +0000614315 00000 n +0000614378 00000 n +0000614442 00000 n +0000614506 00000 n +0000614570 00000 n +0000614634 00000 n +0000614698 00000 n +0000614823 00000 n +0000614886 00000 n +0000614949 00000 n +0000615010 00000 n +0000615074 00000 n +0000615138 00000 n +0000615202 00000 n +0000615327 00000 n +0000615390 00000 n +0000615454 00000 n +0000615518 00000 n +0000615582 00000 n +0000615646 00000 n +0000615710 00000 n +0000615770 00000 n +0000615832 00000 n +0000615896 00000 n +0000615959 00000 n +0000616022 00000 n +0000616085 00000 n +0000616148 00000 n +0000616212 00000 n +0000616276 00000 n +0000616401 00000 n +0000616464 00000 n +0000616528 00000 n +0000616592 00000 n +0000616656 00000 n +0000616720 00000 n +0000618440 00000 n +0000617742 00000 n +0000616924 00000 n +0000617866 00000 n +0000617929 00000 n +0000617993 00000 n +0000618057 00000 n +0000618121 00000 n +0000618185 00000 n +0000618249 00000 n +0000618312 00000 n +0000618376 00000 n +0000764432 00000 n +0000623391 00000 n +0000620542 00000 n +0000618553 00000 n +0000620666 00000 n +0000620981 00000 n +0000621043 00000 n +0000621106 00000 n +0000621169 00000 n +0000621232 00000 n +0000621294 00000 n +0000621356 00000 n +0000621418 00000 n +0000621482 00000 n +0000621545 00000 n +0000621609 00000 n +0000621673 00000 n +0000621737 00000 n +0000621801 00000 n +0000621864 00000 n +0000621927 00000 n +0000621991 00000 n +0000622055 00000 n +0000622119 00000 n +0000622183 00000 n +0000622247 00000 n +0000622311 00000 n +0000622375 00000 n +0000622438 00000 n +0000622502 00000 n +0000622566 00000 n +0000622630 00000 n +0000622693 00000 n +0000622757 00000 n +0000622820 00000 n +0000622883 00000 n +0000622946 00000 n +0000623009 00000 n +0000623073 00000 n +0000623136 00000 n +0000623200 00000 n +0000623264 00000 n +0000627361 00000 n +0000625531 00000 n +0000623545 00000 n +0000625655 00000 n +0000625781 00000 n +0000625844 00000 n +0000625908 00000 n +0000625971 00000 n +0000626034 00000 n +0000626097 00000 n +0000626159 00000 n +0000626222 00000 n +0000626285 00000 n +0000626347 00000 n +0000626410 00000 n +0000626474 00000 n +0000626537 00000 n +0000626601 00000 n +0000626664 00000 n +0000626727 00000 n +0000626790 00000 n +0000626853 00000 n +0000626916 00000 n +0000626979 00000 n +0000627043 00000 n +0000627106 00000 n +0000627170 00000 n +0000627234 00000 n +0000627298 00000 n +0000630561 00000 n +0000629304 00000 n +0000627501 00000 n +0000629428 00000 n +0000629491 00000 n +0000629681 00000 n +0000629744 00000 n +0000629808 00000 n +0000629871 00000 n +0000630058 00000 n +0000630121 00000 n +0000630184 00000 n +0000630372 00000 n +0000630435 00000 n +0000630499 00000 n +0000633561 00000 n +0000632617 00000 n +0000630674 00000 n +0000632741 00000 n +0000632804 00000 n +0000632866 00000 n +0000632929 00000 n +0000632992 00000 n +0000633056 00000 n +0000633119 00000 n +0000633183 00000 n +0000633246 00000 n +0000633310 00000 n +0000633373 00000 n +0000633435 00000 n +0000633499 00000 n +0000638197 00000 n +0000635375 00000 n +0000633661 00000 n +0000635670 00000 n +0000635983 00000 n +0000636046 00000 n +0000636109 00000 n +0000636172 00000 n +0000636236 00000 n +0000636299 00000 n +0000636362 00000 n +0000636426 00000 n +0000635520 00000 n +0000636490 00000 n +0000636553 00000 n +0000636616 00000 n +0000636680 00000 n +0000636744 00000 n +0000636807 00000 n +0000636869 00000 n +0000636933 00000 n +0000636997 00000 n +0000637059 00000 n +0000637122 00000 n +0000637185 00000 n +0000637249 00000 n +0000637312 00000 n +0000637375 00000 n +0000637438 00000 n +0000637502 00000 n +0000637566 00000 n +0000637629 00000 n +0000637692 00000 n +0000637756 00000 n +0000637818 00000 n +0000637881 00000 n +0000637945 00000 n +0000638008 00000 n +0000638071 00000 n +0000638135 00000 n +0000643220 00000 n +0000640389 00000 n +0000638310 00000 n +0000640686 00000 n +0000640749 00000 n +0000640812 00000 n +0000640875 00000 n +0000640939 00000 n +0000641003 00000 n +0000641066 00000 n +0000641130 00000 n +0000641192 00000 n +0000641255 00000 n +0000641319 00000 n +0000641383 00000 n +0000641447 00000 n +0000641511 00000 n +0000641574 00000 n +0000641637 00000 n +0000641701 00000 n +0000641764 00000 n +0000641827 00000 n +0000641890 00000 n +0000640534 00000 n +0000641954 00000 n +0000642017 00000 n +0000642080 00000 n +0000642144 00000 n +0000642207 00000 n +0000642270 00000 n +0000642334 00000 n +0000642397 00000 n +0000642460 00000 n +0000642524 00000 n +0000642587 00000 n +0000642650 00000 n +0000642714 00000 n +0000642777 00000 n +0000642838 00000 n +0000642902 00000 n +0000642966 00000 n +0000643030 00000 n +0000643093 00000 n +0000643156 00000 n +0000764557 00000 n +0000647549 00000 n +0000645025 00000 n +0000643333 00000 n +0000645149 00000 n +0000645212 00000 n +0000645275 00000 n +0000645338 00000 n +0000645402 00000 n +0000645465 00000 n +0000645527 00000 n +0000645590 00000 n +0000645654 00000 n +0000645717 00000 n +0000645780 00000 n +0000645844 00000 n +0000645907 00000 n +0000645970 00000 n +0000646034 00000 n +0000646097 00000 n +0000646160 00000 n +0000646349 00000 n +0000646412 00000 n +0000646475 00000 n +0000646538 00000 n +0000646601 00000 n +0000646665 00000 n +0000646728 00000 n +0000646791 00000 n +0000646855 00000 n +0000646918 00000 n +0000646981 00000 n +0000647045 00000 n +0000647107 00000 n +0000647170 00000 n +0000647234 00000 n +0000647297 00000 n +0000647360 00000 n +0000647424 00000 n +0000652315 00000 n +0000649598 00000 n +0000647689 00000 n +0000649722 00000 n +0000649848 00000 n +0000649911 00000 n +0000649974 00000 n +0000650037 00000 n +0000650101 00000 n +0000650165 00000 n +0000650228 00000 n +0000650291 00000 n +0000650355 00000 n +0000650419 00000 n +0000650482 00000 n +0000650545 00000 n +0000650607 00000 n +0000650670 00000 n +0000650860 00000 n +0000650923 00000 n +0000650986 00000 n +0000651049 00000 n +0000651113 00000 n +0000651176 00000 n +0000651239 00000 n +0000651303 00000 n +0000651366 00000 n +0000651428 00000 n +0000651492 00000 n +0000651555 00000 n +0000651618 00000 n +0000651682 00000 n +0000651745 00000 n +0000651808 00000 n +0000651871 00000 n +0000651935 00000 n +0000651998 00000 n +0000652061 00000 n +0000652124 00000 n +0000652187 00000 n +0000652251 00000 n +0000657425 00000 n +0000654438 00000 n +0000652441 00000 n +0000654899 00000 n +0000654962 00000 n +0000655024 00000 n +0000655088 00000 n +0000655150 00000 n +0000655213 00000 n +0000655277 00000 n +0000655340 00000 n +0000655403 00000 n +0000655591 00000 n +0000655653 00000 n +0000654592 00000 n +0000655717 00000 n +0000655780 00000 n +0000655843 00000 n +0000655906 00000 n +0000655968 00000 n +0000656031 00000 n +0000654748 00000 n +0000656095 00000 n +0000656157 00000 n +0000656220 00000 n +0000656284 00000 n +0000656347 00000 n +0000656410 00000 n +0000656473 00000 n +0000656537 00000 n +0000656601 00000 n +0000656665 00000 n +0000656727 00000 n +0000656790 00000 n +0000656854 00000 n +0000656918 00000 n +0000656981 00000 n +0000657044 00000 n +0000657108 00000 n +0000657171 00000 n +0000657234 00000 n +0000657297 00000 n +0000657361 00000 n +0000660113 00000 n +0000658533 00000 n +0000657565 00000 n +0000658657 00000 n +0000658720 00000 n +0000658783 00000 n +0000658846 00000 n +0000658910 00000 n +0000658974 00000 n +0000659036 00000 n +0000659100 00000 n +0000659164 00000 n +0000659227 00000 n +0000659290 00000 n +0000659354 00000 n +0000659418 00000 n +0000659481 00000 n +0000659544 00000 n +0000659607 00000 n +0000659671 00000 n +0000659732 00000 n +0000659795 00000 n +0000659859 00000 n +0000659923 00000 n +0000659986 00000 n +0000660049 00000 n +0000668174 00000 n +0000662791 00000 n +0000660213 00000 n +0000663088 00000 n +0000663403 00000 n +0000663466 00000 n +0000663529 00000 n +0000663592 00000 n +0000663656 00000 n +0000663720 00000 n +0000663783 00000 n +0000663847 00000 n +0000663911 00000 n +0000663974 00000 n +0000664038 00000 n +0000664102 00000 n +0000664165 00000 n +0000664229 00000 n +0000664293 00000 n +0000664356 00000 n +0000664420 00000 n +0000664484 00000 n +0000664547 00000 n +0000664611 00000 n +0000664675 00000 n +0000664739 00000 n +0000664803 00000 n +0000664866 00000 n +0000664930 00000 n +0000664994 00000 n +0000665058 00000 n +0000665122 00000 n +0000665185 00000 n +0000665249 00000 n +0000665313 00000 n +0000665377 00000 n +0000665441 00000 n +0000665504 00000 n +0000665568 00000 n +0000665632 00000 n +0000665696 00000 n +0000665760 00000 n +0000665823 00000 n +0000665887 00000 n +0000665951 00000 n +0000666015 00000 n +0000666079 00000 n +0000666141 00000 n +0000666205 00000 n +0000666269 00000 n +0000666333 00000 n +0000666397 00000 n +0000666459 00000 n +0000666522 00000 n +0000666585 00000 n +0000666647 00000 n +0000666711 00000 n +0000666774 00000 n +0000666838 00000 n +0000666902 00000 n +0000666966 00000 n +0000667029 00000 n +0000667093 00000 n +0000667157 00000 n +0000667220 00000 n +0000667283 00000 n +0000667347 00000 n +0000667411 00000 n +0000667475 00000 n +0000667538 00000 n +0000667602 00000 n +0000662936 00000 n +0000667666 00000 n +0000667730 00000 n +0000667793 00000 n +0000667856 00000 n +0000667919 00000 n +0000667983 00000 n +0000668047 00000 n +0000668111 00000 n +0000676096 00000 n +0000670950 00000 n +0000668314 00000 n +0000671074 00000 n +0000671137 00000 n +0000671201 00000 n +0000671265 00000 n +0000671328 00000 n +0000671391 00000 n +0000671454 00000 n +0000671517 00000 n +0000671581 00000 n +0000671645 00000 n +0000671709 00000 n +0000671772 00000 n +0000671836 00000 n +0000671900 00000 n +0000671963 00000 n +0000672026 00000 n +0000672090 00000 n +0000672154 00000 n +0000672218 00000 n +0000672281 00000 n +0000672345 00000 n +0000672409 00000 n +0000672472 00000 n +0000672536 00000 n +0000672600 00000 n +0000672663 00000 n +0000672727 00000 n +0000672791 00000 n +0000672854 00000 n +0000672918 00000 n +0000672982 00000 n +0000673172 00000 n +0000673235 00000 n +0000673298 00000 n +0000673362 00000 n +0000673426 00000 n +0000673490 00000 n +0000673554 00000 n +0000673618 00000 n +0000673682 00000 n +0000673746 00000 n +0000673810 00000 n +0000673873 00000 n +0000673936 00000 n +0000673999 00000 n +0000674062 00000 n +0000674125 00000 n +0000674189 00000 n +0000674253 00000 n +0000674317 00000 n +0000674380 00000 n +0000674444 00000 n +0000674508 00000 n +0000674572 00000 n +0000674636 00000 n +0000674699 00000 n +0000674763 00000 n +0000674827 00000 n +0000674890 00000 n +0000674954 00000 n +0000675144 00000 n +0000675207 00000 n +0000675270 00000 n +0000675334 00000 n +0000675398 00000 n +0000675461 00000 n +0000675525 00000 n +0000675589 00000 n +0000675650 00000 n +0000675714 00000 n +0000675778 00000 n +0000675842 00000 n +0000675905 00000 n +0000675969 00000 n +0000676033 00000 n +0000764682 00000 n +0000677139 00000 n +0000676760 00000 n +0000676250 00000 n +0000676884 00000 n +0000676947 00000 n +0000677011 00000 n +0000677075 00000 n +0000681580 00000 n +0000679128 00000 n +0000677239 00000 n +0000679745 00000 n +0000680060 00000 n +0000680123 00000 n +0000680187 00000 n +0000680251 00000 n +0000680315 00000 n +0000679291 00000 n +0000679443 00000 n +0000679595 00000 n +0000680378 00000 n +0000680441 00000 n +0000680504 00000 n +0000680568 00000 n +0000680632 00000 n +0000680696 00000 n +0000680760 00000 n +0000680823 00000 n +0000680887 00000 n +0000680950 00000 n +0000681013 00000 n +0000681075 00000 n +0000681138 00000 n +0000681201 00000 n +0000681264 00000 n +0000681327 00000 n +0000681391 00000 n +0000681455 00000 n +0000681518 00000 n +0000686036 00000 n +0000683298 00000 n +0000681748 00000 n +0000683755 00000 n +0000683818 00000 n +0000683943 00000 n +0000684006 00000 n +0000684070 00000 n +0000684133 00000 n +0000684197 00000 n +0000684261 00000 n +0000684322 00000 n +0000684386 00000 n +0000684450 00000 n +0000684639 00000 n +0000683452 00000 n +0000684702 00000 n +0000684765 00000 n +0000684828 00000 n +0000684892 00000 n +0000684956 00000 n +0000685020 00000 n +0000685084 00000 n +0000685148 00000 n +0000685212 00000 n +0000685276 00000 n +0000685340 00000 n +0000685403 00000 n +0000685466 00000 n +0000685530 00000 n +0000683603 00000 n +0000685593 00000 n +0000685656 00000 n +0000685719 00000 n +0000685783 00000 n +0000685846 00000 n +0000685909 00000 n +0000690329 00000 n +0000686871 00000 n +0000686176 00000 n +0000687173 00000 n +0000687361 00000 n +0000687016 00000 n +0000687424 00000 n +0000687487 00000 n +0000687550 00000 n +0000687613 00000 n +0000687677 00000 n +0000687740 00000 n +0000687803 00000 n +0000687867 00000 n +0000687930 00000 n +0000687993 00000 n +0000688057 00000 n +0000688119 00000 n +0000688181 00000 n +0000688245 00000 n +0000688308 00000 n +0000688371 00000 n +0000688435 00000 n +0000688498 00000 n +0000688561 00000 n +0000688625 00000 n +0000688687 00000 n +0000688749 00000 n +0000688813 00000 n +0000688876 00000 n +0000688939 00000 n +0000689003 00000 n +0000689066 00000 n +0000689129 00000 n +0000689193 00000 n +0000689255 00000 n +0000689317 00000 n +0000689380 00000 n +0000689443 00000 n +0000689506 00000 n +0000689570 00000 n +0000689633 00000 n +0000689696 00000 n +0000689760 00000 n +0000689823 00000 n +0000689886 00000 n +0000689949 00000 n +0000690012 00000 n +0000690075 00000 n +0000690139 00000 n +0000690202 00000 n +0000690265 00000 n +0000694439 00000 n +0000691552 00000 n +0000690455 00000 n +0000691853 00000 n +0000691916 00000 n +0000691978 00000 n +0000692041 00000 n +0000692104 00000 n +0000692231 00000 n +0000691697 00000 n +0000692294 00000 n +0000692357 00000 n +0000692420 00000 n +0000692483 00000 n +0000692546 00000 n +0000692609 00000 n +0000692673 00000 n +0000692735 00000 n +0000692797 00000 n +0000692861 00000 n +0000692924 00000 n +0000692987 00000 n +0000693051 00000 n +0000693114 00000 n +0000693177 00000 n +0000693241 00000 n +0000693304 00000 n +0000693367 00000 n +0000693430 00000 n +0000693493 00000 n +0000693556 00000 n +0000693620 00000 n +0000693683 00000 n +0000693746 00000 n +0000693810 00000 n +0000693873 00000 n +0000693936 00000 n +0000693998 00000 n +0000694061 00000 n +0000694124 00000 n +0000694188 00000 n +0000694376 00000 n +0000698515 00000 n +0000695551 00000 n +0000694565 00000 n +0000695675 00000 n +0000695738 00000 n +0000695801 00000 n +0000695864 00000 n +0000695927 00000 n +0000695990 00000 n +0000696053 00000 n +0000696116 00000 n +0000696179 00000 n +0000696243 00000 n +0000696306 00000 n +0000696369 00000 n +0000696433 00000 n +0000696496 00000 n +0000696559 00000 n +0000696622 00000 n +0000696685 00000 n +0000696748 00000 n +0000696938 00000 n +0000697001 00000 n +0000697064 00000 n +0000697127 00000 n +0000697190 00000 n +0000697253 00000 n +0000697316 00000 n +0000697380 00000 n +0000697443 00000 n +0000697506 00000 n +0000697568 00000 n +0000697631 00000 n +0000697694 00000 n +0000697758 00000 n +0000697821 00000 n +0000697884 00000 n +0000697948 00000 n +0000698011 00000 n +0000698074 00000 n +0000698137 00000 n +0000698200 00000 n +0000698263 00000 n +0000698327 00000 n +0000698389 00000 n +0000698451 00000 n +0000764807 00000 n +0000702376 00000 n +0000699667 00000 n +0000698641 00000 n +0000699791 00000 n +0000699854 00000 n +0000699916 00000 n +0000699979 00000 n +0000700042 00000 n +0000700106 00000 n +0000700168 00000 n +0000700230 00000 n +0000700420 00000 n +0000700483 00000 n +0000700546 00000 n +0000700609 00000 n +0000700672 00000 n +0000700734 00000 n +0000700796 00000 n +0000700860 00000 n +0000700923 00000 n +0000700986 00000 n +0000701050 00000 n +0000701113 00000 n +0000701176 00000 n +0000701240 00000 n +0000701303 00000 n +0000701366 00000 n +0000701430 00000 n +0000701493 00000 n +0000701556 00000 n +0000701744 00000 n +0000701807 00000 n +0000701870 00000 n +0000701933 00000 n +0000701996 00000 n +0000702059 00000 n +0000702122 00000 n +0000702186 00000 n +0000702249 00000 n +0000702312 00000 n +0000706050 00000 n +0000703724 00000 n +0000702502 00000 n +0000703848 00000 n +0000703911 00000 n +0000703973 00000 n +0000704036 00000 n +0000704099 00000 n +0000704163 00000 n +0000704226 00000 n +0000704289 00000 n +0000704477 00000 n +0000704540 00000 n +0000704602 00000 n +0000704664 00000 n +0000704727 00000 n +0000704790 00000 n +0000704853 00000 n +0000704917 00000 n +0000704980 00000 n +0000705043 00000 n +0000705107 00000 n +0000705170 00000 n +0000705233 00000 n +0000705421 00000 n +0000705484 00000 n +0000705547 00000 n +0000705610 00000 n +0000705673 00000 n +0000705735 00000 n +0000705797 00000 n +0000705861 00000 n +0000705924 00000 n +0000705987 00000 n +0000710483 00000 n +0000707585 00000 n +0000706176 00000 n +0000707709 00000 n +0000707772 00000 n +0000707834 00000 n +0000707897 00000 n +0000707960 00000 n +0000708023 00000 n +0000708086 00000 n +0000708149 00000 n +0000708212 00000 n +0000708275 00000 n +0000708338 00000 n +0000708401 00000 n +0000708464 00000 n +0000708527 00000 n +0000708591 00000 n +0000708654 00000 n +0000708717 00000 n +0000708906 00000 n +0000708969 00000 n +0000709031 00000 n +0000709093 00000 n +0000709156 00000 n +0000709219 00000 n +0000709282 00000 n +0000709346 00000 n +0000709409 00000 n +0000709472 00000 n +0000709536 00000 n +0000709599 00000 n +0000709662 00000 n +0000709726 00000 n +0000709789 00000 n +0000709852 00000 n +0000709915 00000 n +0000709978 00000 n +0000710041 00000 n +0000710105 00000 n +0000710167 00000 n +0000710229 00000 n +0000710293 00000 n +0000710356 00000 n +0000710419 00000 n +0000714940 00000 n +0000712099 00000 n +0000710609 00000 n +0000712223 00000 n +0000712286 00000 n +0000712349 00000 n +0000712412 00000 n +0000712476 00000 n +0000712539 00000 n +0000712602 00000 n +0000712664 00000 n +0000712727 00000 n +0000712790 00000 n +0000712854 00000 n +0000712917 00000 n +0000712980 00000 n +0000713044 00000 n +0000713107 00000 n +0000713170 00000 n +0000713234 00000 n +0000713297 00000 n +0000713360 00000 n +0000713424 00000 n +0000713486 00000 n +0000713548 00000 n +0000713612 00000 n +0000713675 00000 n +0000713738 00000 n +0000713802 00000 n +0000713865 00000 n +0000713928 00000 n +0000713991 00000 n +0000714054 00000 n +0000714117 00000 n +0000714181 00000 n +0000714244 00000 n +0000714307 00000 n +0000714371 00000 n +0000714434 00000 n +0000714497 00000 n +0000714560 00000 n +0000714623 00000 n +0000714686 00000 n +0000714750 00000 n +0000714813 00000 n +0000714876 00000 n +0000720073 00000 n +0000716786 00000 n +0000715053 00000 n +0000716910 00000 n +0000716973 00000 n +0000717035 00000 n +0000717098 00000 n +0000717161 00000 n +0000717223 00000 n +0000717286 00000 n +0000717349 00000 n +0000717413 00000 n +0000717476 00000 n +0000717539 00000 n +0000717603 00000 n +0000717666 00000 n +0000717729 00000 n +0000717793 00000 n +0000717856 00000 n +0000717919 00000 n +0000717983 00000 n +0000718046 00000 n +0000718109 00000 n +0000718173 00000 n +0000718236 00000 n +0000718299 00000 n +0000718363 00000 n +0000718426 00000 n +0000718489 00000 n +0000718553 00000 n +0000718616 00000 n +0000718679 00000 n +0000718742 00000 n +0000718806 00000 n +0000718869 00000 n +0000718932 00000 n +0000718996 00000 n +0000719059 00000 n +0000719122 00000 n +0000719186 00000 n +0000719249 00000 n +0000719312 00000 n +0000719376 00000 n +0000719439 00000 n +0000719502 00000 n +0000719566 00000 n +0000719629 00000 n +0000719692 00000 n +0000719756 00000 n +0000719820 00000 n +0000719883 00000 n +0000719946 00000 n +0000720009 00000 n +0000724979 00000 n +0000721636 00000 n +0000720200 00000 n +0000721760 00000 n +0000721823 00000 n +0000721885 00000 n +0000721948 00000 n +0000722011 00000 n +0000722075 00000 n +0000722138 00000 n +0000722201 00000 n +0000722264 00000 n +0000722327 00000 n +0000722390 00000 n +0000722454 00000 n +0000722517 00000 n +0000722580 00000 n +0000722643 00000 n +0000722706 00000 n +0000722769 00000 n +0000722833 00000 n +0000722894 00000 n +0000722955 00000 n +0000723019 00000 n +0000723083 00000 n +0000723145 00000 n +0000723207 00000 n +0000723271 00000 n +0000723334 00000 n +0000723397 00000 n +0000723461 00000 n +0000723524 00000 n +0000723587 00000 n +0000723651 00000 n +0000723714 00000 n +0000723777 00000 n +0000723841 00000 n +0000723903 00000 n +0000723965 00000 n +0000724029 00000 n +0000724092 00000 n +0000724155 00000 n +0000724219 00000 n +0000724282 00000 n +0000724345 00000 n +0000724409 00000 n +0000724472 00000 n +0000724535 00000 n +0000724599 00000 n +0000724662 00000 n +0000724725 00000 n +0000724789 00000 n +0000724852 00000 n +0000724915 00000 n +0000764932 00000 n +0000729564 00000 n +0000726657 00000 n +0000725106 00000 n +0000726781 00000 n +0000726844 00000 n +0000726907 00000 n +0000726970 00000 n +0000727034 00000 n +0000727097 00000 n +0000727160 00000 n +0000727223 00000 n +0000727286 00000 n +0000727349 00000 n +0000727413 00000 n +0000727476 00000 n +0000727539 00000 n +0000727603 00000 n +0000727666 00000 n +0000727729 00000 n +0000727792 00000 n +0000727855 00000 n +0000727918 00000 n +0000727981 00000 n +0000728045 00000 n +0000728108 00000 n +0000728171 00000 n +0000728235 00000 n +0000728298 00000 n +0000728361 00000 n +0000728424 00000 n +0000728487 00000 n +0000728550 00000 n +0000728614 00000 n +0000728677 00000 n +0000728740 00000 n +0000728804 00000 n +0000728867 00000 n +0000728930 00000 n +0000728994 00000 n +0000729057 00000 n +0000729120 00000 n +0000729184 00000 n +0000729247 00000 n +0000729310 00000 n +0000729374 00000 n +0000729437 00000 n +0000729500 00000 n +0000734358 00000 n +0000731345 00000 n +0000729677 00000 n +0000731641 00000 n +0000731704 00000 n +0000731766 00000 n +0000731829 00000 n +0000731892 00000 n +0000731956 00000 n +0000732018 00000 n +0000732080 00000 n +0000732144 00000 n +0000732207 00000 n +0000732270 00000 n +0000732334 00000 n +0000732397 00000 n +0000732460 00000 n +0000732523 00000 n +0000732586 00000 n +0000732649 00000 n +0000732713 00000 n +0000732776 00000 n +0000732966 00000 n +0000731490 00000 n +0000733029 00000 n +0000733092 00000 n +0000733155 00000 n +0000733218 00000 n +0000733281 00000 n +0000733344 00000 n +0000733408 00000 n +0000733471 00000 n +0000733534 00000 n +0000733598 00000 n +0000733661 00000 n +0000733724 00000 n +0000733788 00000 n +0000733851 00000 n +0000733914 00000 n +0000733978 00000 n +0000734041 00000 n +0000734104 00000 n +0000734168 00000 n +0000734231 00000 n +0000734294 00000 n +0000738755 00000 n +0000736370 00000 n +0000734484 00000 n +0000736667 00000 n +0000736730 00000 n +0000736793 00000 n +0000736856 00000 n +0000736920 00000 n +0000736983 00000 n +0000737046 00000 n +0000737109 00000 n +0000737172 00000 n +0000737235 00000 n +0000737299 00000 n +0000737362 00000 n +0000737425 00000 n +0000737615 00000 n +0000737678 00000 n +0000737742 00000 n +0000737805 00000 n +0000737868 00000 n +0000737931 00000 n +0000737994 00000 n +0000738057 00000 n +0000738121 00000 n +0000736515 00000 n +0000738184 00000 n +0000738246 00000 n +0000738309 00000 n +0000738372 00000 n +0000738436 00000 n +0000738499 00000 n +0000738563 00000 n +0000738627 00000 n +0000738691 00000 n +0000743231 00000 n +0000740450 00000 n +0000738909 00000 n +0000740574 00000 n +0000740763 00000 n +0000740826 00000 n +0000740890 00000 n +0000740954 00000 n +0000741018 00000 n +0000741081 00000 n +0000741145 00000 n +0000741335 00000 n +0000741398 00000 n +0000741461 00000 n +0000741523 00000 n +0000741587 00000 n +0000741650 00000 n +0000741713 00000 n +0000741777 00000 n +0000741840 00000 n +0000741903 00000 n +0000741967 00000 n +0000742029 00000 n +0000742092 00000 n +0000742156 00000 n +0000742219 00000 n +0000742282 00000 n +0000742346 00000 n +0000742409 00000 n +0000742472 00000 n +0000742536 00000 n +0000742599 00000 n +0000742662 00000 n +0000742726 00000 n +0000742788 00000 n +0000742851 00000 n +0000742915 00000 n +0000742979 00000 n +0000743042 00000 n +0000743105 00000 n +0000743169 00000 n +0000747587 00000 n +0000744556 00000 n +0000743343 00000 n +0000744680 00000 n +0000744805 00000 n +0000744868 00000 n +0000744931 00000 n +0000744995 00000 n +0000745057 00000 n +0000745121 00000 n +0000745184 00000 n +0000745247 00000 n +0000745311 00000 n +0000745374 00000 n +0000745437 00000 n +0000745500 00000 n +0000745563 00000 n +0000745626 00000 n +0000745690 00000 n +0000745753 00000 n +0000745815 00000 n +0000745879 00000 n +0000745942 00000 n +0000746005 00000 n +0000746068 00000 n +0000746131 00000 n +0000746194 00000 n +0000746258 00000 n +0000746321 00000 n +0000746384 00000 n +0000746448 00000 n +0000746511 00000 n +0000746574 00000 n +0000746638 00000 n +0000746701 00000 n +0000746764 00000 n +0000746828 00000 n +0000746891 00000 n +0000746954 00000 n +0000747018 00000 n +0000747081 00000 n +0000747144 00000 n +0000747208 00000 n +0000747271 00000 n +0000747334 00000 n +0000747398 00000 n +0000747461 00000 n +0000747523 00000 n +0000751543 00000 n +0000748763 00000 n +0000747673 00000 n +0000748887 00000 n +0000748950 00000 n +0000749013 00000 n +0000749076 00000 n +0000749203 00000 n +0000749265 00000 n +0000749328 00000 n +0000749390 00000 n +0000749454 00000 n +0000749517 00000 n +0000749580 00000 n +0000749644 00000 n +0000749707 00000 n +0000749770 00000 n +0000749834 00000 n +0000749897 00000 n +0000749960 00000 n +0000750024 00000 n +0000750087 00000 n +0000750150 00000 n +0000750214 00000 n +0000750277 00000 n +0000750340 00000 n +0000750404 00000 n +0000750467 00000 n +0000750530 00000 n +0000750720 00000 n +0000750783 00000 n +0000750846 00000 n +0000750909 00000 n +0000750973 00000 n +0000751036 00000 n +0000751099 00000 n +0000751163 00000 n +0000751226 00000 n +0000751289 00000 n +0000751353 00000 n +0000751416 00000 n +0000751479 00000 n +0000765057 00000 n +0000751642 00000 n +0000754865 00000 n +0000757127 00000 n +0000759392 00000 n +0000759423 00000 n +0000765137 00000 n +0000765262 00000 n +0000765388 00000 n +0000765514 00000 n +0000765640 00000 n +0000765732 00000 n +0000784139 00000 n +0000867113 00000 n +0000867154 00000 n +0000867194 00000 n +0000867425 00000 n +trailer +<< +/Size 5917 +/Root 5915 0 R +/Info 5916 0 R +>> +startxref +867581 +%%EOF Index: branches/samhain-2_2-branch/docs/README =================================================================== --- branches/samhain-2_2-branch/docs/README (revision 66) +++ branches/samhain-2_2-branch/docs/README (revision 66) @@ -0,0 +1,497 @@ + +CONTENT OF THIS DOCUMENT +------------------------ + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +++ +++ + +++ NOTE: The distribution package contains a much more detailed MANUAL +++ + +++ +++ + +++ ---- See the docs/ subdirectory ---- +++ + +++ +++ + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + - INSTALL basic install procedure + + - PGP SIGNATURES signing database and config file + + - CLIENT/SERVER how to install and use with client/server mode + for distributed host monitoring + + - STEALTH how to install and use with stealth mode enabled + + - USAGE some usage examples + + - CAVEATS what the name says + + - START AT BOOT TIME how to start the daemon during the boot sequence + + - CONFIGURE OPTIONS overview of supported options, and defaults + + - TESTING test suite (also useful to see EXAMPLES) + + + + +INSTALL: +------- + + Unpack the source with: + + gunzip -c samhain-current.tar.gz | tar xvf - + + This will drop two files in your current directory: + + samhain-{version}.tar.gz + samhain-{version}.tar.gz.asc + + To check authenticity and integrity of the source code, verify + the PGP signature on samhain-{version}.tar.gz + (public PGP key for Rainer Wichmann at http://wwwkeys.pgp.net/): + + gpg --verify samhain-{version}.tar.gz.asc samhain-{version}.tar.gz + + Then unpack samhain-{version}.tar.gz: + + gunzip -c samhain-{version}.tar.gz | tar xvf - + cd samhain-{version} + + If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) + installed, you can use the GUI install tool: + + ./Install.sh + + Otherwise use the commands: + + ./configure [options] + make + su root + make install + + At least the following executable will be built: + + +++ samhain +++ the monitoring agent, without any + client/server support (i.e. local use only) + + Additional executables will be built if you compile in client/server + and/or stealth mode (see below). + + The 'make install' target will strip the executable(s), i.e. + discard symbols. + + PATHS: + ----- + For configuring the install paths/locations, + see the MANUAL. + + + WARNING: + ------- + Some versions of gcc have a bug that generates incorrect + code if strength reducing is enabled. + If you modify the compiler flags, always use the -fno-strength-reduce + option with gcc, unless you are sure that your compiler does not + suffer from the problem (see README.gcc_bug). + Also, some gcc versions generate incorrect code unless the + -fno-omit-frame-pointer option is used. + The -fno-strength-reduce and the -fno-omit-frame-pointer options are + enabled by default by the 'configure' script. + +PGP SIGNATURES: +-------------- + By default, samhain will report on the checksums of the database + and configuration files on startup. + + You can always (clear)sign the database (once initialized) + with GnuPG, as well as the configuration file + (recommended: gpg -a --clearsign --not-dash-escaped FILE). + + However, to have samhain check these signatures, rather than ignoring + them, you need GnuPG and you must compile samhain with the option + + ./configure --with-gpg=PATH + + where PATH is the path to the gpg/pgp binary. + + Samhain will invoke gpg only after checking that + only trusted users (by default: root and the effective user) + have write access to any element in the path. + + The public key for verification must be in the keyring of the + effective user (usually root) + + For more security, it is possible to compile in the checksum + of the GnuPG executable, and/or the key fingerprint. See + the MANUAL for more details. + + The public key will be searched in the gpg home directory + (~/.gnupg/) of the effective user (usually root). + The key identification and fingerprint will be reported. + +CLIENT/SERVER: +------------- + + samhain supports logging to a central server via TCP/IP. + To enable this option, use the ./configure option + + ./configure --enable-network=client|server [more options] + + NOTE: client and server are __distict__ applications, and must be + built seperately. By default, installation names and paths are + different. Do not blame us if you abuse './configure' options to + cause name clashes, if you install both on the same host. + + The following executables are built: + + +++ samhain (client) +++ the monitoring agent, + with client code included + if --enable-network=client + + +++ yule (server) +++ the log server (no monitoring, just report + collecting !!!) + if --enable-network=server + + +++ samhain_setpwd +++ a utility program to set the password of + a monitoring agent (see man page samhain.8). + Use it without options to get help. + + + To set up a monitoring agent, do the following: + + -- select a (16-digit hexadecimal) password. To generate + a random password, you can use: + + ./yule -G + + -- use 'samhain_setpwd samhain ' + to generate an agent 'samhain.suffix' with the selected password + (you can rename the agent afterwards, of course) + + -- use 'yule -P password' to compute an entry to register the agent + + -- in the servers's configuration file, insert the computed entry + (replace HOSTNAME with the host, on which the agent will run) + in the section called [Clients] + + By default, client/server authentication + is done with the SRP (Secure Remote Password) protocol. + + It is also possible to store configuration and database files + on the server. See the manual for details. + +STEALTH: +------- + + samhain supports a 'stealth' mode of operation, meaning that + the program can be run without any obvious trace of its presence + on disk. The supplied facilities are more sophisticated than + just running the program under a different name, + and might thwart efforts using 'standard' Unix commands, + but they will not resist a search using dedicated utilities. + To enable this mode, use the ./configure option + + ./configure --enable-stealth=XOR_VAL [more options] + + XOR_VAL must be a decimal number in the range 0, 128..255 + (using 0 will have no effect). + + The runtime executable will contain no printable strings revealing + its nature or purpose (strings are xor'ed with XOR_VAL at compile + time, and decoded at runtime). + + The configuration file is expected to be + a postscript file with _uncompressed_ image data, wherein + the configuration data are hidden by steganography. + To create a suitable image file from an existing image, + you may use e.g. the ImageMagick program 'convert', such as: + + convert +compress ima.jpg ima.ps + + The following additional executable will be built: + + +++ samhain_stealth +++ steganography utility program to hide/extract + the configuration file data in/from a + postscript file with + _uncompressed_ image data. + Use it without options to get help. + + Database and log file entries are xor'ed with XOR_VAL to 'mask' + printable strings as binary data. No steganography is supported + for them, as this would require image files of unreasonable large + size. + However, if the database/log file is an existing image (say, a .jpg + file), the data will be appended to the end of the image data. + The image will display normally, and on examination of the file, + the add-on data will look like binary (image) data at first sight. + The built-in utility to verify and print log file entries + will handle this situation transparently. + + To re-name samhain to something unsuspicious, use the configure option + + ./configure --enable-install-name=NAME + + 'make install' will then re-name samhain upon installation. Also, + database, log file, and pid file will have 'samhain' replaced by + NAME. + + +USAGE EXAMPLES: +-------------- + + Review the default configuration file that comes with the + source distribution. Read the man page (samhain.8). + + initialize database: samhain -t init + + check files: samhain -t check + + run as daemon: samhain -t check -D + + report to log server: samhain -t check -D -e warn + + start the log server: yule -S + + +CAVEATS: +------- + Permissions: + ----------- + samhain needs root permissions to check some system files. + The log server does not require root permissions, unless + you use a privileged port (port number below 1024). + If you use --enable-udp to listen on the syslog socket, you need + to start the log server with root permissions (it will drop them + after binding to the port). + + Trust: + ----- + samhain checks the path to critical files (database, configuration) + for write access by untrusted users. By default, only root and + the effective user are trusted. More UIDs can be added as a + compile options (some systems habe 'bin' as owner of the root + directory). + + Integrity: + --------- + On startup, samhain will report on signatures or checksums of + database and configuration files. You better check these reports. + + Both startup and exit will be reported. If you are using samhain + as daemon and start it at boot time, you may want to check that + startup/exit corresponds with scheduled reboots. + + If the path to the samhain binary is defined in the configuration + file, samhain will checksum the binary at startup and compare + at program termination. This will minimize the time available + for an intruder to modify the binary. + + Mail address: + ------------ + For offsite mail, you may have to set a mail relay host + in the configuration file. + +START AT BOOT TIME: +------------------ + the easy way (supported on Linux, FreeBSD, HP-UX, AIX): + + su root + make install-boot + + + +CONFIGURE OPTIONS: +----------------- + + ------------------- + -- basic options -- + ------------------- + + --enable-network Compile with client/server support. + + --enable-udp Enable the server to listen on + port 514/udp (syslog). + + --enable-srp Use SRP protocol to authenticate to + log server. + + --with-gpg=PATH Use GnuPG to verify database/config. + The public key of the effective + user (in ~/.gnupg/pubring.gpg) + will be used. + + --enable-login-watch Watch for login/logout events. + + --enable-stealth=XOR_VAL Enable stealth mode, and set XOR_VAL. + XOR_VAL must be decimal in + 0..32 or 127..255 + and will be used to 'mask' literal + strings as binary data. + (0 has no effect). + + --enable-micro-stealth=XOR_VAL + As --with-stealth, but without + steganographic hidden configuration + file. + + --enable-nocl=PW Enable command line parsing ONLY if + PW is the first argument on the command + line. If PW is "" (empty string), + command line parsing is completely + disabled. + + --enable-base=BASE Set base for one-time pads. Must be + ONE string (no space) made of TWO + comma-separated integers in the range + -2147483648...2147483647. + (The default is compile time.) + Binaries compiled with different + values cannot verify the audit trail(s) + of each other. + THIS IS IMPORTANT IF YOU COMPILE + MULTIPLE TIMES, E.G. ON DIFFERENT + HOSTS. + + + ------------------- + -- paths -- + ------------------- + + ${install_name} is "samhain" by default + (see --with-install-name=NAME ) + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/local/man + bindir: /usr/local/sbin/ + + + --exec-prefix=EPREFIX Set sbindir prefix (default + is /usr/local, ie. binaries + go to /usr/local/sbin) + + --prefix=PREFIX install directory + (default is NONE) + + IF PREFIX = USR; then + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/share/man + bindir: /usr/sbin/ + + IF PREFIX = OPT; then + + configuration: /etc/opt/${install_name}rc + state data: /var/opt/${install_name}/${install_name} + log file: /var/opt/${install_name}/${install_name}_log + lock/pid file: /var/opt/${install_name}/${install_name}.pid + + mandir: /opt/${install_name}/man + bindir: /opt/${install_name}/bin/ + + IF PREFIX = (something else); then + + If EPREFIX is not set, it will be set to PREFIX. + configuration: PREFIX/etc/${install_name}rc + state data: PREFIX/var/lib/${install_name} + log file: PREFIX/var/log/${install_name}_log + lock/pid file: PREFIX/var/run/${install_name}.pid + + mandir: PREFIX/share/man + bindir: PREFIX/sbin/ + + + + --with-config-file=FILE Set path of configuration file + (default is PREFIX/etc/samhainrc) + + --with-data-file=FILE Set path of data file + (PREFIX/var/lib/samhain/samhain_file) + --with-html-file=FILE Set path of server status html file + (PREFIX/var/lib/samhain/samhain.html) + + --with-log-file=FILE Set path of log file + (PREFIX/var/log/samhain_log) + --with-pid-file=FILE Set path of lock file + (PREFIX/var/run/samhain.pid) + + ------------------- + -- other -- + ------------------- + + + --with-checksum=CHECKSUM Compile in TIGER checksum of the + gpg/pgp binary. + CHECKSUM must be the full + line output by samhain or GnuPG when + computing the checksum. + + --with-fp=FINGERPRINT Compile in public key fingerprint. + FINGERPRINT must be without spaces. + Only useful in combination with + '--with-gpg'. + If used, samhain will check the + fingerprint, but still report on the + used public key. + + --enable-identity=USER Set user when dropping root privileges + (default is the user "nobody"). + Only needed if there is no user + 'nobody' on your system + (check /etc/passwd) + + --with-port=PORT Set port number for TCP/IP + (default is 49777). + Only needed if this port is already + used by some other application. + + --with-logserver=HOST Set host address for log server + (default is NULL). + You can set this in the configuration + file as well. + + --with-timeserver=HOST Set host address for time server + (default is NULL - use own clock). + You can set this in the configuration + file as well. + + --with-sender=SENDER Set sender for e-mail + (default is daemon). + + --enable-xml-log Use XML format for log file. + + --enable-debug Enable extended debugging + + --enable-ptrace Use anti-debugging code. + + --with-trusted=UID Comma-separated list of UID's of + users that are always trusted + (default is 0 = root). + You will need this only if the + path to the config file has directories + owned neither by 'root' nor by the + (effective) user of the program. + + +TESTING: +------- + For testing compilation etc., you may use the test suite: + + ./test/test.sh n [hostname] + + The argument 'n' is the number of the test to run. Some tests require + that the (fully qualified) hostname be given as second argument. + + Without options, you will get a short help/usage message, listing + each test, its purpose, and the name of the configuration file used. + You may want to review the respective configuration file before + running a test. + + Also listed are the scripts used for each test. If you have problems + getting samhain to run, you may use these scripts as examples. + Index: branches/samhain-2_2-branch/docs/README.LZO =================================================================== --- branches/samhain-2_2-branch/docs/README.LZO (revision 66) +++ branches/samhain-2_2-branch/docs/README.LZO (revision 66) @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- + + + ============================================================================ + miniLZO -- mini subset of the LZO real-time data compression library + ============================================================================ + + Author : Markus Franz Xaver Johannes Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + Version : 1.06 + Date : 29-Nov-1999 + + I've created miniLZO for projects where it is inconvenient to + include (or require) the full LZO source code just because you + want to add a little bit of data compression to your application. + + miniLZO implements the LZO1X-1 compressor and both the standard and + safe LZO1X decompressor. Apart from fast compression it also useful + for situations where you want to use pre-compressed data files (which + must have been compressed with LZO1X-999). + + miniLZO consists of one C source file and two header files: + minilzo.c + minilzo.h + lzoconf.h + + To use miniLZO just copy these files into your source directory, add + minilzo.c to your Makefile and #include minilzo.h from your program. + Note: you also must distribute this file (`README.LZO') with your project. + + minilzo.o compiles to about 6 kB (using gcc or Watcom C on a i386), and + the sources are about 14 kB when packed with zip - so there's no more + excuse that your application doesn't support data compression :-) + + For more information, documentation, example programs and other support + files (like Makefiles and build scripts) please download the full LZO + package from + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + + Have fun, + Markus + + + P.S. minilzo.c is generated automatically from the LZO sources and + therefore functionality is completely identical + + + Appendix A: building miniLZO + ---------------------------- + miniLZO is written such a way that it should compile and run + out-of-the-box on most machines. + + If you are running on a very unusual architecture and lzo_init() fails then + you should first recompile with `-DLZO_DEBUG' to see what causes the failure. + The most probable case is something like `sizeof(char *) != sizeof(long)'. + After identifying the problem you can compile by adding some defines + like `-DSIZEOF_CHAR_P=8' to your Makefile. + + The best solution is (of course) using Autoconf - if your project uses + Autoconf anyway just add `-DMINILZO_HAVE_CONFIG_H' to your compiler + flags when compiling minilzo.c. See the LZO distribution for an example + how to set up configure.in. + + + Appendix B: list of public functions available in miniLZO + --------------------------------------------------------- + Library initialization + lzo_init() + + Compression + lzo1x_1_compress() + + Decompression + lzo1x_decompress() + lzo1x_decompress_safe() + + Checksum functions + lzo_adler32() + + Version functions + lzo_version() + lzo_version_string() + lzo_version_date() + + Portable (but slow) string functions + lzo_memcmp() + lzo_memcpy() + lzo_memmove() + lzo_memset() + + + Appendix C: suggested macros for `configure.in' when using Autoconf + ------------------------------------------------------------------- + Checks for typedefs and structures + AC_CHECK_TYPE(ptrdiff_t,long) + AC_TYPE_SIZE_T + AC_CHECK_SIZEOF(unsigned short) + AC_CHECK_SIZEOF(unsigned) + AC_CHECK_SIZEOF(unsigned long) + AC_CHECK_SIZEOF(char *) + AC_CHECK_SIZEOF(ptrdiff_t) + AC_CHECK_SIZEOF(size_t) + + Checks for compiler characteristics + AC_C_CONST + + Checks for library functions + AC_CHECK_FUNCS(memcmp memcpy memmove memset) + + + Appendix D: Copyright + --------------------- + LZO and miniLZO are Copyright (C) 1996-1999 + Markus Franz Xaver Johannes Oberhumer + + LZO and miniLZO are distributed under the terms of the GNU General + Public License (GPL). See the file COPYING. + + Special licenses for commercial and other applications which + are not willing to accept the GNU General Public License + are available by contacting the author. + + + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBOEK5Km10fyLu8beJAQE2oAQAovSZ1KDXJKdbfUmGHhRAoU/BdQXydYKr +tGDtC0i8EfC2cjrbJANbZq8GQM0PMZSAgyW9/BaUmRZ/d5pxpF0eBBpUp87i/ZM6 +BoPE3uu7Rwu05SSR3FRFe1lCrMDn/yHkyV9T+DUY6XaBLONdaPh7BayQ93MnCFoD +9gs3grhALsM= +=uuXN +-----END PGP SIGNATURE----- Index: branches/samhain-2_2-branch/docs/README.UPGRADE =================================================================== --- branches/samhain-2_2-branch/docs/README.UPGRADE (revision 66) +++ branches/samhain-2_2-branch/docs/README.UPGRADE (revision 66) @@ -0,0 +1,38 @@ + +since 2.2.0: server-to-server relay is possible + + -- this implies that problems will arise if your server is misconfigured + to connect to itself (SetExportSeverity is explicitely set + to a threshold different from 'none', and the logserver is set to + localhost). The server may deadlock in this case. + + + +since 2.1.0: update and daemon mode can be combined + + -- this implies that '-t update' will start a daemon process if running as + daemon is the default specified in the config file. use '--foreground' + to avoid starting a daemon process + + + +from 1.7.x to 1.8.x: client/server encryption protocol has been enhanced + + -- 1.7.x clients can connect to a 1.8.x server + + -- 1.8.x clients can only connect to a 1.7.x server, if they + are built with --enable-encrypt=1 + + + +from 1.6.x to 1.7.x: things to watch out for + + -- the log server drops root privileges after startup; it needs a logfile + directory with write access for the unprivileged user now + + -- the PID file does not double as lock for the log file anymore; the + log file has its own lock now (same path, with .lock appended) + + -- by default, the HTML status page of the server is in the log directory + now; this allows to make the data directory read-only for the server + Index: branches/samhain-2_2-branch/docs/README.gcc_bug =================================================================== --- branches/samhain-2_2-branch/docs/README.gcc_bug (revision 66) +++ branches/samhain-2_2-branch/docs/README.gcc_bug (revision 66) @@ -0,0 +1,49 @@ + +GCC Compiler Bug +---------------- + +Reference: http://boudicca.tux.org/hypermail/linux-kernel/2000week05/0983.html + +From: Johan Kullstam (kullstam@ne.mediaone.net) +Date: Thu Jan 27 2000 - 18:00:28 EST + +Horst von Brand writes: + +> My question in this vein would be the -fno-strength-reduce. The gcc bug +> that placed this in the kernel was in gcc-2.7.2, and was worked around in +> 2.7.2.3 by just making this option unconditional. Both 2.2.15pre4 and +> 2.3.41pre2 at least demand gcc-2.7.2.3 as minimal version. + +just when you thought it was safe to go into the water... + +strength-reduction is broken again in gcc-2.95.2 (aka the current +release). i'm not sure about what versions actually do work. + +for fun, try this one out. cut and paste the program bug.c. + +$ gcc -O2 bug.c -o b0 +$ gcc -O2 -fno-strength-reduce bug.c -o b1 + +run b1. notice it finish immediately. +now run b0. notice how b0 never terminates (until you ^C it). + + +-- bug.c ----------------------------------------- +static void bug(int size, int tries) +{ + int i; + int num = 0; + + while (num < size) + { + for (i = 1; i < tries; i++) num++; + } +} + +int main() +{ + bug(5, 10); + return 0; +} +-- bug.c ----------------------------------------- + Index: branches/samhain-2_2-branch/docs/README.sstrip =================================================================== --- branches/samhain-2_2-branch/docs/README.sstrip (revision 66) +++ branches/samhain-2_2-branch/docs/README.sstrip (revision 66) @@ -0,0 +1,40 @@ +sstrip is a small utility that removes the contents at the end of an +ELF file that are not part of the program's memory image. + +Most ELF executables are built with both a program header table and a +section header table. However, only the former is required in order +for the OS to load, link and execute a program. sstrip attempts to +extract the ELF header, the program header table, and its contents, +leaving everything else in the bit bucket. It can only remove parts of +the file that occur at the end, after the parts to be saved. However, +this almost always includes the section header table, and occasionally +a few random sections that are not used when running a program. + +It should be noted that the GNU bfd library is (understandably) +dependent on the section header table as an index to the file's +contents. Thus, an executable file that has no section header table +cannot be used with gdb, objdump, or any other program based upon the +bfd library, at all. In fact, the program will not even recognize the +file as a valid executable. (This limitation is noted in the source +code comments for bfd, and is marked "FIXME", so this may change at +some future date. However, I would imagine that it is a pretty +low-priority item, as executables without a section header table are +rare in the extreme.) This probably also explains why strip doesn't +offer the option to do this. + +Shared library files may also have their section header table removed. +Such a library will still function; however, it will no longer be +possible for a compiler to link a new program against it. + +As an added bonus, sstrip also tries to removes trailing zero bytes +from the end of the file. (This normally cannot be done with an +executable that has a section header table.) + +sstrip is a very simplistic program. It depends upon the common +practice of putting the parts of the file that contribute to the +memory image at the front, and the remaining material at the end. This +permits it to discard the latter material without affecting file +offsets and memory addresses in what remains. However, the ELF +standard permits files to be organized in almost any order. So +although this procedure usually works in practice, it is not meant to +be taken too seriously. Index: branches/samhain-2_2-branch/docs/README.win2K =================================================================== --- branches/samhain-2_2-branch/docs/README.win2K (revision 66) +++ branches/samhain-2_2-branch/docs/README.win2K (revision 66) @@ -0,0 +1,36 @@ + +Using SAMHAIN on Win2K +---------------------- + +samhain builds and runs on Win2K (and maybe other M$ products) with +the (free, GPL) Cygwin environment. +Fabio Paracchini writes: + +(UPDATE: note that some configure options have changed since this has been + written. Check the manual and/or run './configure --help' for + available options.) + + The configuration I'm testing now is a server on OpenBSD 2.8 and a client on + W2K, using the latest Cygwin. I was able to compile the client on a W2K + Cygwin development machine using those configuration flags: + + --enable-static + --enable-network + --with-tmp-dir=/tmp + --with-data-file=REQ_FROM_SERVER/samhain.db + --with-config-file=REQ_FROM_SERVER/etc/samhainrc + --with-logserver=x.x.x.x + --with-lock-file=/cygdrive/c/samhain.lck + --with-log-file=/cygdrive/c/samhain.log + + I was able to successfully compile and sign the executable, upload to the + production server with the cygwin1.dll in the same directory and run both + samhain -t init and samhain -t check. + + If you need a stealthy configuration you could change lock & log file to + something more obscure, only pay attention that in Cygwin if you need to + access drive C: you have to prefix your path with /cygdrive/c. + + The configuration is kept on the server where Yule runs; I registered the + client and I'm in the process of tuning the exceptions for the files + modified by Windows. Index: branches/samhain-2_2-branch/docs/TODO =================================================================== --- branches/samhain-2_2-branch/docs/TODO (revision 66) +++ branches/samhain-2_2-branch/docs/TODO (revision 66) @@ -0,0 +1,1 @@ + Index: branches/samhain-2_2-branch/docs/sh_mounts.txt =================================================================== --- branches/samhain-2_2-branch/docs/sh_mounts.txt (revision 66) +++ branches/samhain-2_2-branch/docs/sh_mounts.txt (revision 66) @@ -0,0 +1,59 @@ +Documentation for sh_mounts, the samhain "Mounts" module. +--------------------------------------------------------- +sh_mounts implements functionality we had in a policy-checking Perl script we +have here at eircom; basically, all it does is ensure that certain mounts are +there (for example, /, /tmp, /var, /usr, /home) and that certain options are +specified on those mounts (for example noexec,nosuid on /tmp). + +All quite simple. It wouldn't be too hard to extend this module somewhat, to +report any NFS mounts found, for example, or to test that _only_ the mounts +specified are mounted on the machine. + +Here's a bit for the manual: + + + +Checking mounted filesystem policies +------------------------------------ +samhain can be compiled to check if certain filesystems are mounted, and if they +are mounted with the appropriate options. This module currently supports Linux, +Solaris and FreeBSD. The configuration of the module is done in the Mounts +section of the configuration file: + +-------->8--------- + +[Mounts] +# +# Activate (0 is off). +# +MountCheckActive=1 + +# +# Interval between checks. +# +MountCheckInterval=7200 + +# +# Logging severities. We have two checks: to see if a mount is there, and to +# see if it is mounted with the correct options. +# +SeverityMountMissing=warn +SeverityOptionMissing=warn + +# +# Mounts to check for, followed by lists of options to check on them. +# +checkmount=/ +checkmount=/var +checkmount=/usr +checkmount=/tmp noexec,nosuid,nodev +checkmount=/home noexec,nosuid,nodev + +-------->8--------- + + + +The module is enabled as part of the compilation of samhain by specifying +--enable-mounts-check + +This module by the eircom.net Computer Incident Response Team Index: branches/samhain-2_2-branch/docs/sh_userfiles.txt =================================================================== --- branches/samhain-2_2-branch/docs/sh_userfiles.txt (revision 66) +++ branches/samhain-2_2-branch/docs/sh_userfiles.txt (revision 66) @@ -0,0 +1,39 @@ +Checking sensitive files owned by users. +------------------------------------ +samhain can be compiled to support checking of files that are specified +as being relative to the a user's home directory. It is intended to +detect interference with files that influence process behaviour such as +.profile +It simply adds the appropriate file entries to the main samhain list, at +the specified alerting level. + + +-------->8--------- + +[UserFiles] +# +# Activate (0 is off). +# +UserfilesActive=1 + +# +# Files to check for under each $HOME +# A specific level can be specified. +# The allowed values are: +# allignore +# attributes +# logfiles +# loggrow +# noignore +# readonly +# user0 +# user1 +# +#Ê The default is noignore +UserfilesName=.login noignore +UserfilesName=.profile readonly +UserfilesName=.ssh/authorized_keys + +-------->8--------- + +This module by the eircom.net Computer Incident Response Team. Index: branches/samhain-2_2-branch/dsys/0F571F6C.asc =================================================================== --- branches/samhain-2_2-branch/dsys/0F571F6C.asc (revision 66) +++ branches/samhain-2_2-branch/dsys/0F571F6C.asc (revision 66) @@ -0,0 +1,183 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.1 (GNU/Linux) + +mQGiBDgcfd0RBADvXitAL1gCXw1yOJsPWJdU6wbgqMWqfMbkFGRiLZut/rwbN3x/ +ch8sF+hptcQGH4Hhe25+1WkSO1KO81j6ZQZqhYNHogE3IFsv1TK7vX0r81ZRjinM +koQ69kWw+elp1vcLCwHzHDB8MhV3eI3jpQcGgpsRVq4uEumyGfI1v6AUfwCg+RIj +aGtvyxFH2UsSUVNaM/008v8D/R56I6qLcixxuWrHUhZBNaiQ0I70PWo92uLHwSvF +dnSnkpUc4BvTeq4PVuId6e3LdeonG4OW8jWFK0/9OE+ubuZYJdOmuv+3BzPOktZy +9Cf8QwHpUvQ/c9S5MrIOsFdQAOj6rQvlA7OmnidyW4+MA3IYp8bwq5dx6sHcAy7o +0RBSBADpf5eWfni8Awfcwq7yyGgJFhAAgkoDKAHBj4OepVKhcnCe8+78VpqWtZ9p +e45AL/5nhl6CceWWZfCYXgv2Zm8CUnUwxb6XKuGOGJagtRT9d0fQFeEXFlSPE5HA +JCXkhbcQpZq1YzyjKMeExBfM5w4XaEhfQ652pjXQieyWETjd17QtUmFpbmVyIFdp +Y2htYW5uIDxyd2ljaG1hbm5AaHMudW5pLWhhbWJ1cmcuZGU+iFUEExECABUFAjgc +fd0DCwoDAxUDAgMWAgECF4AACgkQGq0myA9XH2y7FwCdEIZRr4gI9vlS7DgcS8mY +FjveBncAoLiNO3tE00J4r6LEWm4IpYYUiRUFiQEcBBMBAgAGBQI+UjZjAAoJEAbp +c/N5kkHBNjwH/138Qk7NcZT2ar5t4MOyaHM7gaIOaywZHXaGEx7wrvpmD3ImoerE +psp19+JqOfzhgpGI8Z37nh+HR5vIYERrMrIBLoHMwyNkJxqRiqNVfZ3AxpZWvKTl +AJlwIvPGF6FfR2f05Lvaw06UoOLpIjmzb8rXQ6bvbqSXtgUEU+pmwfjQOPidwNjW +ovUTkCpv2LWQxwapYgOZilne+7Zad+nf/asCGfqL9V9WIblrwoFkSlP13UwF4j5f +m7iTM9ZAXFUUFvarN2Mz0RP4+58rceb6bRM+agL+dpd5AqgwBgtGYmeO/G4/E/WY +PYBLTh+ZbupmvykgdnKR0E0w72KXnLg11M2JARwEEwECAAYFAj5SNakACgkQBz/7 +hK/ULUUktggAgbbW4uM9B8jQeavzdMmV3WiF2owqr1MiS+oiWKBK3U6O0xJP5G9Q +h5Zj80NEdopDV0G8z1KOFn4v4SMlzSjvq6938end+zvgaPGEGaE94iHp5aI6TMhF +ezmbM2MfNphfn2yxmzQefEj8VaJbi+du4n1YmnkMJDkpw+6927/99Sj3A0jNvUxC +B5YM9K/t6xI89qlKZlCDHjgEHARAxNWRyE5YSqRkXWgxcHPKkF1oKifD4/eNyQw2 +OZnRTFRsk28uEJTysnjsiIUbP13LR6m1VfZQrEpk0RjnlGKVRwy42WWDnOsCXOnM +Sy2+a9gYa+ayCGI+NTuUUecvZ7VVxKCHIYhGBBMRAgAGBQI+UjYnAAoJEA86uzhI +KF65WpIAn0p+PQe7WaHp15qul2E7AoDD7uuzAJ486FDSWZi92crLJNPnyPi9HXbi +DIhGBBMRAgAGBQI+S5Q1AAoJEBwB7TX3s/Rm2QcAn2zwg7uup1JMGqTxSaQ+sjWR +0vEqAJ9xvhAZMOrk51/6T7Oq/DzaZGwT3IhGBBARAgAGBQI4XqDdAAoJEB3kOh0g +CZVMC8cAn04Ph20EZH5vbPvVQN9+KdketxyHAKCIhQvT2DiNsadeI7fQwRssLn7a +xohGBBMRAgAGBQI+S5NzAAoJEG48dKkHK3yJ8/YAnRTCT5OhC9jPOxL26UKTF/YT +t46kAJ9WI3vfQrbKgu32s6E5UTgQS/U4hokBHAQTAQIABgUCPlIpcQAKCRB4oTZL +RAPrMfOcCACxIuPyBAxDIDvP3xWzMdlN4AhLIQ1myMHlwA7X90RVKW+saR+gU3QI +hBVahKfC7OEXhH/dCft1c64Vy3lZT5vl9W6m0ZukdVSKTVKZYaRk+iGej3+zzD8W +CzwDvMvkDGa1/VuOZDvx3byj866/L3Y4n8Qa+66KkqNG3sMgjOfMoxGTvZuxL3Zz +YdQWUovd9KcmOl7etDB8rhkz4cBPxXxcIbDhDPJNgDoViby4Bgs1nmfvhPq+RNvK +fKysRo9XYWfTRjwqicSMhSTRdgMS1GHCMY3U183p+njorU9gxvxmZhxzop41vwh2 +ps6CVpUo9u+fpiDkfWeZIBzdl6+pz8TkiQEcBBMBAgAGBQI+S5OYAAoJEH641Vr2 +yhx/sVIH/3MXz2dFzTze2eM9jj8DMJhM6wsuXIxKnGxl7Vd0i/T3jlh+UAQBueHz +KtsmyE7xZ8OnoBfC9U4+ypyuKdnd0oULOTChDpY2a0Dv4gp4HZGoO3BR1qcf7LFy +3Ibn37siiJ4WmvgqPx9v1sFZAr+rKeSqhxnD7+GosbyD7qNQTATsorAMgYAdWCAC +MsnLdP0K7yTW3X4JGgnRNjVJbYkFVC/j3qedT/Or0iUDDZdzID+vxxlwxa8Y+UTS +wR75IPJEw7UObjQMdUixwUsb04rCI5CtPvMdO7nSvC1RvfP5TTSY5Ypu7bO6ArMT +iYQfWhz2YCE/ikB8jeT6OovpqXiSKFaInAQTAQIABgUCPkuS/gAKCRCMWj5dyq7Z +nSSwBAC2Zbo6lkfoq+ZPYj4hXs+C83aaVwEDEY4MqcEONPlt5tno6Tipt1aE7utf +aCT2az5qLcns4cb+UckchEfcqmJc3+YTX97h6Iz55OsFYIXtUkYyys7Q3VmSqDZg +Xz2N3YGBR0ttRk/qTNd3BoIWzdlqaLFfkFf5EgdIO5UIB8KPLYkBHAQQAQIABgUC +PnHPRAAKCRB7Id4BrmYkJQOVCACpVqEZXDSU/LA1B1y7OtbQvuLOBqkKYvJ6QY+b +SUnQA4pIWm1tZuGXckuo7Th/2zUqu+Jthso6zNRzz+FXIPOamHVRqxjbihPCsLA7 +1MfVax7shaXswrHbKDt4Ou9834+KY2/G7XFdym2IezSeOrmsSicgQNsqdOIlmgMX +YaG/4ddRvbB4V5PomPCz+tKDALXrkRoiS2akyfMgwsMOo9xfXA6j6bHJwHjar6eD +ZiWcG24KXbiRYsyXw8v/piuG6rer7VuTFuaJwEAUvZYxAvFtISmxDAysHKwHXK1g +ijK3Dh0JSkZrEH3LofAzRtcw+MQUkiD5sBDJ0E6QOr9bk14FiEYEEBECAAYFAj5x +0GwACgkQhfcxbPQmVn3FQACg1wSQt5mdfpwN74PFs6SVpoQ3kFMAoNJORjgHXFyF +Gc+2DXq1KFXEUKAtiQEcBBMBAgAGBQI+cc0RAAoJEO67Mb58Bv0ljgYH/RVSwmd+ +BufOXhZNfozT8p2M6xVgsEQ1nzdHtAVo+tr00xyHHwLQj1phDXSZtK1iRvLY6GXg +Dp0VAGjkjUilR8adfT7uvgu9br32zCx7EZkAOQXp51tPWnD4JDcWB0adJEWwfVo9 ++abC/84/Xy0c+IOdNLEePLxlYlezynXTCEgTXMeeROKOQMog/vB8obNi3rYjUKC/ +eypJCuMtmnLKhHhbezvJMy+N10iWajpOYInQLP+uee48/ytmbnb+8klx8j3rJ1Ew +r4KU+7ewm2eHPzJl1xCbuqePoxciptgtjdwtmGQH+VHDPRAcF+FfoNtF1Fc1p6+8 +7qznfNJoLHWsde+JARwEEwECAAYFAj5xzSAACgkQKBTThimyUAFD9gf/RUY5fwxN +Qv2N2bnSqmisUEx8XrOGGmzPNKvL1TdIwcc+votQ98nOBEv6De17+HD/jPVD3ReS +71sB1gI5/Duni5h8nx2L2siQxOqNE2YI2oSn8f4ign91ruFSEwPR+nFUDtbuMk4C +0df16i7asVXiKq3GW7Tv20iXnTvjQZCVSFtXxU00pdtmf0FpRSPp7YonQMLv6vCH +iZ6j74kkn4+EwroXmWF5nb9/HZOJiZnTv6+vGpFYiI/gAGkOA4SBipUWm2B2E4AV +MTo2MeXe+/wbirL43PDiG2kbeet7KH5M+/BTceUjl0alIFeZizYaluvouWo7NahA +MLz89pUD25hpl4hGBBIRAgAGBQI+dJKeAAoJEI47c57dK8ydsAoAmwXDmPsbM0Ao +0VkY1q8anK5lhJMqAKDQOIimB3yzFt7koY9MUgFgHX77rYhGBBARAgAGBQI+hde4 +AAoJEHFOxoebS5syXOMAn3xCJVsb0IRb42q25sLpHVXvc8+TAJ9Q3RBxdagtPVPx +m58Uf4bhGLuBdohGBBMRAgAGBQI+iDOzAAoJEJJVvZ/mhE25CQYAn0j2H3sUfjao +iTML5QF057ZfwzwoAKDBulEh0SChQQ2KbHdlpAVP+Io+U4g/AwUQPtSY59vSRfyz +sqEsEQIDSQCfVPYWXSS2qbCI0BZm1jNI/D3WndIAoLmDomrFc+B+9Hp6id8B8kxy +/IRdiEYEEBECAAYFAj74SAgACgkQ36XkltcZWyKb6ACg6XOdq03pvSlA0AqBZLQV +wmeItVcAnRpHJt7znvfrxPpI4vfnkRR1Lt/yiEYEExECAAYFAj+f3koACgkQxcDF +xyGNGNeCuwCfRP034939xTTTLWp+hQUE/O6NfbIAoJ7IbYA3YQmfDQukotNGypzH +uo1aiEYEExECAAYFAkBbXgcACgkQ01u8mbx9Agqs9QCfTRKAxpfPhFz0kL2cODz6 +Eo/TbMUAoIyztog7I3BTwu22eTPv6pXUTQEliEYEExECAAYFAkBbJ/0ACgkQSvFU +KpY6VLBbHwCdHlFGr+t5aNg9SWqFfLs2N38awXkAoIW0bSz0MOPCkUHtY1o+wfjo +J+DPiEYEExECAAYFAkBqj9AACgkQECqmVFXwdrOgIgCeNTva96TnQPlkIcpRE2hs +oHITahAAoIEk77c6+Cr9CsS46WGvf1ePJW0yiEYEExECAAYFAkBytVYACgkQGyfX +UvpJphr6dwCgkB330qWc6xjgounXSXbCvR7Dry4An3MzbcU/YS/OH7IBZMopWJbo +Vr6KiEYEExECAAYFAkByunAACgkQA5e1oKh+NRxEmgCbBOyZmLeti3aysxi6yYEz +JRkBGe4AmgPMOK8nxNjqa2KTrvsdH+XJSnGOiEYEExECAAYFAkB0A6AACgkQzAoJ +I8gDfT8aMgCcCqTKT9sTVsk6UYIvYB6aBbmQIvYAn1gYeX6HTIo4+CfPC2c6bc80 +iO+ViEYEExECAAYFAkB0ZUsACgkQr/RnCw96jQEetgCgnJatrM9Co+6JunHUl58L +PswEAdAAoIFqNka9tvPrk8ZOJkfxJJEujrIgiEYEEBECAAYFAkCKrbQACgkQ9yNf +So1Tr57J0wCfdZB/pGW/wyjHP2rpEQ/xV8bc/94AoKnbj0KC+glYM3pDOwjKbEZH +/WAfiEYEEhECAAYFAkBzpsUACgkQ78vN/2HwW4wcDwCfYPlVzDJ0jfI+mMR+tHP8 +n6Guj98An252IGC/eIB1I4nCi5TqqeVEvIeZtChSYWluZXIgV2ljaG1hbm4gPHJ3 +aWNobWFubkBsYS1zYW1obmEuZGU+iFYEExECABYFAjoDPmkECwoEAwMVAwIDFgIB +AheAAAoJEBqtJsgPVx9sNHAAoOPNgUXL+qRFyHU8wyDEeOHWALErAJoD2eIs0r7R +4UH+q+3J+v2EDbrHQYkBHAQTAQIABgUCPlI2awAKCRAG6XPzeZJBwcA2B/4sQlDm +NMykYdYPY/MZ2b/O6S/2rZts+W3htjMEMvSzTM96koCJEpJCaHbmMehqZGUh/V97 +oj4+rTfeKtKQBSVaBU2Bj8Zy2YjlqBUs2ShilVMR14RSOgmKr8FSvJVSegWf62T+ +yFisLZdhQMTImSkKMB2oWkZPS9Su9dtk7j9gfHKwPIx3O8MCNf2dnaksHCpUMa3o +AcXBZprMYE31zbrre2pi9E1jRFyq2zr0Ywkw1/LO4GUi3Zstg1gffLEku+ZpIBaw +NH+WO+kkfoNmS03Ffxoo+Y5LLXAkm/dfn/KsbVy/WKHCiXfhWnyAxGxZhUAcgMwW +VFcN53kQ1Twq8S3HiQEcBBMBAgAGBQI+UjWwAAoJEAc/+4Sv1C1FzQUH/j03htOj +wiBSi/S3KcRCjrX9gem3RwCVTVbOKoGhAuA2cd45ZlT3E1ivvPAg2MzNzGQt1Fai +CsQ/3Xy/1JzfnwVijHGXDZFrV7/ZClA4sj/bO36KNSoVNHeE7n1dsrfd1N2s9WgT +JkB/LdRCcTqiUubxy+pWghdAEpSOAO/KacxhZ9Bbf1cjOcWJBbMWZSMLBTddUCcx +cxzi3hpIfNOjwuZwYWlIe7KLI6YdjrdNUQZHPBTivTiZMzQ2kc7jPoSS/h5s9cvo +hLa/9QqARih0V+ilTl8RFwYuPFWvIy4aTCSHWkzYO110KiLhz54Z1P0z5nWe/IfS +XJRFgrAd2xKkpd+IRgQTEQIABgUCPlI2TwAKCRAPOrs4SCheuVwuAJ9q/3m2ZuG/ +RpbNISA1zTi1239CbwCghqx5M2MClODQ4YRF+I/be6j8ub+IRQQTEQIABgUCPkuU +OgAKCRAcAe0197P0Zp3gAJjpxPKU0GFcYhaE/ED/jI+h65HKAJwOwYPmGuU4dR3I +nN+iHBnqY/9s2ohGBBMRAgAGBQI+S5N5AAoJEG48dKkHK3yJd5sAnjIKbVSpWM6v +aEYdrWKF55rlXwo1AJ99RNP00MRpBa7IiVcXBR3KOurRsIkBHAQTAQIABgUCPlIp +eAAKCRB4oTZLRAPrMUAfCADAz95sXsxdUYAS+jejVuf1EYA+5TEgSIi5uhSOlgdu +WyUAzGuWSplc6kjoqwysUmnwthJON5Y4DSIes5YsDs93k+X0bZxDkzghqiFU5LWE +266bN7MvWmYXh7DfAz3V262dqa2IvvxSHtxmiYLPn5mZ2pLsXnWYTZUBZ4BSdArB +t0pfHOOjZaixqfK7DYzyripm9259552aYOrmso8lSnAq2a+ekD9tQ9e2m8gkPbei +5sF1kawoYkyedEr+r4j0h1Sf24LVJinLPnavtDGUynt+v0NobzqBUHgI5lnSmlDt +WWUU23YvAko73aJwlW1cDkRfcsR+TdA+IiECbFcipOd1iQEcBBMBAgAGBQI+S5Op +AAoJEH641Vr2yhx/sN0H/1kWbhVnnkqC1LvOdqP9bx7S3UDUkQw0xEf1DC2lUALV +zioDt9PvarRh47bcaUis+x/9k9AYsPFDhBiYPYek6VcxT86LPVUKz/gELOmHNcAq +3aUl35NKC97JVxYqMix1+hS8UY+m5zezSDdLAz1G8UKZ1d6tx3daikOPzKmpIY50 +wMBdA3jITr6J4eWZ/ptfL0GDdlXFOVKFURMIn6t5AAjKdqQHYySxhuWn+S3QQxDz +Ulv9vAUW4VS+6lzWB1thmRxwawbfJ+05kO/hGD+alWiJxyW/PXRwEiqdVzAIIocM +mHmGtEIONcNyRdjIsDIyZTMavFJOE0hMHftp8a7vbTuInAQTAQIABgUCPkuTAwAK +CRCMWj5dyq7ZncE6A/9tzn5ZST0cgPqQEywAcTeQeja7Qxxl7/CJ3gHqnK8eZu2D +MmSINdRgPjDknn9hWhKu2aDjfhl/a/sIbD8cHtvWza0Z9a12tZZ5+kDOand/U3rn +RLRUO8MnhLxHif5vEtQvC54jxmpOl05J2o5QT0pFs9BHW3tDGlR4CWPrwUC2W4kB +HAQQAQIABgUCPnHPTAAKCRB7Id4BrmYkJaWCB/41LdB1IdcPLraASItBLqfKb46+ +fOoU1teYrM3J7zE5r1z79Mu7slT5JRP3i5iD+TjbqDI4LitZ2lrbmGTI/uQ0R9T8 +PBWcs+SBroVCDziCO2nTVQldvqtmXCx0Rpu8iZacKotEz9nVQxouUiskgNn/v0p2 +Ng1gUK5g3CripcYXUpkEpmYkyTYAbokeeKsF3cCe9czVT9l/nB/OJIus31eKa8x0 +9+1EMdu/GJIxa/tDQh7vkNKSP09qtKrCsSxzpfmwIj1PBTT8oDkBkheuTaKTTWPE +0jWP3aNMTHZUkLpRVNf1htus7utSm1O+W6hTYQLL0OPMylBTWZ33vN2Nb0fliEYE +EBECAAYFAj5x0HIACgkQhfcxbPQmVn3c8ACgyIVKF4Fjl2vCc3VgAcPvNZ8p5lYA +nj2/t1pja5FPd89R7I1ZS4Ctb12uiQEcBBMBAgAGBQI+cc0VAAoJEO67Mb58Bv0l +t48IAIWzONERcs+QPNZ3NbMU3Um5s43XxZcql6mOIc0I7eBLl/bn+UTh4F5PuAbh +mgTkVR5l9KF1PKswHfbzYxDSGTYqSXOCXRnbU4sByoSaV6xlGJAM9ivi/vEom6uE +v6pQEZslNDNt4IfYx35+8WLhjXb7OM0HF5ZqpLqXF5BGAYGx9vDKs4SEo5HNslTT +q1JgDMJNXKVyQxOAewICq+VaqbztwGf8nhcNz5Di4G5IbKi6BKOvlkPt4TkRsppJ +Gq+1rAM6Fh34FqaKshuubOuoZwXKrmMHGEYgoE7XLXW5998GmE4dZh8fO7iaPjH4 +3f/qcmn5joko+HQw9visZymSxgiJARwEEwECAAYFAj5xzSQACgkQKBTThimyUAFv +NQgAthIAnR7+dtVcrH51R4J+8Li30yi04E0VGLhJ6KnGCpzv8eSp2HMiaRe1JAss +Zy7S+dpcL6MDjcYR6HaNP49V9RtTfiARFgZWQ6SD5nOdmMe3Nb6kmfYnZO3YHwiW +NXtncNHHnvSS1bDM5o3hitEPHvnQbOB/k6BpilsKzPl/bvRa8hT1/b4hQjhmv5Hf +LxI6suLyOqz6ESWL2enFXTmthOOAan0yLkhLNvIsHZue3Kd7OP7+7uzmCF+mEIL7 +eL9EheCa+4hWUEltdEdBtX5kcgJdTJQZZCuyz7aZ1JSZwr0G+4x6K5J9WAzI7BzI +TD0rZ0LSOilyuDTYQChRDJPe8ohGBBIRAgAGBQI+dJKhAAoJEI47c57dK8ydmcAA +oJa36CvpFHhq9VH0BRAgk6whGRFpAJ9J+VP1AmA3tjmzV3R7Ls5TMJRs4YhGBBAR +AgAGBQI+hyNZAAoJEHFOxoebS5syxQEAn0XqPZdIJqSzqFq7ElQMK7khAxuwAKCA +qlcHbWvhqxN7mAmC/wfYebKbZ4hGBBMRAgAGBQI+iDO2AAoJEJJVvZ/mhE25bioA +ni6Vz0lqdlCdJG9KpeWUGtPcwUFDAJ9281Qpt6+9PW5TJOrcBO7OJW8UIokBHAQT +AQIABgUCPsoYKQAKCRAcU5jLRuk3pDzVB/wP5SA6Dq168ItTQoOhNmx4k4sm5sJP +bbPPFOKjYhPjnBKSNmU2l+Z4lNrI9BxEhTwGCc3NpTV8E7G5I6PtWaeTgFgdd2B/ +eZCSui82yQmBOh/CFk5WW8deB4Bd4MDCCjhx2nZz7ivB0Dv9FlMyLqChjARrJQGD +u2XfAvYyXhW+4UNOPI0D/SkJgeCRoVQi8ASbgt6SlHn7wkdvrDltJy1CfbqiYBr3 +Y5TG4JaGceW8vfMCEdbw21MxPK/nP08J7ES5oMRcFHCA82+TvuCOErOnq/naPqHC +vjpbpLqYl5qtv8cN7kV/eb/sAXBL41AM0bQoM/KY7Bv/Qldk0R7w/4XmiD8DBRA+ +1Jj029JF/LOyoSwRAmdiAJ4iGUh4PlFl2QLC2HBdOk+gnZdFSQCeOTZ5bFIRg0YU +OCpuvgkifys5L2mIRgQQEQIABgUCPvhICgAKCRDfpeSW1xlbIibpAKCfTI1e8MXw +BbGPVPYGPEWfF5Dl2wCffBaai8FxqWhzHRek00rxLgEqCfiIRgQSEQIABgUCP51G +YwAKCRAdqzxE2iYyGBerAJ9utXaBGuKbOLW1N3EAFVPUsMl1pwCeJWmBUvaZ6Z18 +UitAdRn+c3tcEE2IRgQTEQIABgUCP5/eRgAKCRDFwMXHIY0Y17qSAKCoOhCWYphZ +tuwgAiglspzyXyUPGgCg0Fjhhq8KfNQujv5LJEKgP5EUrv6IRgQTEQIABgUCQFsn ++QAKCRBK8VQqljpUsEajAKCRBtUxFnh+w5YdYU971cbT54sQQACfVg1gozhfClAw +XhPGML85ne/WatuIRgQTEQIABgUCQFteAwAKCRDTW7yZvH0CCn+BAJ4959iKUXvk +dYpmtNKZyulsCGj9ygCgxA8Qo/1WffxrWeCnL9jK106qkMuIRgQTEQIABgUCQGqP +yAAKCRAQKqZUVfB2s5CAAKCYZGG8v9mlYwGZd62fLcuqh28kvgCcCzpEb0xQaoTV +Y1LdcKlnrQyLg9qIRgQTEQIABgUCQHK1UwAKCRAbJ9dS+kmmGjF1AKCdX/0pvL7J +Q9QIpk37clvuTjdk9ACfW5CPmsBTo4QebFLvrXjPA2BS2OyIRgQTEQIABgUCQHK6 +ZgAKCRADl7WgqH41HMhvAKCHhiRvXGhAd7DS5nvCURhUde6/QgCfZQgEtHFSLhpj +KacnyMkg6xF2dSeIRgQTEQIABgUCQHQDnQAKCRDMCgkjyAN9P+W9AJ9OQZ3++gB1 +KDNRxmsj/W/KHLQ2SQCdHUEhkuCKURe7upjXUOhExaIKTdKIRgQTEQIABgUCQHRl +RwAKCRCv9GcLD3qNAWt5AJ9t8EbD+ZoZP6ZcJRIH0byTXSvaIACgtcC7OUBQayGD +eKpkyyTpUTTJFpyIRgQQEQIABgUCQIqtrgAKCRD3I19KjVOvnhkdAKCLJygVD/kJ +lQWaJkxgU5ykneSklQCeN8508dGDEY0gmq+uJPtdgDCusy6IRgQSEQIABgUCQHOm +twAKCRDvy83/YfBbjGClAJ9kF+WHOy0ctth6wvisP04IH8YCBwCeLYt5p8KLLZ9v +T/+kn5KNrNmZJay5AQ0EOBx96RAEAMnQiAMYTglVoIciiw5l0YIuE/Uh4KSPhf1X +TY4CqZrjpv56QSlhndyM5Q9vhC/bpnzMCl4A1YCb2MPMO5QYD1URI13KkG7HX6hz +eW/ANfs/DJ6o1odOu3deSIzgb/TEqLV6rr7IcY/hkn3IuAiBCrMR/3kKx5AkyKOQ +ZNsd40sHAAMFA/4jrzq9HoWmeEFG25U7s43NvoDFtrlt8IaS/BVdVCx599yT+BPT +RmwRfpkV7TAKghgXp0SKYgo1Bp6tdyymTiZ8Ly14CUiuPYBOBifjsFoeVXWj1arW +FmmQWd4d59scGoITMh39f0XTxpgGjVVxNbdqSMS+khzP5acQ27DsFMbtMIhGBBgR +AgAGBQI4HH3pAAoJEBqtJsgPVx9stTUAnikTmI5ST+k6VhT2gltex+sDmr6NAJoC +qkfo4qjAQCyqTx5Eg3NKuxafqQ== +=jITK +-----END PGP PUBLIC KEY BLOCK----- Index: branches/samhain-2_2-branch/dsys/comBUILD =================================================================== --- branches/samhain-2_2-branch/dsys/comBUILD (revision 66) +++ branches/samhain-2_2-branch/dsys/comBUILD (revision 66) @@ -0,0 +1,253 @@ +######################################################################### +# +# Subroutine for the 'build' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandBUILD() { + printINFO "About to run \"$action\"" + + if test -d "${basedir}/archpkg/${arch}" + then + : + else + if test -d "${basedir}/archpkg" + then + if test x"$simulate" = x0 + then + mkdir "${basedir}/archpkg/${arch}" + else + printINFO "mkdir ${basedir}/archpkg/${arch}" + fi + else + if test x"$simulate" = x0 + then + mkdir "${basedir}/archpkg" && mkdir "${basedir}/archpkg/${arch}" + else + printINFO "mkdir ${basedir}/archpkg && mkdir ${basedir}/archpkg/${arch}" + fi + fi + fi + + if test -f "${basedir}/configs/${arch}.configure" + then + : + else + printFATAL "Configure options file ${basedir}/configs/${arch}.configure not found." + fi + + local_test=`cat "${basedir}/configs/${arch}.configure" | tr -d '\n' | egrep "^ *'?--with-logserver=FQDN_MISSING"` + if test x"${local_test}" = x + then + : + else + printFATAL "Your configuration file has a bad --with-logserver option." + fi + + if test x"$bd_packed" = x + then + printINFO "Building version: ${src_version}, host: ${host}, os: ${arch}, format: ${format}" + else + printINFO "Building version: ${src_version}, host: ${host}, os: ${arch}, format: ${format}, packed: password=${bd_packed}" + fi + + tmpdir=`eval echo "/tmp/sh_${src_version}_${arch}_${format}_$$"` + + #--------------------------------------------------------------------- + # Create temporary build directory on build host. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + ssh -x -l "${bd_user}" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' + else + printINFO "ssh -x -l ${bd_user} ${host} (umask 0077; mkdir ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not create temporary build directory on host ${host}." + else + printLOG "Build directory ${tmpdir} created on host ${host}" + fi + + #--------------------------------------------------------------------- + # Copy source tarball to build host. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + rm -f "${basedir}/tmp/samhain-${src_version}.tar" + gunzip -c "${basedir}/source/samhain-${src_version}.tar.gz" > "${basedir}/tmp/samhain-${src_version}.tar" + else + printINFO "rm -f ${basedir}/tmp/samhain-${src_version}.tar" + printINFO "gunzip -c ${basedir}/source/samhain-${src_version}.tar.gz > ${basedir}/tmp/samhain-${src_version}.tar" + fi + if test x"$?" != x0 + then + printFATAL "Could not gunzip source to ${basedir}/tmp/samhain-${src_version}.tar." + fi + + if test x"$simulate" = x0 + then + if test x"$silent" = x0 + then + scp "${basedir}/tmp/samhain-${src_version}.tar" "${bd_user}@${host}:${tmpdir}/" + else + scp -q "${basedir}/tmp/samhain-${src_version}.tar" "${bd_user}@${host}:${tmpdir}/" + fi + else + if test x"$silent" = x0 + then + printINFO "scp ${basedir}/tmp/samhain-${src_version}.tar ${bd_user}@${host}:${tmpdir}/" + else + printINFO "scp -q ${basedir}/tmp/samhain-${src_version}.tar ${bd_user}@${host}:${tmpdir}/" + fi + fi + if test x"$?" != x0 + then + printFATAL "Could not copy source to host ${host}." + else + printINFO "Source copied to host ${host}." + fi + + #--------------------------------------------------------------------- + # Build the package. + #--------------------------------------------------------------------- + if test x"$silent" = x0 + then + config_com='./configure' + else + config_com='./configure --silent' + fi + + if test -f "${basedir}/configs/${arch}.configure" + then + while read line + do + if test -z "`echo $line | awk '/^#/'`" + then + nline=`echo ${line} | tr -d '\n'` + config_com="${config_com} ${nline}" + fi + done <"${basedir}/configs/${arch}.configure" + else + printFATAL "Configure options file ${basedir}/configs/${arch}.configure not found." + fi + + printINFO "configure command is ${config_com}" + if test x"$bd_packed" = x + then + command="make clean" + else + command="make CLIENTPASSWD=${bd_packed} samhain-packed" + fi + + + command=`eval echo $command`; + + if test x"$simulate" = x0 + then + if test $silent -lt 2 + then + ssh -x -l "${bd_user}" "${host}" /bin/sh -c \''(PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:${PATH}:${bd_addpath}'" && export PATH && cd "'${tmpdir}'" && tar -xf "'samhain-${src_version}.tar'" && cd "'samhain-${src_version}'" && eval "'${config_com}'" && eval "'${command}'" && make "'${format}-light'")'\' + else + ssh -x -l "${bd_user}" "${host}" /bin/sh -c \''(PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:${PATH}:${bd_addpath}'" && export PATH && cd "'${tmpdir}'" && tar -xf "'samhain-${src_version}.tar'" && cd "'samhain-${src_version}'" && eval "'${config_com}'" && eval "'${command}'" && make "'${format}-light'") >/dev/null'\' + fi + else + if test $silent -lt 2 + then + printINFO "ssh -x -l ${bd_user} ${host} /bin/sh -c '(PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\${PATH}:${bd_addpath} && export PATH && cd ${tmpdir} && tar -xf samhain-${src_version}.tar && cd samhain-${src_version} && eval ${config_com} && eval ${command} && make ${format}-light)'" + else + printINFO "ssh -x -l ${bd_user} ${host} /bin/sh -c '(PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\${PATH}:${bd_addpath} && export PATH && cd ${tmpdir} && tar -xf samhain-${src_version}.tar && cd samhain-${src_version} && eval ${config_com} && eval ${command} && make ${format}-light) >/dev/null'" + fi + fi + + if test x"$?" != x0 + then + printFATAL "Could not build package on host ${host}." + else + printINFO "Source compiled." + fi + + #--------------------------------------------------------------------- + # Fetch package and remove temporary build directory on build host. + #--------------------------------------------------------------------- + realformat=`echo $format | sed s,solaris-,,` + + if test x"$simulate" = x0 + then + ssh -x -l "${bd_user}" "${host}" '(cat "'${tmpdir}/samhain-${src_version}/samhain-install.sh'")' >"${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + else + printINFO "ssh -x -l ${bd_user} ${host} (cat ${tmpdir}/samhain-${src_version}/samhain-install.sh) >${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + fi + + if test x"$?" != x0 + then + printFATAL "Could not fetch samhain-install.sh script from host ${host}." + fi + chmod +x "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + + if test x"$simulate" = x0 + then + ssh -x -l "${bd_user}" "${host}" '(cat "'${tmpdir}/samhain-${src_version}/samhain-${src_version}.${realformat}'" && rm -rf "'${tmpdir}'")' >"${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + else + printINFO "ssh -x -l ${bd_user} ${host} (cat ${tmpdir}/samhain-${src_version}/samhain-${src_version}.${realformat} && rm -rf ${tmpdir}) >${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + fi + if test x"$?" != x0 + then + printFATAL "Could not fetch package samhain-${src_version}.${realformat} from host ${host}." + else + printLOG "Build directory ${tmpdir} deleted on host ${host}." + fi + chmod +x "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + + if test x"$simulate" = x0 + then + pkgsize=`ls -l "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" | awk '{print $5}'` + if test "x$pkgsize" = "x0"; then + printFATAL "Returned package file is empty." + fi + else + printINFO "ls -l ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} | awk '{print $5}'" + fi + + # >> Save password + # + if test x"$bd_packed" = x + then + : + else + if test x"$simulate" = x0 + then + echo "$bd_packed" >"${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" + fi + fi + + # >> Save configure options + # + if test x"$simulate" = x0 + then + cp "${basedir}/configs/${arch}.configure" "${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" + else + printINFO "cp ${basedir}/configs/${arch}.configure ${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" + fi + + printLOG "New package: ${arch}/samhain-${src_version}.${realformat}." +} + Index: branches/samhain-2_2-branch/dsys/comCHECKSRC =================================================================== --- branches/samhain-2_2-branch/dsys/comCHECKSRC (revision 66) +++ branches/samhain-2_2-branch/dsys/comCHECKSRC (revision 66) @@ -0,0 +1,120 @@ +######################################################################### +# +# Subroutine for the 'checksrc' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandCHECKSRC() { + printINFO "About to run \"$action\"" + + needEXE ls gpg + + + cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" + + LIST=`ls samhain*.tar.gz 2>/dev/null` + if test x$? != x0 + then + printINFO "No sources available." + fi + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` + if test x"${sh_version}" = x + then + printFATAL "Cannot determine version for $ff" + fi + + if test "$ff" != "samhain-${sh_version}.tar.gz" + then + printFATAL "Version number not correctly extracted from $ff" + fi + + if test -f "samhain-${sh_version}.tar.gz.asc" + then + : + else + printWARNING "No detached signature for $ff found" + if test x"$cs_delete" = x1 + then + if test x"$simulate" = x0 + then + printLOG "REMOVE $ff: No detached signature found." + rm -f "$ff" + else + printLOG "REMOVE $ff: No detached signature found." + printINFO "rm -f $ff" + fi + else + printLOG "BAD: $ff (no signature)" + fi + continue + fi + + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + + if test x"${sig_nokey}" != x + then + printWARNING "Public key (ID 0F571F6C) not found, trying to import it." + gpg --import ${basedir}/private/0F571F6C.asc 2>&5 + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + fi + + if test x"${sig_nokey}" != x + then + printFATAL "Importing public key failed." + fi + + if test x"${sig_ok}" = x + then + printWARNING "File $ff has no good signature" + if test x"$cs_delete" = x1 + then + if test x"$simulate" = x0 + then + printLOG "REMOVE $ff: No good signature found." + rm -f "$ff" + else + printLOG "REMOVE $ff: No good signature found." + printINFO "rm -f $ff" + fi + else + printLOG "BAD: $ff (invalid signature)" + fi + continue + fi + printLOG "OK: $ff" + + done + + if test x"$cs_delete" = x1 + then + printLOG "Checked sources in ${basedir}/source/ (delete=on)" + else + printLOG "Checked sources in ${basedir}/source/ (delete=off)" + fi + return 0 +} Index: branches/samhain-2_2-branch/dsys/comCLEAN =================================================================== --- branches/samhain-2_2-branch/dsys/comCLEAN (revision 66) +++ branches/samhain-2_2-branch/dsys/comCLEAN (revision 66) @@ -0,0 +1,79 @@ +######################################################################### +# +# Subroutine for the 'clean' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandCLEAN() { + printINFO "About to run \"$action\"" + + cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" + + LIST=`ls samhain*.tar.gz 2>/dev/null` + if test x$? != x0 + then + printINFO "No sources available." + fi + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` + if test x"${sh_version}" = x + then + printFATAL "Cannot determine version for $ff" + fi + + if test "$ff" != "samhain-${sh_version}.tar.gz" + then + printFATAL "Version number not correctly extracted from $ff" + fi + + if test -f "samhain-${sh_version}.tar.gz.asc" + then + printINFO "REMOVE samhain-${sh_version}.tar.gz.asc" + if test x"$simulate" = x0 + then + rm -f "samhain-${sh_version}.tar.gz.asc" + else + printINFO "rm -f samhain-${sh_version}.tar.gz.asc" + fi + fi + + if test -f "samhain-${sh_version}.tar.gz" + then + printINFO "REMOVE samhain-${sh_version}.tar.gz" + if test x"$simulate" = x0 + then + rm -f "samhain-${sh_version}.tar.gz" + else + printINFO "rm -f samhain-${sh_version}.tar.gz" + fi + fi + done + + printLOG "Cleaned sources in ${basedir}/source/" + + dbSHOWPKG dontshow delete + + printLOG "Cleaned unused packages in ${basedir}/archpkg/" + + return 0 +} Index: branches/samhain-2_2-branch/dsys/comDOWNLOAD =================================================================== --- branches/samhain-2_2-branch/dsys/comDOWNLOAD (revision 66) +++ branches/samhain-2_2-branch/dsys/comDOWNLOAD (revision 66) @@ -0,0 +1,280 @@ +######################################################################### +# +# Subroutine for the 'download' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandDOWNLOAD() { + printINFO "About to run \"$action\" for samhain version \"$src_version\"" + + needEXE du gunzip tar gpg + + + if test x"$simulate" = x0 + then + cd "${basedir}/tmp" || printFATAL "could not cd to ${basedir}/tmp" + rm -f "samhain-${src_version}.tar.gz" + else + # + # -- Simulate only: print what would be done + # + printINFO "cd ${basedir}/tmp" + printINFO "rm -f samhain-${src_version}.tar.gz" + fi + + command="" + + if test -z "$command" + then + findEXE wget + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="--quiet" + opt2="-O" + opt3="-" + fi + fi + + if test -z "$command" + then + findEXE curl + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="--silent" + opt2="--show-error" + opt3="--fail" + fi + fi + + if test -z "$command" + then + findEXE lynx + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="-source" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + findEXE links + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="-source" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + findEXE lwp-request + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + findEXE fetch + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="-q" + opt2="-o" + opt3="-" + fi + fi + + if test -z "$command" + then + findEXE fget + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + printFATAL "No wget, curl, lynx, links, lwp-request, fetch, fget in your \$PATH, cannot download" + fi + + if test x"${src_version}" = xcurrent + then + location="http://la-samhna.de/samhain/samhain-current.tar.gz" + if test -f /usr/bin/md5sum && test -f /bin/hostname + then + # + # for testing + # + dl_tmp_hna=`/bin/hostname -f 2>/dev/null` + dl_tmp_md5=`echo "x${dl_tmp_hna}" | md5sum` + if test x"$dl_tmp_md5" = "xc5f41bf28a7baf12c763f1be27a9b863" + then + location="http://localhost/samhain-current.tar.gz" + fi + fi + else + location="http://la-samhna.de/archive/samhain_signed-${src_version}.tar.gz" + if test -f /usr/bin/md5sum && test -f /bin/hostname + then + # + # for testing + # + dl_tmp_hna=`/bin/hostname -f 2>/dev/null` + dl_tmp_md5=`echo "x${dl_tmp_hna}" | /usr/bin/md5sum 2>/dev/null` + if test x"$dl_tmp_md5" = "xc5f41bf28a7baf12c763f1be27a9b863" + then + location="http://localhost/samhain_signed-${src_version}.tar.gz" + fi + fi + fi + + + printINFO "Executing $command $opt1 $opt2 $opt3 $location" + + if test x"$simulate" = x0 + then + eval "$command" "$opt1" "$opt2" "$opt3" "$location" 1>"samhain-${src_version}.tar.gz" 2>/dev/null + else + printINFO "$command" "$opt1" "$opt2" "$opt3" "$location" 1>"samhain-${src_version}.tar.gz" + printINFO "du -s -k samhain-${src_version}.tar.gz | awk '{ print $1 }'" + printLOG "Downloaded to samhain-${src_version}.tar.gz (XXX kB)" + printINFO "gunzip -c samhain-${src_version}.tar.gz | tar -tvf - " + printINFO "Source in tarball is version X.X.X" + printINFO "Unpacking to ${tmpD}" + printINFO "cd ${tmpD}" + printINFO "gunzip -c ${basedir}/tmp/samhain-${src_version}.tar.gz | tar -xf -" + printINFO "rm -f ${basedir}/tmp/samhain-${src_version}.tar.gz" + printINFO "Checking PGP signature" + printINFO "(LANG=C; gpg --status-fd 1 --verify samhain-X.X.X.tar.gz.asc samhain-X.X.X.tar.gz 2>&1 | grep 'GOODSIG')" + printINFO "cp samhain-X.X.X.tar.gz.asc samhain-X.X.X.tar.gz ${basedir}/source" + printLOG "Installed samhain (X.X.X) source" + return 0 + fi + + if test -f "samhain-${src_version}.tar.gz" + then + : + else + printFATAL "failed: $command $location" + fi + + size=`du -s -k "samhain-${src_version}.tar.gz" | awk '{ print $1 }'` + + if test $size -lt 100 + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "failed: $command $location" + else + printLOG "Downloaded to samhain-${src_version}.tar.gz (${size} kB)" + fi + + files=`gunzip -c "samhain-${src_version}.tar.gz" | tar -tvf - 2>/dev/null` + sig=`echo $files | egrep ' samhain.*tar\.gz\.asc$' 2>/dev/null` + sig_version=`echo $files | egrep ' samhain.*tar\.gz\.asc$' 2>/dev/null | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz\.asc//g'` + if test x"$sig" = x + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "downloaded file does not contain a PGP signature" + fi + + if test x"${sig_version}" = x + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "cannot determine samhain version from downloaded file" + fi + + if test x"${src_version}" != xcurrent + then + if test x"${src_version}" != x"${sig_version}" + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "downloaded version (${sig_version}) != requested version (${src_version})" + fi + fi + + printINFO "Source in tarball is version ${sig_version}" + printINFO "Unpacking to ${basedir}/source" + + cd "${tmpD}" || { + rm -f "${basedir}/tmp/samhain-${src_version}.tar.gz" + printFATAL "could not cd to ${tmpD}" + } + + gunzip -c "${basedir}/tmp/samhain-${src_version}.tar.gz" | tar -xf - + + rm -f "${basedir}/tmp/samhain-${src_version}.tar.gz" + + if test -f "samhain-${sig_version}.tar.gz" + then + if test -f "samhain-${sig_version}.tar.gz.asc" + then + : + else + printFATAL "not found in source: PGP signature samhain-${sig_version}.tar.gz.asc" + fi + else + printFATAL "not found in source: samhain-${sig_version}.tar.gz" + fi + + + printINFO "Checking PGP signature" + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + + if test x"${sig_nokey}" != x + then + printWARNING "Public key (ID 0F571F6C) not found, trying to import it." + gpg --import ${basedir}/private/0F571F6C.asc 2>&5 + sig_ok=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz" 2>/dev/null | grep 'GOODSIG')` + fi + + if test x"${sig_ok}" = x + then + (LANG="C"; gpg --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz") + printFATAL "no good signature" + fi + + cp "samhain-${sig_version}.tar.gz" "samhain-${sig_version}.tar.gz.asc" \ + ${basedir}/source/ || \ + printFATAL "failed: cp samhain-${sig_version}.tar.gz samhain-${sig_version}.tar.gz.asc ${basedir}/source/" + + printLOG "Installed samhain source (version=${sig_version})" + + return 0 +} Index: branches/samhain-2_2-branch/dsys/comINSTALL =================================================================== --- branches/samhain-2_2-branch/dsys/comINSTALL (revision 66) +++ branches/samhain-2_2-branch/dsys/comINSTALL (revision 66) @@ -0,0 +1,643 @@ +######################################################################### +# +# Subroutine for the 'install' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandINSTALL() { + + printINFO "About to run \"$action\" on host \"$host\"" + # + # configuration options we should know about + # + is_packed=0 + is_nocl="start" + is_xor="no" + + + if test -f "${basedir}/configs/${arch}.configure" + then + : + else + printFATAL "Configure options ${basedir}/configs/${arch}.configure missing." + fi + + if test -f "${basedir}/configs/${arch}.samhainrc" + then + : + else + printFATAL "Configuration file ${basedir}/configs/${arch}.samhainrc missing." + fi + + realformat=`echo $format | sed s,solaris-,,`; export realformat + + if test -f "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + then + : + else + printFATAL "Binary package OS: ${arch}, version: ${src_version}, format ${format} does not exist." + fi + + if test -f "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + then + : + else + printFATAL "Binary package OS: ${arch}, version: ${src_version}, format ${format} is incomplete and cannot be installed." + fi + + + if test -f "${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" + then + printINFO "Binary package OS: ${arch}, version: ${src_version}, format ${format} is packed." + is_packed=1 + is_passwd=`cat "${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" | tr -d '\n'` + else + is_passwd=`eval "${yule_exec}" -G` + if test x$? != x0 + then + printFATAL "Could not generate password. Is yule in your PATH ?" + fi + fi + + if test -f "${basedir}/configs/${arch}.preinstall" + then + cp "${basedir}/configs/${arch}.preinstall" "${tmpD}/preinstall" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.preinstall to ${tmpD}/preinstall" + is_preinstall_full="${tmpD}/preinstall" + else + is_preinstall_full="${basedir}/libexec/preinstall" + fi + + if test -f "${basedir}/configs/${arch}.postinstall" + then + cp "${basedir}/configs/${arch}.postinstall" "${tmpD}/postinstall" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.postinstall to ${tmpD}/postinstall" + is_postinstall_full="${tmpD}/postinstall" + else + is_postinstall_full="${basedir}/libexec/postinstall" + fi + + if test -f "${basedir}/configs/${arch}.initscript" + then + cp "${basedir}/configs/${arch}.initscript" "${tmpD}/initscript" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.initscript to ${tmpD}/initscript" + is_initscript_full="${tmpD}/initscript" + else + is_initscript_full="${basedir}/libexec/initscript" + fi + + #--------------------------------------------------------------------- + # Get important configuration options. + #--------------------------------------------------------------------- + + getconfopts "${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" || printFATAL "Could not check config file ${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" + + + #--------------------------------------------------------------------- + # Prepare the configuration file + #--------------------------------------------------------------------- + + if test -f "${basedir}/hosts/${host}/${arch}.samhainrc" + then + hostconfig="${basedir}/hosts/${host}/${arch}.samhainrc" + elif test -f "${basedir}/hosts/${host}/samhainrc" + then + hostconfig="${basedir}/hosts/${host}/samhainrc" + else + hostconfig="${basedir}/configs/${arch}.samhainrc" + fi + + test -f "${hostconfig}" || printFATAL "Configuration file ${hostconfig} missing." + + # Handle the '--enable-stealth' option + # + if test x"${is_xor}" = xno + then + : + else + test -f "${basedir}/private/stealth_template.ps" || \ + printFATAL "${basedir}/private/stealth_template.ps not available." + ${basedir}/libexec/samhain_stealth -o "${hostconfig}" >/dev/null ||\ + printFATAL "Problem reading ${hostconfig}". + ccount=`${basedir}/libexec/samhain_stealth -o "${hostconfig}" 2>&1 | awk '{ print $1 }'` + ${basedir}/libexec/samhain_stealth -i "${basedir}/private/stealth_template.ps" >/dev/null || \ + printFATAL "Problem reading ${basedir}/private/stealth_template.ps" + mcount=`${basedir}/libexec/samhain_stealth -i "${basedir}/private/stealth_template.ps" 2>&1 | awk '{ print $7 }'` + + if test ${mcount} -lt ${ccount} + then + printFATAL "Configuration file ${hostconfig} too big." + fi + + cp "${basedir}/private/stealth_template.ps" "$tmpD" || \ + printFATAL "Could not copy ${basedir}/private/stealth_template.ps to ${tmpD}/" + ${basedir}/libexec/samhain_stealth -s "${tmpD}/stealth_template.ps" "${hostconfig}" >/dev/null + if test "x$?" = x0 + then + printINFO "Configuration file hidden into stealth_template.ps" + hostconfig="${tmpD}/stealth_template.ps" + else + printFATAL "Could not run ${basedir}/libexec/samhain_stealth -s ${tmpD}/stealth_template.ps ${hostconfig}" + fi + fi + + rm -f "${tmpD}/prepared_samhainrc" + cp "${hostconfig}" "${tmpD}/prepared_samhainrc" || \ + printFATAL "Could not copy ${hostconfig} to ${tmpD}/prepared_samhainrc" + hostconfig="${tmpD}/prepared_samhainrc" + + #--------------------------------------------------------------------- + # Create temporary directory on host. + #--------------------------------------------------------------------- + + tmpdir=`eval echo "/tmp/sh_${src_version}_${arch}_${format}_$$"` + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (umask 0077; mkdir ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not create temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} created on host ${host}." + fi + + #--------------------------------------------------------------------- + # Copy to host. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + if test x"$silent" = x0 + then + scp "${is_initscript_full}" "${is_preinstall_full}" "${is_postinstall_full}" "${hostconfig}" "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" "root@${host}:${tmpdir}/" + else + scp -q "${is_initscript_full}" "${is_preinstall_full}" "${is_postinstall_full}" "${hostconfig}" "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" "root@${host}:${tmpdir}/" + fi + else + if test x"$silent" = x0 + then + printINFO "scp ${is_initscript_full} ${is_preinstall_full} ${is_postinstall_full} ${hostconfig} ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} root@${host}:${tmpdir}/" + else + printINFO "scp -q ${is_initscript_full} ${is_preinstall_full} ${is_postinstall_full} ${hostconfig} ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} root@${host}:${tmpdir}/" + fi + fi + if test x"$?" != x0 + then + printFATAL "Could not copy package to host ${host}." + else + printINFO "Package copied to host ${host}." + fi + + #--------------------------------------------------------------------- + # Run preinstall script. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && cp "'install-${src_version}.${realformat}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x preinstall && ./preinstall)' + else + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && cp install-${src_version}.${realformat} samhain-install.sh && chmod +x samhain-install.sh && chmod +x preinstall && ./preinstall)" + fi + if test x"$?" != x0 + then + printFATAL "Could not run preinstall script on host ${host}." + else + printLOG "Preinstall script executed on host ${host}" + fi + + #--------------------------------------------------------------------- + # Install. + #--------------------------------------------------------------------- + + if test "x$format" = "xrun"; then + is_command="/bin/sh" + elif test "x$format" = "xdeb"; then + is_command="dpkg --install --force-downgrade --force-confnew" + elif test "x$format" = "xrpm"; then + is_command="rpm --upgrade --quiet --oldpackage" + elif test "x$format" = "xtbz2"; then + is_command="emerge -K" + elif test "x$format" = "xsolaris-pkg"; then + is_command="pkgadd -n -d" + elif test "x$format" = "xdepot"; then + is_command="/usr/sbin/swinstall -x fix_explicit_directories=false -v -s " + else + printFATAL "Don't know how to install package format ${format}" + fi + + if test "x$format" = "xdepot" + then + tmp_iname=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name` + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/sbin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'${tmpdir}/samhain-${src_version}.${realformat}'" "'${tmp_iname}'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} ${tmpdir}/samhain-${src_version}.${realformat} ${tmp_iname})'" + fi + elif test "x$format" = "xsolaris-pkg" + then + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'samhain-${src_version}.${realformat} all'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} samhain-${src_version}.${realformat}) all'" + fi + elif test "x$format" = "xtbz2" + then + # Gentoo is a PITA + # + tmp_iname=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name` + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'samhain-${src_version}.${realformat}'" "'/usr/portage/packages/All/${tmp_iname}-${src_version}.tbz2'" && eval "'${is_command}'" "'${tmp_iname}-${src_version}.${realformat}'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && cp samhain-${src_version}.${realformat} /usr/portage/packages/${tmp_iname}-${src_version}.tbz2 && eval ${is_command} ${tmp_iname}-${src_version}.${realformat})'" + fi + else + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'samhain-${src_version}.${realformat}'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} samhain-${src_version}.${realformat})'" + fi + fi + + if test x"$?" != x0 + then + printFATAL "Could not install package on host ${host}." + else + printLOG "Package installed on host ${host}" + fi + + + #--------------------------------------------------------------------- + # Run postinstall script to fix the client password. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + if test "x${is_packed}" = "x0" + then + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x postinstall && ./postinstall "'${is_passwd}'") >/dev/null' + else + # Dummy argument + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x postinstall && ./postinstall DUMMY ) >/dev/null' + fi + else + if test "x${is_packed}" = "x0" + then + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && chmod +x postinstall && ./postinstall ${is_passwd})" + else + # Dummy argument + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && chmod +x postinstall && ./postinstall DUMMY )" + fi + fi + + if test x"$?" != x0 + then + printFATAL "Could not run postinstall script on host ${host}." + else + printLOG "Postinstall script executed on host ${host}" + fi + + #--------------------------------------------------------------------- + # Update the rc file + #--------------------------------------------------------------------- + + if test "x${is_rcfile}" = xy + then + mytest_file=`ls -1 "${yule_data}/rc*" 2>/dev/null | tail -n 1 2>/dev/null` + if test "x$mytest_file" = x; then + rcfile_perm=640; + xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ + grep "^samhain:" | awk -F: '{ print $3; }'` + if test "x$xgid" = x; then + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=`ls -ld ${yule_data} | awk '{print $4 }'` + else + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=samhain + fi + else + mytest_file=`basename $mytest_file` + rcfile_perm=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $4 }'` + fi + + if test -f "${hostconfig}" + then + if test x"$simulate" = x0 + then + ageFILE "${yule_data}/rc.${host}" || printFATAL "Could not backup ${yule_data}/rc.${host}." + cp "${hostconfig}" "${yule_data}/rc.${host}" || printFATAL "Could not copy ${hostconfig} to ${yule_data}/rc.${host}" + chown ${rcfile_owner}:${rcfile_group} "${yule_data}/rc.${host}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_data}/rc.${host}" + chmod ${rcfile_perm} "${yule_data}/rc.${host}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_data}/rc.${host}" + else + printINFO "Backup existing ${yule_data}/rc.${host}" + printINFO "Copy ${hostconfig} to ${yule_data}/rc.${host}" + fi + else + printFATAL "${hostconfig} is missing." + fi + printLOG "Server-side config file ${yule_data}/rc.${host} copied from ${hostconfig}." + fi + + #--------------------------------------------------------------------- + # Server entry and restart + #--------------------------------------------------------------------- + + instlock="${yule_conf}.lockdir"; + trap "rm -rf ${instlock}" 1 2 13 15 + + if test x"$simulate" = x0 + then + # + # A lockfile will not work, because 'root' can write anyway. + # However, 'mkdir' an existing directory will fail even for root + # + until (umask 222; mkdir "${instlock}") 2>/dev/null # test & set + do + printINFO "Waiting for lock" + sleep 1 + done + fi + + Replace=`"${yule_exec}" -P "${is_passwd}" | sed s%HOSTNAME%${host}%g` + if test "x$Replace" = x + then + rm -rf "${instlock}" + printFATAL "Could not execute ${yule_exec} -P ${is_passwd}." + fi + SearchString="Client=${host}@" + Seen=n + echo >"$tmpF" || printFATAL "Cannot write new server configuration." + while read line + do + if test "x$Seen" = xn + then + echo "$line" >>"$tmpF" + if test -n "`echo $line | awk '/^\[Clients\]/'`" + then + Seen=y + echo "$Replace" >>"$tmpF" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Cannot write new server configuration." + fi + fi + else + if test -n "`echo $line | awk '/^'${SearchString}'/'`" + then + : + else + echo "$line" >>"$tmpF" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Cannot write new server configuration." + fi + fi + fi + done <"${yule_conf}" + + rcfile_perm=`ls -l "${yule_conf}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${yule_conf}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${yule_conf}" | \ + awk '{print $4 }'` + + if test x"$simulate" = x0 + then + ageFILE "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not backup ${yule_conf}" + fi + + rm -f "${yule_conf}" && cp "$tmpF" "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not write new server config. Backup is ${yule_conf}.1" + fi + + chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" + fi + + chmod ${rcfile_perm} "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" + fi + else + printINFO "Backup and update ${yule_conf}" + fi + + if test "x${local_command}" = x + then + : + else + if test x"$simulate" = x0 + then + eval "${local_command}" "${host}" "${arch}" "${basedir}" "${yule_data}" "first" + else + printINFO "eval ${local_command} ${host} ${arch} ${basedir} ${yule_data} first" + fi + fi + + yule_name=`basename "${yule_exec}"` + + if test x"$simulate" = x0 + then + if test -f "/etc/init.d/${yule_name}" + then + eval "/etc/init.d/${yule_name}" reload + if test x"$?" != x0 + then + printWARNING "Could not reload server using: /etc/init.d/${yule_name} reload." + fi + else + eval "${yule_exec}" reload + if test x"$?" != x0 + then + printWARNING "Could not reload server using: ${yule_exec} reload." + fi + fi + # + # wait for the server to pick up the new configuration + # + sleep 5 + # + rm -rf "${instlock}" + else + printINFO "Reloading server configuration." + fi + + printLOG "Server configuration updated and reloaded." + + + #--------------------------------------------------------------------- + # Write/update client database + #--------------------------------------------------------------------- + + SH_NAME=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name`; export SH_NAME + SH_PREFIX=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config prefix`; export SH_PREFIX + + if test x"$simulate" = x0 + then + updateDB + else + printINFO "Updating client database." + fi + + #--------------------------------------------------------------------- + # Initialize and fetch database + #--------------------------------------------------------------------- + + if test "x${is_init}" = xy + then + if test x"$simulate" = x0 + then + if test x"$silent" != x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && chmod +x initscript && ./initscript ${is_nocl} >/dev/null 2>&1 )'\' + else + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && chmod +x initscript && ./initscript ${is_nocl} >/dev/null 2>&1 )'\' + fi + if test x"$?" != x0 + then + printFATAL "Could not initialize database on host ${host}." + else + printLOG "Database initialized on host ${host}" + fi + scp -q "root@${host}:${tmpdir}/data" "$tmpD" || \ + printFATAL "Could not retrieve database file root@${host}:${tmpdir}/data" + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && chmod +x initscript && ./initscript ${is_nocl})'" + printLOG "Database initialized on host ${host}" + printINFO "scp -q root@${host}:${tmpdir}/data $tmpD" + fi + + mytest_file=`ls -1 "${yule_data}/file*" 2>/dev/null | tail -n 1 2>/dev/null` + if test "x$mytest_file" = x; then + rcfile_perm=640; + xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ + grep "^samhain:" | awk -F: '{ print $3; }'` + if test "x$xgid" = x; then + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=`ls -ld ${yule_data} | awk '{print $4 }'` + else + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=samhain + fi + else + mytest_file=`basename $mytest_file` + rcfile_perm=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $4 }'` + fi + + if test x"$simulate" = x0 + then + if test -f "$tmpD/data" + then + ageFILE "${yule_data}/file.${host}" || printFATAL "Could not backup ${yule_conf}." + mv "$tmpD/data" "${yule_data}/file.${host}" || printFATAL "Could not move database file to ${yule_data}/file.${host}" + chown ${rcfile_owner}:${rcfile_group} "${yule_data}/file.${host}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_data}/file.${host}" + chmod ${rcfile_perm} "${yule_data}/file.${host}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_data}/file.${host}" + else + printFATAL "Database file not downloaded from host ${host}" + fi + else + printINFO "Backup and replace ${yule_data}/file.${host}" + fi + fi + + #--------------------------------------------------------------------- + # Start up. + #--------------------------------------------------------------------- + + if test "x${local_command}" = x + then + : + else + if test x"$simulate" = x0 + then + eval "${local_command}" "${host}" "${arch}" "${basedir}" "${yule_data}" "second" + else + printINFO "eval ${local_command} ${host} ${arch} ${basedir} ${yule_data} second" + fi + fi + + if test "x${is_startup}" = xy + then + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x initscript && eval "'./initscript ${is_nocl} start'")' + else + printINFO "Starting remote client now." + fi + if test x"$?" != x0 + then + printFATAL "Could not start client on host ${host}." + else + printLOG "Client started on host ${host}." + fi + fi + + #--------------------------------------------------------------------- + # Clean up. + #--------------------------------------------------------------------- + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(rm -rf "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (rm -rf ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not remove temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} deleted on host ${host}." + fi + +} + Index: branches/samhain-2_2-branch/dsys/comUNINSTALL =================================================================== --- branches/samhain-2_2-branch/dsys/comUNINSTALL (revision 66) +++ branches/samhain-2_2-branch/dsys/comUNINSTALL (revision 66) @@ -0,0 +1,188 @@ +######################################################################### +# +# Subroutine for the 'uninstall' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandUNINSTALL() { + + printINFO "About to run \"$action\" on host \"$host\"" + + format=`setupFORMAT ${DB_version}` + realformat="$format" + + src_version=`setupVERSION ${DB_version}` + + test -f "${basedir}/archpkg/${DB_arch}/install-${DB_version}" || \ + printFATAL "Install script ${DB_arch}/install-${DB_version} not found" + + name=`/bin/sh "${basedir}/archpkg/${DB_arch}/install-${DB_version}" '--print-config' 'name'` + + test x"$name" = x"${DB_name}" || \ + printFATAL "Client database and installer files are inconsistent" + + arch="${DB_arch}" + + #--------------------------------------------------------------------- + # Uninstall. + #--------------------------------------------------------------------- + + if test "x$format" = "xrun"; then + is_command="./samhain-install.sh --force --express purge" + target="uninstall" + elif test "x$format" = "xdeb"; then + is_command="dpkg --purge" + target="${DB_name}" + elif test "x$format" = "xrpm"; then + is_command="rpm --erase" + target="${DB_name}" + elif test "x$format" = "xtbz2"; then + is_command="emerge unmerge" + target="${DB_name}" + elif test "x$realformat" = "xpkg"; then + is_command="pkgremove" + target="${DB_name}" + elif test "x$realformat" = "xdepot"; then + is_command="/usr/sbin/swremove" + target="${DB_name}" + else + printFATAL "Don't know how to uninstall package format ${format}" + fi + + if test x"$silent" = x0 + then + is_rmboot="./samhain-install.sh --force --express uninstall-boot" + else + is_rmboot="./samhain-install.sh --force --express --verbose uninstall-boot" + fi + + #--------------------------------------------------------------------- + # Create temporary directory on host. + #--------------------------------------------------------------------- + + tmpdir=`eval echo "/tmp/sh_${src_version}_${arch}_${format}_$$"` + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (umask 0077; mkdir ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not create temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} created on host ${host}." + fi + + #--------------------------------------------------------------------- + # Copy to host. + #--------------------------------------------------------------------- + + if test -f "${basedir}/configs/${arch}.initscript" + then + cp "${basedir}/configs/${arch}.initscript" "${tmpD}/initscript" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.initscript to ${tmpD}/initscript" + is_initscript_full="${tmpD}/initscript" + else + is_initscript_full="${basedir}/libexec/initscript" + fi + + if test x"$simulate" = x0 + then + if test x"$silent" = x0 + then + scp "${is_initscript_full}" "${basedir}/archpkg/${arch}/install-${src_version}.${format}" "root@${host}:${tmpdir}/" + else + scp -q "${is_initscript_full}" "${basedir}/archpkg/${arch}/install-${src_version}.${format}" "root@${host}:${tmpdir}/" + fi + else + if test x"$silent" = x0 + then + printINFO "scp ${is_initscript_full} ${basedir}/archpkg/${arch}/install-${src_version}.${format} root@${host}:${tmpdir}/" + else + printINFO "scp -q ${is_initscript_full} ${basedir}/archpkg/${arch}/install-${src_version}.${format} root@${host}:${tmpdir}/" + fi + fi + if test x"$?" != x0 + then + printFATAL "Could not copy uninstall script to host ${host}." + else + printINFO "Script copied to host ${host}." + fi + + + #--------------------------------------------------------------------- + # Run uninstall script. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + # + # No, this is not a bug; the first 'start' argument to 'initscript' + # is a required dummy argument. + # + if test x"$silent" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'install-${src_version}.${format}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "'${is_command}'" "'${target}'"; eval "'${is_rmboot}'")'\' + else + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'install-${src_version}.${format}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "'${is_command}'" "'${target}'"; eval "'${is_rmboot}'") >/dev/null'\' + fi + else + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && && PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\$PATH && export PATH cp install-${src_version}.${realformat} samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "${is_command}" "${target}"; eval "${is_rmboot}")" + fi + if test x"$?" != x0 + then + printFATAL "Could not complete uninstall on host ${host}." + else + printLOG "Uninstall executed on host ${host}" + fi + + #--------------------------------------------------------------------- + # Clean up. + #--------------------------------------------------------------------- + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(rm -rf "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (rm -rf ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not remove temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} deleted on host ${host}." + fi + + #--------------------------------------------------------------------- + # Write/update client database + #--------------------------------------------------------------------- + + SH_NAME="$name"; export SH_NAME + SH_PREFIX=`/bin/sh ${basedir}/archpkg/${DB_arch}/install-${DB_version} --print-config prefix`; export SH_PREFIX + + if test x"$simulate" = x0 + then + updateDB D2_removed + else + printINFO "Updating client database." + fi +} Index: branches/samhain-2_2-branch/dsys/funcBUILD =================================================================== --- branches/samhain-2_2-branch/dsys/funcBUILD (revision 66) +++ branches/samhain-2_2-branch/dsys/funcBUILD (revision 66) @@ -0,0 +1,251 @@ +######################################################################### +# +# Subroutine for bulding from source +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +#------------------------------------------------------------------------ +# List available sources +#------------------------------------------------------------------------ +listSRC() { + + + OKSRCLIST=""; export OKSRCLIST + + echo > $tmpF; + + needEXE ls gpg + + cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" + + LIST=`ls samhain*.tar.gz 2>/dev/null` + + if test x"$LIST" = x + then + printFATAL "No source tarball found in ${basedir}/source. Please use 'deploy.sh download'." + fi + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` + if test x"${sh_version}" = x + then + printFATAL "Cannot determine version for $ff" + fi + + if test "$ff" != "samhain-${sh_version}.tar.gz" + then + printFATAL "Version number not correctly extracted from $ff" + fi + + if test -f "samhain-${sh_version}.tar.gz.asc" + then + : + else + printWARNING "No detached signature for $ff found" + continue + fi + + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + + if test x"${sig_nokey}" != x + then + printWARNING "Public key (ID 0F571F6C) not found, trying to import it." + gpg --import ${basedir}/private/0F571F6C.asc 2>&5 + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + fi + + if test x"${sig_nokey}" != x + then + printFATAL "Importing public key failed." + fi + + if test x"${sig_ok}" = x + then + printWARNING "File $ff has no good signature" + continue + fi + + if test x"$1" = x + then + OKSRCLIST="$OKSRCLIST ${sh_version}" + else + if test x"$1" = x"${sh_version}" + then + OKSRCLIST="${sh_version}" + return 0 + fi + fi + done + + if test x"$OKSRCLIST" = x + then + printFATAL "No source tarball found. Please use 'deploy.sh download'." + fi + + for dd in $OKSRCLIST + do + echo $dd >> "$tmpF" + done + + OKSRCLIST=`cat "$tmpF" | sort -r | sed 9q` + export OKSRCLIST + + rm -f "$tmpF" && touch "$tmpF" + echo $OKSRCLIST > "$tmpF" + + return 0 +} + +selBVERSION() { + #--------------------------------------------------------------------- + # Select version to build + #--------------------------------------------------------------------- + if test x"$src_version" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No version selected, aborting." + fi + + promptINFO "Checking which versions are available" + + ((listSRC | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + OKSRCLIST=`cat "$tmpF"` + n=0 + for word in $OKSRCLIST + do + n=`expr $n + 1` + eval part$n="$word" + done + + command="promptMENU 'Please select version to build' " + for word in $OKSRCLIST + do + command="$command '${word}'" + done + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + src_version="$MENU"; export src_version + fi + + else + ((listSRC "$src_version" | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + fi +} + +selBARCH() { + #--------------------------------------------------------------------- + # Select arch to build + #--------------------------------------------------------------------- + if test x"$arch" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No operating system selected, aborting." + fi + cd "$basedir"/configs || printFATAL "Cannot cd to $basedir/configs !" + LIST=`ls *.configure 2>/dev/null` + if test x"$LIST" = x + then + printFATAL "No config files found in ${basedir}/configs." + fi + + n=0 + command="promptMENU 'Please select operating system of build host' " + ALIST="" + FLIST="" + for ff in $LIST + do + n=`expr $n + 1` + osp=`echo $ff | sed s/\.configure//` + ALIST="$ALIST $osp" + FLIST="$FLIST $osp" + if test $n -lt 8 + then + command="$command '${osp}'" + fi + done + command="$command other" + + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + arch="$MENU"; export arch + if test x"$arch" = xother + then + promptINPUT "Please select operating system of build host from $FLIST or enter new one" + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + found=`echo $FLIST | sed -n /$INPUT/p 2>/dev/null` + if test x"$found" = x + then + printLOG "Copy configuration for $INPUT from generic" + cp generic.configure "${INPUT}.configure" + fi + arch="$INPUT"; export arch + fi + fi + fi + + fi + # arch selected or exited +} + +selBFORMAT() { + if test x"$format" = x + then + promptMENU "Please select format of binary package" "run" "rpm" "deb" "tbz2" "solaris-pkg" "depot" + if test x$m = x1 + then + (exit 0); exit 0 + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + format="$MENU"; export format + fi + fi +} Index: branches/samhain-2_2-branch/dsys/funcDB =================================================================== --- branches/samhain-2_2-branch/dsys/funcDB (revision 66) +++ branches/samhain-2_2-branch/dsys/funcDB (revision 66) @@ -0,0 +1,311 @@ +######################################################################### +# +# More subroutines for client DB +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +DBFTEST=0 + +dbSETFLAG() { + case "$line" in + *\*) + DBFTEST=0; + return 0; + ;; + + *\${DB_host}\*) + DBFTEST=1; + return 1; + ;; + + *) + return ${DBFTEST}; + ;; + esac +} + + +DB_arch=""; export DB_arch; +DB_status=""; export DB_status; +DB_version=""; export DB_version; +DB_date=""; export DB_date; +DB_name=""; export DB_name; + +dbINFO() { + + if test "x$1" = x + then + printFATAL "No host specified, aborting" + else + DB_host="$1" + fi + + DB_arch=""; export DB_arch; + DB_status=""; export DB_status; + DB_version=""; export DB_version; + DB_date=""; export DB_date; + DB_name=""; export DB_name; + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + if test -f "${DATABASE}" + then + SStr1=`grep '' "${DATABASE}"` + if test "x${SStr1}" != "x" + then + + SStr2=`grep "${DB_host}" "${DATABASE}"` + + SStr3= + + if test "x${SStr2}" != "x" + then + exec 3<&0 <"${DATABASE}" + while + read line + do + # for some reason, var=xx only works in a function call (why?) + # + # here we test if we are still in the same client block + # (set_flag will return 0 for and following) + dbSETFLAG "$line" + + if test "x$?" = "x1" + then + case "$line" in + *\*\) + DB_arch=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_os_machine>\(.*\)$/{ s//\2/; q; }'` + export DB_arch + ;; + + *\*\) + DB_status=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_install_status>\(.*\)$/{ s//\2/; q; }'` + export DB_status + ;; + + *\*\) + DB_date=`echo "$line" | sed '/^\(.*\)\([ 0-9a-zA-Z_.:,-]*\)<\/client_install_date>\(.*\)$/{ s//\2/; q; }'` + export DB_date + ;; + + *\*\) + DB_name=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_install_name>\(.*\)$/{ s//\2/; q; }'` + export DB_name + ;; + + *\*\) + ;; + + *\*\) + DB_version=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_.-]*\)<\/client_install_version>\(.*\)$/{ s//\2/; q; }'` + export DB_version + ;; + + *) + ;; + + esac + else + : + fi + done + exec 0<&3 3<&- + return 0 + else + printINFO "Host ${DB_host} not found in client database" + return 1 + fi + else + printINFO "Client database ${DATABASE} in bad shape" + return 1 + fi + else + printINFO "Client database ${DATABASE} not available" + return 1 + fi +} + +DB_hostlist=""; export DB_hostlist + +dbHOSTLIST() { + + DB_hostlist=""; export DB_hostlist + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + if test -f "${DATABASE}" + then + DB_hostlist=`cat "${DATABASE}" | grep 'client_host' | sed '/^\(.*\)\([0-9a-zA-Z.-]*\)<\/client_host>\(.*\)$/{ s//\2/; }' | sort` + export DB_hostlist + return 0 + else + printINFO "Client database ${DATABASE} not available" + return 1 + fi +} + +dbSHOWHOSTS() { + + if test "x$1" = x + then + dbHOSTLIST + else + DB_hostlist="$1" + fi + + if test "x$?" = x1 + then + printLOG "No known hosts - database unavailable" + fi + if test "x${DB_hostlist}" = x + then + printLOG "No known hosts - database unavailable, empty, or corrupt" + fi + + for ff in ${DB_hostlist} + do + dbINFO "$ff" + + + if test "x$?" = x1 + then + : + else + test -z "${DB_date}" && DB_date="INDEF" + test -z "${DB_arch}" && DB_arch="INDEF" + test -z "${DB_version}" && DB_version="INDEF" + + tmp_status="-" + if test "x$DB_status" = xinstalled + then + tmp_status="o" + elif test "x$DB_status" = xD2_installed + then + tmp_status="i" + elif test "x$DB_status" = xD2_removed + then + tmp_status="u" + fi + out=`echo | awk '{ printf "%1s %14s %-11s %19s %s\n", "'"${tmp_status}"'", "'"${DB_arch}"'", "'"${DB_version}"'", "'"${DB_date}"'", "'"${ff}"'" }'` + printINFO "${out}" + fi + done +} + + +dbSHOWPKG() { + + delete=no + show=no + + if test x"$1" = xshow + then + show=yes + fi + if test x"$2" = xdelete + then + delete=yes + fi + + cd "${basedir}/archpkg" || printFATAL "Cannot cd to ${basedir}/archpkg" + + dbHOSTLIST + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + LIST=`ls` + this_dir=`pwd` + + for dd in $LIST + do + if test -d "$dd" + then + cd "$dd" + + PKGLIST=`ls samhain-* 2>/dev/null` + + for ff in $PKGLIST + do + if test -f "$ff" + then + version=`echo "$ff" | sed -e 's%samhain-%%'` + + tmp_status="-" + + grep "$version" "${DATABASE}" >/dev/null 2>&1 + if test "x$?" = x0 + then + for hh in ${DB_hostlist} + do + dbINFO "$hh" + if test x"${DB_arch}" = x"${dd}" && \ + test x"${DB_version}" = x"${version}" + then + tmp_status="-" + if test "x$DB_status" = xinstalled + then + tmp_status="o" + elif test "x$DB_status" = xD2_installed + then + tmp_status="i" + fi + break + fi + done + else + tmp_status="-" + fi + + if test x"${show}" = xyes + then + printINFO "${tmp_status} ${dd}/${version}" + fi + + if test x"${delete}" = xyes && test x"${tmp_status}" = "x-" + then + printLOG "REMOVE ${dd}/${version}" + + if test x"$simulate" = x0 + then + rm -f "samhain-${version}" + rm -f "install-${version}" + rm -f "configure-${version}" + else + printINFO "rm -f ${dd}/samhain-${version}" + printINFO "rm -f ${dd}/install-${version}" + printINFO "rm -f ${dd}/configure-${version}" + fi + fi + fi + done + cd "${this_dir}" + fi + done +} Index: branches/samhain-2_2-branch/dsys/funcDIALOG =================================================================== --- branches/samhain-2_2-branch/dsys/funcDIALOG (revision 66) +++ branches/samhain-2_2-branch/dsys/funcDIALOG (revision 66) @@ -0,0 +1,354 @@ +######################################################################### +# +# Interaction Subroutines +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# print without newline +# +printASK() { + echo $ECHO_N "$@ $ECHO_C" +} + +# find a 'dialog' program +# +findDIALOG() { + + if test x"$DIALOG" = xno + then + DIALOG=""; return 0 + elif test -n "$DIALOG" + then + return 0 + fi + + PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH + X="$PATH" + progs="dialog"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + for dia in $progs; do + dialog="$dir/$dia" + if (test -f "$dialog" || test -f "$dialog.exe") + then + if "$dialog" 2>&1 | grep tailbox >/dev/null 2>&1 + then + IFS=${OLD_IFS}; export IFS + DIALOG="$dialog"; export DIALOG + return 0 + fi + fi + done + done + IFS=${OLD_IFS}; export IFS + DIALOG=""; export DIALOG +} + + +# prompt user for yes/no +# +promptYESNO() { + if test $# -lt 1 + then + printFATAL "promptYESNO: insufficient arguments" + fi + + if test $silent -gt 1 + then + YESNO=y; export YESNO + return 0 + fi + + DEFAULT="" + case "$2" in + [yY]|[yY][eE][sS]) + DEFAULT=y ;; + [nN]|[nN][oO]) + DEFAULT=n ;; + esac + + YESNO="" + + if test -n "$DIALOG" + then + + if test x"$assumeyes" = x1 + then + YESNO="$DEFAULT"; export YESNO + return 0 + fi + + "$DIALOG" --title "deploy.sh $version" --yesno "$1" 10 75 2>"$tmpF" + mtest=$? + if test x"$mtest" = "x-1" + then + printFATAL "promptYESNO: something went wrong" + elif test x"$mtest" = x0 + then + YESNO=y + else + YESNO=n + fi + else + while : + do + if test x"$DEFAULT" = xy + then + printASK "$1 (Y/n) ?" + elif test x"$DEFAULT" = xn + then + printASK "$1 (N/y) ?" + else + printASK "$1 (y/n) ?" + fi + + if test x"$assumeyes" = x1 + then + YESNO="$DEFAULT"; export YESNO + echo "$DEFAULT" + return 0 + fi + + read YESNO + if test -z "$YESNO" + then + YESNO="$DEFAULT" + fi + + case "$YESNO" in + [yY]|[yY][eE][sS]) + YESNO=y; break ;; + [nN]|[nN][oO]) + YESNO=n; break ;; + *) + YESNO="" ;; + esac + done + fi + export YESNO + return 0 +} + +# get user input from tmp file +# +getINPUT() { + INPUT=`cat $tmpF` + export INPUT + return 0 +} + +# info box +# +promptINFO() { + if test $# -lt 1 + then + printFATAL "promptINPUT: insufficient arguments" + fi + + if test x"$silent" != x0 + then + return 0 + fi + + if test -n "$DIALOG" + then + "$DIALOG" --title "deploy.sh $version" --sleep 2 --infobox "$1" 8 75 + else + echo $1 + fi + return 0 +} + +# prompt user for input +# +promptINPUT() { + if test $# -lt 1 + then + printFATAL "promptINPUT: insufficient arguments" + fi + + if test $assumeyes -gt 0 + then + printFATAL "promptINPUT: user interaction required" + fi + + INPUT="" + DEFAULT="$2" + + if test -n "$DIALOG" + then + "$DIALOG" --title "deploy.sh $version" --inputbox "$1" 16 75 "$2" 2>"$tmpF" + mtest=$? + if test x"$mtest" = "x1" + then + # cancel button + (exit 0); exit 0; + fi + if test x"$mtest" = "x-1" + then + printFATAL "promptINPUT: something went wrong" + else + getINPUT + fi + else + + while : + do + if test -z "$DEFAULT" + then + printASK "$1 ?" + else + printASK "$1 ? $DEFAULT" + fi + + read INPUT + + if test -z "$INPUT" + then + if test -n "$DEFAULT" + then + locINPUT="$DEFAULT" + break + fi + elif test -n "$INPUT" + then + break + fi + done + export INPUT + fi + return 0 +} + +# get MENU from tmp file +# +getMENU() { + MENU=`cat $tmpF` + export MENU + return 0 +} + +# prompt user for options from menu +# +promptMENU() { + if test $# -lt 2 + then + printFATAL "promptMENU: insufficient arguments" + fi + + if test $assumeyes -gt 0 + then + printFATAL "promptMENU: user interaction required" + fi + + TITLE="$1" + shift + + if test -n "$DIALOG" + then + #command="'$DIALOG' '--title' \\'deploy.sh $version\\' '--backtitle'" + #command="$command \'$TITLE\' '--menu' \'$TITLE\' '16' '75' '$#'" + + argc=$# + if test $argc -gt 7 + then + argc=7 + fi + + command="'$1' '' 'on'" + shift + + for item + do + command="$command '$item' '' 'off'" + done + + command="$command " + + # printFATAL "$command" + eval $DIALOG '--title' \'deploy.sh $version\' '--backtitle' \'$TITLE\' '--radiolist' \'$TITLE\' '16' '75' $argc $command 2>"$tmpF" + + mtest=$? + + if test x"$mtest" = "x1" + then + # cancel button + (exit 0); exit 0; + fi + if test x"$mtest" = "x-1"; then + printFATAL "promptMENU: something went wrong" + else + getMENU + fi + else + + MENU="" + INPUT="" + + while : + do + clear + echo + echo "$TITLE" + echo + echo " 1) $1" + test -n "$2" && echo " 2) $2" + test -n "$3" && echo " 3) $3" + test -n "$4" && echo " 4) $4" + test -n "$5" && echo " 5) $5" + test -n "$6" && echo " 6) $6" + test -n "$7" && echo " 7) $7" + test -n "$8" && echo " 8) $8" + test -n "$9" && echo " 9) $9" + echo + printASK "Please enter your choice: " + + read INPUT + + if echo "$INPUT" | grep '[^0123456789]' >/dev/null 2>&1 + then + : + elif test $INPUT -gt $# + then + : + else + break + fi + done + + case "$INPUT" in + 1) MENU="$1"; break ;; + 2) MENU="$2"; break ;; + 3) MENU="$3"; break ;; + 4) MENU="$4"; break ;; + 5) MENU="$5"; break ;; + 6) MENU="$6"; break ;; + 7) MENU="$7"; break ;; + 8) MENU="$8"; break ;; + 9) MENU="$9"; break ;; + esac + + export MENU + fi + return 0 +} + Index: branches/samhain-2_2-branch/dsys/funcEXE =================================================================== --- branches/samhain-2_2-branch/dsys/funcEXE (revision 66) +++ branches/samhain-2_2-branch/dsys/funcEXE (revision 66) @@ -0,0 +1,57 @@ +######################################################################### +# +# Subroutines for determining existence of / path to executables +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +findEXE() { + if test $# -lt 1 + then + printFATAL "findEXE: insufficient arguments" + fi + + X="$PATH"; + prog="$1"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + exe="$dir/$1" + if (test -f "$exe" || test -f "${exe}.exe") + then + EXECUTABLE="$exe"; export EXECUTABLE + IFS=${OLD_IFS}; export IFS + return 0 + fi + done + IFS=${OLD_IFS}; export IFS + printINFO "Command $1 not found in \$PATH" + EXECUTABLE=""; export EXECUTABLE +} + +needEXE() { + # printINFO "Checking for $@" + for arg + do + findEXE "$arg" + test -z "$EXECUTABLE" && printFATAL "Need \"$arg\" in \$PATH" + done + return 0 +} Index: branches/samhain-2_2-branch/dsys/funcINSTALL =================================================================== --- branches/samhain-2_2-branch/dsys/funcINSTALL (revision 66) +++ branches/samhain-2_2-branch/dsys/funcINSTALL (revision 66) @@ -0,0 +1,509 @@ +######################################################################### +# +# Subroutines for installing +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +getconfopts () { + fconf="$1" + + if test -f "$fconf" + then + # + # check if readable + # + cat "$fconf" >/dev/null 2>&1 || return 1 + # + # empty string if no --enable-nocl=..., else password + # + is_nocl=`cat "$fconf" | tr -d '\n' | egrep "^ *'?--enable-nocl=" | sed -e "s%^ *%%" | sed -e "s%^'%%" | sed -e "s%^--enable-nocl=%%" | sed -e "s% *$%%" | sed -e "s%'$%%"` + if test x"${is_nocl}" = x + then + is_nocl="start" + else + printINFO "Option --enable-nocl=${is_nocl} used." + fi + # + # + # + is_xor=`cat "$fconf" | tr -d '\n' | egrep "^ *'?--enable-stealth=" | sed -e "s%^ *%%" | sed -e "s%^'%%" | sed -e "s%^--enable-nocl=%%" | sed -e "s% *$%%" | sed -e "s%'$%%"` + if test x"${is_xor}" = x + then + is_xor="no" + else + printINFO "Option --enable-stealth=${is_xor} used." + fi + return 0 + else + return 1 + fi +} + +writerecord () { + IDATE=`date +"%Y-%m-%d %H:%M:%S"` + echo " " + echo " ${host}" + echo " ${hostgroup}" + echo " ${arch}" + echo " ${install_entry}" + echo " ${IDATE}" + echo " ${SH_NAME}" + echo " ${SH_PREFIX}" + echo " ${src_version}.${realformat}" + echo " " +} + +FTEST=0 + +set_flag () { + case "$line" in + *\*) + FTEST=0; + return 0; + ;; + + *\${host}\*) + FTEST=1; + return 1; + ;; + + *) + return ${FTEST}; + ;; + esac +} + + +#------------------------------------------------------------------------ +# Update client db +#------------------------------------------------------------------------ +updateDB() { + + if test "x$1" = x + then + install_entry="D2_installed" + else + install_entry="$1" + fi + export install_entry + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + updlock="${DATABASE}.lockdir" + trap "rm -rf ${updlock}" 1 2 13 15 + + # + # A lockfile will not work, because 'root' can write anyway. + # However, 'mkdir' an existing directory will fail even for root + # + until (umask 222; mkdir "${updlock}") 2>/dev/null # test & set + do + printINFO "Waiting for lock" + sleep 1 + done + + + IDATE=`date +"%Y-%m-%d %H:%M:%S"` + rm -f "$tmpF"; touch "$tmpF" + + if test -f "$DATABASE"; then + rcfile_perm=`ls -l "${DATABASE}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${DATABASE}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${DATABASE}" | \ + awk '{print $4 }'` + else + rcfile_perm=640; + rcfile_owner=`ls -ld ${basedir} | awk '{print $3 }'` + rcfile_group=`ls -ld ${basedir} | awk '{print $4 }'` + fi + + + if test -f "${DATABASE}" + then + SStr1=`grep '' "${DATABASE}"` + if test "x${SStr1}" != "x" + then + + SStr2=`grep "${host}" "${DATABASE}"` + + SStr3= + + if test "x${SStr2}" != "x" + then + # REPLACE + + printINFO "Replace ${host} in ${DATABASE}" + + exec 3<&0 <"${DATABASE}" + while + read line + do + # for some reason, var=xx only works in a function call (why?) + # + # here we test if we are still in the same client block + # (set_flag will return 0 for and following) + set_flag "$line" + + if test "x$?" = "x1" + then + # + # Write the full entry when client_os_machine is found + # + case "$line" in + *\*\) + echo " ${hostgroup}" >>"${tmpF}" + echo " ${arch}" >>"${tmpF}" + echo " ${install_entry}" >>"${tmpF}" + echo " ${IDATE}" >>"${tmpF}" + echo " ${SH_NAME}" >>"${tmpF}" + echo " ${SH_PREFIX}" >>"${tmpF}" + echo " ${src_version}.${realformat}" >>"${tmpF}" + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *) + echo "$line" >>"${tmpF}" + ;; + + esac + else + echo "$line" >>"${tmpF}" + fi + + done + exec 0<&3 3<&- + cp "${tmpF}" "${DATABASE}" + else + # WRITE NEW CLIENT RECORD + + printINFO "Write record for ${host} in ${DATABASE}" + + exec 3<&0 <"${DATABASE}" + while + read line + do + if test "x$line" = "x" + then + echo "$line" >>"${tmpF}" + writerecord >>"${tmpF}" + else + echo "$line" >>"${tmpF}" + fi + done + exec 0<&3 3<&- + cp "${tmpF}" "${DATABASE}" + fi + else + # COMPLAIN + printLOG "File ${DATABASE} exists, but has wrong format"; + fi + else + # WRITE XML FROM SCRATCH + printINFO "Write ${DATABASE} from scratch" + echo '' >"${tmpF}" + echo '' \ + >>"${tmpF}" + echo "" >>"${tmpF}" + writerecord >>"${tmpF}" + echo "" >>"${tmpF}" + cp "${tmpF}" "${DATABASE}" + fi + + chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" + if [ $? -ne 0 ]; then + rm -rf "${updlock}" + printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" + fi + chmod ${rcfile_perm} "${DATABASE}" + if [ $? -ne 0 ]; then + rm -rf "${updlock}" + printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" + fi + + rm -rf "${updlock}" +} + + +ageFILE() { + file="$1" + + if test -f "${file}" + then + test -f "${file}.9" && { rm -f "${file}.9" || printFATAL "rm -f ${file}.9 failed."; } + test -f "${file}.8" && { mv "${file}.8" "${file}.9" || printFATAL "mv ${file}.8 ${file}.9 failed."; } + test -f "${file}.7" && { mv "${file}.7" "${file}.8" || printFATAL "mv ${file}.7 ${file}.8 failed."; } + test -f "${file}.6" && { mv "${file}.6" "${file}.7" || printFATAL "mv ${file}.6 ${file}.7 failed."; } + test -f "${file}.5" && { mv "${file}.5" "${file}.6" || printFATAL "mv ${file}.5 ${file}.6 failed."; } + test -f "${file}.4" && { mv "${file}.4" "${file}.5" || printFATAL "mv ${file}.4 ${file}.5 failed."; } + test -f "${file}.3" && { mv "${file}.3" "${file}.4" || printFATAL "mv ${file}.3 ${file}.4 failed."; } + test -f "${file}.2" && { mv "${file}.2" "${file}.3" || printFATAL "mv ${file}.2 ${file}.3 failed."; } + test -f "${file}.1" && { mv "${file}.1" "${file}.2" || printFATAL "mv ${file}.1 ${file}.2 failed."; } + test -f "${file}" && { mv "${file}" "${file}.1" || printFATAL "mv ${file} ${file}.1 failed."; } + fi + return 0; +} + +#------------------------------------------------------------------------ +# The path to yule data +#------------------------------------------------------------------------ +pathYDATA() { + if test "x${yule_data}" = x + then + promptINPUT "Please enter the path to your yule executable" + yule_data="$INPUT"; export yule_data + fi + if test -d "${yule_data}" + then + : + else + printFATAL "Path to yule data directory not given." + fi +} + +#------------------------------------------------------------------------ +# The path to yule +#------------------------------------------------------------------------ +pathYULE() { + + if test "x${yule_exec}" = x + then + findEXE yule + if test -n "$EXECUTABLE" + then + yule_exec="$EXECUTABLE" + export yule_exec + fi + else + if test -f "${yule_exec}" + then + : + else + yule_exec="" + findEXE yule + if test -n "$EXECUTABLE" + then + yule_exec="$EXECUTABLE" + export yule_exec + fi + fi + fi + if test "x${yule_exec}" = x + then + promptINPUT "Please enter the path to your yule executable" + yule_exec="$INPUT"; export yule_exec + fi + if test -f "${yule_exec}" + then + if "${yule_exec}" --help 2>&1 | grep qualified >/dev/null 2>&1 + then + : + else + printFATAL "${yule_exec} is not Yule, or not executable." + fi + else + printFATAL "Path to yule executable directory not given." + fi +} + +#------------------------------------------------------------------------ +# Select operating system +#------------------------------------------------------------------------ +selbinARCH() { + #--------------------------------------------------------------------- + # Select arch to build + #--------------------------------------------------------------------- + if test x"$arch" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No operating system selected, aborting." + fi + cd "$basedir/archpkg" || printFATAL "Cannot cd to $basedir/archpkg !" + LIST=`ls 2>/dev/null` + if test x"$LIST" = x + then + printFATAL "No OS directories found in ${basedir}/archpkg." + fi + + n=0 + command="promptMENU 'Please select operating system of host' " + ALIST="" + FLIST="" + for ff in $LIST + do + haspkg=`ls $ff/samhain-* 2>/dev/null` + if test x"$haspkg" = x + then + : + else + n=`expr $n + 1` + osp="$ff" + ALIST="$ALIST $ff" + FLIST="$FLIST $ff" + if test $n -lt 8 + then + command="$command '${ff}'" + fi + fi + done + if test $n -ge 8 + then + command="$command other" + fi + + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + arch="$MENU"; export arch + if test x"$arch" = xother + then + promptINPUT "Please select operating system of host from $FLIST" + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + found=`echo $FLIST | sed -n /$INPUT/p 2>/dev/null` + if test x"$found" = x + then + printFATAL "There is no package for $INPUT" + fi + arch="$INPUT"; export arch + fi + fi + fi + fi + # arch selected or exited +} + +selbinVERSION() { + + OKVERLIST="" + + #--------------------------------------------------------------------- + # Select version + #--------------------------------------------------------------------- + if test x"$src_version" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No version selected, aborting." + fi + cd "${basedir}/archpkg/${arch}" || printFATAL "Cannot cd to ${basedir}/archpkg/${arch} !" + LIST=`ls samhain-* 2>/dev/null` + if test x"$LIST" = x + then + printFATAL "No binary package found in ${basedir}/archpkg/${arch}." + fi + + # -------------------------------------------------- + # Build a list of ${version}.${format} + # -------------------------------------------------- + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/samhain\-//g'` + if test -f "install-${sh_version}" + then + OKVERLIST="$OKVERLIST ${sh_version}" + fi + done + + rm -f "$tmpF" && touch "$tmpF" + + for dd in $OKVERLIST + do + echo "$dd" >>"$tmpF" + done + + OKVERLIST=`cat "$tmpF" | sort -r` + + rm -f "$tmpF" && touch "$tmpF" + + command="promptMENU 'Please select version to install' " + for word in $OKVERLIST + do + command="$command '${word}'" + done + + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + first_version="$MENU"; + fi + + src_version=`echo ${first_version} | sed s%\.run%% | sed s%\.rpm%% | sed s%\.deb%% | sed s%\.tbz2%% | sed s%\.depot%% | sed s%\.pkg%%` + export src_version + + format=`echo ${first_version} | sed '/^\(.*\)\.\([0-9a-zA-Z]*\)$/{ s//\2/; q; }'` + if test "x$format" = xpkg + then + format="solaris-pkg" + fi + export format + + fi +} Index: branches/samhain-2_2-branch/dsys/funcPRINT =================================================================== --- branches/samhain-2_2-branch/dsys/funcPRINT (revision 66) +++ branches/samhain-2_2-branch/dsys/funcPRINT (revision 66) @@ -0,0 +1,84 @@ +######################################################################### +# +# Printing/logging Subroutines +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# Fatal error +# +printFATAL() { + printERROR ${1+"$@"} + main_exit_status=1 + echo '1' > "$tmpERR" + (exit 1); exit 1; +} + +# Print a message to stderr +# +printERROR() { + echo "ERROR:" ${1+"$@"} >&2 +} + +# Print a message to stderr +# +printWARNING() { + echo "WARNING:" ${1+"$@"} >&2 +} + +# Print a message to stdout +# +printLOG() { + if test $silent -lt 2 + then + now=`date` + if test -z "$logfile" + then + if test x"$simulate" = x0 + then + echo "${now}:" ${1+"$@"} + else + echo "${now}: (simulate)" ${1+"$@"} + fi + else + if test x"$simulate" = x0 + then + echo "${now}:" ${1+"$@"} >"$logfile" + else + echo "${now}: (simulate)" ${1+"$@"} >"$logfile" + fi + fi + fi +} + +# Print a message to stdout +# +printINFO() { + if test x"$silent" = x0 + then + if test x"$simulate" = x0 + then + echo ${1+"$@"} + else + echo "(simulate)" ${1+"$@"} + fi + fi +} + Index: branches/samhain-2_2-branch/dsys/funcSETUP =================================================================== --- branches/samhain-2_2-branch/dsys/funcSETUP (revision 66) +++ branches/samhain-2_2-branch/dsys/funcSETUP (revision 66) @@ -0,0 +1,63 @@ +######################################################################### +# +# Setup test Subroutines +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# test setup +# +testSETUP1() { + test -d "$basedir" || printFATAL "Basedir $basedir does not exist" + test -d "$basedir/tmp" || printFATAL "Tmpdir $basedir/tmp does not exist" + tmpdir="$basedir/tmp"; export tmpdir + return 0 +} + +# test setup +# +testSETUP2() { + test -z "$action" && + { + promptMENU "Which action do you want to perform" "install" "build" "download" "checksrc" "clean" "info" "uninstall"; + action="$MENU"; export action; + } + if (test x"$action" = xbuild || test x"$action" = xinstall || test x"$action" = xuninstall) + then + test -z "$host" && + { + promptINPUT "On which host do you want to $action"; + host="$INPUT"; export host; + } + fi + return 0 +} + +setupFORMAT() { + + tmp_format=`echo "${1}" | sed '/^\(.*\)\.\([0-9a-zA-Z]*\)$/{ s//\2/; q; }'` + echo "${tmp_format}" +} + +setupVERSION() { + tmp_version=`echo ${DB_version} | sed s%\.run%% | sed s%\.rpm%% | sed s%\.depot%% | sed s%\.deb%% | sed s%\.tbz2%% | sed s%\.pkg%%` + echo "${tmp_version}" + +} Index: branches/samhain-2_2-branch/dsys/initscript =================================================================== --- branches/samhain-2_2-branch/dsys/initscript (revision 66) +++ branches/samhain-2_2-branch/dsys/initscript (revision 66) @@ -0,0 +1,166 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +startup=no + +# arg1: the --enable-nocl=password password (use 'start' for none) +# arg2(optional): if 'startup', start the client and exit +# +# +# 'nocl' is used to handle the --enable-nocl=password option. 'start' is a +# reserved word, hence cannot be the password. +# We are called with one argument, which may be 'start' to indicate that +# the --enable-nocl=password option is not used. +# +if test "x$1" = x +then + nocl=start +else + nocl="$1" +fi + +if test "x$2" = x +then + command="data" +else + command="$2" +fi + +name=`./samhain-install.sh --print-config name` +sbin=`./samhain-install.sh --print-config sbin_dir` + +# execute and exit for start|stop|restart|reload|status, else fallthrough +case $command in + start | stop) + MONIT="" + test -f /usr/local/bin/monit && MONIT="/usr/local/bin/monit" + if test x"$MONIT" = x + then + test -f /usr/bin/monit && MONIT="/usr/bin/monit" + if test x"$MONIT" = x + then + : + else + zz=`/usr/bin/monit status | grep ${name}` + if test x"$zz" = x + then + : + else + ${MONIT} "${command}" "${name}" + exit 0 + fi + fi + fi + + retval=0 + + if test -f /etc/init.d/${name} + then + /etc/init.d/${name} ${command} + retval=$? + elif test -f /etc/rc.d/init.d/${name} + then + /etc/rc.d/init.d/${name} ${command} + retval=$? + elif test -f "$sbin/$name" + then + $sbin/$name ${command} + retval=$? + else + exit 1 + fi + if test x"$command" = xstop + then + exit 0 + fi + exit $retval + ;; + + reload | restart | status ) + if test -f /etc/init.d/${name} + then + /etc/init.d/${name} ${command} + elif test -f /etc/rc.d/init.d/${name} + then + /etc/rc.d/init.d/${name} ${command} + elif test -f "$sbin/$name" + then + $sbin/$name ${command} + else + exit 1 + fi + exit $? + ;; + + *) + ;; +esac + +data=`./samhain-install.sh --print-config data_file` +ddir=`./samhain-install.sh --print-config data_dir` + +remfile=no +remdir=no + +if test -d "$ddir" +then + test -f "$data" || remfile=yes +else + ./samhain-install.sh --mkinstalldirs "$ddir" + remdir=yes +fi + +if test -f "$sbin/$name" +then + if test -f "$data" + then + rm "$data" || exit 1 + fi + + if test x"$nocl" = xstart + then + $sbin/$name -t init -p err + else + echo '-t init -p err' | $sbin/$name "$nocl" + fi +else + echo "$sbin/$name not found" >&2 + exit 1 +fi + +if test -f "$data" +then + cp "$data" ./data +else + echo "$data not found" >&2 + exit 1 +fi + +if test x"$remdir" = xyes +then + rm -rf "$ddir" +elif test x"$remfile" = xyes +then + rm -f "$data" +fi + +exit 0 + Index: branches/samhain-2_2-branch/dsys/postinstall =================================================================== --- branches/samhain-2_2-branch/dsys/postinstall (revision 66) +++ branches/samhain-2_2-branch/dsys/postinstall (revision 66) @@ -0,0 +1,58 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +name=`./samhain-install.sh --print-config name` +sbin=`./samhain-install.sh --print-config sbin_dir` +rcfi=`./samhain-install.sh --print-config config_file` +passwd=$1 + +setpwd="./${name}_setpwd" + +# Install the prepared configuration file. +# +test -f ./prepared_samhainrc || exit 1 +./samhain-install.sh --install-sh -m 600 ./prepared_samhainrc "$rcfi" || exit 1 + +# Gentoo noise +# +rm -f /etc/init.d/._cfg????_${name} +rm -f /etc/._cfg????_${name}rc + +# Set the password within the executable. +# +if test "x${passwd}" = "xDUMMY" +then + rm -f "$sbin/${name}_setpwd" +else + current=`pwd` + cd "$sbin" || exit 1 + eval "$setpwd" "$name" new "$passwd" || exit 1 + if test -f "${name}.new" + then + rm "$name" || exit 1 + mv "${name}.new" "$name" || exit 1 + rm -f "./${name}_setpwd" + fi + cd "$current" +fi + +exit 0 + Index: branches/samhain-2_2-branch/dsys/preinstall =================================================================== --- branches/samhain-2_2-branch/dsys/preinstall (revision 66) +++ branches/samhain-2_2-branch/dsys/preinstall (revision 66) @@ -0,0 +1,57 @@ +#! /bin/sh +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +name=`./samhain-install.sh --print-config name` +sbin=`./samhain-install.sh --print-config sbin_dir` + +MONIT="" +test -f /usr/local/bin/monit && MONIT="/usr/local/bin/monit" +if test x"$MONIT" = x +then + test -f /usr/bin/monit && MONIT="/usr/bin/monit" + if test x"$MONIT" = x + then + : + else + zz=`/usr/bin/monit status | grep ${name}` + if test x"$zz" = x + then + : + else + ${MONIT} stop "${name}" + exit 0 + fi + fi +fi + +if test -f /etc/init.d/${name} +then + /etc/init.d/${name} stop +elif test -f /etc/rc.d/init.d/${name} +then + /etc/rc.d/init.d/${name} stop +else + if test -f $sbin/$name + then + $sbin/$name stop + fi +fi + +exit 0 Index: branches/samhain-2_2-branch/hp_ux.psf.in =================================================================== --- branches/samhain-2_2-branch/hp_ux.psf.in (revision 66) +++ branches/samhain-2_2-branch/hp_ux.psf.in (revision 66) @@ -0,0 +1,72 @@ +# PSF +depot + layout_version 1.0 +# Product definition: +product + tag @install_name@ + revision @VERSION@ + is_patch false + title @install_name@ Client + description "Client for the @install_name@ system" + machine_type * + os_name HP-UX + os_release ?.11.* + os_version ? + directory / + is_locatable false + +# Specify a checkremove script that executes during the +# swremove analysis phase. (This script prevents the +# removal of the SD product and returns an ERROR. +# checkremove scripts/checkremove.sd + + configure ./sc/configure + unconfigure ./sc/unconfigure + preremove ./sc/preremove + + # Fileset definitions: + fileset + tag basic + title Core system + revision @VERSION@ + file_permissions -m 0700 -o root -g sys + # + # Files: +# + directory ./sbin/init.d=/sbin/init.d + file -m 0555 -o bin -g bin @install_name@ +# + directory .@prefix@=@prefix@ + file -m 0555 -o bin -g bin . +# + directory .@sysconfdir@=@sysconfdir@ + file -v -m 0600 @install_name@rc + file -m 0555 -o bin -g bin . +# + directory .@sbindir@=@sbindir@ + file * + file -m 0555 -o bin -g bin . + file -m 0750 -o bin -g bin @install_name@ +# + directory .@mydataroot@=@mydataroot@ + file -m 0555 -o bin -g bin . +# + directory .@mylogdir@=@mylogdir@ + file -m 0755 -o adm -g adm . +# + directory .@mylockdir@=@mylockdir@ + file -m 0555 -o bin -g bin . + end + # Manpage fileset definitions: + #fileset + # tag man + # title Manual pages for samhain + # revision 2.05 + # directory .@mandir@/man8=@mandir@/man8 + # file * + # directory .@mandir@/man5=@mandir@/man5 + # file * + #end + #man +end +# Index: branches/samhain-2_2-branch/include/CuTest.h =================================================================== --- branches/samhain-2_2-branch/include/CuTest.h (revision 66) +++ branches/samhain-2_2-branch/include/CuTest.h (revision 66) @@ -0,0 +1,138 @@ +/******************* + +LICENSE + +Copyright (c) 2003 Asim Jalis + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any damages +arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, +including commercial applications, and to alter it and redistribute it +freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you must not +claim that you wrote the original software. If you use this software in +a product, an acknowledgment in the product documentation would be +appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and must not +be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source +distribution. + +**********************/ + +#ifndef CU_TEST_H +#define CU_TEST_H + +#include +#include + +/* CuString */ + +char* CuStrAlloc(int size); +char* CuStrCopy(const char* old); + +#define CU_ALLOC(TYPE) ((TYPE*) malloc(sizeof(TYPE))) + +#define HUGE_STRING_LEN 8192 +#define STRING_MAX 256 +#define STRING_INC 256 + +typedef struct +{ + int length; + int size; + char* buffer; +} CuString; + +void CuStringInit(CuString* str); +CuString* CuStringNew(void); +void CuStringRead(CuString* str, const char* path); +void CuStringAppend(CuString* str, const char* text); +void CuStringAppendChar(CuString* str, char ch); +void CuStringAppendFormat(CuString* str, const char* format, ...); +void CuStringInsert(CuString* str, const char* text, int pos); +void CuStringResize(CuString* str, int newSize); + +/* CuTest */ + +typedef struct CuTest CuTest; + +typedef void (*TestFunction)(CuTest *); + +struct CuTest +{ + const char* name; + TestFunction function; + int failed; + int ran; + const char* message; + jmp_buf *jumpBuf; +}; + +void CuTestInit(CuTest* t, const char* name, TestFunction function); +CuTest* CuTestNew(const char* name, TestFunction function); +void CuTestRun(CuTest* tc); + +/* Internal versions of assert functions -- use the public versions */ +void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message); +void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition); +void CuAssertStrEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + const char* expected, const char* actual); +void CuAssertIntEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + int expected, int actual); +void CuAssertDblEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + double expected, double actual, double delta); +void CuAssertPtrEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + void* expected, void* actual); + +/* public assert functions */ + +#define CuFail(tc, ms) CuFail_Line( (tc), __FILE__, __LINE__, NULL, (ms)) +#define CuAssert(tc, ms, cond) CuAssert_Line((tc), __FILE__, __LINE__, (ms), (cond)) +#define CuAssertTrue(tc, cond) CuAssert_Line((tc), __FILE__, __LINE__, "assert failed", (cond)) + +#define CuAssertStrEquals(tc,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) +#define CuAssertStrEquals_Msg(tc,ms,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) +#define CuAssertIntEquals(tc,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) +#define CuAssertIntEquals_Msg(tc,ms,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) +#define CuAssertDblEquals(tc,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac),(dl)) +#define CuAssertDblEquals_Msg(tc,ms,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac),(dl)) +#define CuAssertPtrEquals(tc,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) +#define CuAssertPtrEquals_Msg(tc,ms,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) + +#define CuAssertPtrNotNull(tc,p) CuAssert_Line((tc),__FILE__,__LINE__,"null pointer unexpected",(p != NULL)) +#define CuAssertPtrNotNullMsg(tc,msg,p) CuAssert_Line((tc),__FILE__,__LINE__,(msg),(p != NULL)) + +/* CuSuite */ + +#define MAX_TEST_CASES 1024 + +#define SUITE_ADD_TEST(SUITE,TEST) CuSuiteAdd(SUITE, CuTestNew(#TEST, TEST)) + +typedef struct +{ + int count; + CuTest* list[MAX_TEST_CASES]; + int failCount; + +} CuSuite; + + +void CuSuiteInit(CuSuite* testSuite); +CuSuite* CuSuiteNew(void); +void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase); +void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2); +void CuSuiteRun(CuSuite* testSuite); +void CuSuiteSummary(CuSuite* testSuite, CuString* summary); +void CuSuiteDetails(CuSuite* testSuite, CuString* details); + +#endif /* CU_TEST_H */ Index: branches/samhain-2_2-branch/include/bignum.h =================================================================== --- branches/samhain-2_2-branch/include/bignum.h (revision 66) +++ branches/samhain-2_2-branch/include/bignum.h (revision 66) @@ -0,0 +1,85 @@ +#ifndef _BIGNUM_H_ +#define _BIGNUM_H_ + +#include "internal.h" + +typedef struct big_struct bignum; + +#define BIG_SIGN_0 0 +#define BIG_SIGN_PLUS 1 +#define BIG_SIGN_MINUS -1 + +#define BIG_OK 0 +#define BIG_MEMERR 1 +#define BIG_DIV_ZERO 2 +#define BIG_ARGERR 3 + +#ifdef BIG_SHORT_NAMES +#define big_set_big big_sb +#define big_set_long big_sl +#define big_set_ulong big_usl +#define big_string big_rs +#define big_leqp big_lq +#define big_expt big_x +#endif + +/* External variables to take care about when using the bignums */ +typedef int bigerr_t; +extern int big_errno; +extern char *big_end_string; + +/* External functions to enable use of bignums */ +extern bigerr_t big_init_pkg(void); +extern void big_release_pkg(void); + +extern bigerr_t big_create(bignum *a); +extern void big_destroy(bignum *a); + +extern unsigned long big_bitcount(bignum *a); + +extern bigerr_t big_set_big(bignum *a, bignum *b); +extern void big_set_long(long n, bignum *a); +extern void big_set_ulong(unsigned long n, bignum *a); +extern bigerr_t big_set_string(char *numstr, int base, bignum *a); + +extern int big_long(bignum *a, long *n); +extern int big_ulong(bignum *a, unsigned long *n); +extern char *big_string(bignum *a, int base); + +extern int big_sign(bignum *a); +extern bigerr_t big_abs(bignum *a, bignum *b); + +extern bigerr_t big_negate(bignum *a, bignum *b); + +extern int big_compare(bignum *a, bignum *b); +extern int big_lessp(bignum *a, bignum *b); +extern int big_leqp(bignum *a, bignum *b); +extern int big_equalp(bignum *a, bignum *b); +extern int big_geqp(bignum *a, bignum *b); +extern int big_greaterp(bignum *a, bignum *b); + +extern int big_zerop(bignum *a); +extern int big_evenp(bignum *a); +extern int big_oddp(bignum *a); + +extern bigerr_t big_add(bignum *a, bignum *b, bignum *c); +extern bigerr_t big_sub(bignum *a, bignum *b, bignum *c); + +extern bigerr_t big_mul(bignum *a, bignum *b, bignum *c); + +extern bigerr_t big_trunc(bignum *a, bignum *b, bignum *c, bignum *r); +extern bigerr_t big_floor(bignum *a, bignum *b, bignum *c, bignum *r); +extern bigerr_t big_ceil(bignum *a, bignum *b, bignum *c, bignum *r); +extern bigerr_t big_round(bignum *a, bignum *b, bignum *c, bignum *r); + +extern bigerr_t big_random(bignum *a, bignum *b); + +extern bigerr_t big_expt(bignum *a, unsigned long z, bignum *x); +extern bigerr_t big_exptmod(bignum *a_in, bignum *z_in, bignum *n, bignum *x); +extern bigerr_t big_gcd(bignum *a, bignum *b, bignum *g); + +#ifndef NULL +#define NULL 0 +#endif + +#endif /* _BIGNUM_H_ */ Index: branches/samhain-2_2-branch/include/kern_head.h =================================================================== --- branches/samhain-2_2-branch/include/kern_head.h (revision 66) +++ branches/samhain-2_2-branch/include/kern_head.h (revision 66) @@ -0,0 +1,1638 @@ + + +/* i386 sys_call_table for kernel 2.4.x + */ +char * callz_2p4[] = { + "sys_ni_syscall", /* 0 - old setup() system call*/ + "sys_exit", + "sys_fork", + "sys_read", + "sys_write", + "sys_open", /* 5 */ + "sys_close", + "sys_waitpid", + "sys_creat", + "sys_link", + "sys_unlink", /* 10 */ + "sys_execve", + "sys_chdir", + "sys_time", + "sys_mknod", + "sys_chmod", /* 15 */ + "sys_lchown16", + "sys_ni_syscall", /* old break syscall holder */ + "sys_stat", + "sys_lseek", + "sys_getpid", /* 20 */ + "sys_mount", + "sys_oldumount", + "sys_setuid16", + "sys_getuid16", + "sys_stime", /* 25 */ + "sys_ptrace", + "sys_alarm", + "sys_fstat", + "sys_pause", + "sys_utime", /* 30 */ + "sys_ni_syscall", /* old stty syscall holder */ + "sys_ni_syscall", /* old gtty syscall holder */ + "sys_access", + "sys_nice", + "sys_ni_syscall", /* 35 */ /* old ftime syscall holder */ + "sys_sync", + "sys_kill", + "sys_rename", + "sys_mkdir", + "sys_rmdir", /* 40 */ + "sys_dup", + "sys_pipe", + "sys_times", + "sys_ni_syscall", /* old prof syscall holder */ + "sys_brk", /* 45 */ + "sys_setgid16", + "sys_getgid16", + "sys_signal", + "sys_geteuid16", + "sys_getegid16", /* 50 */ + "sys_acct", + "sys_umount", /* recycled never used phys() */ + "sys_ni_syscall", /* old lock syscall holder */ + "sys_ioctl", + "sys_fcntl", /* 55 */ + "sys_ni_syscall", /* old mpx syscall holder */ + "sys_setpgid", + "sys_ni_syscall", /* old ulimit syscall holder */ + "sys_olduname", + "sys_umask", /* 60 */ + "sys_chroot", + "sys_ustat", + "sys_dup2", + "sys_getppid", + "sys_getpgrp", /* 65 */ + "sys_setsid", + "sys_sigaction", + "sys_sgetmask", + "sys_ssetmask", + "sys_setreuid16", /* 70 */ + "sys_setregid16", + "sys_sigsuspend", + "sys_sigpending", + "sys_sethostname", + "sys_setrlimit", /* 75 */ + "sys_old_getrlimit", + "sys_getrusage", + "sys_gettimeofday", + "sys_settimeofday", + "sys_getgroups16", /* 80 */ + "sys_setgroups16", + "old_select", + "sys_symlink", + "sys_lstat", + "sys_readlink", /* 85 */ + "sys_uselib", + "sys_swapon", + "sys_reboot", + "old_readdir", + "old_mmap", /* 90 */ + "sys_munmap", + "sys_truncate", + "sys_ftruncate", + "sys_fchmod", + "sys_fchown16", /* 95 */ + "sys_getpriority", + "sys_setpriority", + "sys_ni_syscall", /* old profil syscall holder */ + "sys_statfs", + "sys_fstatfs", /* 100 */ + "sys_ioperm", + "sys_socketcall", + "sys_syslog", + "sys_setitimer", + "sys_getitimer", /* 105 */ + "sys_newstat", + "sys_newlstat", + "sys_newfstat", + "sys_uname", + "sys_iopl", /* 110 */ + "sys_vhangup", + "sys_ni_syscall", /* old idle system call */ + "sys_vm86old", + "sys_wait4", + "sys_swapoff", /* 115 */ + "sys_sysinfo", + "sys_ipc", + "sys_fsync", + "sys_sigreturn", + "sys_clone", /* 120 */ + "sys_setdomainname", + "sys_newuname", + "sys_modify_ldt", + "sys_adjtimex", + "sys_mprotect", /* 125 */ + "sys_sigprocmask", + "sys_create_module", + "sys_init_module", + "sys_delete_module", + "sys_get_kernel_syms", /* 130 */ + "sys_quotactl", + "sys_getpgid", + "sys_fchdir", + "sys_bdflush", + "sys_sysfs", /* 135 */ + "sys_personality", + "sys_ni_syscall", /* for afs_syscall */ + "sys_setfsuid16", + "sys_setfsgid16", + "sys_llseek", /* 140 */ + "sys_getdents", + "sys_select", + "sys_flock", + "sys_msync", + "sys_readv", /* 145 */ + "sys_writev", + "sys_getsid", + "sys_fdatasync", + "sys_sysctl", + "sys_mlock", /* 150 */ + "sys_munlock", + "sys_mlockall", + "sys_munlockall", + "sys_sched_setparam", + "sys_sched_getparam", /* 155 */ + "sys_sched_setscheduler", + "sys_sched_getscheduler", + "sys_sched_yield", + "sys_sched_get_priority_max", + "sys_sched_get_priority_min", /* 160 */ + "sys_sched_rr_get_interval", + "sys_nanosleep", + "sys_mremap", + "sys_setresuid16", + "sys_getresuid16", /* 165 */ + "sys_vm86", + "sys_query_module", + "sys_poll", + "sys_nfsservctl", + "sys_setresgid16", /* 170 */ + "sys_getresgid16", + "sys_prctl", + "sys_rt_sigreturn", + "sys_rt_sigaction", + "sys_rt_sigprocmask", /* 175 */ + "sys_rt_sigpending", + "sys_rt_sigtimedwait", + "sys_rt_sigqueueinfo", + "sys_rt_sigsuspend", + "sys_pread", /* 180 */ + "sys_pwrite", + "sys_chown16", + "sys_getcwd", + "sys_capget", + "sys_capset", /* 185 */ + "sys_sigaltstack", + "sys_sendfile", + "sys_getpmsg", /* streams1 */ + "sys_putpmsg", /* streams2 */ + "sys_vfork", /* 190 */ + "sys_getrlimit", + "sys_mmap2", + "sys_truncate64", + "sys_ftruncate64", + "sys_stat64", /* 195 */ + "sys_lstat64", + "sys_fstat64", + "sys_lchown", + "sys_getuid", + "sys_getgid", /* 200 */ + "sys_geteuid", + "sys_getegid", + "sys_setreuid", + "sys_setregid", + "sys_getgroups", /* 205 */ + "sys_setgroups", + "sys_fchown", + "sys_setresuid", + "sys_getresuid", + "sys_setresgid", /* 210 */ + "sys_getresgid", + "sys_chown", + "sys_setuid", + "sys_setgid", + "sys_setfsuid", /* 215 */ + "sys_setfsgid", + "sys_pivot_root", + "sys_mincore", + "sys_madvise", + "sys_getdents64", /* 220 */ + "sys_fcntl64", + "sys_tux", /* reserved for TUX */ + "sys_security", + "sys_gettid", + "sys_readahead", /* 225 */ + "sys_setxattr", + "sys_lsetxattr", + "sys_fsetxattr", + "sys_getxattr", + "sys_lgetxattr", /* 230 */ + "sys_fgetxattr", + "sys_listxattr", + "sys_llistxattr", + "sys_flistxattr", + "sys_removexattr", /* 235 */ + "sys_lremovexattr", + "sys_fremovexattr", + "sys_tkill", + "sys_sendfile64", + "sys_futex", /* 240 */ + "sys_sched_setaffinity", + "sys_sched_getaffinity", + "sys_set_thread_area", + "sys_get_thread_area", + "sys_io_setup", /* 245 */ + "sys_io_destroy", + "sys_io_getevents", + "sys_io_submit", + "sys_io_cancel", + "sys_alloc_hugepages", /* 250 */ + "sys_free_hugepages", + "sys_exit_group", + "sys_lookup_dcookie", /* 2.6 */ + "sys_epoll_create", + "sys_epoll_ctl", /* 255 */ + "sys_epoll_wait", + "sys_remap_file_pages", + "sys_set_tid_address", + "sys_timer_create", + "sys_timer_settime", /* 260 */ + "sys_timer_gettime", + "sys_timer_getoverrun", + "sys_timer_delete", + "sys_clock_settime", + "sys_clock_gettime", /* 265 */ + "sys_clock_getres", + "sys_clock_nanosleep", + "sys_statfs64", + "sys_fstatfs64", + "sys_tgkill", /* 270 */ + "sys_utimes", + "sys_fadvise64_64", + "sys_vserver", + NULL +}; + + + +/* i386 sys_call_table for kernel 2.2.x + */ +char * callz_2p2[]={ + "sys_ni_syscall", /* 0 */ + "sys_exit", + "sys_fork", + "sys_read", + "sys_write", + "sys_open", /* 5 */ + "sys_close", + "sys_waitpid", + "sys_creat", + "sys_link", + "sys_unlink", /* 10 */ + "sys_execve", + "sys_chdir", + "sys_time", + "sys_mknod", + "sys_chmod", /* 15 */ + "sys_lchown", + "sys_ni_syscall", + "sys_stat", + "sys_lseek", + "sys_getpid", /* 20 */ + "sys_mount", + "sys_oldumount", + "sys_setuid", + "sys_getuid", + "sys_stime", /* 25 */ + "sys_ptrace", + "sys_alarm", + "sys_fstat", + "sys_pause", + "sys_utime", /* 30 */ + "sys_ni_syscall", + "sys_ni_syscall", + "sys_access", + "sys_nice", + "sys_ni_syscall", /* 35 */ + "sys_sync", + "sys_kill", + "sys_rename", + "sys_mkdir", + "sys_rmdir", /* 40 */ + "sys_dup", + "sys_pipe", + "sys_times", + "sys_ni_syscall", + "sys_brk", /* 45 */ + "sys_setgid", + "sys_getgid", + "sys_signal", + "sys_geteuid", + "sys_getegid", /* 50 */ + "sys_acct", + "sys_umount", + "sys_ni_syscall", + "sys_ioctl", + "sys_fcntl", /* 55 */ + "sys_ni_syscall", + "sys_setpgid", + "sys_ni_syscall", + "sys_olduname", + "sys_umask", /* 60 */ + "sys_chroot", + "sys_ustat", + "sys_dup2", + "sys_getppid", + "sys_getpgrp", /* 65 */ + "sys_setsid", + "sys_sigaction", + "sys_sgetmask", + "sys_ssetmask", + "sys_setreuid", /* 70 */ + "sys_setregid", + "sys_sigsuspend", + "sys_sigpending", + "sys_sethostname", + "sys_setrlimit", /* 75 */ + "sys_getrlimit", + "sys_getrusage", + "sys_gettimeofday", + "sys_settimeofday", + "sys_getgroups", /* 80 */ + "sys_setgroups", + "old_select", + "sys_symlink", + "sys_lstat", + "sys_readlink", /* 85 */ + "sys_uselib", + "sys_swapon", + "sys_reboot", + "old_readdir", + "old_mmap", /* 90 */ + "sys_munmap", + "sys_truncate", + "sys_ftruncate", + "sys_fchmod", + "sys_fchown", /* 95 */ + "sys_getpriority", + "sys_setpriority", + "sys_ni_syscall", + "sys_statfs", + "sys_fstatfs", /* 100 */ + "sys_ioperm", + "sys_socketcall", + "sys_syslog", + "sys_setitimer", + "sys_getitimer", /* 105 */ + "sys_newstat", + "sys_newlstat", + "sys_newfstat", + "sys_uname", + "sys_iopl", /* 110 */ + "sys_vhangup", + "sys_idle", + "sys_vm86old", + "sys_wait4", + "sys_swapoff", /* 115 */ + "sys_sysinfo", + "sys_ipc", + "sys_fsync", + "sys_sigreturn", + "sys_clone", /* 120 */ + "sys_setdomainname", + "sys_newuname", + "sys_modify_ldt", + "sys_adjtimex", + "sys_mprotect", /* 125 */ + "sys_sigprocmask", + "sys_create_module", + "sys_init_module", + "sys_delete_module", + "sys_get_kernel_syms", /* 130 */ + "sys_quotactl", + "sys_getpgid", + "sys_fchdir", + "sys_bdflush", + "sys_sysfs", /* 135 */ + "sys_personality", + "sys_ni_syscall", + "sys_setfsuid", + "sys_setfsgid", + "sys_llseek", /* 140 */ + "sys_getdents", + "sys_select", + "sys_flock", + "sys_msync", + "sys_readv", /* 145 */ + "sys_writev", + "sys_getsid", + "sys_fdatasync", + "sys_sysctl", + "sys_mlock", /* 150 */ + "sys_munlock", + "sys_mlockall", + "sys_munlockall", + "sys_sched_setparam", + "sys_sched_getparam", /* 155 */ + "sys_sched_setscheduler", + "sys_sched_getscheduler", + "sys_sched_yield", + "sys_sched_get_priority_max", + "sys_sched_get_priority_min", /* 160 */ + "sys_sched_rr_get_interval", + "sys_nanosleep", + "sys_mremap", + "sys_setresuid", + "sys_getresuid", /* 165 */ + "sys_vm86", + "sys_query_module", + "sys_poll", + "sys_nfsservctl", + "sys_setresgid", /* 170 */ + "sys_getresgid", + "sys_prctl", + "sys_rt_sigreturn", + "sys_rt_sigaction", + "sys_rt_sigprocmask", /* 175 */ + "sys_rt_sigpending", + "sys_rt_sigtimedwait", + "sys_rt_sigqueueinfo", + "sys_rt_sigsuspend", + "sys_pread", /* 180 */ + "sys_pwrite", + "sys_chown", + "sys_getcwd", + "sys_capget", + "sys_capset", /* 185 */ + "sys_sigaltstack", + "sys_sendfile", + "sys_ni_syscall", + "sys_ni_syscall", + "sys_vfork", /* 190 */ + NULL +}; + +/* i386 sys_call_table for openbsd + */ +char * callz_obsd[]={ + "_nosys", /* 0 */ + "_sys_exit", + "_sys_fork", + "_sys_read", + "_sys_write", + "_sys_open", /* 5 */ + "_sys_close", + "_sys_wait4", + "_compat_43_sys_creat", + "_sys_link", + "_sys_unlink", /* 10 */ + "_sys_nosys", + "_sys_chdir", + "_sys_fchdir", + "_sys_mknod", + "_sys_chmod", /* 15 */ + "_sys_chown", + "_sys_break", + "_nosys", + "_compat_43_sys_lseek", + "_sys_getpid", /* 20 */ + "_sys_mount", + "_sys_unmount", + "_sys_setuid", + "_sys_getuid", + "_sys_geteuid", /* 25 */ + "_sys_ptrace", + "_sys_recvmsg", /* 27 */ + "_sys_sendmsg", /* 28 */ + "_sys_recvfrom", /* 29 */ + "_sys_accept", /* 30 */ + "_sys_getpeername", /* 31 */ + "_sys_getsockname", /* 32 */ + "_sys_access", /* 33 */ + "_sys_chflags", /* 34 */ + "_sys_fchflags", /* 35 */ + "_sys_sync", /* 36 */ + "_sys_kill", /* 37 */ + "_compat_43_sys_stat", /* 38 is old stat */ + "_sys_getppid", /* 39 */ + "_compat_43_sys_lstat", /* 40 is old lstat */ + "_sys_dup", /* 41 */ + "_sys_opipe", /* 42 */ + "_sys_getegid", /* 43 */ + "_sys_profil", /* 44 */ + "_sys_ktrace", /* 45 */ + "_sys_sigaction",/* 46 */ + "_sys_getgid", /* 47 */ + "_sys_sigprocmask", + "_sys_getlogin", /* 49 */ + "_sys_setlogin", /* 50 */ + "_sys_acct", /* 51 */ + "_sys_sigpending", + "_sys_osigaltstack", /* 53 */ + "_sys_ioctl", /* 54 */ + "_sys_reboot", /* 55 */ + "_sys_revoke", /* 56 */ + "_sys_symlink", /* 57 */ + "_sys_readlink", /* 58 */ + "_sys_execve", /* 59 */ + "_sys_umask", /* 60 */ + "_sys_chroot", /* 61 */ + "_compat_43_sys_fstat", /* 62 is old fstat */ + "_compat_43_sys_getkerninfo", /* 63 is old ogetkerninfo */ + "_compat_43_sys_getpagesize", /* 64 is old ogetpagesize */ + "_nosys", /* 65 is omsync */ + "_sys_vfork", /* 66 */ + "_nosys", /* 67 is obsolete vread */ + "_nosys", /* 68 is obsolete vwrite */ + "_sys_sbrk", /* 69 */ + "_sys_sstk", /* 70 */ + "_compat_43_sys_mmap", /* 71 is ommap */ + "_sys_ovadvise", /* 72 */ + "_sys_munmap", /* 73 */ + "_sys_mprotect", /* 74 */ + "_sys_madvise", /* 75 */ + "_nosys", /* 76 is obsolete vhangup */ + "_nosys", /* 77 is obsolete vlimit */ + "_sys_mincore", /* 78 */ + "_sys_getgroups",/* 79 */ + "_sys_setgroups",/* 80 */ + "_sys_getpgrp", /* 81 */ + "_sys_setpgid", /* 82 */ + "_sys_setitimer",/* 83 */ + "_compat_43_sys_wait", /* 84 is owait */ + "_nosys", /* 85 is swapon */ + "_sys_getitimer",/* 86 */ + "_compat_43_sys_gethostname", /* 87 is ogethostname */ + "_compat_43_sys_sethostname", /* 88 is osethostname */ + "_compat_43_sys_getdtablesize", /* 89 os ogetdtablesize */ + "_sys_dup2", /* 90 */ + "_nosys", /* 91 is ??? */ + "_sys_fcntl", /* 92 */ + "_sys_select", /* 93 */ + "_nosys", /* 94 is ??? */ + "_sys_fsync", /* 95 */ + "_sys_setpriority", /* 96 */ + "_sys_socket", /* 97 */ + "_sys_connect", /* 98 */ + "_compat_43_sys_accept", /* 99 is oaccept */ + "_sys_getpriority", /* 100 */ + "_compat_43_sys_send", /* 101 is osend */ + "_compat_43_sys_recv", /* 102 is orecv */ + "_sys_sigreturn", + "_sys_bind", /* 104 */ + "_sys_setsockopt", /* 105 */ + "_sys_listen", /* 106 */ + "_nosys", /* 107 is obsolete vtimes */ + "_compat_43_sys_sigvec", /* 108 is osigvec */ + "_compat_43_sys_sigblock", /* 109 is osigblock */ + "_compat_43_sys_sigsetmask", /* 110 is osigsetmask */ + "_sys_sigsuspend", + "_compat_43_sys_sigstack", /* 112 is osigstack */ + "_compat_43_sys_recvmsg", /* 113 is orecvmsg */ + "_compat_43_sys_sendmsg", /* 114 is osendmsg */ + "_nosys", /* 115 is obsolete vtrace */ + "_sys_gettimeofday", /* 116 */ + "_sys_getrusage", /* 117 */ + "_sys_getsockopt", /* 118 */ + "_nosys", /* 119 is obsolete resuba */ + "_sys_readv", /* 120 */ + "_sys_writev", /* 121 */ + "_sys_settimeofday", /* 122 */ + "_sys_fchown", /* 123 */ + "_sys_fchmod", /* 124 */ + "_compat_43_sys_recvfrom", /* 125 is orecvfrom */ + "_sys_setreuid", /* 126 */ + "_sys_setregid", /* 127 */ + "_sys_rename", /* 128 */ + "_compat_43_sys_truncate", /* 129 is old truncate */ + "_compat_43_sys_ftruncate", /* 130 is old ftruncate */ + "_sys_flock", /* 131 */ + "_sys_mkfifo", /* 132 */ + "_sys_sendto", /* 133 */ + "_sys_shutdown", /* 134 */ + "_sys_socketpair", /* 135 */ + "_sys_mkdir", /* 136 */ + "_sys_rmdir", /* 137 */ + "_sys_utimes", /* 138 */ + "_nosys", /* 139 is obsolete 4.2 sigreturn */ + "_sys_adjtime", /* 140 */ + "_compat_43_sys_getpeername", /* 141 is ogetpeername */ + "_compat_43_sys_gethostid", /* 142 is ogethostid */ + "_compat_43_sys_sethostid", /* 143 is osethostid */ + "_compat_43_sys_getrlimit", /* 144 is ogetrlimit */ + "_compat_43_sys_setrlimit", /* 145 is osetrlimit */ + "_compat_43_sys_killpg", /* 146 is okillpg */ + "_sys_setsid", /* 147 */ + "_sys_quotactl", /* 148 */ + "_compat_43_sys_quota", /* 149 is oquota */ + "_compat_43_sys_getsockname", /* 150 is ogetsockname */ + "_nosys", /* 151 is ??? */ + "_nosys", /* 152 is ??? */ + "_nosys", /* 153 is ??? */ + "_nosys", /* 154 is ??? */ + "_sys_nfssvc", /* 155 */ + "_compat_43_sys_getdirentries", /* 156 is ogetdirentries */ + "_nosys", /* 157 is ostatfs */ + "_nosys", /* 158 is ofstatfs */ + "_nosys", /* 159 is ??? */ + "_nosys", /* 160 is ??? */ + "_sys_getfh", /* 161 */ + "_nosys", /* 162 is ogetdomainname */ + "_nosys", /* 163 is osetdomainname */ + "_nosys", /* 164 is ouname */ + "_sys_sysarch", /* 165 */ + "_nosys", + "_nosys", /* 167 is ??? */ + "_nosys", /* 168 is ??? */ + "_nosys", /* 169 is compat_10 osemsys */ + "_nosys", /* 170 is compat_10 omsgsys */ + "_nosys", /* 171 is compat_10 oshmsys */ + "_nosys", /* 172 is ??? */ + "_sys_pread", /* 173 */ + "_sys_pwrite", /* 174 */ + "_nosys", /* 175 is ??? */ + "_nosys", /* 176 is ??? */ + "_nosys", /* 177 is ??? */ + "_nosys", /* 178 is ??? */ + "_nosys", /* 179 is ??? */ + "_nosys", /* 180 is ??? */ + "_sys_setgid", /* 181 */ + "_sys_setegid", /* 182 */ + "_sys_seteuid", /* 183 */ + "_sys_bmapv", /* 184 */ + "_sys_markv", /* 185 */ + "_sys_segclean", /* 186 */ + "_sys_segwait", /* 187 */ + "_compat_35_sys_stat", /* 188 is compat_35 stat35 */ + "_compat_35_sys_fstat", /* 189 is compat_35 fstat35 */ + "_compat_35_sys_lstat", /* 190 is compat_35 lstat35 */ + "_sys_pathconf", /* 191 */ + "_sys_fpathconf", /* 192 */ + "_sys_swapctl", /* 193 */ + "_sys_getrlimit", /* 194 */ + "_sys_setrlimit", /* 195 */ + "_sys_getdirentries", /* 196 */ + "_sys_mmap", /* 197 */ + "_sys___syscall", /* 198 */ + "_sys_lseek", /* 199 */ + "_sys_truncate", /* 200 */ + "_sys_ftruncate", /* 201 */ + "_sys___sysctl", /* 202 */ + "_sys_mlock", /* 203 */ + "_sys_munlock", /* 204 */ + "_sys_undelete", /* 205 */ + "_sys_futimes", /* 206 */ + "_sys_getpgid", /* 207 */ + "_sys_xfspioctl", /* 208 */ + "_nosys", /* 209 is ??? */ + "_nosys", /* 210 is ??? */ + "_nosys", /* 211 is ??? */ + "_nosys", /* 212 is ??? */ + "_nosys", /* 213 is ??? */ + "_nosys", /* 214 is ??? */ + "_nosys", /* 215 is ??? */ + "_nosys", /* 216 is ??? */ + "_nosys", /* 217 is ??? */ + "_nosys", /* 218 is ??? */ + "_nosys", /* 219 is ??? */ + "_nosys", /* 220 is ??? */ + "_sys_semget", /* 221 */ + "_compat_35_sys_semop", /* 222 is compat_35 semop */ + "_nosys", /* 223 is obsolete sys_semconfig */ + "_nosys", /* 224 is compat_23 msgctl23 */ + "_sys_msgget", /* 225 */ + "_sys_msgsnd", /* 226 */ + "_sys_msgrcv", /* 227 */ + "_sys_shmat", /* 228 */ + "_nosys", /* 229 is compat_23 shmctl23 */ + "_sys_shmdt", /* 230 */ + "_compat_35_sys_shmget", /* 231 is compat_35 shmget */ + "_sys_clock_gettime", /* 232 */ + "_sys_clock_settime", /* 233 */ + "_sys_clock_getres", /* 234 */ + "_nosys", /* 235 is ??? */ + "_nosys", /* 236 is ??? */ + "_nosys", /* 237 is ??? */ + "_nosys", /* 238 is ??? */ + "_nosys", /* 239 is ??? */ + "_sys_nanosleep", /* 240 */ + "_nosys", /* 241 is ??? */ + "_nosys", /* 242 is ??? */ + "_nosys", /* 243 is ??? */ + "_nosys", /* 244 is ??? */ + "_nosys", /* 245 is ??? */ + "_nosys", /* 246 is ??? */ + "_nosys", /* 247 is ??? */ + "_nosys", /* 248 is ??? */ + "_nosys", /* 249 is ??? */ + "_sys_minherit", /* 250 */ + "_sys_rfork", /* 251 */ + "_sys_poll", /* 252 */ + "_sys_issetugid", /* 253 */ + "_sys_lchown", /* 254 */ + "_sys_getsid", /* 255 */ + "_sys_msync", /* 256 */ + "_compat_35_sys___semctl", /* 257 is compat_35 semctl35 */ + "_compat_35_sys_shmctl", /* 258 is is compat_35 shmctl35 */ + "_compat_35_sys_msgctl", /* 259 is is compat_35 msgctl35 */ + "_sys_getfsstat", /* 260 */ + "_sys_statfs", /* 261 */ + "_sys_fstatfs", /* 262 */ + "_sys_pipe", /* 263 */ + "_sys_fhopen", /* 264 */ + "_compat_35_sys_fhstat", /* 265 is compat_35 fhstat */ + "_sys_fhstatfs", /* 266 */ + "_sys_preadv", /* 267 */ + "_sys_pwritev", /* 268 */ + "_sys_kqueue", /* 269 */ + "_sys_kevent", /* 270 */ + "_sys_mlockall", /* 271 */ + "_sys_munlockall", /* 272 */ + "_sys_getpeereid", /* 273 */ + "_nosys", /* 274 */ + "_nosys", /* 275 */ + "_nosys", /* 276 */ + "_nosys", /* 277 */ + "_nosys", /* 278 */ + "_nosys", /* 279 */ + "_nosys", /* 280 */ + "_sys_getresuid", /* 281 */ + "_sys_setresuid", /* 282 */ + "_sys_getresgid", /* 283 */ + "_sys_setresgid", /* 284 */ + "_nosys", /* 285 is ??? */ + "_sys_mquery", /* 286 */ + "_sys_closefrom", /* 287 */ + "_sys_sigaltstack", /* 288 */ + "_sys_shmget", /* 289 */ + "_sys_semop", /* 290 */ + "_sys_stat", /* 291 */ + "_sys_fstat", /* 292 */ + "_sys_lstat", /* 293 */ + "_sys_fhstat", /* 294 */ + "_sys___semctl", /* 295 */ + "_sys_shmctl", /* 296 */ + "_sys_msgctl", /* 297 */ + NULL +}; + + + +/* i386 sys_call_table for freebsd + */ +char * callz_fbsd[]={ + "_syscall", /* 0 */ + "sys_exit", /* 1 */ + "_fork", /* 2 */ + "_read", /* 3 */ + "_write", /* 4 */ + "_open", /* 5 */ + "_close", /* 6 */ + "_wait4", /* 7 */ + "_nosys", /* 8 is old creat */ + "_link", /* 9 */ + "_unlink", /* 10 */ + "_nosys", /* 11 is obsolete execv */ + "_chdir", /* 12 */ + "_fchdir", /* 13 */ + "_mknod", /* 14 */ + "_chmod", /* 15 */ + "_chown", /* 16 */ + "_break", /* 17 */ + "_getfsstat",/* 18 */ + "_nosys", /* 19 is old lseek */ + "_getpid", /* 20 */ + "_mount", /* 21 */ + "_unmount", /* 22 */ + "_setuid", /* 23 */ + "_getuid", /* 24 */ + "_geteuid", /* 25 */ + "_ptrace", /* 26 */ + "_recvmsg", /* 27 */ + "_sendmsg", /* 28 */ + "_recvfrom", /* 29 */ + "_accept", /* 30 */ + "_getpeername", /* 31 */ + "_getsockname", /* 32 */ + "_access", /* 33 */ + "_chflags", /* 34 */ + "_fchflags", /* 35 */ + "_sync", /* 36 */ + "_kill", /* 37 */ + "_nosys", /* 38 is old stat */ + "_getppid", /* 39 */ + "_nosys", /* 40 is old lstat */ + "_dup", /* 41 */ + "_pipe", /* 42 */ + "_getegid", /* 43 */ + "_profil", /* 44 */ + "_ktrace", /* 45 */ + "_nosys", /* 46 is old sigaction */ + "_getgid", /* 47 */ + "_nosys", /* 48 is old sigprocmask */ + "_getlogin", /* 49 */ + "_setlogin", /* 50 */ + "_acct", /* 51 */ + "_nosys", /* 52 is old sigpending */ + "_sigaltstack", /* 53 */ + "_ioctl", /* 54 */ + "_reboot", /* 55 */ + "_revoke", /* 56 */ + "_symlink", /* 57 */ + "_readlink", /* 58 */ + "_execve", /* 59 */ + "_umask", /* 60 */ + "_chroot", /* 61 */ + "_nosys", /* 62 is old fstat */ + "_nosys", /* 63 is old getkerninfo */ + "_nosys", /* 64 is old getpagesize */ + "_msync", /* 65 */ + "_vfork", /* 66 */ + "_nosys", /* 67 is obsolete vread */ + "_nosys", /* 68 is obsolete vwrite */ + "_sbrk", /* 69 */ + "_sstk", /* 70 */ + "_nosys", /* 71 is old mmap */ + "_vadvise", /* 72 */ + "_munmap", /* 73 */ + "_mprotect", /* 74 */ + "_madvise", /* 75 */ + "_nosys", /* 76 is obsolete vhangup */ + "_nosys", /* 77 is obsolete vlimit */ + "_mincore", /* 78 */ + "_getgroups",/* 79 */ + "_setgroups",/* 80 */ + "_getpgrp", /* 81 */ + "_setpgid", /* 82 */ + "_setitimer",/* 83 */ + "_nosys", /* 84 is old wait */ + "_swapon", /* 85 */ + "_getitimer",/* 86 */ + "_nosys", /* 87 is old gethostname */ + "_nosys", /* 88 is old sethostname */ + "_getdtablesize", /* 89 */ + "_dup2", /* 90 */ + "_nosys", /* 91 is ??? */ + "_fcntl", /* 92 */ + "_select", /* 93 */ + "_nosys", /* 94 is ??? */ + "_fsync", /* 95 */ + "_setpriority", /* 96 */ + "_socket", /* 97 */ + "_connect", /* 98 */ + "_nosys", /* 99 is old accept */ + "_getpriority", /* 100 */ + "_nosys", /* 101 is old send */ + "_nosys", /* 102 is old recv */ + "_nosys", /* 103 is old sigreturn */ + "_bind", /* 104 */ + "_setsockopt", /* 105 */ + "_listen", /* 106 */ + "_nosys", /* 107 is obsolete vtimes */ + "_nosys", /* 108 is old sigvec */ + "_nosys", /* 109 is old sigblock */ + "_nosys", /* 110 is old sigsetmask */ + "_nosys", /* 111 is old sigsuspend */ + "_nosys", /* 112 is old sigstack */ + "_nosys", /* 113 is old recvmsg */ + "_nosys", /* 114 is old sendmsg */ + "_nosys", /* 115 is obsolete vtrace */ + "_gettimeofday", /* 116 */ + "_getrusage", /* 117 */ + "_getsockopt", /* 118 */ + "_nosys", /* 119 is ??? */ + "_readv", /* 120 */ + "_writev", /* 121 */ + "_settimeofday", /* 122 */ + "_fchown", /* 123 */ + "_fchmod", /* 124 */ + "_nosys", /* 125 is old recvfrom */ + "_setreuid", /* 126 */ + "_setregid", /* 127 */ + "_rename", /* 128 */ + "_nosys", /* 129 is old truncate */ + "_nosys", /* 130 is old ftruncate */ + "_flock", /* 131 */ + "_mkfifo", /* 132 */ + "_sendto", /* 133 */ + "_shutdown", /* 134 */ + "_socketpair", /* 135 */ + "_mkdir", /* 136 */ + "_rmdir", /* 137 */ + "_utimes", /* 138 */ + "_nosys", /* 139 is obsolete 4.2 sigreturn */ + "_adjtime", /* 140 */ + "_nosys", /* 141 is old getpeername */ + "_nosys", /* 142 is old gethostid */ + "_nosys", /* 143 is old sethostid */ + "_nosys", /* 144 is old getrlimit */ + "_nosys", /* 145 is old setrlimit */ + "_nosys", /* 146 is old killpg */ + "_setsid", /* 147 */ + "_quotactl", /* 148 */ + "_nosys", /* 149 is old quota */ + "_nosys", /* 150 is old getsockname */ + "_nosys", /* 151 is ??? */ + "_nosys", /* 152 is ??? */ + "_nosys", /* 153 is ??? */ + "_nosys", /* 154 is ??? */ + "_nfssvc", /* 155 */ + "_nosys", /* 156 is old getdirentries */ + "_statfs", /* 157 */ + "_fstatfs", /* 158 */ + "_nosys", /* 159 is ??? */ + "_nosys", /* 160 is ??? */ + "_getfh", /* 161 */ + "_getdomainname", /* 162 */ + "_setdomainname", /* 163 */ + "_uname", /* 164 */ + "_sysarch", /* 165 */ + "_rtprio", /* 166 */ + "_nosys", /* 167 is ??? */ + "_nosys", /* 168 is ??? */ + "_semsys", /* 169 */ + "_msgsys", /* 170 */ + "_shmsys", /* 171 */ + "_nosys", /* 172 is ??? */ + "_pread", /* 173 */ + "_pwrite", /* 174 */ + "_nosys", /* 175 is ??? */ + "_ntp_adjtime", /* 176 */ + "_nosys", /* 177 is ??? */ + "_nosys", /* 178 is ??? */ + "_nosys", /* 179 is ??? */ + "_nosys", /* 180 is ??? */ + "_setgid", /* 181 */ + "_setegid", /* 182 */ + "_seteuid", /* 183 */ + "_nosys", /* 184 is ??? */ + "_nosys", /* 185 is ??? */ + "_nosys", /* 186 is ??? */ + "_nosys", /* 187 is ??? */ + "_stat", /* 188 */ + "_fstat", /* 189 */ + "_lstat", /* 190 */ + "_pathconf", /* 191 */ + "_fpathconf", /* 192 */ + "_nosys", /* 193 is ??? */ + "_getrlimit", /* 194 */ + "_setrlimit", /* 195 */ + "_getdirentries", /* 196 */ + "_mmap", /* 197 */ + "___syscall", /* 198 */ + "_lseek", /* 199 */ + "_truncate", /* 200 */ + "_ftruncate", /* 201 */ + "___sysctl", /* 202 */ + "_mlock", /* 203 */ + "_munlock", /* 204 */ + "_undelete", /* 205 */ + "_futimes", /* 206 */ + "_getpgid", /* 207 */ + "_nosys", /* 208 is ??? */ + "_poll", /* 209 */ + "_nosys", /* 210 is ??? */ + "_nosys", /* 211 is ??? */ + "_nosys", /* 212 is ??? */ + "_nosys", /* 213 is ??? */ + "_nosys", /* 214 is ??? */ + "_nosys", /* 215 is ??? */ + "_nosys", /* 216 is ??? */ + "_nosys", /* 217 is ??? */ + "_nosys", /* 218 is ??? */ + "_nosys", /* 219 is ??? */ + "___semctl", /* 220 */ + "_semget", /* 221 */ + "_semop", /* 222 */ + "_nosys", /* 223 is ??? */ + "_msgctl", /* 224 */ + "_msgget", /* 225 */ + "_msgsnd", /* 226 */ + "_msgrcv", /* 227 */ + "_shmat", /* 228 */ + "_shmctl", /* 229 */ + "_shmdt", /* 230 */ + "_shmget", /* 231 */ + "_clock_gettime", /* 232 */ + "_clock_settime", /* 233 */ + "_clock_getres", /* 234 */ + "_nosys", /* 235 is ??? */ + "_nosys", /* 236 is ??? */ + "_nosys", /* 237 is ??? */ + "_nosys", /* 238 is ??? */ + "_nosys", /* 239 is ??? */ + "_nanosleep", /* 240 */ + "_nosys", /* 241 is ??? */ + "_nosys", /* 242 is ??? */ + "_nosys", /* 243 is ??? */ + "_nosys", /* 244 is ??? */ + "_nosys", /* 245 is ??? */ + "_nosys", /* 246 is ??? */ + "_nosys", /* 247 is ??? */ + "_nosys", /* 248 is ??? */ + "_nosys", /* 249 is ??? */ + "_minherit", /* 250 */ + "_rfork", /* 251 */ + "_openbsd_poll", /* 252 */ + "_issetugid", /* 253 */ + "_lchown", /* 254 */ + "_nosys", /* 255 is ??? */ + "_nosys", /* 256 is ??? */ + "_nosys", /* 257 is ??? */ + "_nosys", /* 258 is ??? */ + "_nosys", /* 259 is ??? */ + "_nosys", /* 260 is ??? */ + "_nosys", /* 261 is ??? */ + "_nosys", /* 262 is ??? */ + "_nosys", /* 263 is ??? */ + "_nosys", /* 264 is ??? */ + "_nosys", /* 265 is ??? */ + "_nosys", /* 266 is ??? */ + "_nosys", /* 267 is ??? */ + "_nosys", /* 268 is ??? */ + "_nosys", /* 269 is ??? */ + "_nosys", /* 270 is ??? */ + "_nosys", /* 271 is ??? */ + "_getdents", /* 272 */ + "_nosys", /* 273 is ??? */ + "_lchmod", /* 274 */ + "_netbsd_lchown", /* 275 */ + "_lutimes", /* 276 */ + "_netbsd_msync", /* 277 */ + "_nstat", /* 278 */ + "_nfstat", /* 279 */ + "_nlstat", /* 280 */ + "_nosys", /* 281 is ??? */ + "_nosys", /* 282 is ??? */ + "_nosys", /* 283 is ??? */ + "_nosys", /* 284 is ??? */ + "_nosys", /* 285 is ??? */ + "_nosys", /* 286 is ??? */ + "_nosys", /* 287 is ??? */ + "_nosys", /* 288 is ??? */ + "_nosys", /* 289 is ??? */ + "_nosys", /* 290 is ??? */ + "_nosys", /* 291 is ??? */ + "_nosys", /* 292 is ??? */ + "_nosys", /* 293 is ??? */ + "_nosys", /* 294 is ??? */ + "_nosys", /* 295 is ??? */ + "_nosys", /* 296 is ??? */ + "_fhstatfs", /* 297 */ + "_fhopen", /* 298 */ + "_fhstat", /* 299 */ + "_modnext", /* 300 */ + "_modstat", /* 301 */ + "_modfnext", /* 302 */ + "_modfind", /* 303 */ + "_kldload", /* 304 */ + "_kldunload", /* 305 */ + "_kldfind", /* 306 */ + "_kldnext", /* 307 */ + "_kldstat", /* 308 */ + "_kldfirstmod", /* 309 */ + "_getsid", /* 310 */ + "_setresuid", /* 311 */ + "_setresgid", /* 312 */ + "_nosys", /* 313 is obsolete signanosleep */ + "_aio_return", /* 314 */ + "_aio_suspend", /* 315 */ + "_aio_cancel", /* 316 */ + "_aio_error", /* 317 */ + "_aio_read", /* 318 */ + "_aio_write", /* 319 */ + "_lio_listio", /* 320 */ + "_yield", /* 321 */ + "_thr_sleep", /* 322 */ + "_thr_wakeup", /* 323 */ + "_mlockall", /* 324 */ + "_munlockall", /* 325 */ + "___getcwd", /* 326 */ + "_sched_setparam", /* 327 */ + "_sched_getparam", /* 328 */ + "_sched_setscheduler", /* 329 */ + "_sched_getscheduler", /* 330 */ + "_sched_yield", /* 331 */ + "_sched_get_priority_max", /* 332 */ + "_sched_get_priority_min", /* 333 */ + "_sched_rr_get_interval", /* 334 */ + "_utrace", /* 335 */ + "_sendfile", /* 336 */ + "_kldsym", /* 337 */ + "_jail", /* 338 */ + "_nosys", /* 339 is ??? */ + "_sigprocmask", /* 340 */ + "_sigsuspend", /* 341 */ + "_sigaction", /* 342 */ + "_sigpending", /* 343 */ + "_sigreturn", /* 344 */ + "_nosys", /* 345 is ??? */ + "_nosys", /* 346 is ??? */ + "___acl_get_file", /* 347 */ + "___acl_set_file", /* 348 */ + "___acl_get_fd", /* 349 */ + "___acl_set_fd", /* 350 */ + "___acl_delete_file", /* 351 */ + "___acl_delete_fd", /* 352 */ + "___acl_aclcheck_file", /* 353 */ + "___acl_aclcheck_fd", /* 354 */ + "_extattrctl", /* 355 */ + "_extattr_set_file", /* 356 */ + "_extattr_get_file", /* 357 */ + "_extattr_delete_file", /* 358 */ + "_aio_waitcomplete", /* 359 */ + "_getresuid", /* 360 */ + "_getresgid", /* 361 */ + "_kqueue", /* 362 */ + "_kevent", /* 363 */ + "_nosys", /* 364 is ??? */ + "_nosys", /* 365 is ??? */ + "_nosys", /* 366 is ??? */ + "_nosys", /* 367 is ??? */ + "_nosys", /* 368 is ??? */ + "_nosys", /* 369 is ??? */ + "_nosys", /* 370 is ??? */ + "_nosys", /* 371 is ??? */ + "_nosys", /* 372 is ??? */ + "_nosys", /* 373 is ??? */ + "_nosys", /* 374 is ??? */ + "_nosys", /* 375 is ??? */ + "_nosys", /* 376 is ??? */ + "_nosys", /* 377 is ??? */ + "_nosys", /* 378 is ??? */ + "_nosys", /* 379 is ??? */ + "_nosys", /* 380 is ??? */ + "_nosys", /* 381 is ??? */ + "_nosys", /* 382 is ??? */ + "_nosys", /* 383 is ??? */ + "_nosys", /* 384 is ??? */ + "_nosys", /* 385 is ??? */ + "_nosys", /* 386 is ??? */ + "_nosys", /* 387 is ??? */ + "_nosys", /* 388 is ??? */ + "_nosys", /* 389 is ??? */ + "_nosys", /* 390 is ??? */ + "_nosys", /* 391 is ??? */ + "_nosys", /* 392 is ??? */ + "_sendfile", /* 393 */ + NULL +}; + +/* i386 sys_call_table for freebsd + */ +char * callz_fbsd5[]={ + "_syscall", /* 0 */ + "sys_exit", /* 1 */ + "_fork", /* 2 */ + "_read", /* 3 */ + "_write", /* 4 */ + "_open", /* 5 */ + "_close", /* 6 */ + "_wait4", /* 7 */ + "_nosys", /* 8 is old creat */ + "_link", /* 9 */ + "_unlink", /* 10 */ + "_nosys", /* 11 is obsolete execv */ + "_chdir", /* 12 */ + "_fchdir", /* 13 */ + "_mknod", /* 14 */ + "_chmod", /* 15 */ + "_chown", /* 16 */ + "_break", /* 17 */ + "_nosys", /* 18 is old getfsstat */ + "_nosys", /* 19 is old lseek */ + "_getpid", /* 20 */ + "_mount", /* 21 */ + "_unmount", /* 22 */ + "_setuid", /* 23 */ + "_getuid", /* 24 */ + "_geteuid", /* 25 */ + "_ptrace", /* 26 */ + "_recvmsg", /* 27 */ + "_sendmsg", /* 28 */ + "_recvfrom", /* 29 */ + "_accept", /* 30 */ + "_getpeername", /* 31 */ + "_getsockname", /* 32 */ + "_access", /* 33 */ + "_chflags", /* 34 */ + "_fchflags", /* 35 */ + "_sync", /* 36 */ + "_kill", /* 37 */ + "_nosys", /* 38 is old stat */ + "_getppid", /* 39 */ + "_nosys", /* 40 is old lstat */ + "_dup", /* 41 */ + "_pipe", /* 42 */ + "_getegid", /* 43 */ + "_profil", /* 44 */ + "_ktrace", /* 45 */ + "_nosys", /* 46 is old sigaction */ + "_getgid", /* 47 */ + "_nosys", /* 48 is old sigprocmask */ + "_getlogin", /* 49 */ + "_setlogin", /* 50 */ + "_acct", /* 51 */ + "_nosys", /* 52 is old sigpending */ + "_sigaltstack", /* 53 */ + "_ioctl", /* 54 */ + "_reboot", /* 55 */ + "_revoke", /* 56 */ + "_symlink", /* 57 */ + "_readlink", /* 58 */ + "_execve", /* 59 */ + "_umask", /* 60 */ + "_chroot", /* 61 */ + "_nosys", /* 62 is old fstat */ + "_nosys", /* 63 is old getkerninfo */ + "_nosys", /* 64 is old getpagesize */ + "_msync", /* 65 */ + "_vfork", /* 66 */ + "_nosys", /* 67 is obsolete vread */ + "_nosys", /* 68 is obsolete vwrite */ + "_sbrk", /* 69 */ + "_sstk", /* 70 */ + "_nosys", /* 71 is old mmap */ + "_vadvise", /* 72 */ + "_munmap", /* 73 */ + "_mprotect", /* 74 */ + "_madvise", /* 75 */ + "_nosys", /* 76 is obsolete vhangup */ + "_nosys", /* 77 is obsolete vlimit */ + "_mincore", /* 78 */ + "_getgroups",/* 79 */ + "_setgroups",/* 80 */ + "_getpgrp", /* 81 */ + "_setpgid", /* 82 */ + "_setitimer",/* 83 */ + "_nosys", /* 84 is old wait */ + "_swapon", /* 85 */ + "_getitimer",/* 86 */ + "_nosys", /* 87 is old gethostname */ + "_nosys", /* 88 is old sethostname */ + "_getdtablesize", /* 89 */ + "_dup2", /* 90 */ + "_nosys", /* 91 is ??? */ + "_fcntl", /* 92 */ + "_select", /* 93 */ + "_nosys", /* 94 is ??? */ + "_fsync", /* 95 */ + "_setpriority", /* 96 */ + "_socket", /* 97 */ + "_connect", /* 98 */ + "_nosys", /* 99 is old accept */ + "_getpriority", /* 100 */ + "_nosys", /* 101 is old send */ + "_nosys", /* 102 is old recv */ + "_nosys", /* 103 is old sigreturn */ + "_bind", /* 104 */ + "_setsockopt", /* 105 */ + "_listen", /* 106 */ + "_nosys", /* 107 is obsolete vtimes */ + "_nosys", /* 108 is old sigvec */ + "_nosys", /* 109 is old sigblock */ + "_nosys", /* 110 is old sigsetmask */ + "_nosys", /* 111 is old sigsuspend */ + "_nosys", /* 112 is old sigstack */ + "_nosys", /* 113 is old recvmsg */ + "_nosys", /* 114 is old sendmsg */ + "_nosys", /* 115 is obsolete vtrace */ + "_gettimeofday", /* 116 */ + "_getrusage", /* 117 */ + "_getsockopt", /* 118 */ + "_nosys", /* 119 is ??? */ + "_readv", /* 120 */ + "_writev", /* 121 */ + "_settimeofday", /* 122 */ + "_fchown", /* 123 */ + "_fchmod", /* 124 */ + "_nosys", /* 125 is old recvfrom */ + "_setreuid", /* 126 */ + "_setregid", /* 127 */ + "_rename", /* 128 */ + "_nosys", /* 129 is old truncate */ + "_nosys", /* 130 is old ftruncate */ + "_flock", /* 131 */ + "_mkfifo", /* 132 */ + "_sendto", /* 133 */ + "_shutdown", /* 134 */ + "_socketpair", /* 135 */ + "_mkdir", /* 136 */ + "_rmdir", /* 137 */ + "_utimes", /* 138 */ + "_nosys", /* 139 is obsolete 4.2 sigreturn */ + "_adjtime", /* 140 */ + "_nosys", /* 141 is old getpeername */ + "_nosys", /* 142 is old gethostid */ + "_nosys", /* 143 is old sethostid */ + "_nosys", /* 144 is old getrlimit */ + "_nosys", /* 145 is old setrlimit */ + "_nosys", /* 146 is old killpg */ + "_setsid", /* 147 */ + "_quotactl", /* 148 */ + "_nosys", /* 149 is old quota */ + "_nosys", /* 150 is old getsockname */ + "_nosys", /* 151 is ??? */ + "_nosys", /* 152 is ??? */ + "_nosys", /* 153 is ??? */ + "_nosys", /* 154 is ??? */ + "_nfssvc", /* 155 */ + "_nosys", /* 156 is old getdirentries */ + "_nosys", /* 157 is old statfs */ + "_nosys", /* 158 is old fstatfs */ + "_nosys", /* 159 is ??? */ + "_lgetfh", /* 160 */ + "_getfh", /* 161 */ + "_getdomainname", /* 162 */ + "_setdomainname", /* 163 */ + "_uname", /* 164 */ + "_sysarch", /* 165 */ + "_rtprio", /* 166 */ + "_nosys", /* 167 is ??? */ + "_nosys", /* 168 is ??? */ + "_semsys", /* 169 */ + "_msgsys", /* 170 */ + "_shmsys", /* 171 */ + "_nosys", /* 172 is ??? */ + "_pread", /* 173 */ + "_pwrite", /* 174 */ + "_nosys", /* 175 is ??? */ + "_ntp_adjtime", /* 176 */ + "_nosys", /* 177 is ??? */ + "_nosys", /* 178 is ??? */ + "_nosys", /* 179 is ??? */ + "_nosys", /* 180 is ??? */ + "_setgid", /* 181 */ + "_setegid", /* 182 */ + "_seteuid", /* 183 */ + "_nosys", /* 184 is ??? */ + "_nosys", /* 185 is ??? */ + "_nosys", /* 186 is ??? */ + "_nosys", /* 187 is ??? */ + "_stat", /* 188 */ + "_fstat", /* 189 */ + "_lstat", /* 190 */ + "_pathconf", /* 191 */ + "_fpathconf", /* 192 */ + "_nosys", /* 193 is ??? */ + "_getrlimit", /* 194 */ + "_setrlimit", /* 195 */ + "_getdirentries", /* 196 */ + "_mmap", /* 197 */ + "___syscall", /* 198 */ + "_lseek", /* 199 */ + "_truncate", /* 200 */ + "_ftruncate", /* 201 */ + "___sysctl", /* 202 */ + "_mlock", /* 203 */ + "_munlock", /* 204 */ + "_undelete", /* 205 */ + "_futimes", /* 206 */ + "_getpgid", /* 207 */ + "_nosys", /* 208 is ??? */ + "_poll", /* 209 */ + "_nosys", /* 210 is ??? */ + "_nosys", /* 211 is ??? */ + "_nosys", /* 212 is ??? */ + "_nosys", /* 213 is ??? */ + "_nosys", /* 214 is ??? */ + "_nosys", /* 215 is ??? */ + "_nosys", /* 216 is ??? */ + "_nosys", /* 217 is ??? */ + "_nosys", /* 218 is ??? */ + "_nosys", /* 219 is ??? */ + "___semctl", /* 220 */ + "_semget", /* 221 */ + "_semop", /* 222 */ + "_nosys", /* 223 is ??? */ + "_msgctl", /* 224 */ + "_msgget", /* 225 */ + "_msgsnd", /* 226 */ + "_msgrcv", /* 227 */ + "_shmat", /* 228 */ + "_shmctl", /* 229 */ + "_shmdt", /* 230 */ + "_shmget", /* 231 */ + "_clock_gettime", /* 232 */ + "_clock_settime", /* 233 */ + "_clock_getres", /* 234 */ + "_nosys", /* 235 is ??? */ + "_nosys", /* 236 is ??? */ + "_nosys", /* 237 is ??? */ + "_nosys", /* 238 is ??? */ + "_nosys", /* 239 is ??? */ + "_nanosleep", /* 240 */ + "_nosys", /* 241 is ??? */ + "_nosys", /* 242 is ??? */ + "_nosys", /* 243 is ??? */ + "_nosys", /* 244 is ??? */ + "_nosys", /* 245 is ??? */ + "_nosys", /* 246 is ??? */ + "_nosys", /* 247 is ??? */ + "_nosys", /* 248 is ??? */ + "_nosys", /* 249 is ??? */ + "_minherit", /* 250 */ + "_rfork", /* 251 */ + "_openbsd_poll", /* 252 */ + "_issetugid", /* 253 */ + "_lchown", /* 254 */ + "_nosys", /* 255 is ??? */ + "_nosys", /* 256 is ??? */ + "_nosys", /* 257 is ??? */ + "_nosys", /* 258 is ??? */ + "_nosys", /* 259 is ??? */ + "_nosys", /* 260 is ??? */ + "_nosys", /* 261 is ??? */ + "_nosys", /* 262 is ??? */ + "_nosys", /* 263 is ??? */ + "_nosys", /* 264 is ??? */ + "_nosys", /* 265 is ??? */ + "_nosys", /* 266 is ??? */ + "_nosys", /* 267 is ??? */ + "_nosys", /* 268 is ??? */ + "_nosys", /* 269 is ??? */ + "_nosys", /* 270 is ??? */ + "_nosys", /* 271 is ??? */ + "_getdents", /* 272 */ + "_nosys", /* 273 is ??? */ + "_lchmod", /* 274 */ + "_netbsd_lchown", /* 275 */ + "_lutimes", /* 276 */ + "_netbsd_msync", /* 277 */ + "_nstat", /* 278 */ + "_nfstat", /* 279 */ + "_nlstat", /* 280 */ + "_nosys", /* 281 is ??? */ + "_nosys", /* 282 is ??? */ + "_nosys", /* 283 is ??? */ + "_nosys", /* 284 is ??? */ + "_nosys", /* 285 is ??? */ + "_nosys", /* 286 is ??? */ + "_nosys", /* 287 is ??? */ + "_nosys", /* 288 is ??? */ + "_nosys", /* 289 is ??? */ + "_nosys", /* 290 is ??? */ + "_nosys", /* 291 is ??? */ + "_nosys", /* 292 is ??? */ + "_nosys", /* 293 is ??? */ + "_nosys", /* 294 is ??? */ + "_nosys", /* 295 is ??? */ + "_nosys", /* 296 is ??? */ + "_nosys", /* 297 is old fhstatfs */ + "_fhopen", /* 298 */ + "_fhstat", /* 299 */ + "_modnext", /* 300 */ + "_modstat", /* 301 */ + "_modfnext", /* 302 */ + "_modfind", /* 303 */ + "_kldload", /* 304 */ + "_kldunload", /* 305 */ + "_kldfind", /* 306 */ + "_kldnext", /* 307 */ + "_kldstat", /* 308 */ + "_kldfirstmod", /* 309 */ + "_getsid", /* 310 */ + "_setresuid", /* 311 */ + "_setresgid", /* 312 */ + "_nosys", /* 313 is obsolete signanosleep */ + "_aio_return", /* 314 */ + "_aio_suspend", /* 315 */ + "_aio_cancel", /* 316 */ + "_aio_error", /* 317 */ + "_aio_read", /* 318 */ + "_aio_write", /* 319 */ + "_lio_listio", /* 320 */ + "_yield", /* 321 */ + "_thr_sleep", /* 322 */ + "_thr_wakeup", /* 323 */ + "_mlockall", /* 324 */ + "_munlockall", /* 325 */ + "___getcwd", /* 326 */ + "_sched_setparam", /* 327 */ + "_sched_getparam", /* 328 */ + "_sched_setscheduler", /* 329 */ + "_sched_getscheduler", /* 330 */ + "_sched_yield", /* 331 */ + "_sched_get_priority_max", /* 332 */ + "_sched_get_priority_min", /* 333 */ + "_sched_rr_get_interval", /* 334 */ + "_utrace", /* 335 */ + "_nosys", /* 336 is old sendfile */ + "_kldsym", /* 337 */ + "_jail", /* 338 */ + "_nosys", /* 339 is ??? */ + "_sigprocmask", /* 340 */ + "_sigsuspend", /* 341 */ + "_nosys", /* 342 is old sigaction */ + "_sigpending", /* 343 */ + "_nosys", /* 344 is old sigreturn */ + "_sigtimedwait", /* 345 */ + "_sigwaitinfo", /* 346 */ + "___acl_get_file", /* 347 */ + "___acl_set_file", /* 348 */ + "___acl_get_fd", /* 349 */ + "___acl_set_fd", /* 350 */ + "___acl_delete_file", /* 351 */ + "___acl_delete_fd", /* 352 */ + "___acl_aclcheck_file", /* 353 */ + "___acl_aclcheck_fd", /* 354 */ + "_extattrctl", /* 355 */ + "_extattr_set_file", /* 356 */ + "_extattr_get_file", /* 357 */ + "_extattr_delete_file", /* 358 */ + "_aio_waitcomplete", /* 359 */ + "_getresuid", /* 360 */ + "_getresgid", /* 361 */ + "_kqueue", /* 362 */ + "_kevent", /* 363 */ + "_nosys", /* 364 is ??? */ + "_nosys", /* 365 is ??? */ + "_nosys", /* 366 is ??? */ + "_nosys", /* 367 is ??? */ + "_nosys", /* 368 is ??? */ + "_nosys", /* 369 is ??? */ + "_nosys", /* 370 is ??? */ + "_extattr_set_fd", /* 371 */ + "_extattr_get_fd", /* 372 */ + "_extattr_delete_fd", /* 373 */ + "___setugid", /* 374 */ + "_nfsclnt", /* 375 */ + "_eaccess", /* 376 */ + "_nosys", /* 377 is ??? */ + "_nmount", /* 378 */ + "_kse_exit", /* 379 */ + "_kse_wakeup", /* 380 */ + "_kse_create", /* 381 */ + "_kse_thr_interrupt", /* 382 */ + "_kse_release", /* 383 */ + "___mac_get_proc", /* 384 */ + "___mac_set_proc", /* 385 */ + "___mac_get_fd", /* 386 */ + "___mac_get_file", /* 387 */ + "___mac_set_fd", /* 388 */ + "___mac_set_file", /* 389 */ + "_kenv", /* 390 */ + "_lchflags", /* 391 */ + "_uuidgen", /* 392 */ + "_sendfile", /* 393 */ + "_mac_syscall", /* 394 */ + "_getfsstat", /* 395 */ + "_statfs", /* 396 */ + "_fstatfs", /* 397 */ + "_fhstatfs", /* 398 */ + "_nosys", /* 399 */ + "_ksem_close", /* 400 */ + "_ksem_post", /* 401 */ + "_ksem_wait", /* 402 */ + "_ksem_trywait", /* 403 */ + "_ksem_init", /* 404 */ + "_ksem_open", /* 405 */ + "_ksem_unlink", /* 406 */ + "_ksem_getvalue", /* 407 */ + "_ksem_destroy", /* 408 */ + "___mac_get_pid", /* 409 */ + "___mac_get_link", /* 410 */ + "___mac_set_link", /* 411 */ + "_extattr_set_link", /* 412 */ + "_extattr_get_link", /* 413 */ + "_extattr_delete_link", /* 414 */ + "___mac_execve", /* 415 */ + "_sigaction", /* 416 */ + "_sigreturn", /* 417 */ + "_nosys", /* 418 */ + "_nosys", /* 419 */ + "_nosys", /* 420 */ + "_getcontext", /* 421 */ + "_setcontext", /* 422 */ + "_swapcontext", /* 423 */ + "_swapoff", /* 424 */ + "___acl_get_link", /* 425 */ + "___acl_set_link", /* 426 */ + "___acl_delete_link", /* 427 */ + "___acl_aclcheck_link", /* 428 */ + "_sigwait", /* 429 */ + "_thr_create", /* 430 */ + "_thr_exit", /* 431 */ + "_thr_self", /* 432 */ + "_thr_kill", /* 433 */ + "__umtx_lock", /* 434 */ + "__umtx_unlock", /* 435 */ + "_jail_attach", /* 436 */ + "_extattr_list_fd", /* 437 */ + "_extattr_list_file", /* 438 */ + "_extattr_list_link", /* 439 */ + "_kse_switchin", /* 440 */ + "_ksem_timedwait", /* 441 */ + "_thr_suspend", /* 442 */ + "_thr_wake", /* 443 */ + "_kldunloadf", /* 444 */ + NULL +}; + Index: branches/samhain-2_2-branch/include/lzoconf.h =================================================================== --- branches/samhain-2_2-branch/include/lzoconf.h (revision 66) +++ branches/samhain-2_2-branch/include/lzoconf.h (revision 66) @@ -0,0 +1,379 @@ +/* lzoconf.h -- configuration for the LZO real-time data compression library + + This file is part of the LZO real-time data compression library. + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + + +#ifndef __LZOCONF_H +#define __LZOCONF_H + +#define LZO_VERSION 0x1060 + +/* + * Unfortunately, these are somewhat counterproductive, as + * there should be no strings in the compiled executable. + * - Rainer Wichmann, 26. July 2000 - + * + * #define LZO_VERSION_STRING "1.06" + * #define LZO_VERSION_DATE "Nov 29 1999" + */ +#define LZO_VERSION_STRING "" +#define LZO_VERSION_DATE "" + + +/* internal Autoconf configuration file - only used when building LZO */ +#if defined(LZO_HAVE_CONFIG_H) +# include +#endif +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +/*********************************************************************** +// LZO requires a conforming +************************************************************************/ + +#if !defined(CHAR_BIT) || (CHAR_BIT != 8) +# error "invalid CHAR_BIT" +#endif +#if !defined(UCHAR_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX) +# error "check your compiler installation" +#endif +#if (USHRT_MAX < 1 ) || (UINT_MAX < 1) || (ULONG_MAX < 1) +# error "your limits.h macros are broken" +#endif + +/* workaround a cpp bug under hpux 10.20 */ +#define LZO_0xffffffffL 4294967295ul + + +/*********************************************************************** +// architecture defines +************************************************************************/ + +#if !defined(__LZO_WIN) && !defined(__LZO_DOS) && !defined(__LZO_OS2) +# if defined(__WINDOWS__) || defined(_WINDOWS) || defined(_Windows) +# define __LZO_WIN +# elif defined(__WIN32__) || defined(_WIN32) || defined(WIN32) +# define __LZO_WIN +# elif defined(__NT__) || defined(__NT_DLL__) || defined(__WINDOWS_386__) +# define __LZO_WIN +# elif defined(__DOS__) || defined(__MSDOS__) || defined(MSDOS) +# define __LZO_DOS +# elif defined(__OS2__) || defined(__OS2V2__) || defined(OS2) +# define __LZO_OS2 +# elif defined(__palmos__) +# define __LZO_PALMOS +# elif defined(__TOS__) || defined(__atarist__) +# define __LZO_TOS +# endif +#endif + +#if (UINT_MAX < LZO_0xffffffffL) +# if defined(__LZO_WIN) +# define __LZO_WIN16 +# elif defined(__LZO_DOS) +# define __LZO_DOS16 +# elif defined(__LZO_PALMOS) +# define __LZO_PALMOS16 +# elif defined(__LZO_TOS) +# define __LZO_TOS16 +# elif defined(__C166__) +# else +# error "16-bit target not supported - contact me for porting hints" +# endif +#endif + +#if !defined(__LZO_i386) +# if defined(__LZO_DOS) || defined(__LZO_WIN16) +# define __LZO_i386 +# elif defined(__i386__) || defined(__386__) || defined(_M_IX86) +# define __LZO_i386 +# endif +#endif + +#if defined(__LZO_STRICT_16BIT) +# if (UINT_MAX < LZO_0xffffffffL) +# include +# endif +#endif + + +/*********************************************************************** +// integral and pointer types +************************************************************************/ + +/* Integral types with 32 bits or more */ +#if !defined(LZO_UINT32_MAX) +# if (UINT_MAX >= LZO_0xffffffffL) + typedef unsigned int lzo_uint32; + typedef int lzo_int32; +# define LZO_UINT32_MAX UINT_MAX +# define LZO_INT32_MAX INT_MAX +# define LZO_INT32_MIN INT_MIN +# elif (ULONG_MAX >= LZO_0xffffffffL) + typedef unsigned long lzo_uint32; + typedef long lzo_int32; +# define LZO_UINT32_MAX ULONG_MAX +# define LZO_INT32_MAX LONG_MAX +# define LZO_INT32_MIN LONG_MIN +# else +# error "lzo_uint32" +# endif +#endif + +/* lzo_uint is used like size_t */ +#if !defined(LZO_UINT_MAX) +# if (UINT_MAX >= LZO_0xffffffffL) + typedef unsigned int lzo_uint; + typedef int lzo_int; +# define LZO_UINT_MAX UINT_MAX +# define LZO_INT_MAX INT_MAX +# define LZO_INT_MIN INT_MIN +# elif (ULONG_MAX >= LZO_0xffffffffL) + typedef unsigned long lzo_uint; + typedef long lzo_int; +# define LZO_UINT_MAX ULONG_MAX +# define LZO_INT_MAX LONG_MAX +# define LZO_INT_MIN LONG_MIN +# else +# error "lzo_uint" +# endif +#endif + + +/* Memory model that allows to access memory at offsets of lzo_uint. */ +#if !defined(__LZO_MMODEL) +# if (LZO_UINT_MAX <= UINT_MAX) +# define __LZO_MMODEL +# elif defined(__LZO_DOS16) || defined(__LZO_WIN16) +# define __LZO_MMODEL __huge +# define LZO_999_UNSUPPORTED +# elif defined(__LZO_PALMOS16) || defined(__LZO_TOS16) +# define __LZO_MMODEL +# else +# error "__LZO_MMODEL" +# endif +#endif + +/* no typedef here because of const-pointer issues */ +#define lzo_byte unsigned char __LZO_MMODEL +#define lzo_bytep unsigned char __LZO_MMODEL * +#define lzo_charp char __LZO_MMODEL * +#define lzo_voidp void __LZO_MMODEL * +#define lzo_shortp short __LZO_MMODEL * +#define lzo_ushortp unsigned short __LZO_MMODEL * +#define lzo_uint32p lzo_uint32 __LZO_MMODEL * +#define lzo_int32p lzo_int32 __LZO_MMODEL * +#define lzo_uintp lzo_uint __LZO_MMODEL * +#define lzo_intp lzo_int __LZO_MMODEL * +#define lzo_voidpp lzo_voidp __LZO_MMODEL * +#define lzo_bytepp lzo_bytep __LZO_MMODEL * + +typedef int lzo_bool; + +#ifndef lzo_sizeof_dict_t +# define lzo_sizeof_dict_t sizeof(lzo_bytep) +#endif + + +/*********************************************************************** +// function types +************************************************************************/ + +/* linkage */ +#if !defined(__LZO_EXTERN_C) +# ifdef __cplusplus +# define __LZO_EXTERN_C extern "C" +# else +# define __LZO_EXTERN_C extern +# endif +#endif + +/* calling conventions */ +#if !defined(__LZO_CDECL) +# if defined(__LZO_DOS16) || defined(__LZO_WIN16) +# define __LZO_CDECL __far __cdecl +# elif defined(__LZO_i386) && defined(_MSC_VER) +# define __LZO_CDECL __cdecl +# elif defined(__LZO_i386) && defined(__WATCOMC__) +# define __LZO_CDECL __near __cdecl +# else +# define __LZO_CDECL +# endif +#endif +#if !defined(__LZO_ENTRY) +# define __LZO_ENTRY __LZO_CDECL +#endif + +/* DLL export information */ +#if !defined(__LZO_EXPORT1) +# define __LZO_EXPORT1 +#endif +#if !defined(__LZO_EXPORT2) +# define __LZO_EXPORT2 +#endif + +/* calling convention for C functions */ +#if !defined(LZO_PUBLIC) +# define LZO_PUBLIC(_rettype) __LZO_EXPORT1 _rettype __LZO_EXPORT2 __LZO_ENTRY +#endif +#if !defined(LZO_EXTERN) +# define LZO_EXTERN(_rettype) __LZO_EXTERN_C LZO_PUBLIC(_rettype) +#endif +#if !defined(LZO_PRIVATE) +# define LZO_PRIVATE(_rettype) static _rettype __LZO_ENTRY +#endif + +/* cdecl calling convention for assembler functions */ +#if !defined(LZO_PUBLIC_CDECL) +# define LZO_PUBLIC_CDECL(_rettype) \ + __LZO_EXPORT1 _rettype __LZO_EXPORT2 __LZO_CDECL +#endif +#if !defined(LZO_EXTERN_CDECL) +# define LZO_EXTERN_CDECL(_rettype) __LZO_EXTERN_C LZO_PUBLIC_CDECL(_rettype) +#endif + + +typedef int +(__LZO_ENTRY *lzo_compress_t) ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +typedef int +(__LZO_ENTRY *lzo_decompress_t) ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +typedef int +(__LZO_ENTRY *lzo_optimize_t) ( lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +typedef int +(__LZO_ENTRY *lzo_compress_dict_t)(const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem, + const lzo_byte *dict, lzo_uint dict_len ); + +typedef int +(__LZO_ENTRY *lzo_decompress_dict_t)(const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem, + const lzo_byte *dict, lzo_uint dict_len ); + + +/* a progress indicator callback function */ +typedef void (__LZO_ENTRY *lzo_progress_callback_t) (lzo_uint, lzo_uint); + + +/*********************************************************************** +// error codes and prototypes +************************************************************************/ + +/* Error codes for the compression/decompression functions. Negative + * values are errors, positive values will be used for special but + * normal events. + */ +#define LZO_E_OK 0 +#define LZO_E_ERROR (-1) +#define LZO_E_OUT_OF_MEMORY (-2) /* not used right now */ +#define LZO_E_NOT_COMPRESSIBLE (-3) /* not used right now */ +#define LZO_E_INPUT_OVERRUN (-4) +#define LZO_E_OUTPUT_OVERRUN (-5) +#define LZO_E_LOOKBEHIND_OVERRUN (-6) +#define LZO_E_EOF_NOT_FOUND (-7) +#define LZO_E_INPUT_NOT_CONSUMED (-8) + + +/* lzo_init() should be the first function you call. + * Check the return code ! + * + * lzo_init() is a macro to allow checking that the library and the + * compiler's view of various types are consistent. + */ +#define lzo_init() __lzo_init2(LZO_VERSION,(int)sizeof(short),(int)sizeof(int),\ + (int)sizeof(long),(int)sizeof(lzo_uint32),(int)sizeof(lzo_uint),\ + (int)lzo_sizeof_dict_t,(int)sizeof(char *),(int)sizeof(lzo_voidp),\ + (int)sizeof(lzo_compress_t)) +LZO_EXTERN(int) __lzo_init2(unsigned,int,int,int,int,int,int,int,int,int); + +/* version functions (useful for shared libraries) */ +LZO_EXTERN(unsigned) lzo_version(void); +LZO_EXTERN(const char *) lzo_version_string(void); +LZO_EXTERN(const char *) lzo_version_date(void); +LZO_EXTERN(const lzo_charp) _lzo_version_string(void); +LZO_EXTERN(const lzo_charp) _lzo_version_date(void); + +/* string functions */ +LZO_EXTERN(int) +lzo_memcmp(const lzo_voidp _s1, const lzo_voidp _s2, lzo_uint _len); +LZO_EXTERN(lzo_voidp) +lzo_memcpy(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); +LZO_EXTERN(lzo_voidp) +lzo_memmove(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); +LZO_EXTERN(lzo_voidp) +lzo_memset(lzo_voidp _s, int _c, lzo_uint _len); + +/* checksum functions */ +LZO_EXTERN(lzo_uint32) +lzo_adler32(lzo_uint32 _adler, const lzo_byte *_buf, lzo_uint _len); +LZO_EXTERN(lzo_uint32) +lzo_crc32(lzo_uint32 _c, const lzo_byte *_buf, lzo_uint _len); + +/* memory allocation functions */ +LZO_EXTERN(lzo_bytep) lzo_alloc(lzo_uint _nelems, lzo_uint _size); +LZO_EXTERN(lzo_bytep) lzo_malloc(lzo_uint _size); +LZO_EXTERN(void) lzo_free(lzo_voidp _ptr); + +extern lzo_bytep (__LZO_ENTRY *lzo_alloc_hook) (lzo_uint,lzo_uint); +extern void (__LZO_ENTRY *lzo_free_hook) (lzo_voidp); + +/* misc. */ +LZO_EXTERN(lzo_bool) lzo_assert(int _expr); +LZO_EXTERN(int) _lzo_config_check(void); +typedef union { lzo_bytep p; lzo_uint u; } __lzo_pu_u; +typedef union { lzo_bytep p; lzo_uint32 u32; } __lzo_pu32_u; + +/* align a char pointer on a boundary that is a multiple of `size' */ +LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp _ptr, lzo_uint _size); +#define LZO_PTR_ALIGN_UP(_ptr,_size) \ + ((_ptr) + (lzo_uint) __lzo_align_gap((const lzo_voidp)(_ptr),(lzo_uint)(_size))) + +/* deprecated - only for backward compatibility */ +#define LZO_ALIGN(_ptr,_size) LZO_PTR_ALIGN_UP(_ptr,_size) + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* already included */ + Index: branches/samhain-2_2-branch/include/minilzo.h =================================================================== --- branches/samhain-2_2-branch/include/minilzo.h (revision 66) +++ branches/samhain-2_2-branch/include/minilzo.h (revision 66) @@ -0,0 +1,96 @@ +/* minilzo.h -- mini subset of the LZO real-time data compression library + + This file is part of the LZO real-time data compression library. + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +/* + * NOTE: + * the full LZO package can be found at + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + + +#ifndef __MINILZO_H +#define __MINILZO_H + +#define MINILZO_VERSION 0x1060 + +#ifdef __LZOCONF_H +# error "you cannot use both LZO and miniLZO" +#endif + +#undef LZO_HAVE_CONFIG_H +#include "lzoconf.h" + +#if !defined(LZO_VERSION) || (LZO_VERSION != MINILZO_VERSION) +# error "version mismatch in header files" +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + + +/*********************************************************************** +// +************************************************************************/ + +/* Memory required for the wrkmem parameter. + * When the required size is 0, you can also pass a NULL pointer. + */ + +#define LZO1X_MEM_COMPRESS LZO1X_1_MEM_COMPRESS +#define LZO1X_1_MEM_COMPRESS ((lzo_uint32) (16384L * lzo_sizeof_dict_t)) +#define LZO1X_MEM_DECOMPRESS (0) + + +/* compression */ +LZO_EXTERN(int) +lzo1x_1_compress ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +/* decompression */ +LZO_EXTERN(int) +lzo1x_decompress ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem /* NOT USED */ ); + +/* safe decompression with overrun testing */ +LZO_EXTERN(int) +lzo1x_decompress_safe ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem /* NOT USED */ ); + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* already included */ + Index: branches/samhain-2_2-branch/include/rijndael-alg-fst.h =================================================================== --- branches/samhain-2_2-branch/include/rijndael-alg-fst.h (revision 66) +++ branches/samhain-2_2-branch/include/rijndael-alg-fst.h (revision 66) @@ -0,0 +1,41 @@ +/* + * rijndael-alg-fst.h v2.3 April '2000 + * + * Optimised ANSI C code + * + */ + +/*@-fixedformalarray@*/ + +#ifndef __RIJNDAEL_ALG_FST_H +#define __RIJNDAEL_ALG_FST_H + +#define MAXKC (256/32) +#define MAXROUNDS 14 + +/* USUAL_TYPES */ +#ifndef USUAL_TYPES +#define USUAL_TYPES +typedef unsigned char byte; +typedef unsigned char word8; +typedef unsigned short word16; +typedef unsigned int word32; +#endif + +#ifdef SH_ENCRYPT + +int rijndaelKeySched(word8 k[MAXKC][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS); + +int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS); + +int rijndaelEncrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS); + + +int rijndaelDecrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS); + +/* SH_ENCRYPT */ +#endif + +/* __RIJNDAEL_ALG_FST_H */ +#endif + Index: branches/samhain-2_2-branch/include/rijndael-api-fst.h =================================================================== --- branches/samhain-2_2-branch/include/rijndael-api-fst.h (revision 66) +++ branches/samhain-2_2-branch/include/rijndael-api-fst.h (revision 66) @@ -0,0 +1,99 @@ +/* + * rijndael-api-fst.h v2.3 April '2000 + * + * Optimised ANSI C code + * + */ + +#ifndef __RIJNDAEL_API_FST_H +#define __RIJNDAEL_API_FST_H + +#include "rijndael-alg-fst.h" + +/* Defines: + Add any additional defines you need +*/ + +#define BNUM 1 +#define B_SIZ 16 +#define STRICT_ALIGN 1 /* For safety */ + + +#define DIR_ENCRYPT 0 /* Are we encrpyting? */ +#define DIR_DECRYPT 1 /* Are we decrpyting? */ +#define MODE_ECB 1 /* Are we ciphering in ECB mode? */ +#define MODE_CBC 2 /* Are we ciphering in CBC mode? */ +#define MODE_CFB1 3 /* Are we ciphering in 1-bit CFB mode? */ +#define TRUE 1 +#define FALSE 0 +#define BITSPERBLOCK 128 /* Default number of bits in a cipher block */ + +/* Error Codes - CHANGE POSSIBLE: inclusion of additional error codes */ + +#define BAD_KEY_DIR -1 /* Key direction is invalid, e.g., unknown value */ +#define BAD_KEY_MAT -2 /* Key material not of correct length */ +#define BAD_KEY_INSTANCE -3 /* Key passed is not valid */ +#define BAD_CIPHER_MODE -4 /* Params struct passed to cipherInit invalid */ +#define BAD_CIPHER_STATE -5 /* Cipher in wrong state (e.g., not initialized) */ +#define BAD_BLOCK_LENGTH -6 +#define BAD_CIPHER_INSTANCE -7 +#define BAD_DATA -8 /* Data contents are invalid, e.g., invalid padding */ +#define BAD_OTHER -9 /* Unknown error */ + +/* CHANGE POSSIBLE: inclusion of algorithm specific defines */ +#define MAX_KEY_SIZE 64 /* # of ASCII char's needed to represent a key */ +#define MAX_IV_SIZE 16 /* # bytes needed to represent an IV */ + +#ifdef SH_ENCRYPT + +/* Typedefs: + + Typedef'ed data storage elements. Add any algorithm specific +parameters at the bottom of the structs as appropriate. +*/ + +typedef unsigned char RIJ_BYTE; + +/* The structure for key information */ +typedef struct { + RIJ_BYTE direction; /* Key used for encrypting or decrypting? */ + int keyLen; /* Length of the key */ + char keyMaterial[MAX_KEY_SIZE+1]; /* Raw key data in ASCII, e.g., user input or KAT values */ + /* The following parameters are algorithm dependent, replace or add as necessary */ + int ROUNDS; /* key-length-dependent number of rounds */ + int blockLen; /* block length */ + word8 keySched[MAXROUNDS+1][4][4]; /* key schedule */ +} keyInstance; + +/* The structure for cipher information */ +typedef struct { /* changed order of the components */ + RIJ_BYTE mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ + RIJ_BYTE IV[MAX_IV_SIZE]; /* A possible Initialization Vector for ciphering */ + /* Add any algorithm specific parameters needed here */ + int blockLen; /* Sample: Handles non-128 bit block sizes (if available) */ +} cipherInstance; + +/* Function prototypes */ +/* CHANGED: nothing + TODO: implement the following extensions to setup 192-bit and 256-bit block lengths: + makeKeyEx(): parameter blockLen added + -- this parameter is absolutely necessary if you want to + setup the round keys in a variable block length setting + cipherInitEx(): parameter blockLen added (for obvious reasons) + */ + +int makeKey(keyInstance *key, RIJ_BYTE direction, int keyLen, char *keyMaterial); + +int cipherInit(cipherInstance *cipher, RIJ_BYTE mode, char *IV); + +int blockEncrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer); + +int blockDecrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer); + +/* SH_ENCRYPT */ +#endif + +/* __RIJNDAEL_API_FST_H */ +#endif Index: branches/samhain-2_2-branch/include/rijndael-boxes-fst.h =================================================================== --- branches/samhain-2_2-branch/include/rijndael-boxes-fst.h (revision 66) +++ branches/samhain-2_2-branch/include/rijndael-boxes-fst.h (revision 66) @@ -0,0 +1,914 @@ +word8 S[256] = { + 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, +202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, +183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, + 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, + 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, + 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, +208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, + 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, +205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, + 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, +224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, +231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, +186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, +112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, +225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, +140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22 +}; + +#ifdef INTERMEDIATE_VALUE_KAT +word8 Si[256] = { + 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, +124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, + 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, + 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, +114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, +108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, +144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, +208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, + 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, +150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, + 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, +252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, + 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, + 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, +160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, + 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125 +}; +#endif /* INTERMEDIATE_VALUE_KAT */ + +word8 T1[256][4] = { +{ 0xc6,0x63,0x63,0xa5},{ 0xf8,0x7c,0x7c,0x84},{ 0xee,0x77,0x77,0x99},{ 0xf6,0x7b,0x7b,0x8d}, +{ 0xff,0xf2,0xf2,0x0d},{ 0xd6,0x6b,0x6b,0xbd},{ 0xde,0x6f,0x6f,0xb1},{ 0x91,0xc5,0xc5,0x54}, +{ 0x60,0x30,0x30,0x50},{ 0x02,0x01,0x01,0x03},{ 0xce,0x67,0x67,0xa9},{ 0x56,0x2b,0x2b,0x7d}, +{ 0xe7,0xfe,0xfe,0x19},{ 0xb5,0xd7,0xd7,0x62},{ 0x4d,0xab,0xab,0xe6},{ 0xec,0x76,0x76,0x9a}, +{ 0x8f,0xca,0xca,0x45},{ 0x1f,0x82,0x82,0x9d},{ 0x89,0xc9,0xc9,0x40},{ 0xfa,0x7d,0x7d,0x87}, +{ 0xef,0xfa,0xfa,0x15},{ 0xb2,0x59,0x59,0xeb},{ 0x8e,0x47,0x47,0xc9},{ 0xfb,0xf0,0xf0,0x0b}, +{ 0x41,0xad,0xad,0xec},{ 0xb3,0xd4,0xd4,0x67},{ 0x5f,0xa2,0xa2,0xfd},{ 0x45,0xaf,0xaf,0xea}, +{ 0x23,0x9c,0x9c,0xbf},{ 0x53,0xa4,0xa4,0xf7},{ 0xe4,0x72,0x72,0x96},{ 0x9b,0xc0,0xc0,0x5b}, +{ 0x75,0xb7,0xb7,0xc2},{ 0xe1,0xfd,0xfd,0x1c},{ 0x3d,0x93,0x93,0xae},{ 0x4c,0x26,0x26,0x6a}, +{ 0x6c,0x36,0x36,0x5a},{ 0x7e,0x3f,0x3f,0x41},{ 0xf5,0xf7,0xf7,0x02},{ 0x83,0xcc,0xcc,0x4f}, +{ 0x68,0x34,0x34,0x5c},{ 0x51,0xa5,0xa5,0xf4},{ 0xd1,0xe5,0xe5,0x34},{ 0xf9,0xf1,0xf1,0x08}, +{ 0xe2,0x71,0x71,0x93},{ 0xab,0xd8,0xd8,0x73},{ 0x62,0x31,0x31,0x53},{ 0x2a,0x15,0x15,0x3f}, +{ 0x08,0x04,0x04,0x0c},{ 0x95,0xc7,0xc7,0x52},{ 0x46,0x23,0x23,0x65},{ 0x9d,0xc3,0xc3,0x5e}, +{ 0x30,0x18,0x18,0x28},{ 0x37,0x96,0x96,0xa1},{ 0x0a,0x05,0x05,0x0f},{ 0x2f,0x9a,0x9a,0xb5}, +{ 0x0e,0x07,0x07,0x09},{ 0x24,0x12,0x12,0x36},{ 0x1b,0x80,0x80,0x9b},{ 0xdf,0xe2,0xe2,0x3d}, +{ 0xcd,0xeb,0xeb,0x26},{ 0x4e,0x27,0x27,0x69},{ 0x7f,0xb2,0xb2,0xcd},{ 0xea,0x75,0x75,0x9f}, +{ 0x12,0x09,0x09,0x1b},{ 0x1d,0x83,0x83,0x9e},{ 0x58,0x2c,0x2c,0x74},{ 0x34,0x1a,0x1a,0x2e}, +{ 0x36,0x1b,0x1b,0x2d},{ 0xdc,0x6e,0x6e,0xb2},{ 0xb4,0x5a,0x5a,0xee},{ 0x5b,0xa0,0xa0,0xfb}, +{ 0xa4,0x52,0x52,0xf6},{ 0x76,0x3b,0x3b,0x4d},{ 0xb7,0xd6,0xd6,0x61},{ 0x7d,0xb3,0xb3,0xce}, +{ 0x52,0x29,0x29,0x7b},{ 0xdd,0xe3,0xe3,0x3e},{ 0x5e,0x2f,0x2f,0x71},{ 0x13,0x84,0x84,0x97}, +{ 0xa6,0x53,0x53,0xf5},{ 0xb9,0xd1,0xd1,0x68},{ 0x00,0x00,0x00,0x00},{ 0xc1,0xed,0xed,0x2c}, +{ 0x40,0x20,0x20,0x60},{ 0xe3,0xfc,0xfc,0x1f},{ 0x79,0xb1,0xb1,0xc8},{ 0xb6,0x5b,0x5b,0xed}, +{ 0xd4,0x6a,0x6a,0xbe},{ 0x8d,0xcb,0xcb,0x46},{ 0x67,0xbe,0xbe,0xd9},{ 0x72,0x39,0x39,0x4b}, +{ 0x94,0x4a,0x4a,0xde},{ 0x98,0x4c,0x4c,0xd4},{ 0xb0,0x58,0x58,0xe8},{ 0x85,0xcf,0xcf,0x4a}, +{ 0xbb,0xd0,0xd0,0x6b},{ 0xc5,0xef,0xef,0x2a},{ 0x4f,0xaa,0xaa,0xe5},{ 0xed,0xfb,0xfb,0x16}, +{ 0x86,0x43,0x43,0xc5},{ 0x9a,0x4d,0x4d,0xd7},{ 0x66,0x33,0x33,0x55},{ 0x11,0x85,0x85,0x94}, +{ 0x8a,0x45,0x45,0xcf},{ 0xe9,0xf9,0xf9,0x10},{ 0x04,0x02,0x02,0x06},{ 0xfe,0x7f,0x7f,0x81}, +{ 0xa0,0x50,0x50,0xf0},{ 0x78,0x3c,0x3c,0x44},{ 0x25,0x9f,0x9f,0xba},{ 0x4b,0xa8,0xa8,0xe3}, +{ 0xa2,0x51,0x51,0xf3},{ 0x5d,0xa3,0xa3,0xfe},{ 0x80,0x40,0x40,0xc0},{ 0x05,0x8f,0x8f,0x8a}, +{ 0x3f,0x92,0x92,0xad},{ 0x21,0x9d,0x9d,0xbc},{ 0x70,0x38,0x38,0x48},{ 0xf1,0xf5,0xf5,0x04}, +{ 0x63,0xbc,0xbc,0xdf},{ 0x77,0xb6,0xb6,0xc1},{ 0xaf,0xda,0xda,0x75},{ 0x42,0x21,0x21,0x63}, +{ 0x20,0x10,0x10,0x30},{ 0xe5,0xff,0xff,0x1a},{ 0xfd,0xf3,0xf3,0x0e},{ 0xbf,0xd2,0xd2,0x6d}, +{ 0x81,0xcd,0xcd,0x4c},{ 0x18,0x0c,0x0c,0x14},{ 0x26,0x13,0x13,0x35},{ 0xc3,0xec,0xec,0x2f}, +{ 0xbe,0x5f,0x5f,0xe1},{ 0x35,0x97,0x97,0xa2},{ 0x88,0x44,0x44,0xcc},{ 0x2e,0x17,0x17,0x39}, +{ 0x93,0xc4,0xc4,0x57},{ 0x55,0xa7,0xa7,0xf2},{ 0xfc,0x7e,0x7e,0x82},{ 0x7a,0x3d,0x3d,0x47}, +{ 0xc8,0x64,0x64,0xac},{ 0xba,0x5d,0x5d,0xe7},{ 0x32,0x19,0x19,0x2b},{ 0xe6,0x73,0x73,0x95}, +{ 0xc0,0x60,0x60,0xa0},{ 0x19,0x81,0x81,0x98},{ 0x9e,0x4f,0x4f,0xd1},{ 0xa3,0xdc,0xdc,0x7f}, +{ 0x44,0x22,0x22,0x66},{ 0x54,0x2a,0x2a,0x7e},{ 0x3b,0x90,0x90,0xab},{ 0x0b,0x88,0x88,0x83}, +{ 0x8c,0x46,0x46,0xca},{ 0xc7,0xee,0xee,0x29},{ 0x6b,0xb8,0xb8,0xd3},{ 0x28,0x14,0x14,0x3c}, +{ 0xa7,0xde,0xde,0x79},{ 0xbc,0x5e,0x5e,0xe2},{ 0x16,0x0b,0x0b,0x1d},{ 0xad,0xdb,0xdb,0x76}, +{ 0xdb,0xe0,0xe0,0x3b},{ 0x64,0x32,0x32,0x56},{ 0x74,0x3a,0x3a,0x4e},{ 0x14,0x0a,0x0a,0x1e}, +{ 0x92,0x49,0x49,0xdb},{ 0x0c,0x06,0x06,0x0a},{ 0x48,0x24,0x24,0x6c},{ 0xb8,0x5c,0x5c,0xe4}, +{ 0x9f,0xc2,0xc2,0x5d},{ 0xbd,0xd3,0xd3,0x6e},{ 0x43,0xac,0xac,0xef},{ 0xc4,0x62,0x62,0xa6}, +{ 0x39,0x91,0x91,0xa8},{ 0x31,0x95,0x95,0xa4},{ 0xd3,0xe4,0xe4,0x37},{ 0xf2,0x79,0x79,0x8b}, +{ 0xd5,0xe7,0xe7,0x32},{ 0x8b,0xc8,0xc8,0x43},{ 0x6e,0x37,0x37,0x59},{ 0xda,0x6d,0x6d,0xb7}, +{ 0x01,0x8d,0x8d,0x8c},{ 0xb1,0xd5,0xd5,0x64},{ 0x9c,0x4e,0x4e,0xd2},{ 0x49,0xa9,0xa9,0xe0}, +{ 0xd8,0x6c,0x6c,0xb4},{ 0xac,0x56,0x56,0xfa},{ 0xf3,0xf4,0xf4,0x07},{ 0xcf,0xea,0xea,0x25}, +{ 0xca,0x65,0x65,0xaf},{ 0xf4,0x7a,0x7a,0x8e},{ 0x47,0xae,0xae,0xe9},{ 0x10,0x08,0x08,0x18}, +{ 0x6f,0xba,0xba,0xd5},{ 0xf0,0x78,0x78,0x88},{ 0x4a,0x25,0x25,0x6f},{ 0x5c,0x2e,0x2e,0x72}, +{ 0x38,0x1c,0x1c,0x24},{ 0x57,0xa6,0xa6,0xf1},{ 0x73,0xb4,0xb4,0xc7},{ 0x97,0xc6,0xc6,0x51}, +{ 0xcb,0xe8,0xe8,0x23},{ 0xa1,0xdd,0xdd,0x7c},{ 0xe8,0x74,0x74,0x9c},{ 0x3e,0x1f,0x1f,0x21}, +{ 0x96,0x4b,0x4b,0xdd},{ 0x61,0xbd,0xbd,0xdc},{ 0x0d,0x8b,0x8b,0x86},{ 0x0f,0x8a,0x8a,0x85}, +{ 0xe0,0x70,0x70,0x90},{ 0x7c,0x3e,0x3e,0x42},{ 0x71,0xb5,0xb5,0xc4},{ 0xcc,0x66,0x66,0xaa}, +{ 0x90,0x48,0x48,0xd8},{ 0x06,0x03,0x03,0x05},{ 0xf7,0xf6,0xf6,0x01},{ 0x1c,0x0e,0x0e,0x12}, +{ 0xc2,0x61,0x61,0xa3},{ 0x6a,0x35,0x35,0x5f},{ 0xae,0x57,0x57,0xf9},{ 0x69,0xb9,0xb9,0xd0}, +{ 0x17,0x86,0x86,0x91},{ 0x99,0xc1,0xc1,0x58},{ 0x3a,0x1d,0x1d,0x27},{ 0x27,0x9e,0x9e,0xb9}, +{ 0xd9,0xe1,0xe1,0x38},{ 0xeb,0xf8,0xf8,0x13},{ 0x2b,0x98,0x98,0xb3},{ 0x22,0x11,0x11,0x33}, +{ 0xd2,0x69,0x69,0xbb},{ 0xa9,0xd9,0xd9,0x70},{ 0x07,0x8e,0x8e,0x89},{ 0x33,0x94,0x94,0xa7}, +{ 0x2d,0x9b,0x9b,0xb6},{ 0x3c,0x1e,0x1e,0x22},{ 0x15,0x87,0x87,0x92},{ 0xc9,0xe9,0xe9,0x20}, +{ 0x87,0xce,0xce,0x49},{ 0xaa,0x55,0x55,0xff},{ 0x50,0x28,0x28,0x78},{ 0xa5,0xdf,0xdf,0x7a}, +{ 0x03,0x8c,0x8c,0x8f},{ 0x59,0xa1,0xa1,0xf8},{ 0x09,0x89,0x89,0x80},{ 0x1a,0x0d,0x0d,0x17}, +{ 0x65,0xbf,0xbf,0xda},{ 0xd7,0xe6,0xe6,0x31},{ 0x84,0x42,0x42,0xc6},{ 0xd0,0x68,0x68,0xb8}, +{ 0x82,0x41,0x41,0xc3},{ 0x29,0x99,0x99,0xb0},{ 0x5a,0x2d,0x2d,0x77},{ 0x1e,0x0f,0x0f,0x11}, +{ 0x7b,0xb0,0xb0,0xcb},{ 0xa8,0x54,0x54,0xfc},{ 0x6d,0xbb,0xbb,0xd6},{ 0x2c,0x16,0x16,0x3a } +}; + +word8 T2[256][4] = { +{ 0xa5,0xc6,0x63,0x63},{ 0x84,0xf8,0x7c,0x7c},{ 0x99,0xee,0x77,0x77},{ 0x8d,0xf6,0x7b,0x7b}, +{ 0x0d,0xff,0xf2,0xf2},{ 0xbd,0xd6,0x6b,0x6b},{ 0xb1,0xde,0x6f,0x6f},{ 0x54,0x91,0xc5,0xc5}, +{ 0x50,0x60,0x30,0x30},{ 0x03,0x02,0x01,0x01},{ 0xa9,0xce,0x67,0x67},{ 0x7d,0x56,0x2b,0x2b}, +{ 0x19,0xe7,0xfe,0xfe},{ 0x62,0xb5,0xd7,0xd7},{ 0xe6,0x4d,0xab,0xab},{ 0x9a,0xec,0x76,0x76}, +{ 0x45,0x8f,0xca,0xca},{ 0x9d,0x1f,0x82,0x82},{ 0x40,0x89,0xc9,0xc9},{ 0x87,0xfa,0x7d,0x7d}, +{ 0x15,0xef,0xfa,0xfa},{ 0xeb,0xb2,0x59,0x59},{ 0xc9,0x8e,0x47,0x47},{ 0x0b,0xfb,0xf0,0xf0}, +{ 0xec,0x41,0xad,0xad},{ 0x67,0xb3,0xd4,0xd4},{ 0xfd,0x5f,0xa2,0xa2},{ 0xea,0x45,0xaf,0xaf}, +{ 0xbf,0x23,0x9c,0x9c},{ 0xf7,0x53,0xa4,0xa4},{ 0x96,0xe4,0x72,0x72},{ 0x5b,0x9b,0xc0,0xc0}, +{ 0xc2,0x75,0xb7,0xb7},{ 0x1c,0xe1,0xfd,0xfd},{ 0xae,0x3d,0x93,0x93},{ 0x6a,0x4c,0x26,0x26}, +{ 0x5a,0x6c,0x36,0x36},{ 0x41,0x7e,0x3f,0x3f},{ 0x02,0xf5,0xf7,0xf7},{ 0x4f,0x83,0xcc,0xcc}, +{ 0x5c,0x68,0x34,0x34},{ 0xf4,0x51,0xa5,0xa5},{ 0x34,0xd1,0xe5,0xe5},{ 0x08,0xf9,0xf1,0xf1}, +{ 0x93,0xe2,0x71,0x71},{ 0x73,0xab,0xd8,0xd8},{ 0x53,0x62,0x31,0x31},{ 0x3f,0x2a,0x15,0x15}, +{ 0x0c,0x08,0x04,0x04},{ 0x52,0x95,0xc7,0xc7},{ 0x65,0x46,0x23,0x23},{ 0x5e,0x9d,0xc3,0xc3}, +{ 0x28,0x30,0x18,0x18},{ 0xa1,0x37,0x96,0x96},{ 0x0f,0x0a,0x05,0x05},{ 0xb5,0x2f,0x9a,0x9a}, +{ 0x09,0x0e,0x07,0x07},{ 0x36,0x24,0x12,0x12},{ 0x9b,0x1b,0x80,0x80},{ 0x3d,0xdf,0xe2,0xe2}, +{ 0x26,0xcd,0xeb,0xeb},{ 0x69,0x4e,0x27,0x27},{ 0xcd,0x7f,0xb2,0xb2},{ 0x9f,0xea,0x75,0x75}, +{ 0x1b,0x12,0x09,0x09},{ 0x9e,0x1d,0x83,0x83},{ 0x74,0x58,0x2c,0x2c},{ 0x2e,0x34,0x1a,0x1a}, +{ 0x2d,0x36,0x1b,0x1b},{ 0xb2,0xdc,0x6e,0x6e},{ 0xee,0xb4,0x5a,0x5a},{ 0xfb,0x5b,0xa0,0xa0}, +{ 0xf6,0xa4,0x52,0x52},{ 0x4d,0x76,0x3b,0x3b},{ 0x61,0xb7,0xd6,0xd6},{ 0xce,0x7d,0xb3,0xb3}, +{ 0x7b,0x52,0x29,0x29},{ 0x3e,0xdd,0xe3,0xe3},{ 0x71,0x5e,0x2f,0x2f},{ 0x97,0x13,0x84,0x84}, +{ 0xf5,0xa6,0x53,0x53},{ 0x68,0xb9,0xd1,0xd1},{ 0x00,0x00,0x00,0x00},{ 0x2c,0xc1,0xed,0xed}, +{ 0x60,0x40,0x20,0x20},{ 0x1f,0xe3,0xfc,0xfc},{ 0xc8,0x79,0xb1,0xb1},{ 0xed,0xb6,0x5b,0x5b}, +{ 0xbe,0xd4,0x6a,0x6a},{ 0x46,0x8d,0xcb,0xcb},{ 0xd9,0x67,0xbe,0xbe},{ 0x4b,0x72,0x39,0x39}, +{ 0xde,0x94,0x4a,0x4a},{ 0xd4,0x98,0x4c,0x4c},{ 0xe8,0xb0,0x58,0x58},{ 0x4a,0x85,0xcf,0xcf}, +{ 0x6b,0xbb,0xd0,0xd0},{ 0x2a,0xc5,0xef,0xef},{ 0xe5,0x4f,0xaa,0xaa},{ 0x16,0xed,0xfb,0xfb}, +{ 0xc5,0x86,0x43,0x43},{ 0xd7,0x9a,0x4d,0x4d},{ 0x55,0x66,0x33,0x33},{ 0x94,0x11,0x85,0x85}, +{ 0xcf,0x8a,0x45,0x45},{ 0x10,0xe9,0xf9,0xf9},{ 0x06,0x04,0x02,0x02},{ 0x81,0xfe,0x7f,0x7f}, +{ 0xf0,0xa0,0x50,0x50},{ 0x44,0x78,0x3c,0x3c},{ 0xba,0x25,0x9f,0x9f},{ 0xe3,0x4b,0xa8,0xa8}, +{ 0xf3,0xa2,0x51,0x51},{ 0xfe,0x5d,0xa3,0xa3},{ 0xc0,0x80,0x40,0x40},{ 0x8a,0x05,0x8f,0x8f}, +{ 0xad,0x3f,0x92,0x92},{ 0xbc,0x21,0x9d,0x9d},{ 0x48,0x70,0x38,0x38},{ 0x04,0xf1,0xf5,0xf5}, +{ 0xdf,0x63,0xbc,0xbc},{ 0xc1,0x77,0xb6,0xb6},{ 0x75,0xaf,0xda,0xda},{ 0x63,0x42,0x21,0x21}, +{ 0x30,0x20,0x10,0x10},{ 0x1a,0xe5,0xff,0xff},{ 0x0e,0xfd,0xf3,0xf3},{ 0x6d,0xbf,0xd2,0xd2}, +{ 0x4c,0x81,0xcd,0xcd},{ 0x14,0x18,0x0c,0x0c},{ 0x35,0x26,0x13,0x13},{ 0x2f,0xc3,0xec,0xec}, +{ 0xe1,0xbe,0x5f,0x5f},{ 0xa2,0x35,0x97,0x97},{ 0xcc,0x88,0x44,0x44},{ 0x39,0x2e,0x17,0x17}, +{ 0x57,0x93,0xc4,0xc4},{ 0xf2,0x55,0xa7,0xa7},{ 0x82,0xfc,0x7e,0x7e},{ 0x47,0x7a,0x3d,0x3d}, +{ 0xac,0xc8,0x64,0x64},{ 0xe7,0xba,0x5d,0x5d},{ 0x2b,0x32,0x19,0x19},{ 0x95,0xe6,0x73,0x73}, +{ 0xa0,0xc0,0x60,0x60},{ 0x98,0x19,0x81,0x81},{ 0xd1,0x9e,0x4f,0x4f},{ 0x7f,0xa3,0xdc,0xdc}, +{ 0x66,0x44,0x22,0x22},{ 0x7e,0x54,0x2a,0x2a},{ 0xab,0x3b,0x90,0x90},{ 0x83,0x0b,0x88,0x88}, +{ 0xca,0x8c,0x46,0x46},{ 0x29,0xc7,0xee,0xee},{ 0xd3,0x6b,0xb8,0xb8},{ 0x3c,0x28,0x14,0x14}, +{ 0x79,0xa7,0xde,0xde},{ 0xe2,0xbc,0x5e,0x5e},{ 0x1d,0x16,0x0b,0x0b},{ 0x76,0xad,0xdb,0xdb}, +{ 0x3b,0xdb,0xe0,0xe0},{ 0x56,0x64,0x32,0x32},{ 0x4e,0x74,0x3a,0x3a},{ 0x1e,0x14,0x0a,0x0a}, +{ 0xdb,0x92,0x49,0x49},{ 0x0a,0x0c,0x06,0x06},{ 0x6c,0x48,0x24,0x24},{ 0xe4,0xb8,0x5c,0x5c}, +{ 0x5d,0x9f,0xc2,0xc2},{ 0x6e,0xbd,0xd3,0xd3},{ 0xef,0x43,0xac,0xac},{ 0xa6,0xc4,0x62,0x62}, +{ 0xa8,0x39,0x91,0x91},{ 0xa4,0x31,0x95,0x95},{ 0x37,0xd3,0xe4,0xe4},{ 0x8b,0xf2,0x79,0x79}, +{ 0x32,0xd5,0xe7,0xe7},{ 0x43,0x8b,0xc8,0xc8},{ 0x59,0x6e,0x37,0x37},{ 0xb7,0xda,0x6d,0x6d}, +{ 0x8c,0x01,0x8d,0x8d},{ 0x64,0xb1,0xd5,0xd5},{ 0xd2,0x9c,0x4e,0x4e},{ 0xe0,0x49,0xa9,0xa9}, +{ 0xb4,0xd8,0x6c,0x6c},{ 0xfa,0xac,0x56,0x56},{ 0x07,0xf3,0xf4,0xf4},{ 0x25,0xcf,0xea,0xea}, +{ 0xaf,0xca,0x65,0x65},{ 0x8e,0xf4,0x7a,0x7a},{ 0xe9,0x47,0xae,0xae},{ 0x18,0x10,0x08,0x08}, +{ 0xd5,0x6f,0xba,0xba},{ 0x88,0xf0,0x78,0x78},{ 0x6f,0x4a,0x25,0x25},{ 0x72,0x5c,0x2e,0x2e}, +{ 0x24,0x38,0x1c,0x1c},{ 0xf1,0x57,0xa6,0xa6},{ 0xc7,0x73,0xb4,0xb4},{ 0x51,0x97,0xc6,0xc6}, +{ 0x23,0xcb,0xe8,0xe8},{ 0x7c,0xa1,0xdd,0xdd},{ 0x9c,0xe8,0x74,0x74},{ 0x21,0x3e,0x1f,0x1f}, +{ 0xdd,0x96,0x4b,0x4b},{ 0xdc,0x61,0xbd,0xbd},{ 0x86,0x0d,0x8b,0x8b},{ 0x85,0x0f,0x8a,0x8a}, +{ 0x90,0xe0,0x70,0x70},{ 0x42,0x7c,0x3e,0x3e},{ 0xc4,0x71,0xb5,0xb5},{ 0xaa,0xcc,0x66,0x66}, +{ 0xd8,0x90,0x48,0x48},{ 0x05,0x06,0x03,0x03},{ 0x01,0xf7,0xf6,0xf6},{ 0x12,0x1c,0x0e,0x0e}, +{ 0xa3,0xc2,0x61,0x61},{ 0x5f,0x6a,0x35,0x35},{ 0xf9,0xae,0x57,0x57},{ 0xd0,0x69,0xb9,0xb9}, +{ 0x91,0x17,0x86,0x86},{ 0x58,0x99,0xc1,0xc1},{ 0x27,0x3a,0x1d,0x1d},{ 0xb9,0x27,0x9e,0x9e}, +{ 0x38,0xd9,0xe1,0xe1},{ 0x13,0xeb,0xf8,0xf8},{ 0xb3,0x2b,0x98,0x98},{ 0x33,0x22,0x11,0x11}, +{ 0xbb,0xd2,0x69,0x69},{ 0x70,0xa9,0xd9,0xd9},{ 0x89,0x07,0x8e,0x8e},{ 0xa7,0x33,0x94,0x94}, +{ 0xb6,0x2d,0x9b,0x9b},{ 0x22,0x3c,0x1e,0x1e},{ 0x92,0x15,0x87,0x87},{ 0x20,0xc9,0xe9,0xe9}, +{ 0x49,0x87,0xce,0xce},{ 0xff,0xaa,0x55,0x55},{ 0x78,0x50,0x28,0x28},{ 0x7a,0xa5,0xdf,0xdf}, +{ 0x8f,0x03,0x8c,0x8c},{ 0xf8,0x59,0xa1,0xa1},{ 0x80,0x09,0x89,0x89},{ 0x17,0x1a,0x0d,0x0d}, +{ 0xda,0x65,0xbf,0xbf},{ 0x31,0xd7,0xe6,0xe6},{ 0xc6,0x84,0x42,0x42},{ 0xb8,0xd0,0x68,0x68}, +{ 0xc3,0x82,0x41,0x41},{ 0xb0,0x29,0x99,0x99},{ 0x77,0x5a,0x2d,0x2d},{ 0x11,0x1e,0x0f,0x0f}, +{ 0xcb,0x7b,0xb0,0xb0},{ 0xfc,0xa8,0x54,0x54},{ 0xd6,0x6d,0xbb,0xbb},{ 0x3a,0x2c,0x16,0x16 } +}; + +word8 T3[256][4] = { +{ 0x63,0xa5,0xc6,0x63},{ 0x7c,0x84,0xf8,0x7c},{ 0x77,0x99,0xee,0x77},{ 0x7b,0x8d,0xf6,0x7b}, +{ 0xf2,0x0d,0xff,0xf2},{ 0x6b,0xbd,0xd6,0x6b},{ 0x6f,0xb1,0xde,0x6f},{ 0xc5,0x54,0x91,0xc5}, +{ 0x30,0x50,0x60,0x30},{ 0x01,0x03,0x02,0x01},{ 0x67,0xa9,0xce,0x67},{ 0x2b,0x7d,0x56,0x2b}, +{ 0xfe,0x19,0xe7,0xfe},{ 0xd7,0x62,0xb5,0xd7},{ 0xab,0xe6,0x4d,0xab},{ 0x76,0x9a,0xec,0x76}, +{ 0xca,0x45,0x8f,0xca},{ 0x82,0x9d,0x1f,0x82},{ 0xc9,0x40,0x89,0xc9},{ 0x7d,0x87,0xfa,0x7d}, +{ 0xfa,0x15,0xef,0xfa},{ 0x59,0xeb,0xb2,0x59},{ 0x47,0xc9,0x8e,0x47},{ 0xf0,0x0b,0xfb,0xf0}, +{ 0xad,0xec,0x41,0xad},{ 0xd4,0x67,0xb3,0xd4},{ 0xa2,0xfd,0x5f,0xa2},{ 0xaf,0xea,0x45,0xaf}, +{ 0x9c,0xbf,0x23,0x9c},{ 0xa4,0xf7,0x53,0xa4},{ 0x72,0x96,0xe4,0x72},{ 0xc0,0x5b,0x9b,0xc0}, +{ 0xb7,0xc2,0x75,0xb7},{ 0xfd,0x1c,0xe1,0xfd},{ 0x93,0xae,0x3d,0x93},{ 0x26,0x6a,0x4c,0x26}, +{ 0x36,0x5a,0x6c,0x36},{ 0x3f,0x41,0x7e,0x3f},{ 0xf7,0x02,0xf5,0xf7},{ 0xcc,0x4f,0x83,0xcc}, +{ 0x34,0x5c,0x68,0x34},{ 0xa5,0xf4,0x51,0xa5},{ 0xe5,0x34,0xd1,0xe5},{ 0xf1,0x08,0xf9,0xf1}, +{ 0x71,0x93,0xe2,0x71},{ 0xd8,0x73,0xab,0xd8},{ 0x31,0x53,0x62,0x31},{ 0x15,0x3f,0x2a,0x15}, +{ 0x04,0x0c,0x08,0x04},{ 0xc7,0x52,0x95,0xc7},{ 0x23,0x65,0x46,0x23},{ 0xc3,0x5e,0x9d,0xc3}, +{ 0x18,0x28,0x30,0x18},{ 0x96,0xa1,0x37,0x96},{ 0x05,0x0f,0x0a,0x05},{ 0x9a,0xb5,0x2f,0x9a}, +{ 0x07,0x09,0x0e,0x07},{ 0x12,0x36,0x24,0x12},{ 0x80,0x9b,0x1b,0x80},{ 0xe2,0x3d,0xdf,0xe2}, +{ 0xeb,0x26,0xcd,0xeb},{ 0x27,0x69,0x4e,0x27},{ 0xb2,0xcd,0x7f,0xb2},{ 0x75,0x9f,0xea,0x75}, +{ 0x09,0x1b,0x12,0x09},{ 0x83,0x9e,0x1d,0x83},{ 0x2c,0x74,0x58,0x2c},{ 0x1a,0x2e,0x34,0x1a}, +{ 0x1b,0x2d,0x36,0x1b},{ 0x6e,0xb2,0xdc,0x6e},{ 0x5a,0xee,0xb4,0x5a},{ 0xa0,0xfb,0x5b,0xa0}, +{ 0x52,0xf6,0xa4,0x52},{ 0x3b,0x4d,0x76,0x3b},{ 0xd6,0x61,0xb7,0xd6},{ 0xb3,0xce,0x7d,0xb3}, +{ 0x29,0x7b,0x52,0x29},{ 0xe3,0x3e,0xdd,0xe3},{ 0x2f,0x71,0x5e,0x2f},{ 0x84,0x97,0x13,0x84}, +{ 0x53,0xf5,0xa6,0x53},{ 0xd1,0x68,0xb9,0xd1},{ 0x00,0x00,0x00,0x00},{ 0xed,0x2c,0xc1,0xed}, +{ 0x20,0x60,0x40,0x20},{ 0xfc,0x1f,0xe3,0xfc},{ 0xb1,0xc8,0x79,0xb1},{ 0x5b,0xed,0xb6,0x5b}, +{ 0x6a,0xbe,0xd4,0x6a},{ 0xcb,0x46,0x8d,0xcb},{ 0xbe,0xd9,0x67,0xbe},{ 0x39,0x4b,0x72,0x39}, +{ 0x4a,0xde,0x94,0x4a},{ 0x4c,0xd4,0x98,0x4c},{ 0x58,0xe8,0xb0,0x58},{ 0xcf,0x4a,0x85,0xcf}, +{ 0xd0,0x6b,0xbb,0xd0},{ 0xef,0x2a,0xc5,0xef},{ 0xaa,0xe5,0x4f,0xaa},{ 0xfb,0x16,0xed,0xfb}, +{ 0x43,0xc5,0x86,0x43},{ 0x4d,0xd7,0x9a,0x4d},{ 0x33,0x55,0x66,0x33},{ 0x85,0x94,0x11,0x85}, +{ 0x45,0xcf,0x8a,0x45},{ 0xf9,0x10,0xe9,0xf9},{ 0x02,0x06,0x04,0x02},{ 0x7f,0x81,0xfe,0x7f}, +{ 0x50,0xf0,0xa0,0x50},{ 0x3c,0x44,0x78,0x3c},{ 0x9f,0xba,0x25,0x9f},{ 0xa8,0xe3,0x4b,0xa8}, +{ 0x51,0xf3,0xa2,0x51},{ 0xa3,0xfe,0x5d,0xa3},{ 0x40,0xc0,0x80,0x40},{ 0x8f,0x8a,0x05,0x8f}, +{ 0x92,0xad,0x3f,0x92},{ 0x9d,0xbc,0x21,0x9d},{ 0x38,0x48,0x70,0x38},{ 0xf5,0x04,0xf1,0xf5}, +{ 0xbc,0xdf,0x63,0xbc},{ 0xb6,0xc1,0x77,0xb6},{ 0xda,0x75,0xaf,0xda},{ 0x21,0x63,0x42,0x21}, +{ 0x10,0x30,0x20,0x10},{ 0xff,0x1a,0xe5,0xff},{ 0xf3,0x0e,0xfd,0xf3},{ 0xd2,0x6d,0xbf,0xd2}, +{ 0xcd,0x4c,0x81,0xcd},{ 0x0c,0x14,0x18,0x0c},{ 0x13,0x35,0x26,0x13},{ 0xec,0x2f,0xc3,0xec}, +{ 0x5f,0xe1,0xbe,0x5f},{ 0x97,0xa2,0x35,0x97},{ 0x44,0xcc,0x88,0x44},{ 0x17,0x39,0x2e,0x17}, +{ 0xc4,0x57,0x93,0xc4},{ 0xa7,0xf2,0x55,0xa7},{ 0x7e,0x82,0xfc,0x7e},{ 0x3d,0x47,0x7a,0x3d}, +{ 0x64,0xac,0xc8,0x64},{ 0x5d,0xe7,0xba,0x5d},{ 0x19,0x2b,0x32,0x19},{ 0x73,0x95,0xe6,0x73}, +{ 0x60,0xa0,0xc0,0x60},{ 0x81,0x98,0x19,0x81},{ 0x4f,0xd1,0x9e,0x4f},{ 0xdc,0x7f,0xa3,0xdc}, +{ 0x22,0x66,0x44,0x22},{ 0x2a,0x7e,0x54,0x2a},{ 0x90,0xab,0x3b,0x90},{ 0x88,0x83,0x0b,0x88}, +{ 0x46,0xca,0x8c,0x46},{ 0xee,0x29,0xc7,0xee},{ 0xb8,0xd3,0x6b,0xb8},{ 0x14,0x3c,0x28,0x14}, +{ 0xde,0x79,0xa7,0xde},{ 0x5e,0xe2,0xbc,0x5e},{ 0x0b,0x1d,0x16,0x0b},{ 0xdb,0x76,0xad,0xdb}, +{ 0xe0,0x3b,0xdb,0xe0},{ 0x32,0x56,0x64,0x32},{ 0x3a,0x4e,0x74,0x3a},{ 0x0a,0x1e,0x14,0x0a}, +{ 0x49,0xdb,0x92,0x49},{ 0x06,0x0a,0x0c,0x06},{ 0x24,0x6c,0x48,0x24},{ 0x5c,0xe4,0xb8,0x5c}, +{ 0xc2,0x5d,0x9f,0xc2},{ 0xd3,0x6e,0xbd,0xd3},{ 0xac,0xef,0x43,0xac},{ 0x62,0xa6,0xc4,0x62}, +{ 0x91,0xa8,0x39,0x91},{ 0x95,0xa4,0x31,0x95},{ 0xe4,0x37,0xd3,0xe4},{ 0x79,0x8b,0xf2,0x79}, +{ 0xe7,0x32,0xd5,0xe7},{ 0xc8,0x43,0x8b,0xc8},{ 0x37,0x59,0x6e,0x37},{ 0x6d,0xb7,0xda,0x6d}, +{ 0x8d,0x8c,0x01,0x8d},{ 0xd5,0x64,0xb1,0xd5},{ 0x4e,0xd2,0x9c,0x4e},{ 0xa9,0xe0,0x49,0xa9}, +{ 0x6c,0xb4,0xd8,0x6c},{ 0x56,0xfa,0xac,0x56},{ 0xf4,0x07,0xf3,0xf4},{ 0xea,0x25,0xcf,0xea}, +{ 0x65,0xaf,0xca,0x65},{ 0x7a,0x8e,0xf4,0x7a},{ 0xae,0xe9,0x47,0xae},{ 0x08,0x18,0x10,0x08}, +{ 0xba,0xd5,0x6f,0xba},{ 0x78,0x88,0xf0,0x78},{ 0x25,0x6f,0x4a,0x25},{ 0x2e,0x72,0x5c,0x2e}, +{ 0x1c,0x24,0x38,0x1c},{ 0xa6,0xf1,0x57,0xa6},{ 0xb4,0xc7,0x73,0xb4},{ 0xc6,0x51,0x97,0xc6}, +{ 0xe8,0x23,0xcb,0xe8},{ 0xdd,0x7c,0xa1,0xdd},{ 0x74,0x9c,0xe8,0x74},{ 0x1f,0x21,0x3e,0x1f}, +{ 0x4b,0xdd,0x96,0x4b},{ 0xbd,0xdc,0x61,0xbd},{ 0x8b,0x86,0x0d,0x8b},{ 0x8a,0x85,0x0f,0x8a}, +{ 0x70,0x90,0xe0,0x70},{ 0x3e,0x42,0x7c,0x3e},{ 0xb5,0xc4,0x71,0xb5},{ 0x66,0xaa,0xcc,0x66}, +{ 0x48,0xd8,0x90,0x48},{ 0x03,0x05,0x06,0x03},{ 0xf6,0x01,0xf7,0xf6},{ 0x0e,0x12,0x1c,0x0e}, +{ 0x61,0xa3,0xc2,0x61},{ 0x35,0x5f,0x6a,0x35},{ 0x57,0xf9,0xae,0x57},{ 0xb9,0xd0,0x69,0xb9}, +{ 0x86,0x91,0x17,0x86},{ 0xc1,0x58,0x99,0xc1},{ 0x1d,0x27,0x3a,0x1d},{ 0x9e,0xb9,0x27,0x9e}, +{ 0xe1,0x38,0xd9,0xe1},{ 0xf8,0x13,0xeb,0xf8},{ 0x98,0xb3,0x2b,0x98},{ 0x11,0x33,0x22,0x11}, +{ 0x69,0xbb,0xd2,0x69},{ 0xd9,0x70,0xa9,0xd9},{ 0x8e,0x89,0x07,0x8e},{ 0x94,0xa7,0x33,0x94}, +{ 0x9b,0xb6,0x2d,0x9b},{ 0x1e,0x22,0x3c,0x1e},{ 0x87,0x92,0x15,0x87},{ 0xe9,0x20,0xc9,0xe9}, +{ 0xce,0x49,0x87,0xce},{ 0x55,0xff,0xaa,0x55},{ 0x28,0x78,0x50,0x28},{ 0xdf,0x7a,0xa5,0xdf}, +{ 0x8c,0x8f,0x03,0x8c},{ 0xa1,0xf8,0x59,0xa1},{ 0x89,0x80,0x09,0x89},{ 0x0d,0x17,0x1a,0x0d}, +{ 0xbf,0xda,0x65,0xbf},{ 0xe6,0x31,0xd7,0xe6},{ 0x42,0xc6,0x84,0x42},{ 0x68,0xb8,0xd0,0x68}, +{ 0x41,0xc3,0x82,0x41},{ 0x99,0xb0,0x29,0x99},{ 0x2d,0x77,0x5a,0x2d},{ 0x0f,0x11,0x1e,0x0f}, +{ 0xb0,0xcb,0x7b,0xb0},{ 0x54,0xfc,0xa8,0x54},{ 0xbb,0xd6,0x6d,0xbb},{ 0x16,0x3a,0x2c,0x16 } +}; + +word8 T4[256][4] = { +{ 0x63,0x63,0xa5,0xc6},{ 0x7c,0x7c,0x84,0xf8},{ 0x77,0x77,0x99,0xee},{ 0x7b,0x7b,0x8d,0xf6}, +{ 0xf2,0xf2,0x0d,0xff},{ 0x6b,0x6b,0xbd,0xd6},{ 0x6f,0x6f,0xb1,0xde},{ 0xc5,0xc5,0x54,0x91}, +{ 0x30,0x30,0x50,0x60},{ 0x01,0x01,0x03,0x02},{ 0x67,0x67,0xa9,0xce},{ 0x2b,0x2b,0x7d,0x56}, +{ 0xfe,0xfe,0x19,0xe7},{ 0xd7,0xd7,0x62,0xb5},{ 0xab,0xab,0xe6,0x4d},{ 0x76,0x76,0x9a,0xec}, +{ 0xca,0xca,0x45,0x8f},{ 0x82,0x82,0x9d,0x1f},{ 0xc9,0xc9,0x40,0x89},{ 0x7d,0x7d,0x87,0xfa}, +{ 0xfa,0xfa,0x15,0xef},{ 0x59,0x59,0xeb,0xb2},{ 0x47,0x47,0xc9,0x8e},{ 0xf0,0xf0,0x0b,0xfb}, +{ 0xad,0xad,0xec,0x41},{ 0xd4,0xd4,0x67,0xb3},{ 0xa2,0xa2,0xfd,0x5f},{ 0xaf,0xaf,0xea,0x45}, +{ 0x9c,0x9c,0xbf,0x23},{ 0xa4,0xa4,0xf7,0x53},{ 0x72,0x72,0x96,0xe4},{ 0xc0,0xc0,0x5b,0x9b}, +{ 0xb7,0xb7,0xc2,0x75},{ 0xfd,0xfd,0x1c,0xe1},{ 0x93,0x93,0xae,0x3d},{ 0x26,0x26,0x6a,0x4c}, +{ 0x36,0x36,0x5a,0x6c},{ 0x3f,0x3f,0x41,0x7e},{ 0xf7,0xf7,0x02,0xf5},{ 0xcc,0xcc,0x4f,0x83}, +{ 0x34,0x34,0x5c,0x68},{ 0xa5,0xa5,0xf4,0x51},{ 0xe5,0xe5,0x34,0xd1},{ 0xf1,0xf1,0x08,0xf9}, +{ 0x71,0x71,0x93,0xe2},{ 0xd8,0xd8,0x73,0xab},{ 0x31,0x31,0x53,0x62},{ 0x15,0x15,0x3f,0x2a}, +{ 0x04,0x04,0x0c,0x08},{ 0xc7,0xc7,0x52,0x95},{ 0x23,0x23,0x65,0x46},{ 0xc3,0xc3,0x5e,0x9d}, +{ 0x18,0x18,0x28,0x30},{ 0x96,0x96,0xa1,0x37},{ 0x05,0x05,0x0f,0x0a},{ 0x9a,0x9a,0xb5,0x2f}, +{ 0x07,0x07,0x09,0x0e},{ 0x12,0x12,0x36,0x24},{ 0x80,0x80,0x9b,0x1b},{ 0xe2,0xe2,0x3d,0xdf}, +{ 0xeb,0xeb,0x26,0xcd},{ 0x27,0x27,0x69,0x4e},{ 0xb2,0xb2,0xcd,0x7f},{ 0x75,0x75,0x9f,0xea}, +{ 0x09,0x09,0x1b,0x12},{ 0x83,0x83,0x9e,0x1d},{ 0x2c,0x2c,0x74,0x58},{ 0x1a,0x1a,0x2e,0x34}, +{ 0x1b,0x1b,0x2d,0x36},{ 0x6e,0x6e,0xb2,0xdc},{ 0x5a,0x5a,0xee,0xb4},{ 0xa0,0xa0,0xfb,0x5b}, +{ 0x52,0x52,0xf6,0xa4},{ 0x3b,0x3b,0x4d,0x76},{ 0xd6,0xd6,0x61,0xb7},{ 0xb3,0xb3,0xce,0x7d}, +{ 0x29,0x29,0x7b,0x52},{ 0xe3,0xe3,0x3e,0xdd},{ 0x2f,0x2f,0x71,0x5e},{ 0x84,0x84,0x97,0x13}, +{ 0x53,0x53,0xf5,0xa6},{ 0xd1,0xd1,0x68,0xb9},{ 0x00,0x00,0x00,0x00},{ 0xed,0xed,0x2c,0xc1}, +{ 0x20,0x20,0x60,0x40},{ 0xfc,0xfc,0x1f,0xe3},{ 0xb1,0xb1,0xc8,0x79},{ 0x5b,0x5b,0xed,0xb6}, +{ 0x6a,0x6a,0xbe,0xd4},{ 0xcb,0xcb,0x46,0x8d},{ 0xbe,0xbe,0xd9,0x67},{ 0x39,0x39,0x4b,0x72}, +{ 0x4a,0x4a,0xde,0x94},{ 0x4c,0x4c,0xd4,0x98},{ 0x58,0x58,0xe8,0xb0},{ 0xcf,0xcf,0x4a,0x85}, +{ 0xd0,0xd0,0x6b,0xbb},{ 0xef,0xef,0x2a,0xc5},{ 0xaa,0xaa,0xe5,0x4f},{ 0xfb,0xfb,0x16,0xed}, +{ 0x43,0x43,0xc5,0x86},{ 0x4d,0x4d,0xd7,0x9a},{ 0x33,0x33,0x55,0x66},{ 0x85,0x85,0x94,0x11}, +{ 0x45,0x45,0xcf,0x8a},{ 0xf9,0xf9,0x10,0xe9},{ 0x02,0x02,0x06,0x04},{ 0x7f,0x7f,0x81,0xfe}, +{ 0x50,0x50,0xf0,0xa0},{ 0x3c,0x3c,0x44,0x78},{ 0x9f,0x9f,0xba,0x25},{ 0xa8,0xa8,0xe3,0x4b}, +{ 0x51,0x51,0xf3,0xa2},{ 0xa3,0xa3,0xfe,0x5d},{ 0x40,0x40,0xc0,0x80},{ 0x8f,0x8f,0x8a,0x05}, +{ 0x92,0x92,0xad,0x3f},{ 0x9d,0x9d,0xbc,0x21},{ 0x38,0x38,0x48,0x70},{ 0xf5,0xf5,0x04,0xf1}, +{ 0xbc,0xbc,0xdf,0x63},{ 0xb6,0xb6,0xc1,0x77},{ 0xda,0xda,0x75,0xaf},{ 0x21,0x21,0x63,0x42}, +{ 0x10,0x10,0x30,0x20},{ 0xff,0xff,0x1a,0xe5},{ 0xf3,0xf3,0x0e,0xfd},{ 0xd2,0xd2,0x6d,0xbf}, +{ 0xcd,0xcd,0x4c,0x81},{ 0x0c,0x0c,0x14,0x18},{ 0x13,0x13,0x35,0x26},{ 0xec,0xec,0x2f,0xc3}, +{ 0x5f,0x5f,0xe1,0xbe},{ 0x97,0x97,0xa2,0x35},{ 0x44,0x44,0xcc,0x88},{ 0x17,0x17,0x39,0x2e}, +{ 0xc4,0xc4,0x57,0x93},{ 0xa7,0xa7,0xf2,0x55},{ 0x7e,0x7e,0x82,0xfc},{ 0x3d,0x3d,0x47,0x7a}, +{ 0x64,0x64,0xac,0xc8},{ 0x5d,0x5d,0xe7,0xba},{ 0x19,0x19,0x2b,0x32},{ 0x73,0x73,0x95,0xe6}, +{ 0x60,0x60,0xa0,0xc0},{ 0x81,0x81,0x98,0x19},{ 0x4f,0x4f,0xd1,0x9e},{ 0xdc,0xdc,0x7f,0xa3}, +{ 0x22,0x22,0x66,0x44},{ 0x2a,0x2a,0x7e,0x54},{ 0x90,0x90,0xab,0x3b},{ 0x88,0x88,0x83,0x0b}, +{ 0x46,0x46,0xca,0x8c},{ 0xee,0xee,0x29,0xc7},{ 0xb8,0xb8,0xd3,0x6b},{ 0x14,0x14,0x3c,0x28}, +{ 0xde,0xde,0x79,0xa7},{ 0x5e,0x5e,0xe2,0xbc},{ 0x0b,0x0b,0x1d,0x16},{ 0xdb,0xdb,0x76,0xad}, +{ 0xe0,0xe0,0x3b,0xdb},{ 0x32,0x32,0x56,0x64},{ 0x3a,0x3a,0x4e,0x74},{ 0x0a,0x0a,0x1e,0x14}, +{ 0x49,0x49,0xdb,0x92},{ 0x06,0x06,0x0a,0x0c},{ 0x24,0x24,0x6c,0x48},{ 0x5c,0x5c,0xe4,0xb8}, +{ 0xc2,0xc2,0x5d,0x9f},{ 0xd3,0xd3,0x6e,0xbd},{ 0xac,0xac,0xef,0x43},{ 0x62,0x62,0xa6,0xc4}, +{ 0x91,0x91,0xa8,0x39},{ 0x95,0x95,0xa4,0x31},{ 0xe4,0xe4,0x37,0xd3},{ 0x79,0x79,0x8b,0xf2}, +{ 0xe7,0xe7,0x32,0xd5},{ 0xc8,0xc8,0x43,0x8b},{ 0x37,0x37,0x59,0x6e},{ 0x6d,0x6d,0xb7,0xda}, +{ 0x8d,0x8d,0x8c,0x01},{ 0xd5,0xd5,0x64,0xb1},{ 0x4e,0x4e,0xd2,0x9c},{ 0xa9,0xa9,0xe0,0x49}, +{ 0x6c,0x6c,0xb4,0xd8},{ 0x56,0x56,0xfa,0xac},{ 0xf4,0xf4,0x07,0xf3},{ 0xea,0xea,0x25,0xcf}, +{ 0x65,0x65,0xaf,0xca},{ 0x7a,0x7a,0x8e,0xf4},{ 0xae,0xae,0xe9,0x47},{ 0x08,0x08,0x18,0x10}, +{ 0xba,0xba,0xd5,0x6f},{ 0x78,0x78,0x88,0xf0},{ 0x25,0x25,0x6f,0x4a},{ 0x2e,0x2e,0x72,0x5c}, +{ 0x1c,0x1c,0x24,0x38},{ 0xa6,0xa6,0xf1,0x57},{ 0xb4,0xb4,0xc7,0x73},{ 0xc6,0xc6,0x51,0x97}, +{ 0xe8,0xe8,0x23,0xcb},{ 0xdd,0xdd,0x7c,0xa1},{ 0x74,0x74,0x9c,0xe8},{ 0x1f,0x1f,0x21,0x3e}, +{ 0x4b,0x4b,0xdd,0x96},{ 0xbd,0xbd,0xdc,0x61},{ 0x8b,0x8b,0x86,0x0d},{ 0x8a,0x8a,0x85,0x0f}, +{ 0x70,0x70,0x90,0xe0},{ 0x3e,0x3e,0x42,0x7c},{ 0xb5,0xb5,0xc4,0x71},{ 0x66,0x66,0xaa,0xcc}, +{ 0x48,0x48,0xd8,0x90},{ 0x03,0x03,0x05,0x06},{ 0xf6,0xf6,0x01,0xf7},{ 0x0e,0x0e,0x12,0x1c}, +{ 0x61,0x61,0xa3,0xc2},{ 0x35,0x35,0x5f,0x6a},{ 0x57,0x57,0xf9,0xae},{ 0xb9,0xb9,0xd0,0x69}, +{ 0x86,0x86,0x91,0x17},{ 0xc1,0xc1,0x58,0x99},{ 0x1d,0x1d,0x27,0x3a},{ 0x9e,0x9e,0xb9,0x27}, +{ 0xe1,0xe1,0x38,0xd9},{ 0xf8,0xf8,0x13,0xeb},{ 0x98,0x98,0xb3,0x2b},{ 0x11,0x11,0x33,0x22}, +{ 0x69,0x69,0xbb,0xd2},{ 0xd9,0xd9,0x70,0xa9},{ 0x8e,0x8e,0x89,0x07},{ 0x94,0x94,0xa7,0x33}, +{ 0x9b,0x9b,0xb6,0x2d},{ 0x1e,0x1e,0x22,0x3c},{ 0x87,0x87,0x92,0x15},{ 0xe9,0xe9,0x20,0xc9}, +{ 0xce,0xce,0x49,0x87},{ 0x55,0x55,0xff,0xaa},{ 0x28,0x28,0x78,0x50},{ 0xdf,0xdf,0x7a,0xa5}, +{ 0x8c,0x8c,0x8f,0x03},{ 0xa1,0xa1,0xf8,0x59},{ 0x89,0x89,0x80,0x09},{ 0x0d,0x0d,0x17,0x1a}, +{ 0xbf,0xbf,0xda,0x65},{ 0xe6,0xe6,0x31,0xd7},{ 0x42,0x42,0xc6,0x84},{ 0x68,0x68,0xb8,0xd0}, +{ 0x41,0x41,0xc3,0x82},{ 0x99,0x99,0xb0,0x29},{ 0x2d,0x2d,0x77,0x5a},{ 0x0f,0x0f,0x11,0x1e}, +{ 0xb0,0xb0,0xcb,0x7b},{ 0x54,0x54,0xfc,0xa8},{ 0xbb,0xbb,0xd6,0x6d},{ 0x16,0x16,0x3a,0x2c } +}; + +word8 T5[256][4] = { +{ 0x51,0xf4,0xa7,0x50},{ 0x7e,0x41,0x65,0x53},{ 0x1a,0x17,0xa4,0xc3},{ 0x3a,0x27,0x5e,0x96}, +{ 0x3b,0xab,0x6b,0xcb},{ 0x1f,0x9d,0x45,0xf1},{ 0xac,0xfa,0x58,0xab},{ 0x4b,0xe3,0x03,0x93}, +{ 0x20,0x30,0xfa,0x55},{ 0xad,0x76,0x6d,0xf6},{ 0x88,0xcc,0x76,0x91},{ 0xf5,0x02,0x4c,0x25}, +{ 0x4f,0xe5,0xd7,0xfc},{ 0xc5,0x2a,0xcb,0xd7},{ 0x26,0x35,0x44,0x80},{ 0xb5,0x62,0xa3,0x8f}, +{ 0xde,0xb1,0x5a,0x49},{ 0x25,0xba,0x1b,0x67},{ 0x45,0xea,0x0e,0x98},{ 0x5d,0xfe,0xc0,0xe1}, +{ 0xc3,0x2f,0x75,0x02},{ 0x81,0x4c,0xf0,0x12},{ 0x8d,0x46,0x97,0xa3},{ 0x6b,0xd3,0xf9,0xc6}, +{ 0x03,0x8f,0x5f,0xe7},{ 0x15,0x92,0x9c,0x95},{ 0xbf,0x6d,0x7a,0xeb},{ 0x95,0x52,0x59,0xda}, +{ 0xd4,0xbe,0x83,0x2d},{ 0x58,0x74,0x21,0xd3},{ 0x49,0xe0,0x69,0x29},{ 0x8e,0xc9,0xc8,0x44}, +{ 0x75,0xc2,0x89,0x6a},{ 0xf4,0x8e,0x79,0x78},{ 0x99,0x58,0x3e,0x6b},{ 0x27,0xb9,0x71,0xdd}, +{ 0xbe,0xe1,0x4f,0xb6},{ 0xf0,0x88,0xad,0x17},{ 0xc9,0x20,0xac,0x66},{ 0x7d,0xce,0x3a,0xb4}, +{ 0x63,0xdf,0x4a,0x18},{ 0xe5,0x1a,0x31,0x82},{ 0x97,0x51,0x33,0x60},{ 0x62,0x53,0x7f,0x45}, +{ 0xb1,0x64,0x77,0xe0},{ 0xbb,0x6b,0xae,0x84},{ 0xfe,0x81,0xa0,0x1c},{ 0xf9,0x08,0x2b,0x94}, +{ 0x70,0x48,0x68,0x58},{ 0x8f,0x45,0xfd,0x19},{ 0x94,0xde,0x6c,0x87},{ 0x52,0x7b,0xf8,0xb7}, +{ 0xab,0x73,0xd3,0x23},{ 0x72,0x4b,0x02,0xe2},{ 0xe3,0x1f,0x8f,0x57},{ 0x66,0x55,0xab,0x2a}, +{ 0xb2,0xeb,0x28,0x07},{ 0x2f,0xb5,0xc2,0x03},{ 0x86,0xc5,0x7b,0x9a},{ 0xd3,0x37,0x08,0xa5}, +{ 0x30,0x28,0x87,0xf2},{ 0x23,0xbf,0xa5,0xb2},{ 0x02,0x03,0x6a,0xba},{ 0xed,0x16,0x82,0x5c}, +{ 0x8a,0xcf,0x1c,0x2b},{ 0xa7,0x79,0xb4,0x92},{ 0xf3,0x07,0xf2,0xf0},{ 0x4e,0x69,0xe2,0xa1}, +{ 0x65,0xda,0xf4,0xcd},{ 0x06,0x05,0xbe,0xd5},{ 0xd1,0x34,0x62,0x1f},{ 0xc4,0xa6,0xfe,0x8a}, +{ 0x34,0x2e,0x53,0x9d},{ 0xa2,0xf3,0x55,0xa0},{ 0x05,0x8a,0xe1,0x32},{ 0xa4,0xf6,0xeb,0x75}, +{ 0x0b,0x83,0xec,0x39},{ 0x40,0x60,0xef,0xaa},{ 0x5e,0x71,0x9f,0x06},{ 0xbd,0x6e,0x10,0x51}, +{ 0x3e,0x21,0x8a,0xf9},{ 0x96,0xdd,0x06,0x3d},{ 0xdd,0x3e,0x05,0xae},{ 0x4d,0xe6,0xbd,0x46}, +{ 0x91,0x54,0x8d,0xb5},{ 0x71,0xc4,0x5d,0x05},{ 0x04,0x06,0xd4,0x6f},{ 0x60,0x50,0x15,0xff}, +{ 0x19,0x98,0xfb,0x24},{ 0xd6,0xbd,0xe9,0x97},{ 0x89,0x40,0x43,0xcc},{ 0x67,0xd9,0x9e,0x77}, +{ 0xb0,0xe8,0x42,0xbd},{ 0x07,0x89,0x8b,0x88},{ 0xe7,0x19,0x5b,0x38},{ 0x79,0xc8,0xee,0xdb}, +{ 0xa1,0x7c,0x0a,0x47},{ 0x7c,0x42,0x0f,0xe9},{ 0xf8,0x84,0x1e,0xc9},{ 0x00,0x00,0x00,0x00}, +{ 0x09,0x80,0x86,0x83},{ 0x32,0x2b,0xed,0x48},{ 0x1e,0x11,0x70,0xac},{ 0x6c,0x5a,0x72,0x4e}, +{ 0xfd,0x0e,0xff,0xfb},{ 0x0f,0x85,0x38,0x56},{ 0x3d,0xae,0xd5,0x1e},{ 0x36,0x2d,0x39,0x27}, +{ 0x0a,0x0f,0xd9,0x64},{ 0x68,0x5c,0xa6,0x21},{ 0x9b,0x5b,0x54,0xd1},{ 0x24,0x36,0x2e,0x3a}, +{ 0x0c,0x0a,0x67,0xb1},{ 0x93,0x57,0xe7,0x0f},{ 0xb4,0xee,0x96,0xd2},{ 0x1b,0x9b,0x91,0x9e}, +{ 0x80,0xc0,0xc5,0x4f},{ 0x61,0xdc,0x20,0xa2},{ 0x5a,0x77,0x4b,0x69},{ 0x1c,0x12,0x1a,0x16}, +{ 0xe2,0x93,0xba,0x0a},{ 0xc0,0xa0,0x2a,0xe5},{ 0x3c,0x22,0xe0,0x43},{ 0x12,0x1b,0x17,0x1d}, +{ 0x0e,0x09,0x0d,0x0b},{ 0xf2,0x8b,0xc7,0xad},{ 0x2d,0xb6,0xa8,0xb9},{ 0x14,0x1e,0xa9,0xc8}, +{ 0x57,0xf1,0x19,0x85},{ 0xaf,0x75,0x07,0x4c},{ 0xee,0x99,0xdd,0xbb},{ 0xa3,0x7f,0x60,0xfd}, +{ 0xf7,0x01,0x26,0x9f},{ 0x5c,0x72,0xf5,0xbc},{ 0x44,0x66,0x3b,0xc5},{ 0x5b,0xfb,0x7e,0x34}, +{ 0x8b,0x43,0x29,0x76},{ 0xcb,0x23,0xc6,0xdc},{ 0xb6,0xed,0xfc,0x68},{ 0xb8,0xe4,0xf1,0x63}, +{ 0xd7,0x31,0xdc,0xca},{ 0x42,0x63,0x85,0x10},{ 0x13,0x97,0x22,0x40},{ 0x84,0xc6,0x11,0x20}, +{ 0x85,0x4a,0x24,0x7d},{ 0xd2,0xbb,0x3d,0xf8},{ 0xae,0xf9,0x32,0x11},{ 0xc7,0x29,0xa1,0x6d}, +{ 0x1d,0x9e,0x2f,0x4b},{ 0xdc,0xb2,0x30,0xf3},{ 0x0d,0x86,0x52,0xec},{ 0x77,0xc1,0xe3,0xd0}, +{ 0x2b,0xb3,0x16,0x6c},{ 0xa9,0x70,0xb9,0x99},{ 0x11,0x94,0x48,0xfa},{ 0x47,0xe9,0x64,0x22}, +{ 0xa8,0xfc,0x8c,0xc4},{ 0xa0,0xf0,0x3f,0x1a},{ 0x56,0x7d,0x2c,0xd8},{ 0x22,0x33,0x90,0xef}, +{ 0x87,0x49,0x4e,0xc7},{ 0xd9,0x38,0xd1,0xc1},{ 0x8c,0xca,0xa2,0xfe},{ 0x98,0xd4,0x0b,0x36}, +{ 0xa6,0xf5,0x81,0xcf},{ 0xa5,0x7a,0xde,0x28},{ 0xda,0xb7,0x8e,0x26},{ 0x3f,0xad,0xbf,0xa4}, +{ 0x2c,0x3a,0x9d,0xe4},{ 0x50,0x78,0x92,0x0d},{ 0x6a,0x5f,0xcc,0x9b},{ 0x54,0x7e,0x46,0x62}, +{ 0xf6,0x8d,0x13,0xc2},{ 0x90,0xd8,0xb8,0xe8},{ 0x2e,0x39,0xf7,0x5e},{ 0x82,0xc3,0xaf,0xf5}, +{ 0x9f,0x5d,0x80,0xbe},{ 0x69,0xd0,0x93,0x7c},{ 0x6f,0xd5,0x2d,0xa9},{ 0xcf,0x25,0x12,0xb3}, +{ 0xc8,0xac,0x99,0x3b},{ 0x10,0x18,0x7d,0xa7},{ 0xe8,0x9c,0x63,0x6e},{ 0xdb,0x3b,0xbb,0x7b}, +{ 0xcd,0x26,0x78,0x09},{ 0x6e,0x59,0x18,0xf4},{ 0xec,0x9a,0xb7,0x01},{ 0x83,0x4f,0x9a,0xa8}, +{ 0xe6,0x95,0x6e,0x65},{ 0xaa,0xff,0xe6,0x7e},{ 0x21,0xbc,0xcf,0x08},{ 0xef,0x15,0xe8,0xe6}, +{ 0xba,0xe7,0x9b,0xd9},{ 0x4a,0x6f,0x36,0xce},{ 0xea,0x9f,0x09,0xd4},{ 0x29,0xb0,0x7c,0xd6}, +{ 0x31,0xa4,0xb2,0xaf},{ 0x2a,0x3f,0x23,0x31},{ 0xc6,0xa5,0x94,0x30},{ 0x35,0xa2,0x66,0xc0}, +{ 0x74,0x4e,0xbc,0x37},{ 0xfc,0x82,0xca,0xa6},{ 0xe0,0x90,0xd0,0xb0},{ 0x33,0xa7,0xd8,0x15}, +{ 0xf1,0x04,0x98,0x4a},{ 0x41,0xec,0xda,0xf7},{ 0x7f,0xcd,0x50,0x0e},{ 0x17,0x91,0xf6,0x2f}, +{ 0x76,0x4d,0xd6,0x8d},{ 0x43,0xef,0xb0,0x4d},{ 0xcc,0xaa,0x4d,0x54},{ 0xe4,0x96,0x04,0xdf}, +{ 0x9e,0xd1,0xb5,0xe3},{ 0x4c,0x6a,0x88,0x1b},{ 0xc1,0x2c,0x1f,0xb8},{ 0x46,0x65,0x51,0x7f}, +{ 0x9d,0x5e,0xea,0x04},{ 0x01,0x8c,0x35,0x5d},{ 0xfa,0x87,0x74,0x73},{ 0xfb,0x0b,0x41,0x2e}, +{ 0xb3,0x67,0x1d,0x5a},{ 0x92,0xdb,0xd2,0x52},{ 0xe9,0x10,0x56,0x33},{ 0x6d,0xd6,0x47,0x13}, +{ 0x9a,0xd7,0x61,0x8c},{ 0x37,0xa1,0x0c,0x7a},{ 0x59,0xf8,0x14,0x8e},{ 0xeb,0x13,0x3c,0x89}, +{ 0xce,0xa9,0x27,0xee},{ 0xb7,0x61,0xc9,0x35},{ 0xe1,0x1c,0xe5,0xed},{ 0x7a,0x47,0xb1,0x3c}, +{ 0x9c,0xd2,0xdf,0x59},{ 0x55,0xf2,0x73,0x3f},{ 0x18,0x14,0xce,0x79},{ 0x73,0xc7,0x37,0xbf}, +{ 0x53,0xf7,0xcd,0xea},{ 0x5f,0xfd,0xaa,0x5b},{ 0xdf,0x3d,0x6f,0x14},{ 0x78,0x44,0xdb,0x86}, +{ 0xca,0xaf,0xf3,0x81},{ 0xb9,0x68,0xc4,0x3e},{ 0x38,0x24,0x34,0x2c},{ 0xc2,0xa3,0x40,0x5f}, +{ 0x16,0x1d,0xc3,0x72},{ 0xbc,0xe2,0x25,0x0c},{ 0x28,0x3c,0x49,0x8b},{ 0xff,0x0d,0x95,0x41}, +{ 0x39,0xa8,0x01,0x71},{ 0x08,0x0c,0xb3,0xde},{ 0xd8,0xb4,0xe4,0x9c},{ 0x64,0x56,0xc1,0x90}, +{ 0x7b,0xcb,0x84,0x61},{ 0xd5,0x32,0xb6,0x70},{ 0x48,0x6c,0x5c,0x74},{ 0xd0,0xb8,0x57,0x42 } +}; + +word8 T6[256][4] = { +{ 0x50,0x51,0xf4,0xa7},{ 0x53,0x7e,0x41,0x65},{ 0xc3,0x1a,0x17,0xa4},{ 0x96,0x3a,0x27,0x5e}, +{ 0xcb,0x3b,0xab,0x6b},{ 0xf1,0x1f,0x9d,0x45},{ 0xab,0xac,0xfa,0x58},{ 0x93,0x4b,0xe3,0x03}, +{ 0x55,0x20,0x30,0xfa},{ 0xf6,0xad,0x76,0x6d},{ 0x91,0x88,0xcc,0x76},{ 0x25,0xf5,0x02,0x4c}, +{ 0xfc,0x4f,0xe5,0xd7},{ 0xd7,0xc5,0x2a,0xcb},{ 0x80,0x26,0x35,0x44},{ 0x8f,0xb5,0x62,0xa3}, +{ 0x49,0xde,0xb1,0x5a},{ 0x67,0x25,0xba,0x1b},{ 0x98,0x45,0xea,0x0e},{ 0xe1,0x5d,0xfe,0xc0}, +{ 0x02,0xc3,0x2f,0x75},{ 0x12,0x81,0x4c,0xf0},{ 0xa3,0x8d,0x46,0x97},{ 0xc6,0x6b,0xd3,0xf9}, +{ 0xe7,0x03,0x8f,0x5f},{ 0x95,0x15,0x92,0x9c},{ 0xeb,0xbf,0x6d,0x7a},{ 0xda,0x95,0x52,0x59}, +{ 0x2d,0xd4,0xbe,0x83},{ 0xd3,0x58,0x74,0x21},{ 0x29,0x49,0xe0,0x69},{ 0x44,0x8e,0xc9,0xc8}, +{ 0x6a,0x75,0xc2,0x89},{ 0x78,0xf4,0x8e,0x79},{ 0x6b,0x99,0x58,0x3e},{ 0xdd,0x27,0xb9,0x71}, +{ 0xb6,0xbe,0xe1,0x4f},{ 0x17,0xf0,0x88,0xad},{ 0x66,0xc9,0x20,0xac},{ 0xb4,0x7d,0xce,0x3a}, +{ 0x18,0x63,0xdf,0x4a},{ 0x82,0xe5,0x1a,0x31},{ 0x60,0x97,0x51,0x33},{ 0x45,0x62,0x53,0x7f}, +{ 0xe0,0xb1,0x64,0x77},{ 0x84,0xbb,0x6b,0xae},{ 0x1c,0xfe,0x81,0xa0},{ 0x94,0xf9,0x08,0x2b}, +{ 0x58,0x70,0x48,0x68},{ 0x19,0x8f,0x45,0xfd},{ 0x87,0x94,0xde,0x6c},{ 0xb7,0x52,0x7b,0xf8}, +{ 0x23,0xab,0x73,0xd3},{ 0xe2,0x72,0x4b,0x02},{ 0x57,0xe3,0x1f,0x8f},{ 0x2a,0x66,0x55,0xab}, +{ 0x07,0xb2,0xeb,0x28},{ 0x03,0x2f,0xb5,0xc2},{ 0x9a,0x86,0xc5,0x7b},{ 0xa5,0xd3,0x37,0x08}, +{ 0xf2,0x30,0x28,0x87},{ 0xb2,0x23,0xbf,0xa5},{ 0xba,0x02,0x03,0x6a},{ 0x5c,0xed,0x16,0x82}, +{ 0x2b,0x8a,0xcf,0x1c},{ 0x92,0xa7,0x79,0xb4},{ 0xf0,0xf3,0x07,0xf2},{ 0xa1,0x4e,0x69,0xe2}, +{ 0xcd,0x65,0xda,0xf4},{ 0xd5,0x06,0x05,0xbe},{ 0x1f,0xd1,0x34,0x62},{ 0x8a,0xc4,0xa6,0xfe}, +{ 0x9d,0x34,0x2e,0x53},{ 0xa0,0xa2,0xf3,0x55},{ 0x32,0x05,0x8a,0xe1},{ 0x75,0xa4,0xf6,0xeb}, +{ 0x39,0x0b,0x83,0xec},{ 0xaa,0x40,0x60,0xef},{ 0x06,0x5e,0x71,0x9f},{ 0x51,0xbd,0x6e,0x10}, +{ 0xf9,0x3e,0x21,0x8a},{ 0x3d,0x96,0xdd,0x06},{ 0xae,0xdd,0x3e,0x05},{ 0x46,0x4d,0xe6,0xbd}, +{ 0xb5,0x91,0x54,0x8d},{ 0x05,0x71,0xc4,0x5d},{ 0x6f,0x04,0x06,0xd4},{ 0xff,0x60,0x50,0x15}, +{ 0x24,0x19,0x98,0xfb},{ 0x97,0xd6,0xbd,0xe9},{ 0xcc,0x89,0x40,0x43},{ 0x77,0x67,0xd9,0x9e}, +{ 0xbd,0xb0,0xe8,0x42},{ 0x88,0x07,0x89,0x8b},{ 0x38,0xe7,0x19,0x5b},{ 0xdb,0x79,0xc8,0xee}, +{ 0x47,0xa1,0x7c,0x0a},{ 0xe9,0x7c,0x42,0x0f},{ 0xc9,0xf8,0x84,0x1e},{ 0x00,0x00,0x00,0x00}, +{ 0x83,0x09,0x80,0x86},{ 0x48,0x32,0x2b,0xed},{ 0xac,0x1e,0x11,0x70},{ 0x4e,0x6c,0x5a,0x72}, +{ 0xfb,0xfd,0x0e,0xff},{ 0x56,0x0f,0x85,0x38},{ 0x1e,0x3d,0xae,0xd5},{ 0x27,0x36,0x2d,0x39}, +{ 0x64,0x0a,0x0f,0xd9},{ 0x21,0x68,0x5c,0xa6},{ 0xd1,0x9b,0x5b,0x54},{ 0x3a,0x24,0x36,0x2e}, +{ 0xb1,0x0c,0x0a,0x67},{ 0x0f,0x93,0x57,0xe7},{ 0xd2,0xb4,0xee,0x96},{ 0x9e,0x1b,0x9b,0x91}, +{ 0x4f,0x80,0xc0,0xc5},{ 0xa2,0x61,0xdc,0x20},{ 0x69,0x5a,0x77,0x4b},{ 0x16,0x1c,0x12,0x1a}, +{ 0x0a,0xe2,0x93,0xba},{ 0xe5,0xc0,0xa0,0x2a},{ 0x43,0x3c,0x22,0xe0},{ 0x1d,0x12,0x1b,0x17}, +{ 0x0b,0x0e,0x09,0x0d},{ 0xad,0xf2,0x8b,0xc7},{ 0xb9,0x2d,0xb6,0xa8},{ 0xc8,0x14,0x1e,0xa9}, +{ 0x85,0x57,0xf1,0x19},{ 0x4c,0xaf,0x75,0x07},{ 0xbb,0xee,0x99,0xdd},{ 0xfd,0xa3,0x7f,0x60}, +{ 0x9f,0xf7,0x01,0x26},{ 0xbc,0x5c,0x72,0xf5},{ 0xc5,0x44,0x66,0x3b},{ 0x34,0x5b,0xfb,0x7e}, +{ 0x76,0x8b,0x43,0x29},{ 0xdc,0xcb,0x23,0xc6},{ 0x68,0xb6,0xed,0xfc},{ 0x63,0xb8,0xe4,0xf1}, +{ 0xca,0xd7,0x31,0xdc},{ 0x10,0x42,0x63,0x85},{ 0x40,0x13,0x97,0x22},{ 0x20,0x84,0xc6,0x11}, +{ 0x7d,0x85,0x4a,0x24},{ 0xf8,0xd2,0xbb,0x3d},{ 0x11,0xae,0xf9,0x32},{ 0x6d,0xc7,0x29,0xa1}, +{ 0x4b,0x1d,0x9e,0x2f},{ 0xf3,0xdc,0xb2,0x30},{ 0xec,0x0d,0x86,0x52},{ 0xd0,0x77,0xc1,0xe3}, +{ 0x6c,0x2b,0xb3,0x16},{ 0x99,0xa9,0x70,0xb9},{ 0xfa,0x11,0x94,0x48},{ 0x22,0x47,0xe9,0x64}, +{ 0xc4,0xa8,0xfc,0x8c},{ 0x1a,0xa0,0xf0,0x3f},{ 0xd8,0x56,0x7d,0x2c},{ 0xef,0x22,0x33,0x90}, +{ 0xc7,0x87,0x49,0x4e},{ 0xc1,0xd9,0x38,0xd1},{ 0xfe,0x8c,0xca,0xa2},{ 0x36,0x98,0xd4,0x0b}, +{ 0xcf,0xa6,0xf5,0x81},{ 0x28,0xa5,0x7a,0xde},{ 0x26,0xda,0xb7,0x8e},{ 0xa4,0x3f,0xad,0xbf}, +{ 0xe4,0x2c,0x3a,0x9d},{ 0x0d,0x50,0x78,0x92},{ 0x9b,0x6a,0x5f,0xcc},{ 0x62,0x54,0x7e,0x46}, +{ 0xc2,0xf6,0x8d,0x13},{ 0xe8,0x90,0xd8,0xb8},{ 0x5e,0x2e,0x39,0xf7},{ 0xf5,0x82,0xc3,0xaf}, +{ 0xbe,0x9f,0x5d,0x80},{ 0x7c,0x69,0xd0,0x93},{ 0xa9,0x6f,0xd5,0x2d},{ 0xb3,0xcf,0x25,0x12}, +{ 0x3b,0xc8,0xac,0x99},{ 0xa7,0x10,0x18,0x7d},{ 0x6e,0xe8,0x9c,0x63},{ 0x7b,0xdb,0x3b,0xbb}, +{ 0x09,0xcd,0x26,0x78},{ 0xf4,0x6e,0x59,0x18},{ 0x01,0xec,0x9a,0xb7},{ 0xa8,0x83,0x4f,0x9a}, +{ 0x65,0xe6,0x95,0x6e},{ 0x7e,0xaa,0xff,0xe6},{ 0x08,0x21,0xbc,0xcf},{ 0xe6,0xef,0x15,0xe8}, +{ 0xd9,0xba,0xe7,0x9b},{ 0xce,0x4a,0x6f,0x36},{ 0xd4,0xea,0x9f,0x09},{ 0xd6,0x29,0xb0,0x7c}, +{ 0xaf,0x31,0xa4,0xb2},{ 0x31,0x2a,0x3f,0x23},{ 0x30,0xc6,0xa5,0x94},{ 0xc0,0x35,0xa2,0x66}, +{ 0x37,0x74,0x4e,0xbc},{ 0xa6,0xfc,0x82,0xca},{ 0xb0,0xe0,0x90,0xd0},{ 0x15,0x33,0xa7,0xd8}, +{ 0x4a,0xf1,0x04,0x98},{ 0xf7,0x41,0xec,0xda},{ 0x0e,0x7f,0xcd,0x50},{ 0x2f,0x17,0x91,0xf6}, +{ 0x8d,0x76,0x4d,0xd6},{ 0x4d,0x43,0xef,0xb0},{ 0x54,0xcc,0xaa,0x4d},{ 0xdf,0xe4,0x96,0x04}, +{ 0xe3,0x9e,0xd1,0xb5},{ 0x1b,0x4c,0x6a,0x88},{ 0xb8,0xc1,0x2c,0x1f},{ 0x7f,0x46,0x65,0x51}, +{ 0x04,0x9d,0x5e,0xea},{ 0x5d,0x01,0x8c,0x35},{ 0x73,0xfa,0x87,0x74},{ 0x2e,0xfb,0x0b,0x41}, +{ 0x5a,0xb3,0x67,0x1d},{ 0x52,0x92,0xdb,0xd2},{ 0x33,0xe9,0x10,0x56},{ 0x13,0x6d,0xd6,0x47}, +{ 0x8c,0x9a,0xd7,0x61},{ 0x7a,0x37,0xa1,0x0c},{ 0x8e,0x59,0xf8,0x14},{ 0x89,0xeb,0x13,0x3c}, +{ 0xee,0xce,0xa9,0x27},{ 0x35,0xb7,0x61,0xc9},{ 0xed,0xe1,0x1c,0xe5},{ 0x3c,0x7a,0x47,0xb1}, +{ 0x59,0x9c,0xd2,0xdf},{ 0x3f,0x55,0xf2,0x73},{ 0x79,0x18,0x14,0xce},{ 0xbf,0x73,0xc7,0x37}, +{ 0xea,0x53,0xf7,0xcd},{ 0x5b,0x5f,0xfd,0xaa},{ 0x14,0xdf,0x3d,0x6f},{ 0x86,0x78,0x44,0xdb}, +{ 0x81,0xca,0xaf,0xf3},{ 0x3e,0xb9,0x68,0xc4},{ 0x2c,0x38,0x24,0x34},{ 0x5f,0xc2,0xa3,0x40}, +{ 0x72,0x16,0x1d,0xc3},{ 0x0c,0xbc,0xe2,0x25},{ 0x8b,0x28,0x3c,0x49},{ 0x41,0xff,0x0d,0x95}, +{ 0x71,0x39,0xa8,0x01},{ 0xde,0x08,0x0c,0xb3},{ 0x9c,0xd8,0xb4,0xe4},{ 0x90,0x64,0x56,0xc1}, +{ 0x61,0x7b,0xcb,0x84},{ 0x70,0xd5,0x32,0xb6},{ 0x74,0x48,0x6c,0x5c},{ 0x42,0xd0,0xb8,0x57 } +}; + +word8 T7[256][4] = { +{ 0xa7,0x50,0x51,0xf4},{ 0x65,0x53,0x7e,0x41},{ 0xa4,0xc3,0x1a,0x17},{ 0x5e,0x96,0x3a,0x27}, +{ 0x6b,0xcb,0x3b,0xab},{ 0x45,0xf1,0x1f,0x9d},{ 0x58,0xab,0xac,0xfa},{ 0x03,0x93,0x4b,0xe3}, +{ 0xfa,0x55,0x20,0x30},{ 0x6d,0xf6,0xad,0x76},{ 0x76,0x91,0x88,0xcc},{ 0x4c,0x25,0xf5,0x02}, +{ 0xd7,0xfc,0x4f,0xe5},{ 0xcb,0xd7,0xc5,0x2a},{ 0x44,0x80,0x26,0x35},{ 0xa3,0x8f,0xb5,0x62}, +{ 0x5a,0x49,0xde,0xb1},{ 0x1b,0x67,0x25,0xba},{ 0x0e,0x98,0x45,0xea},{ 0xc0,0xe1,0x5d,0xfe}, +{ 0x75,0x02,0xc3,0x2f},{ 0xf0,0x12,0x81,0x4c},{ 0x97,0xa3,0x8d,0x46},{ 0xf9,0xc6,0x6b,0xd3}, +{ 0x5f,0xe7,0x03,0x8f},{ 0x9c,0x95,0x15,0x92},{ 0x7a,0xeb,0xbf,0x6d},{ 0x59,0xda,0x95,0x52}, +{ 0x83,0x2d,0xd4,0xbe},{ 0x21,0xd3,0x58,0x74},{ 0x69,0x29,0x49,0xe0},{ 0xc8,0x44,0x8e,0xc9}, +{ 0x89,0x6a,0x75,0xc2},{ 0x79,0x78,0xf4,0x8e},{ 0x3e,0x6b,0x99,0x58},{ 0x71,0xdd,0x27,0xb9}, +{ 0x4f,0xb6,0xbe,0xe1},{ 0xad,0x17,0xf0,0x88},{ 0xac,0x66,0xc9,0x20},{ 0x3a,0xb4,0x7d,0xce}, +{ 0x4a,0x18,0x63,0xdf},{ 0x31,0x82,0xe5,0x1a},{ 0x33,0x60,0x97,0x51},{ 0x7f,0x45,0x62,0x53}, +{ 0x77,0xe0,0xb1,0x64},{ 0xae,0x84,0xbb,0x6b},{ 0xa0,0x1c,0xfe,0x81},{ 0x2b,0x94,0xf9,0x08}, +{ 0x68,0x58,0x70,0x48},{ 0xfd,0x19,0x8f,0x45},{ 0x6c,0x87,0x94,0xde},{ 0xf8,0xb7,0x52,0x7b}, +{ 0xd3,0x23,0xab,0x73},{ 0x02,0xe2,0x72,0x4b},{ 0x8f,0x57,0xe3,0x1f},{ 0xab,0x2a,0x66,0x55}, +{ 0x28,0x07,0xb2,0xeb},{ 0xc2,0x03,0x2f,0xb5},{ 0x7b,0x9a,0x86,0xc5},{ 0x08,0xa5,0xd3,0x37}, +{ 0x87,0xf2,0x30,0x28},{ 0xa5,0xb2,0x23,0xbf},{ 0x6a,0xba,0x02,0x03},{ 0x82,0x5c,0xed,0x16}, +{ 0x1c,0x2b,0x8a,0xcf},{ 0xb4,0x92,0xa7,0x79},{ 0xf2,0xf0,0xf3,0x07},{ 0xe2,0xa1,0x4e,0x69}, +{ 0xf4,0xcd,0x65,0xda},{ 0xbe,0xd5,0x06,0x05},{ 0x62,0x1f,0xd1,0x34},{ 0xfe,0x8a,0xc4,0xa6}, +{ 0x53,0x9d,0x34,0x2e},{ 0x55,0xa0,0xa2,0xf3},{ 0xe1,0x32,0x05,0x8a},{ 0xeb,0x75,0xa4,0xf6}, +{ 0xec,0x39,0x0b,0x83},{ 0xef,0xaa,0x40,0x60},{ 0x9f,0x06,0x5e,0x71},{ 0x10,0x51,0xbd,0x6e}, +{ 0x8a,0xf9,0x3e,0x21},{ 0x06,0x3d,0x96,0xdd},{ 0x05,0xae,0xdd,0x3e},{ 0xbd,0x46,0x4d,0xe6}, +{ 0x8d,0xb5,0x91,0x54},{ 0x5d,0x05,0x71,0xc4},{ 0xd4,0x6f,0x04,0x06},{ 0x15,0xff,0x60,0x50}, +{ 0xfb,0x24,0x19,0x98},{ 0xe9,0x97,0xd6,0xbd},{ 0x43,0xcc,0x89,0x40},{ 0x9e,0x77,0x67,0xd9}, +{ 0x42,0xbd,0xb0,0xe8},{ 0x8b,0x88,0x07,0x89},{ 0x5b,0x38,0xe7,0x19},{ 0xee,0xdb,0x79,0xc8}, +{ 0x0a,0x47,0xa1,0x7c},{ 0x0f,0xe9,0x7c,0x42},{ 0x1e,0xc9,0xf8,0x84},{ 0x00,0x00,0x00,0x00}, +{ 0x86,0x83,0x09,0x80},{ 0xed,0x48,0x32,0x2b},{ 0x70,0xac,0x1e,0x11},{ 0x72,0x4e,0x6c,0x5a}, +{ 0xff,0xfb,0xfd,0x0e},{ 0x38,0x56,0x0f,0x85},{ 0xd5,0x1e,0x3d,0xae},{ 0x39,0x27,0x36,0x2d}, +{ 0xd9,0x64,0x0a,0x0f},{ 0xa6,0x21,0x68,0x5c},{ 0x54,0xd1,0x9b,0x5b},{ 0x2e,0x3a,0x24,0x36}, +{ 0x67,0xb1,0x0c,0x0a},{ 0xe7,0x0f,0x93,0x57},{ 0x96,0xd2,0xb4,0xee},{ 0x91,0x9e,0x1b,0x9b}, +{ 0xc5,0x4f,0x80,0xc0},{ 0x20,0xa2,0x61,0xdc},{ 0x4b,0x69,0x5a,0x77},{ 0x1a,0x16,0x1c,0x12}, +{ 0xba,0x0a,0xe2,0x93},{ 0x2a,0xe5,0xc0,0xa0},{ 0xe0,0x43,0x3c,0x22},{ 0x17,0x1d,0x12,0x1b}, +{ 0x0d,0x0b,0x0e,0x09},{ 0xc7,0xad,0xf2,0x8b},{ 0xa8,0xb9,0x2d,0xb6},{ 0xa9,0xc8,0x14,0x1e}, +{ 0x19,0x85,0x57,0xf1},{ 0x07,0x4c,0xaf,0x75},{ 0xdd,0xbb,0xee,0x99},{ 0x60,0xfd,0xa3,0x7f}, +{ 0x26,0x9f,0xf7,0x01},{ 0xf5,0xbc,0x5c,0x72},{ 0x3b,0xc5,0x44,0x66},{ 0x7e,0x34,0x5b,0xfb}, +{ 0x29,0x76,0x8b,0x43},{ 0xc6,0xdc,0xcb,0x23},{ 0xfc,0x68,0xb6,0xed},{ 0xf1,0x63,0xb8,0xe4}, +{ 0xdc,0xca,0xd7,0x31},{ 0x85,0x10,0x42,0x63},{ 0x22,0x40,0x13,0x97},{ 0x11,0x20,0x84,0xc6}, +{ 0x24,0x7d,0x85,0x4a},{ 0x3d,0xf8,0xd2,0xbb},{ 0x32,0x11,0xae,0xf9},{ 0xa1,0x6d,0xc7,0x29}, +{ 0x2f,0x4b,0x1d,0x9e},{ 0x30,0xf3,0xdc,0xb2},{ 0x52,0xec,0x0d,0x86},{ 0xe3,0xd0,0x77,0xc1}, +{ 0x16,0x6c,0x2b,0xb3},{ 0xb9,0x99,0xa9,0x70},{ 0x48,0xfa,0x11,0x94},{ 0x64,0x22,0x47,0xe9}, +{ 0x8c,0xc4,0xa8,0xfc},{ 0x3f,0x1a,0xa0,0xf0},{ 0x2c,0xd8,0x56,0x7d},{ 0x90,0xef,0x22,0x33}, +{ 0x4e,0xc7,0x87,0x49},{ 0xd1,0xc1,0xd9,0x38},{ 0xa2,0xfe,0x8c,0xca},{ 0x0b,0x36,0x98,0xd4}, +{ 0x81,0xcf,0xa6,0xf5},{ 0xde,0x28,0xa5,0x7a},{ 0x8e,0x26,0xda,0xb7},{ 0xbf,0xa4,0x3f,0xad}, +{ 0x9d,0xe4,0x2c,0x3a},{ 0x92,0x0d,0x50,0x78},{ 0xcc,0x9b,0x6a,0x5f},{ 0x46,0x62,0x54,0x7e}, +{ 0x13,0xc2,0xf6,0x8d},{ 0xb8,0xe8,0x90,0xd8},{ 0xf7,0x5e,0x2e,0x39},{ 0xaf,0xf5,0x82,0xc3}, +{ 0x80,0xbe,0x9f,0x5d},{ 0x93,0x7c,0x69,0xd0},{ 0x2d,0xa9,0x6f,0xd5},{ 0x12,0xb3,0xcf,0x25}, +{ 0x99,0x3b,0xc8,0xac},{ 0x7d,0xa7,0x10,0x18},{ 0x63,0x6e,0xe8,0x9c},{ 0xbb,0x7b,0xdb,0x3b}, +{ 0x78,0x09,0xcd,0x26},{ 0x18,0xf4,0x6e,0x59},{ 0xb7,0x01,0xec,0x9a},{ 0x9a,0xa8,0x83,0x4f}, +{ 0x6e,0x65,0xe6,0x95},{ 0xe6,0x7e,0xaa,0xff},{ 0xcf,0x08,0x21,0xbc},{ 0xe8,0xe6,0xef,0x15}, +{ 0x9b,0xd9,0xba,0xe7},{ 0x36,0xce,0x4a,0x6f},{ 0x09,0xd4,0xea,0x9f},{ 0x7c,0xd6,0x29,0xb0}, +{ 0xb2,0xaf,0x31,0xa4},{ 0x23,0x31,0x2a,0x3f},{ 0x94,0x30,0xc6,0xa5},{ 0x66,0xc0,0x35,0xa2}, +{ 0xbc,0x37,0x74,0x4e},{ 0xca,0xa6,0xfc,0x82},{ 0xd0,0xb0,0xe0,0x90},{ 0xd8,0x15,0x33,0xa7}, +{ 0x98,0x4a,0xf1,0x04},{ 0xda,0xf7,0x41,0xec},{ 0x50,0x0e,0x7f,0xcd},{ 0xf6,0x2f,0x17,0x91}, +{ 0xd6,0x8d,0x76,0x4d},{ 0xb0,0x4d,0x43,0xef},{ 0x4d,0x54,0xcc,0xaa},{ 0x04,0xdf,0xe4,0x96}, +{ 0xb5,0xe3,0x9e,0xd1},{ 0x88,0x1b,0x4c,0x6a},{ 0x1f,0xb8,0xc1,0x2c},{ 0x51,0x7f,0x46,0x65}, +{ 0xea,0x04,0x9d,0x5e},{ 0x35,0x5d,0x01,0x8c},{ 0x74,0x73,0xfa,0x87},{ 0x41,0x2e,0xfb,0x0b}, +{ 0x1d,0x5a,0xb3,0x67},{ 0xd2,0x52,0x92,0xdb},{ 0x56,0x33,0xe9,0x10},{ 0x47,0x13,0x6d,0xd6}, +{ 0x61,0x8c,0x9a,0xd7},{ 0x0c,0x7a,0x37,0xa1},{ 0x14,0x8e,0x59,0xf8},{ 0x3c,0x89,0xeb,0x13}, +{ 0x27,0xee,0xce,0xa9},{ 0xc9,0x35,0xb7,0x61},{ 0xe5,0xed,0xe1,0x1c},{ 0xb1,0x3c,0x7a,0x47}, +{ 0xdf,0x59,0x9c,0xd2},{ 0x73,0x3f,0x55,0xf2},{ 0xce,0x79,0x18,0x14},{ 0x37,0xbf,0x73,0xc7}, +{ 0xcd,0xea,0x53,0xf7},{ 0xaa,0x5b,0x5f,0xfd},{ 0x6f,0x14,0xdf,0x3d},{ 0xdb,0x86,0x78,0x44}, +{ 0xf3,0x81,0xca,0xaf},{ 0xc4,0x3e,0xb9,0x68},{ 0x34,0x2c,0x38,0x24},{ 0x40,0x5f,0xc2,0xa3}, +{ 0xc3,0x72,0x16,0x1d},{ 0x25,0x0c,0xbc,0xe2},{ 0x49,0x8b,0x28,0x3c},{ 0x95,0x41,0xff,0x0d}, +{ 0x01,0x71,0x39,0xa8},{ 0xb3,0xde,0x08,0x0c},{ 0xe4,0x9c,0xd8,0xb4},{ 0xc1,0x90,0x64,0x56}, +{ 0x84,0x61,0x7b,0xcb},{ 0xb6,0x70,0xd5,0x32},{ 0x5c,0x74,0x48,0x6c},{ 0x57,0x42,0xd0,0xb8 } +}; + +word8 T8[256][4] = { +{ 0xf4,0xa7,0x50,0x51},{ 0x41,0x65,0x53,0x7e},{ 0x17,0xa4,0xc3,0x1a},{ 0x27,0x5e,0x96,0x3a}, +{ 0xab,0x6b,0xcb,0x3b},{ 0x9d,0x45,0xf1,0x1f},{ 0xfa,0x58,0xab,0xac},{ 0xe3,0x03,0x93,0x4b}, +{ 0x30,0xfa,0x55,0x20},{ 0x76,0x6d,0xf6,0xad},{ 0xcc,0x76,0x91,0x88},{ 0x02,0x4c,0x25,0xf5}, +{ 0xe5,0xd7,0xfc,0x4f},{ 0x2a,0xcb,0xd7,0xc5},{ 0x35,0x44,0x80,0x26},{ 0x62,0xa3,0x8f,0xb5}, +{ 0xb1,0x5a,0x49,0xde},{ 0xba,0x1b,0x67,0x25},{ 0xea,0x0e,0x98,0x45},{ 0xfe,0xc0,0xe1,0x5d}, +{ 0x2f,0x75,0x02,0xc3},{ 0x4c,0xf0,0x12,0x81},{ 0x46,0x97,0xa3,0x8d},{ 0xd3,0xf9,0xc6,0x6b}, +{ 0x8f,0x5f,0xe7,0x03},{ 0x92,0x9c,0x95,0x15},{ 0x6d,0x7a,0xeb,0xbf},{ 0x52,0x59,0xda,0x95}, +{ 0xbe,0x83,0x2d,0xd4},{ 0x74,0x21,0xd3,0x58},{ 0xe0,0x69,0x29,0x49},{ 0xc9,0xc8,0x44,0x8e}, +{ 0xc2,0x89,0x6a,0x75},{ 0x8e,0x79,0x78,0xf4},{ 0x58,0x3e,0x6b,0x99},{ 0xb9,0x71,0xdd,0x27}, +{ 0xe1,0x4f,0xb6,0xbe},{ 0x88,0xad,0x17,0xf0},{ 0x20,0xac,0x66,0xc9},{ 0xce,0x3a,0xb4,0x7d}, +{ 0xdf,0x4a,0x18,0x63},{ 0x1a,0x31,0x82,0xe5},{ 0x51,0x33,0x60,0x97},{ 0x53,0x7f,0x45,0x62}, +{ 0x64,0x77,0xe0,0xb1},{ 0x6b,0xae,0x84,0xbb},{ 0x81,0xa0,0x1c,0xfe},{ 0x08,0x2b,0x94,0xf9}, +{ 0x48,0x68,0x58,0x70},{ 0x45,0xfd,0x19,0x8f},{ 0xde,0x6c,0x87,0x94},{ 0x7b,0xf8,0xb7,0x52}, +{ 0x73,0xd3,0x23,0xab},{ 0x4b,0x02,0xe2,0x72},{ 0x1f,0x8f,0x57,0xe3},{ 0x55,0xab,0x2a,0x66}, +{ 0xeb,0x28,0x07,0xb2},{ 0xb5,0xc2,0x03,0x2f},{ 0xc5,0x7b,0x9a,0x86},{ 0x37,0x08,0xa5,0xd3}, +{ 0x28,0x87,0xf2,0x30},{ 0xbf,0xa5,0xb2,0x23},{ 0x03,0x6a,0xba,0x02},{ 0x16,0x82,0x5c,0xed}, +{ 0xcf,0x1c,0x2b,0x8a},{ 0x79,0xb4,0x92,0xa7},{ 0x07,0xf2,0xf0,0xf3},{ 0x69,0xe2,0xa1,0x4e}, +{ 0xda,0xf4,0xcd,0x65},{ 0x05,0xbe,0xd5,0x06},{ 0x34,0x62,0x1f,0xd1},{ 0xa6,0xfe,0x8a,0xc4}, +{ 0x2e,0x53,0x9d,0x34},{ 0xf3,0x55,0xa0,0xa2},{ 0x8a,0xe1,0x32,0x05},{ 0xf6,0xeb,0x75,0xa4}, +{ 0x83,0xec,0x39,0x0b},{ 0x60,0xef,0xaa,0x40},{ 0x71,0x9f,0x06,0x5e},{ 0x6e,0x10,0x51,0xbd}, +{ 0x21,0x8a,0xf9,0x3e},{ 0xdd,0x06,0x3d,0x96},{ 0x3e,0x05,0xae,0xdd},{ 0xe6,0xbd,0x46,0x4d}, +{ 0x54,0x8d,0xb5,0x91},{ 0xc4,0x5d,0x05,0x71},{ 0x06,0xd4,0x6f,0x04},{ 0x50,0x15,0xff,0x60}, +{ 0x98,0xfb,0x24,0x19},{ 0xbd,0xe9,0x97,0xd6},{ 0x40,0x43,0xcc,0x89},{ 0xd9,0x9e,0x77,0x67}, +{ 0xe8,0x42,0xbd,0xb0},{ 0x89,0x8b,0x88,0x07},{ 0x19,0x5b,0x38,0xe7},{ 0xc8,0xee,0xdb,0x79}, +{ 0x7c,0x0a,0x47,0xa1},{ 0x42,0x0f,0xe9,0x7c},{ 0x84,0x1e,0xc9,0xf8},{ 0x00,0x00,0x00,0x00}, +{ 0x80,0x86,0x83,0x09},{ 0x2b,0xed,0x48,0x32},{ 0x11,0x70,0xac,0x1e},{ 0x5a,0x72,0x4e,0x6c}, +{ 0x0e,0xff,0xfb,0xfd},{ 0x85,0x38,0x56,0x0f},{ 0xae,0xd5,0x1e,0x3d},{ 0x2d,0x39,0x27,0x36}, +{ 0x0f,0xd9,0x64,0x0a},{ 0x5c,0xa6,0x21,0x68},{ 0x5b,0x54,0xd1,0x9b},{ 0x36,0x2e,0x3a,0x24}, +{ 0x0a,0x67,0xb1,0x0c},{ 0x57,0xe7,0x0f,0x93},{ 0xee,0x96,0xd2,0xb4},{ 0x9b,0x91,0x9e,0x1b}, +{ 0xc0,0xc5,0x4f,0x80},{ 0xdc,0x20,0xa2,0x61},{ 0x77,0x4b,0x69,0x5a},{ 0x12,0x1a,0x16,0x1c}, +{ 0x93,0xba,0x0a,0xe2},{ 0xa0,0x2a,0xe5,0xc0},{ 0x22,0xe0,0x43,0x3c},{ 0x1b,0x17,0x1d,0x12}, +{ 0x09,0x0d,0x0b,0x0e},{ 0x8b,0xc7,0xad,0xf2},{ 0xb6,0xa8,0xb9,0x2d},{ 0x1e,0xa9,0xc8,0x14}, +{ 0xf1,0x19,0x85,0x57},{ 0x75,0x07,0x4c,0xaf},{ 0x99,0xdd,0xbb,0xee},{ 0x7f,0x60,0xfd,0xa3}, +{ 0x01,0x26,0x9f,0xf7},{ 0x72,0xf5,0xbc,0x5c},{ 0x66,0x3b,0xc5,0x44},{ 0xfb,0x7e,0x34,0x5b}, +{ 0x43,0x29,0x76,0x8b},{ 0x23,0xc6,0xdc,0xcb},{ 0xed,0xfc,0x68,0xb6},{ 0xe4,0xf1,0x63,0xb8}, +{ 0x31,0xdc,0xca,0xd7},{ 0x63,0x85,0x10,0x42},{ 0x97,0x22,0x40,0x13},{ 0xc6,0x11,0x20,0x84}, +{ 0x4a,0x24,0x7d,0x85},{ 0xbb,0x3d,0xf8,0xd2},{ 0xf9,0x32,0x11,0xae},{ 0x29,0xa1,0x6d,0xc7}, +{ 0x9e,0x2f,0x4b,0x1d},{ 0xb2,0x30,0xf3,0xdc},{ 0x86,0x52,0xec,0x0d},{ 0xc1,0xe3,0xd0,0x77}, +{ 0xb3,0x16,0x6c,0x2b},{ 0x70,0xb9,0x99,0xa9},{ 0x94,0x48,0xfa,0x11},{ 0xe9,0x64,0x22,0x47}, +{ 0xfc,0x8c,0xc4,0xa8},{ 0xf0,0x3f,0x1a,0xa0},{ 0x7d,0x2c,0xd8,0x56},{ 0x33,0x90,0xef,0x22}, +{ 0x49,0x4e,0xc7,0x87},{ 0x38,0xd1,0xc1,0xd9},{ 0xca,0xa2,0xfe,0x8c},{ 0xd4,0x0b,0x36,0x98}, +{ 0xf5,0x81,0xcf,0xa6},{ 0x7a,0xde,0x28,0xa5},{ 0xb7,0x8e,0x26,0xda},{ 0xad,0xbf,0xa4,0x3f}, +{ 0x3a,0x9d,0xe4,0x2c},{ 0x78,0x92,0x0d,0x50},{ 0x5f,0xcc,0x9b,0x6a},{ 0x7e,0x46,0x62,0x54}, +{ 0x8d,0x13,0xc2,0xf6},{ 0xd8,0xb8,0xe8,0x90},{ 0x39,0xf7,0x5e,0x2e},{ 0xc3,0xaf,0xf5,0x82}, +{ 0x5d,0x80,0xbe,0x9f},{ 0xd0,0x93,0x7c,0x69},{ 0xd5,0x2d,0xa9,0x6f},{ 0x25,0x12,0xb3,0xcf}, +{ 0xac,0x99,0x3b,0xc8},{ 0x18,0x7d,0xa7,0x10},{ 0x9c,0x63,0x6e,0xe8},{ 0x3b,0xbb,0x7b,0xdb}, +{ 0x26,0x78,0x09,0xcd},{ 0x59,0x18,0xf4,0x6e},{ 0x9a,0xb7,0x01,0xec},{ 0x4f,0x9a,0xa8,0x83}, +{ 0x95,0x6e,0x65,0xe6},{ 0xff,0xe6,0x7e,0xaa},{ 0xbc,0xcf,0x08,0x21},{ 0x15,0xe8,0xe6,0xef}, +{ 0xe7,0x9b,0xd9,0xba},{ 0x6f,0x36,0xce,0x4a},{ 0x9f,0x09,0xd4,0xea},{ 0xb0,0x7c,0xd6,0x29}, +{ 0xa4,0xb2,0xaf,0x31},{ 0x3f,0x23,0x31,0x2a},{ 0xa5,0x94,0x30,0xc6},{ 0xa2,0x66,0xc0,0x35}, +{ 0x4e,0xbc,0x37,0x74},{ 0x82,0xca,0xa6,0xfc},{ 0x90,0xd0,0xb0,0xe0},{ 0xa7,0xd8,0x15,0x33}, +{ 0x04,0x98,0x4a,0xf1},{ 0xec,0xda,0xf7,0x41},{ 0xcd,0x50,0x0e,0x7f},{ 0x91,0xf6,0x2f,0x17}, +{ 0x4d,0xd6,0x8d,0x76},{ 0xef,0xb0,0x4d,0x43},{ 0xaa,0x4d,0x54,0xcc},{ 0x96,0x04,0xdf,0xe4}, +{ 0xd1,0xb5,0xe3,0x9e},{ 0x6a,0x88,0x1b,0x4c},{ 0x2c,0x1f,0xb8,0xc1},{ 0x65,0x51,0x7f,0x46}, +{ 0x5e,0xea,0x04,0x9d},{ 0x8c,0x35,0x5d,0x01},{ 0x87,0x74,0x73,0xfa},{ 0x0b,0x41,0x2e,0xfb}, +{ 0x67,0x1d,0x5a,0xb3},{ 0xdb,0xd2,0x52,0x92},{ 0x10,0x56,0x33,0xe9},{ 0xd6,0x47,0x13,0x6d}, +{ 0xd7,0x61,0x8c,0x9a},{ 0xa1,0x0c,0x7a,0x37},{ 0xf8,0x14,0x8e,0x59},{ 0x13,0x3c,0x89,0xeb}, +{ 0xa9,0x27,0xee,0xce},{ 0x61,0xc9,0x35,0xb7},{ 0x1c,0xe5,0xed,0xe1},{ 0x47,0xb1,0x3c,0x7a}, +{ 0xd2,0xdf,0x59,0x9c},{ 0xf2,0x73,0x3f,0x55},{ 0x14,0xce,0x79,0x18},{ 0xc7,0x37,0xbf,0x73}, +{ 0xf7,0xcd,0xea,0x53},{ 0xfd,0xaa,0x5b,0x5f},{ 0x3d,0x6f,0x14,0xdf},{ 0x44,0xdb,0x86,0x78}, +{ 0xaf,0xf3,0x81,0xca},{ 0x68,0xc4,0x3e,0xb9},{ 0x24,0x34,0x2c,0x38},{ 0xa3,0x40,0x5f,0xc2}, +{ 0x1d,0xc3,0x72,0x16},{ 0xe2,0x25,0x0c,0xbc},{ 0x3c,0x49,0x8b,0x28},{ 0x0d,0x95,0x41,0xff}, +{ 0xa8,0x01,0x71,0x39},{ 0x0c,0xb3,0xde,0x08},{ 0xb4,0xe4,0x9c,0xd8},{ 0x56,0xc1,0x90,0x64}, +{ 0xcb,0x84,0x61,0x7b},{ 0x32,0xb6,0x70,0xd5},{ 0x6c,0x5c,0x74,0x48},{ 0xb8,0x57,0x42,0xd0 } +}; + +word8 S5[256] = { +0x52,0x09,0x6a,0xd5, +0x30,0x36,0xa5,0x38, +0xbf,0x40,0xa3,0x9e, +0x81,0xf3,0xd7,0xfb, +0x7c,0xe3,0x39,0x82, +0x9b,0x2f,0xff,0x87, +0x34,0x8e,0x43,0x44, +0xc4,0xde,0xe9,0xcb, +0x54,0x7b,0x94,0x32, +0xa6,0xc2,0x23,0x3d, +0xee,0x4c,0x95,0x0b, +0x42,0xfa,0xc3,0x4e, +0x08,0x2e,0xa1,0x66, +0x28,0xd9,0x24,0xb2, +0x76,0x5b,0xa2,0x49, +0x6d,0x8b,0xd1,0x25, +0x72,0xf8,0xf6,0x64, +0x86,0x68,0x98,0x16, +0xd4,0xa4,0x5c,0xcc, +0x5d,0x65,0xb6,0x92, +0x6c,0x70,0x48,0x50, +0xfd,0xed,0xb9,0xda, +0x5e,0x15,0x46,0x57, +0xa7,0x8d,0x9d,0x84, +0x90,0xd8,0xab,0x00, +0x8c,0xbc,0xd3,0x0a, +0xf7,0xe4,0x58,0x05, +0xb8,0xb3,0x45,0x06, +0xd0,0x2c,0x1e,0x8f, +0xca,0x3f,0x0f,0x02, +0xc1,0xaf,0xbd,0x03, +0x01,0x13,0x8a,0x6b, +0x3a,0x91,0x11,0x41, +0x4f,0x67,0xdc,0xea, +0x97,0xf2,0xcf,0xce, +0xf0,0xb4,0xe6,0x73, +0x96,0xac,0x74,0x22, +0xe7,0xad,0x35,0x85, +0xe2,0xf9,0x37,0xe8, +0x1c,0x75,0xdf,0x6e, +0x47,0xf1,0x1a,0x71, +0x1d,0x29,0xc5,0x89, +0x6f,0xb7,0x62,0x0e, +0xaa,0x18,0xbe,0x1b, +0xfc,0x56,0x3e,0x4b, +0xc6,0xd2,0x79,0x20, +0x9a,0xdb,0xc0,0xfe, +0x78,0xcd,0x5a,0xf4, +0x1f,0xdd,0xa8,0x33, +0x88,0x07,0xc7,0x31, +0xb1,0x12,0x10,0x59, +0x27,0x80,0xec,0x5f, +0x60,0x51,0x7f,0xa9, +0x19,0xb5,0x4a,0x0d, +0x2d,0xe5,0x7a,0x9f, +0x93,0xc9,0x9c,0xef, +0xa0,0xe0,0x3b,0x4d, +0xae,0x2a,0xf5,0xb0, +0xc8,0xeb,0xbb,0x3c, +0x83,0x53,0x99,0x61, +0x17,0x2b,0x04,0x7e, +0xba,0x77,0xd6,0x26, +0xe1,0x69,0x14,0x63, +0x55,0x21,0x0c,0x7d +}; + +word8 U1[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x0e,0x09,0x0d,0x0b},{ 0x1c,0x12,0x1a,0x16},{ 0x12,0x1b,0x17,0x1d}, +{ 0x38,0x24,0x34,0x2c},{ 0x36,0x2d,0x39,0x27},{ 0x24,0x36,0x2e,0x3a},{ 0x2a,0x3f,0x23,0x31}, +{ 0x70,0x48,0x68,0x58},{ 0x7e,0x41,0x65,0x53},{ 0x6c,0x5a,0x72,0x4e},{ 0x62,0x53,0x7f,0x45}, +{ 0x48,0x6c,0x5c,0x74},{ 0x46,0x65,0x51,0x7f},{ 0x54,0x7e,0x46,0x62},{ 0x5a,0x77,0x4b,0x69}, +{ 0xe0,0x90,0xd0,0xb0},{ 0xee,0x99,0xdd,0xbb},{ 0xfc,0x82,0xca,0xa6},{ 0xf2,0x8b,0xc7,0xad}, +{ 0xd8,0xb4,0xe4,0x9c},{ 0xd6,0xbd,0xe9,0x97},{ 0xc4,0xa6,0xfe,0x8a},{ 0xca,0xaf,0xf3,0x81}, +{ 0x90,0xd8,0xb8,0xe8},{ 0x9e,0xd1,0xb5,0xe3},{ 0x8c,0xca,0xa2,0xfe},{ 0x82,0xc3,0xaf,0xf5}, +{ 0xa8,0xfc,0x8c,0xc4},{ 0xa6,0xf5,0x81,0xcf},{ 0xb4,0xee,0x96,0xd2},{ 0xba,0xe7,0x9b,0xd9}, +{ 0xdb,0x3b,0xbb,0x7b},{ 0xd5,0x32,0xb6,0x70},{ 0xc7,0x29,0xa1,0x6d},{ 0xc9,0x20,0xac,0x66}, +{ 0xe3,0x1f,0x8f,0x57},{ 0xed,0x16,0x82,0x5c},{ 0xff,0x0d,0x95,0x41},{ 0xf1,0x04,0x98,0x4a}, +{ 0xab,0x73,0xd3,0x23},{ 0xa5,0x7a,0xde,0x28},{ 0xb7,0x61,0xc9,0x35},{ 0xb9,0x68,0xc4,0x3e}, +{ 0x93,0x57,0xe7,0x0f},{ 0x9d,0x5e,0xea,0x04},{ 0x8f,0x45,0xfd,0x19},{ 0x81,0x4c,0xf0,0x12}, +{ 0x3b,0xab,0x6b,0xcb},{ 0x35,0xa2,0x66,0xc0},{ 0x27,0xb9,0x71,0xdd},{ 0x29,0xb0,0x7c,0xd6}, +{ 0x03,0x8f,0x5f,0xe7},{ 0x0d,0x86,0x52,0xec},{ 0x1f,0x9d,0x45,0xf1},{ 0x11,0x94,0x48,0xfa}, +{ 0x4b,0xe3,0x03,0x93},{ 0x45,0xea,0x0e,0x98},{ 0x57,0xf1,0x19,0x85},{ 0x59,0xf8,0x14,0x8e}, +{ 0x73,0xc7,0x37,0xbf},{ 0x7d,0xce,0x3a,0xb4},{ 0x6f,0xd5,0x2d,0xa9},{ 0x61,0xdc,0x20,0xa2}, +{ 0xad,0x76,0x6d,0xf6},{ 0xa3,0x7f,0x60,0xfd},{ 0xb1,0x64,0x77,0xe0},{ 0xbf,0x6d,0x7a,0xeb}, +{ 0x95,0x52,0x59,0xda},{ 0x9b,0x5b,0x54,0xd1},{ 0x89,0x40,0x43,0xcc},{ 0x87,0x49,0x4e,0xc7}, +{ 0xdd,0x3e,0x05,0xae},{ 0xd3,0x37,0x08,0xa5},{ 0xc1,0x2c,0x1f,0xb8},{ 0xcf,0x25,0x12,0xb3}, +{ 0xe5,0x1a,0x31,0x82},{ 0xeb,0x13,0x3c,0x89},{ 0xf9,0x08,0x2b,0x94},{ 0xf7,0x01,0x26,0x9f}, +{ 0x4d,0xe6,0xbd,0x46},{ 0x43,0xef,0xb0,0x4d},{ 0x51,0xf4,0xa7,0x50},{ 0x5f,0xfd,0xaa,0x5b}, +{ 0x75,0xc2,0x89,0x6a},{ 0x7b,0xcb,0x84,0x61},{ 0x69,0xd0,0x93,0x7c},{ 0x67,0xd9,0x9e,0x77}, +{ 0x3d,0xae,0xd5,0x1e},{ 0x33,0xa7,0xd8,0x15},{ 0x21,0xbc,0xcf,0x08},{ 0x2f,0xb5,0xc2,0x03}, +{ 0x05,0x8a,0xe1,0x32},{ 0x0b,0x83,0xec,0x39},{ 0x19,0x98,0xfb,0x24},{ 0x17,0x91,0xf6,0x2f}, +{ 0x76,0x4d,0xd6,0x8d},{ 0x78,0x44,0xdb,0x86},{ 0x6a,0x5f,0xcc,0x9b},{ 0x64,0x56,0xc1,0x90}, +{ 0x4e,0x69,0xe2,0xa1},{ 0x40,0x60,0xef,0xaa},{ 0x52,0x7b,0xf8,0xb7},{ 0x5c,0x72,0xf5,0xbc}, +{ 0x06,0x05,0xbe,0xd5},{ 0x08,0x0c,0xb3,0xde},{ 0x1a,0x17,0xa4,0xc3},{ 0x14,0x1e,0xa9,0xc8}, +{ 0x3e,0x21,0x8a,0xf9},{ 0x30,0x28,0x87,0xf2},{ 0x22,0x33,0x90,0xef},{ 0x2c,0x3a,0x9d,0xe4}, +{ 0x96,0xdd,0x06,0x3d},{ 0x98,0xd4,0x0b,0x36},{ 0x8a,0xcf,0x1c,0x2b},{ 0x84,0xc6,0x11,0x20}, +{ 0xae,0xf9,0x32,0x11},{ 0xa0,0xf0,0x3f,0x1a},{ 0xb2,0xeb,0x28,0x07},{ 0xbc,0xe2,0x25,0x0c}, +{ 0xe6,0x95,0x6e,0x65},{ 0xe8,0x9c,0x63,0x6e},{ 0xfa,0x87,0x74,0x73},{ 0xf4,0x8e,0x79,0x78}, +{ 0xde,0xb1,0x5a,0x49},{ 0xd0,0xb8,0x57,0x42},{ 0xc2,0xa3,0x40,0x5f},{ 0xcc,0xaa,0x4d,0x54}, +{ 0x41,0xec,0xda,0xf7},{ 0x4f,0xe5,0xd7,0xfc},{ 0x5d,0xfe,0xc0,0xe1},{ 0x53,0xf7,0xcd,0xea}, +{ 0x79,0xc8,0xee,0xdb},{ 0x77,0xc1,0xe3,0xd0},{ 0x65,0xda,0xf4,0xcd},{ 0x6b,0xd3,0xf9,0xc6}, +{ 0x31,0xa4,0xb2,0xaf},{ 0x3f,0xad,0xbf,0xa4},{ 0x2d,0xb6,0xa8,0xb9},{ 0x23,0xbf,0xa5,0xb2}, +{ 0x09,0x80,0x86,0x83},{ 0x07,0x89,0x8b,0x88},{ 0x15,0x92,0x9c,0x95},{ 0x1b,0x9b,0x91,0x9e}, +{ 0xa1,0x7c,0x0a,0x47},{ 0xaf,0x75,0x07,0x4c},{ 0xbd,0x6e,0x10,0x51},{ 0xb3,0x67,0x1d,0x5a}, +{ 0x99,0x58,0x3e,0x6b},{ 0x97,0x51,0x33,0x60},{ 0x85,0x4a,0x24,0x7d},{ 0x8b,0x43,0x29,0x76}, +{ 0xd1,0x34,0x62,0x1f},{ 0xdf,0x3d,0x6f,0x14},{ 0xcd,0x26,0x78,0x09},{ 0xc3,0x2f,0x75,0x02}, +{ 0xe9,0x10,0x56,0x33},{ 0xe7,0x19,0x5b,0x38},{ 0xf5,0x02,0x4c,0x25},{ 0xfb,0x0b,0x41,0x2e}, +{ 0x9a,0xd7,0x61,0x8c},{ 0x94,0xde,0x6c,0x87},{ 0x86,0xc5,0x7b,0x9a},{ 0x88,0xcc,0x76,0x91}, +{ 0xa2,0xf3,0x55,0xa0},{ 0xac,0xfa,0x58,0xab},{ 0xbe,0xe1,0x4f,0xb6},{ 0xb0,0xe8,0x42,0xbd}, +{ 0xea,0x9f,0x09,0xd4},{ 0xe4,0x96,0x04,0xdf},{ 0xf6,0x8d,0x13,0xc2},{ 0xf8,0x84,0x1e,0xc9}, +{ 0xd2,0xbb,0x3d,0xf8},{ 0xdc,0xb2,0x30,0xf3},{ 0xce,0xa9,0x27,0xee},{ 0xc0,0xa0,0x2a,0xe5}, +{ 0x7a,0x47,0xb1,0x3c},{ 0x74,0x4e,0xbc,0x37},{ 0x66,0x55,0xab,0x2a},{ 0x68,0x5c,0xa6,0x21}, +{ 0x42,0x63,0x85,0x10},{ 0x4c,0x6a,0x88,0x1b},{ 0x5e,0x71,0x9f,0x06},{ 0x50,0x78,0x92,0x0d}, +{ 0x0a,0x0f,0xd9,0x64},{ 0x04,0x06,0xd4,0x6f},{ 0x16,0x1d,0xc3,0x72},{ 0x18,0x14,0xce,0x79}, +{ 0x32,0x2b,0xed,0x48},{ 0x3c,0x22,0xe0,0x43},{ 0x2e,0x39,0xf7,0x5e},{ 0x20,0x30,0xfa,0x55}, +{ 0xec,0x9a,0xb7,0x01},{ 0xe2,0x93,0xba,0x0a},{ 0xf0,0x88,0xad,0x17},{ 0xfe,0x81,0xa0,0x1c}, +{ 0xd4,0xbe,0x83,0x2d},{ 0xda,0xb7,0x8e,0x26},{ 0xc8,0xac,0x99,0x3b},{ 0xc6,0xa5,0x94,0x30}, +{ 0x9c,0xd2,0xdf,0x59},{ 0x92,0xdb,0xd2,0x52},{ 0x80,0xc0,0xc5,0x4f},{ 0x8e,0xc9,0xc8,0x44}, +{ 0xa4,0xf6,0xeb,0x75},{ 0xaa,0xff,0xe6,0x7e},{ 0xb8,0xe4,0xf1,0x63},{ 0xb6,0xed,0xfc,0x68}, +{ 0x0c,0x0a,0x67,0xb1},{ 0x02,0x03,0x6a,0xba},{ 0x10,0x18,0x7d,0xa7},{ 0x1e,0x11,0x70,0xac}, +{ 0x34,0x2e,0x53,0x9d},{ 0x3a,0x27,0x5e,0x96},{ 0x28,0x3c,0x49,0x8b},{ 0x26,0x35,0x44,0x80}, +{ 0x7c,0x42,0x0f,0xe9},{ 0x72,0x4b,0x02,0xe2},{ 0x60,0x50,0x15,0xff},{ 0x6e,0x59,0x18,0xf4}, +{ 0x44,0x66,0x3b,0xc5},{ 0x4a,0x6f,0x36,0xce},{ 0x58,0x74,0x21,0xd3},{ 0x56,0x7d,0x2c,0xd8}, +{ 0x37,0xa1,0x0c,0x7a},{ 0x39,0xa8,0x01,0x71},{ 0x2b,0xb3,0x16,0x6c},{ 0x25,0xba,0x1b,0x67}, +{ 0x0f,0x85,0x38,0x56},{ 0x01,0x8c,0x35,0x5d},{ 0x13,0x97,0x22,0x40},{ 0x1d,0x9e,0x2f,0x4b}, +{ 0x47,0xe9,0x64,0x22},{ 0x49,0xe0,0x69,0x29},{ 0x5b,0xfb,0x7e,0x34},{ 0x55,0xf2,0x73,0x3f}, +{ 0x7f,0xcd,0x50,0x0e},{ 0x71,0xc4,0x5d,0x05},{ 0x63,0xdf,0x4a,0x18},{ 0x6d,0xd6,0x47,0x13}, +{ 0xd7,0x31,0xdc,0xca},{ 0xd9,0x38,0xd1,0xc1},{ 0xcb,0x23,0xc6,0xdc},{ 0xc5,0x2a,0xcb,0xd7}, +{ 0xef,0x15,0xe8,0xe6},{ 0xe1,0x1c,0xe5,0xed},{ 0xf3,0x07,0xf2,0xf0},{ 0xfd,0x0e,0xff,0xfb}, +{ 0xa7,0x79,0xb4,0x92},{ 0xa9,0x70,0xb9,0x99},{ 0xbb,0x6b,0xae,0x84},{ 0xb5,0x62,0xa3,0x8f}, +{ 0x9f,0x5d,0x80,0xbe},{ 0x91,0x54,0x8d,0xb5},{ 0x83,0x4f,0x9a,0xa8},{ 0x8d,0x46,0x97,0xa3 } +}; + +word8 U2[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x0b,0x0e,0x09,0x0d},{ 0x16,0x1c,0x12,0x1a},{ 0x1d,0x12,0x1b,0x17}, +{ 0x2c,0x38,0x24,0x34},{ 0x27,0x36,0x2d,0x39},{ 0x3a,0x24,0x36,0x2e},{ 0x31,0x2a,0x3f,0x23}, +{ 0x58,0x70,0x48,0x68},{ 0x53,0x7e,0x41,0x65},{ 0x4e,0x6c,0x5a,0x72},{ 0x45,0x62,0x53,0x7f}, +{ 0x74,0x48,0x6c,0x5c},{ 0x7f,0x46,0x65,0x51},{ 0x62,0x54,0x7e,0x46},{ 0x69,0x5a,0x77,0x4b}, +{ 0xb0,0xe0,0x90,0xd0},{ 0xbb,0xee,0x99,0xdd},{ 0xa6,0xfc,0x82,0xca},{ 0xad,0xf2,0x8b,0xc7}, +{ 0x9c,0xd8,0xb4,0xe4},{ 0x97,0xd6,0xbd,0xe9},{ 0x8a,0xc4,0xa6,0xfe},{ 0x81,0xca,0xaf,0xf3}, +{ 0xe8,0x90,0xd8,0xb8},{ 0xe3,0x9e,0xd1,0xb5},{ 0xfe,0x8c,0xca,0xa2},{ 0xf5,0x82,0xc3,0xaf}, +{ 0xc4,0xa8,0xfc,0x8c},{ 0xcf,0xa6,0xf5,0x81},{ 0xd2,0xb4,0xee,0x96},{ 0xd9,0xba,0xe7,0x9b}, +{ 0x7b,0xdb,0x3b,0xbb},{ 0x70,0xd5,0x32,0xb6},{ 0x6d,0xc7,0x29,0xa1},{ 0x66,0xc9,0x20,0xac}, +{ 0x57,0xe3,0x1f,0x8f},{ 0x5c,0xed,0x16,0x82},{ 0x41,0xff,0x0d,0x95},{ 0x4a,0xf1,0x04,0x98}, +{ 0x23,0xab,0x73,0xd3},{ 0x28,0xa5,0x7a,0xde},{ 0x35,0xb7,0x61,0xc9},{ 0x3e,0xb9,0x68,0xc4}, +{ 0x0f,0x93,0x57,0xe7},{ 0x04,0x9d,0x5e,0xea},{ 0x19,0x8f,0x45,0xfd},{ 0x12,0x81,0x4c,0xf0}, +{ 0xcb,0x3b,0xab,0x6b},{ 0xc0,0x35,0xa2,0x66},{ 0xdd,0x27,0xb9,0x71},{ 0xd6,0x29,0xb0,0x7c}, +{ 0xe7,0x03,0x8f,0x5f},{ 0xec,0x0d,0x86,0x52},{ 0xf1,0x1f,0x9d,0x45},{ 0xfa,0x11,0x94,0x48}, +{ 0x93,0x4b,0xe3,0x03},{ 0x98,0x45,0xea,0x0e},{ 0x85,0x57,0xf1,0x19},{ 0x8e,0x59,0xf8,0x14}, +{ 0xbf,0x73,0xc7,0x37},{ 0xb4,0x7d,0xce,0x3a},{ 0xa9,0x6f,0xd5,0x2d},{ 0xa2,0x61,0xdc,0x20}, +{ 0xf6,0xad,0x76,0x6d},{ 0xfd,0xa3,0x7f,0x60},{ 0xe0,0xb1,0x64,0x77},{ 0xeb,0xbf,0x6d,0x7a}, +{ 0xda,0x95,0x52,0x59},{ 0xd1,0x9b,0x5b,0x54},{ 0xcc,0x89,0x40,0x43},{ 0xc7,0x87,0x49,0x4e}, +{ 0xae,0xdd,0x3e,0x05},{ 0xa5,0xd3,0x37,0x08},{ 0xb8,0xc1,0x2c,0x1f},{ 0xb3,0xcf,0x25,0x12}, +{ 0x82,0xe5,0x1a,0x31},{ 0x89,0xeb,0x13,0x3c},{ 0x94,0xf9,0x08,0x2b},{ 0x9f,0xf7,0x01,0x26}, +{ 0x46,0x4d,0xe6,0xbd},{ 0x4d,0x43,0xef,0xb0},{ 0x50,0x51,0xf4,0xa7},{ 0x5b,0x5f,0xfd,0xaa}, +{ 0x6a,0x75,0xc2,0x89},{ 0x61,0x7b,0xcb,0x84},{ 0x7c,0x69,0xd0,0x93},{ 0x77,0x67,0xd9,0x9e}, +{ 0x1e,0x3d,0xae,0xd5},{ 0x15,0x33,0xa7,0xd8},{ 0x08,0x21,0xbc,0xcf},{ 0x03,0x2f,0xb5,0xc2}, +{ 0x32,0x05,0x8a,0xe1},{ 0x39,0x0b,0x83,0xec},{ 0x24,0x19,0x98,0xfb},{ 0x2f,0x17,0x91,0xf6}, +{ 0x8d,0x76,0x4d,0xd6},{ 0x86,0x78,0x44,0xdb},{ 0x9b,0x6a,0x5f,0xcc},{ 0x90,0x64,0x56,0xc1}, +{ 0xa1,0x4e,0x69,0xe2},{ 0xaa,0x40,0x60,0xef},{ 0xb7,0x52,0x7b,0xf8},{ 0xbc,0x5c,0x72,0xf5}, +{ 0xd5,0x06,0x05,0xbe},{ 0xde,0x08,0x0c,0xb3},{ 0xc3,0x1a,0x17,0xa4},{ 0xc8,0x14,0x1e,0xa9}, +{ 0xf9,0x3e,0x21,0x8a},{ 0xf2,0x30,0x28,0x87},{ 0xef,0x22,0x33,0x90},{ 0xe4,0x2c,0x3a,0x9d}, +{ 0x3d,0x96,0xdd,0x06},{ 0x36,0x98,0xd4,0x0b},{ 0x2b,0x8a,0xcf,0x1c},{ 0x20,0x84,0xc6,0x11}, +{ 0x11,0xae,0xf9,0x32},{ 0x1a,0xa0,0xf0,0x3f},{ 0x07,0xb2,0xeb,0x28},{ 0x0c,0xbc,0xe2,0x25}, +{ 0x65,0xe6,0x95,0x6e},{ 0x6e,0xe8,0x9c,0x63},{ 0x73,0xfa,0x87,0x74},{ 0x78,0xf4,0x8e,0x79}, +{ 0x49,0xde,0xb1,0x5a},{ 0x42,0xd0,0xb8,0x57},{ 0x5f,0xc2,0xa3,0x40},{ 0x54,0xcc,0xaa,0x4d}, +{ 0xf7,0x41,0xec,0xda},{ 0xfc,0x4f,0xe5,0xd7},{ 0xe1,0x5d,0xfe,0xc0},{ 0xea,0x53,0xf7,0xcd}, +{ 0xdb,0x79,0xc8,0xee},{ 0xd0,0x77,0xc1,0xe3},{ 0xcd,0x65,0xda,0xf4},{ 0xc6,0x6b,0xd3,0xf9}, +{ 0xaf,0x31,0xa4,0xb2},{ 0xa4,0x3f,0xad,0xbf},{ 0xb9,0x2d,0xb6,0xa8},{ 0xb2,0x23,0xbf,0xa5}, +{ 0x83,0x09,0x80,0x86},{ 0x88,0x07,0x89,0x8b},{ 0x95,0x15,0x92,0x9c},{ 0x9e,0x1b,0x9b,0x91}, +{ 0x47,0xa1,0x7c,0x0a},{ 0x4c,0xaf,0x75,0x07},{ 0x51,0xbd,0x6e,0x10},{ 0x5a,0xb3,0x67,0x1d}, +{ 0x6b,0x99,0x58,0x3e},{ 0x60,0x97,0x51,0x33},{ 0x7d,0x85,0x4a,0x24},{ 0x76,0x8b,0x43,0x29}, +{ 0x1f,0xd1,0x34,0x62},{ 0x14,0xdf,0x3d,0x6f},{ 0x09,0xcd,0x26,0x78},{ 0x02,0xc3,0x2f,0x75}, +{ 0x33,0xe9,0x10,0x56},{ 0x38,0xe7,0x19,0x5b},{ 0x25,0xf5,0x02,0x4c},{ 0x2e,0xfb,0x0b,0x41}, +{ 0x8c,0x9a,0xd7,0x61},{ 0x87,0x94,0xde,0x6c},{ 0x9a,0x86,0xc5,0x7b},{ 0x91,0x88,0xcc,0x76}, +{ 0xa0,0xa2,0xf3,0x55},{ 0xab,0xac,0xfa,0x58},{ 0xb6,0xbe,0xe1,0x4f},{ 0xbd,0xb0,0xe8,0x42}, +{ 0xd4,0xea,0x9f,0x09},{ 0xdf,0xe4,0x96,0x04},{ 0xc2,0xf6,0x8d,0x13},{ 0xc9,0xf8,0x84,0x1e}, +{ 0xf8,0xd2,0xbb,0x3d},{ 0xf3,0xdc,0xb2,0x30},{ 0xee,0xce,0xa9,0x27},{ 0xe5,0xc0,0xa0,0x2a}, +{ 0x3c,0x7a,0x47,0xb1},{ 0x37,0x74,0x4e,0xbc},{ 0x2a,0x66,0x55,0xab},{ 0x21,0x68,0x5c,0xa6}, +{ 0x10,0x42,0x63,0x85},{ 0x1b,0x4c,0x6a,0x88},{ 0x06,0x5e,0x71,0x9f},{ 0x0d,0x50,0x78,0x92}, +{ 0x64,0x0a,0x0f,0xd9},{ 0x6f,0x04,0x06,0xd4},{ 0x72,0x16,0x1d,0xc3},{ 0x79,0x18,0x14,0xce}, +{ 0x48,0x32,0x2b,0xed},{ 0x43,0x3c,0x22,0xe0},{ 0x5e,0x2e,0x39,0xf7},{ 0x55,0x20,0x30,0xfa}, +{ 0x01,0xec,0x9a,0xb7},{ 0x0a,0xe2,0x93,0xba},{ 0x17,0xf0,0x88,0xad},{ 0x1c,0xfe,0x81,0xa0}, +{ 0x2d,0xd4,0xbe,0x83},{ 0x26,0xda,0xb7,0x8e},{ 0x3b,0xc8,0xac,0x99},{ 0x30,0xc6,0xa5,0x94}, +{ 0x59,0x9c,0xd2,0xdf},{ 0x52,0x92,0xdb,0xd2},{ 0x4f,0x80,0xc0,0xc5},{ 0x44,0x8e,0xc9,0xc8}, +{ 0x75,0xa4,0xf6,0xeb},{ 0x7e,0xaa,0xff,0xe6},{ 0x63,0xb8,0xe4,0xf1},{ 0x68,0xb6,0xed,0xfc}, +{ 0xb1,0x0c,0x0a,0x67},{ 0xba,0x02,0x03,0x6a},{ 0xa7,0x10,0x18,0x7d},{ 0xac,0x1e,0x11,0x70}, +{ 0x9d,0x34,0x2e,0x53},{ 0x96,0x3a,0x27,0x5e},{ 0x8b,0x28,0x3c,0x49},{ 0x80,0x26,0x35,0x44}, +{ 0xe9,0x7c,0x42,0x0f},{ 0xe2,0x72,0x4b,0x02},{ 0xff,0x60,0x50,0x15},{ 0xf4,0x6e,0x59,0x18}, +{ 0xc5,0x44,0x66,0x3b},{ 0xce,0x4a,0x6f,0x36},{ 0xd3,0x58,0x74,0x21},{ 0xd8,0x56,0x7d,0x2c}, +{ 0x7a,0x37,0xa1,0x0c},{ 0x71,0x39,0xa8,0x01},{ 0x6c,0x2b,0xb3,0x16},{ 0x67,0x25,0xba,0x1b}, +{ 0x56,0x0f,0x85,0x38},{ 0x5d,0x01,0x8c,0x35},{ 0x40,0x13,0x97,0x22},{ 0x4b,0x1d,0x9e,0x2f}, +{ 0x22,0x47,0xe9,0x64},{ 0x29,0x49,0xe0,0x69},{ 0x34,0x5b,0xfb,0x7e},{ 0x3f,0x55,0xf2,0x73}, +{ 0x0e,0x7f,0xcd,0x50},{ 0x05,0x71,0xc4,0x5d},{ 0x18,0x63,0xdf,0x4a},{ 0x13,0x6d,0xd6,0x47}, +{ 0xca,0xd7,0x31,0xdc},{ 0xc1,0xd9,0x38,0xd1},{ 0xdc,0xcb,0x23,0xc6},{ 0xd7,0xc5,0x2a,0xcb}, +{ 0xe6,0xef,0x15,0xe8},{ 0xed,0xe1,0x1c,0xe5},{ 0xf0,0xf3,0x07,0xf2},{ 0xfb,0xfd,0x0e,0xff}, +{ 0x92,0xa7,0x79,0xb4},{ 0x99,0xa9,0x70,0xb9},{ 0x84,0xbb,0x6b,0xae},{ 0x8f,0xb5,0x62,0xa3}, +{ 0xbe,0x9f,0x5d,0x80},{ 0xb5,0x91,0x54,0x8d},{ 0xa8,0x83,0x4f,0x9a},{ 0xa3,0x8d,0x46,0x97 } +}; + +word8 U3[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x0d,0x0b,0x0e,0x09},{ 0x1a,0x16,0x1c,0x12},{ 0x17,0x1d,0x12,0x1b}, +{ 0x34,0x2c,0x38,0x24},{ 0x39,0x27,0x36,0x2d},{ 0x2e,0x3a,0x24,0x36},{ 0x23,0x31,0x2a,0x3f}, +{ 0x68,0x58,0x70,0x48},{ 0x65,0x53,0x7e,0x41},{ 0x72,0x4e,0x6c,0x5a},{ 0x7f,0x45,0x62,0x53}, +{ 0x5c,0x74,0x48,0x6c},{ 0x51,0x7f,0x46,0x65},{ 0x46,0x62,0x54,0x7e},{ 0x4b,0x69,0x5a,0x77}, +{ 0xd0,0xb0,0xe0,0x90},{ 0xdd,0xbb,0xee,0x99},{ 0xca,0xa6,0xfc,0x82},{ 0xc7,0xad,0xf2,0x8b}, +{ 0xe4,0x9c,0xd8,0xb4},{ 0xe9,0x97,0xd6,0xbd},{ 0xfe,0x8a,0xc4,0xa6},{ 0xf3,0x81,0xca,0xaf}, +{ 0xb8,0xe8,0x90,0xd8},{ 0xb5,0xe3,0x9e,0xd1},{ 0xa2,0xfe,0x8c,0xca},{ 0xaf,0xf5,0x82,0xc3}, +{ 0x8c,0xc4,0xa8,0xfc},{ 0x81,0xcf,0xa6,0xf5},{ 0x96,0xd2,0xb4,0xee},{ 0x9b,0xd9,0xba,0xe7}, +{ 0xbb,0x7b,0xdb,0x3b},{ 0xb6,0x70,0xd5,0x32},{ 0xa1,0x6d,0xc7,0x29},{ 0xac,0x66,0xc9,0x20}, +{ 0x8f,0x57,0xe3,0x1f},{ 0x82,0x5c,0xed,0x16},{ 0x95,0x41,0xff,0x0d},{ 0x98,0x4a,0xf1,0x04}, +{ 0xd3,0x23,0xab,0x73},{ 0xde,0x28,0xa5,0x7a},{ 0xc9,0x35,0xb7,0x61},{ 0xc4,0x3e,0xb9,0x68}, +{ 0xe7,0x0f,0x93,0x57},{ 0xea,0x04,0x9d,0x5e},{ 0xfd,0x19,0x8f,0x45},{ 0xf0,0x12,0x81,0x4c}, +{ 0x6b,0xcb,0x3b,0xab},{ 0x66,0xc0,0x35,0xa2},{ 0x71,0xdd,0x27,0xb9},{ 0x7c,0xd6,0x29,0xb0}, +{ 0x5f,0xe7,0x03,0x8f},{ 0x52,0xec,0x0d,0x86},{ 0x45,0xf1,0x1f,0x9d},{ 0x48,0xfa,0x11,0x94}, +{ 0x03,0x93,0x4b,0xe3},{ 0x0e,0x98,0x45,0xea},{ 0x19,0x85,0x57,0xf1},{ 0x14,0x8e,0x59,0xf8}, +{ 0x37,0xbf,0x73,0xc7},{ 0x3a,0xb4,0x7d,0xce},{ 0x2d,0xa9,0x6f,0xd5},{ 0x20,0xa2,0x61,0xdc}, +{ 0x6d,0xf6,0xad,0x76},{ 0x60,0xfd,0xa3,0x7f},{ 0x77,0xe0,0xb1,0x64},{ 0x7a,0xeb,0xbf,0x6d}, +{ 0x59,0xda,0x95,0x52},{ 0x54,0xd1,0x9b,0x5b},{ 0x43,0xcc,0x89,0x40},{ 0x4e,0xc7,0x87,0x49}, +{ 0x05,0xae,0xdd,0x3e},{ 0x08,0xa5,0xd3,0x37},{ 0x1f,0xb8,0xc1,0x2c},{ 0x12,0xb3,0xcf,0x25}, +{ 0x31,0x82,0xe5,0x1a},{ 0x3c,0x89,0xeb,0x13},{ 0x2b,0x94,0xf9,0x08},{ 0x26,0x9f,0xf7,0x01}, +{ 0xbd,0x46,0x4d,0xe6},{ 0xb0,0x4d,0x43,0xef},{ 0xa7,0x50,0x51,0xf4},{ 0xaa,0x5b,0x5f,0xfd}, +{ 0x89,0x6a,0x75,0xc2},{ 0x84,0x61,0x7b,0xcb},{ 0x93,0x7c,0x69,0xd0},{ 0x9e,0x77,0x67,0xd9}, +{ 0xd5,0x1e,0x3d,0xae},{ 0xd8,0x15,0x33,0xa7},{ 0xcf,0x08,0x21,0xbc},{ 0xc2,0x03,0x2f,0xb5}, +{ 0xe1,0x32,0x05,0x8a},{ 0xec,0x39,0x0b,0x83},{ 0xfb,0x24,0x19,0x98},{ 0xf6,0x2f,0x17,0x91}, +{ 0xd6,0x8d,0x76,0x4d},{ 0xdb,0x86,0x78,0x44},{ 0xcc,0x9b,0x6a,0x5f},{ 0xc1,0x90,0x64,0x56}, +{ 0xe2,0xa1,0x4e,0x69},{ 0xef,0xaa,0x40,0x60},{ 0xf8,0xb7,0x52,0x7b},{ 0xf5,0xbc,0x5c,0x72}, +{ 0xbe,0xd5,0x06,0x05},{ 0xb3,0xde,0x08,0x0c},{ 0xa4,0xc3,0x1a,0x17},{ 0xa9,0xc8,0x14,0x1e}, +{ 0x8a,0xf9,0x3e,0x21},{ 0x87,0xf2,0x30,0x28},{ 0x90,0xef,0x22,0x33},{ 0x9d,0xe4,0x2c,0x3a}, +{ 0x06,0x3d,0x96,0xdd},{ 0x0b,0x36,0x98,0xd4},{ 0x1c,0x2b,0x8a,0xcf},{ 0x11,0x20,0x84,0xc6}, +{ 0x32,0x11,0xae,0xf9},{ 0x3f,0x1a,0xa0,0xf0},{ 0x28,0x07,0xb2,0xeb},{ 0x25,0x0c,0xbc,0xe2}, +{ 0x6e,0x65,0xe6,0x95},{ 0x63,0x6e,0xe8,0x9c},{ 0x74,0x73,0xfa,0x87},{ 0x79,0x78,0xf4,0x8e}, +{ 0x5a,0x49,0xde,0xb1},{ 0x57,0x42,0xd0,0xb8},{ 0x40,0x5f,0xc2,0xa3},{ 0x4d,0x54,0xcc,0xaa}, +{ 0xda,0xf7,0x41,0xec},{ 0xd7,0xfc,0x4f,0xe5},{ 0xc0,0xe1,0x5d,0xfe},{ 0xcd,0xea,0x53,0xf7}, +{ 0xee,0xdb,0x79,0xc8},{ 0xe3,0xd0,0x77,0xc1},{ 0xf4,0xcd,0x65,0xda},{ 0xf9,0xc6,0x6b,0xd3}, +{ 0xb2,0xaf,0x31,0xa4},{ 0xbf,0xa4,0x3f,0xad},{ 0xa8,0xb9,0x2d,0xb6},{ 0xa5,0xb2,0x23,0xbf}, +{ 0x86,0x83,0x09,0x80},{ 0x8b,0x88,0x07,0x89},{ 0x9c,0x95,0x15,0x92},{ 0x91,0x9e,0x1b,0x9b}, +{ 0x0a,0x47,0xa1,0x7c},{ 0x07,0x4c,0xaf,0x75},{ 0x10,0x51,0xbd,0x6e},{ 0x1d,0x5a,0xb3,0x67}, +{ 0x3e,0x6b,0x99,0x58},{ 0x33,0x60,0x97,0x51},{ 0x24,0x7d,0x85,0x4a},{ 0x29,0x76,0x8b,0x43}, +{ 0x62,0x1f,0xd1,0x34},{ 0x6f,0x14,0xdf,0x3d},{ 0x78,0x09,0xcd,0x26},{ 0x75,0x02,0xc3,0x2f}, +{ 0x56,0x33,0xe9,0x10},{ 0x5b,0x38,0xe7,0x19},{ 0x4c,0x25,0xf5,0x02},{ 0x41,0x2e,0xfb,0x0b}, +{ 0x61,0x8c,0x9a,0xd7},{ 0x6c,0x87,0x94,0xde},{ 0x7b,0x9a,0x86,0xc5},{ 0x76,0x91,0x88,0xcc}, +{ 0x55,0xa0,0xa2,0xf3},{ 0x58,0xab,0xac,0xfa},{ 0x4f,0xb6,0xbe,0xe1},{ 0x42,0xbd,0xb0,0xe8}, +{ 0x09,0xd4,0xea,0x9f},{ 0x04,0xdf,0xe4,0x96},{ 0x13,0xc2,0xf6,0x8d},{ 0x1e,0xc9,0xf8,0x84}, +{ 0x3d,0xf8,0xd2,0xbb},{ 0x30,0xf3,0xdc,0xb2},{ 0x27,0xee,0xce,0xa9},{ 0x2a,0xe5,0xc0,0xa0}, +{ 0xb1,0x3c,0x7a,0x47},{ 0xbc,0x37,0x74,0x4e},{ 0xab,0x2a,0x66,0x55},{ 0xa6,0x21,0x68,0x5c}, +{ 0x85,0x10,0x42,0x63},{ 0x88,0x1b,0x4c,0x6a},{ 0x9f,0x06,0x5e,0x71},{ 0x92,0x0d,0x50,0x78}, +{ 0xd9,0x64,0x0a,0x0f},{ 0xd4,0x6f,0x04,0x06},{ 0xc3,0x72,0x16,0x1d},{ 0xce,0x79,0x18,0x14}, +{ 0xed,0x48,0x32,0x2b},{ 0xe0,0x43,0x3c,0x22},{ 0xf7,0x5e,0x2e,0x39},{ 0xfa,0x55,0x20,0x30}, +{ 0xb7,0x01,0xec,0x9a},{ 0xba,0x0a,0xe2,0x93},{ 0xad,0x17,0xf0,0x88},{ 0xa0,0x1c,0xfe,0x81}, +{ 0x83,0x2d,0xd4,0xbe},{ 0x8e,0x26,0xda,0xb7},{ 0x99,0x3b,0xc8,0xac},{ 0x94,0x30,0xc6,0xa5}, +{ 0xdf,0x59,0x9c,0xd2},{ 0xd2,0x52,0x92,0xdb},{ 0xc5,0x4f,0x80,0xc0},{ 0xc8,0x44,0x8e,0xc9}, +{ 0xeb,0x75,0xa4,0xf6},{ 0xe6,0x7e,0xaa,0xff},{ 0xf1,0x63,0xb8,0xe4},{ 0xfc,0x68,0xb6,0xed}, +{ 0x67,0xb1,0x0c,0x0a},{ 0x6a,0xba,0x02,0x03},{ 0x7d,0xa7,0x10,0x18},{ 0x70,0xac,0x1e,0x11}, +{ 0x53,0x9d,0x34,0x2e},{ 0x5e,0x96,0x3a,0x27},{ 0x49,0x8b,0x28,0x3c},{ 0x44,0x80,0x26,0x35}, +{ 0x0f,0xe9,0x7c,0x42},{ 0x02,0xe2,0x72,0x4b},{ 0x15,0xff,0x60,0x50},{ 0x18,0xf4,0x6e,0x59}, +{ 0x3b,0xc5,0x44,0x66},{ 0x36,0xce,0x4a,0x6f},{ 0x21,0xd3,0x58,0x74},{ 0x2c,0xd8,0x56,0x7d}, +{ 0x0c,0x7a,0x37,0xa1},{ 0x01,0x71,0x39,0xa8},{ 0x16,0x6c,0x2b,0xb3},{ 0x1b,0x67,0x25,0xba}, +{ 0x38,0x56,0x0f,0x85},{ 0x35,0x5d,0x01,0x8c},{ 0x22,0x40,0x13,0x97},{ 0x2f,0x4b,0x1d,0x9e}, +{ 0x64,0x22,0x47,0xe9},{ 0x69,0x29,0x49,0xe0},{ 0x7e,0x34,0x5b,0xfb},{ 0x73,0x3f,0x55,0xf2}, +{ 0x50,0x0e,0x7f,0xcd},{ 0x5d,0x05,0x71,0xc4},{ 0x4a,0x18,0x63,0xdf},{ 0x47,0x13,0x6d,0xd6}, +{ 0xdc,0xca,0xd7,0x31},{ 0xd1,0xc1,0xd9,0x38},{ 0xc6,0xdc,0xcb,0x23},{ 0xcb,0xd7,0xc5,0x2a}, +{ 0xe8,0xe6,0xef,0x15},{ 0xe5,0xed,0xe1,0x1c},{ 0xf2,0xf0,0xf3,0x07},{ 0xff,0xfb,0xfd,0x0e}, +{ 0xb4,0x92,0xa7,0x79},{ 0xb9,0x99,0xa9,0x70},{ 0xae,0x84,0xbb,0x6b},{ 0xa3,0x8f,0xb5,0x62}, +{ 0x80,0xbe,0x9f,0x5d},{ 0x8d,0xb5,0x91,0x54},{ 0x9a,0xa8,0x83,0x4f},{ 0x97,0xa3,0x8d,0x46 } +}; + +word8 U4[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x09,0x0d,0x0b,0x0e},{ 0x12,0x1a,0x16,0x1c},{ 0x1b,0x17,0x1d,0x12}, +{ 0x24,0x34,0x2c,0x38},{ 0x2d,0x39,0x27,0x36},{ 0x36,0x2e,0x3a,0x24},{ 0x3f,0x23,0x31,0x2a}, +{ 0x48,0x68,0x58,0x70},{ 0x41,0x65,0x53,0x7e},{ 0x5a,0x72,0x4e,0x6c},{ 0x53,0x7f,0x45,0x62}, +{ 0x6c,0x5c,0x74,0x48},{ 0x65,0x51,0x7f,0x46},{ 0x7e,0x46,0x62,0x54},{ 0x77,0x4b,0x69,0x5a}, +{ 0x90,0xd0,0xb0,0xe0},{ 0x99,0xdd,0xbb,0xee},{ 0x82,0xca,0xa6,0xfc},{ 0x8b,0xc7,0xad,0xf2}, +{ 0xb4,0xe4,0x9c,0xd8},{ 0xbd,0xe9,0x97,0xd6},{ 0xa6,0xfe,0x8a,0xc4},{ 0xaf,0xf3,0x81,0xca}, +{ 0xd8,0xb8,0xe8,0x90},{ 0xd1,0xb5,0xe3,0x9e},{ 0xca,0xa2,0xfe,0x8c},{ 0xc3,0xaf,0xf5,0x82}, +{ 0xfc,0x8c,0xc4,0xa8},{ 0xf5,0x81,0xcf,0xa6},{ 0xee,0x96,0xd2,0xb4},{ 0xe7,0x9b,0xd9,0xba}, +{ 0x3b,0xbb,0x7b,0xdb},{ 0x32,0xb6,0x70,0xd5},{ 0x29,0xa1,0x6d,0xc7},{ 0x20,0xac,0x66,0xc9}, +{ 0x1f,0x8f,0x57,0xe3},{ 0x16,0x82,0x5c,0xed},{ 0x0d,0x95,0x41,0xff},{ 0x04,0x98,0x4a,0xf1}, +{ 0x73,0xd3,0x23,0xab},{ 0x7a,0xde,0x28,0xa5},{ 0x61,0xc9,0x35,0xb7},{ 0x68,0xc4,0x3e,0xb9}, +{ 0x57,0xe7,0x0f,0x93},{ 0x5e,0xea,0x04,0x9d},{ 0x45,0xfd,0x19,0x8f},{ 0x4c,0xf0,0x12,0x81}, +{ 0xab,0x6b,0xcb,0x3b},{ 0xa2,0x66,0xc0,0x35},{ 0xb9,0x71,0xdd,0x27},{ 0xb0,0x7c,0xd6,0x29}, +{ 0x8f,0x5f,0xe7,0x03},{ 0x86,0x52,0xec,0x0d},{ 0x9d,0x45,0xf1,0x1f},{ 0x94,0x48,0xfa,0x11}, +{ 0xe3,0x03,0x93,0x4b},{ 0xea,0x0e,0x98,0x45},{ 0xf1,0x19,0x85,0x57},{ 0xf8,0x14,0x8e,0x59}, +{ 0xc7,0x37,0xbf,0x73},{ 0xce,0x3a,0xb4,0x7d},{ 0xd5,0x2d,0xa9,0x6f},{ 0xdc,0x20,0xa2,0x61}, +{ 0x76,0x6d,0xf6,0xad},{ 0x7f,0x60,0xfd,0xa3},{ 0x64,0x77,0xe0,0xb1},{ 0x6d,0x7a,0xeb,0xbf}, +{ 0x52,0x59,0xda,0x95},{ 0x5b,0x54,0xd1,0x9b},{ 0x40,0x43,0xcc,0x89},{ 0x49,0x4e,0xc7,0x87}, +{ 0x3e,0x05,0xae,0xdd},{ 0x37,0x08,0xa5,0xd3},{ 0x2c,0x1f,0xb8,0xc1},{ 0x25,0x12,0xb3,0xcf}, +{ 0x1a,0x31,0x82,0xe5},{ 0x13,0x3c,0x89,0xeb},{ 0x08,0x2b,0x94,0xf9},{ 0x01,0x26,0x9f,0xf7}, +{ 0xe6,0xbd,0x46,0x4d},{ 0xef,0xb0,0x4d,0x43},{ 0xf4,0xa7,0x50,0x51},{ 0xfd,0xaa,0x5b,0x5f}, +{ 0xc2,0x89,0x6a,0x75},{ 0xcb,0x84,0x61,0x7b},{ 0xd0,0x93,0x7c,0x69},{ 0xd9,0x9e,0x77,0x67}, +{ 0xae,0xd5,0x1e,0x3d},{ 0xa7,0xd8,0x15,0x33},{ 0xbc,0xcf,0x08,0x21},{ 0xb5,0xc2,0x03,0x2f}, +{ 0x8a,0xe1,0x32,0x05},{ 0x83,0xec,0x39,0x0b},{ 0x98,0xfb,0x24,0x19},{ 0x91,0xf6,0x2f,0x17}, +{ 0x4d,0xd6,0x8d,0x76},{ 0x44,0xdb,0x86,0x78},{ 0x5f,0xcc,0x9b,0x6a},{ 0x56,0xc1,0x90,0x64}, +{ 0x69,0xe2,0xa1,0x4e},{ 0x60,0xef,0xaa,0x40},{ 0x7b,0xf8,0xb7,0x52},{ 0x72,0xf5,0xbc,0x5c}, +{ 0x05,0xbe,0xd5,0x06},{ 0x0c,0xb3,0xde,0x08},{ 0x17,0xa4,0xc3,0x1a},{ 0x1e,0xa9,0xc8,0x14}, +{ 0x21,0x8a,0xf9,0x3e},{ 0x28,0x87,0xf2,0x30},{ 0x33,0x90,0xef,0x22},{ 0x3a,0x9d,0xe4,0x2c}, +{ 0xdd,0x06,0x3d,0x96},{ 0xd4,0x0b,0x36,0x98},{ 0xcf,0x1c,0x2b,0x8a},{ 0xc6,0x11,0x20,0x84}, +{ 0xf9,0x32,0x11,0xae},{ 0xf0,0x3f,0x1a,0xa0},{ 0xeb,0x28,0x07,0xb2},{ 0xe2,0x25,0x0c,0xbc}, +{ 0x95,0x6e,0x65,0xe6},{ 0x9c,0x63,0x6e,0xe8},{ 0x87,0x74,0x73,0xfa},{ 0x8e,0x79,0x78,0xf4}, +{ 0xb1,0x5a,0x49,0xde},{ 0xb8,0x57,0x42,0xd0},{ 0xa3,0x40,0x5f,0xc2},{ 0xaa,0x4d,0x54,0xcc}, +{ 0xec,0xda,0xf7,0x41},{ 0xe5,0xd7,0xfc,0x4f},{ 0xfe,0xc0,0xe1,0x5d},{ 0xf7,0xcd,0xea,0x53}, +{ 0xc8,0xee,0xdb,0x79},{ 0xc1,0xe3,0xd0,0x77},{ 0xda,0xf4,0xcd,0x65},{ 0xd3,0xf9,0xc6,0x6b}, +{ 0xa4,0xb2,0xaf,0x31},{ 0xad,0xbf,0xa4,0x3f},{ 0xb6,0xa8,0xb9,0x2d},{ 0xbf,0xa5,0xb2,0x23}, +{ 0x80,0x86,0x83,0x09},{ 0x89,0x8b,0x88,0x07},{ 0x92,0x9c,0x95,0x15},{ 0x9b,0x91,0x9e,0x1b}, +{ 0x7c,0x0a,0x47,0xa1},{ 0x75,0x07,0x4c,0xaf},{ 0x6e,0x10,0x51,0xbd},{ 0x67,0x1d,0x5a,0xb3}, +{ 0x58,0x3e,0x6b,0x99},{ 0x51,0x33,0x60,0x97},{ 0x4a,0x24,0x7d,0x85},{ 0x43,0x29,0x76,0x8b}, +{ 0x34,0x62,0x1f,0xd1},{ 0x3d,0x6f,0x14,0xdf},{ 0x26,0x78,0x09,0xcd},{ 0x2f,0x75,0x02,0xc3}, +{ 0x10,0x56,0x33,0xe9},{ 0x19,0x5b,0x38,0xe7},{ 0x02,0x4c,0x25,0xf5},{ 0x0b,0x41,0x2e,0xfb}, +{ 0xd7,0x61,0x8c,0x9a},{ 0xde,0x6c,0x87,0x94},{ 0xc5,0x7b,0x9a,0x86},{ 0xcc,0x76,0x91,0x88}, +{ 0xf3,0x55,0xa0,0xa2},{ 0xfa,0x58,0xab,0xac},{ 0xe1,0x4f,0xb6,0xbe},{ 0xe8,0x42,0xbd,0xb0}, +{ 0x9f,0x09,0xd4,0xea},{ 0x96,0x04,0xdf,0xe4},{ 0x8d,0x13,0xc2,0xf6},{ 0x84,0x1e,0xc9,0xf8}, +{ 0xbb,0x3d,0xf8,0xd2},{ 0xb2,0x30,0xf3,0xdc},{ 0xa9,0x27,0xee,0xce},{ 0xa0,0x2a,0xe5,0xc0}, +{ 0x47,0xb1,0x3c,0x7a},{ 0x4e,0xbc,0x37,0x74},{ 0x55,0xab,0x2a,0x66},{ 0x5c,0xa6,0x21,0x68}, +{ 0x63,0x85,0x10,0x42},{ 0x6a,0x88,0x1b,0x4c},{ 0x71,0x9f,0x06,0x5e},{ 0x78,0x92,0x0d,0x50}, +{ 0x0f,0xd9,0x64,0x0a},{ 0x06,0xd4,0x6f,0x04},{ 0x1d,0xc3,0x72,0x16},{ 0x14,0xce,0x79,0x18}, +{ 0x2b,0xed,0x48,0x32},{ 0x22,0xe0,0x43,0x3c},{ 0x39,0xf7,0x5e,0x2e},{ 0x30,0xfa,0x55,0x20}, +{ 0x9a,0xb7,0x01,0xec},{ 0x93,0xba,0x0a,0xe2},{ 0x88,0xad,0x17,0xf0},{ 0x81,0xa0,0x1c,0xfe}, +{ 0xbe,0x83,0x2d,0xd4},{ 0xb7,0x8e,0x26,0xda},{ 0xac,0x99,0x3b,0xc8},{ 0xa5,0x94,0x30,0xc6}, +{ 0xd2,0xdf,0x59,0x9c},{ 0xdb,0xd2,0x52,0x92},{ 0xc0,0xc5,0x4f,0x80},{ 0xc9,0xc8,0x44,0x8e}, +{ 0xf6,0xeb,0x75,0xa4},{ 0xff,0xe6,0x7e,0xaa},{ 0xe4,0xf1,0x63,0xb8},{ 0xed,0xfc,0x68,0xb6}, +{ 0x0a,0x67,0xb1,0x0c},{ 0x03,0x6a,0xba,0x02},{ 0x18,0x7d,0xa7,0x10},{ 0x11,0x70,0xac,0x1e}, +{ 0x2e,0x53,0x9d,0x34},{ 0x27,0x5e,0x96,0x3a},{ 0x3c,0x49,0x8b,0x28},{ 0x35,0x44,0x80,0x26}, +{ 0x42,0x0f,0xe9,0x7c},{ 0x4b,0x02,0xe2,0x72},{ 0x50,0x15,0xff,0x60},{ 0x59,0x18,0xf4,0x6e}, +{ 0x66,0x3b,0xc5,0x44},{ 0x6f,0x36,0xce,0x4a},{ 0x74,0x21,0xd3,0x58},{ 0x7d,0x2c,0xd8,0x56}, +{ 0xa1,0x0c,0x7a,0x37},{ 0xa8,0x01,0x71,0x39},{ 0xb3,0x16,0x6c,0x2b},{ 0xba,0x1b,0x67,0x25}, +{ 0x85,0x38,0x56,0x0f},{ 0x8c,0x35,0x5d,0x01},{ 0x97,0x22,0x40,0x13},{ 0x9e,0x2f,0x4b,0x1d}, +{ 0xe9,0x64,0x22,0x47},{ 0xe0,0x69,0x29,0x49},{ 0xfb,0x7e,0x34,0x5b},{ 0xf2,0x73,0x3f,0x55}, +{ 0xcd,0x50,0x0e,0x7f},{ 0xc4,0x5d,0x05,0x71},{ 0xdf,0x4a,0x18,0x63},{ 0xd6,0x47,0x13,0x6d}, +{ 0x31,0xdc,0xca,0xd7},{ 0x38,0xd1,0xc1,0xd9},{ 0x23,0xc6,0xdc,0xcb},{ 0x2a,0xcb,0xd7,0xc5}, +{ 0x15,0xe8,0xe6,0xef},{ 0x1c,0xe5,0xed,0xe1},{ 0x07,0xf2,0xf0,0xf3},{ 0x0e,0xff,0xfb,0xfd}, +{ 0x79,0xb4,0x92,0xa7},{ 0x70,0xb9,0x99,0xa9},{ 0x6b,0xae,0x84,0xbb},{ 0x62,0xa3,0x8f,0xb5}, +{ 0x5d,0x80,0xbe,0x9f},{ 0x54,0x8d,0xb5,0x91},{ 0x4f,0x9a,0xa8,0x83},{ 0x46,0x97,0xa3,0x8d } +}; + +word32 rcon[30] = { + 0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 +}; Index: branches/samhain-2_2-branch/include/samhain.h =================================================================== --- branches/samhain-2_2-branch/include/samhain.h (revision 66) +++ branches/samhain-2_2-branch/include/samhain.h (revision 66) @@ -0,0 +1,398 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SAMHAIN_H +#define SAMHAIN_H + +#include +#include "slib.h" + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +#endif + +/************************************************** + * + * STANDARD DEFINES + * + **************************************************/ + +#define REPLACE_OLD + +/* Standard buffer sizes. + */ +#define SH_MINIBUF 64 +#define SH_BUFSIZE 1024 +#define SH_MAXBUF 4096 +#define SH_PATHBUF 256 + +/* Sizes for arrays (user, group, timestamp). + */ +#define SOCKPASS_MAX 14 +#define USER_MAX 20 +#define GROUP_MAX 20 +#define TIM_MAX 32 + + +/* The number of bytes in a key, + * the number of chars in its hex repesentation, + * and the block size of the hash algorithm. + */ +#define KEY_BYT 24 +#define KEY_LEN 48 +#define KEY_BLOCK 24 + +/* The length of the compiled-in password. + */ +#define PW_LEN 8 + +#undef GOOD +#define GOOD 1 +#undef BAD +#define BAD 0 +#undef ON +#define ON 1 +#undef OFF +#define OFF 0 +#undef S_TRUE +#define S_TRUE 1 +#undef S_FALSE +#define S_FALSE 0 + +/* An unsigned integer guaranteed to be 32 bit. + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#define SINT32 int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#define SINT32 long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#define SINT32 short +#endif + +#ifdef HAVE_INTTYPES_H +#include +#else +#ifdef HAVE_STDINT_H +#include +#endif +#endif + +#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H) + +#ifdef HAVE_LONG_LONG_64 +#define UINT64 unsigned long long +#else +#ifdef HAVE_LONG_64 +#define UINT64 unsigned long +#else +#define UINT64_IS_32 +#define UINT64 unsigned long +#endif +#endif + +#else +#define UINT64 uint64_t +#endif + + + +#define UBYTE unsigned char + + +enum { + SH_CHECK_NONE = 0, + SH_CHECK_INIT = 1, + SH_CHECK_CHECK = 2 +}; + +/************************************************** + * + * TYPEDEFS + * + **************************************************/ + +enum { + SH_LEVEL_READONLY = 1, + SH_LEVEL_LOGFILES = 2, + SH_LEVEL_LOGGROW = 3, + SH_LEVEL_NOIGNORE = 4, + SH_LEVEL_ALLIGNORE = 5, + SH_LEVEL_ATTRIBUTES = 6, + SH_LEVEL_USER0 = 7, + SH_LEVEL_USER1 = 8, + SH_LEVEL_USER2 = 9, + SH_LEVEL_USER3 = 10, + SH_LEVEL_USER4 = 11, + SH_LEVEL_PRELINK = 12 +}; + +typedef struct { + time_t alarm_interval; + time_t alarm_last; +} sh_timer_t; + +typedef struct { + char path[SH_PATHBUF]; + char hash[KEY_LEN+1]; +} sh_sh_df; + +typedef struct { + char user[USER_MAX]; + char group[GROUP_MAX]; + char home[SH_PATHBUF]; + uid_t uid; + gid_t gid; +} sh_sh_user; + +typedef struct { + char name[SH_PATHBUF]; /* local hostname */ + char system[SH_MINIBUF]; /* system */ + char release[SH_MINIBUF]; /* release */ + char machine[SH_MINIBUF]; /* machine */ +} sh_sh_local; + +typedef struct { + char name[SH_PATHBUF]; + char alt[SH_PATHBUF]; +} sh_sh_remote; + +typedef struct { + unsigned long bytes_hashed; /* bytes last check */ + unsigned long bytes_speed; /* bytes/sec last check */ + unsigned long mail_success; /* mails sent */ + unsigned long mail_failed; /* mails not sent */ + time_t time_start; /* start last check */ + time_t time_check; /* time last check */ + unsigned long dirs_checked; /* #dirs last check */ + unsigned long files_checked; /* #files last check */ +} sh_sh_stat; + +typedef struct { + int exit; /* exit value */ + int checkSum; /* whether to init/check checksums */ + int update; /* update db */ + int opts; /* reading cl options */ + int isdaemon; /* daemon or not */ + int loop; /* go in loop even if not daemon */ + int nice; /* desired nicety */ + int isserver; /* server or not */ + int islocked; /* BAD if logfile not locked */ + int smsg; /* GOOD if end message sent */ + int log_start; /* TRUE if new audit trail */ + int reportonce; /* TRUE if bad files only once rep.*/ + int fulldetail; /* TRUE if full details requested */ + int client_severity; /* TRUE if client severity used */ + int client_class; /* TRUE if client class used */ + int audit; + unsigned long aud_mask; + int hidefile; /* TRUE if file not reveled in log */ +} sh_sh_flag; + +typedef struct { + + char prg_name[8]; + + sh_sh_df exec; + sh_sh_df conf; + sh_sh_df data; + + sh_sh_user real; + sh_sh_user effective; + sh_sh_user run; + + sh_sh_local host; + + sh_sh_remote srvtime; + sh_sh_remote srvmail; + sh_sh_remote srvexport; + sh_sh_remote srvcons; + sh_sh_remote srvlog; + + sh_sh_stat statistics; + sh_sh_flag flag; + +#ifdef SH_STEALTH + unsigned long off_data; +#endif + + sh_timer_t mailNum; + sh_timer_t mailTime; + sh_timer_t fileCheck; + + int looptime; /* timing for main loop */ + /*@null@*//*@out@*/ char * timezone; +} sh_struct; + + +extern volatile int sig_raised; +extern volatile int sig_urgent; +extern volatile int sig_debug_switch; /* SIGUSR1 */ +extern volatile int sig_suspend_switch; /* SIGUSR2 */ +extern volatile int sh_global_suspend_flag; /* SIGUSR2 */ +extern volatile int sig_fresh_trail; /* SIGIOT */ +extern volatile int sig_config_read_again; /* SIGHUP */ +extern volatile int sig_terminate; /* SIGQUIT */ +extern volatile int sig_termfast; /* SIGTERM */ +extern volatile int sig_force_check; /* SIGTTOU */ + +extern long int eintr__result; + +extern int sh_argc_store; +extern char ** sh_argv_store; + +#include "sh_calls.h" + + +typedef struct { + char sh_sockpass[2*SOCKPASS_MAX+2]; + char sigkey_old[KEY_LEN+1]; + char sigkey_new[KEY_LEN+1]; + char mailkey_old[KEY_LEN+1]; + char mailkey_new[KEY_LEN+1]; + char crypt[KEY_LEN+1]; + char session[KEY_LEN+1]; + char vernam[KEY_LEN+1]; + int mlock_failed; + + char pw[PW_LEN]; + + char poolv[KEY_BYT]; + int poolc; + + int rngI; + UINT32 rng0[3]; + UINT32 rng1[3]; + UINT32 rng2[3]; + + UINT32 ErrFlag[2]; + +#ifdef SH_ENCRYPT + /*@out@*/ keyInstance keyInstE; + /*@out@*/ keyInstance keyInstD; +#endif +} sh_key_t; + +extern sh_struct sh; +/*@null@*/ extern sh_key_t *skey; + +/************************************************** + * + * macros + * + **************************************************/ + +/* signal-safe log function + */ +int safe_logger (int signal, int method, char * details); +void safe_fatal (char * details, char *f, int l); + +#define SH_VALIDATE_EQ(a,b) \ + do { \ + if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\ + } while (0) + +#define SH_VALIDATE_NE(a,b) \ + do { \ + if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\ + } while (0) + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#define MLOCK(a, b) \ + if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ + (void) sl_set_suid(); \ + if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \ + (void) sl_unset_suid(); } +#else +#define MLOCK(a, b) \ + ; +#endif + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#define MUNLOCK(a, b) \ + if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ + (void) sl_set_suid(); \ + (void) sh_unix_munlock( a, b );\ + (void) sl_unset_suid(); } +#else +#define MUNLOCK(a, b) \ + ; +#endif + +#ifdef SH_STEALTH +void sh_do_encode (char * str, int len); +#define sh_do_decode sh_do_encode +#endif + +/* #if defined(SCREW_IT_UP) + * extern volatile int sh_not_traced; + * inline int sh_sigtrap_prepare(); + * inline int sh_derr(); + * #endif + */ + +#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__) +#define BREAKEXIT(expr) \ + do { \ + int ixi; \ + for (ixi = 0; ixi < 8; ++ixi) { \ + if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ + _exit(EXIT_FAILURE); \ + } \ + } \ + while (1 == 0) +#else +#define BREAKEXIT(expr) +#endif + + + +#include "sh_cat.h" +#include "sh_trace.h" +#include "sh_mem.h" + +#endif + +/* CRIT: */ +/* NEW_CLIENT */ +/* BAD_CLIENT --
*/ +/* ERR_CLIENT --
*/ + +/* ALERT: */ +/* LOG_KEY samhain|yule */ +/* STARTUP samhain|yule -- user */ +/* EXIT samhain|yule */ +/* GOODSIG */ +/* FP_KEY */ +/* GOODSIG_DAT */ +/* FP_KEY_DAT */ +/* TIGER_CFG */ +/* TIGER_DAT */ + +/* PANIC --
*/ +/* ERROR --
*/ + +/* Policy */ +/* POLICY */ +/* = MISSING || ADDED || NOT_A_DIRECTORY || */ + + + Index: branches/samhain-2_2-branch/include/sh_MK.h =================================================================== --- branches/samhain-2_2-branch/include/sh_MK.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_MK.h (revision 66) @@ -0,0 +1,27 @@ +#ifndef SH_MK_H +#define SH_MK_H +#define MKB_16 1 +#define MKB_14 1 +#define MKB_13 1 +#define MKB_12 1 +#define MKB_11 1 +#define MKB_10 1 +#define MKB_09 1 +#define MKB_08 1 +#define MKB_06 1 +#define MKB_05 1 +#define MKB_04 1 +#define MKB_03 1 +#define MKA_08 1 +#define MKA_02 1 +#define MKA_01 1 +#define MKC_16 1 +#define MKC_15 1 +#define MKC_08 1 +#define MKC_06 1 +#define MKC_05 1 +#define MKC_01 1 +#define MKD_15 1 +#define MKD_07 1 +#define MKD_06 1 +#endif Index: branches/samhain-2_2-branch/include/sh_calls.h =================================================================== --- branches/samhain-2_2-branch/include/sh_calls.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_calls.h (revision 66) @@ -0,0 +1,87 @@ +#ifndef SH_CALLS_H +#define SH_CALLS_H + +#define AUD_CHDIR (1UL << 0) +#define AUD_CHMOD (1UL << 1) +#define AUD_CHOWN (1UL << 2) +#define AUD_CREAT (1UL << 3) +#define AUD_DUP (1UL << 4) +#define AUD_EXEC (1UL << 5) +#define AUD_EXIT (1UL << 6) +#define AUD_FORK (1UL << 7) +#define AUD_KILL (1UL << 8) +#define AUD_LINK (1UL << 9) +#define AUD_MKDIR (1UL << 10) +#define AUD_MKFIFO (1UL << 11) +#define AUD_OPEN (1UL << 12) +#define AUD_PIPE (1UL << 13) +#define AUD_RENAME (1UL << 14) +#define AUD_RMDIR (1UL << 15) +#define AUD_SETGID (1UL << 16) +#define AUD_SETUID (1UL << 17) +#define AUD_UNLINK (1UL << 18) +#define AUD_UTIME (1UL << 19) + +#include +#include +#include +#include +#include + +/*@-fixedformalarray@*/ + +/* Set aud functions + */ +int sh_aud_set_functions(const char * str_s); + + +long int retry_accept(char * file, int line, + int fd, struct sockaddr *serv_addr, int * addrlen); +long int retry_stat (char * file, int line, + const char *file_name, struct stat *buf); +long int retry_fstat(char * file, int line, + int filed, struct stat *buf); +long int retry_lstat(char * file, int line, + const char *file_name, struct stat *buf); +long int retry_fcntl(char * file, int line, + int fd, int cmd, long arg); + +long int retry_msleep (int sec, int millisec); + +long int retry_sigaction(char * file, int line, + int signum, const struct sigaction *act, + struct sigaction *oldact); + +int sh_calls_set_bind_addr (const char *); +long int retry_connect(char * file, int line, + int fd, struct sockaddr *serv_addr, int addrlen); + +long int retry_aud_dup2 (char * file, int line, int fd, int fd2); +long int retry_aud_execve (char * file, int line, + const char *dateiname, char * argv[], + char *envp[]); +long int retry_aud_dup (char * file, int line, + int fd); +long int retry_aud_chdir (char * file, int line, + const char *path); +long int retry_aud_unlink (char * file, int line, + char * path); +long int retry_aud_utime (char * file, int line, + char * path, struct utimbuf *buf); + +long int aud_open (char * file, int line, int privs, + const char *pathname, int flags, mode_t mode); +long int aud_open_noatime (char * file, int line, int privs, + const char *pathname, int flags, mode_t mode, + int * o_noatime); +/*@noreturn@*/ +void aud_exit (char * file, int line, int fd); +/*@noreturn@*/ +void aud__exit (char * file, int line, int fd); +pid_t aud_fork (char * file, int line); +int aud_pipe (char * file, int line, int modus[2]); +int aud_setuid (char * file, int line, uid_t uid); +int aud_setgid (char * file, int line, gid_t gid); +long int aud_kill (char * file, int line, pid_t pid, int sig); + +#endif Index: branches/samhain-2_2-branch/include/sh_cat.h =================================================================== --- branches/samhain-2_2-branch/include/sh_cat.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_cat.h (revision 66) @@ -0,0 +1,326 @@ + +#ifndef SH_CAT_H +#define SH_CAT_H + +typedef struct foo_cat_entry { + unsigned long id; + unsigned long priority; + unsigned long class; + char * format; +} cat_entry; + +extern cat_entry msg_cat[]; + +extern char * class_cat[]; + +#define AUD 0 +#define PANIC 1 +#define RUN 2 +#define FIL 3 +#define TCP 4 +#define ERR 5 +#define STAMP 6 +#define ENET 7 +#define EINPUT 8 +#define EVENT 9 +#define START 10 +#define LOGKEY 11 +#define OTHER_CLA ((1 << RUN)|(1 << FIL)|(1 << TCP)) +#define RUN_NEW ((1 << RUN)|(1 << EVENT)|(1 << START)|(1 << LOGKEY)) +#define FIL_NEW ((1 << FIL)|(1 << EVENT)) +#define ERROR_CLA ((1 << ERR)|(1 << PANIC)|(1 << ENET)|(1 << EINPUT)) + +#define SH_CLA_RAW_MAX 12 +#define SH_CLA_MAX 16 + + +#if 0 +enum { + SH_CLA_AUD = (1 << 0), + SH_CLA_PANIC = (1 << 1), + SH_CLA_RUN = (1 << 2), + SH_CLA_FIL = (1 << 3), + SH_CLA_TCP = (1 << 4), + SH_CLA_ERR = (1 << 5), + SH_CLA_STAMP = (1 << 6), + SH_CLA_ENET = (1 << 7), + SH_CLA_EINPUT = (1 << 8) +}; +#endif + +enum { + MSG_EXIT_ABORTS, + MSG_START_SRV, + + MSG_EXIT_ABORT1, + MSG_EXIT_NORMAL, + MSG_START_KEY_MAIL, + MSG_START_KEY, + MSG_START_0H, + MSG_START_1H, + MSG_START_2H, + MSG_START_GH, + MSG_START_GH2, + MSG_SUSPEND, + + MSG_MLOCK, + MSG_W_SIG, + MSG_W_CHDIR, + + MSG_MOD_FAIL, + MSG_MOD_OK, + MSG_MOD_EXEC, + + MSG_RECONF, + MSG_CHECK_0, + MSG_CHECK_1, + MSG_STAMP, + + MSG_D_START, + MSG_D_DSTART, + MSG_D_FAIL, + + +#ifndef HAVE_URANDOM + MSG_ENSTART, + MSG_ENEXEC, + MSG_ENFAIL, + MSG_ENTOUT, + MSG_ENCLOS, + MSG_ENCLOS1, + MSG_ENREAD, +#endif + +#ifdef SH_USE_SUIDCHK + MSG_SUID_POLICY, + MSG_SUID_FOUND, + MSG_SUID_SUMMARY, + MSG_SUID_QREPORT, + MSG_SUID_ERROR, +#endif + +#ifdef SH_USE_KERN + /* FreeBSD */ + MSG_KERN_POLICY, + MSG_KERN_POL_CO, + + /* Linux */ + MSG_KERN_SYSCALL, + MSG_KERN_PROC, + MSG_KERN_IDT, + MSG_KERN_GATE, +#endif + +#ifdef SH_USE_UTMP + MSG_UT_CHECK, + + MSG_UT_LG1X, + MSG_UT_LG2X, + MSG_UT_LG3X, + + MSG_UT_LG1A, + MSG_UT_LG1B, + + MSG_UT_LG2A, + MSG_UT_LG2B, + + MSG_UT_LG3A, + MSG_UT_LG3B, + MSG_UT_LG3C, + MSG_UT_ROT, + +#endif + +#ifdef SH_USE_MOUNTS + MSG_MNT_CHECK, + MSG_MNT_MEMLIST, + MSG_MNT_MNTMISS, + MSG_MNT_OPTMISS, +#endif + +#ifdef SH_USE_USERFILES + MSG_USERFILES_SUMMARY, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + MSG_FI_TOOLATE, + MSG_FI_CSUM, + MSG_FI_DSUM, + MSG_FI_CHK, + MSG_FI_NULL, + MSG_FI_FAIL, + MSG_FI_GLOB, + MSG_FI_COLL, + MSG_FI_DOUBLE, + MSG_FI_2LONG, + MSG_FI_2LONG2, + MSG_FI_NOPATH, + MSG_FI_DLNK, + MSG_FI_RDLNK, + MSG_FI_NOGRP, + MSG_FI_NOUSR, + MSG_FI_LSTAT, + MSG_FI_OBSC, + MSG_FI_OBSC2, + MSG_FI_LIST, + MSG_FI_LLNK, + MSG_FI_MISS, + /* #ifdef SH_USE_XML */ + MSG_FI_MISS2, + MSG_FI_ADD2, + /* #endif */ + MSG_FI_ADD, + MSG_FI_CHAN, + MSG_FI_NODIR, + MSG_FI_DBEX, +#endif + + MSG_TCP_NETRP, + +#ifndef SH_STANDALONE +#ifdef INET_SYSLOG + MSG_INET_SYSLOG, + MSG_ERR_SYSLOG, +#endif + + MSG_TCP_MISMATCH, + MSG_TCP_MISENC, + MSG_TCP_NONAME, + MSG_TCP_UNEXP, + MSG_TCP_EFIL, + MSG_TCP_NOCONF, + MSG_TCP_NOAUTH, + MSG_TCP_CONF, + MSG_TCP_AUTH, + MSG_TCP_FOK, + MSG_TCP_FBAD, + MSG_TCP_ECONN, + MSG_TCP_EZERO, + MSG_TCP_EBGN, + + MSG_TCP_CREG, + MSG_TCP_FAUTH, + MSG_TCP_TIMOUT, + + MSG_TCP_RESCLT, + MSG_TCP_RESPEER, + MSG_TCP_LOOKERS, + MSG_TCP_LOOKUP, + + MSG_TCP_TIMEXC, + MSG_TCP_NOCLT, + MSG_TCP_BADCONN, + MSG_TCP_FFILE , + MSG_TCP_NFILE , + MSG_TCP_FINV , + MSG_TCP_OKFILE, + MSG_TCP_OKMSG, + MSG_TCP_MSG, + MSG_TCP_NEW, + MSG_TCP_ILL, + MSG_TCP_SYNC, + MSG_TCP_RESET, + MSG_TCP_CNEW, + MSG_E_HTML, +#endif + + + MSG_E_AUTH, + MSG_ACCESS, + MSG_TRUST, + MSG_NOACCESS, + MSG_P_NODATA, + + +#ifndef MEM_DEBUG + MSG_E_MNULL, + MSG_E_MMEM, +#else + MSG_MSTAMP, + MSG_MSTAMP2, + MSG_E_MNULL, + MSG_E_MMEM, + MSG_E_MREC, + MSG_E_MOVER, + MSG_E_MUNDER, + MSG_E_NOTFREE, +#endif + + MSG_E_TRUST, + MSG_E_HASH, + MSG_E_ACCESS, + MSG_E_READ, + MSG_E_TIMEOUT, + MSG_NODEV, + MSG_LOCKED, + MSG_PIDFILE, + MSG_NOEXEC, + MSG_ES_ENT, + MSG_ES_KEY1, + MSG_ES_KEY2, + MSG_E_GPG, + MSG_E_GPG_FP, + MSG_E_GPG_CHK, + MSG_E_SUBGEN, + MSG_E_SUBGPATH, + MSG_E_UNLNK, + MSG_E_REGEX, + MSG_E_OPENDIR, + MSG_E_TRUST1, + MSG_E_TRUST2, + MSG_E_PWNULL, + MSG_E_PWLONG, + MSG_E_GRNULL, + + MSG_E_NET, + MSG_E_NETST, + MSG_E_NETST1, + MSG_E_NLOST, + MSG_E_NEST, + + MSG_EINVALHEAD, + MSG_EINVALCONF, + MSG_EINVALS, + MSG_EINVALL, + MSG_EINVALD, + MSG_EINVALDD, + + MSG_SRV_FAIL, + MSG_QUEUE_FULL, + + MSG_AUD_OPEN, + MSG_AUD_DUP, + MSG_AUD_PIPE, + MSG_AUD_FORK, + MSG_AUD_EXIT, + MSG_AUD_SETUID, + MSG_AUD_SETGID, + MSG_AUD_UTIME, + MSG_AUD_EXEC, + MSG_AUD_CHDIR, + MSG_AUD_UNLINK, + MSG_AUD_KILL, + + MSG_ERR_OPEN, + MSG_ERR_DUP, + MSG_ERR_PIPE, + MSG_ERR_FORK, + MSG_ERR_SETUID, + MSG_ERR_SETGID, + MSG_ERR_UTIME, + MSG_ERR_EXEC, + MSG_ERR_CHDIR, + MSG_ERR_UNLINK, + MSG_ERR_KILL, + + MSG_ERR_SIGACT, + MSG_ERR_CONNECT, + MSG_ERR_ACCEPT, + MSG_ERR_LSTAT, + MSG_ERR_FSTAT, + MSG_ERR_STAT, + MSG_ERR_FCNTL +}; + +#endif Index: branches/samhain-2_2-branch/include/sh_database.h =================================================================== --- branches/samhain-2_2-branch/include/sh_database.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_database.h (revision 66) @@ -0,0 +1,16 @@ +#ifndef SH_DATABASE_H +#define SH_DATABASE_H + +void sh_database_reset(); +int sh_database_insert (char * message); + +int sh_database_use_persistent (const char * str); + +int sh_database_set_database (const char * str); +int sh_database_set_table (const char * str); +int sh_database_set_host (const char * str); +int sh_database_set_user (const char * str); +int sh_database_set_password (const char * str); +int sh_database_add_to_hash (const char * str); +int set_enter_wrapper (const char * str); +#endif Index: branches/samhain-2_2-branch/include/sh_entropy.h =================================================================== --- branches/samhain-2_2-branch/include/sh_entropy.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_entropy.h (revision 66) @@ -0,0 +1,28 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_ENTROPY_H +#define SH_ENTROPY_H + +/* Deliver nbytes Bytes of system entropy (= noise). + * Returns 0 on success, -1 on failure. + */ +int sh_entropy(int nbytes, char * nbuf); + +#endif Index: branches/samhain-2_2-branch/include/sh_error.h =================================================================== --- branches/samhain-2_2-branch/include/sh_error.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_error.h (revision 66) @@ -0,0 +1,196 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +/* Public interface for error routines + */ +#ifndef SH_ERROR_H +#define SH_ERROR_H + +#include "sh_error_min.h" + + +enum { + SH_ERR_T_START = 0, + + /* 1-13 = SH_LEVEL_XXX */ + + SH_ERR_T_RO = SH_LEVEL_READONLY, + SH_ERR_T_LOGS = SH_LEVEL_LOGFILES, + SH_ERR_T_GLOG = SH_LEVEL_LOGGROW, + SH_ERR_T_NOIG = SH_LEVEL_NOIGNORE, + SH_ERR_T_ALLIG = SH_LEVEL_ALLIGNORE, + SH_ERR_T_ATTR = SH_LEVEL_ATTRIBUTES, + SH_ERR_T_USER0 = SH_LEVEL_USER0, + SH_ERR_T_USER1 = SH_LEVEL_USER1, + SH_ERR_T_USER2 = SH_LEVEL_USER2, + SH_ERR_T_USER3 = SH_LEVEL_USER3, + SH_ERR_T_USER4 = SH_LEVEL_USER4, + SH_ERR_T_PRELINK = SH_LEVEL_PRELINK, + + SH_ERR_T_DIR = 13, + SH_ERR_T_FILE = 14, + SH_ERR_T_NAME = 15, + + SH_ERR_T_END = 16 +}; + + +typedef struct _errFlags { + int debug; + int HaveLog; + + int loglevel; + int loglevel_temp; + int printlevel; + int maillevel; + int exportlevel; + int sysloglevel; + int externallevel; + int databaselevel; + + int log_class; + int print_class; + int mail_class; + int export_class; + int syslog_class; + int external_class; + int database_class; + + /* HAVE_LIBPRELUDE */ + int preludelevel; + int prelude_class; + +} blurb_errFlags; + +extern int ShDFLevel[SH_ERR_T_END]; + +/* set mask for message class + */ +int sh_error_log_mask (const char * c); +int sh_error_print_mask (const char * c); +int sh_error_mail_mask (const char * c); +int sh_error_export_mask (const char * c); +int sh_error_syslog_mask (const char * c); +int sh_error_external_mask (const char * c); +int sh_error_database_mask (const char * c); +int sh_error_prelude_mask (const char * c); + + +int sh_error_verify (const char * s); +int sh_error_logverify_mod (const char * s); /* just list, don't verify */ +int sh_error_logverify (const char * s); + +void sh_error_dbg_switch(void); + +#ifdef SH_WITH_SERVER +void sh_error_set_peer(const char * str); +int set_flag_sep_log (const char * str); +#endif + +/* init or re-init log facilities that need it + */ +void sh_error_fixup(); + +/* convert a string to a numeric priority + */ +int sh_error_convert_level (const char * str_s); + +/* only to stderr (GOOD/BAD) + */ +void sh_error_only_stderr (int flag); + +/* set syslog facility + */ +int sh_log_set_facility (const char * c); + +/* define message header + */ +int sh_error_ehead (/*@null@*/const char * s); + +/* set level for error logging + */ +int sh_error_setlog(const char * str_s); + +/* set severity levels + */ +int sh_error_set_iv (int iv, const char * severity_s); + +/* set priorities + */ +int sh_error_set_level(const char * str_s, int *facility); + +/* set level for TCP export + */ +int sh_error_setexport(const char * str_s); + +/* set level for syslog + */ +int sh_error_set_syslog (const char * flag_s); + +/* set level for printing + */ +int sh_error_setprint(const char * flag_s); + +/* set severity for external + */ +int sh_error_set_external (const char * str_s); + +/* set severity for external + */ +int sh_error_set_database (const char * str_s); + +/* set severity for external + */ +int sh_error_set_prelude (const char * str_s); + + +/* set level for mailing + */ +int sh_error_setseverity (const char * flag); + +/* set debug level + */ +int sh_error_setdebug (char * debug_s); + +/* error messages + */ +/*@owned@*/char * sh_error_message (int tellme); + +/* switch on/off log to file temporarily + */ +void sh_error_logoff(void); +void sh_error_logrestore(void); + +/* (re)set the console device(s) + */ +int sh_log_set_console (const char * address); +void reset_count_dev_console(void); + +#ifdef WITH_MESSAGE_QUEUE +/* close the message queue + */ +void close_ipc (void); + +/* enable message queue + */ +int enable_msgq(const char * foo); +#endif + +#endif Index: branches/samhain-2_2-branch/include/sh_error_min.h =================================================================== --- branches/samhain-2_2-branch/include/sh_error_min.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_error_min.h (revision 66) @@ -0,0 +1,27 @@ +#ifndef SH_ERROR_MIN_H +#define SH_ERROR_MIN_H + +/* Level of severity + */ +typedef enum { + + SH_ERR_ALL = (1 << 0), /* debug */ + SH_ERR_INFO = (1 << 1), /* info */ + SH_ERR_NOTICE = (1 << 2), /* notice */ + SH_ERR_WARN = (1 << 3), /* warning */ + SH_ERR_STAMP = (1 << 4), /* mark */ + SH_ERR_ERR = (1 << 5), /* error */ + SH_ERR_SEVERE = (1 << 6), /* crit */ + SH_ERR_FATAL = (1 << 7), /* alert */ + + SH_ERR_NOT = (1 << 8), + SH_ERR_INET = (1 << 9), + SH_ERR_MAX = (1 << 9) + } ShErrLevel; + +/* this function should be called to report an error + */ +void sh_error_handle (int flag, char * file, long line, + long errnum, unsigned long msg_index, ...); + +#endif Index: branches/samhain-2_2-branch/include/sh_extern.h =================================================================== --- branches/samhain-2_2-branch/include/sh_extern.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_extern.h (revision 66) @@ -0,0 +1,138 @@ +#ifndef SH_EXTERN_H +#define SH_EXTERN_H + +typedef struct +{ + char * command; + int argc; + char * argv[32]; + int envc; + char * envv[32]; + char checksum[KEY_LEN + 1]; + + uid_t trusted_users[32]; + uid_t run_user_uid; + gid_t run_user_gid; + int privileged; + + int pipeFD; + SL_TICKET pipeTI; + pid_t pid; + FILE * pipe; + char rw; + int exit_status; + int fork_twice; + + int com_fd; + SL_TICKET com_ti; + +} sh_tas_t; + + +/* + * -- generic safe popen; returns 0 on success, -1 otherwise + */ +int sh_ext_popen (sh_tas_t * task); + +/* + * -- close the pipe, clear and return task->exit_status + */ +int sh_ext_pclose (sh_tas_t * task); + +/* + * -- add CL argument, return # of arguments + */ +int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val); +/* + * -- remove last CL argument + */ +int sh_ext_tas_rm_argv(sh_tas_t * tas); +/* + * -- add environment variable, return # of variables + */ +int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val); +/* + * -- set command + */ +void sh_ext_tas_command(sh_tas_t * tas, const char * command); +/* + * -- initialize task structure + */ +void sh_ext_tas_init (sh_tas_t * tas); +/* + * -- free task structure + */ +void sh_ext_tas_free(sh_tas_t * tas); + + +#if defined(WITH_EXTERNAL) + +/* + * -- start a new external command, and add it to the list + */ +int sh_ext_setcommand(const char * cmd); + +/* + * -- clean up the command list + */ +int sh_ext_cleanup(void); + +/* + * -- set deadtime + */ +int sh_ext_deadtime (const char * str); + +/* + * -- add keywords to the OR filter + */ +int sh_ext_add_or (const char * str); + +/* + * -- add keywords to the AND filter + */ +int sh_ext_add_and (const char * str); + +/* + * -- add keywords to the NOT filter + */ +int sh_ext_add_not (const char * str); + +/* + * -- add keywords to the CL argument list + */ +int sh_ext_add_argv (const char * str); + +/* + * -- add a path to the environment + */ +int sh_ext_add_default (const char * str); + +/* + * -- add an environment variable + */ +int sh_ext_add_environ (const char * str); + +/* + * -- define type + */ +int sh_ext_type (const char * str); + +/* + * -- define checksum + */ +int sh_ext_checksum (const char * str); + +/* + * -- choose privileges + */ +int sh_ext_priv (const char * c); + +/* + * -- execute external script/program + */ +int sh_ext_execute (char t1, char t2, char t3, /*@null@*/char * message, + size_t msg_siz); + +#endif + +#endif Index: branches/samhain-2_2-branch/include/sh_fifo.h =================================================================== --- branches/samhain-2_2-branch/include/sh_fifo.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_fifo.h (revision 66) @@ -0,0 +1,64 @@ + +#ifndef SH_FIFO_H +#define SH_FIFO_H + +/***************************************************** + * + * the maximum number of entries the fifo will hold + * - additional entries are simply not accepted - + * + *****************************************************/ + +#define SH_FIFO_MAX 128 + +/***************************************************** + * + * the type definitions for the fifo + * + *****************************************************/ + +struct dlist { + struct dlist * next; + char * data; + struct dlist * prev; +}; + +typedef struct fifo_str { + struct dlist * head_ptr; + struct dlist * tail_ptr; + int fifo_cts; +} SH_FIFO; + +/***************************************************** + * + * fifo functions + * + *****************************************************/ + +/* Initialize the list. + * + */ +#define fifo_init(fifo_p) { fifo_p->fifo_cts = 0; fifo_p->head_ptr = NULL; \ + fifo_p->tail_ptr = NULL; } + + +/* Push an item on the head of the list. + * + * Returns: -1 if the list is full, 0 on success + */ +int push_list (SH_FIFO * fifo, char * indat); + +/* Push an item on the tail of the list. + * + * Returns: -1 if the list is full, 0 on success + */ +int push_tail_list (SH_FIFO * fifo, char * indat); + +/* pop an item from the tail of the list + * + * Returns: NULL if the list is empty, + * freshly allocated memory on success (should be free'd by caller) + */ +char * pop_list (SH_FIFO * fifo); + +#endif Index: branches/samhain-2_2-branch/include/sh_files.h =================================================================== --- branches/samhain-2_2-branch/include/sh_files.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_files.h (revision 66) @@ -0,0 +1,197 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_FILES_H +#define SH_FILES_H + +/* register exceptions to hardlink check + */ +int sh_files_hle_reg (const char * str); + +/* check the setup + */ +int sh_files_test_setup (void); + +/* check if allignore + */ +int sh_files_is_allignore (char * str); + +/* activate hardlink check + */ +int sh_files_check_hardlinks (const char * opt); + +/* set recursion depth + */ +int sh_files_setrec (void); + +/* report only once + */ +int sh_files_reportonce(const char * c); + +/* report full details + */ +int sh_files_fulldetail(const char * c); + +/* reset the 'checked' flag + */ +void sh_dirs_reset(void); + +/* reset the 'checked' flag + */ +void sh_files_reset(void); + +/* set maximum recursion level + */ +int sh_files_setrecursion (const char * flag_s); + +/* select a directory stack 2=Two, else One (standard) + */ +int set_dirList (int which); + +/* push a directory on the stack USER0 + */ +int sh_files_pushdir_user0 (const char * dirName); + +/* push a directory on the stack USER1 + */ +int sh_files_pushdir_user1 (const char * dirName); + +/* push a directory on the stack USER2 + */ +int sh_files_pushdir_user2 (const char * dirName); + +/* push a directory on the stack USER3 + */ +int sh_files_pushdir_user3 (const char * dirName); + +/* push a directory on the stack USER4 + */ +int sh_files_pushdir_user4 (const char * dirName); + +/* push a directory on the stack PRELINK + */ +int sh_files_pushdir_prelink (const char * dirName); + +/* push a directory on the stack ATTR + */ +int sh_files_pushdir_attr (const char * dirName); + +/* push a directory on the stack READONLY + */ +int sh_files_pushdir_ro (const char * dirName); + +/* push a directory on the stack LOGFILE + */ +int sh_files_pushdir_log (const char * dirName); + +/* push a directory on the stack GROWING LOGFILE + */ +int sh_files_pushdir_glog (const char * dirName); + +/* push a directory on the stack IGNORE NONE + */ +int sh_files_pushdir_noig (const char * dirName); + +/* push a directory on the stack IGNORE ALL + */ +int sh_files_pushdir_allig (const char * dirName); + + +/* push a file on the stack USER0 + */ +int sh_files_pushfile_user0 (const char * dirName); + +/* push a file on the stack USER1 + */ +int sh_files_pushfile_user1 (const char * dirName); + +/* push a file on the stack USER2 + */ +int sh_files_pushfile_user2 (const char * dirName); + +/* push a file on the stack USER3 + */ +int sh_files_pushfile_user3 (const char * dirName); + +/* push a file on the stack USER4 + */ +int sh_files_pushfile_user4 (const char * dirName); + +/* push a file on the stack PRELINK + */ +int sh_files_pushfile_prelink (const char * dirName); + +/* push a file on the stack ATTR + */ +int sh_files_pushfile_attr (const char * dirName); + +/* push a file on the stack READONLY + */ +int sh_files_pushfile_ro (const char * dirName); + +/* push a file on the stack LOGFILE + */ +int sh_files_pushfile_log (const char * dirName); + +/* push a file on the stack GROWING LOGFILE + */ +int sh_files_pushfile_glog (const char * dirName); + +/* push a file on the stack IGNORE NONE + */ +int sh_files_pushfile_noig (const char * dirName); + +/* push a file on the stack IGNORE ALL + */ +int sh_files_pushfile_allig (const char * dirName); + + +/* check directories on the stack + */ +unsigned long sh_dirs_chk (int which); + +/* check files on the stack + */ +unsigned long sh_files_chk (void); + +int sh_files_deldirstack (void); + +int sh_files_delfilestack (void); + +/* redefine policies + */ +int sh_files_redef_user0(const char * str); +int sh_files_redef_user1(const char * str); +int sh_files_redef_user2(const char * str); +int sh_files_redef_user3(const char * str); +int sh_files_redef_user4(const char * str); +int sh_files_redef_prelink(const char * str); +int sh_files_redef_readonly(const char * str); +int sh_files_redef_loggrow(const char * str); +int sh_files_redef_logfiles(const char * str); +int sh_files_redef_attributes(const char * str); +int sh_files_redef_noignore(const char * str); +int sh_files_redef_allignore(const char * str); + + +#endif + + + + Index: branches/samhain-2_2-branch/include/sh_forward.h =================================================================== --- branches/samhain-2_2-branch/include/sh_forward.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_forward.h (revision 66) @@ -0,0 +1,117 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_FORWARD_H +#define SH_FORWARD_H + +#ifndef SH_STANDALONE +int sh_forward_set_strip (const char * str); + +#endif + +/* generate a random password + */ +int sh_forward_create_password (const char * dummy); + +/* set time limit + */ +int sh_forward_set_time_limit(const char * str); + +/* error level for lookup failure + */ +int sh_forward_lookup_level (const char * c); + +/* create client entry for given password + */ +int sh_forward_make_client (const char * str); + +/* set port to which we connect + */ +int sh_forward_server_port (const char * str); + +#ifdef SH_WITH_SERVER + +#ifdef INET_SYSLOG +int set_syslog_active(const char * c); +#endif + +/* create socket and start listening + */ +void create_server_tcp_socket (); + +/* whether to use client address as known to the communication layer + * and set by accept() + */ +int set_socket_peer (const char * c); + +/* whether to use client severity + */ +int sh_forward_use_clt_sev (const char * c); + +/* whether to use client class + */ +int sh_forward_use_clt_class (const char * c); + +/* server port + */ +int sh_forward_set_port(const char * c); + +/* server interface + */ +int sh_forward_set_interface(const char * c); + +/* a wrapper function + */ +void sh_forward_html_write(void); + +/* register a client + */ +int sh_forward_register_client (const char * str); + +/* start server + */ +void sh_receive(void); + +/* free() everything + */ +void sh_forward_free_all (void); + +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) +/* talk to server + */ +long sh_forward (char * errmsg); + +/* set log server + */ +int sh_forward_setlogserver (const char * address); +void reset_count_dev_server(void); +#endif + +#ifdef SH_WITH_CLIENT + +/* request file from server. file may be "CONF" or "DATA". + */ +long sh_forward_req_file (char * file); + +#endif + +#endif + Index: branches/samhain-2_2-branch/include/sh_getopt.h =================================================================== --- branches/samhain-2_2-branch/include/sh_getopt.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_getopt.h (revision 66) @@ -0,0 +1,33 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_GETOPT_H +#define SH_GETOPT_H + + +int sh_getopt_get (int argc, char * argv[]); + +#endif + + + + + + + Index: branches/samhain-2_2-branch/include/sh_gpg.h =================================================================== --- branches/samhain-2_2-branch/include/sh_gpg.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_gpg.h (revision 66) @@ -0,0 +1,46 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#if (defined(WITH_GPG) || defined(WITH_PGP)) + +#ifndef SH_GPG_H +#define SH_GPG_H +/* this function exits if configuration file + * and/or database cannot be verified; otherwise returns 0 + */ +int sh_gpg_check_sign (long file_1, long file_2, int what); + +#endif + +/* #ifdef WITH_GPG */ +#endif + + + + + + + + + + + + + + Index: branches/samhain-2_2-branch/include/sh_gpg_chksum.h =================================================================== --- branches/samhain-2_2-branch/include/sh_gpg_chksum.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_gpg_chksum.h (revision 66) @@ -0,0 +1,53 @@ +#ifndef CHKSUM_H +#define CHKSUM_H +char gpgchk[50]; +gpgchk[0] = '4'; +gpgchk[1] = '0'; +gpgchk[2] = '7'; +gpgchk[3] = '8'; +gpgchk[4] = '4'; +gpgchk[5] = '6'; +gpgchk[6] = '0'; +gpgchk[7] = '1'; +gpgchk[8] = '7'; +gpgchk[9] = '5'; +gpgchk[10] = 'D'; +gpgchk[11] = '0'; +gpgchk[12] = '1'; +gpgchk[13] = 'B'; +gpgchk[14] = '4'; +gpgchk[15] = '4'; +gpgchk[16] = 'B'; +gpgchk[17] = '5'; +gpgchk[18] = 'E'; +gpgchk[19] = '3'; +gpgchk[20] = 'A'; +gpgchk[21] = '4'; +gpgchk[22] = '0'; +gpgchk[23] = 'E'; +gpgchk[24] = '4'; +gpgchk[25] = '4'; +gpgchk[26] = '0'; +gpgchk[27] = '1'; +gpgchk[28] = '6'; +gpgchk[29] = '3'; +gpgchk[30] = '3'; +gpgchk[31] = '3'; +gpgchk[32] = 'C'; +gpgchk[33] = 'F'; +gpgchk[34] = '3'; +gpgchk[35] = 'C'; +gpgchk[36] = '5'; +gpgchk[37] = '6'; +gpgchk[38] = 'A'; +gpgchk[39] = '7'; +gpgchk[40] = 'A'; +gpgchk[41] = 'B'; +gpgchk[42] = 'D'; +gpgchk[43] = '9'; +gpgchk[44] = '1'; +gpgchk[45] = '9'; +gpgchk[46] = '6'; +gpgchk[47] = '6'; +gpgchk[48] = '\0'; +#endif Index: branches/samhain-2_2-branch/include/sh_hash.h =================================================================== --- branches/samhain-2_2-branch/include/sh_hash.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_hash.h (revision 66) @@ -0,0 +1,132 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#ifndef SH_HASH_H +#define SH_HASH_H + +#include + +#include "samhain.h" +#include "sh_unix.h" +#include "sh_error.h" + +/* format a uint64 + */ +char * sh_hash_size_format(); + +/* report on a missing file + */ +int hashreport_missing( char *fullpath, int level); + +/* write database to stdout + */ +int sh_hash_pushdata_stdout (const char * str); + +/* version string for database + */ +int sh_hash_version_string(const char * str); + +/* List database content + */ +int sh_hash_list_db (const char * db_file); + +/* List database content with full detail + */ +int set_full_detail (const char * c); + +/* List database content with full detail, comma delimited + */ +int set_list_delimited (const char * c); + +/* Read the database from disk. + */ +void sh_hash_init (void); + +/* Check whether a file is present in the database. + */ +int sh_hash_have_it (char * newname); + +/* Get a file if it is present in the database. + */ +int sh_hash_get_it (char * newname, file_type * tmpFile); + +/* Delete the database from memory. + */ +void sh_hash_hashdelete (void); + +/* Insert a file into the database. + */ +void sh_hash_pushdata (file_type * buf, char * fileHash); + +/* reset sh_hash_pushdata to use 'update' in daemon mode + */ +void sh_hash_pushdata_reset (); + +/* Insert a file into the in-memory database. + */ +void sh_hash_pushdata_memory (file_type * theFile, char * fileHash); + +/* Compare a file with its status in the database. + */ +int sh_hash_compdata (int class, file_type * theFile, char * fileHash, + char * policy_override, int severity_override); + +/* Search for files in the database that have been deleted from disk. + */ +void sh_hash_unvisited (ShErrLevel level); + +/* Set a file's status to 'visited'. This is required for + * files that should be ignored, and may be present in the + * database, but not on disk. + */ +int sh_hash_set_visited (char * newname); + +/* As above, but only set the 'visited' flag + */ +int sh_hash_set_visited_true (char * newname); + +/* cause the record to be deleted without a 'missing' message + */ +int sh_hash_set_missing (char * newname); + +/* Make a complete directory tree invisible + */ +int hash_remove_tree (char * s); + +/* Make every entry visible + */ +int hash_full_tree (void); + +/* Insert data + */ +void sh_hash_push2db (char * key, unsigned long val1, + unsigned long val2, unsigned long val3, + unsigned char * str, int size); + +/* Retrieve data + */ +char * sh_hash_db2pop (char * key, unsigned long * val1, + unsigned long * val2, unsigned long * val3, + int * size); + +/* Write out database + */ +int sh_hash_writeout(); +#endif Index: branches/samhain-2_2-branch/include/sh_html.h =================================================================== --- branches/samhain-2_2-branch/include/sh_html.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_html.h (revision 66) @@ -0,0 +1,82 @@ +#ifndef SH_HTML_H +#define SH_HTML_H + +#ifdef SH_WITH_SERVER + + +#define CLT_INACTIVE 0 +#define CLT_STARTED 1 +#define CLT_ILLEGAL 2 +#define CLT_FAILED 3 +#define CLT_EXITED 4 +#define CLT_PANIC 5 +#define CLT_POLICY 6 +#define CLT_FILE 7 +#define CLT_MSG 8 +#define CLT_TOOLONG 9 +#define CLT_SUSPEND 10 +#define CLT_CHECK 11 +#define CLT_MAX 12 + +/************************ +char * clt_stat[] = { + N_("Inactive"), + N_("Started"), + N_("ILLEGAL"), + N_("FAILED"), + N_("Exited"), + N_("PANIC"), + N_("POLICY"), + N_("File transfer"), + N_("Message"), + N_("TIMEOUT_EXCEEDED"), +}; +**************************/ + +extern char * clt_stat[]; + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +#endif + +/* --- client status --- + */ +typedef struct client_entry { + char * hostname; + char * salt; + char * verifier; + char session_key[KEY_LEN+1]; + time_t session_key_timer; + time_t last_connect; + int exit_flag; + int dead_flag; + int encf_flag; + int ency_flag; + int status_now; + int status_arr[CLT_MAX]; + char timestamp[CLT_MAX][TIM_MAX]; +#ifdef SH_ENCRYPT + keyInstance keyInstE; + keyInstance keyInstD; +#endif +} client_t; + +/* --- server status --- + */ +typedef struct _s_stat { + time_t start; + time_t last; + int conn_open; + int conn_max; + long conn_total; +} s_stat; + +extern s_stat server_status; + +/* write html report. Expects (client_t *) inptr. + */ +int sh_html_write(void * inptr); + +#endif + +#endif Index: branches/samhain-2_2-branch/include/sh_ignore.h =================================================================== --- branches/samhain-2_2-branch/include/sh_ignore.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_ignore.h (revision 66) @@ -0,0 +1,12 @@ +#ifndef SH_IGNORE_H +#define SH_IGNORE_H + +int sh_ignore_add_del (const char * addpath); +int sh_ignore_add_new (const char * addpath); + +int sh_ignore_chk_del (const char * chkpath); +int sh_ignore_chk_new (const char * chkpath); + +int sh_ignore_clean (); + +#endif Index: branches/samhain-2_2-branch/include/sh_kern.h =================================================================== --- branches/samhain-2_2-branch/include/sh_kern.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_kern.h (revision 66) @@ -0,0 +1,30 @@ + +#ifndef SH_KERN_H +#define SH_KERN_H + +#include "sh_modules.h" + +#ifdef SH_USE_KERN +int sh_kern_init (void); +int sh_kern_timer (time_t tcurrent); +int sh_kern_check (void); +int sh_kern_end (void); +int sh_kern_null (void); + +int sh_kern_set_activate (char * c); +int sh_kern_set_severity (char * c); +int sh_kern_set_timer (char * c); +int sh_kern_set_idt (char * c); + +/* FIXME: document these */ +int sh_kern_set_sct_addr (char * c); +int sh_kern_set_sc_addr (char * c); +int sh_kern_set_proc_root (char * c); +int sh_kern_set_proc_root_lookup (char * c); +int sh_kern_set_proc_root_iops (char * c); + +extern sh_rconf sh_kern_table[]; +#endif + +/* #ifndef SH_UTMP_H */ +#endif Index: branches/samhain-2_2-branch/include/sh_ks.h =================================================================== --- branches/samhain-2_2-branch/include/sh_ks.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_ks.h (revision 66) @@ -0,0 +1,11 @@ +#ifndef SH_KERN_CALLS_H +#define SH_KERN_CALLS_H + +/* Dummy header. */ + +typedef struct _sh_syscall_t { + unsigned long addr; + char * name; +} sh_syscall_t; + +#endif Index: branches/samhain-2_2-branch/include/sh_ks_xor.h =================================================================== --- branches/samhain-2_2-branch/include/sh_ks_xor.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_ks_xor.h (revision 66) @@ -0,0 +1,11 @@ +#ifndef SH_KERN_CALLS_H +#define SH_KERN_CALLS_H + +/* Dummy header. */ + +typedef struct _sh_syscall_t { + unsigned long addr; + char * name; +} sh_syscall_t; + +#endif Index: branches/samhain-2_2-branch/include/sh_mail.h =================================================================== --- branches/samhain-2_2-branch/include/sh_mail.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_mail.h (revision 66) @@ -0,0 +1,68 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_MAIL_H +#define SH_MAIL_H + +#define MAIL_IMMEDIATE 1 +#define MAIL_LATER 0 + +/* set a relay server + */ +int sh_mail_set_relay (const char * str_s); + +/* send to all recpts. in one mail + */ +int sh_mail_setFlag (const char * str); + +/* set the subject string + */ +int set_mail_subject (const char * str); + +/* test mailbox + */ +int sh_mail_sigverify (const char * s); + +/* maximum number of mail attempts + */ +#define SH_MAX_FAIL 48 + +int sh_mail_setNum (const char * str); + +int sh_mail_setaddress (const char * address); +void reset_count_dev_mail(void); +int sh_mail_setaddress_int (const char * address); + +/* call if not urgent + */ +int sh_mail_pushstack (/*@null@*/char * msg); + +/* call if mail immediate + */ +int sh_mail_msg (/*@null@*/char * message); + +/* set sender of mail + */ +int sh_mail_set_sender (const char *str); + +int sh_mail_add_or (const char * str); +int sh_mail_add_and (const char * str); +int sh_mail_add_not (const char * str); + +#endif Index: branches/samhain-2_2-branch/include/sh_mem.h =================================================================== --- branches/samhain-2_2-branch/include/sh_mem.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_mem.h (revision 66) @@ -0,0 +1,50 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#ifndef SH_MEM_H +#define SH_MEM_H + + +#ifdef MEM_DEBUG + +void sh_mem_openf (char * file, int fd); +void sh_mem_closef (int fd); +void sh_mem_check (void); +void sh_mem_dump (void); +void sh_mem_free (void * a, char * file, int line); +void * sh_mem_malloc (size_t size, char * file, int line); +void sh_mem_stat (void); + +#define SH_FREE(a) sh_mem_free((a), FIL__, __LINE__) +#define SH_ALLOC(a) sh_mem_malloc((a), FIL__, __LINE__) + +#else + + +void sh_mem_free (/*@only@*//*@out@*//*@null@*/ void * a); +/*@only@*//*@notnull@*/void * sh_mem_malloc (size_t size); + +#define SH_FREE(a) sh_mem_free(a) +#define SH_ALLOC(a) sh_mem_malloc(a) + +#endif + +/* #ifndef SH_MEM_H */ +#endif Index: branches/samhain-2_2-branch/include/sh_modules.h =================================================================== --- branches/samhain-2_2-branch/include/sh_modules.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_modules.h (revision 66) @@ -0,0 +1,48 @@ + +#ifndef SH_MODULE_H +#define SH_MODULE_H + + +typedef struct rconf +{ + char * the_opt; + int (*func)(char * opt); +} sh_rconf; + +typedef struct mod_type +{ + /* The name of the module */ + char * name; + + /* Set by samhain to 1 on successful initialization, else 0 */ + int initval; + + /* The initialization function. Return 0 on success. */ + int (* mod_init) (void); + + /* The timer function. Return 0 if NOT time to check. */ + int (* mod_timer) (time_t tcurrent); + + /* The check function. Return 0 on success. */ + int (* mod_check) (void); + + /* The cleanup function. Return 0 on success. */ + int (* mod_cleanup) (void); + + /* The preparation for reconfiguration. Return 0 on success. */ + int (* mod_reconf) (void); + + /* Section header in config file */ + char * conf_section; + + /* A table of key/handler_function for config file entries */ + sh_rconf * conf_table; + +} sh_mtype; + + +extern sh_mtype modList[]; + + +/* #ifndef SH_MODULE_H */ +#endif Index: branches/samhain-2_2-branch/include/sh_mounts.h =================================================================== --- branches/samhain-2_2-branch/include/sh_mounts.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_mounts.h (revision 66) @@ -0,0 +1,23 @@ +/* + * File: sh_mounts.h + * Desc: A module for Samhain; checks for mounts present and options on them. + * Auth: Cian Synnott + */ + +#ifndef SH_MOUNTS_H +#define SH_MOUNTS_H + +#include "sh_modules.h" + +#ifdef SH_USE_MOUNTS +int sh_mounts_init (void); +int sh_mounts_timer (time_t tcurrent); +int sh_mounts_check (void); +int sh_mounts_cleanup (void); +int sh_mounts_reconf (void); + +extern sh_rconf sh_mounts_table[]; +#endif + +/* #ifndef SH_MOUNTS_H */ +#endif Index: branches/samhain-2_2-branch/include/sh_prelink.h =================================================================== --- branches/samhain-2_2-branch/include/sh_prelink.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_prelink.h (revision 66) @@ -0,0 +1,18 @@ +#ifndef SH_PRELINK_H +#define SH_PRELINK_H + +/* path: full path to file; + * file_hash: allocated storage for checksum; + * alert_timeout: timeout for read + */ +int sh_prelink_run (char * path, char * file_hash, int alert_timeout); + +/* return S_TRUE if ELF file, S_FALSE otherwise + */ +int sh_prelink_iself (SL_TICKET fd, off_t size, int alert_timeout); + +/* configuration + */ +int sh_prelink_set_path (const char * str); +int sh_prelink_set_hash (const char * str); +#endif Index: branches/samhain-2_2-branch/include/sh_prelude.h =================================================================== --- branches/samhain-2_2-branch/include/sh_prelude.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_prelude.h (revision 66) @@ -0,0 +1,20 @@ +#ifndef SH_PRELUDE_H +#define SH_PRELUDE_H + +void sh_prelude_reset(); +void sh_prelude_stop(); +int sh_prelude_init(); + +int sh_prelude_set_profile(const char *arg); + +int sh_prelude_alert (int priority, int class, char * message, + long msgflags, unsigned long msgid); + +/* map severity levels + */ +int sh_prelude_map_info (const char * str); +int sh_prelude_map_low (const char * str); +int sh_prelude_map_medium (const char * str); +int sh_prelude_map_high (const char * str); + +#endif Index: branches/samhain-2_2-branch/include/sh_readconf.h =================================================================== --- branches/samhain-2_2-branch/include/sh_readconf.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_readconf.h (revision 66) @@ -0,0 +1,41 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + + +#ifndef SH_READCONFIG_H +#define SH_READCONFIG_H + +/* set the config file + */ +int sh_readconf_setcfgfile (char * filename); + +/* read the configuration file + */ +int sh_readconf_read (void); + +#endif + + + + + + + + Index: branches/samhain-2_2-branch/include/sh_schedule.h =================================================================== --- branches/samhain-2_2-branch/include/sh_schedule.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_schedule.h (revision 66) @@ -0,0 +1,30 @@ +#ifndef SH_SCHEDULE_H +#define SH_SCHEDULE_H + +/************************************************ + * + * Scheduler class - public definitions + * + ************************************************/ + +typedef struct sh_schedule_ { + int max[5]; + int min[5]; + int step[5]; + int min_step; + time_t last_exec; + int first; + struct sh_schedule_ * next; +} sh_schedule_t; + +/* This function parses a crontab-like schedule and fills a + * sh_schedule_t structure provided by the caller. + */ +int create_sched (const char * ssched, sh_schedule_t * isched); + +/* This function returns 1 if the scheduled event should be executed, + * else 0 + */ +int test_sched (sh_schedule_t * isched); + +#endif Index: branches/samhain-2_2-branch/include/sh_socket.h =================================================================== --- branches/samhain-2_2-branch/include/sh_socket.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_socket.h (revision 66) @@ -0,0 +1,26 @@ +#ifndef SH_SOCKET_H +#define SH_SOCKET_H + +/* 63 (cmd) + 1 (':') + 63 (host) + 1 ('\0') + 81 + */ +#define SH_MAXMSG 209 +#define SH_MAXMSGLEN 64 + +#if defined (SH_WITH_CLIENT) +void sh_socket_server_cmd(const char * srvcmd); +#endif + +#if defined (SH_WITH_SERVER) + + +int sh_socket_open_int (); +int sh_socket_remove (); +char * sh_socket_check(const char * client_name); +int sh_socket_poll(); +void sh_socket_add2reload (const char * clt); + + +#endif + + +#endif Index: branches/samhain-2_2-branch/include/sh_srp.h =================================================================== --- branches/samhain-2_2-branch/include/sh_srp.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_srp.h (revision 66) @@ -0,0 +1,35 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +void sh_srp_x (char * salt, char * password); +int sh_srp_make_a (void); +char * sh_srp_M (char * x1, char * x2, char * x3); + +char * sh_srp_verifier (void); +int sh_srp_check_zero (char * AB_str); + +int sh_srp_init(void); +void sh_srp_exit(void); +char * sh_srp_A (void); +char * sh_srp_B (char * verifier); +char * sh_srp_S_c (char * u_str, char * B_str); +char * sh_srp_S_s (char * u_str, char * A_str, char * v_str); + + Index: branches/samhain-2_2-branch/include/sh_static.h =================================================================== --- branches/samhain-2_2-branch/include/sh_static.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_static.h (revision 66) @@ -0,0 +1,42 @@ +#ifndef SH_STATIC_H +#define SH_STATIC_H + +#include "config_xor.h" + +#if defined(SH_COMPILE_STATIC) && defined(__linux__) + +#ifdef SH_NEED_PWD_GRP +int sh_initgroups(const char *user, gid_t gid); +struct group * sh_getgrent(void); +struct passwd * sh_getpwent(void); +void sh_endgrent(void); +void sh_setgrent(void); +void sh_endpwent(void); +void sh_setpwent(void); +struct group * sh_getgrnam(const char *name); +struct passwd * sh_getpwnam(const char *name); +struct group * sh_getgrgid(gid_t gid); +struct passwd * sh_getpwuid(uid_t uid); +#endif + +#ifdef SH_NEED_GETHOSTBYXXX +struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type); +struct hostent * sh_gethostbyname(const char *name); +#endif + +#else + +#define sh_initgroups initgroups +#define sh_getgrgid getgrgid +#define sh_getpwent getpwent +#define sh_getpwnam getpwnam +#define sh_getpwuid getpwuid +#define sh_endpwent endpwent + +#define sh_gethostbyaddr gethostbyaddr +#define sh_gethostbyname gethostbyname + +#endif + +#endif + Index: branches/samhain-2_2-branch/include/sh_suidchk.h =================================================================== --- branches/samhain-2_2-branch/include/sh_suidchk.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_suidchk.h (revision 66) @@ -0,0 +1,41 @@ + +#ifndef SH_SUIDCHK_H +#define SH_SUIDCHK_H + +#include "sh_modules.h" + +#ifdef SH_USE_SUIDCHK +int sh_suidchk_init (void); +int sh_suidchk_timer (time_t tcurrent); +int sh_suidchk_check (void); +int sh_suidchk_end (void); +int sh_suidchk_free_schedule (void); + +int sh_suidchk_set_activate (char * c); +int sh_suidchk_set_severity (char * c); +int sh_suidchk_set_timer (char * c); +int sh_suidchk_set_schedule (char * c); +int sh_suidchk_set_exclude (char * c); +int sh_suidchk_set_fps (char * c); +int sh_suidchk_set_yield (char * c); +int sh_suidchk_set_quarantine (char * c); +int sh_suidchk_set_qmethod (char * c); +int sh_suidchk_set_qdelete (char * c); + + +extern sh_rconf sh_suidchk_table[]; + +/* Quarantine Methods + */ +typedef enum { + + SH_Q_DELETE = 0, /* delete */ + SH_Q_CHANGEPERM = 1, /* remove suid/sgid permissions */ + SH_Q_MOVE = 2 /* move */ + } ShQuarantineMethod; + + +#endif + +/* #ifndef SH_SUIDCHK_H */ +#endif Index: branches/samhain-2_2-branch/include/sh_tiger.h =================================================================== --- branches/samhain-2_2-branch/include/sh_tiger.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_tiger.h (revision 66) @@ -0,0 +1,41 @@ + +#ifndef SH_TIGER_H +#define SH_TIGER_H + +#include "config_xor.h" +#include "slib.h" +#include "samhain.h" + +typedef enum { + TIGER_FILE, + TIGER_FD, + TIGER_DATA +} TigerType; + +extern SL_TICKET tiger_fd; + +/* the checksum function + */ +/*@owned@*/ char * sh_tiger_hash (const char * filename, TigerType what, + UINT64 Length); + +/* NEW Thu Oct 18 19:59:08 CEST 2001 + */ +int sh_tiger_hashtype (const char * c); +char * sh_tiger_generic_hash (char * filename, TigerType what, + UINT64 Length, int timeout); + +UINT32 * sh_tiger_hash_uint32 (char * filename, + TigerType what, + UINT64 Length); + +/* get the type of hash function used + * 0 = tiger192, 1 = sha1, 2 = md5 + */ +int sh_tiger_get_hashtype (); + +/* GnuPG-like format + */ +/*@owned@*/ char * sh_tiger_hash_gpg (const char * filename, TigerType what, + UINT64 Length); +#endif Index: branches/samhain-2_2-branch/include/sh_tools.h =================================================================== --- branches/samhain-2_2-branch/include/sh_tools.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_tools.h (revision 66) @@ -0,0 +1,87 @@ +#ifndef SH_TOOLS_H +#define SH_TOOLS_H + +#define SH_DO_WRITE 0 +#define SH_DO_READ 1 + +/* protocols + */ +#define SH_PROTO_SRP (1 << 0) +#define SH_PROTO_MSG (1 << 2) +#define SH_PROTO_BIG (1 << 3) +#define SH_PROTO_END (1 << 4) +#define SH_PROTO_ENC (1 << 5) +#define SH_PROTO_EN2 (1 << 6) +#define SH_MASK_ENC (SH_PROTO_ENC|SH_PROTO_EN2) + +#ifdef SH_ENCRYPT +char * errorExplain (int err_num); +#endif + +char * sh_tools_safe_name(const char * str, int flag); +int is_numeric (const char * address); +int connect_port (char * address, int port, + char * ecall, int * errnum, char * errmsg, int errsiz); +int connect_port_2 (char * address1, char * address2, int port, + char * ecall, int * errnum, char * errmsg, int errsiz); +void delete_cache(void); +char * sh_tools_errmessage (int tellme); + + +void sh_tools_show_header (unsigned char * head, char sign); + +#if defined (SH_WITH_SERVER) + +int get_open_max (void); + +void put_header (/*@out@*/unsigned char * head, int protocol, + unsigned long * length, char * u); + +int check_request_s (char * have, char * need, char * clt); +int check_request_nerr (char * have, char * need); + +char * hash_me (char * key, char * buf, int buflen); +int sh_tools_hash_vfy(char * key, char * buf, int buflen); + +char * get_client_conf_file (char * peer, unsigned long * length); +char * get_client_data_file (char * peer, unsigned long * length); + +#endif + +unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout); + + +#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout); + +int check_request (char * have, char * need); +int check_request_nerr (char * have, char * need); + +void get_header (unsigned char * head, unsigned long * bytes, char * u); +void put_header (unsigned char * head, int protocol, + unsigned long * length, char * u); + +/* + SL_TICKET open_tmp (void); + int close_tmp (SL_TICKET fd); + int rewind_tmp (SL_TICKET fd); +*/ + +void sh_tools_server_cmd(const char * srvcmd); + +int hash_check(char * key, + char * buf, int buflen); + +int sh_tools_hash_add(char * key, char * buf, int buflen); +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) +SL_TICKET open_tmp (void); +int close_tmp (SL_TICKET fd); +int rewind_tmp (SL_TICKET fd); +#endif + +#endif Index: branches/samhain-2_2-branch/include/sh_trace.h =================================================================== --- branches/samhain-2_2-branch/include/sh_trace.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_trace.h (revision 66) @@ -0,0 +1,44 @@ +#ifndef SH_TRACE_H +#define SH_TRACE_H + + +/* This file should be included via samhain.h only. + */ + +#ifdef SL_DEBUG +#define ASSERT(expr, expr1) \ + if (!(expr)) \ + fprintf(stderr, \ + SDG_AERRO, \ + FIL__, __LINE__, expr1 ); + + +#define ASSERT_RET(expr, expr1, rr) \ + if (!(expr)) \ + { \ + fprintf(stderr, \ + SDG_AERRO, \ + FIL__, __LINE__, expr1 ); \ + TPT(( (-1), FIL__, __LINE__, SDG_0RETU)) \ + return (rr); \ + } +#else +#define ASSERT(expr, expr1) + +#define ASSERT_RET(expr, expr1, rr) \ + if (!(expr)) return (rr); +#endif + + +#ifdef SL_DEBUG +#define TX1(expr1) \ + fprintf(stderr, \ + SDG_TERRO, \ + FIL__, __LINE__, expr1 ); +#else +#define TX1(expr1) +#endif + +/* #ifndef SH_TRACE_H */ +#endif + Index: branches/samhain-2_2-branch/include/sh_unix.h =================================================================== --- branches/samhain-2_2-branch/include/sh_unix.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_unix.h (revision 66) @@ -0,0 +1,380 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + + +#ifndef SH_UNIX_H +#define SH_UNIX_H + +#include +#include +#include "samhain.h" +#include "sh_error.h" + + +typedef enum { + SH_ISLOG, + SH_ISFILE, + SH_ISDIR, + SH_ISDATA +} ShOpenType; + +typedef enum { + SH_DATA_RAW, + SH_DATA_LINE +} ShDataType; + +typedef enum { + SH_FILE_REGULAR, + SH_FILE_SYMLINK, + SH_FILE_DIRECTORY, + SH_FILE_CDEV, + SH_FILE_BDEV, + SH_FILE_FIFO, + SH_FILE_SOCKET, + SH_FILE_DOOR, + SH_FILE_PORT, + SH_FILE_UNKNOWN +} ShFileType; + +/* -- Attributes to check. -- + */ + +/* checksum */ +#define MODI_CHK (1 << 0) +/* link */ +#define MODI_LNK (1 << 1) +/* inode */ +#define MODI_INO (1 << 2) +/* user */ +#define MODI_USR (1 << 3) +/* group */ +#define MODI_GRP (1 << 4) +/* mtime */ +#define MODI_MTM (1 << 5) +/* ctime */ +#define MODI_CTM (1 << 6) +/* atime */ +#define MODI_ATM (1 << 7) +/* size */ +#define MODI_SIZ (1 << 8) +/* file mode */ +#define MODI_MOD (1 << 9) +/* hardlinks */ +#define MODI_HLN (1 << 10) +/* device type */ +#define MODI_RDEV (1 << 11) +/* size may grow */ +#define MODI_SGROW (1 << 12) +/* use prelink */ +#define MODI_PREL (1 << 13) + +#define MASK_ALLIGNORE_ 0 +extern unsigned long mask_ALLIGNORE; +#define MASK_ATTRIBUTES_ (MODI_MOD|MODI_USR|MODI_GRP|MODI_RDEV) +extern unsigned long mask_ATTRIBUTES; +#define MASK_LOGFILES_ (MASK_ATTRIBUTES_|MODI_HLN|MODI_LNK|MODI_INO) +extern unsigned long mask_LOGFILES; +#define MASK_LOGGROW_ (MASK_LOGFILES_|MODI_SIZ|MODI_SGROW|MODI_CHK) +extern unsigned long mask_LOGGROW; +#define MASK_READONLY_ (MASK_LOGFILES_|MODI_CHK|MODI_SIZ|MODI_MTM|MODI_CTM) +extern unsigned long mask_READONLY; +#define MASK_NOIGNORE_ (MASK_LOGFILES_|MODI_CHK|MODI_SIZ|MODI_ATM|MODI_MTM) +extern unsigned long mask_NOIGNORE; +#define MASK_USER_ (MASK_READONLY_|MODI_ATM) +extern unsigned long mask_USER0; +extern unsigned long mask_USER1; +extern unsigned long mask_USER2; +extern unsigned long mask_USER3; +extern unsigned long mask_USER4; +/* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL) + */ +#define MASK_PRELINK_ (MASK_ATTRIBUTES_|MODI_HLN|MODI_LNK|MODI_CHK|MODI_PREL) +extern unsigned long mask_PRELINK; + +typedef struct file_struct { + unsigned long check_mask; + int reported; + char fullpath[PATH_MAX]; + ShFileType type; + dev_t dev; + ino_t ino; + mode_t mode; + nlink_t hardlinks; +#if defined(__linux__) || defined(HAVE_STAT_FLAGS) + unsigned long attributes; + char c_attributes[16]; +#endif + char c_mode[11]; + uid_t owner; + char c_owner[USER_MAX+2]; + gid_t group; + char c_group[GROUP_MAX+2]; + dev_t rdev; + off_t size; + unsigned long blksize; + unsigned long blocks; + time_t atime; + time_t mtime; + time_t ctime; + + char linkpath[PATH_MAX]; + mode_t linkmode; + char link_c_mode[11]; + int linkisok; +} file_type; + +/* mlock utilities + */ +int sh_unix_mlock(char * file, int line, void * addr, size_t len); +int sh_unix_munlock(void * addr, size_t len); +int sh_unix_count_mlock(); +/* public for unit tests */ +int sh_unix_pagesize(); +unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages); + +/* chroot directory + */ +int sh_unix_set_chroot(const char * str); + +/* whether to use localtime for file timesatams in logs + */ +int sh_unix_uselocaltime (const char * c); + +/* set I/O limit + */ +int sh_unix_set_io_limit (const char * c); +void sh_unix_io_pause (); + +/* get file type + */ +int sh_unix_get_ftype(char * fullpath); + +/* reset masks for policies + */ +int sh_unix_maskreset(); + +/* return true if database is remote + */ +int file_is_remote (); + +/* return the path to the configuration/database file + */ +char * file_path(char what, char flag); + +/* return current time as unsigned long + */ +unsigned long sh_unix_longtime (void); + +/* close all files >= fd, except possibly one + */ +void sh_unix_closeall (int fd, int except); + + +/* write lock for filename + */ +int sh_unix_write_lock_file(char * filename); + +/* rm lock(s) for log file(s) + */ +int sh_unix_rm_lock_file(char * filename); + +/* write the PID file + */ +int sh_unix_write_pid_file(); + +/* rm the PID file + */ +int sh_unix_rm_pid_file(); + + +/* checksum of own binary + */ +int sh_unix_self_hash (const char * c); + +/* return BAD on failure + */ +int sh_unix_self_check (void); + +/* add a trusted user to the list + */ +int tf_add_trusted_user(const char *); + +/* check a file + */ +int tf_trust_check (char * file, int mode); + +/* initialize group vector + */ +#ifdef HOST_IS_OSF +int sh_unix_initgroups ( char * in_user, gid_t in_gid); +#else +int sh_unix_initgroups (const char * in_user, gid_t in_gid); +#endif +int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid); + +/* set the timeserver address + */ +int sh_unix_settimeserver (const char * address); +void reset_count_dev_time(void); + +/* lock the key + */ +void sh_unix_memlock(void); + +/* deamon mode + */ +int sh_unix_setdeamon (const char * dummy); +int sh_unix_setnodeamon(const char * dummy); + +/* Test whether file exists + */ +int sh_unix_file_stat(char * path); + +/* test whether file exists with proper attributes + */ +int sh_unix_file_exists(int fd); + +/* local host + */ +void sh_unix_localhost(void); + +/* check whether /proc exists and is a proc filesystem + */ +int sh_unix_test_proc(void); + +/* check whether a directory is secure + * (no symlink in path, not world-writeable) + */ +/* int sh_unix_is_secure_dir (ShErrLevel level, char * tmp); */ + +/* obtain file info + */ +int sh_unix_getinfo (int level, char * filename, file_type * theFile, + char * fileHash, int flagrel); + +/* read file, return length read + */ +int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline); + +/* call with goDaemon == 1 to make daemon process + */ +int sh_unix_init(int goDaemon); + +/* for local time use thetime = 0 + */ +/*@owned@*/ char * sh_unix_time (time_t thetime); + +/* convert to GMT time + */ +char * sh_unix_gmttime (time_t thetime); + +/* effective user info + */ +int sh_unix_getUser (void); + +/* get home directory + */ +char * sh_unix_getUIDdir (int level, uid_t uid); + + +#ifdef HAVE_GETTIMEOFDAY +unsigned long sh_unix_notime (void); +#endif + +/* check whether a directory + */ +int sh_unix_isdir (char * dirName, int level); + +#ifdef SH_STEALTH +int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len); +void sh_unix_xor_code (char * str, int len); +#endif + +#if defined(SCREW_IT_UP) +/* for raise() + */ +#include +#include + +void sh_sigtrap_handler (int signum); +extern volatile int sh_not_traced; + +#ifdef HAVE_GETTIMEOFDAY +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif +extern struct timeval save_tv; +#endif + +static inline +int sh_sigtrap_prepare() +{ + struct sigaction act_trap; + int val_retry; + act_trap.sa_handler = &sh_sigtrap_handler; /* signal action */ + act_trap.sa_flags = 0; /* init sa_flags */ + sigemptyset ( &act_trap.sa_mask ); /* set an empty mask */ + do { + val_retry = sigaction(SIGTRAP, &act_trap, NULL); + } while (val_retry < 0 && errno == EINTR); + return 0; +} + +/*@unused@*/ static inline +int sh_derr(void) +{ + sh_not_traced = 0; + +#ifdef HAVE_GETTIMEOFDAY + gettimeofday(&save_tv, NULL); +#endif + +#if defined(__linux__) && defined(__GNUC__) && defined(__i386__) + __asm__ __volatile__ ("int $0x03"); +#else + raise(SIGTRAP); +#endif + + if (sh_not_traced == 0) + _exit(5); + sh_not_traced = 0; + return (0); +} + +#else + +/*@unused@*/ static inline +int sh_derr(void) +{ + return 0; +} +/* #if defined(SCREW_IT_UP) */ +#endif + +#endif + + Index: branches/samhain-2_2-branch/include/sh_userfiles.h =================================================================== --- branches/samhain-2_2-branch/include/sh_userfiles.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_userfiles.h (revision 66) @@ -0,0 +1,30 @@ +/* + * File: sh_userfiles.h + * Desc: A module for Samhain; adds files in user directories to the check list + * Auth: Jerry Connolly + */ + +#ifndef SH_USERFILES_H +#define SH_USERFILES_H + +#ifdef SH_USE_USERFILES +int sh_userfiles_init (void); +int sh_userfiles_timer (time_t tcurrent); +int sh_userfiles_check (void); +int sh_userfiles_end (void); +int sh_userfiles_cleanup (void); +int sh_userfiles_reconf (void); + +int sh_userfiles_set_uid (char * str); +int sh_userfiles_add_file(char *c); +int sh_userfiles_set_interval(char *c); +int sh_userfiles_set_active(char *c); +int sh_userfiles_check_internal(); + +extern sh_rconf sh_userfiles_table[]; + + +#endif + +/* #ifndef SH_USERFILES_H */ +#endif Index: branches/samhain-2_2-branch/include/sh_utils.h =================================================================== --- branches/samhain-2_2-branch/include/sh_utils.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_utils.h (revision 66) @@ -0,0 +1,164 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#ifndef SH_UTILS_H +#define SH_UTILS_H + +#include + +#include "slib.h" + +#include "sh_error.h" +#include "sh_unix.h" + +#define S_FMT_STRING 1 +#define S_FMT_ULONG 2 +#define S_FMT_TIME 3 +#define S_FMT_LONG 4 + + +typedef struct ft_struc { + char fchar; + int type; + unsigned long data_ulong; + long data_long; + /*@null@*/char *data_str; +} st_format; + +char * sh_util_formatted (const char * fmt, st_format * ftab); + +typedef struct sh_timeout_struct { + UINT64 time_last; + UINT64 time_dist; + int flag_ok; +} SH_TIMEOUT; + +int sh_util_timeout_check (SH_TIMEOUT * sh_timer); + +/* This is a maximally equidistributed combined Tausworthe + * generator. + */ +UINT32 taus_get (void *state1, void *state2, void *state3); +double taus_get_double (void *vstate); /* fast */ +int taus_seed (void); + +char * sh_util_strdup (const char * str); +char * sh_util_strsep (char **str, const char *delim); + +/* set signature type HASH-TIGER/HMAC-TIGER + */ +int sh_util_sigtype (const char * c); + +/* compute a signature + */ +char * sh_util_siggen (char * hexkey, + char * text, size_t textlen); + +/* eval boolean input + */ +int sh_util_flagval(const char * c, int * fval); + +/* ask if a file should be updated (returns S_TRUE/S_FALSE) + */ +int sh_util_ask_update(char * path); +int sh_util_set_interactive(const char * str); + +/* don't log output files + */ +int sh_util_hidesetup(const char * c); + +/* exceptions to obscure name check + */ +int sh_util_obscure_ok (const char * str); + +/* read a hexchar + */ +int sh_util_hexchar( char c ); + +/* change verifier + */ +int sh_util_set_newkey (const char * str); + +/* server mode + */ +int sh_util_setserver (const char * dummy); + +/* a simple compressor + */ +long sh_util_compress (char * dest, char * src, size_t dest_size); + +/* an even simpler en-/decoder + */ +void sh_util_encode (char * data, char * salt, int mode, char fill); + +/* copy len ( < 4) bytes from (char *) (long src) to (char *) dest, + * determine the four LSB's and use them (independent of sizeof(long)) + */ +void sh_util_cpylong (char * dest, const char * src, int len ); + +/* set timer for main loop + */ +int sh_util_setlooptime (const char * str); + +/* whether init or check the database + */ +int sh_util_setchecksum (const char * str); + +/* compare an in_string against a regular expression regex_str + return GOOD on successful match +*/ +int sh_util_regcmp (char * regex_str, char * in_str); + + +/* returns freshly allocated memory, return value should be free'd. + * Arhument list must be NULL terminated. + */ +char * sh_util_strconcat (const char * arg1, ...); + +/* check if string is numeric only + */ +int sh_util_isnum (char *str); + +/* init a key w/random string + */ +int sh_util_keyinit (char * buf, long size); + + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_dirname(const char * fullpath); + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_safe_name (const char * name); + +/* check max size of printf result string + */ +int sh_util_printf_maxlength (const char * fmt, va_list vl); + +/* check for obscure filenames + */ +int sh_util_obscurename (ShErrLevel level, char * name, int flag); + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_basename(const char * fullpath); + +#endif Index: branches/samhain-2_2-branch/include/sh_utmp.h =================================================================== --- branches/samhain-2_2-branch/include/sh_utmp.h (revision 66) +++ branches/samhain-2_2-branch/include/sh_utmp.h (revision 66) @@ -0,0 +1,24 @@ + +#ifndef SH_UTMP_H +#define SH_UTMP_H + +#include "sh_modules.h" + +#ifdef SH_USE_UTMP +int sh_utmp_init (void); +int sh_utmp_timer (time_t tcurrent); +int sh_utmp_check (void); +int sh_utmp_end (void); +int sh_utmp_null (void); + +int sh_utmp_set_login_activate (char * c); +int sh_utmp_set_login_solo (char * c); +int sh_utmp_set_login_multi (char * c); +int sh_utmp_set_logout_good (char * c); +int sh_utmp_set_login_timer (char * c); + +extern sh_rconf sh_utmp_table[]; +#endif + +/* #ifndef SH_UTMP_H */ +#endif Index: branches/samhain-2_2-branch/include/slib.h =================================================================== --- branches/samhain-2_2-branch/include/slib.h (revision 66) +++ branches/samhain-2_2-branch/include/slib.h (revision 66) @@ -0,0 +1,550 @@ +/* -------------------------------------------------------------- + * + * The developement of this library has been stimulated by reading + * a paper on 'Robust Programming' by Matt Bishop, although + * not all of his ideas might be implemented in the same + * strictness as discussed in the paper. + * + * -------------------------------------------------------------- + */ + +#ifndef SL_SLIB_H +#define SL_SLIB_H + +#include +#include +#include +#include +#include + +#include "config_xor.h" + +#ifdef HAVE_UNISTD_H +#include +#endif + +/**************** + + -- Defined in config.h. -- + + #ifndef _(string) + #define _(string) string + #endif + + #ifndef N_(string) + #define N_(string) string + #endif + +*****************/ + +/* -------------------------------------------------------------- + * + * Typedefs, global variables, macros. + * + * -------------------------------------------------------------- + */ + +extern long int sl_errno; /* Global error variable. */ + + +/* The ticketing system; used to hide internals from the + * programmer. + */ +typedef long int SL_TICKET; /* Unique ID for opened files. */ + + +/* + * TRUE, FALSE + */ +#define SL_TRUE 1 +#define SL_FALSE 0 + + + +/* + * The following macros are provided: + * + * SL_ISERROR(x) TRUE if return status of 'x' is an error code. + * SL_REQUIRE(x, xstr) Abort if 'x' is false. + * SL_ENTER(s) Trace entry in function 's'. + * SL_RETURN(x, s) Trace return from function 's'. + */ + + +/* + * The error codes. + */ +#define SL_ENONE 0 + +#define SL_ENULL -1024 /* Invalid use of NULL pointer. */ +#define SL_ERANGE -1025 /* Argument out of range. */ +#define SL_ETRUNC -1026 /* Result truncated. */ +#define SL_EREPEAT -1027 /* Illegal repeated use of function. */ + +#define SL_EINTERNAL -1028 /* Internal error. */ +#define SL_ETICKET -1029 /* Bad ticket. */ +#define SL_EBADFILE -1030 /* File access error. Check errno. */ +#define SL_EBOGUS -1031 /* Bogus file. */ +#define SL_EMEM -1032 /* Out of memory. */ +#define SL_EUNLINK -1033 /* Unlink error. Check errno. */ +#define SL_EREWIND -1034 /* Rewind error. Check errno. */ +#define SL_EFORWARD -1035 /* Forward error. Check errno. */ +#define SL_EREAD -1036 /* Read error. Check errno. */ +#define SL_EWRITE -1037 /* Write error. Check errno. */ +#define SL_ESYNC -1038 /* Write error. Check errno. */ + +#define SL_EBADNAME -1040 /* Invalid name. */ +#define SL_ESTAT -1041 /* stat of file failed. Check errno. */ + +#define SL_EBADUID -1050 /* Owner not trustworthy. */ +#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/ +#define SL_EBADOTH -1052 /* World writeable. */ + +#define SL_TOOMANY -1053 /* Too many open files */ +#define SL_TIMEOUT -1054 /* Timeout in read */ +/* + * All int functions return SL_NONE on success. + */ + +#ifdef __cplusplus +extern "C" { +#endif + + int dlog (int flag, char * file, int line, const char *fmt, ...); + + char * sl_get_errmsg(); + + /* ---------------------------------------------------------------- + * + * Heap consistency routines + * + * ---------------------------------------------------------------- */ + + int sl_test_heap(); + + /* ---------------------------------------------------------------- + * + * Capability routines + * + * ---------------------------------------------------------------- */ + + extern int sl_useCaps; + + int sl_drop_cap (); + int sl_drop_cap_sub(); + int sl_get_cap_sub(); + int sl_drop_cap_qdel(); + int sl_get_cap_qdel(); + + /* ---------------------------------------------------------------- + * + * String handling routines + * + * ---------------------------------------------------------------- */ + + /* + * A memset that does not get optimized away + */ + void *sl_memset(void *s, int c, size_t n); +#if !defined(SH_REAL_SET) +#undef memset +#define memset sl_memset +#endif + + /* + * Copy src to dst. siz is the length of dst. + */ + int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); + + /* + * Append src to dst. siz is the length of dst. + */ + int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz); + + /* + * An implementation of vsnprintf. va_start/va_end are in the caller + * function. + */ + int sl_vsnprintf(char *str, size_t n, + const char *format, va_list vl ); + + /* + * An implementation of snprintf. + */ + int sl_snprintf(char *str, size_t n, + const char *format, ... ); + + /* + * A robust drop-in replacement of strncpy. strlcpy is preferable. + */ + char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size); + + /* + * Robust strncat. + */ + char * sl_strncat(char *dst, const char *src, size_t n); + + /* + * strstr + */ + char * sl_strstr (const char * haystack, const char * needle); + + /* + * robust strncmp replacement + */ + int sl_strncmp(const char * a, const char * b, size_t n); + + /* + * robust strcmp replacement + */ + int sl_strcmp(const char * a, const char * b); + + /* + * robust strlen replacement + */ +#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg))) + + /* ---------------------------------------------------------------- + * + * Privilege handling routines + * + * ---------------------------------------------------------------- */ + + /* + * ONE OF THE FOLLOWING THREE FUNCTIONS + * SHOULD BE CALLED BEFORE ANY OTHER OF THE + * UID HANDLING FUNCTIONS. + */ + int sl_policy_get_user(char *username); /* drop SUID to */ + int sl_policy_get_real(char *username); /* drop privs to */ + int sl_policy_get_root(void); /* drop SUID to root */ + + /* + * If not using one of the above, use this function, + * and then call sh_unset_suid(). + * This function saves the uid's. + * It calls abort() on error. + */ + int sl_save_uids(void); + + /* + * This function returns the saved euid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_euid(/*@out@*/uid_t * ret); + uid_t sl_ret_euid(); + + /* + * This function returns the saved egid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_egid(/*@out@*/gid_t * ret); + + /* + * This function returns the saved current ruid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_ruid(/*@out@*/uid_t * ret); + + /* + * This function returns the saved current rgid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_rgid(gid_t * ret); + + /* + * This function returns the saved original ruid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_ruid_orig(uid_t * ret); + + /* + * This function returns the saved original rgid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_rgid_orig(gid_t * ret); + + /* + * This function returns true if the program is SUID. + * It calls abort() if the uid's are not saved already. + */ + int sl_is_suid(void); + + /* + * This function sets the effective uid + * to the saved effective uid. + */ + int sl_set_suid (void); + + /* + * This function sets the effective uid to the real uid. + */ + int sl_unset_suid (void); + + /* + * This function drops SUID privileges irrevocably. + */ + int sl_drop_privileges(void); + + /* ---------------------------------------------------------------- + * + * File handling routines + * + * ---------------------------------------------------------------- */ + + SL_TICKET sl_make_ticket (int fd, char * path); + + /* Open for writing. + */ + SL_TICKET sl_open_write (const char * fname, int priviledge_mode); + + /* Open for reading. + */ + SL_TICKET sl_open_read (const char * fname, int priviledge_mode); + + /* Open for reading w/minimum checking. + */ + SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode); + + /* Open for read and write. + */ + SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode); + + /* Open for read and write, fail if file exists. + */ + SL_TICKET sl_open_safe_rdwr (const char * fname, int priv); + + /* Open for write, truncate. + */ + SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode); + + /* Open for read and write, truncate. + */ + SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode); + + /* Close file. + */ + int sl_close (SL_TICKET ticket); + + /* Unlink file. + */ + int sl_unlink (SL_TICKET ticket); + + /* Rewind file. + */ + int sl_rewind (SL_TICKET ticket); + + /* Seek file. + */ + int sl_seek (SL_TICKET ticket, off_t off_data); + + /* Forward file. + */ + int sl_forward (SL_TICKET ticket); + + /* Sync file. + */ + int sl_sync (SL_TICKET ticket); + + /* Read file. + */ + int sl_read (SL_TICKET ticket, void * buf, size_t count); + + int sl_read_timeout_prep (SL_TICKET ticket); + + int sl_read_timeout (SL_TICKET ticket, void * buf, + size_t count, int timeout); + + int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count); + + /* Write file. + */ + int sl_write (SL_TICKET ticket, void * msg, long nbytes); + + /* Write file, terminate with newline. + */ + int sl_write_line (SL_TICKET ticket, void * msg, long nbytes); + + /* Drop all metadata for file descriptors >= fd. + */ + int sl_dropall(int fd, int except); + + /* Check whether file is trustworthy. + */ + int sl_trustfile(char * path, uid_t * ok, uid_t * bad); + + /* Check whether file is trustworthy. + */ + int sl_trustfile_euid(char * filename, uid_t euid); + + /* purge list of trusted users + */ + int sl_trust_purge_user (); + + /* Add a trusted user. + */ + int sl_trust_add_user (uid_t pwid); + + /* Get error string. + */ + char * sl_error_string(int errorcode); + + /* Get error file. + */ + char * sl_trust_errfile(void); + + /* Overflow tests + */ + int sl_ok_muli (int a, int b); + int sl_ok_divi (int a, int b); + int sl_ok_addi (int a, int b); + int sl_ok_subi (int a, int b); + + int sl_ok_muls (size_t a, size_t b); + int sl_ok_adds (size_t a, size_t b); + + +#ifdef __cplusplus +} +#endif + +/* Privilege modes for file access. + */ +#define SL_YESPRIV 0x33 +#define SL_NOPRIV 0x34 + +#define MAXFILENAME 2048 + + +/* + * This macro is TRUE if (x) < 0. + */ +#define SL_ISERROR(x) ((long)(x) < 0) + +#if defined(WITH_TPT) +#define TPT(arg) dlog arg ; +#else +#define TPT(arg) +#endif + + +/* + * The 'require' macro. + */ +#define SL_REQUIRE(assertion, astext) \ +do { \ + /*@i@*/ if (assertion) ; \ + else { \ + dlog(0, FIL__, __LINE__, SDG_AFAIL, \ + FIL__, __LINE__, astext); \ + _exit(EXIT_FAILURE); \ + } \ +} while (0) + + +/* + * The enter macro. Prints the trace if TRACE is on. + */ +extern int slib_do_trace; +extern int slib_trace_fd; + +#if defined(SL_DEBUG) +#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__); +#else +#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__); +#endif + +/* + * The return macro. + */ +#if defined(SL_DEBUG) +#ifndef S_SPLINT_S +#define SL_RETURN(x, s) \ +do { \ + sl_stack_pop(s, FIL__, __LINE__); \ + return(x); \ +} while(0) +#else +/*@notfunction@*/ +#define SL_RETURN(x, s) return(x); +#endif /* S_SPLINT_S */ +#else +#ifndef S_SPLINT_S +#define SL_RETURN(x, s) \ +do { \ + if (slib_do_trace != 0) \ + sl_trace_out(s, FIL__, __LINE__); \ + return(x); \ +} while(0) +#else +/*@notfunction@*/ +#define SL_RETURN(x, s) return(x); +#endif /* S_SPLINT_S */ +#endif /* SL_RETURN macro */ + +#if defined(SL_DEBUG) +#define SL_RET0(s) \ +do { \ + sl_stack_pop(s, FIL__, __LINE__); \ + return; \ +} while(0) +#else +#ifndef S_SPLINT_S +#define SL_RET0(s) \ +do { \ + if (slib_do_trace != 0) \ + sl_trace_out(s, FIL__, __LINE__); \ + return; \ +} while(0) +#else +/*@notfunction@*/ +#define SL_RET0(s) return; +#endif /* S_SPLINT_S */ +#endif /* SL_RETURN macro */ + +#if defined(SL_DEBUG) +void sl_stack_push(char * c, char * file, int line); +void sl_stack_pop(char * c, char * file, int line); +void sl_stack_print(); +#endif +void sl_trace_in (char * str, char * file, int line); +void sl_trace_out (char * str, char * file, int line); +int sl_trace_file (const char * str); +int sl_trace_use (const char * str); + + + + +/* + * The internal return macro. Sets sl_errno to the return value. + */ + +#if defined(SL_DEBUG) +#define SL_IRETURN(x, s) \ +do { \ + if((long)(x) < 0) { \ + TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \ + sl_errno=(x); \ + } \ + sl_stack_pop(s, FIL__, __LINE__); \ + if (1) return(x); \ +} while(0) +#else +#define SL_IRETURN(x, s) \ +do { \ + if ((long)(x) < 0) sl_errno=(x); \ + if (slib_do_trace) \ + sl_trace_out(s, FIL__, __LINE__); \ + if (1) return(x); \ +} while(0) + +#endif /* SL_IRETURN macro */ + + + +/* slib.h */ +#endif + + + + Index: branches/samhain-2_2-branch/include/trustfile.h =================================================================== --- branches/samhain-2_2-branch/include/trustfile.h (revision 66) +++ branches/samhain-2_2-branch/include/trustfile.h (revision 66) @@ -0,0 +1,94 @@ +/* + * This is the header file for the trust function + * + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + */ +/* + * trustfile return codes + */ +#define TF_ERROR -1 /* can't check -- error */ +#define TF_NO 0 /* file isn't trustworthy */ +#define TF_YES 1 /* file is trustworthy */ + +/* + * error codes + */ +#define TF_BADFILE 1 /* file name illegal */ +#define TF_BADNAME 2 /* name not valid (prob. ran out of room) */ +#define TF_BADSTAT 3 /* stat of file failed (see errno for why) */ +#define TF_NOROOM 4 /* not enough allocated space */ + +/* + * untrustworthy codes + */ +#define TF_BADUID 10 /* owner nmot trustworthy */ +#define TF_BADGID 11 /* group writeable and member not trustworthy */ +#define TF_BADOTH 12 /* anyone can write it */ + +/* + * the basic constant -- what is the longest path name possible? + * It should be at least the max path length as defined by system + * + 4 ("/../") + max file name length as defined by system; this + * should rarely fail (I rounded it up to 2048) + */ +#define MAXFILENAME 2048 + +/* + * function declaration + * + * #ifdef __STDC__ + * extern int trustfile(char *, int *, int *); + * #else + * extern int trustfile(); + * #endif + */ +/* + * these are useful global variables + * + * first set: who you gonna trust, by default? + * if the user does not specify a trusted or untrusted set of users, + * all users are considered untrusted EXCEPT: + * UID 0 -- root as root can do anything on most UNIX systems, this + * seems reasonable + * tf_euid -- programmer-selectable UID + * if the caller specifies a specific UID by putting + * it in this variable, it will be trusted; this is + * typically used to trust the effective UID of the + * process (note: NOT the real UID, which will cause all + * sorts of problems!) By default, this is set to -1, + * so if it's not set, root is the only trusted user + */ +extern uid_t tf_euid; /* space for EUID of process */ + +/* + * second set: how do you report problems? + * tf_errno on return when an error has occurred, this is set + * to the code indicating the reason for the error: + * TF_BADFILE passed NULL for pointer to file name + * TF_BADNAME could not expand to full path name + * TF_BADSTAT stat failed; usu. file doesn't exist + * TF_BADUID owner untrusted + * TF_BADGID group untrusted & can write + * TF_BADOTH anyone can write + * the value is preserved across calls where no error + * occurs, just like errno(2) + * tf_path if error occurs and a file name is involved, this + * contains the file name causing the problem + */ +extern char tf_path[MAXFILENAME]; /* error path for trust function */ + +extern uid_t rootonly[]; +extern int EUIDSLOT; + Index: branches/samhain-2_2-branch/include/zAVLTree.h =================================================================== --- branches/samhain-2_2-branch/include/zAVLTree.h (revision 66) +++ branches/samhain-2_2-branch/include/zAVLTree.h (revision 66) @@ -0,0 +1,72 @@ +/* + * zAVLTree.h: Header file for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.h.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to . + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + +#ifndef _ZAVLTREE_H_ +#define _ZAVLTREE_H_ + +/* typedef the keytype */ +typedef const char * zAVLKey; + +/* Comparison function for strings is strcmp(). */ +#define zAVLKey_cmp(tree, a, b) (strcmp((a), (b))) + + +typedef struct _zAVLNode { + zAVLKey key; + long depth; + void *item; + struct _zAVLNode *parent; + struct _zAVLNode *left; + struct _zAVLNode *right; +} zAVLNode; + + +typedef struct { + zAVLNode *top; + long count; + zAVLKey (*getkey)(const void *item); +} zAVLTree; + + +typedef struct { + const zAVLTree *avltree; + const zAVLNode *curnode; +} zAVLCursor; + + +extern zAVLTree *zAVLAllocTree (zAVLKey (*getkey)(void const *item)); +extern void zAVLFreeTree (zAVLTree *avltree, void (freeitem)(void *item)); +extern int zAVLInsert (zAVLTree *avltree, void *item); +extern void *zAVLSearch (zAVLTree const *avltree, zAVLKey key); +extern int zAVLDelete (zAVLTree *avltree, zAVLKey key); +extern void *zAVLFirst (zAVLCursor *avlcursor, zAVLTree const *avltree); +extern void *zAVLNext (zAVLCursor *avlcursor); + +#endif Index: branches/samhain-2_2-branch/init/samhain.start.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.start.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.start.in (revision 66) @@ -0,0 +1,77 @@ +#!/bin/sh + +# This file is public domain and comes with NO WARRANTY of any kind +# samhain deamon start/stop script. + +# This should be put in /etc/init.d (at least on machines SYSV R4 +# based systems) and linked to /etc/rc3.d/S99samhain. When this is done +# the samhain daemon will be started when the machine is started. + +PATH=/sbin:/usr/bin:/usr/sbin:/bin +basedir=/ + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +bindir=@bindir@ + +samhain_daemon_user=root # Run samhain as this user. + # If you use this, uncomment one of + # the su rows below. + +export PATH + +mode=$1 + +# The following test may be removed if this script isn't to be run as root. +if test ! -w / +then + echo "$0: this script must be run as root ... fatal error" + exit 1 +fi + + +# Safeguard (relative paths, core dumps..) +cd $basedir + +case "$mode" in + 'start') + # Start deamon + if test -x ${bindir}/samhain + then + if test -x /sbin/startproc + then + # use startproc if available + startproc ${bindir}/samhain -t check -D + else + # For Linux + su -c -- $samhain_daemon_user $bindir/samhain -t check -D + # For sun + # su $samhain_daemon_user $bindir/samhain -t check -D + fi + else + echo "Can't execute ${bindir}/samhain" + fi + ;; + + + 'stop') + if test -x ${bindir}/samhain + then + if test -x /sbin/killproc + then + # alternatively use the command below, if you have 'killproc' + killproc -TERM ${bindir}/samhain + else + # Stop deamon - no PID file available, so search for the pid + SH_PID=`ps aux | grep samhain | grep -v grep | awk '{print $2}'` + kill ${SH_PID} + fi + fi + ;; + + *) + # usage + echo "usage: $0 start|stop" + exit 1 + ;; +esac Index: branches/samhain-2_2-branch/init/samhain.startFreeBSD.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startFreeBSD.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startFreeBSD.in (revision 66) @@ -0,0 +1,44 @@ +#!/bin/sh + +# PROVIDE: @install_name@ +# REQUIRE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="@install_name@" +rcvar=`set_rcvar` + +pidfile="@mylockfile@" + +# there are no required_files in general, +# as they might be downloaded from the server +# +# required_files="@myconffile@ @mydatafile@" + +extra_commands="reload" +stop_postcmd="remove_stale_files" + +command="@sbindir@/@install_name@" + +is_set() +{ + eval "[ -n \"\${$1+X}\" ]" +} + +remove_stale_files() +{ + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + /bin/rm -f @mylockdir@/${name}.sock +} + +load_rc_config "$name" + +if ! is_set ${rcvar}; then + eval "${rcvar}=YES" +fi + +run_rc_command "$1" + Index: branches/samhain-2_2-branch/init/samhain.startGentoo.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startGentoo.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startGentoo.in (revision 66) @@ -0,0 +1,31 @@ +#!/sbin/runscript + +opts="depend start stop reload" + +depend() { + need clock hostname logger +} + +start() { + ebegin "Starting @install_name@" + /sbin/start-stop-daemon --start --quiet --exec @sbindir@/@install_name@ + eend $? + @sh_insmod_cmd@ +} + +stop() { + ebegin "Stopping @install_name@" + /sbin/start-stop-daemon --stop --quiet --retry 15 --exec @sbindir@/@install_name@ + rm -f @mylockfile@ + eend $? +} + +reload() { + if [ ! -f @mylockfile@ ]; then + eerror "@install_name@ isn't running" + return 1 + fi + ebegin "Reloading configuration" + kill -HUP `cat @mylockfile@` &>/dev/null + eend $? +} Index: branches/samhain-2_2-branch/init/samhain.startHPUX.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startHPUX.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startHPUX.in (revision 66) @@ -0,0 +1,116 @@ +#!/sbin/sh + +# Allowed exit values +# +# 0 = success +# 1 = failure +# 2 = skip +# 3 = reboot (now) + +# stdin is redirected from /dev/null +# stderr, stdout are redirected to /etc/rc.log file (checklist mode) +# or console (raw mode) + +# /usr, /var, /opt my not be available until run state 2 + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +rval=0 + +DAEMON=@sbindir@/@install_name@ +NAME=@install_name@ + +run_the_command() { + if test -f /etc/rc.config + then + . /etc/rc.config + else + echo "ERROR: /etc/rc.config defaults file MISSING" + fi + if test "x${CONTROL_@install_name@}" = x0 + then + rval=2 + else + ${DAEMON} $1 2>/dev/null + ERRNUM=$? + if test x"$ERRNUM" != x0 + then + echo "EXIT CODE: ${ERRNUM}" + rval=1 + fi + fi +} + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + + +case "$1" in + 'start_msg') + echo "Starting the $NAME subsystem" + ;; + + 'stop_msg') + echo "Stopping the $NAME subsystem" + ;; + + 'start') + run_the_command start + exit $rval + ;; + + stop) + run_the_command stop + # + # Remove a stale lockfile, if found + # + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + /bin/rm -f @mylockdir@/${NAME}.sock + exit $rval + ;; + + restart) + run_the_command restart + exit $rval + ;; + + reload|force-reload) + run_the_command reload + exit $rval + ;; + + status) + ${DAEMON} status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + + *) + echo "Usage: @install_name@ {start_msg|stop_msg|start|stop|restart|reload|status}" + exit 1 + ;; +esac + +exit $rval Index: branches/samhain-2_2-branch/init/samhain.startIRIX.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startIRIX.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startIRIX.in (revision 66) @@ -0,0 +1,88 @@ +#! /bin/sh + + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +rval=0 + +DAEMON=@sbindir@/@install_name@ +NAME=@install_name@ + +if /sbin/chkconfig verbose; then + verbose=1 +else + verbose=0 +fi + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + +case "$1" in + + 'start') + test $verbose = 1 && echo "Starting $NAME" + $DAEMON start + rval=$? + exit $rval + ;; + + stop) + test $verbose = 1 && echo "Stopping $NAME" + $DAEMON stop + rval=$? + # + # Remove a stale lockfile, if found + # + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + exit $rval + ;; + + restart) + test $verbose = 1 && echo "Restarting $NAME" + $DAEMON restart + rval=$? + exit $rval + ;; + + reload|force-reload) + test $verbose = 1 && echo "Reloading $NAME" + $DAEMON reload + rval=$? + exit $rval + ;; + + status) + ${DAEMON} status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + + *) + echo "Usage: @install_name@ {start|stop|restart|reload}" + exit 1 + ;; +esac + +exit $rval Index: branches/samhain-2_2-branch/init/samhain.startLSB.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startLSB.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startLSB.in (revision 66) @@ -0,0 +1,127 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: @install_name@ +# Required-Start: $syslog $network +# Required-Stop: $syslog $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Keep an eye on stuff +# Description: Keep an eye on stuff +### END INIT INFO + + +# source function library +if test -f /lib/lsb/init-functions; then +. /lib/lsb/init-functions +else + echo "File /lib/lsb/init-functions not found" + exit 5 +fi + +prefix="@prefix@" +exec_prefix="@exec_prefix@" +DAEMON=@sbindir@/@install_name@ +NAME=@install_name@ + +if test ! -f ${DAEMON}; then + log_failure_msg "Service $NAME is not installed" + exit 5 +fi + +if test "x$2" != "x" && test "x$1" != "xstatus"; then + log_failure_msg "Excess arguments $@" + exit 2 +fi + +log_sh_msg () { +case "$1" in + 0) + log_success_msg "Service $NAME $2" + break; + ;; + 1) + log_failure_msg "Service $NAME: Error" + break; + ;; + 4) + log_failure_msg "Service $NAME: Permission denied" + break; + ;; + 5) + log_failure_msg "Service $NAME is not installed" + break; + ;; + 7) + log_failure_msg "Service $NAME is not running" + break; + ;; + *) + log_failure_msg "Service $NAME: Error" + break; + ;; +esac +} + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + +case "$1" in + start) + ${DAEMON} start + ERRNUM=$? + SH_ACT="started" + ;; + stop) + ${DAEMON} stop + ERRNUM=$? + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + if test -S @mylockdir@/${NAME}.sock; then + /bin/rm -f @mylockdir@/${NAME}.sock + fi + SH_ACT="stopped" + ;; + restart) + ${DAEMON} restart + ERRNUM=$? + SH_ACT="restarted" + ;; + reload|force-reload) + ${DAEMON} reload + ERRNUM=$? + SH_ACT="reloaded" + ;; + status) + ${DAEMON} status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + *) + log_warning_msg "Usage: @install_name@ {start|stop|restart|(force-)reload|status}" + exit 2 + ;; +esac + +log_sh_msg ${ERRNUM} "${SH_ACT}" +exit ${ERRNUM} Index: branches/samhain-2_2-branch/init/samhain.startLinux.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startLinux.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startLinux.in (revision 66) @@ -0,0 +1,303 @@ +#!/bin/bash +# chkconfig: 2345 99 10 +# description: File Integrity Checking Daemon +# +# processname: @install_name@ +# config : @myconffile@ +# logfile : @mylogfile@ +# database: @mydatafile@ +# + +# For Debian +# +FLAGS="defaults 99 10" + +NAME=@install_name@ +DAEMON=@sbindir@/@install_name@ +RETVAL=0 +VERBOSE=yes +PIDFILE=@mylockfile@ + +if [ -x $DAEMON ]; then + : +else + echo "${0}: executable ${DAEMON} not found" + exit 0 +fi + +# Sort out sourcing in the distribution specific library functions +# and the command to run them. +if [ -f /etc/redhat-release ]; then + . /etc/init.d/functions + DISTRO=redhat +elif [ -f /etc/mandrake-release ]; then + . /etc/init.d/functions + DISTRO=redhat +elif [ -f /etc/yellowdog-release ]; then + . /etc/init.d/functions + DISTRO=redhat +elif [ -f /etc/SuSE-release ]; then + . /etc/rc.config + . /etc/rc.status + # Determine the base and follow a runlevel link name. + base=${0##*/} + link=${base#*[SK][0-9][0-9]} + # Force execution if not called by a runlevel directory. + test $link = $base && START_@INSTALL_NAME@=yes + # Check whether START_@INSTALL_NAME@ is in /etc/rc.config + # If yes, abort unless its value is 'yes' + if test "x${START_@INSTALL_NAME@}" != "x"; then + test "${START_@INSTALL_NAME@}" = yes || exit 0 + fi + return=$rc_done + DISTRO=suse +elif [ -f /etc/debian_version ]; then + # . /etc/default/rcS + set -e + DISTRO=debian +elif [ -f /etc/slackware-version ]; then + # . /etc/rc.d/rc.sysvinit + DISTRO=generic +else + DISTRO=generic +fi + +debian_end() +{ + if [ $RETVAL -eq 0 ]; + then + echo "." + else + echo " failed." + fi +} + +# Generic function "a la Red Hat" +MOVE_TO_COL="echo -en \\033[60G" +SETCOLOR_SUCCESS="echo -en \\033[1;32m" +SETCOLOR_FAILURE="echo -en \\033[1;31m" +SETCOLOR_NORMAL="echo -en \\033[0;39m" + +echo_success() { + $MOVE_TO_COL + echo -n "[ " + $SETCOLOR_SUCCESS + echo -n "OK" + $SETCOLOR_NORMAL + echo -n " ]" + echo -ne "\r" + echo "" +} + +echo_failure() { + $MOVE_TO_COL + echo -n "[" + $SETCOLOR_FAILURE + echo -n "FAILED" + $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + echo "" +} + + +# echo OK in green if is success, FAILED in red is failed +generic_end() +{ + if [ $RETVAL -eq 0 ]; + then + echo_success + else + echo_failure + fi +} + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + ;; + 3) + echo "Service $NAME: Stopped"; + ;; + *) + echo "Service $NAME: Status unknown"; + ;; +esac +} + + +case "$1" in + start) + # + # Remove a stale PID file, if found + # + if test -f ${PIDFILE}; then + /bin/rm -f ${PIDFILE} + fi + # + case "$DISTRO" in + debian) + echo -n "Starting ${NAME}" + ( /sbin/start-stop-daemon --start --quiet --exec $DAEMON ) + RETVAL=$? + debian_end + ;; + redhat) + echo -n $"Starting ${NAME}: " + daemon $DAEMON + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/${NAME} + echo + ;; + suse) + echo -n "Starting service ${NAME}" + /sbin/startproc $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return=$rc_done + else + return=$rc_failed + fi + echo -e "$return" + ;; + *) + echo -n "Starting ${NAME} ... " + $DAEMON start + RETVAL=$? + generic_end + ;; + esac + # + # The hiding kernel module + # + if [ $RETVAL -eq 0 ]; then + @sh_insmod_cmd@ + fi + exit $RETVAL + ;; + + stop) + case "$DISTRO" in + debian) + echo -n "Stopping $NAME" + ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON ) + RETVAL=$? + debian_end + ;; + redhat) + echo -n $"Stopping ${NAME}: " + killproc ${NAME} + RETVAL=$? + rm -f /var/lock/subsys/${NAME} + echo + ;; + suse) + echo -n "Shutting down service ${NAME}" + /sbin/killproc -TERM $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return=$rc_done + else + return=$rc_failed + fi + echo -e "$return" + ;; + *) + if test x"$VERBOSE" != xno; then + echo -n "Stopping ${NAME} ... " + fi + $DAEMON stop + RETVAL=$? + generic_end + ;; + esac + # + # Remove a stale PID file, if found + # + if test -f ${PIDFILE}; then + /bin/rm -f ${PIDFILE} + fi + if test -S @mylockdir@/${NAME}.sock; then + /bin/rm -f @mylockdir@/${NAME}.sock + fi + ;; + + restart) + $0 stop + sleep 3 + $0 start + RETVAL=$? + ;; + + reload|force-reload) + case "$DISTRO" in + debian) + echo -n "Reloading $NAME configuration files" + ( /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON ) + RETVAL=$? + debian_end + ;; + redhat) + echo -n $"Reloading ${NAME} configuration: " + killproc ${NAME} -HUP + RETVAL=$? + echo + ;; + suse) + echo -n "Reload service ${NAME}" + /sbin/killproc -HUP $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return=$rc_done + else + return=$rc_failed + fi + echo -e "$return" + ;; + *) + echo -n "Reloading ${NAME} ... " + $DAEMON reload + RETVAL=$? + generic_end + ;; + esac + ;; + + status) + case "$DISTRO" in + redhat) + status ${NAME} + exit $? + ;; + suse) + echo -n "Checking for service ${NAME}: " + /sbin/checkproc $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return="OK" + else + return="No process" + fi + echo "$return" + exit $RETVAL + ;; + *) + $DAEMON status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + esac + ;; + + *) + echo "$0 usage: {start|stop|status|restart|reload}" + exit 1 + ;; +esac + +exit $RETVAL Index: branches/samhain-2_2-branch/init/samhain.startSolaris.in =================================================================== --- branches/samhain-2_2-branch/init/samhain.startSolaris.in (revision 66) +++ branches/samhain-2_2-branch/init/samhain.startSolaris.in (revision 66) @@ -0,0 +1,80 @@ +#!/bin/sh + +SBINDIR=@sbindir@ +NAME=@install_name@ + +if [ ! -f ${SBINDIR}/${NAME} ]; then + exit 0 +fi + + +log_stat_msg() { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + + +case "$1" in + start) + echo "${NAME} starting." + ;; + stop) + echo "${NAME} stopping." + ;; + restart) + echo "${NAME} restarting." + ;; + reload|force-reload) + echo "${NAME} reloading." + ;; + status) + ${SBINDIR}/${NAME} $1 + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status}" + exit 1 + ;; +esac + +${SBINDIR}/${NAME} $1 + +status=$? + + +if [ $status != 0 ]; then + echo $status + exit 1 +fi + +case "$1" in + stop) + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + /bin/rm -f @mylockdir@/${NAME}.sock + ;; + *) + exit 0 + ;; +esac + +exit 0 Index: branches/samhain-2_2-branch/install-sh =================================================================== --- branches/samhain-2_2-branch/install-sh (revision 66) +++ branches/samhain-2_2-branch/install-sh (revision 66) @@ -0,0 +1,250 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 Index: branches/samhain-2_2-branch/man/samhain.8 =================================================================== --- branches/samhain-2_2-branch/man/samhain.8 (revision 66) +++ branches/samhain-2_2-branch/man/samhain.8 (revision 66) @@ -0,0 +1,808 @@ +.TH SAMHAIN 8 "07 August 2004" "" "Samhain manual" +.SH NAME +samhain \- check file integrity +.SH SYNOPSIS +.SS "INITIALIZING, UPDATING, AND CHECKING" +.PP + +.B samhain +{ +.I \-t init|\-\-set\-checksum\-test=init +} [\-\-init2stdout] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] + +.B samhain +{ +.I \-t update|\-\-set\-checksum\-test=update +} [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] + +.B samhain +{ +.I \-t check|\-\-set\-checksum\-test=check +} [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH,\-\-recursion=DEPTH] [log-options] + +.SS "LISTING THE DATABASE" +.PP + +.B samhain +[\-a | \-\-full\-detail] +[\-\-delimited] +\-d +.IR file | +.RI \-\-list\-database= file + +.SS "VERIFYING AN AUDIT TRAIL" +.PP + +.B samhain +[\-j | \-\-just\-list] +\-L +.IR logfile | +.RI \-\-verify\-log= logfile + +.B samhain +\-M +.IR mailbox | +.RI \-\-verify\-mail= mailbox + + +.SS "MISCELLANEOUS" +.PP + +.B samhain +.RI \-\-server\-port= portnumber + +.B samhain +\-H +.I string +| +.RI \-\-hash\-string= string + +.B samhain +\-c | \-\-copyright + +.B samhain +\-h | \-\-help + +.B samhain +\-V key@/path/to/executable | \-\-add\-key=key@/path/to/executable + +.SS "SERVER STARTUP" +.PP + +.B yule +[\-q | \-\-qualified] +[ +.RI \-\-chroot= chrootdir ] +[\-D | \-\-daemon | \-\-foreground] +[log-options] + +.SS "SERVER MISCELLANEOUS" +.PP + +.B yule +[\-P +.I password +| +.RI \-\-password= password ] + +.B yule +[\-G | \-\-gen-password] + +.SS "LOG OPTIONS" +.PP + +[\-s +.I threshold +| +.RI \-\-set\-syslog\-severity= threshold ] +[\-l +.I threshold +| +.RI \-\-set\-log\-severity= threshold ] +[\-m +.I threshold +| +.RI \-\-set\-mail\-severity= threshold ] +[\-e +.I threshold +| +.RI \-\-set\-export\-severity= threshold ] +[\-p +.I threshold +| +.RI \-\-set\-print\-severity= threshold ] +[\-x +.I threshold +| +.RI \-\-set\-external\-severity= threshold ] +[ +.RI \-\-set\-prelude\-severity= threshold ] +[ +.RI \-\-set\-database\-severity= threshold ] +[ +.RI \-\-enable\-trace ] +[ +.RI \-\-trace\-logfile= tracefile ] + + + +.SH WARNING +.PP +The information in this man page is not always up to date. +The authoritative documentation is the user manual. + +.SH DESCRIPTION +.PP +.B samhain +is a file integrity / intrusion detection system both for single hosts +and networks. +It consists of a monitoring application +.RB ( samhain ) +running on +individual hosts, and (optionally) a central log server +.RB ( yule ). +Currently, samhain can monitor the +integrity of files/directories, and (optionally) also +check for kernel rootkits +(Linux and FreeBSD only), search the disk for SUID/SGID, +and watch for login/logout events. +.PP +.B samhain/yule +can log by email, to a tamper-resistant, signed log file, +to syslog, to the Prelude IDS, to a MySQL/PostgreSQL/Oracle database, +and/or to stdout +.RI ( /dev/console +if run as daemon). +.B samhain/yule +can run as a daemon, and can use a time server instead of the host's +system clock. Most of the functionality is defined by a +configuration file that is read at startup. +.PP +Most options of these usually would be set in the configuration file. +Options given on the command line will override +those in the configuration file. + +.SS "OPTIONS FOR INITIALIZING, UPDATING, AND CHECKING" +.PP + +.B samhain +.I "\-t init, \-\-set\-checksum-test=init" +.RI [ options ] + +Initialize the database of file signatures. The path to the +database is compiled in, and initializing will +.B append +to the respective file (or create it, if it does not exist). +.B "It is ok to append to e.g. a JPEG image, but it is an error" +.B "to append to an already existing file signature database." +.PP +.TP +[\-\-init2stdout] +Write the database to stdout. +.TP +[\-r DEPTH|\-\-recursion=DEPTH] +Set the (global) recursion depth. + +.PP +.B samhain +.I "\-t update, \-\-set\-checksum-test=update" +.RI [ options ] + +Update the database of file signatures. The path to the +database is compiled in, and updating will +.B overwrite +the database, starting from the start of the database (which may not be +identical to the start of the file \- see above). +.PP +.TP +[\-r DEPTH|\-\-recursion=DEPTH] +Set the (global) recursion depth. +.TP +[\-D|\-\-daemon] +Run as daemon. File checks are performed as specified by the timing +options in the configuration file. Updates are saved after each file check. +.TP +[\-\-foreground] +Run in the foreground. This will cause samhain to exit after the update, +unless the option +.I "\-\-forever" +is used. +.TP +[\-\-forever] +If not running as daemon, do not exit after finishing the update, but +loop forever, and perform checks with corresponding database updates +according to the timing options in the +configuration file. + +.PP +.B samhain +.I "\-t check, \-\-set\-checksum-test=check" +.RI [ options ] + +Check the filesystem against the database of file signatures. +The path to the database is compiled in. +.PP +.TP +[\-r DEPTH|\-\-recursion=DEPTH] +Set the (global) recursion depth. +.TP +[\-D|\-\-daemon] +Run as daemon. File checks are performed as specified by the timing +options in the configuration file. +.TP +[\-\-foreground] +Run in the foreground. This will cause samhain to exit after the file check, +unless the option +.I "\-\-forever" +is used. +.TP +[\-\-forever] +If not running as daemon, do not exit after finishing the check, but +loop forever, and perform checks according to the timing options in the +configuration file. + +.SS "OPTIONS FOR LISTING THE DATABASE" +.PP + +.B samhain +[\-a | \-\-full\-detail] +[\-\-delimited] +\-d +.IR file | +.RI \-\-list\-database= file + +List the entries in the file signature database in a +.B ls \-l +like format. +.PP +.TP +[\-a | \-\-full\-detail] +List all informations for each file, not only those you would get +with ls \-l. +.TP +[\-\-delimited] +List all informations for each file, in a comma-separated format. + +.SS "OPTIONS TO VERIFY AN AUDIT TRAIL" +.PP + +These options will only work, if the executable used for verifying the +audit trail is compiled with the same \-\-enable\-base=... option as the +executable of the reporting process. + +.B samhain +[\-j | \-\-just\-list] +\-L +.IR logfile | +.RI \-\-verify\-log= logfile + +Verify the integrity of a signed logfile. The signing key is +auto\-generated on startup, and sent by email. +.B samhain +will ask for the key. Instead of entering the key, you can also enter +the path to the mailbox holding the respective email message. +.PP +.TP +[\-j | \-\-just\-list] +Just list the logfile, do not verify it. This option must come +.BR first . +It is mainly intended for listing the content of an obfuscated logfile, if +.B samhain +is compiled with the +.B stealth +option. + +.B samhain +\-M +.IR mailbox | +.RI \-\-verify\-mail= mailbox + +Verify the integrity of the email reports from samhain. All reports must be +in the same file. + +.SS "MISCELLANEOUS OPTIONS" +.PP + +.B samhain +.RI \-\-server\-port= portnumber + +Choose the port on the server host to which the client will connect. + +.B samhain +\-H +.I string +| +.RI \-\-hash\-string= string + +Compute the TIGER192 checksum of a string. If the string starts with +a '/', it is considered as a pathname, and the checksum of the corresponding +file will be computed. + +.B samhain +\-c | \-\-copyright + +Print the copyright statement. + +.B samhain +\-h | \-\-help + +Print supported options (depending on compilation options). + +.B samhain +\-V key@/path/to/executable | \-\-add\-key=key@/path/to/executable + +See the section "SECURITY" below. + +.SS "SERVER STARTUP OPTIONS" +.PP + +.B yule +[\-q | \-\-qualified] +[ +.RI \-\-chroot= chrootdir ] +[\-D | \-\-daemon | \-\-foreground] +[log-options] + +Start the server, which is named +.B yule +by default. If the server is started with superuser privileges, +it will drop them after startup. +.PP +.TP +[\-q | \-\-qualified] +Log client hostnames with fully qualified path. The default is to +log only the leftmost domain label (i.e. the hostname). +.TP +[ +.RI \-\-chroot= chrootdir ] +Chroot to the listed directory after startup. +.TP +[\-D | \-\-daemon] +Run as daemon. +.TP +[\-\-foreground] +Run in the foreground. + + +.SS "MISCELLANEOUS SERVER OPTIONS" +.PP + +.B yule +[\-G | \-\-gen-password] + +Generate a random 8\-byte password and print it out in hexadecimal notation. + + +.B yule +[\-P +.I password +| +.RI \-\-password= password ] + +Use the given +.I password +and generate an entry suitable for the [Clients] section of the +configuration file. + +.SS "LOGGING OPTIONS" +.PP + +Depending on the compilation options, some logging facilities may not +be available in your executable. +.PP +.TP +.I "\-s threshold, \-\-set\-syslog\-severity=threshold" +Set the threshold for logging events via syslogd(8). +Possible values are +.IR debug , +.IR info , +.IR notice , +.IR warn , +.IR mark , +.IR err , +.IR crit , +.IR alert , +and +.IR none . +By default, everything equal to and above the threshold will be logged. +Time stamps have the priority +.IR warn , +system\-level errors have the priority +.IR err , +and important start\-up messages the priority +.IR alert . +The signature key for the log file will never be logged to syslog or the +log file itself. +.TP +.I "\-l threshold, \-\-set\-log\-severity=threshold" +Set the threshold for logging events to the log file. +.TP +.I "\-m threshold, \-\-set\-mail\-severity=threshold" +Set the threshold for logging events via e\-mail. +.TP +.I "\-e threshold, \-\-set\-export\-severity=threshold" +Set the threshold for forwarding events via TCP to a log server. +.TP +.I "\-x threshold, \-\-set\-extern\-severity=threshold" +Set the threshold for calling external logging programs/scripts (if any are +defined in the configuration file). +.TP +.I "\-p threshold, \-\-set\-print\-severity=threshold" +Set the threshold for logging events to stdout. +If +.B samhain +runs as a daemon, this is redirected to /dev/console. +.TP +.I "\-\-set\-prelude\-severity=threshold" +Set the threshold for logging events to the Prelude IDS. +.TP +.I "\-\-set\-database\-severity=threshold" +Set the threshold for logging events to the MySQL/PostgreSQL/Oracle +database. + + + +.SH SIGNALS +.TP +.I SIGUSR1 +Switch on/off maximum verbosity for console output. +.TP +.I SIGUSR2 +Suspend/continue the process, and +(on suspend) send a message +to the server. This message has the same priority as timestamps. +This signal +allows to run +.I samhain -t init -e none +on the client +to regenerate the database, with download of the configuration file +from the server, while the daemon is suspended (normally you would get +errors because of concurrent access to the server by two processes from +the +.IR "same host" ")." +.TP +.I SIGHUP +Reread the configuration file. +.TP +.I SIGTERM +Terminate. +.TP +.I SIGQUIT +Terminate after processing all pending requests from clients. +.TP +.I SIGABRT +Unlock the log file, pause for three seconds, then proceed, +eventually re-locking the log file and starting a fresh audit trail +on next access. +.TP +.I SIGTTOU +Force a file check (only client/standalone, and only in daemon mode). + + +.SH DATABASE +The database (default name +.IR samhain_file ) +is a binary file, which can be created or updated using the +.B \-t +.I init +or the +.B \-t +.I update +option. +If you use +.B \-t +.IR init , +you need to +.I remove +the old database first, +otherwise the new version will be +.I appended +to the old one. +The file may be (clear text) signed by PGP/GnuPG. +.br +It is recommended to use GnuPG with the options +.B gpg +.I -a --clearsign --not-dash-escaped +.br +.B samhain +will check the signature, if compiled with support for that. +.PP +At startup +.B samhain +will compute the checksum of the database, and verify it for +each further access. This checksum is not stored on disk (i.e. is lost +after program termination), as there is no secure way to store it. + +.SH LOG FILE +.PP +Each entry in the log file has the format +.BR "Severity : [Timestamp] Message" , +where the timestamp may be obtained from a time server rather than from +the system clock, if +.B samhain +has been compiled with support for this. +Each entry is followed by a +.IR signature , +which is computed as +.BR "Hash(Entry Key_N)" , +and +.B Key_N +is computed as +.BR "Hash(Key_N\-1)" , +i.e. only knowledge of the first signature key in this chain allows to +verify the integrity of the log file. This first key is autogenerated +and e\-mailed to the designated recipient. +.PP +The default name of the log file is +.IR samhain_log . +To prevent multiple instances of +.B samhain +from writing to the same log file, the log file is locked by creating a +.IR "lock file" , +which is normally deleted at program termination. +The default name of the +.I "lock file" +is +.IR samhain.lock . +If +.B samhain +is terminated abnormally, i.e. with kill \-9, +a stale lock file might remain, but usually +.B samhain +will be able to recognize that and remove the stale lock file +on the next startup. +.PP +.SH EMAIL +.PP +E\-mails are sent (using built-in SMTP code) +to one recipient only. +The subject line contains timestamp +and hostname, which are repeated in the message body. +The body of the mail contains a line with a +.I signature +similar to that in the log file, computed from the message and a +key. The key is iterated by a hash chain, and the initial +key is revealed in the first email sent. +Obviously, you have to believe that this first e\-mail is +authentical ... +.PP +.SH CLIENT/SERVER USAGE +.PP +To monitor several machines, and collecting data by a central log server, +.B samhain +may be compiled as a client/server application. The log server +.RB ( yule ) +will accept connection +requests from registered clients only. With each client, the server will first +engage in a challenge/response protocol for +.I authentication +of the client and +.I establishing +a +.IR "session key" . +.PP +This protocol requires on the client side a +.IR "password" , +and on the server side a +.IR "verifier" +that is computed from the +.IR "password" . +.PP +To +.I register +a client, simply do the following: +.br +First, with the included utility program +.B samhain_setpwd +re\-set the compiled\-in default password of the +client executable to your preferred +value (with no option, a short usage help is printed). +To allow for non-printable chars, the new value +must be given as a 16\-digit hexadecimal string +(only 0123456789ABCDEF in string), corresponding to an 8-byte password. +.br +Second, after re\-setting the password in the client executable, +you can use the server's convenience function +.B yule +.B \-P +.I password +that will take as input the (16\-digit hex) password, +compute the corresponding verifier, and outputs a default configuration file +entry to register the client. +.br +Third, in the configuration file for the server, under the [Clients] section, +enter +the suggested registration entry of the form +.IR "Client=hostname@salt@verifier" , +where +.I hostname +must be the (fully qualified) hostname of the machine on +which the client will run. +.B "Don't forget to reload the server configuration thereafter." +.PP +If a connection attempt is made, the server will lookup the entry for +the connecting host, and use the corresponding value for the +.I verifier +to engage in the session key exchange. Failure to verify the client's +response(s) will result in aborting the connection. +.PP +.SH STEALTH +.PP +.B samhain +may be compiled with support for a +.I stealth +mode of operation, meaning that +the program can be run without any obvious trace of its presence +on disk. The supplied facilities are simple - they are more +sophisticated than just running the program under a different name, +and might thwart efforts using 'standard' Unix commands, +but they will not resist a search using dedicated utilities. +.PP +In this mode, the runtime executable will hold no +printable strings, and the configuration file is expected to be +a postscript file with +.I uncompressed +image data, wherein +the configuration data are hidden by steganography. +To create such a file from an existing image, you may use e.g. +the program +.BR convert (1), +which is part of the +.BR ImageMagick (1) +package, such as: +.B "convert +compress" +.IR "ima.jpg ima.ps" . +.PP +To hide/extract the configuration data within/from the postscript file, +a utility program +.B samhain_stealth +is provided. +Use it without options to get help. +.PP +Database and log file may be e.g. existing image files, to which +data are appended, xor'ed with some constant to mask them as binary data. +.PP +The user is responsible by herself for re-naming the compiled +executable(s) to unsuspicious names, and choosing (at compile time) +likewise unsuspicious names for config file, database, and log (+lock) file. +.PP +.SH SECURITY +.PP +For security reasons, +.B samhain +will not write log or data files in a directory, remove the lock file, +or read the configuration file, if any element +in the path is owned or writeable by an untrusted user (including +group-writeable files with untrusted users in the group, and world-writeable +files). +.br +.I root +and the +.I effective +user are always trusted. You can add more users in the configuration file. +.PP +Using a +.I "numerical host address" +in the e\-mail address is more secure than +using the hostname (does not require +DNS lookup). +.PP +If you use a +.I precompiled +.B samhain +executable (e.g. from a +binary distribution), in principle a prospective intruder could easily +obtain a copy of the executable and analyze it in advance. This will +enable her/him to generate fake audit trails and/or generate +a trojan for this particular binary distribution. +.br +For this reason, it is possible for the user to add more key material into +the binary executable. This is done with the command: +.PP +.BI "samhain " \-\-add\-key=key@/path/to/executable +.PP +This will read the file +.I /path/to/executable, add the key +.I key, +which should not contain a '@' (because it has a special meaning, separating +key from path), overwrite any key previously set by this command, and +write the new binary to the location +.I /path/to/executable.out +(i.e. with .out appended). You should then copy the new binary to the location +of the old one (i.e. overwrite the old one). +.PP +.B Note that using a precompiled samhain executable from a binary +.B package distribution is not recommended unless you add in key material as +.B described here. + +.PP +.SH NOTES +.PP +For initializing the key(s), +.I "/dev/random" +is used, if available. This is a +device supplying cryptographically strong +(non-deterministic) random noise. Because it is slow, +.B samhain +might appear to hang at startup. Doing some random things +(performing rain dances, spilling coffee, hunting the mouse) might speed up +things. If you do not have +.IR "/dev/random" , +lots of statistics from +.BR vmstat (8) +and the like will be pooled and mixed by a hash function. +.PP +Some hosts might check whether the sender of the mail is valid. +Use only +.I "login names" +for the sender. +.br +For sending mails, you may need to set a relay host for the sender domain +in the configuration file. +.PP +.SH BUGS +.PP +Whoever has the original signature key may change the log file and send fake +e\-mails. The signature keys are e\-mailed at program startup +with a one\-time pad encryption. +This should be safe against an eavesdropper on the network, +but not against someone with read access to the binary, +.I if +she has caught +the e\-mail. +.PP +.SH FILES +.PP +.I /etc/samhainrc +.br +.I /usr/local/man/man8/samhain.8 +.br +.I /usr/local/man/man5/samhainrc.5 +.br +.I /var/log/samhain_log +.br +.I /var/lib/samhain/samhain_file +.br +.I /var/lib/samhain/samhain.html +.br +.I /var/run/samhain.pid + +.SH SEE ALSO +.PP +.BR samhainrc (5) + +.SH AUTHOR +.PP +Rainer Wichmann (http://la\-samhna.de) +.SH BUG REPORTS +.PP +If you find a bug in +.BR samhain , +please send electronic mail to +.IR support@la\-samhna.de . +Please include your operating system and its revision, the version of +.BR samhain , +what C compiler you used to compile it, your 'configure' options, and +any information that you deem helpful. +.PP +.SH COPYING PERMISSIONS +.PP +Copyright (\(co) 1999, 2004 Rainer Wichmann +.PP +Permission is granted to make and distribute verbatim copies of +this manual page provided the copyright notice and this permission +notice are preserved on all copies. +.ig +Permission is granted to process this file through troff and print the +results, provided the printed document carries copying permission +notice identical to this one except for the removal of this paragraph +(this paragraph not being relevant to the printed manual page). +.. +.PP +Permission is granted to copy and distribute modified versions of this +manual page under the conditions for verbatim copying, provided that +the entire resulting derived work is distributed under the terms of a +permission notice identical to this one. + + + Index: branches/samhain-2_2-branch/man/samhainrc.5 =================================================================== --- branches/samhain-2_2-branch/man/samhainrc.5 (revision 66) +++ branches/samhain-2_2-branch/man/samhainrc.5 (revision 66) @@ -0,0 +1,693 @@ +.TH SAMHAINRC 5 "Jul 29, 2004" "" "samhainrc manual" +.SH NAME +samhainrc \- samhain(8) configuration file + +.SH WARNING +.PP +The information in this man page is not always up to date. +The authoritative documentation is the user manual. + +.SH DESCRIPTION +.PP +The configuration file for +.BR samhain (8) +is named +.I samhainrc +and located in +.I /etc +by default. +.PP +It contains several sections, indicated by headings in square brackets. +Each section may hold zero or more +.BI key= value +pairs. Blank lines and lines starting with '#' are comments. +Everything before the first section and after an +.I "[EOF]" +is ignored. The file may be (clear text) signed by PGP/GnuPG, and +.B samhain +may invoke GnuPG to check the signature +if compiled with support for it. +.PP +Conditional inclusion of entries for some host(s) is +supported via any number of +.BI @ hostname /@ end +directives. +.BI @ hostname +and +.BI @ end +must each be on separate lines. Lines in between will only be +read if +.I "hostname" +(which may be a regular expression) matches the local host. +.PP +Likewise, conditional inclusion of entries based on system type is +supported via any number of +.BI $ sysname:release:machine /$ end +directives. +.br +.I "sysname:release:machine" +can be inferred from +.I "uname -srm" +and may be a regular expression. +.PP +Filenames/directories to check may be wildcard patterns. +.PP +Options given on the command line will override +those in the configuration file. +The recognized sections in the configuration file are as follows: +.PP +Boolean options can be set with any of 1|true|yes or 0|false|no. +.TP +.I "[ReadOnly]" +This section may contain +.br +.BI file= PATH +and +.br +.BI dir= [depth]PATH +entries for files and directories to check. All modifications except access +times will be reported for these files. +.I [depth] (use without brackets) +is an optional parameter to define a per\-directory recursion +depth. +.TP +.I "[LogFiles]" +As above, but modifications of timestamps, file size, and signature will +be ignored. +.TP +.I "[GrowingLogFiles]" +As above, but modifications of file size will only be ignored if the size has +.IR increased . +.TP +.I "[Attributes]" +As above, but only modifications of ownership and access permissions +will be checked. +.TP +.I "[IgnoreAll]" +As above, but report no modifications for +these files/directories. Access failures +will still be reported. +.TP +.I "[IgnoreNone]" +As above, but report all modifications for these files/directories, +including access time. +.TP +.I "[User0]" +.TP +.I "[User1]" +.TP +.I "[User2]" +.TP +.I "[User3]" +.TP +.I "[User4]" +These are reserved for user-defined policies. +.TP +.I "[Prelink]" +For prelinked executables / libraries or directories holding them. +.TP +.I "[Log]" +This section defines the filtering rules for logging. +It may contain the following entries: +.br +.BI MailSeverity= val +where the threshold value +.I val +may be one of +.IR debug , +.IR info , +.IR notice , +.IR warn , +.IR mark , +.IR err , +.IR crit , +.IR alert , +or +.IR none . +By default, everything equal to and above the threshold will be logged. +The specifiers +.IR * , +.IR ! , +and +.I = +are interpreted as 'all', 'all but', and 'only', respectively (like +in the Linux version of syslogd(8)). +Time stamps have the priority +.IR warn , +system\-level errors have the priority +.IR err , +and important start\-up messages the priority +.IR alert . +The signature key for the log file will never be logged to syslog or the +log file itself. +For failures to verify file integrity, error levels are defined +in the next section. +.br +.BI PrintSeverity= val, +.br +.BI LogSeverity= val, +.br +.BI ExportSeverity= val, +.br +.BI ExternalSeverity= val, +.br +.BI PreludeSeverity= val, +.br +.BI DatabaseSeverity= val, +and +.br +.BI SyslogSeverity= val +set the thresholds for logging via stdout (or +.IR /dev/console ), +log file, TCP forwarding, calling external programs, +and +.BR syslog (3). +.TP +.I "[EventSeverity]" +.BI SeverityReadOnly= val, +.br +.BI SeverityLogFiles= val, +.br +.BI SeverityGrowingLogs= val, +.br +.BI SeverityIgnoreNone= val, +.br +.BI SeverityIgnoreAll= val, +.br +.BI SeverityPrelink= val, +.br +.BI SeverityUser0= val, +.br +.BI SeverityUser1= val, +.br +.BI SeverityUser2= val, +.br +.BI SeverityUser3= val, +and +.br +.BI SeverityUser4= val +define the error levels for failures to verify the integrity of +files/directories of the respective types. I.e. if such a file shows +unexpected modifications, an error of level +.I val +will be generated, and logged to all facilities with a threshold of at least +.IR val . +.br +.BI SeverityFiles= val +sets the error level for file access problems, and +.br +.BI SeverityDirs= val +for directory access problems. +.br +.BI SeverityNames= val +sets the error level for obscure file names +(e.g. non\-printable characters), and for files +with invalid UIDs/GIDs. +.TP +.I "[External]" +.BI OpenCommand= path +Start the definition of an external logging program|script. +.br +.BI SetType= log|srv +Type/purpose of program (log for logging). +.br +.BI SetCommandline= list +Command line options. +.br +.BI SetEnviron= KEY=val +Environment for external program. +.br +.BI SetChecksum= val +Checksum of the external program (checked before invoking). +.br +.BI SetCredentials= username +User as who the program will run. +.br +.BI SetFilterNot= list +Words not allowed in message. +.br +.BI SetFilterAnd= list +Words required (ALL) in message. +.br +.BI SetFilterOr= list +Words required (at least one) in message. +.br +.BI SetDeadtime= seconds +Time between consecutive calls. +.TP +.I "[Utmp]" +Configuration for watching login/logout events. +.br +.BI LoginCheckActive= 0|1 +Switch off/on login/logout reporting. +.br +.BI LoginCheckInterval= val +Interval (seconds) between checks for login/logout events. +.br +.BI SeverityLogin= val +.br +.BI SeverityLoginMulti= val +.br +.BI SeverityLogout= val +Severity levels for logins, multiple logins +by same user, and logouts. +.TP +.I "[Kernel]" +Configuration for detecting kernel rootkits. +.br +.BI KernelCheckActive= 0|1 +Switch off/on checking of kernel syscalls to detect kernel module rootkits. +.br +.BI KernelCheckInterval= val +Interval (seconds) between checks. +.br +.BI SeverityKernel= val +Severity level for clobbered kernel syscalls. +.br +.BI KernelCheckIDT= 0|1 +Whether to check the interrrupt descriptor table. +.br +.BI KernelSystemCall= address +The address of system_call (grep system_call System.map). +Required after a kernel update. +.br +.BI KernelProcRoot= address +The address of proc_root (grep ' proc_root$' System.map). +Required after a kernel update. +.br +.BI KernelProcRootIops= address +The address of proc_root_inode_operations +(grep proc_root_inode_operations System.map). +Required after a kernel update. +.br +.BI KernelProcRootLookup= address +The address of proc_root_lookup (grep proc_root_lookup System.map). +Required after a kernel update. +.TP +.I "[SuidCheck]" +Settings for finding SUID/SGID files on disk. +.br +.BI SuidCheckActive= 0|1 +Switch off/on the check. +.br +.BI SuidCheckExclude= path + A directory (and its subdirectories) + to exclude from the check. Only one directory can be specified this way. +.br +.BI SuidCheckSchedule= schedule +Crontab-like schedule for checks. +.br +.BI SeveritySuidCheck= severity +Severity for events. +.br +.BI SuidCheckFps= fps +Limit files per seconds for SUID check. +.TP +.I "[Database]" +Settings for +.I logging +to a database. +.br +.BI SetDBHost= db_host +Host where the DB server runs (default: localhost). +Should be a numeric IP address for PostgreSQL. +.br +.BI SetDBName= db_name +Name of the database (default: samhain). +.br +.BI SetDBTable= db_table +Name of the database table (default: log). +.br +.BI SetDBUser= db_user +Connect as this user (default: samhain). +.br +.BI SetDBPassword= db_password +Use this password (default: none). +.br +.BI SetDBServerTstamp= true|false +Log server timestamp for client messages (default: true). +.br +.BI UsePersistent= true|false +Use a persistent connection (default: true). +.TP +.I "[Misc]" +.BI Daemon= no|yes +Detach from controlling terminal to become a daemon. +.br +.BI MessageHeader= format +Costom format for message header. Replacements: +.I %F +source file name, +.I %L +source file line, +.I %S +severity, +.I %T +timestamp, +.I %C +message class. +.br +.BI VersionString= string +Set version string to include in file signature database +(along with hostname and date). +.br +.BI SetReverseLookup= true|false +If false, skip reverse lookups when connecting to a host known by name +rather than IP address. +.br +.BI HideSetup= yes|no +Don't log name of config/database files on startup. +.br +.BI SyslogFacility= facility +Set the syslog facility to use. Default is LOG_AUTHPRIV. +.br +.BI MACType= HASH-TIGER|HMAC-TIGER +Set type of message authentication code (HMAC). +Must be identical on client and server. +.br +.BI SetLoopTime= val +Defines the interval (in seconds) for timestamps. +.br +.BI SetConsole= device +Set the console device (default /dev/console). +.br +.BI MessageQueueActive= 1|0 +Whether to use a SysV IPC message queue. +.br +.BI PreludeMapToInfo= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I info +in prelude. +.br +.BI PreludeMapToLow= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I low +in prelude. +.br +.BI PreludeMapToMedium= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I medium +in prelude. +.br +.BI PreludeMapToHigh= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I high +in prelude. +.br +.BI SetMailTime= val +defines the maximum interval (in seconds) between succesive e\-mail reports. +Mail might be empty if there are no events to report. +.br +.BI SetMailNum= val +defines the maximum number of messages that are stored before e\-mailing them. +Messages of highest priority are always sent immediately. +.br +.BI SetMailAddress= username @ host +sets the recipient address for mailing. +.I "No aliases should be used." +For security, you should prefer a numerical host address. +.br +.BI SetMailRelay= server +sets the hostname for the mail relay server (if you need one). +If no relay server is given, mail is sent directly to the host given in the +mail address, otherwise it is sent to the relay server, who should +forward it to the given address. +.br +.BI SetMailSubject= val +defines a custom format for the subject of an email message. +.br +.BI SetMailSender= val +defines the sender for the 'From:' field of a message. +.br +.BI SetMailFilterAnd= list +defines a list of strings all of which must match a message, otherwise +it will not be mailed. +.br +.BI SetMailFilterOr= list +defines a list of strings at least one of which must match a message, otherwise +it will not be mailed. +.br +.BI SetMailFilterNot= list +defines a list of strings none of which should match a message, otherwise +it will not be mailed. +.br +.BI SamhainPath= /path/to/binary +sets the path to the samhain binary. If set, samhain will checksum +its own binary both on startup and termination, and compare both. +.br +.BI SetBindAddress= IP_address +The IP address (i.e. interface on multi-interface box) to use +for outgoing connections. +.br +.BI SetTimeServer= server +sets the hostname for the time server. +.br +.BI TrustedUser= name|uid +Add a user to the set of trusted users (root and the effective user +are always trusted. You can add up to 7 more users). +.br +.BI SetLogfilePath= AUTO|/path +Path to logfile (AUTO to tack hostname on compiled-in path). +.br +.BI SetLockfilePath= AUTO|/path +Path to lockfile (AUTO to tack hostname on compiled-in path). +.TP +.B Standalone or client only +.br +.BI SetNiceLevel= -19..19 +Set scheduling priority during file check. +.br +.BI SetIOLimit= bps +Set IO limits (kilobytes per second) for file check. +.br +.BI SetFilecheckTime= val +Defines the interval (in seconds) between succesive file checks. +.br +.BI FileCheckScheduleOne= schedule +Crontab-like schedule for file checks. If used, +.I SetFilecheckTime +is ignored. +.br +.BI UseHardlinkCheck= yes|no +Compare number of hardlinks to number of subdirectories for directories. +.br +.BI HardlinkOffset= N:/path +Exception (use multiple times for multiple +exceptions). N is offset (actual - expected hardlinks) for /path. +.br +.BI AddOKChars= N1,N2,.. +List of additional acceptable characters (byte value(s)) for the check for +weird filenames. Nn may be hex (leading '0x': 0xNN), octal +(leading zero: 0NNN), or decimal. +Use +.I all +for all. +.br +.br +.BI IgnoreAdded= path_regex +Ignore if this file/directory is added/created. +.br +.BI IgnoreMissing= path_regex +Ignore if this file/directory is missing/deleted. +.br +.BI ReportOnlyOnce= yes|no +Report only once on a modified file (default yes). +.br +.BI ReportFullDetail= yes|no +Report in full detail on modified files (not only modified items). +.br +.BI UseLocalTime= yes|no +Report file timestamps in local time rather than GMT (default no). +Do not use this with Beltane. +.br +.BI ChecksumTest= {init|update|check|none} +defines whether to initialize/update the database or verify files against it. +If 'none', you should supply the required option on the command line. +.br +.BI SetPrelinkPath= path +Path of the prelink executable (default /usr/sbin/prelink). +.br +.BI SetPrelinkChecksum= checksum +TIGER192 checksum of the prelink executable (no default). +.br +.BI SetLogServer= server +sets the hostname for the log server. +.br +.BI SetServerPort= portnumber +sets the port on the server to connect to. +.br +.BI SetDatabasePath= AUTO|/path +Path to database (AUTO to tack hostname on compiled-in path). +.br +.BI DigestAlgo= SHA1|MD5 +Use SHA1 or MD5 instead of the TIGER checksum (default: TIGER192). +.br +.BI RedefReadOnly= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the ReadOnly policy. +Tests are: CHK (checksum), LNK (link), +HLN (hardlink), INO (inode), USR (user), GRP (group), MTM (mtime), +ATM (atime), CTM (ctime), SIZ (size), RDEV (device numbers) +and/or MOD (file mode). +.br +.BI RedefAttributes= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the Attributes policy. +.br +.BI RedefLogFiles= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the LogFiles policy. +.br +.BI RedefGrowingLogFiles= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the GrowingLogFiles policy. +.br +.BI RedefIgnoreAll= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the IgnoreAll policy. +.br +.BI RedefIgnoreNone= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the IgnoreNone policy. +.br +.BI RedefUser0= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User0 policy. +.br +.BI RedefUser1= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User1 policy. +.br +.BI RedefUser2= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User2 policy. +.br +.BI RedefUser3= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User3 policy. +.br +.BI RedefUser4= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User4 policy. +.TP +.B Server Only +.br +.BI SetUseSocket= yes|no +If unset, do not open the command socket. The default is no. +.br +.BI SetSocketAllowUid= UID +Which user can connect to the command socket. The default is 0 (root). +.br +.BI SetSocketPassword= password +Password (max. 14 chars, no '@') for password-based authentication on the +command socket (only if the OS does not support passing +credentials via sockets). +.br +.BI SetChrootDir= path +If set, chroot to this directory after startup. +.br +.BI SetStripDomain= yes|no +Whether to strip the domain from the client hostname when +logging client messages (default: yes). +.br +.BI SetClientFromAccept= true|false +If true, use client address as known to the communication layer. Else +(default) use client name as claimed by the client, try to verify against +the address known to the communication layer, and accept +(with a warning message) even if this fails. +.br +.BI UseClientSeverity= yes|no +Use the severity of client messages. +.br +.BI UseClientClass= yes|no +Use the class of client messages. +.br +.BI SetServerPort= number +The port that the server should use for listening (default is 49777). +.br +.BI SetServerInterface= IPaddress +The IP address (i.e. interface on multi-interface box) that the +server should use for listening (default is all). Use INADDR_ANY to reset +to all. +.br +.BI SeverityLookup= severity +Severity of the message on client address != socket peer. +.br +.BI UseSeparateLogs= true|false +If true, messages from different clients will be logged to separate +log files (the name of the client will be appended to the name of the main +log file to construct the logfile name). +.br +.BI SetClientTimeLimit= seconds +The maximum time between client messages. If exceeded, a warning will +be issued (the default is 86400 sec = 1 day). +.br +.BI SetUDPActive= yes|no +yule 1.2.8+: Also listen on 514/udp (syslog). + + +.TP +.I "[Clients]" +This section is only relevant if +.B samhain +is run as a log server for clients running on another (or the same) machine. +.br +.BI Client= hostname @ salt @ verifier +registers a client at host +.I hostname +(fully qualified hostname required) for access to the +log server. +Log entries from unregistered clients will not be accepted. +To generate a salt and a valid verifier, use the command +.B "samhain -P" +.IR "password" , +where +.I password +is the password of the client. A simple utility program +.B samhain_setpwd +is provided to re\-set the compiled\-in default password of the client +executable to a user\-defined +value. +.TP +.I "[EOF]" +An optional end marker. Everything below is ignored. + +.SH SEE ALSO +.PP +.BR samhain (8) + +.SH AUTHOR +.PP +Rainer Wichmann (http://la\-samhna.de) + +.SH BUG REPORTS +.PP +If you find a bug in +.BR samhain , +please send electronic mail to +.IR support@la\-samhna.de . +Please include your operating system and its revision, the version of +.BR samhain , +what C compiler you used to compile it, your 'configure' options, and +anything else you deem helpful. + +.SH COPYING PERMISSIONS +.PP +Copyright (\(co) 2000, 2004, 2005 Rainer Wichmann +.PP +Permission is granted to make and distribute verbatim copies of +this manual page provided the copyright notice and this permission +notice are preserved on all copies. +.ig +Permission is granted to process this file through troff and print the +results, provided the printed document carries copying permission +notice identical to this one except for the removal of this paragraph +(this paragraph not being relevant to the printed manual page). +.. +.PP +Permission is granted to copy and distribute modified versions of this +manual page under the conditions for verbatim copying, provided that +the entire resulting derived work is distributed under the terms of a +permission notice identical to this one. + Index: branches/samhain-2_2-branch/missing =================================================================== --- branches/samhain-2_2-branch/missing (revision 66) +++ branches/samhain-2_2-branch/missing (revision 66) @@ -0,0 +1,188 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. +# Copyright (C) 1996, 1997 Free Software Foundation, Inc. +# Franc,ois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +case "$1" in + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + yacc create \`y.tab.[ch]', if possible, from existing .[ch]" + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing - GNU libit 0.0" + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + + aclocal) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acinclude.m4' or \`configure.ac'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`configure.ac'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acconfig.h' or \`configure.ac'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER([^):]*:\([^)]*\)).*/\1/p' configure.ac` + if test -z "$files"; then + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^):]*\)).*/\1/p' configure.ac` + test -z "$files" || files="$files.in" + else + files=`echo "$files" | sed -e 's/:/ /g'` + fi + test -z "$files" && files="config.h.in" + touch $files + ;; + + automake) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`configure.ac'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print \ + | sed 's/^\(.*\).am$/touch \1.in/' \ + | sh + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if [ ! -f y.tab.h ]; then + echo >y.tab.h + fi + if [ ! -f y.tab.c ]; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if [ ! -f lex.yy.c ]; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` + fi + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequirements for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 Index: branches/samhain-2_2-branch/mkinstalldirs =================================================================== --- branches/samhain-2_2-branch/mkinstalldirs (revision 66) +++ branches/samhain-2_2-branch/mkinstalldirs (revision 66) @@ -0,0 +1,40 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +# $Id: mkinstalldirs,v 1.10 1996/05/03 07:37:52 friedman Exp $ + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here Index: branches/samhain-2_2-branch/rules.deb-light.in =================================================================== --- branches/samhain-2_2-branch/rules.deb-light.in (revision 66) +++ branches/samhain-2_2-branch/rules.deb-light.in (revision 66) @@ -0,0 +1,95 @@ +#!/usr/bin/make -f +# Samhain debian/rules +# GNU copyright 20001 to 2003 by Javier Fernandez-Sanguino +# based on +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. +# Modified to use mydefargs by Rainer Wichmann. +# + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=1 + +package=@install_name@ + +# CAVEAT: including the --enable-base= option is for packages to be +# distributed INTERNALLY on your network, NOT for packages +# to be distributed to THIRD PARTIES + +build: build-stamp +build-stamp: + dh_testdir + @top_srcdir@/configure @mydefargs@ + $(MAKE) + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + -[ -f Makefile ] && $(MAKE) distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install-light install-boot DESTDIR=`pwd`/debian/tmp + + # However, remove the rc.d links + -rm -rf `pwd`/debian/tmp/etc/rc?.d + + # Remove samhain_stealth for light install + -rm -f `pwd`/debian/tmp/@sbindir@/@install_name@_stealth + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdebconf + # dh_installdocs + dh_installmenu + dh_installinit -- defaults 19 + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + # dh_installmanpages + # dh_installchangelogs @top_srcdir@/docs/Changelog + dh_link + # dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + + +define checkdir + test -f debian/rules +endef + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install + Index: branches/samhain-2_2-branch/rules.deb.in =================================================================== --- branches/samhain-2_2-branch/rules.deb.in (revision 66) +++ branches/samhain-2_2-branch/rules.deb.in (revision 66) @@ -0,0 +1,126 @@ +#!/usr/bin/make -f +# Samhain debian/rules +# GNU copyright 20001 to 2003 by Javier Fernandez-Sanguino +# based on +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. +# Modified to use mydefargs by Rainer Wichmann. +# + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=1 + +package=@install_name@ + +# CAVEAT: including the --enable-base= option is for packages to be +# distributed INTERNALLY on your network, NOT for packages +# to be distributed to THIRD PARTIES + +build: build-stamp +build-stamp: + dh_testdir + @top_srcdir@/configure @mydefargs@ + $(MAKE) + # echo '#!/bin/sh' > ./sstrip + # echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + -[ -f Makefile ] && $(MAKE) distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Fix the permissions + #chmod o-rX `pwd`/debian/tmp/var/log/samhain \ + # `pwd`/debian/tmp/var/run/samhain \ + # `pwd`/debian/tmp/var/state/samhain \ + # `pwd`/debian/tmp/etc/samhain + + $(MAKE) install install-boot DESTDIR=`pwd`/debian/tmp + + # However, remove the rc.d links + -rm -rf `pwd`/debian/tmp/etc/rc?.d + + # install -m 755 encode `pwd`/debian/tmp/usr/bin/samhain_encode + + # install -m 644 profiles/debianlinux_i386/samhainrc `pwd`/debian/tmp@myconffile@ + # install -m 644 debian/samhain.logrotate `pwd`/debian/tmp/etc/logrotate.d/samhain + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + [ -f debian/tmp/usr/share/doc/@install_name@/MANUAL-2_2.html.tar ] && \ + cd debian/tmp/usr/share/doc/@install_name@ && \ + tar xf MANUAL-2_2.html.tar && mv MANUAL-2_2 manual.html && \ + rm -f MANUAL-2_2.html.tar + dh_installexamples @top_srcdir@/scripts/example_pager.pl \ + @top_srcdir@/scripts/example_sms.pl \ + @top_srcdir@/scripts/report.pl \ + @top_srcdir@/scripts/concat.pl \ + @top_srcdir@/scripts/samhain.logrotator \ + @top_srcdir@/scripts/samhainadmin.pl \ + @top_srcdir@/scripts/check_samhain.pl \ + @top_srcdir@/yulerc.template \ + @top_srcdir@/samhainrc.linux + dh_installmenu + dh_installinit -- defaults 19 + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + # dh_installmanpages + dh_installchangelogs @top_srcdir@/docs/Changelog + dh_link + # dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + + +define checkdir + test -f debian/rules +endef + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install + Index: branches/samhain-2_2-branch/samhain-install.sh.in =================================================================== --- branches/samhain-2_2-branch/samhain-install.sh.in (revision 66) +++ branches/samhain-2_2-branch/samhain-install.sh.in (revision 66) @@ -0,0 +1,1538 @@ +#! /bin/sh + +purge= +verbose= +express= +force= +act= + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +sbindir=@sbindir@ +samhain=@install_name@ +mandir=@mandir@ + +sysconfdir=@sysconfdir@ +configfile=@myconffile@ + +pid_file=@mylockfile@ +pid_dir=@mylockdir@ + +data_root=@mydataroot@ +mydatafile=@mydatafile@ + +mylogfile=@mylogfile@ +mylogdir=@mylogdir@ + +myhtmlfile=@myhtmlfile@ + +INSTALL_SHELL="$0 --install-sh -m 700" +INSTALL_DATA="$0 --install-sh -m 600" + +mkinstalldirs="$0 --mkinstalldirs" + + +DESTDIR= +user= + +# +# Only call rmdir with an absolute path +# +SH_RMDIR=echo +SPATH="/bin:/usr/bin:/sbin:/usr/sbin" +OLD_IFS=${IFS} +IFS=':'; export IFS +for ff in ${SPATH}; do + if test -x $ff/rmdir; then + SH_RMDIR=`eval echo ${ff}/rmdir` + fi +done +IFS=${OLD_IFS}; export IFS + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + + +if [ x"$1" = x ] +then + echo 'samhain-install.sh [--destdir=DESTDIR][--verbose][--express][--force] action' + echo 'action = install-boot|install-data|install-user' + echo ' uninstall|purge|uninstall-boot' + echo ' uninstall-data|uninstall-man|uninstall-program|uninstall-lkm' + echo 'samhain-install.sh --print-config ' + echo 'item = name | basekey | prefix | exec_prefix | sbin_dir | man_dir' + echo ' config_dir | config_file | pid_dir | log_dir | log_file' + echo ' data_dir | data_file' + exit 1 +fi + +while [ x"$1" != x ]; do + case $1 in + -v|--verbose) verbose=yes + shift + continue;; + + -e|--express) express=yes + shift + continue;; + + -f|--force) force=yes + shift + continue;; + + -d) shift + DESTDIR="$1" + if test "x${DESTDIR}" = "x/"; then + DESTDIR= + fi + shift + continue;; + + --destdir=*) DESTDIR=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` + if test "x${DESTDIR}" = "x/"; then + DESTDIR= + fi + shift + continue;; + + --install-sh) + shift +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 + # ----- END OF INSTALL-SH ----- + ;; + + --mkinstalldirs) + shift + # mkinstalldirs --- make directory hierarchy + # Author: Noah Friedman + # Created: 1993-05-16 + # Public domain + # $Id: mkinstalldirs,v 1.10 1996/05/03 07:37:52 friedman Exp $ + errstatus=0 + for file + do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done + done + exit $errstatus + # mkinstalldirs ends here + ;; + + install-deploy) + if test -f ./samhainrc.USEME + then + tmpconfigfile=`echo ${configfile} | sed 's%^REQ_FROM_SERVER%%'` + if test x"${tmpconfigfile}" = x + then + echo " No local path for configfile defined." + exit 0 + else + cp samhainrc.USEME "${tmpconfigfile}" && chmod 0600 "${tmpconfigfile}" + fi + fi + if test -f postinstall.USEME + then + /bin/sh ./postinstall.USEME + fi + exit 0 + ;; + + print-config|--print-config) + shift + pwhat=$1 + if test x"$1" = x + then + echo "$0: Missing argument to print-config" + exit 1 + fi + case $pwhat in + basekey) + echo "@mykeybase@" + ;; + + prefix) + echo $prefix + ;; + + exec_prefix) + echo $exec_prefix + ;; + + sbin_dir) + echo $sbindir + ;; + + name) + echo $samhain + ;; + + man_dir) + echo $mandir + ;; + + config_dir) + echo $sysconfdir + ;; + + config_file) + echo $configfile | sed 's%^REQ_FROM_SERVER%%' + ;; + + pid_file) + echo ${pid_file} + ;; + + pid_dir) + echo ${pid_dir} + ;; + + data_dir) + echo @mydataroot@ + ;; + + data_file) + echo @mydatafile@ | sed 's%^REQ_FROM_SERVER%%' + ;; + + log_file) + echo @mylogfile@ + ;; + + log_dir) + echo @mylogdir@ + ;; + + *) + echo "$0: Unknown item \"$pwhat\"" + exit 1 + ;; + esac + exit 0 + ;; + + install-user) + act=user + shift + user=$1 + break;; + + install-boot) + act=boot + break;; + + uninstall-boot) + act=uboot + break;; + + install-data) + act=data + break;; + + uninstall-data) + act=udata + break;; + + uninstall-man) + act=uman + break;; + + uninstall-program) + act=uprogram + break;; + + uninstall-lkm) + act=ulkm + break;; + + uninstall | remove | purge) + opts= + test x"$verbose" = "xyes" && opts="$opts --verbose" + test x"$express" = "xyes" && opts="$opts --express" + test x"$force" = "xyes" && opts="$opts --force" + test x"$DESTDIR" = "x" || opts="$opts --destdir=$DESTDIR" + test x"$1" = "xpurge" && purge=yes + echo "$0 $opts uninstall-lkm" + eval $0 $opts uninstall-lkm + echo "$0 $opts uninstall-program" + eval $0 $opts uninstall-program + echo "$0 $opts uninstall-man" + eval $0 $opts uninstall-man + if test x"$force" = "x"; then + test "x$purge" = xyes && opts="$opts --force" + fi + echo "$0 $opts uninstall-data" + eval $0 $opts uninstall-data + echo + echo " To uninstall the runlevel scripts, use $0 $opts uninstall-boot" + echo + exit 0 + ;; + *) + echo "Unknown option $1" + exit 1 + ;; + + esac +done + +if test x"$act" = xuser +then + +# -- the routines for installing a new user are adapted from +# the OpenPKG bootstrap installation script, which is distributed +# under the following license: + +## Shell-based package for OpenPKG BINARY bootstrap installation +## Copyright (c) 2000-2002 Cable & Wireless Deutschland GmbH +## Copyright (c) 2000-2002 The OpenPKG Project +## Copyright (c) 2000-2002 Ralf S. Engelschall +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. + + if test x"$user" = x + then + echo "**ERROR**: No username specified" + exit 1 + fi + + s=`uname -s 2>/dev/null` || s='Unknown' + r=`uname -r 2>/dev/null` || r='0.0' + platform="${s}/${r}" + + if test x"$user" = xnobody; then + case "$platform" in + HP-UX/* ) + group="nogroup" + ;; + *) + group="nobody" + ;; + esac + else + group="$user" + fi + shell=/bin/false + if test -f /etc/shells + then + grep "^/usr/bin/false" /etc/shells >/dev/null 2>&1 && shell=/usr/bin/false + grep "^/bin/nologin" /etc/shells >/dev/null 2>&1 && shell=/bin/nologin + grep "^/sbin/nologin" /etc/shells >/dev/null 2>&1 && shell=/sbin/nologin + fi + home="${data_root}" + + xuid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${user}:" | awk -F: '{ print $3; }'` + if test "x$xuid" = x + then + # seek for a reasonable uid/gid pair + xuid=1000 + ok=0 + while test "x$ok" = x0 + do + eval "u_exists=\$u_exists_$xuid" + if test "x$u_exists" = x + then + u_exists=`(cat /etc/passwd; ypcat passwd) 2>/dev/null | grep "^[^:]*:[^:]*:$xuid:"` + fi + eval "g_exists=\$g_exists_$xuid" + if test "x$g_exists" = x + then + g_exists=`(cat /etc/group; ypcat group) 2>/dev/null | grep "^[^:]*:[^:]*:$xuid:"` + fi + if [ "x$u_exists" = x -a "x$g_exists" = x ]; then + ok=1 + break + fi + xuid=`expr $xuid + 1` + done + eval "u_exists_$xuid=yes" + eval "g_exists_$xuid=yes" + else + # user exists + xgid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${user}:" | awk -F: '{ print $4; }'` + fi + + if test "x$xgid" = x + then + xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ + grep "^${group}:" | awk -F: '{ print $3; }'` + fi + + if test "x$xgid" = x + then + xgid="$xuid" + g_exists=no + else + g_exists=yes + fi + + uid=$xuid + gid=$xgid + + if test -f /etc/shells + then + exists=`cat /etc/shells 2>/dev/null | grep "^$shell"` + if test "x$exists" = x; then + echo "${shell}" >>/etc/shells + test -z "$verbose" || echo " Added ${shell} to /etc/shells" + fi + fi + + exists=`(cat /etc/passwd; ypcat passwd) 2>/dev/null | grep "^$user:"` + if test x"$exists" = x; then + # add entry to passwd database + realname="$user" + case "$platform" in + FreeBSD/* | NetBSD/* | OpenBSD/* ) + file=/etc/master.passwd + entry="${user}:*:${uid}:${gid}::0:0:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; pwd_mkdb -p /etc/master.passwd)" + break + ;; + Linux/* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; pwconv)" + break + ;; + SunOS/5.* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; pwconv)" + break + ;; + OSF1/V5.* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; mkpasswd /etc/passwd)" + break + ;; + HP-UX/* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update=":" + break + ;; + IRIX*/* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update=":" + break + ;; + *) + echo "install-user: Unsupported system $platform" + echo "Please add user $user / group $group manually" + echo " and re-run make install-user" + exit 1 + ;; + esac + cp $file $file.bak && \ + (grep -v '^+:' $file.bak; echo $entry; grep '^+:' $file.bak) >$file + rm -f $file.bak >/dev/null 2>&1 + eval $update + test -z "$verbose" || echo " Added user: ${user} uid: ${uid} shell: ${shell}" + else + test -z "$verbose" || echo " User ${user} exists already" + fi + + # check whether group already exists + # FIXME + exists=`(cat /etc/group; ypcat group) 2>/dev/null | grep "^$group:"` + if test x"$exists" = x + then + # + # user has a valid GID + # + if test g_exists = xyes; then + exists=yes + fi + fi + if test x"$exists" = x + then + # add entry to group database + file=/etc/group + entry="${group}:*:${gid}:${user}" + cp $file $file.bak && \ + (grep -v '^+:' $file.bak; echo $entry; grep '^+:' $file.bak) >$file + rm -f $file.bak >/dev/null 2>&1 + test -z "$verbose" || echo " Added group: ${group} gid: ${gid} user: ${user}" + fi + + exit 0 +fi + +if test x"$act" = xboot || test x"$act" = xuboot +then + s=`uname -s 2>/dev/null` || s='Unknown' + r=`uname -r 2>/dev/null` || r='0.0' + platform="${s}/${r}" + + case "$platform" in + IRIX*/*) + DVER="IRIX" + test -z "$verbose" || echo " IRIX system detected" + rc_main=${DESTDIR}/etc/init.d + rc_dirz= + rc_inst="chmod 755 /etc/init.d/@install_name@; chown root /etc/init.d/@install_name@; chkconfig -f @install_name@ on; (cd /etc; ln -f -s init.d/@install_name@ rc2.d/S99@install_name@; ln -f -s init.d/@install_name@ rc0.d/K10@install_name@; )" + rc_uinst="rm -f /etc/init.d/@install_name@; rm -f /etc/rc2.d/S99@install_name@; rm -f /etc/rc0.d/K10@install_name@; chkconfig @install_name@ off" + ;; + + AIX/*) + DVER="AIX" + test -z "$verbose" || echo " AIX system detected" + ln -f -s @sbindir@/@install_name@ samhain.startAIX + rc_main=@sbindir@ + rc_dirz= + rc_inst="/usr/sbin/mkitab -i '@install_name@:2:wait:@sbindir@/@install_name@ start >/dev/console 2>&1'" + rc_uinst="/usr/sbin/rmitab @install_name@" + ;; + + HP-UX/*) + DVER="HPUX" + test -z "$verbose" || echo " HP-UX system detected" + rc_main=${DESTDIR}/sbin/init.d + rc_dirz= + rc_inst="chmod 555 /sbin/init.d/@install_name@; chown bin:bin /sbin/init.d/@install_name@; (cd /sbin && ln -f -s /sbin/init.d/@install_name@ rc2.d/S900@install_name@ && ln -f -s /sbin/init.d/@install_name@ rc1.d/K100@install_name@; )" + rc_uinst="rm -f /sbin/init.d/@install_name@; rm -f /sbin/rc2.d/S900@install_name@; rm -f /sbin/rc1.d/K100@install_name@" + ;; + + OpenBSD/*) + test -z "$verbose" || echo " OpenBSD system detected" + grep '^## begin @install_name@' /etc/rc.local >/dev/null 2>&1 + if [ $? -eq 0 ]; then + RCLOCALTMP=`mktemp /etc/rc.local.XXXXXXXXXX` || exit 1 + sed "/^## begin @install_name@/,/^## end @install_name@/d" /etc/rc.local >$RCLOCALTMP || exit 1 + cat $RCLOCALTMP >/etc/rc.local || exit 1 + rm -f $RCLOCALTMP || exit 1 + if test x"$act" = xuboot; then + echo " uninstalling from /etc/rc.local completed" + fi + fi + if test x"$act" = xboot; then + echo "## begin @install_name@" >>/etc/rc.local || exit 1 + echo "if [ -x @sbindir@/@install_name@ ]; then" >>/etc/rc.local || exit 1 + echo " @sbindir@/@install_name@ start" >>/etc/rc.local || exit 1 + echo "fi" >>/etc/rc.local || exit 1 + echo "## end @install_name@" >>/etc/rc.local || exit 1 + echo " installing to /etc/rc.local completed" + fi + exit 0 + ;; + + NetBSD/*) + test -z "$verbose" || echo " NetBSD system detected" + if test -f /etc/rc.subr; then + DVER="FreeBSD" + rc_main=${DESTDIR}/etc/rc.d + rc_dirz= + rc_inst="chmod 755 /etc/rc.d/@install_name@" + rc_uinst="rm -f /etc/rc.d/@install_name@" + else + echo "${0}: unsupported platform ${platform} (too old)" + exit 1 + fi + ;; + + FreeBSD/* ) + test -z "$verbose" || echo " FreeBSD system detected" + if test -f /etc/rc.subr; then + DVER="FreeBSD" + rc_main=${DESTDIR}/etc/rc.d + rc_dirz= + rc_inst="chmod 755 /etc/rc.d/@install_name@" + rc_uinst="rm -f /etc/rc.d/@install_name@" + else + DVER="Solaris" + rc_main=${DESTDIR}/usr/local/etc/rc.d + rc_dirz= + rc_inst="mv /usr/local/etc/rc.d/@install_name@ /usr/local/etc/rc.d/@install_name@.sh && chmod 755 /usr/local/etc/rc.d/@install_name@.sh" + rc_uinst="rm -f /usr/local/etc/rc.d/@install_name@.sh" + fi + if test x"$act" = xboot + then + if [ ! -d ${rc_main} ]; then + test x"$act" = xboot && mkdir ${rc_main} + fi + if test "x$DVER" = "xSolaris"; then + ( . /etc/defaults/rc.conf + . /etc/rc.conf + found=0 + for p in ${local_startup-x}; do + if test "x$p" = "x${rc_main}"; then + found=1 + break + fi + done + if test "x$found" = x0; then + cp -p /etc/rc.conf /etc/rc.conf.bak + ( + grep -v local_startup /etc/rc.conf.bak + echo "local_startup=\"${rc_main} $local_startup\"" + ) >/etc/rc.conf + fi + ) + fi + fi + ;; + + SunOS/5.* ) + DVER="Solaris" + DVER_REAL="Solaris" + test -z "$verbose" || echo " Solaris system detected" + rc_dirz= + rc_main=${DESTDIR}/etc/init.d + rc_inst="chmod 755 ${DESTDIR}/etc/init.d/@install_name@; chown root:sys ${DESTDIR}/etc/init.d/@install_name@; (cd ${DESTDIR}/etc; ln init.d/@install_name@ rc3.d/S99@install_name@; ln init.d/@install_name@ rc0.d/K10@install_name@; ln init.d/@install_name@ rc1.d/K10@install_name@; )" + rc_uinst="rm -f ${DESTDIR}/etc/init.d/@install_name@; rm -f ${DESTDIR}/etc/rc0.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc1.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc3.d/S99@install_name@" + ;; + + Linux/*) + rlv="2 3 4 5" + linkopt="-f -s" + # find rc directories + if test -f /usr/lib/lsb/install_initd && test -d /etc/init.d + then + test -z "$verbose" || echo " Linux Standard Base system detected" + DVER=LSB + if test x"$DESTDIR" = x + then + rc_main=/etc/init.d + rc_dirz= + rc_inst="/usr/lib/lsb/install_initd /etc/init.d/@install_name@" + rc_uinst="/usr/lib/lsb/remove_initd /etc/init.d/@install_name@" + else + rc_inst= + rc_uinst= + rc_main=${DESTDIR}/etc/init.d + rc_dirz= + # test -d /etc/init.d/rc2.d && rc_dirz=${DESTDIR}/etc/init.d/rc + # test -d /etc/rc.d/rc2.d && rc_dirz=${DESTDIR}/etc/rc.d/rc + # test -d /etc/rc2.d && rc_dirz=${DESTDIR}/etc/rc + fi + elif test -f /etc/SuSE-release + then + test -z "$verbose" || echo " SuSE system detected" + DVER="Linux" + rc_inst= + rc_uinst= + if test -d /sbin/init.d && test -d /sbin/init.d/rc2.d + then + test -z "$verbose" || echo " SuSE 6.x system detected" + rc_main=${DESTDIR}/sbin/init.d + rc_dirz=${DESTDIR}/sbin/init.d/rc + elif test -d /etc/init.d && test -d /etc/init.d/rc2.d + then + test -z "$verbose" || echo " SuSE 7.x or newer detected" + rc_main=${DESTDIR}/etc/init.d + rc_dirz=${DESTDIR}/etc/init.d/rc + else + echo "${0}: unknown system" + exit 1 + fi + elif test -d /sbin/init.d && test -d /sbin/init.d/rc2.d + then + DVER="Linux" + rc_inst= + rc_uinst= + test -z "$verbose" || echo " SuSE 5.x system detected" + rc_main=${DESTDIR}/sbin/init.d + rc_dirz=${DESTDIR}/sbin/init.d/rc + elif test -f /etc/debian_version + then + DVER="Linux" + test -z "$verbose" || echo " Debian based system detected" + if test x"$DESTDIR" = x + then + rc_main=/etc/init.d + rc_dirz= + rc_uinst="/usr/sbin/update-rc.d -f @install_name@ remove" + rc_inst="/usr/sbin/update-rc.d @install_name@ defaults 99 10" + else + rc_inst= + rc_uinst= + rc_main=${DESTDIR}/etc/init.d + # rc_dirz=${DESTDIR}/etc/rc + rc_dirz= + fi + elif test -f /etc/redhat-release + then + DVER="Linux" + test -z "$verbose" || echo " Redhat based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d/init.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/mandrake-release + then + DVER="Linux" + test -z "$verbose" || echo " Mandrake based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d/init.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/yellowdog-release + then + DVER="Linux" + test -z "$verbose" || echo " Yellow Dog based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d/init.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/slackware-version && test -f /etc/rc.d/rc.sysvinit + then + DVER="Linux" + test -z "$verbose" || echo " Slackware based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/gentoo-release + then + DVER="Gentoo" + test -z "$verbose" || echo " Gentoo based system detected" + rc_uinst="/sbin/rc-update del @install_name@" + rc_inst="/sbin/rc-update add @install_name@ default" + rc_main=${DESTDIR}/etc/init.d + rc_dirz= + else + echo "${0}: unknown Linux distribution" + rc_uinst= + rc_inst= + rc_main= + rc_dirz= + for ff in /etc/rc.d/init.d /etc/init.d /sbin/init.d; do + if test -d $ff; then + rc_main="$ff" + break + fi + done + for fg in /etc/rc.d/rc2.d /etc/rc2.d /sbin/init.d/rc2.d; do + if test -d $fg; then + rc_dirz="`echo $fg | sed -e 's,2.*,,'`" + break + fi + done + if [ x"${rc_dirz}" = x ]; then + echo "${0}: no install directory for runlevel scripts found" + exit 1 + fi + if [ x"${rc_main}" = x ]; then + echo "${0}: no install directory for runlevel scripts found" + exit 1 + fi + DVER="Linux" + rc_main="${DESTDIR}${rc_main}" + rc_dirz="${DESTDIR}${rc_dirz}" + fi + ;; + + *) + echo "${0}: unsupported platform ${platform}" + exit 1 + ;; + esac + + if test x"${rc_main}" = x + then + echo "${0}: no install directory for runlevel scripts found" + exit 1 + fi + + if test x"${act}" = xboot + then + + startscript=NONE + if test -f init/samhain.start${DVER} + then + startscript=`eval echo init/samhain.start${DVER}` + elif test -f samhain.start${DVER} + then + startscript=`eval echo samhain.start${DVER}` + else + echo "${0}: cannot find samhain.start${DVER} in ./ or ./init" + exit 1 + fi + + if test "x${startscript}" = xNONE; then + echo "${0}: cannot find samhain.start${DVER} in ./ or ./init" + exit 1 + else + if test -f ${rc_main}/${samhain} && test x"$force" != xyes + then + echo " ${rc_main}/${samhain} exists ... not overwritten (or use --force)" + else + if test x"$DESTDIR" = x + then + : + else + ${mkinstalldirs} ${rc_main} + # + if test x"${DVER_REAL}" = xSolaris; then + ${mkinstalldirs} ${DESTDIR}/etc/rc0.d + ${mkinstalldirs} ${DESTDIR}/etc/rc1.d + ${mkinstalldirs} ${DESTDIR}/etc/rc3.d + fi + # + fi + test -z "$verbose" || echo " ${INSTALL_SHELL} ${startscript} ${rc_main}/${samhain}" + if test -f "@INSTALL@"; then + ${INSTALL_SHELL} ${startscript} ${rc_main}/${samhain} + else + cp ${startscript} ${rc_main}/${samhain} && chmod 0700 ${rc_main}/${samhain} + fi + fi + fi + + + if test x"${rc_dirz}" != x + then + for ff in $rlv + do + if test x"${DESTDIR}" = x + then + rldir="${rc_dirz}${ff}.d/" + test -z "$verbose" || echo " cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} S99${samhain}" + (cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} S99${samhain}) + test -z "$verbose" || echo " cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} K10${samhain}" + (cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} K10${samhain}) + else + : + # ${mkinstalldirs} ${rc_dirz}${ff}.d + fi + + + done + fi + + if test x"${rc_inst}" != x + then + if test x"${DESTDIR}" = x + then + test -z "$verbose" || echo " ${rc_inst}" + eval ${rc_inst} + fi + fi + echo "installing init scripts completed" + fi + + if test x"${act}" = xuboot + then + if test x"${rc_uinst}" != x + then + test -z "$verbose" || echo " ${rc_uinst}" + echo + eval ${rc_uinst} + fi + + if test x"${rc_dirz}" != x + then + for ff in $rlv + do + test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" + rm -f ${rc_dirz}${ff}.d/S99${samhain} + test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" + rm -f ${rc_dirz}${ff}.d/K10${samhain} + done + fi + + test -z "$verbose" || echo " rm -f ${rc_main}/${samhain}" + rm -f ${rc_main}/${samhain} + + echo " uninstalling init scripts completed" + fi + + # boot_install|boot_uninstall completed + exit 0 +fi + +if test x"${act}" = xulkm +then + RVER=`uname -r` + if test "x@sh_lkm@" != "x"; then + if test -d /lib/modules/$RVER; then + MODDIR="/lib/modules/$RVER" + elif test -d /lib/modules/misc; then + MODDIR="/lib/modules/misc" + elif test -d /lib/modules; then + MODDIR="/lib/modules/misc" + fi + # -- NEW -- + ALLMODS="@sh_lkm@" + for p in $ALLMODS; do + test -z "$verbose" || echo " rm -f ${DESTDIR}${MODDIR}/`echo $p|sed ' +s%samhain%@install_name@%'`" + rm -f ${DESTDIR}${MODDIR}/`echo $p|sed 's%samhain%@install_name@%'` + done + fi +fi + +if test x"${act}" = xuprogram +then + PROGRAMS="@setpwd_prg@ @stegin_prg@ @yulectl_prg@ @sh_main_prg@" + for p in $PROGRAMS; do + test -z "$verbose" || echo " rm -f ${DESTDIR}${sbindir}/`echo $p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`" + rm -f ${DESTDIR}${sbindir}/`echo $p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'` + done + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${sbindir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${sbindir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + exit 0 +fi + +if test x"${act}" = xuman +then + test -z "$verbose" || echo " rm -f ${DESTDIR}${mandir}/man8/@install_name@.8" + rm -f ${DESTDIR}${mandir}/man8/@install_name@.8 + test -z "$verbose" || echo " rm -f ${DESTDIR}${mandir}/man5/@install_name@rc.5" + rm -f ${DESTDIR}${mandir}/man5/@install_name@rc.5 + + OLD_IFS=${IFS} + IFS=':'; export IFS + for ff in ${MANPATH}; do + if test x"$ff/man8" = x"${DESTDIR}${mandir}/man8"; then + echo " man directory ${DESTDIR}${mandir} is in your MANPATH" + echo " -- will not try to remove" + IFS=${OLD_IFS}; export IFS + exit 0 + fi + done + IFS=${OLD_IFS}; export IFS + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir}/man8 ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mandir}/man8 >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir}/man5 ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mandir}/man5 >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mandir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + exit 0 +fi + +if test x"${act}" = xudata +then + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${mydatafile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${mydatafile}|sed s%REQ_FROM_SERVER%%` + test -z "$verbose" || echo " rm -f ${DESTDIR}${pid_file}" + rm -f ${DESTDIR}${pid_file} + test -z "$verbose" || echo " rm -f ${DESTDIR}${mylogfile}" + rm -f ${DESTDIR}${mylogfile} + test -z "$verbose" || echo " rm -f ${DESTDIR}${myhtmlfile}" + rm -f ${DESTDIR}${myhtmlfile} + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${pid_dir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${pid_dir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mylogdir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mylogdir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${data_root} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${data_root} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + if test x"$force" = "xyes" + then + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` + elif test x"$purge" = "xyes" + then + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` + elif test x"$express" = x; then + echo " Do you want to remove the configuration file [y/n] ?" + while [ "1" = "1" ]; do + read ff + case "$ff" in + Y* | y* ) + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` + break + ;; + N* | n* ) + test -z "$verbose" || echo " ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` NOT removed" + break + ;; + *) + echo " Enter y[es] or n[o]" + ;; + esac + done + else + test -z "$verbose" || echo " NOT REMOVED: config file ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` (use --force to remove)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${sysconfdir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${sysconfdir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + exit 0 +fi + +if test x"${act}" = xdata +then + STEGIN=@stegin_prg@ + CONVERT= + + GPGPATH=@mygpg@ + + NTEST=@mytclient@ + + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + RCFILE=yulerc + if test -f $RCFILE + then + : + else + if test -f yulerc.template + then + cp yulerc.template $RCFILE + fi + fi + else + RCFILE=samhainrc + IN_RCFILE=samhainrc.@selectconfig@ + + if test -f ${RCFILE} + then + : + else + if test -f ${IN_RCFILE} + then + test -z "$verbose" || echo " cp ${IN_RCFILE} ${RCFILE}" + cp ${IN_RCFILE} ${RCFILE} + fi + fi + fi + + if test -f $RCFILE + then + : + else + echo "${0}: cannot find configuration file $RCFILE" + exit 1 + fi + + if test x"${GPGPATH}" != x + then + echo + echo "You need to sign the config file now" + echo + test -z "$verbose" || echo " ${GPGPATH} -a --clearsign $RCFILE" + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${samhain}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" != x + then + DOT_GNUPG=`eval echo ~${samhain}/.gnupg` + test -z "$verbose" || echo " using --homedir ${DOT_GNUPG}" + ${GPGPATH} --homedir ${DOT_GNUPG} -a --clearsign $RCFILE + else + ${GPGPATH} -a --clearsign $RCFILE + fi + else + ${GPGPATH} -a --clearsign $RCFILE + fi + + if test -f ${RCFILE}.asc + then + test -z "$verbose" || echo " mv -f ${RCFILE}.asc samhainrc.pre" + mv -f ${RCFILE}.asc samhainrc.pre + else + echo "**********************************************************" + echo + echo "${0}: ERROR: cannot find signed file ${RCFILE}.asc" + echo + echo " --- You need to sign the configuration file ---" + echo + echo "**********************************************************" + cp ${RCFILE} samhainrc.pre + fi + else + test -z "$verbose" || echo " cp $RCFILE samhainrc.pre" + cp $RCFILE samhainrc.pre + fi + + if test x"${STEGIN}" != x + then + test -z "$verbose" || echo " searching for ImageMagick convert utility" + OPATH=${PATH} + PATH="/usr/local/bin:/usr/X11R6/bin:"${PATH} + + OIFS=${IFS} + IFS=":" + + for dd in ${PATH} + do + if test -f "${dd}/convert" + then + "${dd}/convert" --help | grep ImageMagick >/dev/null 2>&1 && \ + CONVERT="${dd}/convert" + test -z "$verbose" || echo " CONVERT=${dd}/convert" + fi + done + + IFS=${OIFS} + + if test x"${CONVERT}" = x + then + echo "${0}: cannot find ImageMagick convert utility in PATH=${PATH}" + exit 1 + fi + + PATH=${OPATH} + + if test -f stealth_template.jpg + then + test -z "$verbose" || echo " ${CONVERT} +compress stealth_template.jpg stealth_template.ps" + "${CONVERT}" +compress stealth_template.jpg stealth_template.ps + else + echo "${0}: cannot find file stealth_template.jpg" + exit 1 + fi + + + if test -f stealth_template.ps + then + : + else + echo "${0}: file stealth_template.ps not created" + exit 1 + fi + + if test -f samhainrc.pre + then + : + else + echo "${0}: cannot find configuration file samhainrc.pre" + exit 1 + fi + + if test -f ./samhain_stealth + then + : + else + echo "${0}: cannot find utility ./samhain_stealth" + exit 1 + fi + + ccount=`./samhain_stealth -o samhainrc.pre 2>&1 | awk '{ print $1 }'` + mcount=`./samhain_stealth -i stealth_template.ps 2>&1 | awk '{ print $7 }'` + + if test ${mcount} -lt ${ccount} + then + echo "${0}: configuration file samhainrc too big," + echo " need a larger image stealth_template.jpg to store" + exit 1 + fi + + test -z "$verbose" || echo " ./samhain_stealth -s stealth_template.ps samhainrc.pre" + ./samhain_stealth -s stealth_template.ps samhainrc.pre + + test -z "$verbose" || echo " mv -f stealth_template.ps samhainrc.install" + mv -f stealth_template.ps samhainrc.install + else + test -z "$verbose" || echo " mv -f samhainrc.pre samhainrc.install" + mv -f samhainrc.pre samhainrc.install + fi + + tmp_configfile=`echo ${configfile} | sed 's%^REQ_FROM_SERVER%%'` + + if test x"${tmp_configfile}" = x + then + echo " No local configfile to install." + exit 0 + fi + + if test -f ${DESTDIR}${tmp_configfile} && test x"$force" = x + then + echo " ${DESTDIR}${tmp_configfile} exists ... not overwritten (or use --force)" + else + test -z "$verbose" || echo " ${INSTALL_DATA} samhainrc.install ${DESTDIR}${tmp_configfile}" + ${INSTALL_DATA} samhainrc.install ${DESTDIR}${tmp_configfile} + fi + + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + test -z "$verbose" || echo " chown @myident@ ${DESTDIR}${tmp_configfile}" + chown @myident@ ${DESTDIR}${tmp_configfile} + fi + + # + # Changed: don't check if DESTDIR is set, as these are not + # the true install locations anyway + # + if test -f trustfile && test x"${DESTDIR}" = x + then + test -z "$verbose" || echo " checking whether paths are trustworthy" + RESULT=`./trustfile ${DESTDIR}${tmp_configfile} 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${tmp_configfile} + echo + else + test -z "$verbose" || echo " configuration file ${DESTDIR}${tmp_configfile} ... OK" + fi + + RESULT=`./trustfile ${DESTDIR}${pid_dir} >/dev/null 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${pid_dir} + echo + else + test -z "$verbose" || echo " state directory ${DESTDIR}${pid_dir} ... OK" + fi + + RESULT=`./trustfile ${DESTDIR}${mylogdir} >/dev/null 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${mylogdir} + echo + else + test -z "$verbose" || echo " state directory ${DESTDIR}${mylogdir} ... OK" + fi + + RESULT=`./trustfile ${DESTDIR}${data_root} >/dev/null 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${data_root} + echo + else + test -z "$verbose" || echo " data directory ${DESTDIR}${data_root} ... OK" + fi + fi + # install_data + exit 0 +fi + + Index: branches/samhain-2_2-branch/samhain.spec.in =================================================================== --- branches/samhain-2_2-branch/samhain.spec.in (revision 66) +++ branches/samhain-2_2-branch/samhain.spec.in (revision 66) @@ -0,0 +1,268 @@ +# +# Accepted parameters for 'rpmbuild': +# +# --with tests - make tests before building + +Summary: File integrity and host-based IDS +Name: @install_name@ +Version: @VERSION@ +Release: 1 +License: GPL +Group: System Environment/Base +Source: samhain-%{version}.tar.gz +BuildRoot: %{_tmppath}/samhain-%{version}-root +Packager: Andre Oliveira da Costa +Provides: %{name} + +# no quotes here - aparently will be expanded literally + +%define withpwd_prg x@clmytclient@ +%define withstg_prg x@stegin_prg@ + +# disable automatic stripping of binaries upon installation +%define __spec_install_post %{nil} +# required because DeadRat wants to package some debug info otherwise +# (this debug info would be created by debug_install_post called +# from spec_install_post) +%define debug_package %{nil} +# Use internal dependency generator rather than external helpers? +%define _use_internal_dependency_generator 0 + +%description +@install_name@ is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, and +and thus can remember file changes -- contrary to a tool that runs from +cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +@install_name@ can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +NOTE: for security reasons, if you distribute binary executables to +third parties you should point out the use of the --add-key option to +modify the key material within the executable. +This spec file is intended to facilitate installation on YOUR system. +If you use this spec file to build a SRPM for distribution to third parties, +make sure to remove the --enable-base configure option below. + +%prep +%setup -q -n samhain-%{version} + +%build +%if %{?_with_tests:1}%{!?_with_tests:0} +# test installation (test #7 is only included if --with gpg has been +# specified) +for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done +%endif +# +# configure with the user-supplied arguments to './configure' +# +./configure @mydefargs@ +make + +%install + +rm -rf ${RPM_BUILD_ROOT} +# sstrip shouldn't be used since binaries will be stripped later +## cat << EOF > sstrip +## #!/bin/sh +## echo "*** SSTRIP DISABLED ***" +## EOF +make DESTDIR=${RPM_BUILD_ROOT} install +# copy script files to /var/lib/samhain so that we can use them right +# after the package is installed +# +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}@mydataroot@ +# +# file list (helpful advice from Lars Kellogg-Stedman) +# +echo "@sbindir@/@install_name@" > sh_file_list +find %{buildroot}/lib/modules \! -type d -print | \ + sed 's,%{buildroot},,' >> sh_file_list + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +if test "x@sh_lkm@" = x; then + : +else + if test -f /sbin/depmod; then + /sbin/depmod -a + fi +fi +if [ "$1" -ge 1 ]; then + # Activate boot-time start up + cd @mydataroot@ + ./samhain-install.sh --verbose install-boot + rm -f ./samhain.startLSB + rm -f ./samhain.startLinux + if [ -f @sbindir@/@install_name@_stealth ]; then + rm -f samhain-install.sh + fi + shkeep=yes + if test x"$shkeep" = xno; then + rm -f ./samhain-install.sh + rm -f @sbindir@/@install_name@_stealth + fi +fi +if [ "$1" = 1 ]; then + if test -f /usr/lib/lsb/install_initd; then + /usr/lib/lsb/install_initd /etc/init.d/@install_name@ + fi +fi + +%if "%{name}" != "yule" +cat << EOF + +Samhain is installed but is NOT running yet, and the database of +file signatures is NOT initialized yet. Read the documentation, +review configuration files, and then (i) initialize it +(@sbindir@/samhain -t init) +and (ii) start it manually +(@sbindir@/samhain start). + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF +%endif +%if "%{name}" == "yule" +cat << EOF + +Yule is installed but is NOT running yet, read the documentation, +review configuration files, and then start it +(@sbindir@/yule) + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF +%endif + +%preun +# stop running instance of samhain, if any +if [ -f @mylockdir@/%{name}.pid ]; then + @sbindir@/@install_name@ stop +fi +if [ "$1" = 0 ]; then + # remove boot-time scripts and links + cd @mydataroot@ + if [ -f ./samhain-install.sh ]; then + ./samhain-install.sh --verbose uninstall-boot + else + if test -f /usr/lib/lsb/remove_initd; then + /usr/lib/lsb/remove_initd /etc/init.d/@install_name@ + fi + rm -f /etc/init.d/@install_name@ + fi +fi + +%postun +if [ "$1" = 0 ]; then + # remove any kernel modules that might have been installed + RVER=`uname -r` + MODFILES=`ls /lib/modules/$RVER/@install_name@* 2>/dev/null` + if test "x$MODFILES" = x; then + : + else + rm -f /lib/modules/$RVER/@install_name@* + fi +fi + + +%files -f sh_file_list +%defattr(-,root,root) +%dir @mylockdir@ +%dir @mylogdir@ +%doc docs/BUGS COPYING docs/Changelog docs/TODO +%doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_2.* docs/README* +@mydataroot@ +%if "%{withstg_prg}" == "xsamhain_stealth" + @sbindir@/@install_name@_stealth +%endif +%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT" + @sbindir@/@install_name@_setpwd +%endif +%if "%{withpwd_prg}" == "xDSH_WITH_SERVER" + @sbindir@/@install_name@ctl + %exclude @sbindir@/@install_name@_setpwd +%endif +%attr(644,root,root) @mandir@/man5/@install_name@* +%attr(644,root,root) @mandir@/man8/@install_name@* +%config(noreplace) @myrpmconffile@ + +%changelog +* Tue May 16 2006 Rainer Wichmann +- fix manual version, noticed by Imre Gergely + +* Tue Apr 05 2005 Rainer Wichmann +- disable automatic stripping, use sstrip + +* Thu Mar 17 2005 Rainer Wichmann +- fixes for enable-khide + +* Wed Oct 20 2004 Rainer Wichmann +- more fixes for client/server detection +- fix for samhain_stealth + +* Sun Aug 15 2004 Rainer Wichmann +- fix detection of client/server + +* Sat Jun 19 2004 Rainer Wichmann +- replace ./test.sh $i with make test$i +- add logic for rpm-light (remove some more files after install) +- make postun posix compliant (avoid empty argument list for rm -f) + +* Wed Dec 31 2003 Stijn Jonker +- Fixed correctly build of yule-*-rpm +- Fixed excluding of yule_setpwd, and including of yulectl on yule build +- Fixed including of samhain_setpwd in samhain client build +- Above changes required for correct build in newer rpms, + with defaults for abort on unpacked files due to + %_unpackaged_files_terminate_build 1 setting +- Fixed installation text for yule, not to display samhain text +- Added /sbin/chkconfig install_name on to enable the rc scripts + +* Thu Dec 11 2003 Christian Vanguers +- Fixed typo in samhain.spec +- Compiled on RedHat Enterprise Linux ES 3 + +* Thu Mar 26 2003 Rainer Wichmann +- strip REQ_FROM_SERVER in config file path (%config(noreplace) ...) + +* Sun Jan 12 2003 Rainer Wichmann +- replace %configure with ./configure + +* Tue Dec 24 2002 Rainer Wichmann +- backported applicable changes to samhain.spec.in +- warn user that database must be initialized +- fix version of MANUAL in '%files' +- test for chkconfig, use only if found + +* Sun Dec 22 2002 Andre Oliveira da Costa 1.7.0 +- fixed typo with _usr macro on ./configure +- stops running samhain before uninstall +- implemented conditionals to allow proper uninstalls/upgrades +- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided +- run 'chkconfig' to activate samhain after installation +- warn user that samhain must be manually started after + install/upgrade + +* Fri Dec 20 2002 Rainer Wichmann +- backported to samhain.spec.in (take over user's choices from configure) +- also save samhain.startLSB and samhain.startSuSE for install-boot + +* Thu Dec 19 2002 Andre Oliveira da Costa 1.6.6 +- optional parameters '--with gpg' and '--with tests' +- use of pre-defined macros whenever possible + +* Wed Dec 18 2002 Andre Oliveira da Costa 1.6.6 +- Fixed installation process, avoiding hardcoded paths on the binaries + (thks to samhain's author Rainer Wichmann) + +* Mon Dec 16 2002 Andre Oliveira da Costa 1.6.6 +- First attempt to build from sources + Index: branches/samhain-2_2-branch/samhainrc.aix5.2.0 =================================================================== --- branches/samhain-2_2-branch/samhainrc.aix5.2.0 (revision 66) +++ branches/samhain-2_2-branch/samhainrc.aix5.2.0 (revision 66) @@ -0,0 +1,236 @@ +##################################################################### +# +# AIX 5.2.0 configuration file for Samhain. +# +#################################################################### +# +# Date : 23.10.2003 +# Author : Christoph Kiefer (chkiefer@intergga.ch) +# Comment : Samhain client configuration file. Should work +# for AIX 5.1.0. The Samhain version is 1.7.12 +# This configuration fits MY needs, YOU will +# probably have to modify it. +# +# Changes : Date Name Remarks +# 23.10.2003 Christoph Kiefer Initial Version +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# SETUP for file system checking: +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +MessageHeader="" +RedefLogFiles=-INO +SetFilecheckTime=3600 +SetLoopTime=3600 +SetRecursionLevel=99 +DigestAlgo=SHA1 +ChecksumTest=check +SetTimeServer=localhost +ReportFullDetail=no +Daemon=yes +HideSetup=yes +ReportOnlyOnce=yes +UseLocalTime=yes + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +[IgnoreAll] +dir=-1/etc/objrepos +dir=-1/etc/vg +dir=-1/dev/.SRC-unix +dir=-1/dev/pts +dir=-1/opt +dir=-1/tmp +dir=-1/usr/share/lib/objrepos +dir=-1/usr/share/man +dir=-1/var/adm/cron +dir=-1/var/tmp +file=/dev/log* + +[Attributes] +file=/etc/lpp/diagnostics/data/* +file=/audit/auditb +file=/dev +# file=/etc/bootpd.dump +file=/etc/bootptab +file=/etc/inittab +file=/etc/xtab +dir=/dev +dir=/usr/dt +dir=/usr/lib/instl +dir=/usr/lib/lpd +dir=/usr/lib/mh +dir=/usr/lib/sa +dir=/usr/lpp + +[LogFiles] +file=/etc/rmtab +file=/etc/security/failedlogin +file=/etc/security/lastlog +file=/etc/security/portlog +file=/etc/utmp +# file=/smit.log +file=/var/adm/*log* +file=/var/adm/ras/*log* +file=/var/adm/wtmp +file=/var/log/*log* + +[IgnoreNone] +file=/etc/tsh_profile + +[ReadOnly] +dir=/etc/security/ldap +file=/etc/*.cnf +file=/etc/*conf* +file=/etc/aliases +file=/etc/dumpdates +file=/etc/environment +file=/etc/exports +file=/etc/filesystems +file=/etc/ftpusers +file=/etc/group +file=/etc/hosts* +file=/etc/motd +file=/etc/passwd +file=/etc/profile +file=/etc/protocols +file=/etc/publickey +file=/etc/rc.* +file=/etc/rpc +file=/etc/security/acl +file=/etc/security/environ +file=/etc/security/group +file=/etc/security/limits +file=/etc/security/login.cfg +file=/etc/security/passwd +file=/etc/security/roles +file=/etc/security/smitacl.* +file=/etc/security/user* +file=/etc/sendmail.cf +file=/etc/services +file=/etc/sudoers +file=/etc/swapspaces +file=/etc/vfs +# file=/smit.script +dir=/etc/mail +dir=/etc/rc.d +dir=/etc/security/audit +dir=/home/root +dir=/sbin +dir=/usr/X11R6 +dir=/usr/bin +dir=/usr/ccs +dir=/usr/etc +dir=/usr/include +dir=/usr/lib/boot +dir=/usr/lib/methods +dir=/usr/lib/microcode +dir=/usr/lib/security +dir=/usr/lib/smit +dir=/usr/local/bin +dir=/usr/sbin +dir=/usr/share +dir=/usr/ucb + +[EventSeverity] +SeverityAttributes=crit +SeverityDirs=err +SeverityFiles=err +SeverityGrowingLogs=warn +SeverityIgnoreNone=crit +SeverityLogFiles=crit +SeverityReadOnly=crit +SeverityIgnoreAll=info +SeverityNames=info + +[Log] +ExportClass=RUN FIL PANIC ERR ENET EINPUT +LogSeverity=none +MailSeverity=none +PrintSeverity=none +ExportSeverity=warn +SyslogSeverity=warn + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + +[SuidCheck] +SuidCheckExclude=/proc +SuidCheckActive=1 +SuidCheckInterval=1800 +SuidCheckFps=250 +#SuidCheckYield=no +SeveritySuidCheck=alert +#SuidCheckQuarantineFiles=yes +#SuidCheckQuarantineMethod=0 +# SuidCheckQuarantineDelete = yes + + +[Utmp] +LoginCheckActive=1 +LoginCheckInterval=30 +SeverityLogin=info +SeverityLogout=info +SeverityLoginMulti=warn + +[EOF] Index: branches/samhain-2_2-branch/samhainrc.freebsd =================================================================== --- branches/samhain-2_2-branch/samhainrc.freebsd (revision 66) +++ branches/samhain-2_2-branch/samhainrc.freebsd (revision 66) @@ -0,0 +1,726 @@ +##################################################################### +# +# FreeBSD Configuration file for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# SETUP for file system checking: +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) +# RedefUser0=(no default) +# RedefUser1=(no default) + +# +# --------- / -------------- +# + +[ReadOnly] +dir = 0/ + +[Attributes] +file = / +file = /proc +file = /entropy +file = /tmp +file = /var + +# +# --------- /dev ----------- +# + +[Attributes] +dir = 99/dev + +[IgnoreAll] +file = /dev/ttyp? + +[Misc] +## +## pseudo terminals are created/removed as needed +## +IgnoreAdded = /dev/(p|t)typ.* +IgnoreMissing = /dev/(p|t)typ.* + + +# +# --------- /etc ----------- +# + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir = 99/etc + + +# +# --------- /boot ----------- +# + +[ReadOnly] +dir = 99/boot + +# +# --------- /bin, /sbin ----------- +# + +[ReadOnly] +dir = 99/bin +dir = 99/sbin + +# +# --------- /lib ----------- +# + +[ReadOnly] +dir = 99/lib + +# +# --------- /libexec ----------- +# + +[ReadOnly] +dir = 99/libexec + +# +# --------- /rescue ----------- +# + +[ReadOnly] +dir = 99/rescue + +# +# --------- /root ----------- +# + +[Attributes] +## +## for these files, only changes in permissions and ownership are checked +## +dir = 99/root + +# +# --------- /stand ----------- +# + +[ReadOnly] +dir = 99/stand + +# +# --------- /usr ----------- +# + +[ReadOnly] +dir = 99/usr + +[Attributes] +dir = /usr/.snap +dir = /usr/share/man/cat? +file = /usr/compat/linux/etc +file = /usr/compat/linux/etc/ld.so.cache + +[IgnoreAll] +dir = -1/usr/home + +# +# --------- /var ----------- +# + +[Attributes] + +dir = 0/var + +[LogFiles] +## +## for these files, changes in signature, timestamps, and size are ignored +## + +file=/var/run/utmp + +[GrowingLogFiles] +## +## For these files, changes in signature, timestamps, and increase in size +## are ignored. Logfile rotation will cause a report because of shrinking +## size and different inode. +## +dir = 99/var/log + +[Attributes] +# +# rotated logs will change inode +# +file = /var/log/*.[0-9].bz2 +file = /var/log/*.[0-9].log +file = /var/log/*.[0-9] +file = /var/log/*.[0-9][0-9] +file = /var/log/*.old + +file = /var/log/sendmail.st + + +[Misc] +# +# Various naming schemes for rotated logs +# +IgnoreAdded = /var/log/.*\.[0-9]+$ +IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ +IgnoreAdded = /var/log/.*\.[0-9]+\.bz2$ +IgnoreAdded = /var/log/.*\.[0-9]+\.log$ + + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + + + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. +## + +# +# Severity for verification failures. +# +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit + +## We have a file in IgnoreAll that might or might not be present. +## Setting the severity to 'info' prevents messages about deleted/new file. +## +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +## Files : file access problems +# SeverityFiles=crit + +## Dirs : directory access problems +# SeverityDirs=crit + +## Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +# [Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +# KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +# KernelCheckInterval = 300 + +## Severity +# +# SeverityKernel = crit + + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or srv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +# whether to test signature of files (init/check/none) +# - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +# Set nice level (-19 to 19, see 'man nice'), +# and I/O limit (kilobytes per second; 0 == off) +# to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified fles +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +# everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: branches/samhain-2_2-branch/samhainrc.linux =================================================================== --- branches/samhain-2_2-branch/samhainrc.linux (revision 66) +++ branches/samhain-2_2-branch/samhainrc.linux (revision 66) @@ -0,0 +1,770 @@ +##################################################################### +# +# Configuration file template for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# +# SETUP for file system checking: +# +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) + +# RedefUser0=(no default) +# RedefUser1=(no default) + +# +# --------- / -------------- +# + +[ReadOnly] +dir = 0/ + +[Attributes] +file = /tmp +file = /dev +file = /media +file = /proc +file = /sys + +# +# --------- /etc ----------- +# + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir = 99/etc + +[Attributes] +## +## check permission and ownership +## +file = /etc/mtab +file = /etc/adjtime +file = /etc/motd +file = /etc/lvm/.cache + +# On Ubuntu, these are in /var/lib rather than /etc +file = /etc/cups/certs +file = /etc/cups/certs/0 + +# managed by fstab-sync on Fedora Core +file = /etc/fstab + +# modified when booting +file = /etc/sysconfig/hwconf + +# There are files in /etc that might change, thus changing the directory +# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. + +file = /etc + +# +# --------- /boot ----------- +# + +[ReadOnly] +dir = 99/boot + +# +# --------- /bin, /sbin ----------- +# + +[ReadOnly] +dir = 99/bin +dir = 99/sbin + +# +# --------- /lib ----------- +# + +[ReadOnly] +dir = 99/lib + +# +# --------- /dev ----------- +# + +[Attributes] +dir = 99/dev + +[IgnoreAll] +## +## pseudo terminals are created/removed as needed +## +dir = -1/dev/pts + +# dir = -1/dev/.udevdb + +file = /dev/ppp + +# +# --------- /usr ----------- +# + +[ReadOnly] +dir = 99/usr + +# +# --------- /var ----------- +# + +[ReadOnly] +dir = 99/var + +[IgnoreAll] +dir = -1/var/cache +dir = -1/var/backups +dir = -1/var/games +dir = -1/var/gdm +dir = -1/var/lock +dir = -1/var/mail +dir = -1/var/run +dir = -1/var/spool +dir = -1/var/tmp +dir = -1/var/lib/texmf +dir = -1/var/lib/scrollkeeper + + +[Attributes] + +dir = /var/lib/nfs +dir = /var/lib/pcmcia + +# /var/lib/rpm changes if packets are installed; +# /var/lib/rpm/__db.00[123] even more frequently +file = /var/lib/rpm/__db.00? + +file = /var/lib/acpi-support/vbestate +file = /var/lib/alsa/asound.state +file = /var/lib/apt/lists/lock +file = /var/lib/apt/lists/partial +file = /var/lib/cups/certs +file = /var/lib/cups/certs/0 +file = /var/lib/dpkg/lock +file = /var/lib/gdm +file = /var/lib/gdm/.cookie +file = /var/lib/gdm/.gdmfifo +file = /var/lib/gdm/:0.Xauth +file = /var/lib/gdm/:0.Xservers +file = /var/lib/logrotate/status +file = /var/lib/mysql +file = /var/lib/mysql/ib_logfile0 +file = /var/lib/mysql/ibdata1 +file = /var/lib/slocate +file = /var/lib/slocate/slocate.db +file = /var/lib/slocate/slocate.db.tmp +file = /var/lib/urandom +file = /var/lib/urandom/random-seed +file = /var/lib/random-seed +file = /var/lib/xkb + + +[GrowingLogFiles] +## +## For these files, changes in signature, timestamps, and increase in size +## are ignored. Logfile rotation will cause a report because of shrinking +## size and different inode. +## +dir = 99/var/log + +[Attributes] +# +# rotated logs will change inode +# +file = /var/log/*.[0-9].gz +file = /var/log/*.[0-9].log +file = /var/log/*.[0-9] +file = /var/log/*.old +file = /var/log/*/*.[0-9].gz +file = /var/log/*/*.[0-9][0-9].gz +file = /var/log/*/*.log.[0-9] + +[Misc] +# +# Various naming schemes for rotated logs +# +IgnoreAdded = /var/log/.*\.[0-9]+$ +IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ +IgnoreAdded = /var/log/.*\.[0-9]+\.log$ +# +# Subdirectories +# +IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+$ +IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+\.gz$ +IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+\.log$ +# +IgnoreAdded = /var/lib/slocate/slocate.db.tmp +IgnoreMissing = /var/lib/slocate/slocate.db.tmp + +# +# --------- other policies ----------- +# + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + +[Prelink] +## +## Use for prelinked files or directories holding them +## + + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + + + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. +## +## Severity for verification failures. +## +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit +# SeverityIgnoreAll=crit + + +## Files : file access problems +# SeverityFiles=crit + +## Dirs : directory access problems +# SeverityDirs=crit + +## Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete or truncate the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +#[Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +# KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +# KernelCheckInterval = 300 + +## Severity +# +# SeverityKernel = crit + + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +## whether to test signature of files (init/check/none) +## - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +## Set nice level (-19 to 19, see 'man nice'), +## and I/O limit (kilobytes per second; 0 == off) +## to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified fles +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + +## Path to the prelink executable +# +# SetPrelinkPath = /usr/sbin/prelink + +## TIGER192 checksum of the prelink executable +# +# SetPrelinkChecksum = (no default) + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + + +## everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: branches/samhain-2_2-branch/samhainrc.netbsd =================================================================== --- branches/samhain-2_2-branch/samhainrc.netbsd (revision 66) +++ branches/samhain-2_2-branch/samhainrc.netbsd (revision 66) @@ -0,0 +1,859 @@ +# +# From pkgsrc-wip, Author: Brian Seklecki +# + +[Misc] +RedefUser0=+INO, +SIZ, +RDEV, +CHK, -MOD, -MTM, -ATM, -CTM, -GRP, -USR + +# The new Samhain behavior is to check the checksum up the last-known size of +# the file, but *yes*, the inode will change when it becomes rotated and the size +# will get reset to a lesser value (in which case the check should know to passively +# fail) +RedefGrowingLogFiles=-INO, -SIZ, +CHK, -MTM, -ATM, -CTM + +# +# --------- / -------------- +# + +[ReadOnly] +dir = 99/ + +# This covers the contents of / including: /boot, /bin, /sbin, /lib, /libexec, +# /rescue, /root, /altroot, /usr, /var, /stand, /mnt, /tmp, /proc, /kern (Even +# though /usr and /var will recieve overrides) + +[Attributes] +file = /proc +file = /kern + +[IgnoreAll] +dir=-1/proc +dir=-1/kern + +# +# --------- /tmp ----------- +# +[Attributes] +file=/tmp +[IgnoreAll] +dir=-1/tmp + + + +# +# --------- /root -------------- +# + +# Per section 5.4.2.1 of the manual, Rule #5, there are lock file written here +# that changes the mtime/ctime of the dir, so we want to watch perms/ownership, +# ignore ctime/mtime/size, etc., but still watch the critical files inside. +# Note: in theory, /root should never change if you use sudo(8) w/o "-H" +[ReadOnly] +dir=/root/.gnupg +[Attributes] +file=/root/.gnupg +file=/root/.gnupg/random_seed + +# +# --------- /dev ----------- +# + +[Attributes] +dir = 99/dev + +# User0 will be for /dev/tty* and other devices where Owner/Group/Mode can +# change but the Inode/Size/Device/Checksum should not change. + +[User0] +file=/dev/tty* +file=/dev/pty* + +# +# --------- /etc ----------- +# + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir = 99/etc + + +# If you're running dhclient(8), resolv.conf will get re-written at renewal +# time so pray that he dhcpd(8) on your network doesn't get owned. +# Crytpo-signed DHCP traffic would be too much to ask from ISC, but maybe +# not from the OpenBSD hack + +[Attributes] +file=/etc/dhclient.conf + +# If you run CUPS, /etc/printcap gets re-written if you have +# "Browsing On" and "Printcap /etc/printcap" in cupsd.conf(5) +[Attributes] +file=/etc/printcap + + +# +# --------- /usr ----------- +# + +# note about the following two: this reduced the size +# of the database greatly + +# +# --------- /usr/pkgsrc ----------- +# + +# Leave this uncommented if you CVS update your pkgsrc +# periodically/automatically. If you do not, comment it +# out and you should be informed about any unauthorized +# modifications to pkgsrc (which is an attack vector) + +[IgnoreAll] +dir=-1/usr/pkgsrc + +# +# --------- /usr/src ----------- +# + +# Leave this uncommented if you CVS update your src +# periodically/automatically. If you do not, comment it +# out and you should be informed about any unauthorized +# modifications to src (which is an attack vector) + + +[IgnoreAll] +dir=-1/usr/src + + +# +# --------- /usr/home (/home) ----------- +# + + +# /home may be a symlink to /usr/home on a stock system, but most admins cane +# that shit. [Attributes] could be replaced here by [ReadOnly] if we wanted to +# know about new users being added (on systems where there are no new users) + +[Attributes] +file = /home +[IgnoreAll] +dir = -1/home + +# +# --------- /usr/compat/linux/etc ----------- +# + +# You're basically compromising your system by enabling Linux emulation anyway + +[Attributes] +file = /usr/compat/linux/etc +file = /usr/compat/linux/etc/ld.so.cache + +# +# --------- /usr/compat/linux/proc ----------- +# + +# Uncomment if you have Linux Emulation/Compat Installed/Setup/Mounted +[Attributes] +file=/emul/linux/proc +[IgnoreAll] +dir=-1/emul/linux/proc + + +# +# --------- /var/run ----------- +# + +# New PID files may come, and PID files may go (as services on a system change), +# but then probably a database rebuild will occur. But at the time of the +# database init, we should consider everything in here subject to change +# (checksum, times, size) during a daemon restart, but everything else stays +# the same. + +# If you have periodic scripts that HUP daemons, the PID should be unachanged. +# However, force-restarts will be a new PID, so consider this + +[Attributes] +dir=99/var/run + +[Misc] +# Ignore sudo(8) TTY/PTY "Tickets" if you use sudo +IgnoreMissing = /var/run/sudo/[[:alnum:]]{1,9}/(p|t)ty.*$ +IgnoreAdded = /var/run/sudo/[[:alnum:]]{1,9}/(p|t)ty.*$ + +# +# --------- /var/(spool|queue|etc.) ----------- +# + +[Attributes] +file=/var/cron/tabs +file=/var/spool/mqueue +file=/var/spool/clientmqueue +file=/var/mail +file=/var/tmp + +# +# --------- /var/at ----------- +# + +# As deep as /var/at/ will be watched by 99/ + +[Attributes] +file=/var/at/spool +file=/var/at/jobs + +# +# --------- /var/db ----------- +# + +# Some files are written directly into /var/db +[Attributes] +file=/var/db + +[Attributes] +# Updatedb per /etc/periodic.d/weekly/310.locate (FreeBSD) or /etc/weekly (NetBSD) +file=/var/db/locate.database + +[Misc] +# this file comes and goes with portaudit(1)/portversion(1)/pkg_version(1) +# Other is ISC DHCLIENT related +IgnoreAdded=/var/db/(pkgdb.fixme|dhclient.leases.*) +IgnoreMissing=/var/db/(pkgdb.fixme|dhclient.leases.*) + + +# +# --------- /var/db/mysql ----------- +# + +# The same for MySQL, except it's probably owned by the time you get done +# installing it. + +[Attributes] +file=/var/db/mysql +[IgnoreAll] +dir=-1/var/db/mysql + +#################################################################### +# The next three entries depend on your security paranoia policy about +# SRC and PORTSs trees, etc. Remember, Ports is the only default attack +# vector against FreeBSD machines. +#################################################################### + + +# +# --------- /var/db/pkg ----------- +# + +# This database directory gets updated if a cvsup(8)/cvs(8)/sup(8) update +# occurs to a Pkgsrc source tree and then "pkgdb(8) -fu" is run. + +[Attributes] +file=/var/db/pkg +[IgnoreAll] +dir=-1/var/db/pkg + + +# +# --------- /var/db/entropy ----------- +# +[Attributes] +file=/var/db/entropy +[IgnoreAll] +dir=-1/var/db/entropy + +# +# --------- /var/msgs ----------- +# + +[Attributes] +dir=-1/var/msgs + +# +# --------- /var/backups ----------- +# + +# /etc/daily /etc/security write old revisions of system +# critical files into here daily +[Attributes] +dir=-1/var/backups + +# +# --------- /var/log ----------- +# + +# Keep this section in sync with: +# * /etc/newsyslog.conf +# * /etc/syslogd.conf OR: +# * /usr/pkg/etc/syslog-ng/syslog-ng.conf + +# For these files, changes in signature, timestamps, and increase in size +# are ignored, however: +# Per discussion on the forum, this behavior change is needed due to the behavior +# of newsyslog(8) rotation method File sizes will get smaller, inodes will change +# as they rotate. + +# NOTES ON LOG ROTATION BEHAVIOR: +# See comments about modifications to [GrowingLogFiles] to ignore INODE changes +# As newsyslog(8)/newsyslog.conf(5) has the default behavior of: +# - First move logfile.log to logfile.log.0 +# - then bzip2 -v9 logfile.log.0 +# - then touch(1) logfile.log +# - then HUP if applicable & reopen the new file (new inode) +# - Therefore, Ignore Singature, Size (if grow), and Inode changes +# But also, there's [IgnoreMissing] regexp to account for log file pruing from +# the filesystem, and [IgnoreAdded] for the first Nth rotations of the logfile +# per newsyslog.conf(5) + + +# NetBSD defaults +[Misc] +IgnoreAdded = /var/log/(cron|xferlog|messages|maillog|secure|pflog|sendmail\.st|kerberos\.log|authlog|aculog|wtmp|wtmpx)\.[0-9](\.bz2|\.gz)?$ +IgnoreMissing= /var/log/(cron|xferlog|messages|maillog|secure|pflog|sendmail\.st|kerberos\.log|authlog|aculog|wtmp|wtmpx)\.[0-9](\.bz2|\.gz)?$ + +# Local services you may need to account for +IgnoreAdded = /var/log/(snmpd\.log|postgresq\.log|samhain\.log|httpd-error\.log|httpd-access\.log|httpd-ssl_request\.log)\.[0-9](\.bz2|\.gz)?$ +IgnoreMissing = /var/log/(snmpd\.log|postgresq\.log|samhain\.log|httpd-error\.log|httpd-access\.log|httpd-ssl_request\.log)\.[0-9](\.bz2|\.gz)?$ + +[Attributes] +dir=99/var/log + +# NetBSD Stock Defaults +[GrowingLogFiles] +File = /var/log/aculog +File = /var/log/authlog +File = /var/log/cron +File = /var/log/kerberos.log +File = /var/log/lpd-errs +File = /var/log/maillog +File = /var/log/messages +File = /var/log/secure +File = /var/log/wtmp +File = /var/log/wtmpx +File = /var/log/xferlog +File = /var/log/pflog + +[Attributes] +# A binary-type logfile (Screw sendmail!) +File = /var/log/sendmail.st + +# NetBSD gzip(1)'s by default but newsyslog.conf(5) has bzip2 support +[Attributes] +File = /var/log/*.[0-9].gz +#File = /var/log/*.[0-9].bz2 + +# +# --------- makewhatis(8) ----------- +# + +# Account for updated whatis(8) database given manpath.conf(5)/man.conf(5) +#and manpath(1) + +[Attributes] +file=/usr/pkg/man/whatis.db +file=/usr/pkg/man +file=/usr/share/man/whatis.db +file=/usr/share/man + +############################################## +######## END FILE SECTION #################### +############################################## + +[EventSeverity] + +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=crit +SeverityIgnoreNone=crit +SeverityAttributes=crit +SeverityUser0=crit +SeverityUser1=crit + +## We have a file in IgnoreAll that might or might not be present. +## Setting the severity to 'info' prevents messages about deleted/new file. +## +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +## Files : file access problems +SeverityFiles=info + +## Dirs : directory access problems +SeverityDirs=info + +## Names : suspect (non-printable) characters in a pathname +SeverityNames=crit + +[Log] +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +MailSeverity=warn + +## Console +## +PrintSeverity=notice + +## Logfile +## +LogSeverity=info + +## Syslog +## +# Syslog logging is redundant at this time +# +#SyslogSeverity=notice + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + +##################################################### +# +# Optional modules +# +##################################################### + +#[SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +#SuidCheckActive = yes + +## Interval for check (seconds) +# +#SuidCheckInterval = 5400 + +## Alternative: crontab-like schedule +# +#SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +#[Mounts] +#MountCheckActive=1 +#MountCheckInterval=7200 +#SeverityMountMissing=crit +#SeverityOptionMissing=crit +# +#checkmount=/ +#checkmount=/dev +#checkmount=/usr +#checkmount=/var +#checkmount=/var/log +#checkmount=/opt +#checkmount=/export +#checkmount=/tmp + +#[Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +#KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +#KernelCheckInterval = 300 + +## Severity +# +#SeverityKernel = crit + + + #[Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +#LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +#SeverityLogin=info +#SeverityLoginMulti=crit +#SeverityLogout=info + +## Interval for login/logout checks +# +#LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or srv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGERpkg checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +# whether to test signature of files (init/check/none) +# - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +# Set nice level (-19 to 19, see 'man nice'), +# and I/O limit (kilobytes per second; 0 == off) +# to reduce load on host. +# +SetNiceLevel = 19 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 7200 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 43200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified fles +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +ReportOnlyOnce = True + +## Report in full detail +# +ReportFullDetail = True + +## Report file timestamps in local time rather than GMT +# +UseLocalTime = Yes + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +SetReverseLookup = True + + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +#SetMailAddress=infosec@noc.myorg.tld + +## Mail relay (IP address) +# +SetMailRelay = 127.0.0.1 + +## Custom subject format +# +MailSubject = Synchrotone Samhain: %S +SetMailSender = samhain@synchrotone.pgh.pub.collaborativefusion.com + +## --- end E-Mail --- + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +SamhainPath = /usr/pkg/sbin/samhain + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +SetDatabasePath = /usr/pkg/var/samhain/samhain.db + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm (default: TIGER192; others: MD5, SHA1) +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +# everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: branches/samhain-2_2-branch/samhainrc.solaris =================================================================== --- branches/samhain-2_2-branch/samhainrc.solaris (revision 66) +++ branches/samhain-2_2-branch/samhainrc.solaris (revision 66) @@ -0,0 +1,684 @@ +##################################################################### +# +# SOLARIS Configuration file for samhain. +# +# Based on a contribution by Sean Boran (sean [at] boran d.o.t com) +# +# HISTORY: +# 16.Aug.03 rw add plenty of comments +# 24.Jun.02 rw remove linux stuff, clean up a bit +# 06.Jun.02 sb <3>, add LOTS more Solaris stuff. Also and comment at bottom +# of this file. +# 03.Jun.02 sb Separate Linux & Solaris +# 24.Apr.02 sb Use Samhain v.15 template and tune for Solaris. +# +# To do: logs /var/adm/messages and /var/cron/log are +# pruned weekly. +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# SETUP for file system checking: +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) +# RedefUser0=(no default) +# RedefUser1=(no default) + + +[Attributes] +## +## for these files, only changes in permissions and ownership are checked +## + +file=/etc/ssh/ssh_random_seed +file=/etc/resolv.conf +# There are files in /etc that might change, thus changing the directory +# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. +file=/etc + +file=/etc/skip/randseed +file=/etc/cron.d/FIFO +file=/etc/devlink.tab +file=/etc/.syslog_door +file=/etc/syslog.pid +file=/etc/.name_service_door +file=/etc/mnttab +file=/etc/cron.d +file=/etc/mail +file=/etc/inet +dir=/secure/tmp +dir=/etc/sysevent +dir=/usr/local/imap/spool/user +dir=/usr/local/imap/proc +dir=/usr/local/imap/quota +dir=/usr/local/qmail/queue +dir=/usr/local/qmail/alias/Mailbox +dir=/usr/tmp +dir=/usr/aset/tmp +dir=/usr/oasys/tmp +dir=/var/spool/lp/tmp +dir=/var/tmp +dir=/var/dt/tmp +dir=/tmp +dir=/etc/osa + +[LogFiles] +## +## for these files, changes in signature, timestamps, and size are ignored +## +#file=/var/run/utmp +file=/etc/motd +file=/var/cron/log +file=/var/adm/wtmpx +file=/var/adm/wtmp +file=/var/adm/utmpx +file=/var/adm/lastlog + +[GrowingLogFiles] +## +## for these files, changes in signature, timestamps, and increase in size +## are ignored +## + +file=/var/adm/messages + + + +[IgnoreAll] +## +## for these files, no modifications are reported +## + +file=/etc/utmppipe +file=/usr/dt/bin/ttsnoop +file=/dev/mem +dir=/etc/saf +# dir=/secure/tmp +dir=/usr/share/man +dir=/usr/share/lib/terminfo +dir=/usr/demo +dir=/usr/lib/adb +dir=/usr/local/man +dir=/usr/local/doc +dir=/usr/dt/share/man +dir=/usr/openwin/lib/locale +dir=/usr/openwin/share/man +dir=/usr/openwin/share/src +dir=/usr/openwin/lib/X11/fonts +dir=/var/snort +dir=/var/log/snort +dir=/etc/snort/rules +dir=/opt/oracle/doc +dir=/usr/dt/share/examples +dir=/opt/SUNWebnfs/javadoc +dir=/usr/local/mysql/var +dir=/jumpstart/Flash +dir=/jumpstart/OS +dir=/jumpstart/Patches +dir=/etc/opt/SUNWicg/SunScreen/.active +dir=/etc/opt/SUNWicg/SunScreen/.old + + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir=/usr/bin +dir=/usr/sbin +dir=/usr/lib + +# SuSE (old) has the boot init scripts in /sbin/init.d/*, +# so we go 3 levels deep +dir=3/sbin + +# RedHat and Debian have the bootinit scripts in /etc/init.d/* or /etc/rc.d/*, +# so we go 3 levels deep there too +dir=3/etc + +# Various directories / files that may include / be SUID/SGID binaries +# +dir=/usr/openwin/bin +dir=/usr/dt/bin +#dir=/opt/install +dir=/opt/OBSDssh + + +dir=/root + +# Critical devices + +file=/dev/dsk +file=/dev/rdsk +file=/dev/null +file=/dev/zero + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. + +# Severity for verification failures. +# +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit + +# We have a file in IgnoreAll that might or might not be present. +# Setting the severity to 'info' prevents messages about deleted/new file. +# +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +# Files : file access problems +# SeverityFiles=crit + +# Dirs : directory access problems +# SeverityDirs=crit + +# Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +## whether to test signature of files (init/check/none) +## - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +## Set nice level (-19 to 19, see 'man nice'), +## and I/O limit (kilobytes per second; 0 == off) +## to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified fles +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +# everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: branches/samhain-2_2-branch/scripts/README =================================================================== --- branches/samhain-2_2-branch/scripts/README (revision 66) +++ branches/samhain-2_2-branch/scripts/README (revision 66) @@ -0,0 +1,104 @@ + + +This directory contains miscellaneous useful scripts, some of them contributed +by various users. Additions and/or improvements are welcome. + +chroot.sh: prepare chroot environment for the log server +--------- + + Usage: chroot.sh + + Tested on Debian Linux. Your mileage may vary. + After running the script, review /etc/passwd + to replace passwords with a *, and to fix the + path to the home directory of the yule user. + If using a signed configuration file, you need + a working copy of GnuPG inside the chroot jail. + + This script will probably fail on systems other than Linux, + mainly because of the mknod commands to create devices + in the chroot jail. + + NO WARRANTY !!! + +samhainadmin.pl +--------------- + + Perform various tasks useful if you are using signed configuration + and database files. + + Run 'samhainadmin.pl -h' for usage instaructions. + +samhainrc_update.sh +------------------- + + If you are using the --with-kcheck option on Linux, after a kernel + update you need to change some option (addresses of kernel functions) + in the samhainrc configuration file. The correct new addresses must + be looked up in the System.map file + + This script will do this automatically. Run 'samhainrc_update.sh -h' + for usage instructions. You may need to change the location of the + samhainrc file by editing the line 'cfgfile="/etc/samhainrc"' + at the beginning of the script. + +check_samhain.pl +---------------- + + Nagios plugin for samhain. Will execute samhain and report results + in the way expected by nagios. Drop this into your nagios/libexec/ + directory. + +samhain.logrotator: logrotate script +------------------ + + This is a logrotate script (contributed by Simon Bailey) + +concat.pl +--------- + + Concatenate samhain file signature databases and write the resulting + database file to stdout. Does not work on signed or otherwise modified + file signature databases. + +samhain.{cgi|dtd|xsl}: display XML logfile in XML capable browser +--------------------- (works with Mozilla 1.2, possibly Mozilla 1.0, IE 6) + + Usage: 1. review samhain.cgi (see remarks in file) + 2. drop samhain.cgi, samhain.dtd, samhain.xsl in some + directory on your webserver + 3. use .htaccess to protect access to that directory + 4. point your browser at samhain.cgi + + You may need to rename samhain.cgi to samhain.php if you use + mod_php. Also, you will certainly need to edit the path to the + logfile in samhain.cgi. + + CAVEAT: There is no built-in access restriction (use .htaccess to + password-protect the directory). + + The XSL stylesheet is based on a contribution by Olivier Salaun. + + +samhain.spec: RPM spec file for building a vanilla single-host RPM +------------ + + Contributed by Andre Oliveira da Costa + + This is a spec file to produce a vanilla single-host samhain RPM + (no fancy options, standard directory layout :). + + Accepted parameters for 'rpmbuild': + + --with gpg - enables gpg support + --with tests - make tests before building + +redhat_i386.client.spec: RPM spec file for building a RedHat client RPM +------------ + + Contributed by Philipp Stadler + + Does not install documentation or local config file. + + + Index: branches/samhain-2_2-branch/scripts/check_samhain.pl.in =================================================================== --- branches/samhain-2_2-branch/scripts/check_samhain.pl.in (revision 66) +++ branches/samhain-2_2-branch/scripts/check_samhain.pl.in (revision 66) @@ -0,0 +1,215 @@ +#!/usr/bin/perl -w + +# check_samhain.pl - check to see how many policy violations are reported +# by the samhain file integrity checker. +# +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +############################################################################ + +# -------------------------------------------------------------------[ Uses ]-- + +use strict; +use Getopt::Long; +use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval); +use lib utils.pm; +use utils qw(%ERRORS &print_revision); + +#my $TIMEOUT = 15; +#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +#sub print_revision ($$); + +# ----------------------------------------------------[ Function Prototypes ]-- + +sub print_help (); +sub print_usage (); +sub process_arguments (); + +# ------------------------------------------------------------[ Environment ]-- + +$ENV{'PATH'}=''; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + +# -----------------------------------------------------------------[ Global ]-- + +$PROGNAME = "check_samhain"; +$SAMHAIN = "@sbindir@/@install_name@"; + +# ----------------------------------------------------------------[ options ]-- + +Getopt::Long::Configure('bundling'); +$status = process_arguments(); +if ($status){ + print "ERROR: processing arguments\n"; + exit $ERRORS{"UNKNOWN"}; +} + +# ----------------------------------------------------------------[ timeout ]-- + +$SIG{'ALRM'} = sub { + print ("ERROR: timed out waiting for $SAMHAIN\n"); + exit $ERRORS{"WARNING"}; +}; +alarm($opt_t); + +# ----------------------------------------------------------[ start samhain ]-- + +if ( defined $SAMHAIN && -x $SAMHAIN ) { + if (! open (SHPIPE, "$SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) { + print "ERROR: could not popen $SAMHAIN \n"; + exit $ERRORS{'UNKNOWN'}; + } +}else{ + print "ERROR: Could not find samhain executable!\n"; + exit $ERRORS{'UNKNOWN'}; +} + +# ---------------------------------------------------------[ read from pipe ]-- + +$status = 0; + +while () { + if (/POLICY/) { + ++$status; + print $_ if $verbose; + } +} + +if ($status < $opt_w) { + $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)"; + $state = $ERRORS{'OK'}; +} elsif ($status >= $opt_w && $status < $opt_c) { + $msg = "WARNING: $status policy violations (threshold w=$opt_w)"; + $state = $ERRORS{'WARNING'}; +} else { + $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)"; + $state = $ERRORS{'CRITICAL'}; +} + +# -------------------------------------------------------------[ close pipe ]-- + +close (SHPIPE); + +# declare an error if we also get a non-zero return code from samhain + +if ( $? ) { + $retval = $? / 256; + if ( $! ) { + print "Error closing $SAMHAIN: $!\n" if $verbose; + } else { + print "$SAMHAIN returned exit status $retval\n" if $verbose; + } + if ($state == $ERRORS{"CRITICAL"}) { + $state = $ERRORS{"CRITICAL"}; + } else { + print "ERROR: $SAMHAIN exit status $retval\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +# -------------------------------------------------------------------[ exit ]-- + +print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n"; +exit $state; + + +# ------------------------------------------------------------[ Subroutines ]-- + +sub process_arguments(){ + GetOptions + ("V" => \$opt_V, "version" => \$opt_V, + "h" => \$opt_h, "help" => \$opt_h, + "v" => \$opt_v, "verbose" => \$opt_v, + "w=i" => \$opt_w, "warning=i" => \$opt_w, + "c=i" => \$opt_c, "critical=i" => \$opt_c, + "t=i" => \$opt_t, "timeout=i" => \$opt_t + ); + + if ($opt_V) { + print_revision($PROGNAME,'$Revision: 1.0 $ '); + exit $ERRORS{'OK'}; + } + + if ($opt_h) { + print_help(); + exit $ERRORS{'OK'}; + } + + if (defined $opt_v ){ + $verbose = $opt_v; + } + + unless (defined $opt_t) { + $opt_t = $utils::TIMEOUT ; # default timeout + # $opt_t = $TIMEOUT ; + } + + unless (defined $opt_w) { + $opt_w = 1; + } + + unless (defined $opt_c) { + $opt_c = 1; + } + + if ( $opt_w > $opt_c) { + print "Warning cannot be greater than Critical!\n"; + exit $ERRORS{'UNKNOWN'}; + } + + return $ERRORS{'OK'}; +} + +sub print_usage () { + print "Usage: $PROGNAME [-w ] [-c ] [-t ]\n"; +} + +sub print_help () { + print_revision($PROGNAME, '$Revision: 1.0 $'); + print "Copyright (c) 2004 Rainer Wichmann + +This plugin checks the number of policy violations reported by the +samhain file intgrity checker + +"; + print_usage(); + print " +-w, --warning=INTEGER + Minimum number of policy violations for which a WARNING status will result +-c, --critical=INTEGER + Minimum number of policy violations for which a CRITICAL status will result +-t, --timeout=SECONDS + The number of seconds after which a the plugin will timeout +-v, --verbose + Verbose output +-h, --help + Show this help message +-V, --version + Show the version of the plugin + +"; +} + +#sub print_revision ($$) { +# my $commandName = shift; +# my $pluginRevision = shift; +# $pluginRevision =~ s/^\$Revision: //; +# $pluginRevision =~ s/ \$\s*$//; +# print "$commandName (@PACKAGE@ @VERSION@) $pluginRevision\n"; +#} Index: branches/samhain-2_2-branch/scripts/chroot.sh =================================================================== --- branches/samhain-2_2-branch/scripts/chroot.sh (revision 66) +++ branches/samhain-2_2-branch/scripts/chroot.sh (revision 66) @@ -0,0 +1,131 @@ +#! /bin/sh + +# NOTE: tested on Debian Linux +# +# NO WARRANTY - may or may not work on your system +# + +# Copyright Rainer Wichmann (2003) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + + +CHROOT=$1 + +SYSTEM=`uname -s` + +if test "x$SYSTEM" = xLinux; then + : +else + echo "This script will fail on systems other than Linux," + echo "mainly because of the mknod commands to create devices" + echo "in the chroot jail." + exit 1 +fi + +if test "x$CHROOT" = x; then + echo "Usage: chroot.sh chroot_dir" + echo "Purpose: prepare a chroot jail for yule" + echo + echo "NOTE: tested on Debian Linux" + echo "NO WARRANTY - may or may not work on your system" + exit 1 +fi + +# +# Link configuration file +# +echo " Link configuration file:" +echo " ln -s ${CHROOT}/etc/yulerc /etc/yulerc" + +ln -s -f ${CHROOT}/etc/yulerc /etc/yulerc +echo + + +# +# Create passwd file +# +echo " Create passwd file" +echo " grep root /etc/passwd > ${CHROOT}/etc/passwd" +echo " grep daemon /etc/passwd >> ${CHROOT}/etc/passwd" +echo " grep yule /etc/passwd >> ${CHROOT}/etc/passwd" + +grep root /etc/passwd > ${CHROOT}/etc/passwd +grep daemon /etc/passwd >> ${CHROOT}/etc/passwd +grep yule /etc/passwd >> ${CHROOT}/etc/passwd +echo + + +# +# Create group file +# +echo " Create group file" +echo " grep root /etc/group > ${CHROOT}/etc/group" +echo " grep daemon /etc/group >> ${CHROOT}/etc/group" +echo " grep yule /etc/group >> ${CHROOT}/etc/group" + +grep root /etc/group > ${CHROOT}/etc/group +grep daemon /etc/group >> ${CHROOT}/etc/group +grep yule /etc/group >> ${CHROOT}/etc/group +echo + +# +# Create devices +# +echo " Create devices" +echo " mkdir ${CHROOT}/dev" +echo " mknod -m 444 ${CHROOT}/dev/urandom c 1 9" +echo " mknod -m 666 ${CHROOT}/dev/random c 1 8" +echo " mknod -m 666 ${CHROOT}/dev/null c 1 3" +echo " mknod -m 666 ${CHROOT}/dev/null c 1 5" + +mkdir ${CHROOT}/dev +mknod -m 444 ${CHROOT}/dev/urandom c 1 9 +mknod -m 666 ${CHROOT}/dev/random c 1 8 +mknod -m 666 ${CHROOT}/dev/null c 1 3 +mknod -m 666 ${CHROOT}/dev/zero c 1 5 +echo + +# +# DNS +# +echo " Copy files for DNS" +echo " cp -p /etc/nsswitch.conf ${CHROOT}/etc/" +echo " cp -p /etc/hosts ${CHROOT}/etc/" +echo " cp -p /etc/host.conf ${CHROOT}/etc/" +echo " cp -p /etc/resolv.conf ${CHROOT}/etc/" +echo " cp -p /etc/services ${CHROOT}/etc/" +echo " cp -p /etc/protocols ${CHROOT}/etc/" + +cp -p /etc/nsswitch.conf ${CHROOT}/etc/ +cp -p /etc/hosts ${CHROOT}/etc/ +cp -p /etc/host.conf ${CHROOT}/etc/ +cp -p /etc/resolv.conf ${CHROOT}/etc/ +cp -p /etc/services ${CHROOT}/etc/ +cp -p /etc/protocols ${CHROOT}/etc/ + +echo "----------------------------------------------------" +echo +echo " You may want to review ${CHROOT}/etc/passwd" +echo " to replace passwords with a *, and to fix the" +echo " path to the home directory of the yule user." +echo +echo " If using a signed configuration file, you need" +echo " a working copy of GnuPG inside the chroot jail." +echo +echo "----------------------------------------------------" + Index: branches/samhain-2_2-branch/scripts/concat.pl =================================================================== --- branches/samhain-2_2-branch/scripts/concat.pl (revision 66) +++ branches/samhain-2_2-branch/scripts/concat.pl (revision 66) @@ -0,0 +1,69 @@ +#! /usr/bin/perl + +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +use warnings; +use strict; + +my $fno = 0; +my $file = ''; +my @last2 = (); +my $line = ''; + +sub usage () { + print "Usage: concat.pl \n\n"; + print " Will concatenate samhain file signature database files\n"; + print " and print to stdout.\n"; + print " Does not work on signed or otherwise modified\n"; + print " file signature databases.\n"; +} + +if ($#ARGV < 0) { # must be at least one file + usage(); + exit 1; +} elsif ($ARGV[0] =~ /^-h$/ || $ARGV[0] =~ /^--?help$/) { + usage(); + exit 0; +} + + +for $file (@ARGV) { + open FH, "< $file" or die "Cannot open $file: $!"; + if ($fno != 0) { # search and read past the start-of-file marker + while () { + last if ($_ =~ /^\[SOF\]$/); + } + } + @last2 = (); + while () { + push @last2, $_; + if (@last2 > 2) { + $line = shift @last2; + print $line; + } + } + close FH; + ++$fno; +} + +# last two lines of last file +$line = shift @last2; +print $line; +$line = shift @last2; +print $line; Index: branches/samhain-2_2-branch/scripts/example_pager.pl =================================================================== --- branches/samhain-2_2-branch/scripts/example_pager.pl (revision 66) +++ branches/samhain-2_2-branch/scripts/example_pager.pl (revision 66) @@ -0,0 +1,245 @@ +#!/usr/bin/perl -w +# +# +# Simple program to connect to: +# http://www2.pagemart.com/cgi-bin/rbox/pglpage-cgi +# and send a page. +# +# Modified 10/21/99 Will O'Brien willo@savvis.net +# Originally Written by David Allen s2mdalle@titan.vcu.edu +# http://opop.nols.com/ +# +# +# Modified by R. Wichmann (read message from stdin) +# +# +# - added config variables +# - read MESSAGE from STDIN +# +# This file is released under the terms of the GNU General Public License. +# Please see http://www.gnu.org for more details. +# +# This program still beta, but working better. +# +# Changelog: +# 10/21/99: Modified original code and get paging to function. +# 10/22/99: Fixed Error checking. Checks PIN length, outputs failure message. +# +# REQUIRES MODULES: strict and IO::Socket +# +# USAGE FROM COMMAND LINE: echo "message" | example_pager.pl PAGER_PIN +# Where PAGER_PIN is the PIN of the pager you want to send MESSAGE to. +# +# This program will send the page using +# www.pagemart.com/cgi-bin/rbox/pglpage-cgi +# and will store the response in LASTRESPONSE.html when the server replies. +# +# If you are looking at this program for examples of code to make it work, +# check out the page{} subroutine below - it is the meat of this program. +############################################################################## + +# use Socket; # INET +use strict; +use IO::Socket; # Socket work + +my $pagerid = shift; + +########################## -- BEGIN CONFIGURATION -- + +## set to 1 for verbose output +my $verbose = 1; + +## set to 1 if you want to save response +my $save_response = 1; + +## set to 1 to enable sending +my $really_send = 0; + +########################### -- END CONFIGURATION -- + +# previous +#my $MESSAGE = join(' ', @ARGV); + +my $MESSAGE=''; +undef $/; +$MESSAGE=; +$MESSAGE =~ s/\[EOF\]//g; + +die "Usage: echo \"message\" \| example_pager.pl PAGER_ID\n\n" + unless $pagerid; +die "Usage: echo \"message\" \| example_pager.pl PAGER_ID\n\n" + unless $MESSAGE; + +page($pagerid, $MESSAGE); + +if ($verbose) { print "Done.\n"; } +exit(0); + +############################################################################ + +sub page{ + my ($name, $text) = @_; + my $TRUNCATED = 0; + my $PAGE = ""; # The text sent to www.pagemart.com - appended later. + + $pagerid = $name; + + if ($verbose) { print STDERR "Processing pager ID...\n"; } + # Eliminate everything but numbers from the pager id + $pagerid =~ s/[^0-9]//g; + + # Check the pager id length and so on. + if( (((length($pagerid)) < 7)) || ((length($pagerid)) > 10) ) + { + if ($verbose) { + die "Bad pager ID number. A pager id number is 7 or 10 numbers.\n"; + } + else { + exit (1); + } + } + + if ($verbose) { + die "No message specified.\n" unless $text; + } + else { + exit (1) unless $text; + } + + + # This is the format of the message we're going to send via the TCP + # socket + # POST /cgi-bin/rbox/pglpage-cgi HTTP/1.0 + # User-Agent: Myprogram/1.00 + # Accept: */* + # Content-length: 35 + # Content-type: application/x-www-form-urlencoded + # + # pin2=6807659&message1=stuff+and+nonsense + + if ($verbose) { print STDERR "Processing text of message...\n"; } + # A bit of string pre-processing + chomp $text; + my $strdelim = "\r\n"; # At the end of each line. + + # Compress the text a bit - eliminate redundant characters - this + # helps a lot for pages that have multiple spaces and so on. + $text =~s/\n/ /g; # Linefeeds are spaces + $text =~s/\r//g; # No carriage returns + $text =~s/\s+/ /g; # Multiple whitespace -> one space. + + if(length($text)>=200) + { + $TRUNCATED = "True"; + $text = substr($text, 0, 199); # 200 Character maximum + } + + my $encodedmessage = urlencode($text); + + # The length of the request has to be TOTAL QUERY. If it's just + # the length of the string you're sending, it will truncate the + # hell out of the page. So the pager number is length($pagerid) + # of course the length of the message, and add the length of the + # parameter flags, (PIN= and ?MSSG=) and you're done. + + my $xxmsg = "pin2=$pagerid&"; + $xxmsg .= "PAGELAUNCHERID=1&"; + $xxmsg .= $encodedmessage; + + # my $pagelen=length($encodedmessage)+length("pin2=?message1=")+ + # length($pagerid)+; + + my $pagelen = length($xxmsg); + + # Build the text we send to the server + $PAGE = "POST /cgi-bin/rbox/pglpage-cgi HTTP/1.0$strdelim"; + $PAGE .= "User-Agent: Pagent/5.4$strdelim"; + $PAGE .= "Referer: http://www.weblinkwireless.com/productsnservices/sendingmessage/pssm-sendamessage.html$strdelim"; + $PAGE .= "Accept: */*$strdelim"; + $PAGE .= "Content-length: $pagelen$strdelim"; + $PAGE .= "Content-type: application/x-www-form-urlencoded$strdelim"; + $PAGE .= "$strdelim"; + # $PAGE .= "pin2=$pagerid&message1=".$encodedmessage; + $PAGE .= $xxmsg; + + if ($verbose) { + print STDERR "Sending message...\n\n"; + print STDERR "$PAGE\n\n"; + } + + + my $document=''; + + if ($really_send) + { + # Now we send our data. + # Note that this is just quick and dirty, so I'm using a perl module + # to do the network dirty work for me. + my $sock = IO::Socket::INET->new(PeerAddr => 'www2.pagemart.com', + PeerPort => 'http(80)', + Proto => 'tcp'); + + if ($verbose) { + die "Cannot create socket : $!" unless $sock; + } + else { + exit (1) unless $sock; + } + $sock->autoflush(); + $sock->print("$PAGE"); + + $document = join('', $sock->getlines()); + } + else + { + $document = " really_send was set to 0, page NOT sent"; + } + + if ($save_response) + { + if ($verbose) + { + print STDERR "Saving response to tmp.html...\n\n"; + } + my $status = 0; + open(TMP,">tmp.html") or $status=1; + print TMP "$document\n" unless $status; + close TMP unless $status; + } + + if($document =~ m/NOT/g) + { + if ($verbose) + { + print STDERR "Page not sent. There was an error. \n"; + print STDERR "See tmp.html for what the server sent back to me.\n"; + } + exit(0); + } # End if + else + { + if ($verbose) + { + $document =~ m/(\d{1,4}) character message out of/g; + print STDERR "Page sent successfully to $pagerid.\n"; + } + exit(0); + } # End else +} # End sub page + + +############################################################################ + +sub urlencode{ + my $text = shift; + my $input = $text; + + chomp $input; + + # Translate all non-letter non-number characters into their %HEX_VAL + # and return that string. + $input =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; + $input =~ s/%20/+/g; + + return $input; +} # End sub urlencode Index: branches/samhain-2_2-branch/scripts/example_sms.pl =================================================================== --- branches/samhain-2_2-branch/scripts/example_sms.pl (revision 66) +++ branches/samhain-2_2-branch/scripts/example_sms.pl (revision 66) @@ -0,0 +1,224 @@ +#!/usr/bin/perl -w + +use strict; +use IO::Socket; # Socket work + +############################################################################### +## +## example_sms.pl -- simple example script to send +## an SMS message via a web cgi +## Works with German pitcom powered free SMS sites +## - find one and look at the page source to set the +## pitcom variables (see below) +## - note that pitcom checks the referer, thus you should +## take care to set the proper value +## +## NOTE: while the 'big names' have implemented measures to prevent +## the use of automated scripts, and disallow such scripts +## explicitely in their TOS (Terms of Service), this is not +## neccesarily true for smaller websites. +## +## An example for the latter are German websites providing free +## SMS (to German nets only) powered by pitcom. +## With a suitable query, you may find such sites on (e.g.) Google. +## At the time of the writing of this script, the sites I found did not +## disallow the use of scripts, but check for yourself if you are +## using this. +## +## usage: example_sms.pl [NR] +## destination phone number +## message is read from STDIN +## +## (c) R. Wichmann Tue Jul 17 CEST 2001 +## Released under the Gnu Public License version 2.0 or later +## adapted from archpage ( (c) Rob Muhlestein ) +## and mpage.pl ( (c) David Allen ) +## + +########################## -- BEGIN CONFIGURATION -- + +## set to default phone number + my $NR = ''; + +## set to sender + #my $VON = ''; + my $VON = 'stupsel'; + +## set to URL of form page + my $REFERER = ''; + +## set to cgi script URL without 'http://domain'; + my $PAGE = ''; + +## set to domain where cgi script lives; + my $DOMAIN = ''; + +## set to 1 if you want to save response + my $save_response = 1; + +## set to 1 for verbose output + my $verbose = 1; + +## set to 1 to enable sending + my $really_send = 0; + + +## The PITCOM variables + +#my $ID = ''; # gateway-ID +#my $WERBUNG = ''; # advertisement +#my $QUITTUNG = ''; # return page +#my $USER = ''; # customer +#my $LIST = '0'; # message type + +########################## -- END CONFIGURATION -- + +$NR = $ARGV[0] if $ARGV[0]; + +my $message=''; +undef $/; +$message=; + +$message =~ s/\[EOF\]//g; + +## URL encode and remove line breaks +$message =~ s/\n/ /g; +$message =~ s/\r//g; +$message =~s/\s+/ /g; # Multiple whitespace -> one space + +$message =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$message =~ s/%20/+/g; + +$WERBUNG =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$WERBUNG =~ s/%20/+/g; +$QUITTUNG =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$QUITTUNG =~ s/%20/+/g; +$USER =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$USER =~ s/%20/+/g; + +## truncate +my $maxChars = 153 - length($WERBUNG) - length($VON); + +if(length($message) >= $maxChars) +{ + $message = substr($message, 0, $maxChars); +} + + +my $NR1 = substr($NR, 0, 4); +my $NR2 = substr($NR, 4, length($NR)-4); + +my $msglen = length($message); + +my $overhead = "ID=$ID&"; +$overhead .= "WERBUNG=$WERBUNG&"; +$overhead .= "QUITTUNG=$QUITTUNG&"; +$overhead .= "USER=$USER&"; +$overhead .= "LIST=$LIST&"; +$overhead .= "NR1=$NR1&"; +$overhead .= "NR2=$NR2&"; +$overhead .= "VON=$VON&"; +$overhead .= "MESSAGE=$message&"; +$overhead .= "CNT=$msglen"; + +my $smslen = length($overhead); + +my $llim = "\r\n"; # At the end of each line. + +my $SMS = "POST $PAGE HTTP/1.0$llim"; +$SMS .= "User-Agent: EvilGenius/1.0$llim"; +$SMS .= "Referer: $REFERER$llim"; +$SMS .= "Accept: */*$llim"; +$SMS .= "Content-length: $smslen$llim"; +$SMS .= "Content-type: application/x-www-form-urlencoded$llim"; +$SMS .= "$llim"; +$SMS .= "$overhead"; + +if ($verbose) +{ + print STDERR " Sending message...\n\n"; + print STDERR "$SMS\n\n"; +} + +my $document=''; + +if ($really_send) +{ + my $sock = IO::Socket::INET->new(PeerAddr => $DOMAIN, + PeerPort => 'http(80)', + Proto => 'tcp'); + + + if ($verbose) + { + die "Cannot create socket : $!" unless $sock; + } + else + { + exit (1) unless $sock; + } + + $sock->autoflush(); + $sock->print("$SMS"); + + $document = join('', $sock->getlines()); +} +else +{ + $document = " really_send was set to 0, SMS not sent"; +} + +if ($save_response) +{ + if ($verbose) + { + print STDERR "Saving response to tmp.html...\n\n"; + } + my $status = 0; + open(TMP,">tmp.html") or $status=1; + print TMP "$document\n" unless $status; + close TMP unless $status; +} + +if ($document =~ m/SMS wird versendet/g) +{ + if ($verbose) + { + print STDERR " SMS successfully sent to $NR.\n"; + } + exit (0); +} +else +{ + if ($verbose) + { + print STDERR " SMS not sent. There was an error.\n"; + print STDERR " Use save_response = 1 to save the response to\n"; + print STDERR " tmp.html in order to see what the server sent back.\n"; + } + exit (1); +} + + + + + + + + + + + + + + + + + + + + + + + + Index: branches/samhain-2_2-branch/scripts/foot.html =================================================================== --- branches/samhain-2_2-branch/scripts/foot.html (revision 66) +++ branches/samhain-2_2-branch/scripts/foot.html (revision 66) @@ -0,0 +1,11 @@ + + + + + + + + + + + Index: branches/samhain-2_2-branch/scripts/head.html =================================================================== --- branches/samhain-2_2-branch/scripts/head.html (revision 66) +++ branches/samhain-2_2-branch/scripts/head.html (revision 66) @@ -0,0 +1,72 @@ + + + + Server status + + + + + + + +
+ + S A M H A I N + +
+

Server Status

+ + + +
+ + + +
+ + + + + +
+ + Current time: %T
+ Startup time: %S
+
+ Connections: (maximum %M simultaneously)
+ open %O
+ total %A
+
+ Last connection: %L + +
+ +
+ +
+ + +

Clients

+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Index: branches/samhain-2_2-branch/scripts/samhainadmin.pl.in =================================================================== --- branches/samhain-2_2-branch/scripts/samhainadmin.pl.in (revision 66) +++ branches/samhain-2_2-branch/scripts/samhainadmin.pl.in (revision 66) @@ -0,0 +1,686 @@ +#! /usr/bin/perl + +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +use warnings; +use strict; +use Getopt::Long; +use File::Basename; +use File::Copy; +use File::stat; +use File::Temp qw/ tempfile tempdir unlink0 /; +use IO::Handle; +use Fcntl qw(:DEFAULT :flock); +use Tie::File; + +# Do I/O to the data file in binary mode (so it +# wouldn't complain about invalid UTF-8 characters). +use bytes; + +File::Temp->safe_level( File::Temp::HIGH ); + +my %opts = (); +my $action; +my $file1; +my $file2; +my $passphrase; +my $return_from_sign = 0; +my $no_print_examine = 0; +my $no_remove_lock = 0; +my $base = basename($0); + +my $cfgfile = "@myconffile@"; +my $datafile = "@mydatafile@"; +my $daemon = "@sbindir@/@install_name@"; +my $gpg = "@mygpg@"; + +$cfgfile =~ s/^REQ_FROM_SERVER//; +$datafile =~ s/^REQ_FROM_SERVER//; + +$gpg = "gpg" if ($gpg eq ""); + +sub check_gpg_agent() { + my $gpgconf = "$ENV{'HOME'}/.gnupg/gpg.conf"; + + if (!-f "$gpgconf") { + $gpgconf = "$ENV{'HOME'}/.gnupg/options"; + } + + if (-f $gpgconf) { + + my @array = (); + tie @array, 'Tie::File', $gpgconf or die "Cannot tie ${gpgconf}: $!"; + my @grep = grep(/^\s*use-agent/, @array); + + # print "matches = $#grep\n"; + + if ($#grep >= 0) + { + if (exists $ENV{'GPG_AGENT_INFO'}) + { + my $socke = $ENV{'GPG_AGENT_INFO'}; + $socke =~ s/:.*//; + + # print "socke = $socke\n"; + + if (! -S $socke) + { + print "--------------------------------------------------\n"; + print "\n"; + print " GPG is set to use gpg-agent, but GPG agent is"; + print " not running, though GPG_AGENT_INFO is defined.\n\n"; + print " Please restart gpg-agent, or remove the use-agent\n"; + print " option from ${gpgconf} and unset GPG_AGENT_INFO\n\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit 1; + } + } + else + { + print "--------------------------------------------------\n"; + print "\n"; + print " GPG is set to use gpg-agent, but "; + print " GPG_AGENT_INFO is not defined.\n\n"; + print " Please start gpg-agent, or remove the use-agent\n"; + print " option from ${gpgconf}\n\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit 1; + } + } + untie @array; + } +} + + +sub usage() { + print "Usage:\n"; + print " $base { -m F | --create-cfgfile } [options] [in.cfgfile]\n"; + print " Sign the configuration file. If in.cfgfile is given, sign it\n"; + print " and install it as configuration file.\n\n"; + + print " $base { -m f | --print-cfgfile } [options] \n"; + print " Print the configuration file to stdout. Signatures are removed.\n\n"; + + print " $base { -m D | --create-datafile } [options] [in.datafile]\n"; + print " Sign the database file. If in.datafile is given, sign it\n"; + print " and install it as database file.\n\n"; + + print " $base { -m d | --print-datafile } [options] \n"; + print " Print the database file to stdout. Signatures are removed. Use\n"; + print " option --list to list files in database rather than printing the raw file.\n\n"; + + print " $base { -m R | --remove-signature } [options] file1 [file2 ...]\n"; + print " Remove cleartext signature from input file(s). The file\n"; + print " is replaced by the non-signed file.\n\n"; + + print " $base { -m E | --sign } [options] file1 [file2 ...]\n"; + print " Sign file(s) with a cleartext signature. The file\n"; + print " is replaced by the signed file.\n\n"; + + print " $base { -m e | --examine } [options] file1 [file2 ...]\n"; + print " Report signature status of file(s).\n\n"; + + print " $base { -m G | --generate-keys } [options] \n"; + print " Generate a PGP keypair to use for signing.\n\n"; + + print "Options:\n"; + print " -c cfgfile --cfgfile cfgfile\n"; + print " Select an alternate configuration file.\n\n"; + + print " -d datafile --datafile datafile\n"; + print " Select an alternate database file.\n\n"; + + print " -p passphrase --passphrase passphrase\n"; + print " Set the passphrase for gpg. By default, gpg will ask.\n\n"; + + print " -l --list\n"; + print " List the files in database rather than printing the raw file.\n\n"; + + print " -v --verbose\n"; + print " Verbose output.\n\n"; + return; +} + +sub check_gpg_uid () { + if (0 != $>) { + print "--------------------------------------------------\n"; + print "\n"; + print " You are not root. Please remember that samhain/yule\n"; + print " will use the public keyring of root to verify a signature.\n"; + print "\n"; + print "--------------------------------------------------\n"; + } else { + if (!("@yulectl_prg@" =~ //)) { + print "--------------------------------------------------\n"; + print "\n"; + print " Please remember that yule will drop root after startup. Signature\n"; + print " verification on SIGHUP will fail if you do not import the public key\n"; + print " into the keyring of the non-root yule user.\n"; + print "\n"; + print "--------------------------------------------------\n"; + } + } +} + +sub check_gpg_sign () { + if ( (!-d "$ENV{'HOME'}/.gnupg") || (!-e "$ENV{'HOME'}/.gnupg/secring.gpg")) { + print "--------------------------------------------------\n"; + print "\n"; + if (!-d "$ENV{'HOME'}/.gnupg") { + print " Directory \$HOME/.gnupg not found!\n"; + } else { + print " Secret keyring \$HOME/.gnupg/secring.gpg not found!\n"; + } + print "\n"; + print " This indicates that you have never created a \n"; + print " public/private keypair, and thus cannot sign.\n"; + print " \n"; + print " Please use $0 --generate-keys or gpg --gen-key\n"; + print " to generate a public/private keypair first.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } +} + +sub check_gpg_verify () { + if ( (!-d "$ENV{'HOME'}/.gnupg") || (!-e "$ENV{'HOME'}/.gnupg/pubring.gpg")) { + print "--------------------------------------------------\n"; + print "\n"; + if (!-d "$ENV{'HOME'}/.gnupg") { + print " Directory \$HOME/.gnupg not found!\n"; + } else { + print " Public keyring \$HOME/.gnupg/pubring.gpg not found!\n"; + } + print "\n"; + print " This indicates that you have never used gpg before \n"; + print " and/or have no public keys to verify signatures.\n"; + print " \n"; + print " Please use 'gpg --export key_id' to export the public\n"; + print " signing key of the user who is signing the\n"; + print " configuration/database files.\n\n"; + print " Then you can use 'gpg --import keyfile' to import the key\n"; + print " into this user's public keyring.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } +} + + +sub generate () { + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --gen-key"; + check_gpg_uid(); + system ($command) == 0 + or die "system $command failed: $?"; + exit; +} + +sub examine () { + my $iscfg = 0; + my $have_fp = 0; + my $have_sig = 0; + my $message = ''; + my $retval = 9; + my $fh; + my $filename; + + if (!($file1 =~ /^\-$/)) { + die ("Cannot open $file1 for read: $!") unless ((-e $file1) && (-r _)); + } + open FIN, "<$file1" or die "Cannot open $file1 for read: $!"; + + my $dir = tempdir( CLEANUP => 1 ); + $filename = $dir . "/exa_jhfdbilw." . $$; + open $fh, ">$filename" or die "Cannot open $filename"; + autoflush $fh 1; + + while () { + print $fh $_; + if ($_ =~ /^\s*\[Misc\]/) { + $iscfg = 1; + } + } + if ($iscfg == 1) { + $message .= "File $file1 is a configuration file\n\n"; + } else { + $message .= "File $file1 is a database file\n\n"; + } + + + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --status-fd 1 "; + $command .= "--verbose " if (defined($opts{'v'})); + $command .= "--verify $filename "; + if (defined($opts{'v'})) { + $command .= "2>&1"; + } else { + $command .= "2>/dev/null"; + } + + print STDOUT "Using: $command\n\n" if (defined($opts{'v'})); + open GPGIN, "$command |" or die "Cannot fork: $!"; + + while () { + if ($_ =~ /^\[GNUPG:\] GOODSIG ([0-9A-F]+) (.*)$/) { + $message .= "GOOD signature with key: $1\n"; + $message .= "Key owner: $2\n"; + $have_sig = 1; + $retval = 0; + } + if ($_ =~ /^\[GNUPG:\] VALIDSIG ([0-9A-F]+) ([0-9\-]+)\s/) { + $message .= "Key fingerprint: $1\n"; + $message .= "Signature generated on: $2\n\n"; + $have_fp = 1; + $message .= "This file is signed with a valid signature.\n" + if ($have_sig == 1); + $have_sig = 1; + $have_fp = 1; + } + if ($_ =~ /^\[GNUPG:\] NODATA 1/) { + $message .= "NO signature found.\n\n"; + $message .= "This file is not signed !!!\n"; + $have_sig = 1; + $have_fp = 1; + $retval = 2; + } + if ($_ =~ /^\[GNUPG:\] BADSIG ([0-9A-F]+) (.*)$/) { + $message .= "BAD signature with key: $1\n"; + $message .= "Key owner: $2\n\n"; + $message .= "This file is signed with an invalid signature !!!\n"; + $have_sig = 1; + $have_fp = 1; + $retval = 1; + } + if ($_ =~ /^\[GNUPG:\] NO_PUBKEY ([0-9A-F]+)/) { + $message .= "NOT CHECKED signature with key: $1\n\n"; + $message .= "The signature of this file cannot be checked: no public key available !!!\n"; + $have_sig = 1; + $have_fp = 1; + $retval = 1; + } + print STDOUT $_ if (defined($opts{'v'})); + } + close (GPGIN); + print STDOUT "\n" if (defined($opts{'v'})); + if ($have_sig == 0) { + $message .= "NO valid signature found\n"; + } + elsif ($have_fp == 0) { + $message .= "NO fingerprint found\n"; + } + close (FIN); + if ($no_print_examine == 0) { + print STDOUT $message; + } + unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; + return $retval; +} + +sub remove () { + my $bodystart = 1; + my $sigstart = 0; + my $sigend = 0; + my $filename = ""; + my $fh; + my $stats; + + open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; + if (!($file1 =~ /^\-$/)) { + flock(FH, LOCK_EX) unless ($no_remove_lock == 1); + my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; + $filename = $dir . "/rem_iqegBCQb." . $$; + open $fh, ">$filename" or die "Cannot open $filename"; + $stats = stat($file1); + # ($fh, $filename) = tempfile(UNLINK => 1); + } else { + open $fh, ">$file1" or die "Cannot open file $file1 for write: $!"; + } + autoflush $fh 1; + while () { + if ($_ =~ /^-----BEGIN PGP SIGNED MESSAGE-----/) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && ($_ =~ /^\s+$/)) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif ($_ =~ /^-----BEGIN PGP SIGNATURE-----/) { + $bodystart = 0; + $sigend = 1; + next; + } elsif (($sigend == 1) && ($_ =~ /^-----END PGP SIGNATURE-----/)) { + $sigend = 0; + $bodystart = 1; + next; + } + if ($bodystart == 1) { + print $fh $_; + } + } + if (!($file1 =~ /^\-$/)) { + copy("$filename", "$file1") + or die "Copy $filename to $file1 failed: $!"; + chmod $stats->mode, $file1; + chown $stats->uid, $stats->gid, $file1; + flock(FH, LOCK_UN) unless ($no_remove_lock == 1); + close FH; + } + unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; + return; +} + +sub print_cfgfile () { + my $bodystart = 0; + my $sigstart = 0; + + if (!defined($file2)) { + $file2 = '-'; + } + + open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; + open FO, ">$file2" or die "Cannot open file $file2 for write: $!"; + while () { + if ($_ =~ /^-----BEGIN PGP SIGNED MESSAGE-----/) { + $sigstart = 1; + next; + } elsif (($sigstart == 1) && ($_ =~ /^\s+$/)) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif ($_ =~ /^-----BEGIN PGP SIGNATURE-----/) { + $bodystart = 0; + exit; + } + if ($bodystart == 1) { + print FO $_; + } + } + exit; +} +sub print_datafile () { + die ("Cannot find program $daemon") + unless (-e $daemon); + if (defined($opts{'v'})) { + open FH, "$daemon --full-detail -d $datafile |" + or die "Cannot open datafile $datafile for read: $!"; + } else { + open FH, "$daemon -d $datafile |" + or die "Cannot open datafile $datafile for read: $!"; + } + while () { + print $_; + } + exit; +} + +sub sign_file () { + + my $fileout = ''; + my $bodystart = 1; + my $sigstart = 0; + my $sigend = 0; + my $stats; + my $fh1; + my $filename1; + my $flag1 = 0; + + check_gpg_uid(); + check_gpg_agent(); + + if (!defined($file2)) { + $file2 = $file1; + } + + if ($file1 =~ /^\-$/) { + my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; + $filename1 = $dir . "/sig_vs8827sd." . $$; + open $fh1, ">$filename1" or die "Cannot open $filename1"; + $flag1 = 1; + # my ($fh1, $filename1) = tempfile(UNLINK => 1); + + while () { + if ($_ =~ /^-----BEGIN PGP SIGNED MESSAGE-----/) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && ($_ =~ /^\s+$/)) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif ($_ =~ /^-----BEGIN PGP SIGNATURE-----/) { + $bodystart = 0; + $sigend = 1; + next; + } elsif (($sigend == 1) && ($_ =~ /^-----END PGP SIGNATURE-----/)) { + $sigend = 0; + $bodystart = 1; + next; + } + if ($bodystart == 1) { + print $fh1 $_; + } + # + # print $fh1 $_; + # + } + $file1 = $filename1; + $fileout = '-'; + } else { + open (LOCKFILE, "<$file1") or die "Cannot open $file1: $!"; + flock(LOCKFILE, LOCK_EX); + $no_print_examine = 1; + $no_remove_lock = 1; + if (examine() < 2) { + remove(); + } + $fileout = $file1 . ".asc"; + $stats = stat($file1) + or die "No file $file1: $!"; + } + + if (defined($passphrase)) { + local $SIG{PIPE} = 'IGNORE'; + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --passphrase-fd 0 -a --clearsign -o $fileout --not-dash-escaped $file1"; + open (FH, "|$command") or die "can't fork: $!"; + print FH "$passphrase" or die "can't write: $!"; + close FH or die "can't close: status=$?"; + } else { + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg -a --clearsign -o $fileout --not-dash-escaped $file1"; + system("$command") == 0 + or die "system $command failed: $?"; + } + + if (!($fileout =~ /^\-$/)) { + my $st_old = stat($file1) + or die "No file $file1: $!"; + my $st_new = stat($fileout) + or die "No file $fileout: $!"; + die ("Signed file is smaller than unsigned file") + unless ($st_new->size > $st_old->size); + move("$fileout", "$file2") + or die "Move $fileout to $file2 failed: $!"; + chmod $stats->mode, $file2; + chown $stats->uid, $stats->gid, $file2; + flock(LOCKFILE, LOCK_UN); + } + + if ($flag1 == 1) { + unlink0( $fh1, $filename1 ) or die "Cannot unlink $filename1 safely"; + } + if ($return_from_sign == 1) { + return; + } + exit; +} + +Getopt::Long::Configure ("posix_default"); +Getopt::Long::Configure ("bundling"); +# Getopt::Long::Configure ("debug"); + +GetOptions (\%opts, 'm=s', 'h|help', 'v|verbose', 'l|list', + 'c|cfgfile=s', + 'd|datafile=s', + 'p|passphrase=s', + 'create-cfgfile', # -m F + 'print-cfgfile', # -m f + 'create-datafile', # -m D + 'print-datafile', # -m d + 'remove-signature',# -m R + 'sign', # -m E + 'examine', # -m e + 'generate-keys'); # -m G + +if (defined ($opts{'h'})) { + usage(); + exit; +} + +if (defined($opts{'c'})) { + $cfgfile = $opts{'c'}; +} +if (defined($opts{'d'})) { + $datafile = $opts{'d'}; +} +if (defined($opts{'p'})) { + $passphrase = $opts{'p'}; +} + +if (defined ($opts{'m'}) && ($opts{'m'} =~ /[FfDdREeG]{1}/) ) { + $action = $opts{'m'}; +} +elsif (defined ($opts{'create-cfgfile'})) { + $action = 'F'; +} +elsif (defined ($opts{'print-cfgfile'})) { + $action = 'f'; +} +elsif (defined ($opts{'create-datafile'})) { + $action = 'D'; +} +elsif (defined ($opts{'print-datafile'})) { + $action = 'd'; +} +elsif (defined ($opts{'remove-signature'})) { + $action = 'R'; +} +elsif (defined ($opts{'sign'})) { + $action = 'E'; +} +elsif (defined ($opts{'examine'})) { + $action = 'e'; +} +elsif (defined ($opts{'generate-keys'})) { + $action = 'G'; +} +else { + usage(); + die ("No valid action specified !"); +} + +if (defined($ARGV[0])) { + $file1 = $ARGV[0]; +} +if (defined($ARGV[1])) { + $file2 = $ARGV[1]; +} + + +if (($action =~ /[REe]{1}/) && !defined($file1)) { + usage(); + die("Option -m $action requires a filename (or '-' for stdio)\n"); +} + +if ($action =~ /^F$/) { + if (!defined($file1)) { + $file1 = $cfgfile; + } + $file2 = $cfgfile; + sign_file (); +} + +if ($action =~ /^D$/) { + if (!defined($file1)) { + $file1 = $datafile; + } + $file2 = $datafile; + sign_file (); +} + +if ($action =~ /^R$/) { + # $file1 defined + my $i = 0; + while (defined($ARGV[$i])) { + $file1 = $ARGV[$i]; + remove (); + ++$i; + } +} + +if ($action =~ /^E$/) { + # $file1 defined + # default: $file2 = $file1 + check_gpg_sign(); + my $i = 0; + while (defined($ARGV[$i])) { + $file1 = $ARGV[$i]; + $file2 = $file1; + $return_from_sign = 1; + sign_file (); + ++$i; + } +} + +if ($action =~ /^e$/) { + # $file1 defined + # default: $file2 = stdout + check_gpg_verify(); + my $i = 0; + while (defined($ARGV[$i])) { + print "\n"; + $file1 = $ARGV[$i]; + examine (); + ++$i; + print "\n--------------------------------\n" if (defined($ARGV[$i])); + } +} + +if ($action =~ /^f$/) { + $file1 = $cfgfile; + $file2 = "-"; + print_cfgfile (); +} + +if ($action =~ /^d$/) { + # $file1 irrelevant + if (defined($opts{'l'})) { + print_datafile (); + } else { + $file1 = $datafile; + $file2 = "-"; + print_cfgfile (); + } +} + + + Index: branches/samhain-2_2-branch/scripts/samhainrc_update.sh =================================================================== --- branches/samhain-2_2-branch/scripts/samhainrc_update.sh (revision 66) +++ branches/samhain-2_2-branch/scripts/samhainrc_update.sh (revision 66) @@ -0,0 +1,297 @@ +#! /bin/sh + +# ----------------------------------------------------------------------- +# The default configuration file +# ----------------------------------------------------------------------- + +cfgfile="/etc/samhainrc" + +# ----------------------------------------------------------------------- +# Be Bourne compatible +# ----------------------------------------------------------------------- + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +programname="$0" +sysmap= + +# ----------------------------------------------------------------------- +# Print help +# ----------------------------------------------------------------------- + +showhelp() { + echo + echo "$programname - update samhain config file after kernel update" + echo + echo "OPTIONS:" + echo + echo " -u|--update " + echo " Update the configuration file with new" + echo " settings as taken from " + echo + echo " -c|--config-file " + echo " Specify the configuration file to update [${cfgfile}]" + echo + echo " -p|--print-only " + echo " Print new settings, don't modify anything" + echo + echo " -h|--help" + echo " Print this help" + echo + echo " -n|--nocolor" + echo " (ignored, legacy support)" + echo +} + + +# ----------------------------------------------------------------------- +# Death strikes +# ----------------------------------------------------------------------- + +die() { + echo ${1+"$@"} >&2 + { (exit 1); exit 1; } +} + +# ----------------------------------------------------------------------- +# Get new settings from +# ----------------------------------------------------------------------- + +system_call= +syscall_table= +proc_root= +proc_root_inode_operations= +proc_root_lookup= + +get_new_settings() { + + if [ -z "$sysmap" ]; then + die "No System.map specified" + fi + if [ -f "$sysmap" ]; then + if [ -r "$sysmap" ]; then + system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'` + syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'` + proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'` + proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'` + proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'` + else + die "System.map ${sysmap} not readable" + fi + else + die "System.map ${sysmap} not found" + fi + test -z "${system_call}" && die "system_call not found in ${cfgfile}" + test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}" + test -z "${proc_root}" && die "proc_root not found in ${cfgfile}" + test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}" + test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}" + +} + +# ----------------------------------------------------------------------- +# Print new settings +# ----------------------------------------------------------------------- + +run_print() { + get_new_settings + echo + echo "KernelSystemCall = 0x${system_call}" + echo "KernelSyscallTable = 0x${syscall_table}" + echo "KernelProcRoot = 0x${proc_root}" + echo "KernelProcRootIops = 0x${proc_root_inode_operations}" + echo "KernelProcRootLookup = 0x${proc_root_lookup}" + echo +} + +# ----------------------------------------------------------------------- +# Replace a setting +# ----------------------------------------------------------------------- + +# set ignorecase +# search pattern +# delete current line +# insert +# single dot == end of insert text +# save and exit + +run_replace() { + item="$1" + address="$2" + ex -s "$cfgfile" </dev/null + if [ $? -ne 0 ]; then + die "No [Kernel] section in configuration file $cfgfile" + fi + + cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}" + else + run_add 'KernelProcRootLookup' "0x${proc_root_lookup}" + fi + + cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}" + else + run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}" + fi + + cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelProcRoot' "0x${proc_root}" + else + run_add 'KernelProcRoot' "0x${proc_root}" + fi + + cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelSyscallTable' "0x${syscall_table}" + else + run_add 'KernelSyscallTable' "0x${syscall_table}" + fi + + cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelSystemCall' "0x${system_call}" + else + run_add 'KernelSystemCall' "0x${system_call}" + fi + +} + +# ----------------------------------------------------------------------- +# Parse command line +# ----------------------------------------------------------------------- + +sysmap= +action= + +for option +do + + # If the previous option needs an argument, assign it. + # + if test -n "$opt_prev"; then + eval "$opt_prev=\$option" + eval export "$opt_prev" + opt_prev= + continue + fi + + case "$option" in + -*=*) + optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` + ;; + *) + optarg= + ;; + esac + + case "$option" in + + -h|--help) + showhelp + exit 0 + ;; + + -n|--nocolor) + ;; + + -c|--config-file) + opt_prev=cfgfile + ;; + + -c=* | --config-file=*) + cfgfile="$optarg" + ;; + + -p|--print-only) + opt_prev=sysmap + action=p + ;; + + + -p=* | --print-only=*) + sysmap="$optarg" + action=p + ;; + + -u|--update) + opt_prev=sysmap + action=u + ;; + + -u=* | --update=*) + sysmap="$optarg" + action=u + ;; + + esac + +done + +if [ x"$action" = xp ]; then + run_print + exit 0 +fi +if [ x"$action" = xu ]; then + run_update + exit 0 +fi + +showhelp +exit 1 Index: branches/samhain-2_2-branch/sql_init/samhain.mysql.init =================================================================== --- branches/samhain-2_2-branch/sql_init/samhain.mysql.init (revision 66) +++ branches/samhain-2_2-branch/sql_init/samhain.mysql.init (revision 66) @@ -0,0 +1,93 @@ +CREATE DATABASE samhain; +USE mysql; +INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain','','N','Y','N','N','N','N'); +USE samhain; +CREATE TABLE samhain.log ( + log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY, + log_ref BIGINT UNSIGNED NULL, + log_host VARCHAR(64) NOT NULL DEFAULT "localhost", + INDEX ix_log_host (log_host), + log_time DATETIME NOT NULL, + log_sev ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT") NOT NULL, + log_msg BLOB, + + log_hash VARCHAR(32) NOT NULL, + KEY ix_hash (log_hash), + + entry_status VARCHAR(16) NOT NULL DEFAULT "NEW", + INDEX ix_entry_status (entry_status), + + path BLOB, + userid VARCHAR(8), + grp VARCHAR(8), + program VARCHAR(8), + subroutine VARCHAR(16), + status VARCHAR(12), + hash VARCHAR(50), + path_data BLOB, + hash_data VARCHAR(50), + key_uid VARCHAR(64), + key_uid_data VARCHAR(64), + key_id VARCHAR(16), + module VARCHAR(8), + return_code INTEGER, + syscall VARCHAR(16), + ip VARCHAR(16), + tty VARCHAR(16), + peer VARCHAR(64), + fromhost VARCHAR(64), + obj BLOB, + interface VARCHAR(64), + time VARCHAR(64), + dir BLOB, + linked_path BLOB, + port INTEGER, + service VARCHAR(64), + facility VARCHAR(32), + priority VARCHAR(32), + syslog_msg BLOB, + + mode_old VARCHAR(16), + mode_new VARCHAR(16), + attr_old VARCHAR(16), + attr_new VARCHAR(16), + + device_old VARCHAR(16), + device_new VARCHAR(16), + owner_old VARCHAR(9), + owner_new VARCHAR(9), + group_old VARCHAR(9), + group_new VARCHAR(9), + ctime_old DATETIME, + ctime_new DATETIME, + atime_old DATETIME, + atime_new DATETIME, + mtime_old DATETIME, + mtime_new DATETIME, + chksum_old VARCHAR(50), + chksum_new VARCHAR(50), + link_old BLOB, + link_new BLOB, + + size_old BIGINT, + size_new BIGINT, + hardlinks_old BIGINT, + hardlinks_new BIGINT, + inode_old BIGINT, + inode_new BIGINT, + + imode_old BIGINT, + imode_new BIGINT, + iattr_old BIGINT, + iattr_new BIGINT, + idevice_old BIGINT, + idevice_new BIGINT, + iowner_old BIGINT, + iowner_new BIGINT, + igroup_old BIGINT, + igroup_new BIGINT + + + + ); + Index: branches/samhain-2_2-branch/sql_init/samhain.oracle.init =================================================================== --- branches/samhain-2_2-branch/sql_init/samhain.oracle.init (revision 66) +++ branches/samhain-2_2-branch/sql_init/samhain.oracle.init (revision 66) @@ -0,0 +1,102 @@ +CREATE SEQUENCE log_log_index_seq START WITH 1; +CREATE TABLE log ( + log_index INTEGER NOT NULL, + log_ref NUMBER(20) NULL, + log_host VARCHAR2(64) DEFAULT 'localhost' NOT NULL, + log_time DATE NOT NULL, + log_sev VARCHAR2(4) NOT NULL, + log_msg VARCHAR2(4000), + log_hash VARCHAR2(32), + entry_status VARCHAR2(16) DEFAULT 'NEW' NOT NULL, + path VARCHAR2(4000), + userid VARCHAR2(8), + grp VARCHAR2(8), + program VARCHAR2(8), + subroutine VARCHAR2(16), + status VARCHAR2(12), + hash VARCHAR2(50), + path_data VARCHAR2(4000), + hash_data VARCHAR2(50), + key_uid VARCHAR2(64), + key_uid_data VARCHAR2(64), + key_id VARCHAR2(16), + module VARCHAR2(8), + return_code INTEGER, + syscall VARCHAR2(16), + ip VARCHAR2(16), + tty VARCHAR2(16), + peer VARCHAR2(64), + fromhost VARCHAR2(64), + obj VARCHAR2(128), + interface VARCHAR2(64), + time VARCHAR2(64), + dir VARCHAR2(4000), + linked_path VARCHAR2(4000), + port INTEGER, + service VARCHAR2(64), + facility VARCHAR2(32), + priority VARCHAR2(32), + syslog_msg VARCHAR2(4000), + mode_old VARCHAR2(16), + mode_new VARCHAR2(16), + attr_old VARCHAR2(16), + attr_new VARCHAR2(16), + device_old VARCHAR2(16), + device_new VARCHAR2(16), + owner_old VARCHAR2(9), + owner_new VARCHAR2(9), + group_old VARCHAR2(9), + group_new VARCHAR2(9), + ctime_old VARCHAR2(25), + ctime_new VARCHAR2(25), + atime_old VARCHAR2(25), + atime_new VARCHAR2(25), + mtime_old VARCHAR2(25), + mtime_new VARCHAR2(25), + chksum_old VARCHAR2(50), + chksum_new VARCHAR2(50), + link_old VARCHAR2(4000), + link_new VARCHAR2(4000), + size_old NUMBER(20), + size_new NUMBER(20), + hardlinks_old NUMBER(20), + hardlinks_new NUMBER(20), + inode_old NUMBER(20), + inode_new NUMBER(20), + imode_old NUMBER(20), + imode_new NUMBER(20), + iattr_old NUMBER(20), + iattr_new NUMBER(20), + idevice_old NUMBER(20), + idevice_new NUMBER(20), + iowner_old NUMBER(20), + iowner_new NUMBER(20), + igroup_old NUMBER(20), + igroup_new NUMBER(20) + ); + +CREATE OR REPLACE TRIGGER trigger_on_log +before insert on log +for each row +declare +log_index integer; +begin +select log_log_index_seq.NEXTVAL into :new.log_index from dual; +end trigger_on_log; +. +run; + +CREATE UNIQUE INDEX log_log_index_key on log (log_index); + +CREATE INDEX ix_hash ON log (log_hash); + +CREATE INDEX ix_log_host ON log (log_host); +CREATE INDEX ix_log_ref ON log (log_ref); +CREATE INDEX ix_entry_status ON log (entry_status); + +GRANT INSERT ON log TO samhain; +GRANT ALTER ON log_log_index_seq TO samhain; +GRANT SELECT ON log_log_index_seq TO samhain; + + + Index: branches/samhain-2_2-branch/sql_init/samhain.postgres.init =================================================================== --- branches/samhain-2_2-branch/sql_init/samhain.postgres.init (revision 66) +++ branches/samhain-2_2-branch/sql_init/samhain.postgres.init (revision 66) @@ -0,0 +1,96 @@ +CREATE SEQUENCE log_log_index_seq START 1; +CREATE TABLE log ( + log_index INTEGER NOT NULL, + log_ref BIGINT NULL, + log_host VARCHAR(64) NOT NULL DEFAULT 'localhost', + log_time TIMESTAMP NOT NULL, + log_sev VARCHAR(4) NOT NULL, + log_msg TEXT, + + log_hash VARCHAR(32), + + entry_status VARCHAR(16) NOT NULL DEFAULT 'NEW', + + path TEXT, + userid VARCHAR(8), + grp VARCHAR(8), + program VARCHAR(8), + subroutine VARCHAR(16), + status VARCHAR(12), + hash VARCHAR(50), + path_data TEXT, + hash_data VARCHAR(50), + key_uid VARCHAR(64), + key_uid_data VARCHAR(64), + key_id VARCHAR(16), + module VARCHAR(8), + return_code INTEGER, + syscall VARCHAR(16), + ip VARCHAR(16), + tty VARCHAR(16), + peer VARCHAR(64), + fromhost VARCHAR(64), + obj TEXT, + interface VARCHAR(64), + time VARCHAR(64), + dir TEXT, + linked_path TEXT, + port INTEGER, + service VARCHAR(64), + facility VARCHAR(32), + priority VARCHAR(32), + syslog_msg TEXT, + + mode_old VARCHAR(16), + mode_new VARCHAR(16), + attr_old VARCHAR(16), + attr_new VARCHAR(16), + + device_old VARCHAR(16), + device_new VARCHAR(16), + owner_old VARCHAR(9), + owner_new VARCHAR(9), + group_old VARCHAR(9), + group_new VARCHAR(9), + ctime_old TIMESTAMP, + ctime_new TIMESTAMP, + atime_old TIMESTAMP, + atime_new TIMESTAMP, + mtime_old TIMESTAMP, + mtime_new TIMESTAMP, + chksum_old VARCHAR(50), + chksum_new VARCHAR(50), + link_old TEXT, + link_new TEXT, + + size_old BIGINT, + size_new BIGINT, + hardlinks_old BIGINT, + hardlinks_new BIGINT, + inode_old BIGINT, + inode_new BIGINT, + + imode_old BIGINT, + imode_new BIGINT, + iattr_old BIGINT, + iattr_new BIGINT, + idevice_old BIGINT, + idevice_new BIGINT, + iowner_old BIGINT, + iowner_new BIGINT, + igroup_old BIGINT, + igroup_new BIGINT + + ); + + +CREATE UNIQUE INDEX log_log_index_key on log (log_index); +CREATE INDEX ix_hash ON log (log_hash); + +CREATE INDEX ix_log_host ON log (log_host); +CREATE INDEX ix_entry_status ON log (entry_status); + +GRANT INSERT ON log TO samhain; +GRANT UPDATE ON log_log_index_seq TO samhain; +GRANT SELECT ON log_log_index_seq TO samhain; + Index: branches/samhain-2_2-branch/src/CuTest.c =================================================================== --- branches/samhain-2_2-branch/src/CuTest.c (revision 66) +++ branches/samhain-2_2-branch/src/CuTest.c (revision 66) @@ -0,0 +1,336 @@ +/******************* + +LICENSE + +Copyright (c) 2003 Asim Jalis + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any damages +arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, +including commercial applications, and to alter it and redistribute it +freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you must not +claim that you wrote the original software. If you use this software in +a product, an acknowledgment in the product documentation would be +appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and must not +be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source +distribution. + +**********************/ + +#include +#include +#include +#include +#include +#include + +#include "CuTest.h" + +/*-------------------------------------------------------------------------* + * CuStr + *-------------------------------------------------------------------------*/ + +char* CuStrAlloc(int size) +{ + char* newStr = (char*) malloc( sizeof(char) * (size) ); + return newStr; +} + +char* CuStrCopy(const char* old) +{ + int len = strlen(old); + char* newStr = CuStrAlloc(len + 1); + strcpy(newStr, old); + return newStr; +} + +/*-------------------------------------------------------------------------* + * CuString + *-------------------------------------------------------------------------*/ + +void CuStringInit(CuString* str) +{ + str->length = 0; + str->size = STRING_MAX; + str->buffer = (char*) malloc(sizeof(char) * str->size); + str->buffer[0] = '\0'; +} + +CuString* CuStringNew(void) +{ + CuString* str = (CuString*) malloc(sizeof(CuString)); + str->length = 0; + str->size = STRING_MAX; + str->buffer = (char*) malloc(sizeof(char) * str->size); + str->buffer[0] = '\0'; + return str; +} + +void CuStringResize(CuString* str, int newSize) +{ + str->buffer = (char*) realloc(str->buffer, sizeof(char) * newSize); + str->size = newSize; +} + +void CuStringAppend(CuString* str, const char* text) +{ + int length; + + if (text == NULL) { + text = "NULL"; + } + + length = strlen(text); + if (str->length + length + 1 >= str->size) + CuStringResize(str, str->length + length + 1 + STRING_INC); + str->length += length; + strcat(str->buffer, text); +} + +void CuStringAppendChar(CuString* str, char ch) +{ + char text[2]; + text[0] = ch; + text[1] = '\0'; + CuStringAppend(str, text); +} + +void CuStringAppendFormat(CuString* str, const char* format, ...) +{ + va_list argp; + char buf[HUGE_STRING_LEN]; + va_start(argp, format); + vsprintf(buf, format, argp); + va_end(argp); + CuStringAppend(str, buf); +} + +void CuStringInsert(CuString* str, const char* text, int pos) +{ + int length = strlen(text); + if (pos > str->length) + pos = str->length; + if (str->length + length + 1 >= str->size) + CuStringResize(str, str->length + length + 1 + STRING_INC); + memmove(str->buffer + pos + length, str->buffer + pos, (str->length - pos) + 1); + str->length += length; + memcpy(str->buffer + pos, text, length); +} + +/*-------------------------------------------------------------------------* + * CuTest + *-------------------------------------------------------------------------*/ + +void CuTestInit(CuTest* t, const char* name, TestFunction function) +{ + t->name = CuStrCopy(name); + t->failed = 0; + t->ran = 0; + t->message = NULL; + t->function = function; + t->jumpBuf = NULL; +} + +CuTest* CuTestNew(const char* name, TestFunction function) +{ + CuTest* tc = CU_ALLOC(CuTest); + CuTestInit(tc, name, function); + return tc; +} + +void CuTestRun(CuTest* tc) +{ + jmp_buf buf; + tc->jumpBuf = &buf; + if (setjmp(buf) == 0) + { + tc->ran = 1; + (tc->function)(tc); + } + tc->jumpBuf = 0; +} + +static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string) +{ + char buf[HUGE_STRING_LEN]; + + sprintf(buf, "%s:%d: ", file, line); + CuStringInsert(string, buf, 0); + + tc->failed = 1; + tc->message = string->buffer; + if (tc->jumpBuf != 0) longjmp(*(tc->jumpBuf), 0); +} + +void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message) +{ + CuString string; + + CuStringInit(&string); + if (message2 != NULL) + { + CuStringAppend(&string, message2); + CuStringAppend(&string, ": "); + } + CuStringAppend(&string, message); + CuFailInternal(tc, file, line, &string); +} + +void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition) +{ + if (condition) return; + CuFail_Line(tc, file, line, NULL, message); +} + +void CuAssertStrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + const char* expected, const char* actual) +{ + CuString string; + if ((expected == NULL && actual == NULL) || + (expected != NULL && actual != NULL && + strcmp(expected, actual) == 0)) + { + return; + } + + CuStringInit(&string); + if (message != NULL) + { + CuStringAppend(&string, message); + CuStringAppend(&string, ": "); + } + CuStringAppend(&string, "expected <"); + CuStringAppend(&string, expected); + CuStringAppend(&string, "> but was <"); + CuStringAppend(&string, actual); + CuStringAppend(&string, ">"); + CuFailInternal(tc, file, line, &string); +} + +void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + int expected, int actual) +{ + char buf[STRING_MAX]; + if (expected == actual) return; + sprintf(buf, "expected <%d> but was <%d>", expected, actual); + CuFail_Line(tc, file, line, message, buf); +} + +void CuAssertDblEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + double expected, double actual, double delta) +{ + char buf[STRING_MAX]; + if (fabs(expected - actual) <= delta) return; + sprintf(buf, "expected <%lf> but was <%lf>", expected, actual); + CuFail_Line(tc, file, line, message, buf); +} + +void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + void* expected, void* actual) +{ + char buf[STRING_MAX]; + if (expected == actual) return; + sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual); + CuFail_Line(tc, file, line, message, buf); +} + + +/*-------------------------------------------------------------------------* + * CuSuite + *-------------------------------------------------------------------------*/ + +void CuSuiteInit(CuSuite* testSuite) +{ + testSuite->count = 0; + testSuite->failCount = 0; +} + +CuSuite* CuSuiteNew(void) +{ + CuSuite* testSuite = CU_ALLOC(CuSuite); + CuSuiteInit(testSuite); + return testSuite; +} + +void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase) +{ + assert(testSuite->count < MAX_TEST_CASES); + testSuite->list[testSuite->count] = testCase; + testSuite->count++; +} + +void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2) +{ + int i; + for (i = 0 ; i < testSuite2->count ; ++i) + { + CuTest* testCase = testSuite2->list[i]; + CuSuiteAdd(testSuite, testCase); + } +} + +void CuSuiteRun(CuSuite* testSuite) +{ + int i; + for (i = 0 ; i < testSuite->count ; ++i) + { + CuTest* testCase = testSuite->list[i]; + CuTestRun(testCase); + if (testCase->failed) { testSuite->failCount += 1; } + } +} + +void CuSuiteSummary(CuSuite* testSuite, CuString* summary) +{ + int i; + for (i = 0 ; i < testSuite->count ; ++i) + { + CuTest* testCase = testSuite->list[i]; + CuStringAppend(summary, testCase->failed ? "F" : "."); + } + CuStringAppend(summary, "\n\n"); +} + +void CuSuiteDetails(CuSuite* testSuite, CuString* details) +{ + int i; + int failCount = 0; + + if (testSuite->failCount == 0) + { + int passCount = testSuite->count - testSuite->failCount; + const char* testWord = passCount == 1 ? "test" : "tests"; + CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord); + } + else + { + if (testSuite->failCount == 1) + CuStringAppend(details, "There was 1 failure:\n"); + else + CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount); + + for (i = 0 ; i < testSuite->count ; ++i) + { + CuTest* testCase = testSuite->list[i]; + if (testCase->failed) + { + failCount++; + CuStringAppendFormat(details, "%d) %s: %s\n", + failCount, testCase->name, testCase->message); + } + } + CuStringAppend(details, "\n!!!FAILURES!!!\n"); + + CuStringAppendFormat(details, "Runs: %d ", testSuite->count); + CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount); + CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount); + } +} Index: branches/samhain-2_2-branch/src/bignum.c =================================================================== --- branches/samhain-2_2-branch/src/bignum.c (revision 66) +++ branches/samhain-2_2-branch/src/bignum.c (revision 66) @@ -0,0 +1,1924 @@ +/* Implementation of bignums by Henrik.Johansson@Nexus.Comm.SE in 1991 + * version 1.2 + */ + +/* Modifications in this file (Nov 1999, Rainer Wichmann): + * - a few compiler warnings fixed: + * gcc insists on 'if ( ( b_eq_qr = ((b == q) || (b == r)) ) )' + * instead of 'if ( b_eq_qr = ((b == q) || (b == r)) )' + * - code that is not used in samhain is #defined out by: + * #if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + * or + * #ifdef UNUSED_CODE + * - the error message (error_string[]) is enclosed in N_(),_() macros + * - the following four #includes have been added + */ +#include "config_xor.h" + + +#include + +#ifdef HAVE_MEMORY_H +#include +#endif + +#include "samhain.h" +#include "bignum.h" + + +#if (!defined(HAVE_LIBGMP) || !defined(HAVE_GMP_H)) && (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + +#define DIGIT BIGNUM_DIGIT +#define DIGIT2 BIGNUM_TWO_DIGITS + +#ifndef TRUE +#define TRUE (1 == 1) +#endif +#ifndef FALSE +#define FALSE (1 != 1) +#endif + + +#define MIN_ALLOC ((sizeof(long) / sizeof(DIGIT)) << 1) + +/* Don't expect the "sign" field to have the right value (BIG_SIGN_0) at + * all times, so compare real content of bignum with zerop. + * Maybe it would be better to be sure at all times that the sign is right? + */ +#define zerop(BIG) ((*(BIG)->dp == 0) && ((BIG)->dgs_used == 1)) +#define uonep(BIG) ((*(BIG)->dp == 1) && ((BIG)->dgs_used == 1)) +#define NEGATE_SIGN(SGN) (-(SGN)) + +#define DIGIT_BITS BIGNUM_DIGIT_BITS +#define DIGIT2_BITS BIGNUM_TWO_DIGITS_BITS + +#define DIGIT_PART(N) ((DIGIT)((N) & ((((DIGIT2)1) << DIGIT_BITS) - 1))) +#define RESULT_MINUSP(RES) (((RES) & ((DIGIT2)1 << (DIGIT2_BITS - 1))) != 0) +#define SHIFT_DIGIT_DOWN(N) (DIGIT_PART((N) >> DIGIT_BITS)) +#define SHIFT_DIGIT_UP(N) ((DIGIT2)((N) << DIGIT_BITS)) + +#define DIGIT_BASE (((DIGIT2)1) << DIGIT_BITS) +#define MAX_DIGIT ((((DIGIT2)1) << DIGIT_BITS) - 1) + +#define uint unsigned int +#define ulong unsigned long + +/* +extern void *malloc(size_t size); +extern void free(); +*/ + +char *last_string = NULL; +char *big_end_string = NULL; + +ulong length_last_string; +static char big_base_digits1[] = +N_("00112233445566778899AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz"); +static char error_string[] = N_("(big_errno != 0, something has gone wrong)"); +static char big_base_digits[73] = "\0"; + +bignum big_one; +bignum tmp_string, tmp_add, tmp_mul, tmp_q, tmp_r, tmp_rand, tmp_round; +DIGIT *tmp_digits; +ulong tmp_ulong; + +/* #define COUNT_ALLOC */ +#ifdef COUNT_ALLOC +ulong dgs_alloc = 0, digits_freed = 0; +#endif + +int big_errno = BIG_OK; + +double log2tbl[] = +{ + -1.0, -1.0, + 1.000000000000000, 1.584961891174317, 2.000000000000002, 2.321928024291994, + 2.584960937500003, 2.807353973388675, 3.000000000000004, 3.169923782348637, + 3.321928024291997, 3.459430694580083, 3.584960937500005, 3.700439453125006, + 3.807353973388678, 3.906888961791999, 4.000000000000014, 4.087459564208999, + 4.169921875000016, 4.247924804687517, 4.321926116943377, 4.392314910888691, + 4.459430694580098, 4.523559570312520, 4.584960937500021, 4.643856048584007, + 4.700439453125023, 4.754886627197290, 4.807353973388697, 4.857978820800807, + 4.906887054443386, 4.954193115234403, 5.000000000000028, 5.044391632080107, + 5.087459564209015, 5.129280090332062, 5.169921875000032 +}; + +struct digit_blocks +{ + int digCnt; + DIGIT dig_base; +} big_block[37]; /* The code uses index 2 to 36 */ + + +/* ---------------------------------------------------------------------- + * All static utility functions are placed first in this file. + */ + +#ifndef HAVE_STRCHR +static char * strchr (char * str_ptr, char ch) +{ + do + { + if (*str_ptr == ch) + { + return str_ptr; + } + } while (*str_ptr++ != '\0'); + return NULL; +} +#endif + +#if 0 + +extern int printf(); + +static void +print_digits(prefix, a) +char *prefix; +bignum *a; +{ + unsigned long i; + ulong tmp; + + printf("%s", prefix); + if (a->sign == BIG_SIGN_MINUS) + { + printf("- "); + } + else + { + if (a->sign == BIG_SIGN_PLUS) + { + printf("+ "); + } + else + { + printf("+/- "); + } + } + for (i = a->dgs_used - 1; i > 0; i--) + { + tmp = a->dp[i]; + printf("%lu, ", tmp); + } + tmp = *a->dp; + printf("%lu\n", tmp); +} + +#else + +#define print_digits(prefix, big) /* */ + +#endif + +static void +init_digit_blocks(void) +{ + uint digcnt, base; + DIGIT maxdigit, curdigit, tmp; + + for (base = 2; base <= 36; base++) + { + tmp = ((1 << (DIGIT_BITS - 1)) / base); + maxdigit = tmp * 2; + curdigit = 1; + digcnt = 0; + while (curdigit < maxdigit) + { + digcnt++; + curdigit *= base; + } + big_block[base].digCnt = digcnt; + big_block[base].dig_base = curdigit; + } +} + +#ifdef COUNT_ALLOC +static void +free_digits(DIGIT * dp, ulong count) +{ + /* Mar 4 2000 R. Wichmann: check for dp == NULL */ + if (!dp) + return; + digits_freed += count; + free((char *)dp); + dp = NULL; +} +#else +/* June 5 2000 R. Wichmann: check for dp == NULL */ +/* #define free_digits(DP,CNT) free((char *)DP) */ +static void +free_digits(DIGIT * dp, ulong count) +{ + /* Mar 4 2000 R. Wichmann: check for dp == NULL */ + if (!dp) + return; + free((char *)dp); + dp = NULL; + count = 0; +} +#endif + +static DIGIT * +allocate_digits(ulong alloclen) +{ + DIGIT *digit_ptr; + + if (big_errno != BIG_OK) + { + return NULL; + } +#ifdef COUNT_ALLOC + dgs_alloc += alloclen; +#endif + digit_ptr = (DIGIT *) malloc(alloclen * sizeof(DIGIT)); + if (digit_ptr == NULL) + { + big_errno = BIG_MEMERR; + return NULL; + } + return digit_ptr; +} + +static bigerr_t +newsize(DIGIT **dp_p, ulong *cursize_p, ulong minsz, ulong newsz) +{ + if (*cursize_p >= minsz) + { + return big_errno; + } + free_digits(*dp_p, *cursize_p); + if (newsz < MIN_ALLOC) + { + newsz = MIN_ALLOC; + } + if ((*dp_p = allocate_digits(newsz)) == NULL) + { + return big_errno; + } + *cursize_p = newsz; + return big_errno; +} + +/* `memcpy' uses an `int' as counter. If an int can't hold a big enough + * counter, then `digits_cpy' becomes a function (and a little slower, + * probably. Unfortunately `memcpy' takes a signed counter, but _that_ + * size of numbers are almost too big! Or isn't it? + */ +#ifdef MEMCPY_LONG_COUNTER +/* extern char *memcpy(); */ +#define digits_cpy(dst, src, count) memcpy((char *)(dst), (char *)(src), \ + (count) * sizeof(DIGIT)) +#else +static void +digits_cpy(DIGIT *dst, DIGIT *src, ulong count) +{ + while (count-- > 0) + { + *dst++ = *src++; + } +} +#endif + +static DIGIT * +copy_digits(DIGIT *src, ulong cp_count, ulong alloclen) +{ + DIGIT *dst; + + if (big_errno != BIG_OK) + { + return NULL; + } + if ((dst = allocate_digits(alloclen)) == NULL) + { + return NULL; + } + digits_cpy(dst, src, cp_count); + return dst; +} + +static void +add_digit(bignum * a, DIGIT d) +{ + DIGIT2 res = d; + DIGIT *last_digit, *digit_ptr = a->dp, *digvect; + + last_digit = digit_ptr + a->dgs_used; + while (digit_ptr < last_digit) + { + res = *digit_ptr + res; + *digit_ptr = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + digit_ptr++; + if (res == 0) + { + break; + } + } + if (res != 0) + { + if (a->dgs_used < a->dgs_alloc) + { + *digit_ptr = DIGIT_PART(res); + } + else + { + if ((digvect = copy_digits(a->dp, a->dgs_used, + a->dgs_used + 4)) == NULL) + { + return; /* big_errno will be set to last error */ + } + digvect[a->dgs_used] = DIGIT_PART(res); + free_digits(a->dp, a->dgs_alloc); + a->dgs_alloc = a->dgs_used + 4; + a->dp = digvect; + } + a->dgs_used++; + } +} + +static DIGIT +vect_div_digit(DIGIT *digvect, ulong *len, DIGIT d) +{ + DIGIT *digit_ptr = digvect + *len - 1, newval; + DIGIT2 rest = 0; + + if (d == 0) + { + big_errno = BIG_DIV_ZERO; + return -1; + } + if (d == 1) + { + return 0; + } + while (digit_ptr >= digvect) + { + rest = (DIGIT2)SHIFT_DIGIT_UP(rest); + newval = DIGIT_PART((*digit_ptr + rest) / d); + rest = (*digit_ptr + rest) % d; + *digit_ptr = newval; + digit_ptr--; + } + if (*len > 1) + { + if (digvect[*len - 1] == 0) + { + *len -= 1; + } + } + return DIGIT_PART(rest); +} + +static DIGIT +udiv_digit(bignum *a, DIGIT d) +{ + DIGIT res; + + res = vect_div_digit(a->dp, &a->dgs_used, d); + if (zerop(a)) + { + a->sign = BIG_SIGN_0; + } + return res; +} + +static DIGIT +vect_mul_digit(DIGIT *digvect, ulong len, DIGIT x) +{ + DIGIT *digit_ptr = digvect + len; + DIGIT2 res = 0; + + while (digvect < digit_ptr) + { + res += *digvect * (DIGIT2)x; + *digvect = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + digvect++; + } + return DIGIT_PART(res); +} + +static void +umul_digit(bignum *a, DIGIT x) +{ + DIGIT ovfl, *digvect; + + ovfl = vect_mul_digit(a->dp, a->dgs_used, x); + if (ovfl != 0) + { + if (a->dgs_used < a->dgs_alloc) + { + a->dp[a->dgs_used] = ovfl; + } + else + { + digvect = copy_digits(a->dp, + a->dgs_used, + a->dgs_used + 4); + digvect[a->dgs_used] = ovfl; + free_digits(a->dp, a->dgs_alloc); + a->dgs_alloc = a->dgs_used + 4; + a->dp = digvect; + } + a->dgs_used++; + } +} + +static int +ucompare_digits(bignum *a, bignum *b) +{ + DIGIT *a_ptr, *b_ptr; + + if (a->dgs_used == b->dgs_used) + { + a_ptr = a->dp + a->dgs_used - 1; + b_ptr = b->dp + b->dgs_used - 1; + while ((*a_ptr == *b_ptr) && (a_ptr >= a->dp)) + { + a_ptr--; + b_ptr--; + } + if (a_ptr < a->dp) + { + return 0; + } + else + { + return (*a_ptr > *b_ptr) ? 1 : -1; + } + } + return (a->dgs_used > b->dgs_used) ? 1 : -1; +} + +static void +uadd_digits(bignum *a, bignum *b, bignum *c) +{ + DIGIT *dp_x, *dp_y, *dp_z, *res_dp, *end_x, *end_y; + ulong len_x, len_y; + DIGIT2 res = 0; + + if (a->dgs_used > b->dgs_used) + { + dp_x = a->dp; + len_x = a->dgs_used; + dp_y = b->dp; + len_y = b->dgs_used; + } + else + { + dp_x = b->dp; + len_x = b->dgs_used; + dp_y = a->dp; + len_y = a->dgs_used; + } + end_x = dp_x + len_x; + end_y = dp_y + len_y; + if (c->dgs_alloc >= len_x) + { + dp_z = c->dp; + } + else + { + if (newsize(&tmp_add.dp, &tmp_add.dgs_alloc, + len_x, len_x + 4) != BIG_OK) + { + return; + } + dp_z = tmp_add.dp; + } + res_dp = dp_z; + while (dp_y < end_y) + { + res += ((DIGIT2)*dp_x++) + *dp_y++; + *res_dp++ = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + } + while (dp_x < end_x) + { + res += *dp_x++; + *res_dp++ = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + } + if (res != 0) + { + *res_dp++ = DIGIT_PART(res); + } + + if (dp_z != c->dp) + { + tmp_digits = c->dp; + c->dp = tmp_add.dp; + tmp_add.dp = tmp_digits; + + tmp_ulong = c->dgs_alloc; + c->dgs_alloc = tmp_add.dgs_alloc; + tmp_add.dgs_alloc = tmp_ulong; + } + c->dgs_used = res_dp - c->dp; +} + +static void +usub_digits(bignum *a, bignum *b, bignum *c) +{ + DIGIT *dp_x, *dp_y, *dp_z, *res_dp, *end_x, *end_y; + ulong len_x, len_y; + DIGIT2 res = 0; + + dp_x = a->dp; + len_x = a->dgs_used; + dp_y = b->dp; + len_y = b->dgs_used; + + end_x = dp_x + len_x; + end_y = dp_y + len_y; + if (c->dgs_alloc >= len_x) + { + dp_z = c->dp; + } + else + { + if (newsize(&tmp_add.dp, &tmp_add.dgs_alloc, + len_x, len_x + 2) != BIG_OK) + { + return; + } + dp_z = tmp_add.dp; + } + res_dp = dp_z; + while (dp_y < end_y) + { + res = ((DIGIT2)*dp_x++) - *dp_y++ - RESULT_MINUSP(res); + *res_dp++ = DIGIT_PART(res); + } + while (dp_x < end_x) + { + res = *dp_x++ - RESULT_MINUSP(res); + *res_dp++ = DIGIT_PART(res); + } +#ifdef BIG_CHECK_LIMITS + if (RESULT_MINUSP(res) != 0) + { + big_errno = BIG_ALGERR; + return; + } +#endif + while ((*--res_dp == 0) && (res_dp > dp_z)) + { + /* Move pointer down until we reach a non-zero */ + } + if (dp_z != c->dp) + { + tmp_digits = c->dp; + c->dp = tmp_add.dp; + tmp_add.dp = tmp_digits; + + tmp_ulong = tmp_add.dgs_alloc; + tmp_add.dgs_alloc = c->dgs_alloc; + c->dgs_alloc = tmp_ulong; + } + c->dgs_used = res_dp - dp_z + 1; +} + +/* + * This (pseudo) random number generator is not very good. It has a long + * period [ 2 ^ (DIGIT_BITS * 2) (?)] before it starts with the same sequence + * again, but the lower bits are "less random" than they should be. I've + * solved it by using word of double length, and returning the upper bits. + * Please mail me if you know how to make it into a "more random" generator. + * One important thing though: it will have to reasonably fast. + * The good thing with this one is that it is very portable, but that doesn't + * help much when you want _good_ random numbers. + * Henrik.Johansson@Nexus.Comm.SE + */ +#ifdef UNUSED_CODE +static DIGIT +rand(void) +{ + static DIGIT2 x1 = 33, x2 = 45; /* Just give them two starting values */ + + if (x2 = BIG_RAND_A2 * x2 + BIG_RAND_C2, x2 == 45) + { + x1 = BIG_RAND_A1 * x1 + BIG_RAND_C1; + } + return SHIFT_DIGIT_DOWN(x1 + x2); /* Skip least significant bits */ +} +/* UNUSED_CODE */ +#endif + +/* ---------------------------------------------------------------------- + * All external functions comes here. + */ + +bigerr_t +big_init_pkg() +{ + strcpy (big_base_digits, _(big_base_digits1)); /* known to fit */ + init_digit_blocks(); + big_create(&tmp_string); + big_create(&tmp_add); + big_create(&tmp_mul); + big_create(&tmp_q); + big_create(&tmp_r); + big_create(&tmp_rand); + big_create(&big_one); + big_set_long((long)1, &big_one); + length_last_string = 10; + if ((last_string = malloc(length_last_string)) == NULL) + { + big_errno = BIG_MEMERR; + } + return big_errno; +} + +void +big_release_pkg() +{ + big_destroy(&tmp_string); + big_destroy(&tmp_add); + big_destroy(&tmp_mul); + big_destroy(&tmp_q); + big_destroy(&tmp_r); + big_destroy(&tmp_round); + big_destroy(&big_one); + if (last_string != NULL) + free(last_string); +#ifdef COUNT_ALLOC + printf("Allocated digits: %lu\n", dgs_alloc); + printf("Freed digits: %lu\n", digits_freed); +#endif +} + +bigerr_t +big_create(a) +bignum *a; +{ + /* Make sure that big_create alway returns a NULL bignum + * that can safely be destroyed. + */ + if (a != NULL) + { + a->dp = NULL; + } + if (big_errno != BIG_OK) + { + return big_errno; + } + if (a == NULL) + { + big_errno = BIG_ARGERR; + return big_errno; + } + + a->sign = BIG_SIGN_0; + a->dgs_used = 1; + if ((a->dp = allocate_digits((long)sizeof(long))) == NULL) + { + return big_errno; + } + a->dgs_alloc = sizeof(long); + *a->dp = 0; + return big_errno; +} + +void +big_destroy(a) +bignum *a; +{ + /* Mar 4, 2000 R. Wichmann: check for a == NULL */ + /* free_digits() checks for a->dp == NULL */ + if (a != NULL) + free_digits(a->dp, a->dgs_alloc); +} + +ulong +big_bitcount(a) +bignum *a; +{ + int bits = 0; + DIGIT high_digit; + + if (big_errno != BIG_OK) + { + return 0; + } + high_digit = a->dp[a->dgs_used - 1]; + while (high_digit != 0) + { + bits++; + high_digit >>= 1; + } + return DIGIT_BITS * (a->dgs_used - 1) + bits; +} + +bigerr_t +big_set_big(a, b) +bignum *a; +bignum *b; +{ + if ((big_errno != BIG_OK) || (a == b)) + { + return big_errno; + } + if (newsize(&b->dp, &b->dgs_alloc, a->dgs_used, a->dgs_used) != BIG_OK) + { + return big_errno; + } + b->dgs_used = a->dgs_used; + b->sign = a->sign; + digits_cpy(b->dp, a->dp, a->dgs_used); + return big_errno; +} + + +void +big_set_ulong(n, a) +ulong n; +bignum *a; +{ + unsigned int i; + + if (big_errno != BIG_OK) + { + return; + } + if (n == 0) + { + *a->dp = 0; + a->dgs_used = 1; + a->sign = BIG_SIGN_0; + } + else + { + a->dgs_used = 0; + for (i = 0; i < sizeof(long) / sizeof(DIGIT); i++) + { + if (n == 0) + { + break; + } + a->dgs_used++; + a->dp[i] = DIGIT_PART(n); + n = SHIFT_DIGIT_DOWN(n); + } + a->sign = BIG_SIGN_PLUS; + } + print_digits("set_(u)long: a = ", a); +} + +void +big_set_long(n, a) +long n; +bignum *a; +{ + ulong m; + + m = (n < 0) ? - n : n; + big_set_ulong(m, a); + if (!(n >= 0)) + { + a->sign = BIG_SIGN_MINUS; + } +} + + +bigerr_t +big_set_string(numstr, base, a) +char *numstr; +int base; +bignum *a; +{ + char *src, *maxdigit, *chrptr; + DIGIT dig_base, dig_sum, last_base; + int cnt, maxcnt; + + if (big_errno != BIG_OK) + { + return big_errno; + } + + big_end_string = numstr; + if ((base < 2) || (base > 36) || (numstr == NULL) || (a == NULL)) + { + big_errno = BIG_ARGERR; + return big_errno; + } + + src = numstr; + + maxdigit = big_base_digits + (base << 1); + + maxcnt = big_block[base].digCnt; + dig_base = big_block[base].dig_base; + a->dgs_used = 1; + *a->dp = 0; + a->sign = BIG_SIGN_PLUS; /* Assume it will be positive */ + while (strchr(" \t\n\r", *src) != NULL) /* Skip whitespaces */ + { + src++; + } + if ((*src == '-') || (*src == '+')) /* First non-white is a sign? */ + { + a->sign = (*src == '-') ? BIG_SIGN_MINUS : BIG_SIGN_PLUS; + src++; + } + chrptr = strchr(big_base_digits, *src); + if ((chrptr == NULL) || (chrptr >= maxdigit)) /* Next chr not a digit? */ + { + big_end_string = src; + big_errno = BIG_ARGERR; + return big_errno; + } + while (*src == '0') /* Next chr a '0'? */ + { + src++; /* Read past all '0'es */ + } + chrptr = strchr(big_base_digits, *src); + if ((chrptr == NULL) || (chrptr >= maxdigit)) /* Next char not a digit */ + { + big_end_string = src; + a->sign = BIG_SIGN_0; /* It was just a plain 0 */ + return big_errno; + } + dig_sum = 0; + cnt = 0; + while ((chrptr = strchr(big_base_digits, *src)), + (chrptr != NULL) && (chrptr < maxdigit)) + { + dig_sum = dig_sum * base + ((chrptr - big_base_digits) >> 1); + if (++cnt >= maxcnt) + { + umul_digit(a, dig_base); + add_digit(a, dig_sum); + dig_sum = 0; + cnt = 0; + } + src++; + } + if (cnt > 0) + { + last_base = base; + while (--cnt > 0) + { + last_base *= base; + } + umul_digit(a, last_base); + add_digit(a, dig_sum); + } + big_end_string = src; + return big_errno; +} + + +int +big_ulong(a, n) +bignum *a; +ulong *n; +{ + ulong old_n; + DIGIT *dp; + + if (big_errno != BIG_OK) + { + return FALSE; + } + if (a->dgs_used > sizeof(ulong) / sizeof(DIGIT)) + { + return FALSE; + } + dp = a->dp + a->dgs_used - 1; + old_n = *n = *dp--; + while ((dp >= a->dp) && (old_n < *n)) + { + old_n = *n; + *n = SHIFT_DIGIT_UP(*n) + *dp--; + } + if (old_n >= *n) + { + return FALSE; + } + return FALSE; +} + +int +big_long(a, n) +bignum *a; +long *n; +{ + long old_n; + DIGIT *dp; + + if (a->dgs_used > sizeof(ulong) / sizeof(DIGIT)) + { + return FALSE; + } + dp = a->dp + a->dgs_used - 1; + old_n = *n = *dp--; + while ((dp >= a->dp) && (old_n <= *n)) + { + old_n = *n; + *n = SHIFT_DIGIT_UP(*n) + *dp--; + } + if (old_n >= *n) + { + return FALSE; + } + if (a->sign == BIG_SIGN_MINUS) + { + *n = -*n;; + } + return FALSE; +} + + +char * +big_string(a, base) +bignum *a; +int base; +{ + ulong bit_length, str_length; + char *dst; + DIGIT dig_base, rem; + int cnt, maxcnt; + + if (big_errno != BIG_OK) + { + return _(error_string); + } + big_set_big(a, &tmp_string); + /* Need more room than minimum here... */ + bit_length = tmp_string.dgs_used * DIGIT_BITS; + /* bit_length = big_bitcount(&tmp_string); */ + str_length = (ulong)(bit_length / log2tbl[base] + 4); + if (str_length > length_last_string) + { + if (last_string != NULL) + free(last_string); + if ((last_string = malloc(str_length)) == NULL) + { + big_errno = BIG_MEMERR; + return NULL; + } + length_last_string = str_length; + } + + dst = last_string + length_last_string - 1; + *dst-- = '\0'; + maxcnt = big_block[base].digCnt; + dig_base = big_block[base].dig_base; + while (tmp_string.dgs_used > 1) + { + rem = udiv_digit(&tmp_string, dig_base); + for (cnt = 0; cnt < maxcnt; cnt++) + { + *dst-- = big_base_digits[(rem % base) << 1]; + rem /= base; + } + } + rem = *tmp_string.dp; + do + { + *dst-- = big_base_digits[(rem % base) << 1]; + rem /= base; + } while (rem != 0); + + if (a->sign == BIG_SIGN_MINUS) + { + *dst = '-'; + } + else + { + dst++; + } + return dst; +} + +bigerr_t +big_negate(a, b) +bignum *a; +bignum *b; +{ + big_set_big(a, b); + b->sign = NEGATE_SIGN(a->sign); + return big_errno; +} + +int +big_sign(a) +bignum *a; +{ + return a->sign; +} + +bigerr_t +big_abs(a, b) +bignum *a; +bignum *b; +{ + big_set_big(a, b); + if (a->sign == BIG_SIGN_MINUS) + { + b->sign = NEGATE_SIGN(a->sign); + } + return big_errno; +} + +int +big_compare(a, b) +bignum *a; +bignum *b; +{ + if (a->sign == b->sign) + { + if (a->sign == 0) + { + return 0; + } + return + (a->sign == BIG_SIGN_MINUS) + ? -ucompare_digits(a, b) + : ucompare_digits(a, b); + } + return b->sign - a->sign; +} + +int +big_lessp(a, b) +bignum *a; +bignum *b; +{ + return big_compare(a, b) < 0; +} + +int +big_leqp(a, b) +bignum *a; +bignum *b; +{ + return !(big_compare(a, b) > 0); +} + +int +big_equalp(a, b) +bignum *a; +bignum *b; +{ + return big_compare(a, b) == 0; +} + +int +big_geqp(a, b) +bignum *a; +bignum *b; +{ + return !(big_compare(a, b) < 0); +} + +int +big_greaterp(a, b) +bignum *a; +bignum *b; +{ + return big_compare(a, b) > 0; +} + +int +big_zerop(a) +bignum *a; +{ + return a->sign == BIG_SIGN_0; +} + +int +big_evenp(a) +bignum *a; +{ + return ((*a->dp & 0x01) == 0); +} + +int +big_oddp(a) +bignum *a; +{ + return ((*a->dp & 0x01) == 1); +} + +bigerr_t +big_add(a, b, c) +bignum *a; +bignum *b; +bignum *c; +{ + int cmp; + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("add:\ta = ", a); + print_digits("\tb = ", b); + if (a->sign == b->sign) + { + uadd_digits(a, b, c); + c->sign = a->sign; + } + else + { + cmp = ucompare_digits(a, b); + if (cmp < 0) + { + usub_digits(b, a, c); + if (zerop(c)) + { + c->sign = BIG_SIGN_0; + } + else + { + c->sign = b->sign; + } + } + else if (cmp > 0) + { + usub_digits(a, b, c); + if (zerop(c)) + { + c->sign = BIG_SIGN_0; + } + else + { + c->sign = a->sign; + } + } + else + { + c->dgs_used = 1; + *c->dp = 0; + c->sign = BIG_SIGN_0; + } + } + print_digits("\tc = ", c); + return big_errno; +} + +bigerr_t +big_sub(a, b, c) +bignum *a; +bignum *b; +bignum *c; +{ + int cmp; + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("sub:\ta = ", a); + print_digits("\tb = ", b); + if (a->sign == BIG_SIGN_0) + { + big_set_big(b, c); + big_negate(c, c); + print_digits("\tc = ", c); + return big_errno; + } + if (b->sign == BIG_SIGN_0) + { + big_set_big(a, c); + print_digits("\tc = ", c); + return big_errno; + } + + cmp = ucompare_digits(a, b); + if (cmp <= 0) + { + if (a->sign != b->sign) + { + uadd_digits(a, b, c); + c->sign = a->sign; + } + else + { + usub_digits(b, a, c); + c->sign = (zerop(c) ? BIG_SIGN_0 : NEGATE_SIGN(a->sign)); + } + } + else if (cmp > 0) + { + if (a->sign != b->sign) + { + uadd_digits(a, b, c); + c->sign = a->sign; + } + else + { + usub_digits(a, b, c); + c->sign = (zerop(c) ? BIG_SIGN_0 : b->sign); + } + } + else + { + c->dgs_used = 1; + *c->dp = 0; + c->sign = BIG_SIGN_0; + } + print_digits("\tc = ", c); + return big_errno; +} + +bigerr_t +big_mul(a, b, c) +bignum *a; +bignum *b; +bignum *c; +{ + DIGIT *dp_x, *dp_xstart, *dp_xend; + DIGIT *dp_y, *dp_ystart, *dp_yend; + DIGIT *dp_z, *dp_zstart, *dp_zend, *dp_zsumstart; + ulong len_x, len_y /* , len_z */; + DIGIT2 res; + DIGIT tmp_res; /* Without use of this, gcc (v 1.39) generates */ + /* erroneous code on a sun386 machine */ + /* Should be removed with #ifdef's, when */ + /* not on a sun386, but... */ + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("mul:\ta = ", a); + print_digits("\tb = ", b); + + if (zerop(a) || zerop(b)) + { + c->sign = BIG_SIGN_0; + c->dgs_used = 1; + *c->dp = 0; + print_digits("(a=0 || b=0)c = ", c); + return big_errno; + } + if (uonep(a)) + { + big_set_big(b, c); + c->sign = (a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS; + print_digits("(abs(a)=1)c = ", c); + return big_errno; + } + if (uonep(b)) + { + big_set_big(a, c); + c->sign = (a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS; + print_digits("(abs(b)=1)c = ", c); + return big_errno; + } + + if (a->dgs_used < b->dgs_used) + { + dp_xstart = a->dp; + len_x = a->dgs_used; + dp_ystart = b->dp; + len_y = b->dgs_used; + } + else + { + dp_xstart = b->dp; + len_x = b->dgs_used; + dp_ystart = a->dp; + len_y = a->dgs_used; + } + if ((c == a) || (c == b)) + { + if (newsize(&tmp_mul.dp, &tmp_mul.dgs_alloc, + len_x + len_y, len_x + len_y + 2) != BIG_OK) + { + return big_errno; + } + dp_zsumstart = tmp_mul.dp; + /* len_z = tmp_mul.dgs_alloc; */ + } + else + { + if (newsize(&c->dp, &c->dgs_alloc, + len_x + len_y, len_x + len_y + 2) != BIG_OK) + { + return big_errno; + } + dp_zsumstart = c->dp; + /* len_z = c->dgs_alloc; */ + } + + dp_xend = dp_xstart + len_x; + dp_yend = dp_ystart + len_y; + dp_zend = dp_zsumstart + len_y; + + for (dp_z = dp_zsumstart; dp_z < dp_zend; dp_z++) + { + *dp_z = 0; /* Zero out rightmost digits */ + } + + dp_zstart = dp_zsumstart; + + for (dp_x = dp_xstart; dp_x < dp_xend; dp_x++) + { + dp_z = dp_zstart; + tmp_res = 0; + for (dp_y = dp_ystart; dp_y < dp_yend; dp_y++) + { + res = (DIGIT2)(*dp_x) * (*dp_y) + (*dp_z) + tmp_res; + *dp_z++ = DIGIT_PART(res); + tmp_res = SHIFT_DIGIT_DOWN(res); + } + *dp_z = tmp_res; + dp_zstart++; + } + if (dp_zsumstart != c->dp) + { + tmp_digits = c->dp; + c->dp = tmp_mul.dp; + tmp_mul.dp = tmp_digits; + + tmp_ulong = c->dgs_alloc; + c->dgs_alloc = tmp_mul.dgs_alloc; + tmp_mul.dgs_alloc = tmp_ulong; + } + if (*dp_z == 0) + { + dp_z--; + } + c->dgs_used = dp_z - dp_zsumstart + 1; + c->sign = a->sign * b->sign; + print_digits("\tc = ", c); + return big_errno; +} + +bigerr_t +big_trunc(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + DIGIT *v_end, *q_end, *r_end, *src, *dst; + DIGIT norm, qhat, t1, t2, t3, v1, v2, u1, u2, u3; + DIGIT2 temp, res, carry; + long a_l, b_l, q_l, r_l; +#if 0 + ulong i; +#endif + ulong j, m, n; + int cmp, q_eq_a, q_eq_b, r_eq_a, r_eq_b; + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("div:\ta = ", a); + print_digits("\tb = ", b); + if (zerop(b)) + { + big_errno = BIG_DIV_ZERO; + return big_errno; + } + + if (q == r) + { + big_errno = BIG_ARGERR; + return big_errno; + } + + if (b->dgs_used == 1) + { + big_set_big(a, q); + q->sign = ((a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS); + *r->dp = udiv_digit(q, *b->dp); + r->dgs_used = 1; + r->sign = (zerop(r) ? BIG_SIGN_0 : a->sign); + print_digits("\t3:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + + if (big_long(a, &a_l)) /* Pretend it is a signed value */ + { + big_long(b, &b_l); /* |a| < |b| so this will succeed */ + q_l = a_l / b_l; /* Compute with unsigned operators */ + r_l = a_l % b_l; + big_set_long((long)q_l, q); + big_set_long((long)r_l, r); + print_digits("\t4:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + + cmp = ucompare_digits(a, b); /* Unsigned compare, that is... */ + if (cmp < 0) + { + big_set_big(a, r); /* r = a (don't care about big_errno here) */ + q->sign = BIG_SIGN_0; /* q = 0 */ + *q->dp = 0; + q->dgs_used = 1; + print_digits("\t1:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + else + if (cmp == 0) + { + q->sign = ((a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS); + *q->dp = 1; /* q = 1 */ + q->dgs_used = 1; + r->sign = BIG_SIGN_0; /* r = 0 */ + *r->dp = 0; + r->dgs_used = 1; + print_digits("\t2:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + + q_eq_a = (q == a); + q_eq_b = (q == b); + if (q_eq_a || q_eq_b) + { + q = &tmp_q; + } + + r_eq_a = (r == a); + r_eq_b = (r == b); + if (r_eq_a || r_eq_b) + { + r = &tmp_r; + } + + if (newsize(&r->dp, &r->dgs_alloc, /* At least one more dig in r */ + a->dgs_used + 1, a->dgs_used + 2) != BIG_OK) + { + return big_errno; + } + big_set_big(a, r); + r->dp[a->dgs_used] = 0; /* In case no overflow in mult. */ + + n = b->dgs_used; + v_end = b->dp + n - 1; + norm = DIGIT_PART((DIGIT_BASE / ((DIGIT2)*v_end + 1))); + if (norm != 1) + { + umul_digit(r, norm); + umul_digit(b, norm); + print_digits("r = ", r); + print_digits("b = ", b); + } + m = a->dgs_used + 1 - b->dgs_used; + r_end = r->dp + a->dgs_used; + + if (newsize(&q->dp, &q->dgs_alloc, m, m + 2) != BIG_OK) + { + return big_errno; + } + q_end = q->dp + m - 1; + + v1 = *v_end; + v2 = *(v_end - 1); + + for (j = 0; j < m; j++) /* m steps through division */ + { + u1 = *r_end; /* routine */ + u2 = *(r_end - 1); + u3 = *(r_end - 2); + qhat = ((u1 == v1) ? + MAX_DIGIT : + DIGIT_PART(((DIGIT2)u1 * DIGIT_BASE + u2) / v1)); + while (1) + { + t3 = DIGIT_PART(temp = (DIGIT2)qhat * v2); + t2 = DIGIT_PART(temp = SHIFT_DIGIT_DOWN(temp) + v1 * (DIGIT2)qhat); + t1 = DIGIT_PART(SHIFT_DIGIT_DOWN(temp)); +#if 0 + printf("t1 = %lu, ", (ulong)t1); + printf("t2 = %lu, ", (ulong)t2); + printf("t3 = %lu\n", (ulong)t3); +#endif + if (t1 < u1) break; + if (t1 > u1) {--qhat; continue; } + if (t2 < u2) break; + if (t2 > u2) { --qhat; continue; } + if (t3 <= u3) break; + qhat--; + } + + /* This is a tricky one - multiply and subtract simultaneously */ + carry = 1; + res = 0; + src = b->dp; + dst = r->dp + m - j - 1; + while (src <= v_end) + { + res = (DIGIT2)qhat * *(src++) + SHIFT_DIGIT_DOWN(res); + carry += (DIGIT2)(*dst) + MAX_DIGIT - DIGIT_PART(res); + *(dst++) = DIGIT_PART(carry); + carry = DIGIT_PART(SHIFT_DIGIT_DOWN(carry)); + } + carry += (DIGIT2)(*dst) + MAX_DIGIT - SHIFT_DIGIT_DOWN(res); + *dst = DIGIT_PART(carry); + carry = DIGIT_PART(SHIFT_DIGIT_DOWN(carry)); + + if (carry == 0) + { + qhat--; + src = b->dp; + dst = r->dp + m - j - 1; + while (dst <= r_end) + { + carry = (DIGIT2)(*dst) + *src++ + SHIFT_DIGIT_DOWN(carry); + *dst++ = DIGIT_PART(carry); + } + *dst = 0; + } + *(q_end - j) = DIGIT_PART(qhat); + r_end--; + } + r->sign = a->sign; +#if 0 + i = r->dgs_used; +#endif + while ((*r_end == 0) && (r_end > r->dp)) + { + r_end--; + } + if (r_end == r->dp) + { + r->dgs_used = 1; + r->sign = BIG_SIGN_0; + } + else + { + r->dgs_used = r_end - r->dp + 1; + r->sign = a->sign; + } + if (norm != 1) + { + udiv_digit(b, norm); + udiv_digit(r, norm); + } + while ((*q_end == 0) && (q_end > q->dp)) /* This is not needed!(?) */ + { + q_end--; + } + /* was ifdef'd out already in original */ +#if 0 + i = m - 1; + while ((i > 0) && (q->dp[i--] == 0)) + { + /* Loop through all zeroes */ + } +#endif + q->dgs_used = q_end - q->dp + 1; + q->sign = ((a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS); + + if (q_eq_a) + { + big_set_big(q, a); + } + else + if (q_eq_b) + { + big_set_big(q, b); + } + + if (r_eq_b) + { + big_set_big(r, b); + } + else + if (r_eq_a) + { + big_set_big(r, a); + } + + print_digits("\t5:q = ", q); + print_digits("\t r = ", r); + return big_errno; +} + +bigerr_t +big_floor(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + int b_eq_qr, sign_eq; + + if ( ( b_eq_qr = ((b == q) || (b == r)) ) ) + { + big_set_big(b, &tmp_mul); + } + sign_eq = a->sign == b->sign; + big_trunc(a, b, q, r); + if (sign_eq) + { + return big_errno; + } + if (!zerop(r)) + { + if (b_eq_qr) + { + big_add(r, &tmp_mul, r); + } + else + { + big_add(r, b, r); + } + print_digits("big_one = ", &big_one); + big_sub(q, &big_one, q); + } + return big_errno; +} + +bigerr_t +big_ceil(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + int b_eq_qr, sign_diff; + + if ( ( b_eq_qr = ((b == q) || (b == r)) ) ) + { + big_set_big(b, &tmp_mul); + } + sign_diff = a->sign != b->sign; + big_trunc(a, b, q, r); + if (sign_diff) + { + return big_errno; + } + if (!zerop(r)) + { + if (b_eq_qr) + { + big_sub(r, &tmp_mul, r); + } + else + { + big_sub(r, b, r); + } + big_add(q, &big_one, q); + } + return big_errno; +} + +#ifdef UNUSED_CODE +/* This one doesn't work to 100%. I was a little braindamaged when I wrote + * this, but I'll eventually fix it. Zzzzzzz. + */ +bigerr_t +big_round(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + int b_eq_qr, b_neg_p, a_sgn_neq_b_sgn; + + if ( ( b_eq_qr = ((b == q) || (b == r)) ) ) + { + big_set_big(b, &tmp_round); + } + b_neg_p = b->sign == BIG_SIGN_MINUS; + a_sgn_neq_b_sgn = a->sign != b->sign; + big_trunc(a, b, q, r); + + big_set_big(r, &tmp_add); + umul_digit(&tmp_add, 2); + if (ucompare_digits(&tmp_add, b) > 0) /* |2 * r| > |b| */ + { + if (q->sign == BIG_SIGN_0) + { + if (a_sgn_neq_b_sgn) + { + big_sub(q, &big_one, q); + } + else + { + big_add(q, &big_one, q); + } + } + else + { + if (q->sign == BIG_SIGN_MINUS) + { + big_sub(q, &big_one, q); + } + else + { + big_add(q, &big_one, q); + } + } + if (b_eq_qr) + { + if (q->sign == BIG_SIGN_PLUS) + { + big_sub(r, &tmp_round, r); + } + else + { + big_add(r, &tmp_round, r); + } + } + else + { + if (q->sign == BIG_SIGN_PLUS) + { + big_sub(r, b, r); + } + else + { + big_add(r, b, r); + } + } + } + return big_errno; +} + +bigerr_t +big_random(a, b) +bignum *a; +bignum *b; +{ + unsigned long i; + int a_sgn = a->sign; + + if (big_errno != BIG_OK) + { + return big_errno; + } + if (zerop(a)) /* a = 0 -> big_random => 0 (special case) */ + { + *b->dp = 0; + b->dgs_used = 1; + b->sign = a_sgn; + return big_errno; + } + if (newsize(&tmp_rand.dp, &tmp_rand.dgs_alloc, + a->dgs_used + 1, a->dgs_used + 1) != BIG_OK) + { + return big_errno; + } + for (i = 0; i <= a->dgs_used; i++) + { + tmp_rand.dp[i] = rand(); + } + while (tmp_rand.dp[a->dgs_used] == 0) /* Make sure high digit is non-0 */ + { + tmp_rand.dp[a->dgs_used] = rand(); + } + tmp_rand.dgs_used = a->dgs_used + 1; + tmp_rand.sign = BIG_SIGN_PLUS; + a->sign = BIG_SIGN_PLUS; + big_trunc(&tmp_rand, a, &tmp_q, b); /* Dangerous to use tmp_q here... */ + a->sign = a_sgn; + b->sign = zerop(&tmp_rand) ? BIG_SIGN_0 : a_sgn; + return big_errno; +} + +/* UNUSED_CODE */ +#endif + +/* ---------------------------------------------------------------------- + * External functions that do not need to know anything about the internal + * representation of a bignum. + */ + +#ifdef UNUSED_CODE + +int +big_expt(a, z, x) +bignum *a; +unsigned long z; +bignum *x; +{ + bignum b; + + big_create(&b); + big_set_big(a, &b); + big_set_long((long)1, x); + + while ((z != 0) && (big_errno == BIG_OK)) + { + while ((z & 0x01) == 0) + { + z >>= 1; + big_mul(&b, &b, &b); + } + z -= 1; + big_mul(x, &b, x); + } + + big_destroy(&b); + return big_errno; +} + +/* UNUSED_CODE */ +#endif + +int +big_exptmod(a_in, z_in, n, x) +bignum *a_in; +bignum *z_in; +bignum *n; +bignum *x; +{ + bignum a, z, b0, b1, b2, dummy; + + big_create(&a); + big_create(&z); + big_create(&b0); + big_create(&b1); + big_create(&b2); + big_create(&dummy); + + big_set_big(a_in, &a); + big_set_big(z_in, &z); + big_set_long((long)1, x); + big_set_long((long)0, &b0); + big_set_long((long)1, &b1); + big_set_long((long)2, &b2); + + /* No foolproof testing on big_errno - it really ought to be done */ + while ((big_compare(&z, &b0) != 0) && (big_errno == BIG_OK)) + { + while (big_evenp(&z) && (big_errno == BIG_OK)) + { + big_trunc(&z, &b2, &z, &dummy); + big_mul(&a, &a, &a); + big_trunc(&a, n, &dummy, &a); + } + big_sub(&z, &b1, &z); + big_mul(x, &a, x); + big_trunc(x, n, &dummy, x); + } + + big_destroy(&dummy); + big_destroy(&b2); + big_destroy(&b1); + big_destroy(&b0); + big_destroy(&z); + big_destroy(&a); + + return big_errno; +} + +#ifdef UNUSED_CODE + +int +big_gcd(a, b, g) +bignum *a; +bignum *b; +bignum *g; +{ + bignum a1, b1, tmp; + + if (big_zerop(b)) + { + big_abs(a, g); + return big_errno; + } + + big_create(&a1); + big_create(&b1); + big_create(&tmp); + + big_abs(a, &a1); + big_abs(b, &b1); + + while (!big_zerop(&b1) && (big_errno == BIG_OK)) + { + big_floor(&a1, &b1, &tmp, &a1); + if (big_zerop(&a1)) + { + break; + } + big_floor(&b1, &a1, &tmp, &b1); + } + + if (big_zerop(&a1)) + { + big_set_big(&b1, g); + } + else + { + big_set_big(&a1, g); + } + + big_destroy(&tmp); + big_destroy(&b1); + big_destroy(&a1); + + return big_errno; +} +/* UNUSED_CODE */ +#endif + +/* #if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) */ +#endif + Index: branches/samhain-2_2-branch/src/caps.ac =================================================================== --- branches/samhain-2_2-branch/src/caps.ac (revision 66) +++ branches/samhain-2_2-branch/src/caps.ac (revision 66) @@ -0,0 +1,23 @@ + case "$host_os" in + *linux*) + if test x"${sh_use_lcaps}" = xyes + then + echo + echo "Using Linux capabilities to drop unnecessary root capabilities." + echo "Please make sure that directories used for writing have write permission" + echo "for root, because root will be a mere mortal in that respect:" + echo " Baseline database in: ${mydataroot}" + echo " Logfile in: ${localstatedir}/log" + echo " PID file in: ${localstatedir}/run" + echo "(directories not existent yet will be created upon installation, root-owned" + echo "if make install is executed by root.)" + echo + fi + if test x"${sh_use_lcaps}" = xno + then + echo + echo "Not using Linux capabilities (capability.h or libcap not found)" + echo + fi + ;; + esac Index: branches/samhain-2_2-branch/src/cutest_sh_hash.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_sh_hash.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_sh_hash.c (revision 66) @@ -0,0 +1,65 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" + +extern char * quote_string (const char * str); +extern char * unquote_string (const char * str); + +void Test_quote_string_ok (CuTest *tc) { + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + char * ret = 0; + + char inp1[] = "foo\nba=r\ntest"; + char out1[] = "foo=0Aba=3Dr=0Atest"; + + char inp2[] = "\n=foo\nba=r\ntest=\n"; + char out2[] = "=0A=3Dfoo=0Aba=3Dr=0Atest=3D=0A"; + + ret = quote_string(inp1); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out1, ret); + + ret = quote_string(inp2); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out2, ret); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + +void Test_unquote_string_ok (CuTest *tc) { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + char * ret = 0; + + char out1[] = "foo\nba=r\ntes[t"; + char inp1[] = "foo=0Aba=3Dr=0Ates=5Bt"; + + char out2[] = "\n=foo\nba=r\ntest=\n"; + char inp2[] = "=0A=3Dfoo=0Aba=3Dr=0Atest=3D=0A"; + + char out3[] = ""; /* encoded '\0' at start */ + char inp3[] = "=00=3Dfoo=0Aba=3Dr=0Atest=3D=0A"; + + ret = unquote_string(inp1); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out1, ret); + + ret = unquote_string(inp2); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out2, ret); + + ret = unquote_string(inp3); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out3, ret); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + + + Index: branches/samhain-2_2-branch/src/cutest_sh_tiger0.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_sh_tiger0.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_sh_tiger0.c (revision 66) @@ -0,0 +1,380 @@ + +#include "config_xor.h" + +#include +#include +#include +#include "CuTest.h" + +#include "sh_tiger.h" + +static void init() { + + extern unsigned char TcpFlag[8][PW_LEN+1]; + extern UINT32 ErrFlag[2]; + unsigned char * dez = NULL; + int i; + + skey = (sh_key_t *) malloc (sizeof(sh_key_t)); + if (skey == NULL) + { + perror(_("sh_init")); + _exit (EXIT_FAILURE); + } + + skey->mlock_failed = SL_FALSE; + skey->rngI = BAD; + /* properly initialized later + */ + skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17; + skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17; + skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17; + + for (i = 0; i < KEY_BYT; ++i) + skey->poolv[i] = '\0'; + + skey->poolc = 0; + + skey->ErrFlag[0] = ErrFlag[0]; + ErrFlag[0] = 0; + skey->ErrFlag[1] = ErrFlag[1]; + ErrFlag[1] = 0; + + dez = &(TcpFlag[POS_TF-1][0]); + for (i = 0; i < PW_LEN; ++i) + { + skey->pw[i] = (char) (*dez); + (*dez) = '\0'; + ++dez; + } + + skey->sh_sockpass[0] = '\0'; + skey->sigkey_old[0] = '\0'; + skey->sigkey_new[0] = '\0'; + skey->mailkey_old[0] = '\0'; + skey->mailkey_new[0] = '\0'; + skey->crypt[0] = '\0'; + skey->session[0] = '\0'; + skey->vernam[0] = '\0'; + +} + +void Test_tiger(CuTest *tc) { + + char * input; + char * actual; + char * expected; + + input = ""; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A"; + CuAssertStrEquals(tc, expected, actual); + + input = "abc"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "F258C1E88414AB2A527AB541FFC5B8BF935F7B951C132951"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF"; + CuAssertStrEquals(tc, expected, actual); + + input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "87FB2A9083851CF7470D2CF810E6DF9EB586445034A5A386"; + CuAssertStrEquals(tc, expected, actual); + + input = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "467DB80863EBCE488DF1CD1261655DE957896565975F9197"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "0C410A042968868A1671DA5A3FD29A725EC1E457D3CDB303"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge."; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "EBF591D5AFA655CE7F22894FF87F54AC89C811B6B0DA3193"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996."; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "3D9AEB03D1BD1A6357B2774DFD6D5B24DD68151D503974FC"; + CuAssertStrEquals(tc, expected, actual); + + input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input)); + expected = "00B83EB4E53440C576AC6AAEE0A7485825FD15E70A59FFE4"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_tiger_file(CuTest *tc) { + + SL_TICKET rval_open; + FILE * fp; + int result; + char * actual; + char * expected; + + init(); + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "%s\n", + "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same result as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 0, 0); + expected = "0E9321614C966A33608C2A15F156E0435CACFD1213B9F095"; + CuAssertStrEquals(tc, expected, actual); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + tiger_fd = rval_open; + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 0, 0); + expected = "0E9321614C966A33608C2A15F156E0435CACFD1213B9F095"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("MD5"); + CuAssertTrue(tc, result == 0); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + tiger_fd = rval_open; + + /* same result as GNU md5sum + */ + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 0, 0); + expected = "AEEC4DDA496BCFBA691F4E8863BA84C00000000000000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("SHA1"); + CuAssertTrue(tc, result == 0); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + tiger_fd = rval_open; + + /* same result as gpg --print-md SHA1 + */ + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 0, 0); + expected = "2FE65D1D995B8F8BC8B13F798C07E7E935A787ED00000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); + + /* --------------------------------------------------- */ + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "\n"); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same result as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 0, 0); + expected = "F987845A0EA784367BF9E4DB09014995810F27C99C891734"; + CuAssertStrEquals(tc, expected, actual); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); + + /* --------------------------------------------------- */ + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.\n"); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same result as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 0, 0); + expected = "75B98A7AE257A230189828A40792E30B4038D286479CC7B8"; + CuAssertStrEquals(tc, expected, actual); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); + +} + +/* test checksum of file upto some given length + */ +void Test_tiger_file_with_length(CuTest *tc) { + + SL_TICKET rval_open; + FILE * fp; + int result; + char * actual; + char * expected; + + char * teststring = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.\n"; + int testlen = strlen(teststring); + + init(); + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "%s", teststring); + CuAssertTrue(tc, result >= 0); + result = fprintf(fp, "%s", teststring); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, testlen, 0); + expected = "75B98A7AE257A230189828A40792E30B4038D286479CC7B8"; + CuAssertStrEquals(tc, expected, actual); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 2*testlen, 0); + expected = "B5B4FB97B01ADB58794D87A6A01B2368852FA764BD93AB90"; + CuAssertStrEquals(tc, expected, actual); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 0, 0); + expected = "B5B4FB97B01ADB58794D87A6A01B2368852FA764BD93AB90"; + CuAssertStrEquals(tc, expected, actual); + + fp = fopen("cutest_foo", "a"); + CuAssertPtrNotNull(tc, fp); + result = fprintf(fp, "%s", teststring); + CuAssertTrue(tc, result >= 0); + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, testlen, 0); + expected = "75B98A7AE257A230189828A40792E30B4038D286479CC7B8"; + CuAssertStrEquals(tc, expected, actual); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 2*testlen, 0); + expected = "B5B4FB97B01ADB58794D87A6A01B2368852FA764BD93AB90"; + CuAssertStrEquals(tc, expected, actual); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 3*testlen, 0); + expected = "D0EE1A9956CAB22D84B51A5E0C093B724828C6A1F9CBDB7F"; + CuAssertStrEquals(tc, expected, actual); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 0, 0); + expected = "D0EE1A9956CAB22D84B51A5E0C093B724828C6A1F9CBDB7F"; + CuAssertStrEquals(tc, expected, actual); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, 5, 0); + expected = "9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF"; + CuAssertStrEquals(tc, expected, actual); + + /* same results as GNU md5sum */ + + result = sh_tiger_hashtype("MD5"); + CuAssertTrue(tc, result == 0); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + tiger_fd = rval_open; + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, testlen, 0); + expected = "11E7E7EA486136273606BEE57C71F34B0000000000000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 2*testlen, 0); + expected = "D49DAD474095D467E2E5EFCB2DC23A770000000000000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 3*testlen, 0); + expected = "00A1F1C5EDDCCFC430D3862FDA94593E0000000000000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 0, 0); + expected = "00A1F1C5EDDCCFC430D3862FDA94593E0000000000000000"; + CuAssertStrEquals(tc, expected, actual); + + /* same result as gpg --print-md SHA1 + */ + + result = sh_tiger_hashtype("SHA1"); + CuAssertTrue(tc, result == 0); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, testlen, 0); + expected = "F37DB4344CCD140EE315179E9A27512FB4704F0F00000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 2*testlen, 0); + expected = "D2AD5FC366452D81400BAC31F96269DEEF314BC200000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 3*testlen, 0); + expected = "FAA937EF3389C7E786EB0F1006D049D7AEA7B7B600000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FD, 0, 0); + expected = "FAA937EF3389C7E786EB0F1006D049D7AEA7B7B600000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); +} Index: branches/samhain-2_2-branch/src/cutest_sh_tools.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_sh_tools.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_sh_tools.c (revision 66) @@ -0,0 +1,117 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" +#include "sh_tools.h" + +void Test_sh_tools_safe_name_01(CuTest *tc) { + /* xml specific */ + char* input = strdup("hellorld\"foo&"); + char* actual = sh_tools_safe_name(input, 1); +#ifdef SH_USE_XML + char* expected = "hello=3cwo=3erld=22foo=26"; +#else + char* expected = "hellorld\"foo&"; +#endif + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_02(CuTest *tc) { + /* html entities */ + char* input = strdup("hello&"><"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "hello=26=22=3e=3c"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_03(CuTest *tc) { + char* input = strdup("\\\'hello\\"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "=27hello"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello \"world\\\""); + actual = sh_tools_safe_name(input, 0); + expected = "hello \"world=22"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello\\\\"); + actual = sh_tools_safe_name(input, 0); + expected = "hello=5c"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello\\n"); + actual = sh_tools_safe_name(input, 0); + expected = "hello=0a"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_04(CuTest *tc) { + /* invalid and valid octal code */ + char* input = strdup("hello\\\n"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "hello"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello\\100"); + actual = sh_tools_safe_name(input, 0); + expected = "hello=40"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("h\\\"ello\\100a"); + actual = sh_tools_safe_name(input, 0); + expected = "h=22ello=40a"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_05(CuTest *tc) { + /* encoding of '=' */ + char* input = strdup("he=llo=\"foo\""); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "he=3dllo=\"foo\""; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("he=llo="); + actual = sh_tools_safe_name(input, 0); + expected = "he=3dllo="; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_06(CuTest *tc) { + /* line break removal */ + char* input = strdup("hello\nworld"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "hello world"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_07(CuTest *tc) { + /* non-printable chars */ + char* input = strdup("hello world"); + char* actual; + char* expected; + + input[0] = 0x01; + input[5] = 0xFF; + input[10] = 0xF0; + + actual = sh_tools_safe_name(input, 0); + expected = "=01ello=ffworl=f0"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_is_numeric_01(CuTest *tc) { + char* input = strdup("hello world"); + + CuAssertTrue(tc, !is_numeric(input)); + + input = strdup("127.0.0.1"); + CuAssertTrue(tc, is_numeric(input)); + input = strdup("127.0.0.de"); + CuAssertTrue(tc, !is_numeric(input)); + input = strdup("127"); + CuAssertTrue(tc, is_numeric(input)); +} + Index: branches/samhain-2_2-branch/src/cutest_sh_unix.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_sh_unix.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_sh_unix.c (revision 66) @@ -0,0 +1,46 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" +#include "sh_unix.h" + +void Test_sh_unix_lookup_page (CuTest *tc) { + + long pagesize = sh_unix_pagesize(); + + unsigned long base; + int num_pages; + + CuAssert (tc, "pagesize > 0", (pagesize > 0)); + + /* base = sh_unix_lookup_page(in_addr, len, *num_pages); */ + + base = sh_unix_lookup_page(0, pagesize, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 1); + + base = sh_unix_lookup_page(0, pagesize+1, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 2); + + base = sh_unix_lookup_page((void*)pagesize, pagesize, &num_pages); + CuAssert (tc, "base == 0", (base == (unsigned int)pagesize)); + CuAssertIntEquals (tc, num_pages, 1); + + base = sh_unix_lookup_page((void*)pagesize, pagesize+1, &num_pages); + CuAssert (tc, "base == 0", (base == (unsigned int)pagesize)); + CuAssertIntEquals (tc, num_pages, 2); + + base = sh_unix_lookup_page((void*)(pagesize-1), pagesize+1, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 2); + + base = sh_unix_lookup_page((void*)(pagesize-1), pagesize+2, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 3); + +} + + Index: branches/samhain-2_2-branch/src/cutest_sh_utils.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_sh_utils.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_sh_utils.c (revision 66) @@ -0,0 +1,149 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" +#include "sh_utils.h" + +void Test_sh_util_strdup_ok (CuTest *tc) { + char * ret = 0; + char inp[] = "foobar"; + + ret = sh_util_strdup(inp); + CuAssertPtrNotNull(tc, ret); + CuAssert(tc, "expected inp != ret, but inp == ret", (inp != ret)); + CuAssertStrEquals(tc, "foobar", ret); + return; +} + +void Test_sh_util_strconcat_ok (CuTest *tc) { + char * ret = 0; + + ret = sh_util_strconcat("foo", NULL); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "foo", ret); + + ret = sh_util_strconcat("foo", "bar", NULL); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "foobar", ret); + + ret = sh_util_strconcat("/", "foo", "/", "bar", NULL); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "/foo/bar", ret); + + return; +} + +void Test_sh_util_dirname_ok (CuTest *tc) { + char * ret = 0; + + char input0[] = "/foo/bar"; + char res0[] = "/foo"; + + char input1[] = "/foo/bar/"; + char res1[] = "/foo"; + + char input2[] = "/foo"; + char res2[] = "/"; + + char input3[] = "/"; + char res3[] = "/"; + + ret = sh_util_dirname(input0); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res0, ret); + + ret = sh_util_dirname(input1); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res1, ret); + + ret = sh_util_dirname(input2); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res2, ret); + + ret = sh_util_dirname(input3); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res3, ret); + return; +} + +void Test_sh_util_basename_ok (CuTest *tc) { + char * ret = 0; + + char input0[] = "/foo/bar"; + char res0[] = "bar"; + + char input1[] = "/foo/"; + char res1[] = "foo"; + + char input2[] = "/foo"; + char res2[] = "foo"; + + char input3[] = "/"; + char res3[] = "/"; + + char input4[] = "/foo/bar/"; + char res4[] = "bar"; + + ret = sh_util_basename(input0); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res0, ret); + + ret = sh_util_basename(input1); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res1, ret); + + ret = sh_util_basename(input2); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res2, ret); + + ret = sh_util_basename(input3); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res3, ret); + + ret = sh_util_basename(input4); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res4, ret); + + return; +} + +void Test_sh_util_obscure_ok (CuTest *tc) { + + int ret = 0; +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + char input[16] = "foobar"; + + ret = sh_util_obscure_ok ("0xA1,0xA2,0xA3"); + CuAssertIntEquals(tc, ret, 0); + + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = '\t'; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[0] = 0xA1; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0xA2; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0xA3; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0xA4; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + +#else + CuAssertIntEquals(tc, ret, 0); +#endif +} + + Index: branches/samhain-2_2-branch/src/cutest_slib.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_slib.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_slib.c (revision 66) @@ -0,0 +1,26 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" + +void Test_sl_snprintf (CuTest *tc) { + + int ret = 0; + char input[16]; + + memset (&input, 'X', 16); + ret = sl_snprintf(input, 10, "%s\n", "01234567890123456789"); + CuAssertIntEquals(tc, ret, 0); + CuAssertTrue(tc, input[9] == '\0'); + CuAssertTrue(tc, input[10] == 'X'); + + memset (&input, 'X', 16); + ret = sl_snprintf(input, 4, "%d\n", "012345"); + CuAssertIntEquals(tc, ret, 0); + CuAssertTrue(tc, input[3] == '\0'); + CuAssertTrue(tc, input[4] == 'X'); +} + + Index: branches/samhain-2_2-branch/src/cutest_zAVLTree.c =================================================================== --- branches/samhain-2_2-branch/src/cutest_zAVLTree.c (revision 66) +++ branches/samhain-2_2-branch/src/cutest_zAVLTree.c (revision 66) @@ -0,0 +1,247 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "zAVLTree.h" + +struct ztest { + char name[32]; +}; + +static zAVLTree * ztest_tree = NULL; + +static zAVLKey ztest_key (void const * arg) +{ + const struct ztest * sa = (const struct ztest *) arg; + return (zAVLKey) sa->name; +} + +static void free_node (void * inptr) +{ + struct ztest * ptr = (struct ztest *) inptr; + ptr->name[0] = '\0'; +} + +void Test_zAVLTree(CuTest *tc) { + zAVLCursor cursor; + + int result; + int counter = 0; + + struct ztest z1 = { "abc" }; + struct ztest z2 = { "aac" }; + struct ztest z3 = { "aaa1" }; + struct ztest z4 = { "aaa3" }; + struct ztest z5 = { "aaa2" }; + struct ztest z6 = { "aaa6" }; + struct ztest z7 = { "aaa5" }; + struct ztest z8 = { "aaa4" }; + + struct ztest * ptr; + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertTrue(tc, NULL == ptr); + + ztest_tree = zAVLAllocTree (ztest_key); + CuAssertPtrNotNull(tc, ztest_tree); + + do { + + ++counter; + + result = zAVLInsert(ztest_tree, &z1); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z2); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z3); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z4); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z5); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z6); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z7); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 == result); + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z4.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLNext(&cursor); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 != result); + result = zAVLInsert(ztest_tree, &z7); + CuAssertTrue(tc, 0 != result); + result = zAVLInsert(ztest_tree, &z6); + CuAssertTrue(tc, 0 != result); + result = zAVLInsert(ztest_tree, &z5); + CuAssertTrue(tc, 0 != result); + + ptr = zAVLSearch(ztest_tree, z1.name); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLSearch(ztest_tree, z2.name); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLSearch(ztest_tree, z3.name); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLSearch(ztest_tree, z4.name); + CuAssertStrEquals(tc, ptr->name, z4.name); + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z4.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLNext(&cursor); + CuAssertTrue(tc, NULL == ptr); + + + ptr = zAVLSearch(ztest_tree, z5.name); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLSearch(ztest_tree, z6.name); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLSearch(ztest_tree, z7.name); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLSearch(ztest_tree, z8.name); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLSearch(ztest_tree, "foobar"); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z8.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z8.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z3.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z3.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z1.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z1.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLInsert(ztest_tree, &z1); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z3); + CuAssertTrue(tc, 0 == result); + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z4.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLNext(&cursor); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z1.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z1.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z2.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z2.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z3.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z3.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z4.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z4.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z5.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z5.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z6.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z6.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z7.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z7.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z8.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z8.name); + CuAssertTrue(tc, NULL == ptr); + +} while (counter < 100); + + result = zAVLInsert(ztest_tree, &z1); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z2); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z3); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z4); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z5); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z6); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z7); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 == result); + + zAVLFreeTree (ztest_tree, free_node); + CuAssertTrue (tc, z1.name[0] == '\0'); + CuAssertTrue (tc, z2.name[0] == '\0'); + CuAssertTrue (tc, z3.name[0] == '\0'); + CuAssertTrue (tc, z4.name[0] == '\0'); + CuAssertTrue (tc, z5.name[0] == '\0'); + CuAssertTrue (tc, z6.name[0] == '\0'); + CuAssertTrue (tc, z7.name[0] == '\0'); + CuAssertTrue (tc, z8.name[0] == '\0'); +} Index: branches/samhain-2_2-branch/src/depend-gen.c =================================================================== --- branches/samhain-2_2-branch/src/depend-gen.c (revision 66) +++ branches/samhain-2_2-branch/src/depend-gen.c (revision 66) @@ -0,0 +1,415 @@ +#include +#include + +/* copyright (c) 2002 Rainer Wichmann + * License: GNU Public License (GPL) version 2 or later + */ + +/* gcc -O2 -Wall -o depend depend.c + */ + +/* + +# redo if sources change +# +depend.dep: depend.c $(SOURCES) + $(CC) -o depend depend.c + for ff in $(SOURCES); do; \ + depend -o depend.dep $ff; \ + done + nsum=`sum depend.dep`; \ + osum=`cat depend.sum`; \ + if test "x$$osum" != "x$$nsum"; then \ + echo $$nsum > depend.sum + fi + +# only updated if depencies change +# +depend.sum: depend.dep + +Makefile.in: depend.sum + for ff in $(SOURCES); do; \ + depend -o Makefile.in $ff; \ + done + +Makefile: Makefile.in + +*/ + +unsigned int lzo_adler32(unsigned int adler, + const char *buf, unsigned int len); + + +int main (int argc, char * argv[]) +{ + FILE * fout = NULL; + FILE * ftmp = NULL; + FILE * fin = NULL; + + int filep = 1; + + char name[1024]; + char base[1024]; + char tmpname[1024]; + char line[1024]; + char buffer[2048]; + char incdir[1024]; + int inclen = 0; + int count = 2047; + int len = 0; + + unsigned int adler; + + char * p; + char * q; + + incdir[0] = '\0'; + + if (argc < 2) + { + fprintf(stderr, "depend-gen: Missing argument\n"); + return 1; + } + + if (argv[1][0] == '-' && argv[1][1] == 'h') + { + printf("Usage: depend-gen [-i includedir] -(o|t) outfile infile\n"); + printf(" -o replaces, -t truncates\n"); + return 0; + } + + if (argv[1][0] == '-' && argv[1][1] == 'i') + { + if (argc < 3) + { + fprintf(stderr, "depend-gen: -i: Missing argument (includedir)\n"); + return 1; + } + strncpy(incdir, argv[2], 1023); + incdir[1023] = '\0'; + inclen = strlen(incdir); + argc -= 2; ++argv; ++argv; + } + + if (argv[1][0] == '-' && + (argv[1][1] == 'o' || argv[1][1] == 't' || argv[1][1] == 'c')) + { + if (argc < 3) + { + fprintf(stderr, "depend-gen: -%c: Missing argument\n", argv[1][1]); + return 1; + } + if (argv[1][1] == 'o' || argv[1][1] == 'c') + fout = fopen(argv[2], "r+"); + else + fout = fopen(argv[2], "w+"); + + if (!fout) + { + perror("depend-gen: fopen"); + fprintf(stderr, "depend-gen [%d]: -%c %s: Could not open file\n", + __LINE__, argv[1][1], argv[2]); + return 1; + } + filep += 2; + + if (argv[1][1] == 'c') + { + adler = lzo_adler32(0, NULL, 0); + while (NULL != fgets(line, 1023, fout)) + { + adler = lzo_adler32(adler, line, strlen(line)); + } + printf("%u\n", adler); + return 0; + } + + if (argv[1][1] == 't') + ftmp = fout; + else + { + tmpname[0] = '\0'; + if (strlen(argv[filep]) > 1029) + { + fprintf(stderr, "depend-gen: -%c %s: filename too long\n", + argv[1][1], argv[2]); + return 1; + } + + + strncat(tmpname, argv[filep], 1029); + strncat(tmpname, ".tmp", 1023); + ftmp = fopen(tmpname, "w"); + if (!ftmp) + { + perror("depend-gen: fopen"); + fprintf(stderr, "depend-gen [%d]: -%c %s: Could not open file\n", + __LINE__, argv[1][1], tmpname); + return 1; + } + } + + } + else + { + fprintf(stderr, "depend-gen: no output file given (-(o|t) outfile)\n"); + return 1; + } + + + if (argc < (filep+1)) + { + fprintf(stderr, "depend-gen: missing argument (infile)\n"); + return 1; + } + fin = fopen(argv[filep], "r"); + if (!fin) + { + perror("depend-gen: fopen"); + fprintf(stderr, "depend-gen [%d]: -%c %s: Could not open file\n", + __LINE__, argv[1][1], argv[filep]); + return 1; + } + + /* fast forward to dependencies start + */ + do + { + if (NULL == fgets(line, 1023, fout)) + break; + if (0 == strncmp(line, "# DO NOT DELETE THIS LINE", 25)) + break; + fprintf(ftmp, "%s", line); + } + while (1 == 1); + + if (argv[1][1] == 'o') + { + fprintf(ftmp, "# DO NOT DELETE THIS LINE\n"); + } + + strncpy(name, argv[filep], 1023); + p = name; + while (*p != '\0') ++p; + if (name[0] != '\0') --p; + if (*p == 'c') *p = 'o'; + + p = strrchr(name, '/'); + if (p) + ++p; + len = strlen(p); + + /* skip other dependencies + */ + do + { + if (NULL == fgets(line, 1023, fout)) + break; + if (0 == strncmp(line, p, len)) + break; + fprintf(ftmp, "%s", line); + } + while (1 == 1); + + buffer[0] = '\0'; + + while (NULL != fgets(line, 1023, fin)) + { + p = line; + while (*p != '\0' && (*p == ' ' || *p == '\t')) + ++p; + if (0 == strncmp(p, "#include", 8)) + p += 8; + else + continue; + while (*p != '\0' && (*p == ' ' || *p == '\t')) + ++p; + if (*p != '"') + continue; + else + { + ++p; + q = p; + ++q; + while (*q != '\0' && *q != '"') + ++q; + if (*q != '"') + continue; + *q = '\0'; + + /************************************************** + * + * EXCEPTIONS + * + **************************************************/ + if (0 == strcmp(p, "sh_gpg_chksum.h") || + 0 == strcmp(p, "sh_gpg_fp.h")) + { + /* fprintf(stderr, "Excluding %s\n", p); */ + continue; + } + + len = strlen(p); + if (len > count) + { + /* graceful failure */ + fprintf(fout, "# OVERFLOW: incomplete dependencies\n"); + break; + } + if (incdir[0] != '\0') + { + if (0 == strcmp(p, "config.h") || + 0 == strcmp(p, "config_xor.h") || + 0 == strcmp(p, "internal.h") || + 0 == strcmp(p, "sh_ks.h") || + 0 == strcmp(p, "sh_ks_xor.h") || + 0 == strcmp(p, "sh_MK.h")); /* do nothing */ + else + { + strncat(buffer, incdir, count); + count -= inclen; + } + } + strncat(buffer, p, count); + count -= len; + strncat(buffer, " ", count); + --count; + } + } + + /* write the dependencies found + */ + p = strrchr(argv[filep], '/'); + if (p) + { + ++p; + strncpy(name, p, 1023); + } + else + strncpy(name, argv[filep], 1023); + name[1023] = '\0'; + + strcpy(base, "$(srcsrc)/"); + strcat(base, name); + + p = name; + while (*p != '\0') ++p; + if (name[0] != '\0') --p; + if (*p == 'c') + { + *p = 'o'; + fprintf(ftmp, "%s: %s Makefile %s\n", name, base /* argv[filep] */, + buffer); + } + else + { + fprintf(ftmp, "%s: Makefile %s\n", argv[filep], buffer); + } + + /* more dependencies + */ + do + { + if (NULL == fgets(line, 1023, fout)) + break; + fprintf(ftmp, "%s", line); + } + while (1 == 1); + + if (ftmp != NULL) + { + fclose(ftmp); + } + if (fout != NULL) + { + fclose(fout); + } + if (fin != NULL) + { + fclose(fin); + } + + if (argv[1][1] == 'o') + { + if (0 != rename (tmpname, argv[2])) + { + perror("depend-gen: rename"); + fprintf(stderr, "depend-gen: could not rename %s --> %s\n", + tmpname, argv[2]); + return 1; + } + } + + return 0; +} + +/* from the LZO real-time data compression library + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html +*/ +/* + * NOTE: + * the full LZO package can be found at + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +#define LZO_BASE 65521u +#define LZO_NMAX 5552 + +#define LZO_DO1(buf,i) {s1 += buf[i]; s2 += s1;} +#define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1); +#define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2); +#define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4); +#define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8); + +unsigned int lzo_adler32(unsigned int adler, const char *buf, unsigned int len) +{ + unsigned int s1 = adler & 0xffff; + unsigned int s2 = (adler >> 16) & 0xffff; + int k; + + if (buf == NULL) + return 1; + + while (len > 0) + { + k = len < LZO_NMAX ? (int) len : LZO_NMAX; + len -= k; + if (k >= 16) do + { + LZO_DO16(buf,0); + buf += 16; + k -= 16; + } while (k >= 16); + if (k != 0) do + { + s1 += *buf++; + s2 += s1; + } while (--k > 0); + s1 %= LZO_BASE; + s2 %= LZO_BASE; + } + return (s2 << 16) | s1; +} Index: branches/samhain-2_2-branch/src/encode.c =================================================================== --- branches/samhain-2_2-branch/src/encode.c (revision 66) +++ branches/samhain-2_2-branch/src/encode.c (revision 66) @@ -0,0 +1,200 @@ + +/* #include "config.h" */ + + +#include +#include + +int main(int argv, char * argc[]) +{ + int xor_base = -1; + + FILE * inf; + FILE * ouf; + char a, b; + int i, j; + char outfile[1024]; + int inbracket = 0, quoted = 0; + unsigned long count; + + + /* char command[1024]; */ + + if ( argv < 3) + { + fprintf(stderr,"\nUsage: encode "\ + "\n\n"); + fprintf(stderr," This program will:\n"); + fprintf(stderr," - take as input a source code file ,\n"); + fprintf(stderr," - search for literal strings inclosed by _(), "\ + "like '_(string)',\n"); + fprintf(stderr," - replace _(string) by "\ + "_(string XOR ),\n"); + fprintf(stderr, + " - and output the result to './x_'.\n\n"); + fprintf(stderr," _() is supposed to be defined as a macro in "\ + "the code, that\n"); + fprintf(stderr," will allow the program to decode the xor'ed string "\ + "at runtime.\n"); + fprintf(stderr," The effect is that the compiled executable does "\ + "not contain literal\n"); + fprintf(stderr," strings that may trivially be found with the Unix "\ + "'strings' command,\n"); + fprintf(stderr," and thus reveal the nature of "\ + "the program.\n"); + + return -1; + } + + --argv; ++argc; + + xor_base = atoi(argc[0]); + + if (xor_base < 0 || (xor_base > 0 && xor_base < 128) || xor_base > 255) + { + fprintf(stderr, "\nERROR: encode: XOR_VAL=%d is out of "\ + "range (0, 128..255)\n", + xor_base); + fprintf(stderr, "** please follow these steps to fix the problem:\n\n"); + fprintf(stderr, " make clean\n"); + fprintf(stderr, " ./configure [more options] "\ + "--with-stealth=XOR_VAL (range 0, 128..255)\n"); + fprintf(stderr, " make\n\n"); + return -1; + } + + /* fprintf(stderr, " %d\n", xor_base); */ + + --argv; ++argc; + + /* fprintf(stderr, "File: %d\n", argv); */ + + while (argv > 0) + { + inf = fopen(argc[0], "r"); + if (inf == NULL) + { + fprintf(stderr, "Error opening %s\n", argc[0]); + return -1; + } + /* outfile name + */ + i = 0; j = 0; + while (argc[0][i] != '\0') + { + if (argc[0][i] == '/') j = i+1; + ++i; + } + i = 0; + outfile[0] = 'x'; + outfile[1] = '_'; + outfile[2] = '\0'; + while (argc[0][j+i] != '\0') + { + outfile[i+2] = argc[0][j+i]; + ++i; + } + outfile[i+2] = '\0'; + ouf = fopen(outfile, "w"); + if (ouf == NULL) + { + fprintf(stderr, "Error opening %s\n", outfile); + return -1; + } + + /* fprintf(stderr, "File: %s\n", argc[0]); */ + count = 0; + + while (fread(&a, 1, 1, inf) != 0) + { + count++; + + if (a == '"' && quoted == 0) + { + quoted = 1; + fwrite(&a, 1, 1, ouf); + continue; + } + + if (a == '"' && quoted == 1) + { + quoted = 0; + fwrite(&a, 1, 1, ouf); + continue; + } + + if (a == '\n' && quoted == 1) + { + quoted = 0; + fwrite(&a, 1, 1, ouf); + continue; + } + + /* macro start ? + */ + if (a == '_' && inbracket == 0 && quoted == 0) + { + fwrite(&a, 1, 1, ouf); + b = '\0'; + fread(&b, 1, 1, inf); + count++; + fwrite(&b, 1, 1, ouf); + if (b == '(') inbracket = 1; + continue; + } + + /* macro end + */ + if (a == ')' && quoted == 0 && inbracket == 1) + { + inbracket = 0; + /* fprintf(stdout, "\n"); */ + fwrite(&a, 1, 1, ouf); + continue; + } + + /* in a bracket + */ + if (inbracket == 1 && quoted == 1) + { + /* fprintf(stdout, "%c", a); */ + if (a == '\\') + { + fread(&b, 1, 1, inf); + + /* escape sequences + */ + if (b == 't' || b == 'n' || b == 'r' || b == '"') + { + fwrite(&a, 1, 1, ouf); + fwrite(&b, 1, 1, ouf); + } + + else + { + a ^= (char) xor_base; + b ^= (char) xor_base; + } + } + else + { + a ^= (char) xor_base; + fwrite(&a, 1, 1, ouf); + } + continue; + } + + fwrite(&a, 1, 1, ouf); + } + + /* fprintf(stderr, "Bytes read: %ld\n", count); */ + /* sprintf(command, "mv tempfile %s", argc[0]); */ + /* system(command); */ + + fclose(ouf); + fclose(inf); + --argv; ++argc; + } + return 0; +} + Index: branches/samhain-2_2-branch/src/exepack.c =================================================================== --- branches/samhain-2_2-branch/src/exepack.c (revision 66) +++ branches/samhain-2_2-branch/src/exepack.c (revision 66) @@ -0,0 +1,344 @@ +#include "config.h" + + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +extern char **environ; + + +#include "minilzo.h" + +/* integer data type that is _exactly_ 32 bit + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#endif + + +#include "exepack.data" + + +static UINT32 cstate[3], astate[3]; + +/* interval [0, 4294967296] + */ +static UINT32 taus_get_long (UINT32 * state) +{ +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + + return (state[0] ^ state[1] ^ state[2]); +} + +void taus_set_from_state (UINT32 * state, UINT32 * state0) +{ + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + /* 'warm up' + */ + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + + return; +} + +void set2 (char * pos, char c1, char c2) +{ + pos[0] = c1; + pos[1] = c2; + return; +} + +void set4 (char * pos, char c1, char c2, char c3, char c4) +{ + pos[0] = c1; + pos[1] = c2; + pos[2] = c3; + pos[3] = c4; + return; +} + +int main(int argc, char *argv[]) +{ + int file; + + unsigned long i = argc; /* dummy use of argc to fix compiler warning */ + unsigned long len = 0; + + struct stat sbuf; + struct stat fbuf; + + /* For compression. + */ + lzo_byte * inbuf; + lzo_byte * outbuf; + int r; + lzo_uint in_len; + lzo_uint out_len; + + + char * p; + + char fname[128]; +#if defined (__linux__) + char pname[128]; +#endif + + UINT32 pid; + + /* no SUID + */ + if (getuid() != geteuid()) + { + setuid(getuid()); + } + + /* reset umask + */ + umask(0); + + + astate[0] = programkey_0[0]; + astate[1] = programkey_0[1]; + astate[2] = programkey_0[2]; + + taus_set_from_state (cstate, astate); + + out_len = (unsigned long) programlen_compressed_0; + len = (unsigned long) programlen_0; + + outbuf = program_0; + + /* Decode. + */ + for (i = 0; i < out_len; ++i) + { + outbuf[i] ^= (taus_get_long (cstate) & 0xff); + } + + + inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); + + + /* + * Step 1: initialize the LZO library + */ + if (lzo_init() != LZO_E_OK) + { + return 1; + } + + /* + * Step 2: decompress again, now going from `out' to `in' + */ + r = lzo1x_decompress_safe (outbuf, out_len, inbuf, &in_len, NULL); + + if (r == LZO_E_OK && in_len == len) + { + /* + printf("decompressed %lu bytes back into %lu bytes\n", + (long) out_len, (long) in_len); + */ + ; + } + else + { + /* + printf("internal error - decompression failed: %d\n", + r); + */ + return 2; + } + + /* + * Step 3: choose a filename + */ + + nameIt: + + p = fname; + + /* --- use /tmp if the sticky bit is set --- + */ +#if defined(S_ISVTX) + + set4 (p, '/', 't', 'm', 'p'); + p += 4; + *p = '\0'; + + if ( 0 != stat(fname, &sbuf)) + { + if ( (sbuf.st_mode & S_ISVTX) != S_ISVTX) + { + p = fname; + set4 (p, '/', 'u', 's', 'r'); + p += 4; + set4 (p, '/', 'b', 'i', 'n'); + p += 4; + } + } + +#else + + set4 (p, '/', 'u', 's', 'r'); + p += 4; + set4 (p, '/', 'b', 'i', 'n'); + p += 4; + +#endif + + set4 (p, '/', 't', 'm', 'p'); + + p += 4; + + cstate[0] ^= (UINT32) getpid (); + cstate[1] ^= (UINT32) time (NULL); + cstate[0] |= (UINT32) 0x03; + cstate[1] |= (UINT32) 0x09; + + pid = (UINT32) (taus_get_long (cstate) ^ taus_get_long (cstate)); + + for (i = 0; i < 4; ++i) + { + *p = 'a' + (pid % 26); + pid /= 26; + ++p; + } + + pid = (UINT32) (taus_get_long (cstate) ^ taus_get_long (cstate)); + + for (i = 0; i < 4; ++i) + { + *p = 'a' + (pid % 26); + pid /= 26; + ++p; + } + + pid = (UINT32) (taus_get_long (cstate) ^ taus_get_long (cstate)); + + for (i = 0; i < 3; ++i) + { + *p = 'a' + (pid % 26); + pid /= 26; + ++p; + } + *p = '\0'; + + if ( (-1) != stat(fname, &sbuf) || errno != ENOENT) + { + /* because cstate[2] is not initialized, the next name will + * be different + */ + goto nameIt; + } + + if ((file = open (fname, O_CREAT|O_EXCL|O_WRONLY, 0700)) < 0) + { + return (4); + } + + write(file, inbuf, in_len); + +#if defined(__linux__) + + if ( 0 != fstat(file, &sbuf)) + { + return (5); + } + + /* Must reopen for read only. + */ + close(file); + file = open (fname, O_RDONLY, 0); + + if ( 0 != fstat(file, &fbuf)) + { + return (6); + } + + /* check mode, inode, owner, and device, to make sure it is the same file + */ + if (sbuf.st_mode != fbuf.st_mode || + sbuf.st_ino != fbuf.st_ino || + sbuf.st_uid != fbuf.st_uid || + sbuf.st_gid != fbuf.st_gid || + sbuf.st_dev != fbuf.st_dev ) + { + close ( file ); + return ( 6 ); + } + + p = pname; + set4(p, '/', 'p', 'r', 'o'); + p += 4; + + set2(p, 'c', '/'); + p += 2; + + set4(p, 's', 'e', 'l', 'f'); + p += 4; + + set4(p, '/', 'f', 'd', '/'); + p += 4; + + sprintf(p, "%d", file); + + + if (0 == access(pname, R_OK|X_OK)) + { + unlink (fname); + fcntl (file, F_SETFD, FD_CLOEXEC); + execve (pname, argv, environ); + return (8); + } +#endif + + /* /proc not working, or not linux + */ + close (file); + + if ( (i = fork()) != 0) + { + wait (NULL); + execve (fname, argv, environ); + unlink (fname); + return (9); + } + else if (i == 0) + { + if (0 == fork()) + { + sleep (3); + unlink (fname); + } + return (0); + } + + /* only reached in case of error + */ + unlink (fname); + return (-1); +} + Index: branches/samhain-2_2-branch/src/exepack_fill.c =================================================================== --- branches/samhain-2_2-branch/src/exepack_fill.c (revision 66) +++ branches/samhain-2_2-branch/src/exepack_fill.c (revision 66) @@ -0,0 +1,383 @@ +/* +++Date last modified: 05-Jul-1997 */ + +/* +** Case-sensitive Boyer-Moore-Horspool pattern match +** +** public domain by Raymond Gardner 7/92 +** +** limitation: pattern length + string length must be less than 32767 +** +** 10/21/93 rdg Fixed bug found by Jeff Dunlop +** +** limitation lifted Rainer Wichmann 07/2000 +*/ +#include "config.h" + +#ifdef HAVE_BROKEN_INCLUDES +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE +#endif + +#include /* rdg 10/93 */ +#include +#include + +typedef unsigned char uchar; + +#define LARGE 2147483647 /* rw 7/2000 */ + +static long patlen; /* rw 7/2000 */ +static long skip[UCHAR_MAX+1]; /* rw 7/2000 */ /* rdg 10/93 */ +static long skip2; /* rw 7/2000 */ +static uchar *pat; /* rw 7/2000 */ + +void bmh_init(const char *pattern) +{ + long i, lastpatchar; + + pat = (uchar *)pattern; + patlen = strlen(pattern); + for (i = 0; i <= UCHAR_MAX; ++i) /* rdg 10/93 */ + skip[i] = patlen; + for (i = 0; i < patlen; ++i) + skip[pat[i]] = patlen - i - 1; + lastpatchar = pat[patlen - 1]; + skip[lastpatchar] = LARGE; + skip2 = patlen; /* Horspool's fixed second shift */ + for (i = 0; i < patlen - 1; ++i) + { + if (pat[i] == lastpatchar) + skip2 = patlen - i - 1; + } +} + +char * bmh_search(const char * string, const long stringlen) +{ + long i, j; /* rw 7/2000 */ + char *s; + + i = patlen - 1 - stringlen; + if (i >= 0) + return NULL; + string += stringlen; + for ( ;; ) + { + while ( (i += skip[((uchar *)string)[i]]) < 0 ) + ; /* mighty fast inner loop */ + if (i < (LARGE - stringlen)) + return NULL; + i -= LARGE; + j = patlen - 1; + s = (char *)string + (i - j); + while (--j >= 0 && s[j] == pat[j]) + ; + if ( j < 0 ) /* rdg 10/93 */ + return s; /* rdg 10/93 */ + if ( (i += skip2) >= 0 ) /* rdg 10/93 */ + return NULL; /* rdg 10/93 */ + } +} + +/* Everything below: Copyright 2000, Rainer Wichmann */ + +char * my_locate (const char * pattern, const char * data, const long datalen) +{ + bmh_init (pattern); + return (bmh_search (data, datalen) ); +} + +#include +#include +#include +#include + + +#include "config.h" + +#include "minilzo.h" + +/* integer data type that is _exactly_ 32 bit + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#endif + +static UINT32 cstate[3], astate[3]; + +static UINT32 taus_get_long (UINT32 * state) +{ +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + + return (state[0] ^ state[1] ^ state[2]); +} + +void taus_set_from_state (UINT32 * state, UINT32 * state0) +{ + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + /* 'warm up' + */ + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + + return; +} + +int replaceData (char * data, long len, char * in, char * out, long size) +{ + char * pos; + int i; + + pos = my_locate (in, data, len); + if (pos == NULL) + return (-1); + + for (i = 0; i < size; ++i) + { + pos[i] = out[i]; + } + + return 0; +} + +/* Work-memory needed for compression. Allocate memory in units + * of `long' (instead of `char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) long __LZO_MMODEL var [ ((size) + (sizeof(long) - 1)) / sizeof(long) ] + +static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); + +#include +#include +#include + +int main(int argc, char * argv[]) +{ + FILE * fd; + long clen; + char * data; + struct stat sbuf; + + char * ptest; + + unsigned long i; + + int status; + + unsigned long len = 0; + unsigned long have = 0; + + /* For compression. + */ + lzo_byte * inbuf; + lzo_byte * outbuf; + int r; + lzo_uint in_len; + lzo_uint out_len; + + UINT32 len_raw; + UINT32 len_cmp; + + + astate[0] = EXEPACK_STATE_0; + astate[1] = EXEPACK_STATE_1; + astate[2] = EXEPACK_STATE_2; + + + if (argc < 4) + { + fprintf(stderr, + "Usage: exepack_fill \n"); + exit (EXIT_FAILURE); + } + + if (0 != stat (argv[1], &sbuf)) + { + fprintf(stderr, "exepack_fill: could not access file %s\n", argv[1]); + return (-1); + } + clen = sbuf.st_size; + + + data = (char *) malloc (clen * sizeof(char)); + if (data == NULL) + return (-1); + + fd = fopen (argv[1], "r"); + if (fd == NULL) + return (-1); + + fread (data, 1, clen, fd); + fclose (fd); + + + /******************* + * + * THE DATA + * + *******************/ + + + + if (stat (argv[2], &sbuf) < 0) + { + perror ("exepack_fill"); + exit (EXIT_FAILURE); + } + + len = (unsigned long) sbuf.st_size; + + /* Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); + outbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * (len + len / 64 + 16 + 3)); + in_len = len; + + if (NULL == inbuf || NULL == outbuf) + { + fprintf(stderr, "exepack_fill: Out of memory."); + exit (EXIT_FAILURE); + } + + if (NULL == (fd = fopen(argv[2], "r"))) + { + perror ("exepack_fill"); + exit (EXIT_FAILURE); + } + + have = fread (inbuf, 1, len, fd); + fclose (fd); + + if (have != len) + { + fprintf (stderr, "exepack_mkdata: Error reading %s", argv[2]); + exit (EXIT_FAILURE); + } + + /* + * Step 1: initialize the LZO library + */ + if (lzo_init() != LZO_E_OK) + { + fprintf(stderr, "exepack_fill: lzo_init() failed\n"); + return 3; + } + + /* + * Step 3: compress from `in' to `out' with LZO1X-1 + */ + r = lzo1x_1_compress(inbuf, in_len, outbuf, &out_len, wrkmem); + + if (r == LZO_E_OK) + printf("exepack_fill: compressed %lu bytes into %lu bytes\n", + (long) in_len, (long) out_len); + else + { + /* this should NEVER happen */ + printf("exepack_fill: internal error - compression failed: %d\n", r); + return 2; + } + + /* check for an incompressible block + */ + if (out_len >= in_len) + { + printf("exepack_fill: Incompressible data.\n"); + } + + taus_set_from_state (cstate, astate); + for (i = 0; i < out_len; ++i) + { + outbuf[i] ^= (taus_get_long (cstate) & 0xff); + } + + len_raw = in_len; + len_cmp = out_len; + + if ( (unsigned long) len_cmp > (unsigned long) clen) + { + printf("exepack_fill: Compressed length (%ld) exceeds container length (%ld).\n", (long) len_cmp, (long) clen); + return (8); + } + + + /*********** + * + * Fill program + * + **********/ + + status = replaceData (data, clen, "LLLL", (char *) &len_raw, sizeof(UINT32)); + if (status < 0) + { + printf("exepack_fill: Could not write raw lenght %d.\n", len_raw); + return (8); + } + status = replaceData (data, clen, "CCCC", (char *) &len_cmp, sizeof(UINT32)); + if (status < 0) + { + printf("exepack_fill: Could not write compressed lenght %d.\n", + len_cmp); + return (8); + } + status = replaceData (data, clen, "CONTAINER", outbuf, out_len); + if (status < 0) + { + printf("exepack_fill: Could not write program data.\n"); + return (8); + } + + /*********** + * + * Write program + * + **********/ + + if ( NULL == (fd = fopen(argv[3], "w" ))) + { + perror ("exepack_fill"); + exit (EXIT_FAILURE); + } + + fwrite (data, 1, clen, fd); + + fclose (fd); + + ptest = my_locate("LLLL", data, clen); + if (ptest != NULL) + { + printf("exepack_fill: ERROR: program length not updated.\n"); + return (8); + } + ptest = my_locate("CCCC", data, clen); + if (ptest != NULL) + { + printf("exepack_fill: ERROR: compressed program length not updated.\n"); + return (8); + } + ptest = my_locate("CONTAINER", data, clen); + if (ptest != NULL) + { + printf("exepack_fill: ERROR: program data not updated.\n"); + return (8); + } + + return 0; +} + Index: branches/samhain-2_2-branch/src/exepack_mkdata.c =================================================================== --- branches/samhain-2_2-branch/src/exepack_mkdata.c (revision 66) +++ branches/samhain-2_2-branch/src/exepack_mkdata.c (revision 66) @@ -0,0 +1,248 @@ +#include "config.h" + + +#include +#include +#include + + +#include "minilzo.h" + +/* integer data type that is _exactly_ 32 bit + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#endif + +#if 0 +static UINT32 cstate[3], astate[3]; + +/* interval [0, 4294967296] + */ +static UINT32 taus_get_long (UINT32 * state) +{ +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + + return (state[0] ^ state[1] ^ state[2]); +} + +void taus_set_from_state (UINT32 * state, UINT32 * state0) +{ + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + /* 'warm up' + */ + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + + return; +} +#endif + + +/* Work-memory needed for compression. Allocate memory in units + * of `long' (instead of `char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) \ + long __LZO_MMODEL var [ ((size) + (sizeof(long) - 1)) / sizeof(long) ] + +static HEAP_ALLOC(wrkmem,LZO1X_1_MEM_COMPRESS); + +#include +#include + +int main(int argc, char **argv) +{ + + FILE * fd; + FILE * fd_out; + + struct stat sbuf; + + int num = -1; + + unsigned long i; + unsigned long len = 0; + unsigned long have = 0; + + /* For compression. + */ + lzo_byte * inbuf; + lzo_byte * outbuf; + int r; + lzo_uint in_len; + lzo_uint out_len; + + +#if 0 + astate[0] = EXEPACK_STATE_0; + astate[1] = EXEPACK_STATE_1; + astate[2] = EXEPACK_STATE_2; +#endif + + if (argc < 4 || (num = atoi(argv[3])) < 0) + { + fprintf(stderr, + "Usage: exepack_mkdata [ARGS]\n"); + exit (EXIT_FAILURE); + } + + /* the include file + */ + if (NULL == (fd_out = fopen(argv[2], "w")) ) + { + fprintf(stderr, "exepack_mkdata: Error opening %s for write.\n", + argv[2]); + exit (EXIT_FAILURE); + } + + + /* write data + */ + fprintf (fd_out, "UINT32 programkey_%d[3] = { 0x%x, 0x%x, 0x%x };\n", + num, EXEPACK_STATE_0, EXEPACK_STATE_1, EXEPACK_STATE_2); + + if (num == 0) + { + fprintf (fd_out, "UINT32 programlen_%d = %ld;\n\n", + num, 0x4C4C4C4CL); + fprintf (fd_out, "UINT32 programlen_compressed_%d = %ld;\n\n", + num, 0x43434343L); + } + else + { + fprintf (fd_out, "UINT32 programlen_%d = %ld;\n\n", + num, 0x4D4D4D4DL); + fprintf (fd_out, "UINT32 programlen_compressed_%d = %ld;\n\n", + num, 0x44444444L); + } + + + if (stat (argv[1], &sbuf) < 0) + { + perror ("exepack_mkdata"); + exit (EXIT_FAILURE); + } + + len = (unsigned long) sbuf.st_size; + + /* Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); + outbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * (len + len / 64 + 16 + 3)); + in_len = len; + + if (NULL == inbuf || NULL == outbuf) + { + fprintf(stderr, "exepack_mkdata: Out of memory."); + exit (EXIT_FAILURE); + } + + if (NULL == (fd = fopen(argv[1], "r"))) + { + perror ("exepack_mkdata"); + exit (EXIT_FAILURE); + } + + have = fread (inbuf, 1, len, fd); + fclose (fd); + + if (have != len) + { + fprintf (stderr, "exepack_mkdata: Error reading %s", argv[1]); + exit (EXIT_FAILURE); + } + + /* + * Step 1: initialize the LZO library + */ + if (lzo_init() != LZO_E_OK) + { + fprintf(stderr, "exepack_mkdata: lzo_init() failed\n"); + return 3; + } + + /* + * Step 3: compress from `in' to `out' with LZO1X-1 + */ + r = lzo1x_1_compress(inbuf, in_len, outbuf, &out_len, wrkmem); + + if (r == LZO_E_OK) + printf("exepack_mkdata: compressed %lu bytes into %lu bytes\n", + (long) in_len, (long) out_len); + else + { + /* this should NEVER happen */ + printf("exepack_mkdata: internal error - compression failed: %d\n", r); + return 2; + } + + /* check for an incompressible block + */ + if (out_len >= in_len) + { + printf("exepack_mkdata: Incompressible data.\n"); + } + + fprintf (fd_out, "lzo_byte program_%d[] = {\n", num); + + fprintf (fd_out, "0x43, 0x4F, 0x4E, 0x54, 0x41, 0x49, 0x4E, 0x45, 0x52,\n"); + + /* + taus_set_from_state (cstate, astate); + for (i = 0; i < out_len; ++i) + { + outbuf[i] =^ (taus_get_long (cstate) & 0xff); + } + */ + + + for (i = 1; i <= out_len; ++i) + { + fprintf(fd_out, "0x00,"); + if (0 == (i % 20)) + fprintf(fd_out, "\n"); + } + + fprintf(fd_out, "\n"); + + for (i = 1; i <= 256; ++i) + { + fprintf(fd_out, "0x00,"); + if (0 == (i % 20)) + fprintf(fd_out, "\n"); + } + + fprintf (fd_out, "0x00 };\n\n"); + + + fclose (fd_out); + + if (argc > 4) + { + fprintf (fd_out, "char * const programargv_%d[]={\n", num); + + for(len = 4; len < (unsigned int) argc; len++) + fprintf(fd_out, "\"%s\",", argv[len-4]); + + fprintf(fd_out, "NULL };\n\n"); + } + + return 0; +} Index: branches/samhain-2_2-branch/src/kern_head.c =================================================================== --- branches/samhain-2_2-branch/src/kern_head.c (revision 66) +++ branches/samhain-2_2-branch/src/kern_head.c (revision 66) @@ -0,0 +1,947 @@ +/* + * need to #define SH_USE_KERN + * + */ +#define SH_SYSCALL_CODE + +#include "config.h" + +#ifdef HOST_IS_I86LINUX +#define SH_IDT_TABLE +#endif + +#include +#include + +#if defined(SH_USE_KERN) + +#undef _ +#define _(string) string +#undef N_ +#define N_(string) string + +void usage(int flag) +{ + printf("\n"); + printf("Usage: kern_head [-v | --verbose]\n"); + printf(" kern_head [-h | --help]\n"); + printf("\n"); + /* + * printf(" You need superuser privileges to use this program,\n"); + * printf(" because only the superuser can read from /dev/kmem.\n"); + * printf("\n"); + */ + exit(flag); +} + +#if defined(HOST_IS_LINUX) + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* number of system calls */ +#define SH_MAXCALLS 512 + +#include "kern_head.h" + +static int verbose = 0; + +typedef struct _smap_entry { +#ifdef SH_SYSCALL_CODE + unsigned int code[2]; /* 8 bytes */ +#endif + unsigned long addr; + char name[64]; +} smap_entry; + +union { + unsigned long addr_sys_call_table; + unsigned char str_sys_call_table[sizeof(unsigned long)]; +} sh_sys_call; + +#define SYS_CODE_SIZE 1024 + +static unsigned long addr_system_call; +static unsigned char system_call_code[SYS_CODE_SIZE]; + +static int kmem_read (int fd, unsigned long addr, unsigned char * buf, int len) +{ + if (lseek(fd, addr, SEEK_SET) == (off_t) (-1)) + { + if (verbose) + perror("kmem_read: lseek"); + return -1; + } + if (read(fd, buf, len) < 0) + { + if (verbose) + perror("kmem_read: read"); + return -1; + } + return 0; +} + +static int kmem_mmap (int fd, unsigned long addr, unsigned char * buf, int len) +{ + size_t moff, roff; + size_t sz; + char * kmap; + + + /* first, try read() + */ + int ret_old = kmem_read (fd, addr, buf, len); + + if (ret_old == 0) + return ret_old; + + if (verbose) + fprintf(stderr, + "kmem_mmap: read() from /dev/kmem failed, now trying mmap()\n"); + + sz = getpagesize(); /* unistd.h */ + + moff = ((size_t)(addr/sz)) * sz; /* lower page boundary */ + roff = addr - moff; /* off relative to lower address of mmapped area */ + kmap = mmap(0, len+sz, PROT_READ, MAP_PRIVATE, fd, moff);/* sys/mman.h */ + + if (kmap == MAP_FAILED) + { + perror("kmem_mmap: mmap"); + return -1; + } + memcpy (buf, &kmap[roff], len); + + if (munmap(kmap, len+sz) != 0) + { + perror("kmem_mmap: munmap"); + return -1; + } + + return 0; +} + +int read_kcode (unsigned long addr, unsigned char * buf, int len) +{ + int fd; + + if (addr == 0UL) + { + perror("read_kcode: invalid input"); + return -1; + } + + fd = open ("/dev/kmem", O_RDONLY); + if (fd < 0) + { + perror("read_kcode: open /dev/kmem"); + return -1; + } + if (kmem_mmap(fd, addr, buf, len) < 0) + { + close (fd); + return -1; + } + close (fd); + return 0; +} + +int get_dispatch (int * qq) +{ + int i; + + if (addr_system_call == 0L || sh_sys_call.addr_sys_call_table == 0L) + { + fprintf(stderr, "get_dispatch: invalid data\n"); + return -1; + } + + if (0 != read_kcode (addr_system_call, system_call_code, SYS_CODE_SIZE)) + { + fprintf(stderr, "get_dispatch: could not read system_call code\n"); + return -1; + } + + for (i = 0; i < (SYS_CODE_SIZE - 4); ++i) + { + if (system_call_code[i] == sh_sys_call.str_sys_call_table[0] && + system_call_code[i+1] == sh_sys_call.str_sys_call_table[1] && + system_call_code[i+2] == sh_sys_call.str_sys_call_table[2] && + system_call_code[i+3] == sh_sys_call.str_sys_call_table[3]) + { + /* + fprintf(stderr, "INFO: get_dispatch: found sys_call_table in "\ + "system_call code at %d\n", i); + */ + *qq = i; + return 0; + } + } + fprintf(stderr, + "get_dispatch: did not find sys_call_table in system_call code\n"); + fprintf(stderr, + "** This indicates that either your System.map does not match\n"); + fprintf(stderr, + "** the currently running kernel, or that your System.map does\n"); + fprintf(stderr, + "** not provide the required information, and thus use of\n"); + fprintf(stderr, + "** the --with-kcheck option is not possible\n"); + return -1; +} + +unsigned long get_symbol_from_systemmap (char * systemmap, + char * symbol, char flag) +{ + FILE * fp; + char buf[512], addr[16], * p; + unsigned long retval = 0; + + fp = fopen (systemmap, "r"); + + if (!fp) + { + fprintf(stderr, "error opening <%s>\n", systemmap); + perror("get_symbol_from_systemmap: fopen"); + return -1; + } + while (fgets(buf, 512, fp) != NULL) + { + if (buf[9] != flag) + continue; + + p = strchr(buf, '\n'); + if (p != NULL) + *p = '\0'; + + if (0 != strcmp(&buf[11], symbol)) + continue; + + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + + retval = strtoul(addr, NULL, 0); + if (retval == ULONG_MAX) + { + perror("get_symbol_from_systemmap"); + return -1; + } + } + fclose(fp); + return retval; +} + + +/* returns the number N of entries in syscall table + * (0 .. N-1) with valid syscalls + */ +int fill_smap(smap_entry * sh_smap, int num) +{ + FILE * fp; + char buf[512], addr[16], name[128]; + int i, j, count = 0, maxcall = 0; + + fp = fopen (SYSTEMMAP, "r"); + + if (!fp) + { + perror("fill_smap: fopen"); + fprintf(stderr, "fill_smap: error opening <%s>\n", SYSTEMMAP); + return -1; + } + + /* initialize + */ + sh_sys_call.addr_sys_call_table = 0L; + + while (fgets(buf, 512, fp) != NULL) + { + + if ( ( (buf[9] == 'D') || (buf[9] == 'd') || + (buf[9] == 'R') || (buf[9] == 'r')) && + 0 == strncmp("sys_call_table", &buf[11], 14)) + { + printf("/* found sys_call_table */\n"); + /* --- copy symbol address --- + */ + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + addr[10] = '\0'; + sh_sys_call.addr_sys_call_table = strtoul(addr, NULL, 0); + if (sh_sys_call.addr_sys_call_table == ULONG_MAX) + { + perror("fill_smap"); + return -1; + } + else + { + printf("#define SH_SYS_CALL_TABLE %s\n", addr); + } + } + + if (buf[9] != 'T') + continue; + + if (0 == strncmp("system_call", &buf[11], 11)) + { + printf("/* found system_call */\n"); + /* --- copy symbol address --- + */ + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + addr[10] = '\0'; + addr_system_call = strtoul(addr, NULL, 0); + if (addr_system_call == ULONG_MAX) + { + perror("fill_smap"); + return -1; + } + } + + + if ( (buf[11]!='s' || buf[12]!='y' || buf[13]!='s' || buf[14]!='_') && + (buf[11]!='o' || buf[12]!='l' || buf[13]!='d' || buf[14]!='_')) + continue; + + for (i = 0; i < num; ++i) + { + for (j = 0; j < 128; ++j) + { + if (buf[11+j] == '\n' || buf[11+j] == '\0') + { + name[j] = '\0'; + break; + } + name[j] = buf[11+j]; + } + + + if (0 == strcmp(name, sh_smap[i].name)) + { + + /* --- copy symbol address --- + */ + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + addr[10] = '\0'; + sh_smap[i].addr = strtoul(addr, NULL, 0); + if (sh_smap[i].addr == ULONG_MAX) + { + perror("fill_smap"); + return -1; + } + ++count; + if (i > maxcall) maxcall = i; + /* printf("maxcall = %d\n", maxcall); */ + /* break; */ + } + } + } + fclose(fp); + if ((count > 0) && (maxcall > 0)) + return maxcall+1; + else + return count; +} + + +int main(int argc, char * argv[]) +{ + int i, count, maxcall, qq; + int which = 4; + int two_six_seventeen_plus = 0; + smap_entry sh_smap[SH_MAXCALLS]; + struct utsname utbuf; + char *p = NULL; + + unsigned long proc_root; + unsigned long proc_root_iops; + unsigned long proc_root_lookup; + + unsigned long addr_ni_syscall = 0; + + if (argc > 1) + { + if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) + usage(EXIT_SUCCESS); + else if (strcmp(argv[1], "-v") == 0 || + strcmp(argv[1], "--verbose") == 0) + verbose = 1; + } + + if (0 != uname(&utbuf)) + { + perror("kern_head: uname"); + exit (EXIT_FAILURE); + } + + if (strncmp(utbuf.release, SH_KERNEL_VERSION, 3) != 0) + { + fprintf(stderr, "kern_head: current kernel version %s does not match\n", + utbuf.release); + fprintf(stderr, "kern_head: %s from config.h\n", SH_KERNEL_VERSION); + fprintf(stderr, "kern_head: continuing with %s\n", SH_KERNEL_VERSION); + + p = SH_KERNEL_VERSION; + } else { + p = utbuf.release; + } + + if (strncmp(p, "2.2", 3) == 0) + which = 2; + else if (strncmp(p, "2.4", 3) == 0) + which = 4; + else if (strncmp(p, "2.6", 3) == 0) + { + which = 6; + if (17 >= atoi (&p[4])) + { + two_six_seventeen_plus = 1; + } + } + else + { + fprintf(stderr, "kern_head: kernel %s not supported\n", p); + exit (EXIT_FAILURE); + } + + + if (utbuf.machine[0] != 'i' || utbuf.machine[2] != '8' || + utbuf.machine[3] != '6') + { + fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine); + exit (EXIT_FAILURE); + } + + if (0 != getuid()) + { + fprintf(stderr, "\n"); + + fprintf(stderr, "NOTE: kern_head: must run as 'root' (need to read from /dev/kmem)\n"); + fprintf(stderr, " If you get this message, then proceed as follows:\n"); + fprintf(stderr, " $ su\n"); + fprintf(stderr, " $ ./kern_head > sh_ks.h\n"); + fprintf(stderr, " $ exit\n"); + fprintf(stderr, " $ make\n\n"); + exit (EXIT_FAILURE); + } + + printf("#ifndef SH_KERN_CALLS_H\n"); + printf("#define SH_KERN_CALLS_H\n\n"); + + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + p, utbuf.machine, + (which == 2) ? "callz_2p2" : "callz_2p4"); + + + /* initiate the system call table + */ + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (which == 2) + { + if (callz_2p2[i] == NULL) + break; + strcpy(sh_smap[i].name, callz_2p2[i]); + } + else + { + if (callz_2p4[i] == NULL) + break; + strcpy(sh_smap[i].name, callz_2p4[i]); + } + sh_smap[i].addr = 0UL; + } + + if (which == 6) /* fix syscall map for 2.6 */ + { + strcpy(sh_smap[0].name, "sys_restart_syscall"); + strcpy(sh_smap[180].name, "sys_pread64"); + strcpy(sh_smap[181].name, "sys_pwrite64"); + } + count = i; + + /* get the actual number of the highest syscalls and use no more. + * get sys_call_table and system_call + */ + maxcall = fill_smap(sh_smap, count); + if ( maxcall < 0) + { + printf("#endif\n"); + fprintf(stderr, "kern_head: fill_smap failed\n"); + exit (EXIT_FAILURE); + } + if (addr_system_call == 0L) + { + printf("#endif\n"); + fprintf(stderr, + "kern_head: address of system_call not found in System.map\n"); + fprintf(stderr, + "** This indicates that your System.map does not provide\n"); + fprintf(stderr, + "** the required information, and thus use of the\n"); + fprintf(stderr, + "** --with-kcheck option is not possible\n"); + exit (EXIT_FAILURE); + } + + for (i = 0; i < maxcall; ++i) + { + if (0 == strcmp(sh_smap[i].name, "sys_ni_syscall")) + { + addr_ni_syscall = sh_smap[i].addr; + break; + } + } + if (which < 6) + { + maxcall = (maxcall > 256) ? 256 : maxcall; + } + + for (i = 0; i < maxcall; ++i) + { + if (sh_smap[i].addr == 0UL) + { + if (verbose > 0) + fprintf(stderr, "** unknown syscall **: [%s]\n", sh_smap[i].name); + strcpy(sh_smap[i].name, "sys_ni_syscall"); + sh_smap[i].addr = addr_ni_syscall; + } + } + + + /* get the location of the syscall table address within system_call + */ + if ( get_dispatch (&qq) < 0) + { + printf("#endif\n"); + fprintf(stderr, "kern_head: get_dispatch failed\n"); + exit (EXIT_FAILURE); + } + + if (qq <= 252) + printf("#define SYS_CALL_LOC %d\n", qq); + else + { + printf("#endif\n"); + fprintf(stderr, "kern_head: SYS_CALL_LOC (%d) too large\n", qq); + exit(EXIT_FAILURE); + } + printf("#define SH_SYS_CALL_ADDR %#lx\n\n", addr_system_call); + + printf("static unsigned char system_call_code[256] = { 0 };\n"); + + printf("#define SH_MAXCALLS %d\n\n", maxcall); + +#ifdef SH_IDT_TABLE + printf("static unsigned char idt_table[2048] = { 0 };\n"); +#endif + + printf("typedef struct _sh_syscall_t {\n"); +#ifdef SH_SYSCALL_CODE + printf(" unsigned int code[2]; /* 8 bytes */\n"); +#endif + printf(" unsigned long addr;\n"); + printf(" char * name;\n"); + printf("} sh_syscall_t;\n\n"); + + printf("static sh_syscall_t sh_syscalls[] = {\n"); + + for (i = 0; i < maxcall; ++i) + { +#ifdef SH_SYSCALL_CODE + printf(" /* %03d */ { { 0, 0 }, 0, N_(%c%s%c) },\n", + i, '"', sh_smap[i].name, '"'); +#else + printf(" /* %03d */ { 0, N_(%c%s%c) },\n", + i, '"', sh_smap[i].name, '"'); +#endif + } +#ifdef SH_SYSCALL_CODE + printf(" /* eof */ { { 0x00000000, 0x00000000 }, 0x00000000, NULL }\n"); +#else + printf(" /* eof */ { 0x00000000, NULL }\n"); +#endif + printf("};\n\n"); + + + /* get proc addresses + */ + proc_root = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root", 'D'); + if (proc_root == 0) + { + proc_root = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root", 'd'); + } + if (proc_root == 0) + { + proc_root = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root", 'R'); + } + if (proc_root != 0) { + printf("#define PROC_ROOT_LOC %#lx\n\n", proc_root); + } + + proc_root_lookup = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_lookup", 't'); + if (proc_root_lookup == 0) + { + proc_root_lookup = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_lookup", 'T'); + } + if (proc_root_lookup != 0) { + printf("#define PROC_ROOT_LOOKUP_LOC %#lx\n\n", proc_root_lookup); + } + + proc_root_iops = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_inode_operations", + 'd'); + if (proc_root_iops == 0) + { + proc_root_iops = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_inode_operations", + 'D'); + } + if (proc_root_iops == 0) + { + proc_root_iops = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_inode_operations", + 'R'); + } + if (proc_root_iops != 0) { + printf("#define PROC_ROOT_IOPS_LOC %#lx\n\n", proc_root_iops); + } + + if (two_six_seventeen_plus == 1) { + printf("#define TWO_SIX_SEVENTEEN_PLUS 1\n\n"); + } + + printf("#endif\n"); + + exit (EXIT_SUCCESS); +} + +/* if defined(HOST_IS_LINUX) */ +#endif + +/************************************************************ + * + * + * FreeBSD Implementation + * + ************************************************************/ + +#if defined(HOST_IS_FREEBSD) || defined(__OpenBSD__) + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef __FreeBSD__ +#include +#endif + +#include + +#ifndef SYS_MAXSYSCALL +#define SYS_MAXSYSCALL 512 +#endif + +/* number of system calls */ +#define SH_MAXCALLS 512 +#include "kern_head.h" +static int verbose = 0; + +#ifdef __OpenBSD__ +struct proc; +struct sysent { + short sy_narg; + short sy_argsize; + int (*sy_call)(struct proc *, void *, register_t *); +}; +#endif + +typedef struct _smap_entry { + unsigned int code[2]; /* 8 bytes */ + unsigned long addr; + char name[64]; +} smap_entry; + +union { + unsigned long addr_sys_call_table; + unsigned char str_sys_call_table[sizeof(unsigned long)]; +} sh_sys_call; + +struct nlist sys_list[SYS_MAXSYSCALL+1]; + +struct nlist list[2]; + + +int main(int argc, char * argv[]) +{ + int i, count, which; + smap_entry sh_smap[SYS_MAXSYSCALL]; + struct utsname utbuf; + char errbuf[_POSIX2_LINE_MAX]; + + struct sysent sy; + unsigned long offset = 0L; + kvm_t *kd; + + list[0].n_name = "_sysent"; + list[1].n_name = NULL; + + if (argc > 1) + { + if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) + usage(EXIT_SUCCESS); + else if (strcmp(argv[1], "-v") == 0 || + strcmp(argv[1], "--verbose") == 0) + verbose = 1; + } + + if (0 != uname(&utbuf)) + { + perror("kern_head: uname"); + exit (EXIT_FAILURE); + } + +#ifdef __OpenBSD__ + if (utbuf.release[0] == '3') + which = 38; +#else + if (utbuf.release[0] == '4') + which = 4; + else if (utbuf.release[0] == '5') + which = 5; + else if (utbuf.release[0] == '6') + which = 5; +#endif + else + { + fprintf(stderr, "kern_head: kernel %s not supported\n", utbuf.release); + exit (EXIT_FAILURE); + } + + if (utbuf.machine[0] != 'i' || utbuf.machine[2] != '8' || + utbuf.machine[3] != '6') + { + fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine); + exit (EXIT_FAILURE); + } + + if (0 != getuid()) + { + fprintf(stderr, "\n"); + fprintf(stderr, "NOTE: kern_head: must run as 'root' "); + fprintf(stderr, "(need to read from /dev/kmem)\n"); + fprintf(stderr, " If you get this message, then proceed "); + fprintf(stderr, "as follows:\n"); + fprintf(stderr, " $ su\n"); + fprintf(stderr, " $ ./kern_head > sh_ks.h\n"); + fprintf(stderr, " $ exit\n"); + fprintf(stderr, " $ make\n\n"); + exit (EXIT_FAILURE); + } + + kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + if (!kd) + { + fprintf(stderr, "check_sysent: kvm_openfiles: %s\n", errbuf); + exit(EXIT_FAILURE); + } + + i = kvm_nlist(kd, list); + if (i == -1) + { + fprintf(stderr, "check_sysent: kvm_nlist: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + else if (i == 1) + { + fprintf(stderr, "check_sysent: kvm_nlist: _sysent not found\n"); + exit(EXIT_FAILURE); + } + else if (list[0].n_value == 0) + { + fprintf(stderr, "check_sysent: kvm_nlist: zero address for _sysent\n"); + exit(EXIT_FAILURE); + } + + if (which == 4) + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + utbuf.release, utbuf.machine, "callz_fbsd"); + else if (which == 5 || which == 6) + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + utbuf.release, utbuf.machine, "callz_fbsd5"); + else if (which == 38) + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + utbuf.release, utbuf.machine, "callz_obsd"); + + + i = 0; + if (which == 4) { + while ((callz_fbsd[i] != NULL) && (i < SYS_MAXSYSCALL)) + { + sys_list[i].n_name = callz_fbsd[i]; + /* fprintf(stderr, "sys_list[%d] = %s\n", i, sys_list[i].n_name); */ + ++i; + } + if ((utbuf.release[1] == '.') && (utbuf.release[2] == '1') && + (utbuf.release[3] == '0')) + { + sys_list[336].n_name = callz_fbsd[151]; /* sendfile -> nosys */ + } + } else if (which == 5 || which == 6) { + while ((callz_fbsd5[i] != NULL) && (i < SYS_MAXSYSCALL)) + { + sys_list[i].n_name = callz_fbsd5[i]; + /* fprintf(stderr, "sys_list[%d] = %s\n", i, sys_list[i].n_name); */ + ++i; + } + } + else if (which == 38) { + while ((callz_obsd[i] != NULL) && (i < SYS_MAXSYSCALL)) + { + sys_list[i].n_name = callz_obsd[i]; + /* fprintf(stderr, "sys_list[%d] = %s\n", i, sys_list[i].n_name); */ + ++i; + } + } + + count = i; + sys_list[i].n_name = NULL; + + i = kvm_nlist(kd, sys_list); + if (i == -1) + { + fprintf(stderr, "check_sysent: kvm_nlist: %s\n", kvm_geterr(kd)); + /* exit(EXIT_FAILURE); */ + } + else if (i != 0 && verbose != 0) + { + fprintf(stderr, "check_sysent: kvm_nlist: %d out of %d invalid.\n", + i, count); + fprintf(stderr, " Probably the table in kern_head.h\n"); + fprintf(stderr, " is not for your kernel version.\n"); + fprintf(stderr, " (No reason to worry, kcheck will "\ + "work anyway)\n\n"); + } + + for (i = 0; i < count /* SYS_MAXSYSCALL */; i++) + { + if (NULL == sys_list[i].n_name) + break; + if (!sys_list[i].n_value && 0 != strcmp(sys_list[i].n_name, "_nosys") + && verbose != 0) + { + fprintf(stderr,"check_sysent: not found: slot %03d [%s]\n", + i, sys_list[i].n_name); + /* exit(EXIT_FAILURE); */ + } + offset = list[0].n_value + (i*sizeof(struct sysent)); + if (kvm_read(kd, offset, &sy, sizeof(struct sysent)) < 0) + { + fprintf(stderr,"check_sysent: kvm_read: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + + if (verbose > 0) + fprintf(stderr, "(kvm_nlist) %#lx %#lx (sysent[%03d]) %03d [%s]\n", + (unsigned long) sys_list[i].n_value, + (unsigned long) sy.sy_call, + i, i, sys_list[i].n_name); + + if((unsigned long)sy.sy_call != sys_list[i].n_value && + sys_list[i].n_value != 0 && + 0 != strcmp(sys_list[i].n_name, "_nosys") && + (unsigned long)sy.sy_call != sys_list[151].n_value) + { + fprintf(stderr, + "WARNING: (kvm_nlist) %#lx != %#lx (sysent[%03d]) %03d [%s]\n", + (unsigned long) sys_list[i].n_value, + (unsigned long) sy.sy_call, + i, i, sys_list[i].n_name); + } + sh_smap[i].addr = (unsigned long) sy.sy_call; + strncpy(sh_smap[i].name, sys_list[i].n_name, 64); + if(kvm_read(kd, (unsigned int) sy.sy_call, &(sh_smap[i].code[0]), + 2 * sizeof(unsigned int)) < 0) + { + fprintf(stderr,"check_sysent: kvm_read: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + } + + if(kvm_close(kd) < 0) + { + fprintf(stderr,"check_sysent: kvm_nlist: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + + printf("#ifndef SH_KERN_CALLS_H\n"); + printf("#define SH_KERN_CALLS_H\n\n"); + + printf("#define SH_MAXCALLS %d\n\n", count); + + printf("typedef struct _sh_syscall_t {\n"); + printf(" unsigned int code[2]; /* 8 bytes */\n"); + printf(" unsigned long addr;\n"); + printf(" char * name;\n"); + printf("} sh_syscall_t;\n\n"); + + printf("static sh_syscall_t sh_syscalls[] = {\n"); + for (i = 0; i < count; ++i) { + printf(" /* %03d */ {{ 0x%-8.8x, 0x%-8.8x }, 0x%-8.8lx, N_(%c%s%c) },\n", + i, sh_smap[i].code[0], sh_smap[i].code[1], + sh_smap[i].addr, '"', sh_smap[i].name, '"'); + } + printf(" /* eof */ { { 0x00000000, 0x00000000 }, 0x00000000, NULL }\n"); + printf("};\n\n"); + printf("#endif\n"); + return 0; +} +/* if defined(HOST_IS_FREEBSD) */ +#endif + +/* #if defined(SH_USE_KERN) */ +#else + +#include +#include + +int main() +{ + printf("#ifndef SH_KERN_CALLS_H\n"); + printf("#define SH_KERN_CALLS_H\n\n"); + + printf("/* Dummy header. */\n\n"); + + printf("typedef struct _sh_syscall_t {\n"); + printf(" unsigned long addr;\n"); + printf(" char * name;\n"); + printf("} sh_syscall_t;\n\n"); + + printf("#endif\n"); + + return (EXIT_SUCCESS); +} + +/* #ifdef SH_USE_KERN */ +#endif Index: branches/samhain-2_2-branch/src/make-tests.sh =================================================================== --- branches/samhain-2_2-branch/src/make-tests.sh (revision 66) +++ branches/samhain-2_2-branch/src/make-tests.sh (revision 66) @@ -0,0 +1,63 @@ +#!/bin/sh + +# Auto generate single AllTests file for CuTest. +# Searches through all *.c files in the current directory. +# Prints to stdout. +# Author: Asim Jalis +# Date: 01/08/2003 + +# Modified to return non-zero if any test has failed +# Rainer Wichmann, 29. Jan 2006 +# ...and to print to stderr if any test has failed +# Rainer Wichmann, 31. Jan 2006 + +if test $# -eq 0 ; then FILES=*.c ; else FILES=$* ; fi + +echo ' + +/* This is auto-generated code. Edit at your own peril. */ + +#include +#include "CuTest.h" + +' + +cat $FILES | grep '^void Test' | + sed -e 's/(.*$//' \ + -e 's/$/(CuTest*);/' \ + -e 's/^/extern /' + +echo \ +' + +int RunAllTests(void) +{ + CuString *output = CuStringNew(); + CuSuite* suite = CuSuiteNew(); + +' +cat $FILES | grep '^void Test' | + sed -e 's/^void //' \ + -e 's/(.*$//' \ + -e 's/^/ SUITE_ADD_TEST(suite, /' \ + -e 's/$/);/' + +echo \ +' + CuSuiteRun(suite); + CuSuiteSummary(suite, output); + CuSuiteDetails(suite, output); + if (suite->failCount > 0) + fprintf(stderr, "%s%c", output->buffer, 0x0A); + else + fprintf(stdout, "%s%c", output->buffer, 0x0A); + return suite->failCount; +} + +int main(void) +{ + int retval; + retval = RunAllTests(); + return (retval == 0) ? 0 : 1; +} +' Index: branches/samhain-2_2-branch/src/minilzo.c =================================================================== --- branches/samhain-2_2-branch/src/minilzo.c (revision 66) +++ branches/samhain-2_2-branch/src/minilzo.c (revision 66) @@ -0,0 +1,2851 @@ +/* minilzo.c -- mini subset of the LZO real-time data compression library + + This file is part of the LZO real-time data compression library. + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +/* + * NOTE: + * the full LZO package can be found at + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE + + + +#define __LZO_IN_MINILZO + +#ifdef MINILZO_HAVE_CONFIG_H +# include +#endif + +#undef LZO_HAVE_CONFIG_H +#include "minilzo.h" + +#if !defined(MINILZO_VERSION) || (MINILZO_VERSION != 0x1060) +# error "version mismatch in miniLZO source files" +#endif + +#ifdef MINILZO_HAVE_CONFIG_H +# define LZO_HAVE_CONFIG_H +#endif + +#if !defined(LZO_NO_SYS_TYPES_H) +# include +#endif +#include + +#ifndef __LZO_CONF_H +#define __LZO_CONF_H + +#if !defined(__LZO_IN_MINILZO) +# ifndef __LZOCONF_H +# include +# endif +#endif + +#if !defined(LZO_HAVE_CONFIG_H) +# include +# include +# if !defined(NO_STDLIB_H) +# include +# endif +# define HAVE_MEMCMP +# define HAVE_MEMCPY +# define HAVE_MEMMOVE +# define HAVE_MEMSET +#else +# include +# if defined(STDC_HEADERS) +# include +# include +# endif +# if defined(HAVE_STDDEF_H) +# include +# endif +# if defined(HAVE_MEMORY_H) +# include +# endif +#endif + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) +# define HAVE_MALLOC_H +# define HAVE_HALLOC +#endif + +#undef NDEBUG +#if !defined(LZO_DEBUG) +# define NDEBUG +#endif +#if defined(LZO_DEBUG) || !defined(NDEBUG) +# if !defined(NO_STDIO_H) +# include +# endif +#endif +#include + +#if defined(__BOUNDS_CHECKING_ON) +# include +#else +# define BOUNDS_CHECKING_OFF_DURING(stmt) stmt +# define BOUNDS_CHECKING_OFF_IN_EXPR(expr) (expr) +#endif + +#if !defined(LZO_UNUSED) +# define LZO_UNUSED(parm) (parm = parm) +#endif + +#if !defined(__inline__) && !defined(__GNUC__) +# if defined(__cplusplus) +# define __inline__ inline +# else +# define __inline__ +# endif +#endif + +#if defined(NO_MEMCMP) +# undef HAVE_MEMCMP +#endif + +#if !defined(HAVE_MEMCMP) +# undef memcmp +# define memcmp lzo_memcmp +#endif +#if !defined(HAVE_MEMCPY) +# undef memcpy +# define memcpy lzo_memcpy +#endif +#if !defined(HAVE_MEMMOVE) +# undef memmove +# define memmove lzo_memmove +#endif +#if !defined(HAVE_MEMSET) +# undef memset +# define memset lzo_memset +#endif + +#if 1 +# define LZO_BYTE(x) ((unsigned char) (x)) +#else +# define LZO_BYTE(x) ((unsigned char) ((x) & 0xff)) +#endif +#if 0 +# define LZO_USHORT(x) ((unsigned short) (x)) +#else +# define LZO_USHORT(x) ((unsigned short) ((x) & 0xffff)) +#endif + +#define LZO_MAX(a,b) ((a) >= (b) ? (a) : (b)) +#define LZO_MIN(a,b) ((a) <= (b) ? (a) : (b)) +#define LZO_MAX3(a,b,c) ((a) >= (b) ? LZO_MAX(a,c) : LZO_MAX(b,c)) +#define LZO_MIN3(a,b,c) ((a) <= (b) ? LZO_MIN(a,c) : LZO_MIN(b,c)) + +#define lzo_sizeof(type) ((lzo_uint) (sizeof(type))) + +#define LZO_HIGH(array) ((lzo_uint) (sizeof(array)/sizeof(*(array)))) + +#define LZO_SIZE(bits) (1u << (bits)) +#define LZO_MASK(bits) (LZO_SIZE(bits) - 1) + +#define LZO_LSIZE(bits) (1ul << (bits)) +#define LZO_LMASK(bits) (LZO_LSIZE(bits) - 1) + +#define LZO_USIZE(bits) ((lzo_uint) 1 << (bits)) +#define LZO_UMASK(bits) (LZO_USIZE(bits) - 1) + +#define LZO_STYPE_MAX(b) (((1l << (8*(b)-2)) - 1l) + (1l << (8*(b)-2))) +#define LZO_UTYPE_MAX(b) (((1ul << (8*(b)-1)) - 1ul) + (1ul << (8*(b)-1))) + +#if !defined(SIZEOF_UNSIGNED) +# if (UINT_MAX == 0xffff) +# define SIZEOF_UNSIGNED 2 +# elif (UINT_MAX == LZO_0xffffffffL) +# define SIZEOF_UNSIGNED 4 +# elif (UINT_MAX >= LZO_0xffffffffL) +# define SIZEOF_UNSIGNED 8 +# else +# error SIZEOF_UNSIGNED +# endif +#endif + +#if !defined(SIZEOF_UNSIGNED_LONG) +# if (ULONG_MAX == LZO_0xffffffffL) +# define SIZEOF_UNSIGNED_LONG 4 +# elif (ULONG_MAX >= LZO_0xffffffffL) +# define SIZEOF_UNSIGNED_LONG 8 +# else +# error SIZEOF_UNSIGNED_LONG +# endif +#endif + +#if !defined(SIZEOF_SIZE_T) +# define SIZEOF_SIZE_T SIZEOF_UNSIGNED +#endif +#if !defined(SIZE_T_MAX) +# define SIZE_T_MAX LZO_UTYPE_MAX(SIZEOF_SIZE_T) +#endif + +#if 1 && defined(__LZO_i386) && (UINT_MAX == LZO_0xffffffffL) +# if !defined(LZO_UNALIGNED_OK_2) && (USHRT_MAX == 0xffff) +# define LZO_UNALIGNED_OK_2 +# endif +# if !defined(LZO_UNALIGNED_OK_4) && (LZO_UINT32_MAX == LZO_0xffffffffL) +# define LZO_UNALIGNED_OK_4 +# endif +#endif + +#if defined(LZO_UNALIGNED_OK_2) || defined(LZO_UNALIGNED_OK_4) +# if !defined(LZO_UNALIGNED_OK) +# define LZO_UNALIGNED_OK +# endif +#endif + +#if defined(__LZO_NO_UNALIGNED) +# undef LZO_UNALIGNED_OK +# undef LZO_UNALIGNED_OK_2 +# undef LZO_UNALIGNED_OK_4 +#endif + +#if defined(LZO_UNALIGNED_OK_2) && (USHRT_MAX != 0xffff) +# error "LZO_UNALIGNED_OK_2 must not be defined on this system" +#endif +#if defined(LZO_UNALIGNED_OK_4) && (LZO_UINT32_MAX != LZO_0xffffffffL) +# error "LZO_UNALIGNED_OK_4 must not be defined on this system" +#endif + +#if defined(__LZO_NO_ALIGNED) +# undef LZO_ALIGNED_OK_4 +#endif + +#if defined(LZO_ALIGNED_OK_4) && (LZO_UINT32_MAX != LZO_0xffffffffL) +# error "LZO_ALIGNED_OK_4 must not be defined on this system" +#endif + +#define LZO_LITTLE_ENDIAN 1234 +#define LZO_BIG_ENDIAN 4321 +#define LZO_PDP_ENDIAN 3412 + +#if !defined(LZO_BYTE_ORDER) +# if defined(MFX_BYTE_ORDER) +# define LZO_BYTE_ORDER MFX_BYTE_ORDER +# elif defined(__LZO_i386) +# define LZO_BYTE_ORDER LZO_LITTLE_ENDIAN +# elif defined(BYTE_ORDER) +# define LZO_BYTE_ORDER BYTE_ORDER +# elif defined(__BYTE_ORDER) +# define LZO_BYTE_ORDER __BYTE_ORDER +# endif +#endif + +#if defined(LZO_BYTE_ORDER) +# if (LZO_BYTE_ORDER != LZO_LITTLE_ENDIAN) && \ + (LZO_BYTE_ORDER != LZO_BIG_ENDIAN) +# error "invalid LZO_BYTE_ORDER" +# endif +#endif + +#if defined(LZO_UNALIGNED_OK) && !defined(LZO_BYTE_ORDER) +# error "LZO_BYTE_ORDER is not defined" +#endif + +#define LZO_OPTIMIZE_GNUC_i386_IS_BUGGY + +#if defined(NDEBUG) && !defined(LZO_DEBUG) && !defined(__BOUNDS_CHECKING_ON) +# if defined(__GNUC__) && defined(__i386__) +# if !defined(LZO_OPTIMIZE_GNUC_i386_IS_BUGGY) +# define LZO_OPTIMIZE_GNUC_i386 +# endif +# endif +#endif + +__LZO_EXTERN_C int __lzo_init_done; +__LZO_EXTERN_C const lzo_byte __lzo_copyright[]; +LZO_EXTERN(const lzo_byte *) lzo_copyright(void); +__LZO_EXTERN_C const lzo_uint32 _lzo_crc32_table[256]; + +#define _LZO_STRINGIZE(x) #x +#define _LZO_MEXPAND(x) _LZO_STRINGIZE(x) + +#define _LZO_CONCAT2(a,b) a ## b +#define _LZO_CONCAT3(a,b,c) a ## b ## c +#define _LZO_CONCAT4(a,b,c,d) a ## b ## c ## d +#define _LZO_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e + +#define _LZO_ECONCAT2(a,b) _LZO_CONCAT2(a,b) +#define _LZO_ECONCAT3(a,b,c) _LZO_CONCAT3(a,b,c) +#define _LZO_ECONCAT4(a,b,c,d) _LZO_CONCAT4(a,b,c,d) +#define _LZO_ECONCAT5(a,b,c,d,e) _LZO_CONCAT5(a,b,c,d,e) + +#if 0 + +#define __LZO_IS_COMPRESS_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) +#define __LZO_QUERY_COMPRESS(i,il,o,ol,w,n,s) \ + (*ol = (n)*(s), LZO_E_OK) + +#define __LZO_IS_DECOMPRESS_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) +#define __LZO_QUERY_DECOMPRESS(i,il,o,ol,w,n,s) \ + (*ol = (n)*(s), LZO_E_OK) + +#define __LZO_IS_OPTIMIZE_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) +#define __LZO_QUERY_OPTIMIZE(i,il,o,ol,w,n,s) \ + (*ol = (n)*(s), LZO_E_OK) + +#endif + +#ifndef __LZO_PTR_H +#define __LZO_PTR_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) +# include +# if 1 && defined(__WATCOMC__) +# include + __LZO_EXTERN_C unsigned char _HShift; +# define __LZO_HShift _HShift +# elif 1 && defined(_MSC_VER) + __LZO_EXTERN_C unsigned short __near _AHSHIFT; +# define __LZO_HShift ((unsigned) &_AHSHIFT) +# elif defined(__LZO_WIN16) +# define __LZO_HShift 3 +# else +# define __LZO_HShift 12 +# endif +# if !defined(_FP_SEG) && defined(FP_SEG) +# define _FP_SEG FP_SEG +# endif +# if !defined(_FP_OFF) && defined(FP_OFF) +# define _FP_OFF FP_OFF +# endif +#endif + +#if (UINT_MAX >= LZO_0xffffffffL) + typedef ptrdiff_t lzo_ptrdiff_t; +#else + typedef long lzo_ptrdiff_t; +#endif + +#if !defined(__LZO_HAVE_PTR_T) +# if defined(lzo_ptr_t) +# define __LZO_HAVE_PTR_T +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED_LONG) +# if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED_LONG) + typedef unsigned long lzo_ptr_t; + typedef long lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED) +# if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED) + typedef unsigned int lzo_ptr_t; + typedef int lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED_SHORT) +# if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED_SHORT) + typedef unsigned short lzo_ptr_t; + typedef short lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(LZO_HAVE_CONFIG_H) || defined(SIZEOF_CHAR_P) +# error "no suitable type for lzo_ptr_t" +# else + typedef unsigned long lzo_ptr_t; + typedef long lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +#endif + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) +#define PTR(a) ((lzo_bytep) (a)) +#define PTR_ALIGNED_4(a) ((_FP_OFF(a) & 3) == 0) +#define PTR_ALIGNED2_4(a,b) (((_FP_OFF(a) | _FP_OFF(b)) & 3) == 0) +#else +#define PTR(a) ((lzo_ptr_t) (a)) +#define PTR_LINEAR(a) PTR(a) +#define PTR_ALIGNED_4(a) ((PTR_LINEAR(a) & 3) == 0) +#define PTR_ALIGNED_8(a) ((PTR_LINEAR(a) & 7) == 0) +#define PTR_ALIGNED2_4(a,b) (((PTR_LINEAR(a) | PTR_LINEAR(b)) & 3) == 0) +#define PTR_ALIGNED2_8(a,b) (((PTR_LINEAR(a) | PTR_LINEAR(b)) & 7) == 0) +#endif + +#define PTR_LT(a,b) (PTR(a) < PTR(b)) +#define PTR_GE(a,b) (PTR(a) >= PTR(b)) +#define PTR_DIFF(a,b) ((lzo_ptrdiff_t) (PTR(a) - PTR(b))) + +LZO_EXTERN(lzo_ptr_t) +__lzo_ptr_linear(const lzo_voidp ptr); + +typedef union +{ + char a_char; + unsigned char a_uchar; + short a_short; + unsigned short a_ushort; + int a_int; + unsigned int a_uint; + long a_long; + unsigned long a_ulong; + lzo_int a_lzo_int; + lzo_uint a_lzo_uint; + lzo_int32 a_lzo_int32; + lzo_uint32 a_lzo_uint32; + ptrdiff_t a_ptrdiff_t; + lzo_ptrdiff_t a_lzo_ptrdiff_t; + lzo_ptr_t a_lzo_ptr_t; + char * a_charp; + lzo_bytep a_lzo_bytep; + lzo_bytepp a_lzo_bytepp; +} +lzo_align_t; + +#ifdef __cplusplus +} +#endif + +#endif + +#define LZO_DETERMINISTIC + +#define LZO_DICT_USE_PTR +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) || defined(__LZO_STRICT_16BIT) +# undef LZO_DICT_USE_PTR +#endif + +#if defined(LZO_DICT_USE_PTR) +# define lzo_dict_t const lzo_bytep +# define lzo_dict_p lzo_dict_t __LZO_MMODEL * +#else +# define lzo_dict_t lzo_uint +# define lzo_dict_p lzo_dict_t __LZO_MMODEL * +#endif + +#if !defined(lzo_moff_t) +#define lzo_moff_t lzo_uint +#endif + +#endif + +LZO_PUBLIC(lzo_ptr_t) +__lzo_ptr_linear(const lzo_voidp ptr) +{ + lzo_ptr_t p; + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) + p = (((lzo_ptr_t)(_FP_SEG(ptr))) << (16 - __LZO_HShift)) + (_FP_OFF(ptr)); +#else + p = PTR_LINEAR(ptr); +#endif + + return p; +} + +LZO_PUBLIC(unsigned) +__lzo_align_gap(const lzo_voidp ptr, lzo_uint size) +{ + lzo_ptr_t p, s, n; + + assert(size > 0); + + p = __lzo_ptr_linear(ptr); + s = (lzo_ptr_t) (size - 1); +#if 0 + assert((size & (size - 1)) == 0); + n = ((p + s) & ~s) - p; +#else + n = (((p + s) / size) * size) - p; +#endif + + assert((long)n >= 0); + assert(n <= s); + + return (unsigned)n; +} + +#ifndef __LZO_UTIL_H +#define __LZO_UTIL_H + +#ifndef __LZO_CONF_H +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if 1 && defined(HAVE_MEMCPY) +#if !defined(__LZO_DOS16) && !defined(__LZO_WIN16) + +#define MEMCPY8_DS(dest,src,len) \ + memcpy(dest,src,len); \ + dest += len; \ + src += len + +#endif +#endif + +#if 0 && !defined(MEMCPY8_DS) + +#define MEMCPY8_DS(dest,src,len) \ + { do { \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + len -= 8; \ + } while (len > 0); } + +#endif + +#if !defined(MEMCPY8_DS) + +#define MEMCPY8_DS(dest,src,len) \ + { register lzo_uint __l = (len) / 8; \ + do { \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + } while (--__l > 0); } + +#endif + +#define MEMCPY_DS(dest,src,len) \ + do *dest++ = *src++; \ + while (--len > 0) + +#define MEMMOVE_DS(dest,src,len) \ + do *dest++ = *src++; \ + while (--len > 0) + +#if 0 && defined(LZO_OPTIMIZE_GNUC_i386) + +#define BZERO8_PTR(s,l,n) \ +__asm__ __volatile__( \ + "movl %0,%%eax \n" \ + "movl %1,%%edi \n" \ + "movl %2,%%ecx \n" \ + "cld \n" \ + "rep \n" \ + "stosl %%eax,(%%edi) \n" \ + : \ + :"g" (0),"g" (s),"g" (n) \ + :"eax","edi","ecx", "memory", "cc" \ +) + +#elif (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMSET) + +#if 1 +#define BZERO8_PTR(s,l,n) memset((s),0,(lzo_uint)(l)*(n)) +#else +#define BZERO8_PTR(s,l,n) memset((lzo_voidp)(s),0,(lzo_uint)(l)*(n)) +#endif + +#else + +#define BZERO8_PTR(s,l,n) \ + lzo_memset((lzo_voidp)(s),0,(lzo_uint)(l)*(n)) + +#endif + +#if 0 +#if defined(__GNUC__) && defined(__i386__) + +unsigned char lzo_rotr8(unsigned char value, int shift); +extern __inline__ unsigned char lzo_rotr8(unsigned char value, int shift) +{ + unsigned char result; + + __asm__ __volatile__ ("movb %b1, %b0; rorb %b2, %b0" + : "=a"(result) : "g"(value), "c"(shift)); + return result; +} + +unsigned short lzo_rotr16(unsigned short value, int shift); +extern __inline__ unsigned short lzo_rotr16(unsigned short value, int shift) +{ + unsigned short result; + + __asm__ __volatile__ ("movw %b1, %b0; rorw %b2, %b0" + : "=a"(result) : "g"(value), "c"(shift)); + return result; +} + +#endif +#endif + +#ifdef __cplusplus +} +#endif + +#endif + +LZO_PUBLIC(lzo_bool) +lzo_assert(int expr) +{ + return (expr) ? 1 : 0; +} + +/* If you use the LZO library in a product, you *must* keep this + * copyright string in the executable of your product. + */ + +const lzo_byte __lzo_copyright[] = +#if !defined(__LZO_IN_MINLZO) + LZO_VERSION_STRING; +#else + "\n\n\n" + "LZO real-time data compression library.\n" + "Copyright (C) 1996, 1997, 1998, 1999 Markus Franz Xaver Johannes Oberhumer\n" + "\n" + "http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html\n" + "\n" + "LZO version: v" LZO_VERSION_STRING ", " LZO_VERSION_DATE "\n" + "LZO build date: " __DATE__ " " __TIME__ "\n\n" + "LZO special compilation options:\n" +#ifdef __cplusplus + " __cplusplus\n" +#endif +#if defined(__PIC__) + " __PIC__\n" +#elif defined(__pic__) + " __pic__\n" +#endif +#if (UINT_MAX < LZO_0xffffffffL) + " 16BIT\n" +#endif +#if defined(__LZO_STRICT_16BIT) + " __LZO_STRICT_16BIT\n" +#endif +#if (UINT_MAX > LZO_0xffffffffL) + " UINT_MAX=" _LZO_MEXPAND(UINT_MAX) "\n" +#endif +#if (ULONG_MAX > LZO_0xffffffffL) + " ULONG_MAX=" _LZO_MEXPAND(ULONG_MAX) "\n" +#endif +#if defined(LZO_BYTE_ORDER) + " LZO_BYTE_ORDER=" _LZO_MEXPAND(LZO_BYTE_ORDER) "\n" +#endif +#if defined(LZO_UNALIGNED_OK_2) + " LZO_UNALIGNED_OK_2\n" +#endif +#if defined(LZO_UNALIGNED_OK_4) + " LZO_UNALIGNED_OK_4\n" +#endif +#if defined(LZO_ALIGNED_OK_4) + " LZO_ALIGNED_OK_4\n" +#endif +#if defined(LZO_DICT_USE_PTR) + " LZO_DICT_USE_PTR\n" +#endif +#if defined(__LZO_QUERY_COMPRESS) + " __LZO_QUERY_COMPRESS\n" +#endif +#if defined(__LZO_QUERY_DECOMPRESS) + " __LZO_QUERY_DECOMPRESS\n" +#endif +#if defined(__LZO_IN_MINILZO) + " __LZO_IN_MINILZO\n" +#endif + "\n\n" + "$Id: LZO " LZO_VERSION_STRING " built " __DATE__ " " __TIME__ +#if defined(__GNUC__) && defined(__VERSION__) + " by gcc " __VERSION__ +#elif defined(__BORLANDC__) + " by Borland C " _LZO_MEXPAND(__BORLANDC__) +#elif defined(_MSC_VER) + " by Microsoft C " _LZO_MEXPAND(_MSC_VER) +#elif defined(__PUREC__) + " by Pure C " _LZO_MEXPAND(__PUREC__) +#elif defined(__SC__) + " by Symantec C " _LZO_MEXPAND(__SC__) +#elif defined(__TURBOC__) + " by Turbo C " _LZO_MEXPAND(__TURBOC__) +#elif defined(__WATCOMC__) + " by Watcom C " _LZO_MEXPAND(__WATCOMC__) +#endif + " $\n" + "$Copyright: LZO (C) 1996, 1997, 1998, 1999 Markus Franz Xaver Johannes Oberhumer $\n"; +#endif + +LZO_PUBLIC(const lzo_byte *) +lzo_copyright(void) +{ + return __lzo_copyright; +} + +LZO_PUBLIC(unsigned) +lzo_version(void) +{ + return LZO_VERSION; +} + +LZO_PUBLIC(const char *) +lzo_version_string(void) +{ + return LZO_VERSION_STRING; +} + +LZO_PUBLIC(const char *) +lzo_version_date(void) +{ + return LZO_VERSION_DATE; +} + +LZO_PUBLIC(const lzo_charp) +_lzo_version_string(void) +{ + return LZO_VERSION_STRING; +} + +LZO_PUBLIC(const lzo_charp) +_lzo_version_date(void) +{ + return LZO_VERSION_DATE; +} + +#define LZO_BASE 65521u +#define LZO_NMAX 5552 + +#define LZO_DO1(buf,i) {s1 += buf[i]; s2 += s1;} +#define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1); +#define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2); +#define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4); +#define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8); + +LZO_PUBLIC(lzo_uint32) +lzo_adler32(lzo_uint32 adler, const lzo_byte *buf, lzo_uint len) +{ + lzo_uint32 s1 = adler & 0xffff; + lzo_uint32 s2 = (adler >> 16) & 0xffff; + int k; + + if (buf == NULL) + return 1; + + while (len > 0) + { + k = len < LZO_NMAX ? (int) len : LZO_NMAX; + len -= k; + if (k >= 16) do + { + LZO_DO16(buf,0); + buf += 16; + k -= 16; + } while (k >= 16); + if (k != 0) do + { + s1 += *buf++; + s2 += s1; + } while (--k > 0); + s1 %= LZO_BASE; + s2 %= LZO_BASE; + } + return (s2 << 16) | s1; +} + +LZO_PUBLIC(int) +lzo_memcmp(const lzo_voidp s1, const lzo_voidp s2, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMCMP) + return memcmp(s1,s2,len); +#else + const lzo_byte *p1 = (const lzo_byte *) s1; + const lzo_byte *p2 = (const lzo_byte *) s2; + int d; + + if (len > 0) do + { + d = *p1 - *p2; + if (d != 0) + return d; + p1++; + p2++; + } + while (--len > 0); + return 0; +#endif +} + +LZO_PUBLIC(lzo_voidp) +lzo_memcpy(lzo_voidp dest, const lzo_voidp src, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMCPY) + return memcpy(dest,src,len); +#else + lzo_byte *p1 = (lzo_byte *) dest; + const lzo_byte *p2 = (const lzo_byte *) src; + + if (len <= 0 || p1 == p2) + return dest; + do + *p1++ = *p2++; + while (--len > 0); + return dest; +#endif +} + +LZO_PUBLIC(lzo_voidp) +lzo_memmove(lzo_voidp dest, const lzo_voidp src, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMMOVE) + return memmove(dest,src,len); +#else + lzo_byte *p1 = (lzo_byte *) dest; + const lzo_byte *p2 = (const lzo_byte *) src; + + if (len <= 0 || p1 == p2) + return dest; + + if (p1 < p2) + { + do + *p1++ = *p2++; + while (--len > 0); + } + else + { + p1 += len; + p2 += len; + do + *--p1 = *--p2; + while (--len > 0); + } + return dest; +#endif +} + +LZO_PUBLIC(lzo_voidp) +lzo_memset(lzo_voidp s, int c, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMSET) + return memset(s,c,len); +#else + lzo_byte *p = (lzo_byte *) s; + + if (len > 0) do + *p++ = LZO_BYTE(c); + while (--len > 0); + return s; +#endif +} + +#include + +#if 0 +# define IS_SIGNED(type) (((type) (1ul << (8 * sizeof(type) - 1))) < 0) +# define IS_UNSIGNED(type) (((type) (1ul << (8 * sizeof(type) - 1))) > 0) +#else +# define IS_SIGNED(type) (((type) (-1)) < ((type) 0)) +# define IS_UNSIGNED(type) (((type) (-1)) > ((type) 0)) +#endif + +static lzo_bool schedule_insns_bug(void); +static lzo_bool strength_reduce_bug(int *); + +#if 0 || defined(LZO_DEBUG) +static lzo_bool __lzo_assert_fail(const char *s, unsigned line) +{ +#if defined(__palmos__) + printf("LZO assertion failed in line %u: '%s'\n",line,s); +#else + fprintf(stderr,"LZO assertion failed in line %u: '%s'\n",line,s); +#endif + return 0; +} +# define __lzo_assert(x) ((x) ? 1 : __lzo_assert_fail(#x,__LINE__)) +#else +# define __lzo_assert(x) ((x) ? 1 : 0) +#endif + +static lzo_bool basic_integral_check(void) +{ + lzo_bool r = 1; + lzo_bool sanity; + + r &= __lzo_assert(CHAR_BIT == 8); + r &= __lzo_assert(sizeof(char) == 1); + r &= __lzo_assert(sizeof(short) >= 2); + r &= __lzo_assert(sizeof(long) >= 4); + r &= __lzo_assert(sizeof(int) >= sizeof(short)); + r &= __lzo_assert(sizeof(long) >= sizeof(int)); + + r &= __lzo_assert(sizeof(lzo_uint32) >= 4); + r &= __lzo_assert(sizeof(lzo_uint32) >= sizeof(unsigned)); +#if defined(__LZO_STRICT_16BIT) + r &= __lzo_assert(sizeof(lzo_uint) == 2); +#else + r &= __lzo_assert(sizeof(lzo_uint) >= 4); + r &= __lzo_assert(sizeof(lzo_uint) >= sizeof(unsigned)); +#endif + +#if defined(SIZEOF_UNSIGNED) + r &= __lzo_assert(SIZEOF_UNSIGNED == sizeof(unsigned)); +#endif +#if defined(SIZEOF_UNSIGNED_LONG) + r &= __lzo_assert(SIZEOF_UNSIGNED_LONG == sizeof(unsigned long)); +#endif +#if defined(SIZEOF_UNSIGNED_SHORT) + r &= __lzo_assert(SIZEOF_UNSIGNED_SHORT == sizeof(unsigned short)); +#endif +#if !defined(__LZO_IN_MINILZO) +#if defined(SIZEOF_SIZE_T) + r &= __lzo_assert(SIZEOF_SIZE_T == sizeof(size_t)); +#endif +#endif + + sanity = IS_UNSIGNED(unsigned short) && IS_UNSIGNED(unsigned) && + IS_UNSIGNED(unsigned long) && + IS_SIGNED(short) && IS_SIGNED(int) && IS_SIGNED(long); + if (sanity) + { + r &= __lzo_assert(IS_UNSIGNED(lzo_uint32)); + r &= __lzo_assert(IS_UNSIGNED(lzo_uint)); + r &= __lzo_assert(IS_SIGNED(lzo_int32)); + r &= __lzo_assert(IS_SIGNED(lzo_int)); + + r &= __lzo_assert(INT_MAX == LZO_STYPE_MAX(sizeof(int))); + r &= __lzo_assert(UINT_MAX == LZO_UTYPE_MAX(sizeof(unsigned))); + r &= __lzo_assert(LONG_MAX == LZO_STYPE_MAX(sizeof(long))); + r &= __lzo_assert(ULONG_MAX == LZO_UTYPE_MAX(sizeof(unsigned long))); + r &= __lzo_assert(SHRT_MAX == LZO_STYPE_MAX(sizeof(short))); + r &= __lzo_assert(USHRT_MAX == LZO_UTYPE_MAX(sizeof(unsigned short))); + r &= __lzo_assert(LZO_UINT32_MAX == LZO_UTYPE_MAX(sizeof(lzo_uint32))); + r &= __lzo_assert(LZO_UINT_MAX == LZO_UTYPE_MAX(sizeof(lzo_uint))); +#if !defined(__LZO_IN_MINILZO) + r &= __lzo_assert(SIZE_T_MAX == LZO_UTYPE_MAX(sizeof(size_t))); +#endif + } + +#if 0 + r &= __lzo_assert(LZO_BYTE(257) == 1); + r &= __lzo_assert(LZO_USHORT(65537L) == 1); +#endif + + return r; +} + +static lzo_bool basic_ptr_check(void) +{ + lzo_bool r = 1; + lzo_bool sanity; + + r &= __lzo_assert(sizeof(char *) >= sizeof(int)); + r &= __lzo_assert(sizeof(lzo_byte *) >= sizeof(char *)); + + r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_byte *)); + r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_voidpp)); + r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_bytepp)); + r &= __lzo_assert(sizeof(lzo_voidp) >= sizeof(lzo_uint)); + + r &= __lzo_assert(sizeof(lzo_ptr_t) == sizeof(lzo_voidp)); + r &= __lzo_assert(sizeof(lzo_ptr_t) >= sizeof(lzo_uint)); + + r &= __lzo_assert(sizeof(lzo_ptrdiff_t) >= 4); + r &= __lzo_assert(sizeof(lzo_ptrdiff_t) >= sizeof(ptrdiff_t)); + +#if defined(SIZEOF_CHAR_P) + r &= __lzo_assert(SIZEOF_CHAR_P == sizeof(char *)); +#endif +#if defined(SIZEOF_PTRDIFF_T) + r &= __lzo_assert(SIZEOF_PTRDIFF_T == sizeof(ptrdiff_t)); +#endif + + sanity = IS_UNSIGNED(unsigned short) && IS_UNSIGNED(unsigned) && + IS_UNSIGNED(unsigned long) && + IS_SIGNED(short) && IS_SIGNED(int) && IS_SIGNED(long); + if (sanity) + { + r &= __lzo_assert(IS_UNSIGNED(lzo_ptr_t)); + r &= __lzo_assert(IS_UNSIGNED(lzo_moff_t)); + r &= __lzo_assert(IS_SIGNED(lzo_ptrdiff_t)); + r &= __lzo_assert(IS_SIGNED(lzo_sptr_t)); + } + + return r; +} + +static lzo_bool ptr_check(void) +{ + lzo_bool r = 1; + int i; + char _wrkmem[10 * sizeof(lzo_byte *) + sizeof(lzo_align_t)]; + lzo_byte *wrkmem; + const lzo_bytepp dict; + unsigned char x[4 * sizeof(lzo_align_t)]; + long d; + lzo_align_t a; + + for (i = 0; i < (int) sizeof(x); i++) + x[i] = LZO_BYTE(i); + + wrkmem = (lzo_byte *) LZO_PTR_ALIGN_UP(_wrkmem,sizeof(lzo_align_t)); + dict = (const lzo_bytepp) wrkmem; + + d = (long) ((const lzo_bytep) dict - (const lzo_bytep) _wrkmem); + r &= __lzo_assert(d >= 0); + r &= __lzo_assert(d < (long) sizeof(lzo_align_t)); + + memset(&a,0xff,sizeof(a)); + r &= __lzo_assert(a.a_ushort == USHRT_MAX); + r &= __lzo_assert(a.a_uint == UINT_MAX); + r &= __lzo_assert(a.a_ulong == ULONG_MAX); + r &= __lzo_assert(a.a_lzo_uint == LZO_UINT_MAX); + + if (r == 1) + { + for (i = 0; i < 8; i++) + r &= __lzo_assert((const lzo_voidp) (&dict[i]) == (const lzo_voidp) (&wrkmem[i * sizeof(lzo_byte *)])); + } + + memset(&a,0,sizeof(a)); + r &= __lzo_assert(a.a_charp == NULL); + r &= __lzo_assert(a.a_lzo_bytep == NULL); + r &= __lzo_assert(NULL == 0); + if (r == 1) + { + for (i = 0; i < 10; i++) + dict[i] = wrkmem; + BZERO8_PTR(dict+1,sizeof(dict[0]),8); + r &= __lzo_assert(dict[0] == wrkmem); + for (i = 1; i < 9; i++) + r &= __lzo_assert(dict[i] == NULL); + r &= __lzo_assert(dict[9] == wrkmem); + } + + if (r == 1) + { + unsigned k = 1; + const unsigned n = (unsigned) sizeof(lzo_uint32); + lzo_byte *p0; + lzo_byte *p1; + + k += __lzo_align_gap(&x[k],n); + p0 = (lzo_bytep) &x[k]; +#if defined(PTR_LINEAR) + r &= __lzo_assert((PTR_LINEAR(p0) & (n-1)) == 0); +#else + r &= __lzo_assert(n == 4); + r &= __lzo_assert(PTR_ALIGNED_4(p0)); +#endif + + r &= __lzo_assert(k >= 1); + p1 = (lzo_bytep) &x[1]; + r &= __lzo_assert(PTR_GE(p0,p1)); + + r &= __lzo_assert(k < 1+n); + p1 = (lzo_bytep) &x[1+n]; + r &= __lzo_assert(PTR_LT(p0,p1)); + + if (r == 1) + { + lzo_uint32 v0 = * (lzo_uint32 *) &x[k]; + lzo_uint32 v1 = * (lzo_uint32 *) &x[k+n]; + + r &= __lzo_assert(v0 > 0); + r &= __lzo_assert(v1 > 0); + } + } + + return r; +} + +LZO_PUBLIC(int) +_lzo_config_check(void) +{ + lzo_bool r = 1; + int i; + union { + lzo_uint32 a; + unsigned short b; + lzo_uint32 aa[4]; + unsigned char x[4*sizeof(lzo_align_t)]; + } u; + +#if 0 + r &= __lzo_assert((const void *)&u == (const void *)&u.a); + r &= __lzo_assert((const void *)&u == (const void *)&u.b); + r &= __lzo_assert((const void *)&u == (const void *)&u.x[0]); + r &= __lzo_assert((const void *)&u == (const void *)&u.aa[0]); +#endif + + r &= basic_integral_check(); + r &= basic_ptr_check(); + if (r != 1) + return LZO_E_ERROR; + + for (i = 0; i < (int) sizeof(u.x); i++) + u.x[i] = LZO_BYTE(i); + +#if 0 + r &= __lzo_assert( (int) (unsigned char) ((char) -1) == 255); +#endif + +#if defined(LZO_BYTE_ORDER) + if (r == 1) + { +# if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + lzo_uint32 a = (lzo_uint32) (u.a & LZO_0xffffffffL); + unsigned short b = (unsigned short) (u.b & 0xffff); + r &= __lzo_assert(a == 0x03020100L); + r &= __lzo_assert(b == 0x0100); +# elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) + lzo_uint32 a = u.a >> (8 * sizeof(u.a) - 32); + unsigned short b = u.b >> (8 * sizeof(u.b) - 16); + r &= __lzo_assert(a == 0x00010203L); + r &= __lzo_assert(b == 0x0001); +# else +# error invalid LZO_BYTE_ORDER +# endif + } +#endif + +#if defined(LZO_UNALIGNED_OK_2) + r &= __lzo_assert(sizeof(short) == 2); + if (r == 1) + { + unsigned short b[4]; + + for (i = 0; i < 4; i++) + b[i] = * (const unsigned short *) &u.x[i]; + +# if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + r &= __lzo_assert(b[0] == 0x0100); + r &= __lzo_assert(b[1] == 0x0201); + r &= __lzo_assert(b[2] == 0x0302); + r &= __lzo_assert(b[3] == 0x0403); +# elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) + r &= __lzo_assert(b[0] == 0x0001); + r &= __lzo_assert(b[1] == 0x0102); + r &= __lzo_assert(b[2] == 0x0203); + r &= __lzo_assert(b[3] == 0x0304); +# endif + } +#endif + +#if defined(LZO_UNALIGNED_OK_4) + r &= __lzo_assert(sizeof(lzo_uint32) == 4); + if (r == 1) + { + lzo_uint32 a[4]; + + for (i = 0; i < 4; i++) + a[i] = * (const lzo_uint32 *) &u.x[i]; + +# if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + r &= __lzo_assert(a[0] == 0x03020100L); + r &= __lzo_assert(a[1] == 0x04030201L); + r &= __lzo_assert(a[2] == 0x05040302L); + r &= __lzo_assert(a[3] == 0x06050403L); +# elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) + r &= __lzo_assert(a[0] == 0x00010203L); + r &= __lzo_assert(a[1] == 0x01020304L); + r &= __lzo_assert(a[2] == 0x02030405L); + r &= __lzo_assert(a[3] == 0x03040506L); +# endif + } +#endif + +#if defined(LZO_ALIGNED_OK_4) + r &= __lzo_assert(sizeof(lzo_uint32) == 4); +#endif + + r &= __lzo_assert(lzo_sizeof_dict_t == sizeof(lzo_dict_t)); + +#if defined(__LZO_IN_MINLZO) + if (r == 1) + { + lzo_uint32 adler; + adler = lzo_adler32(0, NULL, 0); + adler = lzo_adler32(adler, lzo_copyright(), 200); + r &= __lzo_assert(adler == 0x7ea34377L); + } +#endif + + if (r == 1) + { + r &= __lzo_assert(!schedule_insns_bug()); + } + + if (r == 1) + { + static int x[3]; + static unsigned xn = 3; + register unsigned j; + + for (j = 0; j < xn; j++) + x[j] = (int)j - 3; + r &= __lzo_assert(!strength_reduce_bug(x)); + } + + if (r == 1) + { + r &= ptr_check(); + } + + return r == 1 ? LZO_E_OK : LZO_E_ERROR; +} + +static lzo_bool schedule_insns_bug(void) +{ +#if defined(__BOUNDS_CHECKING_ON) || defined(__CHECKER__) + return 0; +#else + const int clone[] = {1, 2, 0}; + const int *q; + q = clone; + return (*q) ? 0 : 1; +#endif +} + +static lzo_bool strength_reduce_bug(int *x) +{ + return x[0] != -3 || x[1] != -2 || x[2] != -1; +} + +int __lzo_init_done = 0; + +LZO_PUBLIC(int) +__lzo_init2(unsigned v, int s1, int s2, int s3, int s4, int s5, + int s6, int s7, int s8, int s9) +{ + int r; + + __lzo_init_done = 1; + + if (v == 0) + return LZO_E_ERROR; + + r = (s1 == -1 || s1 == (int) sizeof(short)) && + (s2 == -1 || s2 == (int) sizeof(int)) && + (s3 == -1 || s3 == (int) sizeof(long)) && + (s4 == -1 || s4 == (int) sizeof(lzo_uint32)) && + (s5 == -1 || s5 == (int) sizeof(lzo_uint)) && + (s6 == -1 || s6 == (int) lzo_sizeof_dict_t) && + (s7 == -1 || s7 == (int) sizeof(char *)) && + (s8 == -1 || s8 == (int) sizeof(lzo_voidp)) && + (s9 == -1 || s9 == (int) sizeof(lzo_compress_t)); + if (!r) + return LZO_E_ERROR; + + r = _lzo_config_check(); + if (r != LZO_E_OK) + return r; + + return r; +} + +#if !defined(__LZO_IN_MINILZO) + +LZO_EXTERN(int) +__lzo_init(unsigned v,int s1,int s2,int s3,int s4,int s5,int s6,int s7); + +LZO_PUBLIC(int) +__lzo_init(unsigned v,int s1,int s2,int s3,int s4,int s5,int s6,int s7) +{ + if (v == 0 || v > 0x1010) + return LZO_E_ERROR; + return __lzo_init2(v,s1,s2,s3,s4,s5,-1,-1,s6,s7); +} + +#endif + +#define do_compress _lzo1x_1_do_compress + +#define LZO_NEED_DICT_H +#define D_BITS 14 +#define D_INDEX1(d,p) d = DM((0x21*DX3(p,5,5,6)) >> 5) +#define D_INDEX2(d,p) d = (d & (D_MASK & 0x7ff)) ^ (D_HIGH | 0x1f) + +#ifndef __LZO_CONFIG1X_H +#define __LZO_CONFIG1X_H + +#if !defined(LZO1X) && !defined(LZO1Y) && !defined(LZO1Z) +# define LZO1X +#endif + +#if !defined(__LZO_IN_MINILZO) +#include +#endif + +#define LZO_EOF_CODE +#undef LZO_DETERMINISTIC + +#define M1_MAX_OFFSET 0x0400 +#ifndef M2_MAX_OFFSET +#define M2_MAX_OFFSET 0x0800 +#endif +#define M3_MAX_OFFSET 0x4000 +#define M4_MAX_OFFSET 0xbfff + +#define MX_MAX_OFFSET (M1_MAX_OFFSET + M2_MAX_OFFSET) + +#define M1_MIN_LEN 2 +#define M1_MAX_LEN 2 +#define M2_MIN_LEN 3 +#ifndef M2_MAX_LEN +#define M2_MAX_LEN 8 +#endif +#define M3_MIN_LEN 3 +#define M3_MAX_LEN 33 +#define M4_MIN_LEN 3 +#define M4_MAX_LEN 9 + +#define M1_MARKER 0 +#define M2_MARKER 64 +#define M3_MARKER 32 +#define M4_MARKER 16 + +#ifndef MIN_LOOKAHEAD +#define MIN_LOOKAHEAD (M2_MAX_LEN + 1) +#endif + +#if defined(LZO_NEED_DICT_H) + +#ifndef LZO_HASH +#define LZO_HASH LZO_HASH_LZO_INCREMENTAL_B +#endif +#define DL_MIN_LEN M2_MIN_LEN + +#ifndef __LZO_DICT_H +#define __LZO_DICT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if !defined(D_BITS) && defined(DBITS) +# define D_BITS DBITS +#endif +#if !defined(D_BITS) +# error D_BITS is not defined +#endif +#if (D_BITS < 16) +# define D_SIZE LZO_SIZE(D_BITS) +# define D_MASK LZO_MASK(D_BITS) +#else +# define D_SIZE LZO_USIZE(D_BITS) +# define D_MASK LZO_UMASK(D_BITS) +#endif +#define D_HIGH ((D_MASK >> 1) + 1) + +#if !defined(DD_BITS) +# define DD_BITS 0 +#endif +#define DD_SIZE LZO_SIZE(DD_BITS) +#define DD_MASK LZO_MASK(DD_BITS) + +#if !defined(DL_BITS) +# define DL_BITS (D_BITS - DD_BITS) +#endif +#if (DL_BITS < 16) +# define DL_SIZE LZO_SIZE(DL_BITS) +# define DL_MASK LZO_MASK(DL_BITS) +#else +# define DL_SIZE LZO_USIZE(DL_BITS) +# define DL_MASK LZO_UMASK(DL_BITS) +#endif + +#if (D_BITS != DL_BITS + DD_BITS) +# error D_BITS does not match +#endif +#if (D_BITS < 8 || D_BITS > 18) +# error invalid D_BITS +#endif +#if (DL_BITS < 8 || DL_BITS > 20) +# error invalid DL_BITS +#endif +#if (DD_BITS < 0 || DD_BITS > 6) +# error invalid DD_BITS +#endif + +#if !defined(DL_MIN_LEN) +# define DL_MIN_LEN 3 +#endif +#if !defined(DL_SHIFT) +# define DL_SHIFT ((DL_BITS + (DL_MIN_LEN - 1)) / DL_MIN_LEN) +#endif + +#define LZO_HASH_GZIP 1 +#define LZO_HASH_GZIP_INCREMENTAL 2 +#define LZO_HASH_LZO_INCREMENTAL_A 3 +#define LZO_HASH_LZO_INCREMENTAL_B 4 + +#if !defined(LZO_HASH) +# error choose a hashing strategy +#endif + +#if (DL_MIN_LEN == 3) +# define _DV2_A(p,shift1,shift2) \ + (((( (lzo_uint32)((p)[0]) << shift1) ^ (p)[1]) << shift2) ^ (p)[2]) +# define _DV2_B(p,shift1,shift2) \ + (((( (lzo_uint32)((p)[2]) << shift1) ^ (p)[1]) << shift2) ^ (p)[0]) +# define _DV3_B(p,shift1,shift2,shift3) \ + ((_DV2_B((p)+1,shift1,shift2) << (shift3)) ^ (p)[0]) +#elif (DL_MIN_LEN == 2) +# define _DV2_A(p,shift1,shift2) \ + (( (lzo_uint32)(p[0]) << shift1) ^ p[1]) +# define _DV2_B(p,shift1,shift2) \ + (( (lzo_uint32)(p[1]) << shift1) ^ p[2]) +#else +# error invalid DL_MIN_LEN +#endif +#define _DV_A(p,shift) _DV2_A(p,shift,shift) +#define _DV_B(p,shift) _DV2_B(p,shift,shift) +#define DA2(p,s1,s2) \ + (((((lzo_uint32)((p)[2]) << (s2)) + (p)[1]) << (s1)) + (p)[0]) +#define DS2(p,s1,s2) \ + (((((lzo_uint32)((p)[2]) << (s2)) - (p)[1]) << (s1)) - (p)[0]) +#define DX2(p,s1,s2) \ + (((((lzo_uint32)((p)[2]) << (s2)) ^ (p)[1]) << (s1)) ^ (p)[0]) +#define DA3(p,s1,s2,s3) ((DA2((p)+1,s2,s3) << (s1)) + (p)[0]) +#define DS3(p,s1,s2,s3) ((DS2((p)+1,s2,s3) << (s1)) - (p)[0]) +#define DX3(p,s1,s2,s3) ((DX2((p)+1,s2,s3) << (s1)) ^ (p)[0]) +#define DMS(v,s) ((lzo_uint) (((v) & (D_MASK >> (s))) << (s))) +#define DM(v) DMS(v,0) + +#if (LZO_HASH == LZO_HASH_GZIP) +# define _DINDEX(dv,p) (_DV_A((p),DL_SHIFT)) + +#elif (LZO_HASH == LZO_HASH_GZIP_INCREMENTAL) +# define __LZO_HASH_INCREMENTAL +# define DVAL_FIRST(dv,p) dv = _DV_A((p),DL_SHIFT) +# define DVAL_NEXT(dv,p) dv = (((dv) << DL_SHIFT) ^ p[2]) +# define _DINDEX(dv,p) (dv) +# define DVAL_LOOKAHEAD DL_MIN_LEN + +#elif (LZO_HASH == LZO_HASH_LZO_INCREMENTAL_A) +# define __LZO_HASH_INCREMENTAL +# define DVAL_FIRST(dv,p) dv = _DV_A((p),5) +# define DVAL_NEXT(dv,p) \ + dv ^= (lzo_uint32)(p[-1]) << (2*5); dv = (((dv) << 5) ^ p[2]) +# define _DINDEX(dv,p) ((0x9f5f * (dv)) >> 5) +# define DVAL_LOOKAHEAD DL_MIN_LEN + +#elif (LZO_HASH == LZO_HASH_LZO_INCREMENTAL_B) +# define __LZO_HASH_INCREMENTAL +# define DVAL_FIRST(dv,p) dv = _DV_B((p),5) +# define DVAL_NEXT(dv,p) \ + dv ^= p[-1]; dv = (((dv) >> 5) ^ ((lzo_uint32)(p[2]) << (2*5))) +# define _DINDEX(dv,p) ((0x9f5f * (dv)) >> 5) +# define DVAL_LOOKAHEAD DL_MIN_LEN + +#else +# error choose a hashing strategy +#endif + +#ifndef DINDEX +#define DINDEX(dv,p) ((lzo_uint)((_DINDEX(dv,p)) & DL_MASK) << DD_BITS) +#endif +#if !defined(DINDEX1) && defined(D_INDEX1) +#define DINDEX1 D_INDEX1 +#endif +#if !defined(DINDEX2) && defined(D_INDEX2) +#define DINDEX2 D_INDEX2 +#endif + +#if !defined(__LZO_HASH_INCREMENTAL) +# define DVAL_FIRST(dv,p) ((void) 0) +# define DVAL_NEXT(dv,p) ((void) 0) +# define DVAL_LOOKAHEAD 0 +#endif + +#if !defined(DVAL_ASSERT) +#if defined(__LZO_HASH_INCREMENTAL) && !defined(NDEBUG) +static void DVAL_ASSERT(lzo_uint32 dv, const lzo_byte *p) +{ + lzo_uint32 df; + DVAL_FIRST(df,(p)); + assert(DINDEX(dv,p) == DINDEX(df,p)); +} +#else +# define DVAL_ASSERT(dv,p) ((void) 0) +#endif +#endif + +#if defined(LZO_DICT_USE_PTR) +# define DENTRY(p,in) (p) +# define GINDEX(m_pos,m_off,dict,dindex,in) m_pos = dict[dindex] +#else +# define DENTRY(p,in) ((lzo_uint) ((p)-(in))) +# define GINDEX(m_pos,m_off,dict,dindex,in) m_off = dict[dindex] +#endif + +#if (DD_BITS == 0) + +# define UPDATE_D(dict,drun,dv,p,in) dict[ DINDEX(dv,p) ] = DENTRY(p,in) +# define UPDATE_I(dict,drun,index,p,in) dict[index] = DENTRY(p,in) +# define UPDATE_P(ptr,drun,p,in) (ptr)[0] = DENTRY(p,in) + +#else + +# define UPDATE_D(dict,drun,dv,p,in) \ + dict[ DINDEX(dv,p) + drun++ ] = DENTRY(p,in); drun &= DD_MASK +# define UPDATE_I(dict,drun,index,p,in) \ + dict[ (index) + drun++ ] = DENTRY(p,in); drun &= DD_MASK +# define UPDATE_P(ptr,drun,p,in) \ + (ptr) [ drun++ ] = DENTRY(p,in); drun &= DD_MASK + +#endif + +#if defined(LZO_DICT_USE_PTR) + +#define LZO_CHECK_MPOS_DET(m_pos,m_off,in,ip,max_offset) \ + (m_pos == NULL || (m_off = (lzo_moff_t) (ip - m_pos)) > max_offset) + +#define LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,max_offset) \ + (BOUNDS_CHECKING_OFF_IN_EXPR( \ + (PTR_LT(m_pos,in) || \ + (m_off = (lzo_moff_t) PTR_DIFF(ip,m_pos)) <= 0 || \ + m_off > max_offset) )) + +#else + +#define LZO_CHECK_MPOS_DET(m_pos,m_off,in,ip,max_offset) \ + (m_off == 0 || \ + ((m_off = (lzo_moff_t) ((ip)-(in)) - m_off) > max_offset) || \ + (m_pos = (ip) - (m_off), 0) ) + +#define LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,max_offset) \ + ((lzo_moff_t) ((ip)-(in)) <= m_off || \ + ((m_off = (lzo_moff_t) ((ip)-(in)) - m_off) > max_offset) || \ + (m_pos = (ip) - (m_off), 0) ) + +#endif + +#if defined(LZO_DETERMINISTIC) +# define LZO_CHECK_MPOS LZO_CHECK_MPOS_DET +#else +# define LZO_CHECK_MPOS LZO_CHECK_MPOS_NON_DET +#endif + +#ifdef __cplusplus +} +#endif + +#endif + +#endif + +#endif + +#define DO_COMPRESS lzo1x_1_compress + +static +lzo_uint do_compress ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +{ +#if 0 && defined(__GNUC__) && defined(__i386__) + register const lzo_byte *ip __asm__("%esi"); +#else + register const lzo_byte *ip; +#endif + lzo_byte *op; + const lzo_byte * const in_end = in + in_len; + const lzo_byte * const ip_end = in + in_len - M2_MAX_LEN - 5; + const lzo_byte *ii; + lzo_dict_p const dict = (lzo_dict_p) wrkmem; + + op = out; + ip = in; + ii = ip; + + ip += 4; + for (;;) + { +#if 0 && defined(__GNUC__) && defined(__i386__) + register const lzo_byte *m_pos __asm__("%edi"); +#else + register const lzo_byte *m_pos; +#endif + lzo_moff_t m_off; + lzo_uint m_len; + lzo_uint dindex; + + DINDEX1(dindex,ip); + GINDEX(m_pos,m_off,dict,dindex,in); + if (LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,M4_MAX_OFFSET)) + goto literal; +#if 1 + if (m_off <= M2_MAX_OFFSET || m_pos[3] == ip[3]) + goto try_match; + DINDEX2(dindex,ip); +#endif + GINDEX(m_pos,m_off,dict,dindex,in); + if (LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,M4_MAX_OFFSET)) + goto literal; + if (m_off <= M2_MAX_OFFSET || m_pos[3] == ip[3]) + goto try_match; + goto literal; + +try_match: +#if 1 && defined(LZO_UNALIGNED_OK_2) + if (* (const lzo_ushortp) m_pos != * (const lzo_ushortp) ip) +#else + if (m_pos[0] != ip[0] || m_pos[1] != ip[1]) +#endif + { + } + else + { + if (m_pos[2] == ip[2]) + { +#if 0 + if (m_off <= M2_MAX_OFFSET) + goto match; + if (lit <= 3) + goto match; + if (lit == 3) + { + assert(op - 2 > out); op[-2] |= LZO_BYTE(3); + *op++ = *ii++; *op++ = *ii++; *op++ = *ii++; + goto code_match; + } + if (m_pos[3] == ip[3]) +#endif + goto match; + } + else + { +#if 0 +#if 0 + if (m_off <= M1_MAX_OFFSET && lit > 0 && lit <= 3) +#else + if (m_off <= M1_MAX_OFFSET && lit == 3) +#endif + { + register lzo_uint t; + + t = lit; + assert(op - 2 > out); op[-2] |= LZO_BYTE(t); + do *op++ = *ii++; while (--t > 0); + assert(ii == ip); + m_off -= 1; + *op++ = LZO_BYTE(M1_MARKER | ((m_off & 3) << 2)); + *op++ = LZO_BYTE(m_off >> 2); + ip += 2; + goto match_done; + } +#endif + } + } + +literal: + UPDATE_I(dict,0,dindex,ip,in); + ++ip; + if (ip >= ip_end) + break; + continue; + +match: + UPDATE_I(dict,0,dindex,ip,in); + if (ip - ii > 0) + { + register lzo_uint t = ip - ii; + + if (t <= 3) + { + assert(op - 2 > out); + op[-2] |= LZO_BYTE(t); + } + else if (t <= 18) + *op++ = LZO_BYTE(t - 3); + else + { + register lzo_uint tt = t - 18; + + *op++ = 0; + while (tt > 255) + { + tt -= 255; + *op++ = 0; + } + assert(tt > 0); + *op++ = LZO_BYTE(tt); + } + do *op++ = *ii++; while (--t > 0); + } + + assert(ii == ip); + ip += 3; + if (m_pos[3] != *ip++ || m_pos[4] != *ip++ || m_pos[5] != *ip++ || + m_pos[6] != *ip++ || m_pos[7] != *ip++ || m_pos[8] != *ip++ +#ifdef LZO1Y + || m_pos[ 9] != *ip++ || m_pos[10] != *ip++ || m_pos[11] != *ip++ + || m_pos[12] != *ip++ || m_pos[13] != *ip++ || m_pos[14] != *ip++ +#endif + ) + { + --ip; + m_len = ip - ii; + assert(m_len >= 3); assert(m_len <= M2_MAX_LEN); + + if (m_off <= M2_MAX_OFFSET) + { + m_off -= 1; +#if defined(LZO1X) + *op++ = LZO_BYTE(((m_len - 1) << 5) | ((m_off & 7) << 2)); + *op++ = LZO_BYTE(m_off >> 3); +#elif defined(LZO1Y) + *op++ = LZO_BYTE(((m_len + 1) << 4) | ((m_off & 3) << 2)); + *op++ = LZO_BYTE(m_off >> 2); +#endif + } + else if (m_off <= M3_MAX_OFFSET) + { + m_off -= 1; + *op++ = LZO_BYTE(M3_MARKER | (m_len - 2)); + goto m3_m4_offset; + } + else +#if defined(LZO1X) + { + m_off -= 0x4000; + assert(m_off > 0); assert(m_off <= 0x7fff); + *op++ = LZO_BYTE(M4_MARKER | + ((m_off & 0x4000) >> 11) | (m_len - 2)); + goto m3_m4_offset; + } +#elif defined(LZO1Y) + goto m4_match; +#endif + } + else + { + { + const lzo_byte *end = in_end; + const lzo_byte *m = m_pos + M2_MAX_LEN + 1; + while (ip < end && *m == *ip) + m++, ip++; + m_len = (ip - ii); + } + assert(m_len > M2_MAX_LEN); + + if (m_off <= M3_MAX_OFFSET) + { + m_off -= 1; + if (m_len <= 33) + *op++ = LZO_BYTE(M3_MARKER | (m_len - 2)); + else + { + m_len -= 33; + *op++ = M3_MARKER | 0; + goto m3_m4_len; + } + } + else + { +#if defined(LZO1Y) +m4_match: +#endif + m_off -= 0x4000; + assert(m_off > 0); assert(m_off <= 0x7fff); + if (m_len <= M4_MAX_LEN) + *op++ = LZO_BYTE(M4_MARKER | + ((m_off & 0x4000) >> 11) | (m_len - 2)); + else + { + m_len -= M4_MAX_LEN; + *op++ = LZO_BYTE(M4_MARKER | ((m_off & 0x4000) >> 11)); +m3_m4_len: + while (m_len > 255) + { + m_len -= 255; + *op++ = 0; + } + assert(m_len > 0); + *op++ = LZO_BYTE(m_len); + } + } + +m3_m4_offset: + *op++ = LZO_BYTE((m_off & 63) << 2); + *op++ = LZO_BYTE(m_off >> 6); + } + +#if 0 +match_done: +#endif + ii = ip; + if (ip >= ip_end) + break; + } + + *out_len = op - out; + return (lzo_uint) (in_end - ii); +} + +LZO_PUBLIC(int) +DO_COMPRESS ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +{ + lzo_byte *op = out; + lzo_uint t; + +#if defined(__LZO_QUERY_COMPRESS) + if (__LZO_IS_COMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) + return __LZO_QUERY_COMPRESS(in,in_len,out,out_len,wrkmem,D_SIZE,lzo_sizeof(lzo_dict_t)); +#endif + + if (in_len <= M2_MAX_LEN + 5) + t = in_len; + else + { + t = do_compress(in,in_len,op,out_len,wrkmem); + op += *out_len; + } + + if (t > 0) + { + const lzo_byte *ii = in + in_len - t; + + if (op == out && t <= 238) + *op++ = LZO_BYTE(17 + t); + else if (t <= 3) + op[-2] |= LZO_BYTE(t); + else if (t <= 18) + *op++ = LZO_BYTE(t - 3); + else + { + lzo_uint tt = t - 18; + + *op++ = 0; + while (tt > 255) + { + tt -= 255; + *op++ = 0; + } + assert(tt > 0); + *op++ = LZO_BYTE(tt); + } + do *op++ = *ii++; while (--t > 0); + } + + *op++ = M4_MARKER | 1; + *op++ = 0; + *op++ = 0; + + *out_len = op - out; + return LZO_E_OK; +} + +#undef do_compress +#undef DO_COMPRESS +#undef LZO_HASH + +#undef LZO_TEST_DECOMPRESS_OVERRUN +#undef LZO_TEST_DECOMPRESS_OVERRUN_INPUT +#undef LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT +#undef LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND +#undef DO_DECOMPRESS +#define DO_DECOMPRESS lzo1x_decompress + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN) +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_INPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND +# endif +#endif + +#undef TEST_IP +#undef TEST_OP +#undef TEST_LOOKBEHIND +#undef NEED_IP +#undef NEED_OP +#undef HAVE_TEST_IP +#undef HAVE_TEST_OP +#undef HAVE_NEED_IP +#undef HAVE_NEED_OP +#undef HAVE_ANY_IP +#undef HAVE_ANY_OP + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 1) +# define TEST_IP (ip < ip_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 2) +# define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 1) +# define TEST_OP (op <= op_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 2) +# undef TEST_OP +# define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define TEST_LOOKBEHIND(m_pos,out) if (m_pos < out) goto lookbehind_overrun +#else +# define TEST_LOOKBEHIND(m_pos,op) ((void) 0) +#endif + +#if !defined(LZO_EOF_CODE) && !defined(TEST_IP) +# define TEST_IP (ip < ip_end) +#endif + +#if defined(TEST_IP) +# define HAVE_TEST_IP +#else +# define TEST_IP 1 +#endif +#if defined(TEST_OP) +# define HAVE_TEST_OP +#else +# define TEST_OP 1 +#endif + +#if defined(NEED_IP) +# define HAVE_NEED_IP +#else +# define NEED_IP(x) ((void) 0) +#endif +#if defined(NEED_OP) +# define HAVE_NEED_OP +#else +# define NEED_OP(x) ((void) 0) +#endif + +#if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +# define HAVE_ANY_IP +#endif +#if defined(HAVE_TEST_OP) || defined(HAVE_NEED_OP) +# define HAVE_ANY_OP +#endif + +#if defined(DO_DECOMPRESS) +LZO_PUBLIC(int) +DO_DECOMPRESS ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +#endif +{ + register lzo_byte *op; + register const lzo_byte *ip; + register lzo_uint t; +#if defined(COPY_DICT) + lzo_uint m_off; + const lzo_byte *dict_end; +#else + register const lzo_byte *m_pos; +#endif + + const lzo_byte * const ip_end = in + in_len; +#if defined(HAVE_ANY_OP) + lzo_byte * const op_end = out + *out_len; +#endif +#if defined(LZO1Z) + lzo_uint last_m_off = 0; +#endif + + LZO_UNUSED(wrkmem); + +#if defined(__LZO_QUERY_DECOMPRESS) + if (__LZO_IS_DECOMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) + return __LZO_QUERY_DECOMPRESS(in,in_len,out,out_len,wrkmem,0,0); +#endif + +#if defined(COPY_DICT) + if (dict) + { + if (dict_len > M4_MAX_OFFSET) + { + dict += dict_len - M4_MAX_OFFSET; + dict_len = M4_MAX_OFFSET; + } + dict_end = dict + dict_len; + } + else + { + dict_len = 0; + dict_end = NULL; + } +#endif + + *out_len = 0; + + op = out; + ip = in; + + if (*ip > 17) + { + t = *ip++ - 17; + if (t < 4) + goto match_next; + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + goto first_literal_run; + } + + while (TEST_IP && TEST_OP) + { + t = *ip++; + if (t >= 16) + goto match; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 15 + *ip++; + } + assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (PTR_ALIGNED2_4(op,ip)) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; + if (--t > 0) + { + if (t >= 4) + { + do { + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *ip++; while (--t > 0); + } + else + do *op++ = *ip++; while (--t > 0); + } +#if !defined(LZO_UNALIGNED_OK_4) + } + else +#endif +#endif +#if !defined(LZO_UNALIGNED_OK_4) + { + *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; + do *op++ = *ip++; while (--t > 0); + } +#endif + +first_literal_run: + + t = *ip++; + if (t >= 16) + goto match; +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = (1 + M2_MAX_OFFSET) + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(3); + t = 3; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - (1 + M2_MAX_OFFSET); + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(3); + *op++ = *m_pos++; *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + + while (TEST_IP && TEST_OP) + { +match: + if (t >= 64) + { +#if defined(COPY_DICT) +#if defined(LZO1X) + m_off = 1 + ((t >> 2) & 7) + (*ip++ << 3); + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_off = 1 + ((t >> 2) & 3) + (*ip++ << 2); + t = (t >> 4) - 3; +#elif defined(LZO1Z) + m_off = t & 0x1f; + if (m_off >= 0x1c) + m_off = last_m_off; + else + { + m_off = 1 + (m_off << 6) + (*ip++ >> 2); + last_m_off = m_off; + } + t = (t >> 5) - 1; +#endif +#else +#if defined(LZO1X) + m_pos = op - 1; + m_pos -= (t >> 2) & 7; + m_pos -= *ip++ << 3; + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_pos = op - 1; + m_pos -= (t >> 2) & 3; + m_pos -= *ip++ << 2; + t = (t >> 4) - 3; +#elif defined(LZO1Z) + { + lzo_uint off = t & 0x1f; + m_pos = op; + if (off >= 0x1c) + { + assert(last_m_off > 0); + m_pos -= last_m_off; + } + else + { + off = 1 + (off << 6) + (*ip++ >> 2); + m_pos -= off; + last_m_off = off; + } + } + t = (t >> 5) - 1; +#endif + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); + goto copy_match; +#endif + } + else if (t >= 32) + { + t &= 31; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 31 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (ip[0] << 6) + (ip[1] >> 2); + last_m_off = m_off; +#else + m_off = 1 + (ip[0] >> 2) + (ip[1] << 6); +#endif +#else +#if defined(LZO1Z) + { + lzo_uint off = 1 + (ip[0] << 6) + (ip[1] >> 2); + m_pos = op - off; + last_m_off = off; + } +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos = op - 1; + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos = op - 1; + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif +#endif + ip += 2; + } + else if (t >= 16) + { +#if defined(COPY_DICT) + m_off = (t & 8) << 11; +#else + m_pos = op; + m_pos -= (t & 8) << 11; +#endif + t &= 7; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 7 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off += (ip[0] << 6) + (ip[1] >> 2); +#else + m_off += (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_off == 0) + goto eof_found; + m_off += 0x4000; +#if defined(LZO1Z) + last_m_off = m_off; +#endif +#else +#if defined(LZO1Z) + m_pos -= (ip[0] << 6) + (ip[1] >> 2); +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_pos == op) + goto eof_found; + m_pos -= 0x4000; +#if defined(LZO1Z) + last_m_off = op - m_pos; +#endif +#endif + } + else + { +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = 1 + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(2); + t = 2; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = 1 + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - 1; + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(2); + *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + } + +#if defined(COPY_DICT) + + NEED_OP(t+3-1); + t += 3-1; COPY_DICT(t,m_off) + +#else + + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) + { + assert((op - m_pos) >= 4); +#else + if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4 - (3 - 1); + do { + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *m_pos++; while (--t > 0); + } + else +#endif + { +copy_match: + *op++ = *m_pos++; *op++ = *m_pos++; + do *op++ = *m_pos++; while (--t > 0); + } + +#endif + +match_done: +#if defined(LZO1Z) + t = ip[-1] & 3; +#else + t = ip[-2] & 3; +#endif + if (t == 0) + break; + +match_next: + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + t = *ip++; + } + } + +#if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) + *out_len = op - out; + return LZO_E_EOF_NOT_FOUND; +#endif + +eof_found: + assert(t == 1); + *out_len = op - out; + return (ip == ip_end ? LZO_E_OK : + (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); + +#if defined(HAVE_NEED_IP) +input_overrun: + *out_len = op - out; + return LZO_E_INPUT_OVERRUN; +#endif + +#if defined(HAVE_NEED_OP) +output_overrun: + *out_len = op - out; + return LZO_E_OUTPUT_OVERRUN; +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +lookbehind_overrun: + *out_len = op - out; + return LZO_E_LOOKBEHIND_OVERRUN; +#endif +} + +#define LZO_TEST_DECOMPRESS_OVERRUN +#undef DO_DECOMPRESS +#define DO_DECOMPRESS lzo1x_decompress_safe + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN) +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_INPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND +# endif +#endif + +#undef TEST_IP +#undef TEST_OP +#undef TEST_LOOKBEHIND +#undef NEED_IP +#undef NEED_OP +#undef HAVE_TEST_IP +#undef HAVE_TEST_OP +#undef HAVE_NEED_IP +#undef HAVE_NEED_OP +#undef HAVE_ANY_IP +#undef HAVE_ANY_OP + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 1) +# define TEST_IP (ip < ip_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 2) +# define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 1) +# define TEST_OP (op <= op_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 2) +# undef TEST_OP +# define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define TEST_LOOKBEHIND(m_pos,out) if (m_pos < out) goto lookbehind_overrun +#else +# define TEST_LOOKBEHIND(m_pos,op) ((void) 0) +#endif + +#if !defined(LZO_EOF_CODE) && !defined(TEST_IP) +# define TEST_IP (ip < ip_end) +#endif + +#if defined(TEST_IP) +# define HAVE_TEST_IP +#else +# define TEST_IP 1 +#endif +#if defined(TEST_OP) +# define HAVE_TEST_OP +#else +# define TEST_OP 1 +#endif + +#if defined(NEED_IP) +# define HAVE_NEED_IP +#else +# define NEED_IP(x) ((void) 0) +#endif +#if defined(NEED_OP) +# define HAVE_NEED_OP +#else +# define NEED_OP(x) ((void) 0) +#endif + +#if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +# define HAVE_ANY_IP +#endif +#if defined(HAVE_TEST_OP) || defined(HAVE_NEED_OP) +# define HAVE_ANY_OP +#endif + +#if defined(DO_DECOMPRESS) +LZO_PUBLIC(int) +DO_DECOMPRESS ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +#endif +{ + register lzo_byte *op; + register const lzo_byte *ip; + register lzo_uint t; +#if defined(COPY_DICT) + lzo_uint m_off; + const lzo_byte *dict_end; +#else + register const lzo_byte *m_pos; +#endif + + const lzo_byte * const ip_end = in + in_len; +#if defined(HAVE_ANY_OP) + lzo_byte * const op_end = out + *out_len; +#endif +#if defined(LZO1Z) + lzo_uint last_m_off = 0; +#endif + + LZO_UNUSED(wrkmem); + +#if defined(__LZO_QUERY_DECOMPRESS) + if (__LZO_IS_DECOMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) + return __LZO_QUERY_DECOMPRESS(in,in_len,out,out_len,wrkmem,0,0); +#endif + +#if defined(COPY_DICT) + if (dict) + { + if (dict_len > M4_MAX_OFFSET) + { + dict += dict_len - M4_MAX_OFFSET; + dict_len = M4_MAX_OFFSET; + } + dict_end = dict + dict_len; + } + else + { + dict_len = 0; + dict_end = NULL; + } +#endif + + *out_len = 0; + + op = out; + ip = in; + + if (*ip > 17) + { + t = *ip++ - 17; + if (t < 4) + goto match_next; + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + goto first_literal_run; + } + + while (TEST_IP && TEST_OP) + { + t = *ip++; + if (t >= 16) + goto match; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 15 + *ip++; + } + assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (PTR_ALIGNED2_4(op,ip)) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; + if (--t > 0) + { + if (t >= 4) + { + do { + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *ip++; while (--t > 0); + } + else + do *op++ = *ip++; while (--t > 0); + } +#if !defined(LZO_UNALIGNED_OK_4) + } + else +#endif +#endif +#if !defined(LZO_UNALIGNED_OK_4) + { + *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; + do *op++ = *ip++; while (--t > 0); + } +#endif + +first_literal_run: + + t = *ip++; + if (t >= 16) + goto match; +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = (1 + M2_MAX_OFFSET) + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(3); + t = 3; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - (1 + M2_MAX_OFFSET); + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(3); + *op++ = *m_pos++; *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + + while (TEST_IP && TEST_OP) + { +match: + if (t >= 64) + { +#if defined(COPY_DICT) +#if defined(LZO1X) + m_off = 1 + ((t >> 2) & 7) + (*ip++ << 3); + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_off = 1 + ((t >> 2) & 3) + (*ip++ << 2); + t = (t >> 4) - 3; +#elif defined(LZO1Z) + m_off = t & 0x1f; + if (m_off >= 0x1c) + m_off = last_m_off; + else + { + m_off = 1 + (m_off << 6) + (*ip++ >> 2); + last_m_off = m_off; + } + t = (t >> 5) - 1; +#endif +#else +#if defined(LZO1X) + m_pos = op - 1; + m_pos -= (t >> 2) & 7; + m_pos -= *ip++ << 3; + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_pos = op - 1; + m_pos -= (t >> 2) & 3; + m_pos -= *ip++ << 2; + t = (t >> 4) - 3; +#elif defined(LZO1Z) + { + lzo_uint off = t & 0x1f; + m_pos = op; + if (off >= 0x1c) + { + assert(last_m_off > 0); + m_pos -= last_m_off; + } + else + { + off = 1 + (off << 6) + (*ip++ >> 2); + m_pos -= off; + last_m_off = off; + } + } + t = (t >> 5) - 1; +#endif + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); + goto copy_match; +#endif + } + else if (t >= 32) + { + t &= 31; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 31 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (ip[0] << 6) + (ip[1] >> 2); + last_m_off = m_off; +#else + m_off = 1 + (ip[0] >> 2) + (ip[1] << 6); +#endif +#else +#if defined(LZO1Z) + { + lzo_uint off = 1 + (ip[0] << 6) + (ip[1] >> 2); + m_pos = op - off; + last_m_off = off; + } +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos = op - 1; + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos = op - 1; + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif +#endif + ip += 2; + } + else if (t >= 16) + { +#if defined(COPY_DICT) + m_off = (t & 8) << 11; +#else + m_pos = op; + m_pos -= (t & 8) << 11; +#endif + t &= 7; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 7 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off += (ip[0] << 6) + (ip[1] >> 2); +#else + m_off += (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_off == 0) + goto eof_found; + m_off += 0x4000; +#if defined(LZO1Z) + last_m_off = m_off; +#endif +#else +#if defined(LZO1Z) + m_pos -= (ip[0] << 6) + (ip[1] >> 2); +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_pos == op) + goto eof_found; + m_pos -= 0x4000; +#if defined(LZO1Z) + last_m_off = op - m_pos; +#endif +#endif + } + else + { +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = 1 + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(2); + t = 2; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = 1 + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - 1; + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(2); + *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + } + +#if defined(COPY_DICT) + + NEED_OP(t+3-1); + t += 3-1; COPY_DICT(t,m_off) + +#else + + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) + { + assert((op - m_pos) >= 4); +#else + if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4 - (3 - 1); + do { + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *m_pos++; while (--t > 0); + } + else +#endif + { +copy_match: + *op++ = *m_pos++; *op++ = *m_pos++; + do *op++ = *m_pos++; while (--t > 0); + } + +#endif + +match_done: +#if defined(LZO1Z) + t = ip[-1] & 3; +#else + t = ip[-2] & 3; +#endif + if (t == 0) + break; + +match_next: + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + t = *ip++; + } + } + +#if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) + *out_len = op - out; + return LZO_E_EOF_NOT_FOUND; +#endif + +eof_found: + assert(t == 1); + *out_len = op - out; + return (ip == ip_end ? LZO_E_OK : + (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); + +#if defined(HAVE_NEED_IP) +input_overrun: + *out_len = op - out; + return LZO_E_INPUT_OVERRUN; +#endif + +#if defined(HAVE_NEED_OP) +output_overrun: + *out_len = op - out; + return LZO_E_OUTPUT_OVERRUN; +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +lookbehind_overrun: + *out_len = op - out; + return LZO_E_LOOKBEHIND_OVERRUN; +#endif +} + +/***** End of minilzo.c *****/ + Index: branches/samhain-2_2-branch/src/mkhdr.c =================================================================== --- branches/samhain-2_2-branch/src/mkhdr.c (revision 66) +++ branches/samhain-2_2-branch/src/mkhdr.c (revision 66) @@ -0,0 +1,222 @@ +#include "config.h" + +#ifdef HAVE_BROKEN_INCLUDES +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE +#endif + +#include + +extern void exit(int status); +extern int fclose(FILE *stream); + +#ifndef TRUE +#define TRUE (1 == 1) +#endif + +#ifndef FALSE +#define FALSE (1 != 1) +#endif + +struct description_int +{ + int int_size; + char int_name[20]; +}; +struct description_int int_descrs[] = +{ +#ifdef LONGLONG + { sizeof(unsigned long long), "unsigned long long" }, +#endif + { sizeof(unsigned long), "unsigned long" }, + { sizeof(unsigned int), "unsigned int" }, + { sizeof(unsigned short), "unsigned short" }, + { sizeof(unsigned char), "unsigned char" } +}; +int size_count = sizeof(int_descrs) / sizeof(struct description_int); + +struct trnc_data +{ + long a, b, q, r; +}; +struct trnc_data trunc_tbl[] = +{ + { 13, 4, 3, 1 }, + { 13, -4, -3, 1 }, + { -13, 4, -3, -1 }, + { -13, -4, 3, -1 }, + { 15, 4, 3, 3 }, + { 15, -4, -3, 3 }, + { -15, 4, -3, -3 }, + { -15, -4, 3, -3 } +}; +int size_trunc_tbl = sizeof(trunc_tbl) / sizeof(struct trnc_data); + +struct rand_data +{ + unsigned long dig_size, a1, c1, a2, c2; +}; +struct rand_data rand_tbl[] = +{ + { 8, 197, 11, 37, 37 }, + { 16, 805, 345, 925, 767 }, + { 18, 13405, 4801, 20325, 19777 }, + { 32, 13405, 4801, 20325, 19777 } +}; +int size_rand_tbl = sizeof(rand_tbl) / sizeof(struct rand_data); + +int digit_bits; + +int +div_trunc_p(void) +{ + int i; + + for (i = 0; i < size_trunc_tbl; i++) + { + if (trunc_tbl[i].a / trunc_tbl[i].b != trunc_tbl[i].q) + { + printf("%ld / %ld = %ld, should have been %ld\n", + trunc_tbl[i].a, + trunc_tbl[i].b, + trunc_tbl[i].a / trunc_tbl[i].b, + trunc_tbl[i].q); + printf("when division truncates towards zero.\n"); + return FALSE; + } + if (trunc_tbl[i].a % trunc_tbl[i].b != trunc_tbl[i].r) + { + printf("%ld %% %ld = %ld, should have been %ld\n", + trunc_tbl[i].a, + trunc_tbl[i].b, + trunc_tbl[i].a % trunc_tbl[i].b, + trunc_tbl[i].r); + printf("when division truncates towards zero.\n"); + printf("Here a != q*b + r. Very strange!\n"); + return FALSE; + } + } + return TRUE; +} + +int +charsize(void) +{ + int i = 0; + unsigned char ch = 1; + unsigned char oldch = 0; + + while (ch > oldch) + { + oldch = ch; + ch <<= 1; + i++; + } + return i; +} + +void +RandDefsOut(FILE *fpOut, int dig_size) +{ + int i = 0; + + while ((i < size_rand_tbl) && (dig_size != (int)rand_tbl[i].dig_size)) + { + i++; + } + if (i == size_rand_tbl) + { + if (dig_size < (int) rand_tbl[0].dig_size) + { + printf("Digit size %d too small.\n", dig_size); + exit(10); + } + while ((int) rand_tbl[--i].dig_size > dig_size) + { + /* Count down `i' */ + } + } + fprintf(fpOut, "\n#define BIG_RAND_A1 %ld\n", rand_tbl[i].a1); + fprintf(fpOut, "#define BIG_RAND_C1 %ld\n", rand_tbl[i].c1); + fprintf(fpOut, "#define BIG_RAND_A2 %ld\n", rand_tbl[i].a2); + fprintf(fpOut, "#define BIG_RAND_C2 %ld\n", rand_tbl[i].c2); +} + +int +main(void) +{ + int i, j = 0, ints_found = FALSE, char_bits; + FILE *fpOut; + + if (!div_trunc_p()) + { + printf("Can't do division on this machine!\n"); + exit(10); + } + + if ((fpOut = fopen("internal.h", "w")) == NULL) + { + printf("Could not create \"internal.h\".\n"); + exit(10); + } + + fprintf(fpOut, "#ifndef _BIGNUM_INTERNAL_H_\n"); + fprintf(fpOut, "#define _BIGNUM_INTERNAL_H_\n\n"); + + char_bits = charsize(); + + for (i = 0; (i < size_count - 1) && !ints_found; i++) + { + for (j = i + 1; (j < size_count) && !ints_found; j++) + { + if (int_descrs[i].int_size >= 2 * int_descrs[j].int_size) + { + fprintf(fpOut, + "#define BIGNUM_DIGIT %s\n", + int_descrs[j].int_name); + fprintf(fpOut, + "#define BIGNUM_TWO_DIGITS %s\n\n", + int_descrs[i].int_name); + ints_found = TRUE; + } + } + } + + if (!ints_found) + { + fprintf(stderr, "Strange, no integer type was two times bigger "); + fprintf(stderr, "than another integer type.\n"); + fprintf(stderr, "Can't create header file.\nExiting.\n"); + exit(10); + } + + if (i > 0) i--; + if (j > 0) j--; + + digit_bits = char_bits * int_descrs[j].int_size; + fprintf(fpOut, "#define BIG_CHARBITS %d\n", char_bits); + fprintf(fpOut, "#define BIGNUM_DIGIT_BITS %d\n", digit_bits); + fprintf(fpOut, "#define BIGNUM_TWO_DIGITS_BITS %d\n\n", + char_bits * int_descrs[i].int_size); + + fprintf(fpOut, "struct big_struct\n{\n int sign;\n"); + fprintf(fpOut, " unsigned long dgs_alloc;\n"); + fprintf(fpOut, " unsigned long dgs_used;\n"); + fprintf(fpOut, " BIGNUM_DIGIT *dp;\n};\n"); + + RandDefsOut(fpOut, char_bits * int_descrs[j].int_size); + + if (sizeof(long) == sizeof(int)) + { + fprintf(fpOut, "\n#define MEMCPY_LONG_COUNTER\n"); + } + +#ifdef BIG_SHORT_NAMES + fprintf(fpOut, "\n#define BIG_SHORT_NAMES\n"); +#endif + + fprintf(fpOut, "\n#endif\n"); + fclose(fpOut); + exit(0); + return 0; /* Keep gcc from complaining */ +} Index: branches/samhain-2_2-branch/src/rijndael-alg-fst.c =================================================================== --- branches/samhain-2_2-branch/src/rijndael-alg-fst.c (revision 66) +++ branches/samhain-2_2-branch/src/rijndael-alg-fst.c (revision 66) @@ -0,0 +1,280 @@ +/* + * rijndael-alg-fst.c v2.3 April '2000 + * + * Optimised ANSI C code + * + * authors: v1.0: Antoon Bosselaers + * v2.0: Vincent Rijmen + * v2.3: Paulo Barreto + * + * This code is placed in the public domain. + */ + +#include "config_xor.h" + +#include +#include + +#ifdef SH_ENCRYPT + +#include "rijndael-alg-fst.h" + +#include "rijndael-boxes-fst.h" + +int rijndaelKeySched(word8 k[MAXKC][4], word8 W[MAXROUNDS+1][4][4], int ROUNDS) { + /* Calculate the necessary round keys + * The number of calculations depends on keyBits and blockBits + */ + int j, r, t, rconpointer = 0; + word8 tk[MAXKC][4]; + int KC = ROUNDS - 6; + + for (j = KC-1; j >= 0; j--) { + *((word32*)tk[j]) = *((word32*)k[j]); + } + r = 0; + t = 0; + /* copy values into round key array */ + for (j = 0; (j < KC) && (r < ROUNDS + 1); ) { + for (; (j < KC) && (t < 4); j++, t++) { + *((word32*)W[r][t]) = *((word32*)tk[j]); + } + if (t == 4) { + r++; + t = 0; + } + } + + while (r < ROUNDS + 1) { /* while not enough round key material calculated */ + /* calculate new values */ + tk[0][0] ^= S[tk[KC-1][1]]; + tk[0][1] ^= S[tk[KC-1][2]]; + tk[0][2] ^= S[tk[KC-1][3]]; + tk[0][3] ^= S[tk[KC-1][0]]; + tk[0][0] ^= rcon[rconpointer++]; + + if (KC != 8) { + for (j = 1; j < KC; j++) { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + } else { + for (j = 1; j < KC/2; j++) { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + tk[KC/2][0] ^= S[tk[KC/2 - 1][0]]; + tk[KC/2][1] ^= S[tk[KC/2 - 1][1]]; + tk[KC/2][2] ^= S[tk[KC/2 - 1][2]]; + tk[KC/2][3] ^= S[tk[KC/2 - 1][3]]; + for (j = KC/2 + 1; j < KC; j++) { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + } + /* copy values into round key array */ + for (j = 0; (j < KC) && (r < ROUNDS + 1); ) { + for (; (j < KC) && (t < 4); j++, t++) { + *((word32*)W[r][t]) = *((word32*)tk[j]); + } + if (t == 4) { + r++; + t = 0; + } + } + } + return 0; +} + +int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS) { + int r; + word8 *w; + + for (r = 1; r < ROUNDS; r++) { + w = W[r][0]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][1]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][2]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][3]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + } + return 0; +} + +/** + * Encrypt a single block. + */ +int rijndaelEncrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) { + int r; + word8 temp[4][4]; + + *((word32*)temp[0]) = *((word32*)(a )) ^ *((word32*)rk[0][0]); + *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[0][1]); + *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[0][2]); + *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[0][3]); + *((word32*)(b )) = *((word32*)T1[temp[0][0]]) + ^ *((word32*)T2[temp[1][1]]) + ^ *((word32*)T3[temp[2][2]]) + ^ *((word32*)T4[temp[3][3]]); + *((word32*)(b + 4)) = *((word32*)T1[temp[1][0]]) + ^ *((word32*)T2[temp[2][1]]) + ^ *((word32*)T3[temp[3][2]]) + ^ *((word32*)T4[temp[0][3]]); + *((word32*)(b + 8)) = *((word32*)T1[temp[2][0]]) + ^ *((word32*)T2[temp[3][1]]) + ^ *((word32*)T3[temp[0][2]]) + ^ *((word32*)T4[temp[1][3]]); + *((word32*)(b +12)) = *((word32*)T1[temp[3][0]]) + ^ *((word32*)T2[temp[0][1]]) + ^ *((word32*)T3[temp[1][2]]) + ^ *((word32*)T4[temp[2][3]]); + for (r = 1; r < ROUNDS-1; r++) { + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[r][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]); + + *((word32*)(b )) = *((word32*)T1[temp[0][0]]) + ^ *((word32*)T2[temp[1][1]]) + ^ *((word32*)T3[temp[2][2]]) + ^ *((word32*)T4[temp[3][3]]); + *((word32*)(b + 4)) = *((word32*)T1[temp[1][0]]) + ^ *((word32*)T2[temp[2][1]]) + ^ *((word32*)T3[temp[3][2]]) + ^ *((word32*)T4[temp[0][3]]); + *((word32*)(b + 8)) = *((word32*)T1[temp[2][0]]) + ^ *((word32*)T2[temp[3][1]]) + ^ *((word32*)T3[temp[0][2]]) + ^ *((word32*)T4[temp[1][3]]); + *((word32*)(b +12)) = *((word32*)T1[temp[3][0]]) + ^ *((word32*)T2[temp[0][1]]) + ^ *((word32*)T3[temp[1][2]]) + ^ *((word32*)T4[temp[2][3]]); + } + /* last round is special */ + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[ROUNDS-1][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[ROUNDS-1][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[ROUNDS-1][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[ROUNDS-1][3]); + b[ 0] = T1[temp[0][0]][1]; + b[ 1] = T1[temp[1][1]][1]; + b[ 2] = T1[temp[2][2]][1]; + b[ 3] = T1[temp[3][3]][1]; + b[ 4] = T1[temp[1][0]][1]; + b[ 5] = T1[temp[2][1]][1]; + b[ 6] = T1[temp[3][2]][1]; + b[ 7] = T1[temp[0][3]][1]; + b[ 8] = T1[temp[2][0]][1]; + b[ 9] = T1[temp[3][1]][1]; + b[10] = T1[temp[0][2]][1]; + b[11] = T1[temp[1][3]][1]; + b[12] = T1[temp[3][0]][1]; + b[13] = T1[temp[0][1]][1]; + b[14] = T1[temp[1][2]][1]; + b[15] = T1[temp[2][3]][1]; + *((word32*)(b )) ^= *((word32*)rk[ROUNDS][0]); + *((word32*)(b+ 4)) ^= *((word32*)rk[ROUNDS][1]); + *((word32*)(b+ 8)) ^= *((word32*)rk[ROUNDS][2]); + *((word32*)(b+12)) ^= *((word32*)rk[ROUNDS][3]); + + return 0; +} + +/** + * Decrypt a single block. + */ +int rijndaelDecrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) { + int r; + word8 temp[4][4]; + + *((word32*)temp[0]) = *((word32*)(a )) ^ *((word32*)rk[ROUNDS][0]); + *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[ROUNDS][1]); + *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[ROUNDS][2]); + *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[ROUNDS][3]); + + *((word32*)(b )) = *((word32*)T5[temp[0][0]]) + ^ *((word32*)T6[temp[3][1]]) + ^ *((word32*)T7[temp[2][2]]) + ^ *((word32*)T8[temp[1][3]]); + *((word32*)(b+ 4)) = *((word32*)T5[temp[1][0]]) + ^ *((word32*)T6[temp[0][1]]) + ^ *((word32*)T7[temp[3][2]]) + ^ *((word32*)T8[temp[2][3]]); + *((word32*)(b+ 8)) = *((word32*)T5[temp[2][0]]) + ^ *((word32*)T6[temp[1][1]]) + ^ *((word32*)T7[temp[0][2]]) + ^ *((word32*)T8[temp[3][3]]); + *((word32*)(b+12)) = *((word32*)T5[temp[3][0]]) + ^ *((word32*)T6[temp[2][1]]) + ^ *((word32*)T7[temp[1][2]]) + ^ *((word32*)T8[temp[0][3]]); + for (r = ROUNDS-1; r > 1; r--) { + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[r][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]); + *((word32*)(b )) = *((word32*)T5[temp[0][0]]) + ^ *((word32*)T6[temp[3][1]]) + ^ *((word32*)T7[temp[2][2]]) + ^ *((word32*)T8[temp[1][3]]); + *((word32*)(b+ 4)) = *((word32*)T5[temp[1][0]]) + ^ *((word32*)T6[temp[0][1]]) + ^ *((word32*)T7[temp[3][2]]) + ^ *((word32*)T8[temp[2][3]]); + *((word32*)(b+ 8)) = *((word32*)T5[temp[2][0]]) + ^ *((word32*)T6[temp[1][1]]) + ^ *((word32*)T7[temp[0][2]]) + ^ *((word32*)T8[temp[3][3]]); + *((word32*)(b+12)) = *((word32*)T5[temp[3][0]]) + ^ *((word32*)T6[temp[2][1]]) + ^ *((word32*)T7[temp[1][2]]) + ^ *((word32*)T8[temp[0][3]]); + } + /* last round is special */ + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[1][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[1][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[1][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[1][3]); + b[ 0] = S5[temp[0][0]]; + b[ 1] = S5[temp[3][1]]; + b[ 2] = S5[temp[2][2]]; + b[ 3] = S5[temp[1][3]]; + b[ 4] = S5[temp[1][0]]; + b[ 5] = S5[temp[0][1]]; + b[ 6] = S5[temp[3][2]]; + b[ 7] = S5[temp[2][3]]; + b[ 8] = S5[temp[2][0]]; + b[ 9] = S5[temp[1][1]]; + b[10] = S5[temp[0][2]]; + b[11] = S5[temp[3][3]]; + b[12] = S5[temp[3][0]]; + b[13] = S5[temp[2][1]]; + b[14] = S5[temp[1][2]]; + b[15] = S5[temp[0][3]]; + *((word32*)(b )) ^= *((word32*)rk[0][0]); + *((word32*)(b+ 4)) ^= *((word32*)rk[0][1]); + *((word32*)(b+ 8)) ^= *((word32*)rk[0][2]); + *((word32*)(b+12)) ^= *((word32*)rk[0][3]); + + return 0; +} + +#endif Index: branches/samhain-2_2-branch/src/rijndael-api-fst.c =================================================================== --- branches/samhain-2_2-branch/src/rijndael-api-fst.c (revision 66) +++ branches/samhain-2_2-branch/src/rijndael-api-fst.c (revision 66) @@ -0,0 +1,319 @@ +/* + * rijndael-api-fst.c v2.3 April '2000 + * + * Optimised ANSI C code + * + * authors: v1.0: Antoon Bosselaers + * v2.0: Vincent Rijmen + * v2.1: Vincent Rijmen + * v2.2: Vincent Rijmen + * v2.3: Paulo Barreto + * v2.4: Vincent Rijmen + * + * This code is placed in the public domain. + */ + +#include "config_xor.h" + +#include +#include +#include +#include + +#ifdef SH_ENCRYPT + +#include "rijndael-alg-fst.h" +#include "rijndael-api-fst.h" + +int makeKey(keyInstance *key, RIJ_BYTE direction, int keyLen, char *keyMaterial) { + word8 k[MAXKC][4]; + int i; + char *keyMat; + + if (key == NULL) { + return BAD_KEY_INSTANCE; + } + + if ((direction == DIR_ENCRYPT) || (direction == DIR_DECRYPT)) { + key->direction = direction; + } else { + return BAD_KEY_DIR; + } + + if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { + key->keyLen = keyLen; + } else { + return BAD_KEY_MAT; + } + + if (keyMaterial != NULL) { + strncpy(key->keyMaterial, keyMaterial, keyLen/4); + } + + key->ROUNDS = keyLen/32 + 6; + + /* initialize key schedule: */ + keyMat = key->keyMaterial; +#ifndef BINARY_KEY_MATERIAL + for (i = 0; i < key->keyLen/8; i++) { + int t, j; + + t = *keyMat++; + if ((t >= '0') && (t <= '9')) j = (t - '0') << 4; + else if ((t >= 'a') && (t <= 'f')) j = (t - 'a' + 10) << 4; + else if ((t >= 'A') && (t <= 'F')) j = (t - 'A' + 10) << 4; + else return BAD_KEY_MAT; + + t = *keyMat++; + if ((t >= '0') && (t <= '9')) j ^= (t - '0'); + else if ((t >= 'a') && (t <= 'f')) j ^= (t - 'a' + 10); + else if ((t >= 'A') && (t <= 'F')) j ^= (t - 'A' + 10); + else return BAD_KEY_MAT; + + k[i >> 2][i & 3] = (word8)j; + } +#else + for (i = 0; i < key->keyLen/8; i++) { + k[i >> 2][i & 3] = (word8)keyMat[i]; + } +#endif /* ?BINARY_KEY_MATERIAL */ + rijndaelKeySched(k, key->keySched, key->ROUNDS); + if (direction == DIR_DECRYPT) { + rijndaelKeyEncToDec(key->keySched, key->ROUNDS); + } + + return TRUE; +} + +int cipherInit(cipherInstance *cipher, RIJ_BYTE mode, char *IV) { + if ((mode == MODE_ECB) || (mode == MODE_CBC) || (mode == MODE_CFB1)) { + cipher->mode = mode; + } else { + return BAD_CIPHER_MODE; + } + if (IV != NULL) { +#ifndef BINARY_KEY_MATERIAL + int i; + for (i = 0; i < MAX_IV_SIZE; i++) { + int t, j; + + t = IV[2*i]; + if ((t >= '0') && (t <= '9')) j = (t - '0') << 4; + else if ((t >= 'a') && (t <= 'f')) j = (t - 'a' + 10) << 4; + else if ((t >= 'A') && (t <= 'F')) j = (t - 'A' + 10) << 4; + else return BAD_CIPHER_INSTANCE; + + t = IV[2*i+1]; + if ((t >= '0') && (t <= '9')) j ^= (t - '0'); + else if ((t >= 'a') && (t <= 'f')) j ^= (t - 'a' + 10); + else if ((t >= 'A') && (t <= 'F')) j ^= (t - 'A' + 10); + else return BAD_CIPHER_INSTANCE; + + cipher->IV[i] = (word8)j; + } +#else + memcpy(cipher->IV, IV, MAX_IV_SIZE); +#endif /* ?BINARY_KEY_MATERIAL */ + } else { + memset(cipher->IV, 0, MAX_IV_SIZE); + } + return TRUE; +} + +int blockEncrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer) { + int i, k, numBlocks; + word8 block[16], iv[4][4]; + + if (cipher == NULL || + key == NULL || + key->direction == DIR_DECRYPT) { + return BAD_CIPHER_STATE; + } + if (input == NULL || inputLen <= 0) { + return 0; /* nothing to do */ + } + + numBlocks = inputLen/128; + + switch (cipher->mode) { + case MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelEncrypt(input, outBuffer, key->keySched, key->ROUNDS); + input += 16; + outBuffer += 16; + } + break; + + case MODE_CBC: + /* fix the memory alignment for HP-UX 10.20 + * R. Wichmann Mon Jun 18 22:36:55 CEST 2001 + */ +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); + ((word32*)block)[0] = ((word32*)iv)[0] ^ ((word32*)input)[0]; + ((word32*)block)[1] = ((word32*)iv)[1] ^ ((word32*)input)[1]; + ((word32*)block)[2] = ((word32*)iv)[2] ^ ((word32*)input)[2]; + ((word32*)block)[3] = ((word32*)iv)[3] ^ ((word32*)input)[3]; +#else /* !STRICT_ALIGN */ + ((word32*)block)[0] = ((word32*)cipher->IV)[0] ^ ((word32*)input)[0]; + ((word32*)block)[1] = ((word32*)cipher->IV)[1] ^ ((word32*)input)[1]; + ((word32*)block)[2] = ((word32*)cipher->IV)[2] ^ ((word32*)input)[2]; + ((word32*)block)[3] = ((word32*)cipher->IV)[3] ^ ((word32*)input)[3]; +#endif /* ?STRICT_ALIGN */ + rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); + input += 16; + for (i = numBlocks - 1; i > 0; i--) { + ((word32*)block)[0] = ((word32*)outBuffer)[0] ^ ((word32*)input)[0]; + ((word32*)block)[1] = ((word32*)outBuffer)[1] ^ ((word32*)input)[1]; + ((word32*)block)[2] = ((word32*)outBuffer)[2] ^ ((word32*)input)[2]; + ((word32*)block)[3] = ((word32*)outBuffer)[3] ^ ((word32*)input)[3]; + outBuffer += 16; + rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); + input += 16; + } + break; + + case MODE_CFB1: +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); +#else /* !STRICT_ALIGN */ + *((word32*)iv[0]) = *((word32*)(cipher->IV )); + *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); + *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); + *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); +#endif /* ?STRICT_ALIGN */ + for (i = numBlocks; i > 0; i--) { + for (k = 0; k < 128; k++) { + *((word32*) block ) = *((word32*)iv[0]); + *((word32*)(block+ 4)) = *((word32*)iv[1]); + *((word32*)(block+ 8)) = *((word32*)iv[2]); + *((word32*)(block+12)) = *((word32*)iv[3]); + rijndaelEncrypt(block, block, key->keySched, key->ROUNDS); + outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7); + iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7); + iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7); + iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7); + iv[0][3] = (iv[0][3] << 1) | (iv[1][0] >> 7); + iv[1][0] = (iv[1][0] << 1) | (iv[1][1] >> 7); + iv[1][1] = (iv[1][1] << 1) | (iv[1][2] >> 7); + iv[1][2] = (iv[1][2] << 1) | (iv[1][3] >> 7); + iv[1][3] = (iv[1][3] << 1) | (iv[2][0] >> 7); + iv[2][0] = (iv[2][0] << 1) | (iv[2][1] >> 7); + iv[2][1] = (iv[2][1] << 1) | (iv[2][2] >> 7); + iv[2][2] = (iv[2][2] << 1) | (iv[2][3] >> 7); + iv[2][3] = (iv[2][3] << 1) | (iv[3][0] >> 7); + iv[3][0] = (iv[3][0] << 1) | (iv[3][1] >> 7); + iv[3][1] = (iv[3][1] << 1) | (iv[3][2] >> 7); + iv[3][2] = (iv[3][2] << 1) | (iv[3][3] >> 7); + iv[3][3] = (iv[3][3] << 1) | ((outBuffer[k/8] >> (7-(k&7))) & 1); + } + } + break; + + default: + return BAD_CIPHER_STATE; + } + + return 128*numBlocks; +} + +int blockDecrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer) { + int i, k, numBlocks; + word8 block[16], iv[4][4]; + + if (cipher == NULL || + key == NULL || + ((cipher->mode != MODE_CFB1) && (key->direction == DIR_ENCRYPT))) { + return BAD_CIPHER_STATE; + } + if (input == NULL || inputLen <= 0) { + return 0; /* nothing to do */ + } + + numBlocks = inputLen/128; + + switch (cipher->mode) { + case MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelDecrypt(input, outBuffer, key->keySched, key->ROUNDS); + input += 16; + outBuffer += 16; + } + break; + + case MODE_CBC: +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); +#else + *((word32*)iv[0]) = *((word32*)(cipher->IV )); + *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); + *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); + *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); +#endif + for (i = numBlocks; i > 0; i--) { + rijndaelDecrypt(input, block, key->keySched, key->ROUNDS); + ((word32*)block)[0] ^= *((word32*)iv[0]); + ((word32*)block)[1] ^= *((word32*)iv[1]); + ((word32*)block)[2] ^= *((word32*)iv[2]); + ((word32*)block)[3] ^= *((word32*)iv[3]); +#if STRICT_ALIGN + memcpy(iv, input, 16); + memcpy(outBuffer, block, 16); +#else + *((word32*)iv[0]) = ((word32*)input)[0]; ((word32*)outBuffer)[0] = ((word32*)block)[0]; + *((word32*)iv[1]) = ((word32*)input)[1]; ((word32*)outBuffer)[1] = ((word32*)block)[1]; + *((word32*)iv[2]) = ((word32*)input)[2]; ((word32*)outBuffer)[2] = ((word32*)block)[2]; + *((word32*)iv[3]) = ((word32*)input)[3]; ((word32*)outBuffer)[3] = ((word32*)block)[3]; +#endif + input += 16; + outBuffer += 16; + } + break; + + case MODE_CFB1: +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); +#else + *((word32*)iv[0]) = *((word32*)(cipher->IV)); + *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); + *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); + *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); +#endif + for (i = numBlocks; i > 0; i--) { + for (k = 0; k < 128; k++) { + *((word32*) block ) = *((word32*)iv[0]); + *((word32*)(block+ 4)) = *((word32*)iv[1]); + *((word32*)(block+ 8)) = *((word32*)iv[2]); + *((word32*)(block+12)) = *((word32*)iv[3]); + rijndaelEncrypt(block, block, key->keySched, key->ROUNDS); + iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7); + iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7); + iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7); + iv[0][3] = (iv[0][3] << 1) | (iv[1][0] >> 7); + iv[1][0] = (iv[1][0] << 1) | (iv[1][1] >> 7); + iv[1][1] = (iv[1][1] << 1) | (iv[1][2] >> 7); + iv[1][2] = (iv[1][2] << 1) | (iv[1][3] >> 7); + iv[1][3] = (iv[1][3] << 1) | (iv[2][0] >> 7); + iv[2][0] = (iv[2][0] << 1) | (iv[2][1] >> 7); + iv[2][1] = (iv[2][1] << 1) | (iv[2][2] >> 7); + iv[2][2] = (iv[2][2] << 1) | (iv[2][3] >> 7); + iv[2][3] = (iv[2][3] << 1) | (iv[3][0] >> 7); + iv[3][0] = (iv[3][0] << 1) | (iv[3][1] >> 7); + iv[3][1] = (iv[3][1] << 1) | (iv[3][2] >> 7); + iv[3][2] = (iv[3][2] << 1) | (iv[3][3] >> 7); + iv[3][3] = (iv[3][3] << 1) | ((input[k/8] >> (7-(k&7))) & 1); + outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7); + } + } + break; + + default: + return BAD_CIPHER_STATE; + } + + return 128*numBlocks; +} + +#endif Index: branches/samhain-2_2-branch/src/samhain.c =================================================================== --- branches/samhain-2_2-branch/src/samhain.c (revision 66) +++ branches/samhain-2_2-branch/src/samhain.c (revision 66) @@ -0,0 +1,2016 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include + +/* samhainctl */ +#include +#include +#include +#include +#include + + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_MEMORY_H +#include +#endif + +#ifdef HAVE_SETPRIORITY +#include +#endif + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +/* for FLT_EPSILON + */ +#include + +#include "samhain.h" +#include "sh_files.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_getopt.h" +#include "sh_readconf.h" +#include "sh_hash.h" + +#include "sh_mail.h" + +#include "sh_tiger.h" +#include "sh_gpg.h" +#include "sh_mem.h" +#include "sh_forward.h" +#include "sh_tools.h" +#include "sh_hash.h" +#if defined(WITH_EXTERNAL) +#include "sh_extern.h" +#endif +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#include "sh_modules.h" +#include "sh_ignore.h" +#include "sh_prelink.h" +#endif + +#undef FIL__ +#define FIL__ _("samhain.c") + + +/************************************************** + * + * Needed to compile the key into the code. + * + **************************************************/ + +extern UINT32 ErrFlag[2]; +#include "sh_MK.h" + +/************************************************** + * + * Variables for signal handling. + * + **************************************************/ + +volatile int sig_raised; +volatile int sig_urgent; +volatile int sig_debug_switch; /* SIGUSR1 */ +volatile int sig_suspend_switch; /* SIGUSR2 */ +volatile int sh_global_suspend_flag; +volatile int sig_fresh_trail; /* SIGIOT */ +volatile int sig_config_read_again; /* SIGHUP */ +volatile int sig_terminate; /* SIGQUIT */ +volatile int sig_termfast; /* SIGTERM */ +volatile int sig_force_check; /* SIGTTOU */ +long int eintr__result; +char sh_sig_msg[SH_MINIBUF]; + + +#ifdef SH_STEALTH +/************************************************** + * + * The following set of functions is required for + * the 'stealth' mode. + * + **************************************************/ + +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 16 +#endif + +#ifndef GLOB_LEN +#define GLOB_LEN 511 +#endif + +char * globber(const char * str) +{ + size_t i; + size_t j; + + static size_t items = 0; + static size_t count = 0; + static char glob[SH_MAX_GLOBS * (GLOB_LEN+1)]; + + if (str == NULL) + return NULL; + else + j = strlen(str); + + ++items; + + ASSERT((j <= GLOB_LEN), _("j <= GLOB_LEN")) + + if (j > GLOB_LEN) + j = GLOB_LEN; + + /* Overwrap the buffer. + */ + if ( (count + j) >= (SH_MAX_GLOBS * (GLOB_LEN+1))) + { + count = 0; + items = 0; + } + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t' && str[i] != '\r' && str[i] != '"') + glob[count + i] = str[i] ^ XOR_CODE; + else + glob[count + i] = str[i]; + } + glob[count + j] = '\0'; + + i = count; + count = count + j + 1; + return &glob[i]; +} + +void sh_do_encode (char * str, int len) +{ + register int i; + + /* this is a symmetric operation + */ + for (i = 0; i < len; ++i) + { + str[i] = str[i] ^ XOR_CODE; + } + return; +} + +#endif + +/************************************************** + * + * Global variables. + * + **************************************************/ + +sh_struct sh; +/*@null@*/ sh_key_t * skey = NULL; + +extern unsigned char TcpFlag[8][PW_LEN+1]; + +/************************************************** + * + * Initializing. + * + **************************************************/ + +static int is_samhainctl_init = S_FALSE; + +static +void sh_init (void) +{ + unsigned char * dez = NULL; + int i; +#if defined(SH_WITH_MAIL) + char * p; + char q[SH_PATHBUF]; +#endif + + SL_ENTER(_("sh_init")); + +#ifdef MKA_09 + ErrFlag[0] |= (1 << 8); +#endif +#ifdef MKA_10 + ErrFlag[0] |= (1 << 9); +#endif +#ifdef MKA_11 + ErrFlag[0] |= (1 << 10); +#endif +#ifdef MKA_12 + ErrFlag[0] |= (1 << 11); +#endif +#ifdef MKA_13 + ErrFlag[0] |= (1 << 12); +#endif +#ifdef MKA_14 + ErrFlag[0] |= (1 << 13); +#endif +#ifdef MKA_15 + ErrFlag[0] |= (1 << 14); +#endif +#ifdef MKA_16 + ErrFlag[0] |= (1 << 15); +#endif + + /* Signal handling. + */ + sig_raised = 0; + sig_config_read_again = 0; /* SIGHUP */ + sig_debug_switch = 0; /* SIGUSR1 */ + sig_suspend_switch = 0; /* SIGUSR2 */ + sh_global_suspend_flag = 0; /* SIGUSR2 */ + sig_fresh_trail = 0; /* SIGIOT */ + sig_terminate = 0; /* SIGQUIT */ + sig_termfast = 0; /* SIGTERM */ + sig_force_check = 0; /* SIGTTOU */ + strcpy ( sh_sig_msg, _("None")); + +#ifdef MKB_01 + ErrFlag[1] |= (1 << 0); +#endif +#ifdef MKB_02 + ErrFlag[1] |= (1 << 1); +#endif +#ifdef MKB_03 + ErrFlag[1] |= (1 << 2); +#endif +#ifdef MKB_04 + ErrFlag[1] |= (1 << 3); +#endif +#ifdef MKB_05 + ErrFlag[1] |= (1 << 4); +#endif +#ifdef MKB_06 + ErrFlag[1] |= (1 << 5); +#endif +#ifdef MKB_07 + ErrFlag[1] |= (1 << 6); +#endif +#ifdef MKB_08 + ErrFlag[1] |= (1 << 7); +#endif + +#if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) + strncpy(sh.prg_name, _("Yule"), 8); + sh.prg_name[4] = '\0'; +#else + strncpy(sh.prg_name, _("Samhain"), 8); + sh.prg_name[7] = '\0'; +#endif + + /* The flags. + */ + if (is_samhainctl_init == S_FALSE) + sh.flag.checkSum = SH_CHECK_NONE; + sh.flag.update = S_FALSE; + sh.flag.opts = S_FALSE; + if (is_samhainctl_init == S_FALSE) + sh.flag.isdaemon = S_FALSE; + sh.flag.isserver = S_FALSE; + sh.flag.islocked = S_FALSE; + sh.flag.smsg = S_FALSE; + sh.flag.log_start = S_TRUE; + sh.flag.reportonce = S_TRUE; + sh.flag.fulldetail = S_FALSE; + sh.flag.audit = S_FALSE; + sh.flag.nice = 0; + sh.flag.aud_mask = 0xFFFFFFFFUL; + sh.flag.client_severity = S_FALSE; + sh.flag.client_class = S_FALSE; + sh.flag.hidefile = S_FALSE; + sh.flag.loop = S_FALSE; + +#ifdef MKB_09 + ErrFlag[1] |= (1 << 8); +#endif +#ifdef MKB_10 + ErrFlag[1] |= (1 << 9); +#endif +#ifdef MKB_11 + ErrFlag[1] |= (1 << 10); +#endif +#ifdef MKB_12 + ErrFlag[1] |= (1 << 11); +#endif +#ifdef MKB_13 + ErrFlag[1] |= (1 << 12); +#endif +#ifdef MKB_14 + ErrFlag[1] |= (1 << 13); +#endif +#ifdef MKB_15 + ErrFlag[1] |= (1 << 14); +#endif +#ifdef MKB_16 + ErrFlag[1] |= (1 << 15); +#endif + + /* The stats. + */ + sh.statistics.bytes_speed = 0; + sh.statistics.bytes_hashed = 0; + sh.statistics.mail_success = 0; + sh.statistics.mail_failed = 0; + sh.statistics.time_start = time(NULL); + sh.statistics.time_check = (time_t) 0; + +#ifdef MKC_01 + ErrFlag[0] |= (1 << 16); +#endif +#ifdef MKC_02 + ErrFlag[0] |= (1 << 17); +#endif +#ifdef MKC_03 + ErrFlag[0] |= (1 << 18); +#endif +#ifdef MKC_04 + ErrFlag[0] |= (1 << 19); +#endif +#ifdef MKC_05 + ErrFlag[0] |= (1 << 20); +#endif +#ifdef MKC_06 + ErrFlag[0] |= (1 << 21); +#endif +#ifdef MKC_07 + ErrFlag[0] |= (1 << 22); +#endif +#ifdef MKC_08 + ErrFlag[0] |= (1 << 23); +#endif + + + /* The local host. + */ + (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); + sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */ + sh.host.release[0] = '\0'; + sh.host.machine[0] = '\0'; + +#ifdef MKC_09 + ErrFlag[0] |= (1 << 24); +#endif +#ifdef MKC_10 + ErrFlag[0] |= (1 << 25); +#endif +#ifdef MKC_11 + ErrFlag[0] |= (1 << 26); +#endif +#ifdef MKC_12 + ErrFlag[0] |= (1 << 27); +#endif +#ifdef MKC_13 + ErrFlag[0] |= (1 << 28); +#endif +#ifdef MKC_14 + ErrFlag[0] |= (1 << 29); +#endif +#ifdef MKC_15 + ErrFlag[0] |= (1 << 30); +#endif +#ifdef MKC_16 + ErrFlag[0] |= (1UL << 31); +#endif + + /* The paths. + */ + (void) sl_strlcpy (sh.conf.path, DEFAULT_CONFIGFILE, SH_PATHBUF); + sh.conf.hash[0] = '\0'; + (void) sl_strlcpy (sh.data.path, DEFAULT_DATA_FILE, SH_PATHBUF); + sh.data.hash[0] = '\0'; + sh.exec.path[0] = '\0'; + sh.exec.hash[0] = '\0'; + +#ifdef MKD_01 + ErrFlag[1] |= (1 << 16); +#endif +#ifdef MKD_02 + ErrFlag[1] |= (1 << 17); +#endif +#ifdef MKD_03 + ErrFlag[1] |= (1 << 18); +#endif +#ifdef MKD_04 + ErrFlag[1] |= (1 << 19); +#endif +#ifdef MKD_05 + ErrFlag[1] |= (1 << 20); +#endif +#ifdef MKD_06 + ErrFlag[1] |= (1 << 21); +#endif +#ifdef MKD_07 + ErrFlag[1] |= (1 << 22); +#endif +#ifdef MKD_08 + ErrFlag[1] |= (1 << 23); +#endif + + /* The addresses. + */ +#if defined(SH_WITH_MAIL) + if (0 == strcmp (DEFAULT_MAILADDRESS, _("NULL"))) + { + (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); + p = strtok (q, ", \t"); + if (p) + { + (void) sh_mail_setaddress_int (p); + while (NULL != (p = strtok (NULL, ", \t"))) + (void) sh_mail_setaddress_int (p); + } + } +#endif + + if (0 == strcmp (ALT_TIMESERVER, _("NULL"))) + sh.srvtime.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvtime.alt, ALT_TIMESERVER, SH_PATHBUF); + if (0 == strcmp (DEFAULT_TIMESERVER, _("NULL"))) + sh.srvtime.name[0] = '\0'; + else + (void) sl_strlcpy (sh.srvtime.name, DEFAULT_TIMESERVER, SH_PATHBUF); + + + if (0 == strcmp (ALT_LOGSERVER, _("NULL"))) + sh.srvexport.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvexport.alt, ALT_LOGSERVER, SH_PATHBUF); + if (0 == strcmp (DEFAULT_LOGSERVER, _("NULL"))) + sh.srvexport.name[0] = '\0'; + else + (void) sl_strlcpy (sh.srvexport.name, DEFAULT_LOGSERVER, SH_PATHBUF); + + + if (0 == strcmp (DEFAULT_ERRLOCK, _("NULL"))) + sh.srvlog.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvlog.alt, DEFAULT_ERRLOCK, SH_PATHBUF); + if (0 == strcmp (DEFAULT_ERRFILE, _("NULL"))) + sh.srvlog.name[0] = '\0'; + else + (void) sl_strlcpy (sh.srvlog.name, DEFAULT_ERRFILE, SH_PATHBUF); + + if (0 == strcmp (ALT_CONSOLE, _("NULL"))) + sh.srvcons.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvcons.alt, ALT_CONSOLE, SH_PATHBUF); +#ifndef DEFAULT_CONSOLE + (void) sl_strlcpy (sh.srvcons.name, _("/dev/console"), SH_PATHBUF); +#else + if (0 == strcmp (DEFAULT_CONSOLE, _("NULL"))) + (void) sl_strlcpy (sh.srvcons.name, _("/dev/console"), SH_PATHBUF); + else + (void) sl_strlcpy (sh.srvcons.name, DEFAULT_CONSOLE, SH_PATHBUF); +#endif + +#ifdef MKD_09 + ErrFlag[1] |= (1 << 24); +#endif +#ifdef MKD_10 + ErrFlag[1] |= (1 << 25); +#endif +#ifdef MKD_11 + ErrFlag[1] |= (1 << 26); +#endif +#ifdef MKD_12 + ErrFlag[1] |= (1 << 27); +#endif +#ifdef MKD_13 + ErrFlag[1] |= (1 << 28); +#endif +#ifdef MKD_14 + ErrFlag[1] |= (1 << 29); +#endif +#ifdef MKD_15 + ErrFlag[1] |= (1 << 30); +#endif +#ifdef MKD_16 + ErrFlag[1] |= (1UL << 31); +#endif + + + /* The timers. + */ + sh.fileCheck.alarm_last = 0; + sh.fileCheck.alarm_interval = 600; /* ten minutes */ + + sh.mailTime.alarm_last = 0; + sh.mailTime.alarm_interval = 86400; + + sh.mailNum.alarm_last = 0; + sh.mailNum.alarm_interval = 10; + + sh.looptime = 60; + + /* The struct to hold privileged information. + */ + skey = (sh_key_t *) malloc (sizeof(sh_key_t)); + if (skey == NULL) + { + perror(_("sh_init")); + _exit (EXIT_FAILURE); + } + + skey->mlock_failed = SL_FALSE; + skey->rngI = BAD; + /* properly initialized later + */ + skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17; + skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17; + skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17; + + for (i = 0; i < KEY_BYT; ++i) + skey->poolv[i] = '\0'; + + skey->poolc = 0; + + skey->ErrFlag[0] = ErrFlag[0]; + ErrFlag[0] = 0; + skey->ErrFlag[1] = ErrFlag[1]; + ErrFlag[1] = 0; + + dez = &(TcpFlag[POS_TF-1][0]); + for (i = 0; i < PW_LEN; ++i) + { + skey->pw[i] = (char) (*dez); + (*dez) = '\0'; + ++dez; + } + + skey->sh_sockpass[0] = '\0'; + skey->sigkey_old[0] = '\0'; + skey->sigkey_new[0] = '\0'; + skey->mailkey_old[0] = '\0'; + skey->mailkey_new[0] = '\0'; + skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */ + skey->session[0] = '\0'; + skey->vernam[0] = '\0'; + + + sh_unix_memlock(); + SL_RET0(_("sh_init")); +} + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#if defined(SH_USE_XML) +extern int sh_log_file (char * message, char * inet_peer); +#endif + +/******************************************************* + * + * Exit Handler + * + *******************************************************/ +static void exit_handler(void) +{ + /* --- Clean up modules, if any. --- + */ +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + int modnum; +#endif +#if defined(SH_WITH_SERVER) + extern int sh_socket_remove (); +#endif + + SL_ENTER(_("exit_handler")); + +#if defined(SH_WITH_SERVER) + sh_socket_remove (); +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (modList[modnum].initval == GOOD) + (void) modList[modnum].mod_cleanup(); + } +#endif + + /* --- Push out all pending messages. --- + */ +#if defined(SH_WITH_MAIL) + if (sh.mailNum.alarm_last > 0) + { + (void) sh_mail_msg (NULL); + } +#endif + + /* --- Write the server stat. --- + */ +#if defined(SH_WITH_SERVER) + sh_forward_html_write(); +#endif + + /* --- Clean up memory to check for problems. --- + */ +#ifdef MEM_DEBUG +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + sh_files_deldirstack (); + sh_files_delfilestack (); + sh_hash_hashdelete(); + sh_files_hle_reg (NULL); +#endif +#if defined(SH_WITH_SERVER) + sh_forward_free_all (); +#endif + delete_cache(); + sh_mem_stat(); +#endif + +#ifdef MEM_DEBUG + sh_unix_count_mlock(); +#endif + + /* --- Checksum of executable. --- + */ + (void) sh_unix_self_check(); + + + /* --- Exit Message. --- + */ + sh_error_handle ((-1), FIL__, __LINE__, sh.flag.exit, MSG_EXIT_NORMAL, + sh.prg_name, sh_sig_msg); +#ifdef SH_USE_XML + (void) sh_log_file (NULL, NULL); +#endif + + + /* --- Restrict error logging to stderr. --- + */ +#ifdef WITH_MESSAGE_QUEUE + close_ipc (); +#endif + sh_error_only_stderr (S_TRUE); + + + /* --- Remove lock, delete critical information. --- + */ + (void) sh_unix_rm_lock_file (sh.srvlog.name); + (void) sh_unix_rm_pid_file (); + if (skey != NULL) + memset (skey, (int) '\0', sizeof(sh_key_t)); + + /* --- Exit. --- + */ + SL_RET0(_("exit_handler")); +} + +/*********************************************************** + * + */ +#ifndef SIGHUP +#define SIGHUP 1 +#endif +#ifndef SIGTERM +#define SIGTERM 15 +#endif +#ifndef SIGKILL +#define SIGKILL 9 +#endif + +#if defined(__linux__) || defined(sun) || defined(__sun) || defined(__sun__) +#include +static pid_t * procdirSamhain () +{ + pid_t * pidlist = malloc(sizeof(pid_t) * 65535); + struct dirent * d; + DIR * dp; + long ino; + struct stat buf; + int i = 0; + pid_t pid, mypid = getpid(); + char * tail; + char exef[128]; + + if (!pidlist) + return NULL; + + for (i = 0; i < 65535; ++i) pidlist[i] = 0; + i = 0; + + if (0 != stat(SH_INSTALL_PATH, &buf)) + { + free(pidlist); + return NULL; + } + + ino = (long) buf.st_ino; + + if (NULL == (dp = opendir("/proc"))) + { + free(pidlist); + return NULL; + } + while (NULL != (d = readdir(dp)) && i < 65535) + { + if (0 != strcmp(d->d_name, ".") && 0 != strcmp(d->d_name, "..")) + { + errno = 0; + pid = (pid_t) strtol (d->d_name, &tail, 0); + if (*tail != '\0' || errno != 0) + continue; + if (pid == mypid) + continue; +#if defined(__linux__) + sprintf(exef, _("/proc/%d/exe"), (int) pid); /* known to fit */ +#else + sprintf(exef, _("/proc/%d/object/a.out"), /* known to fit */ + (int) pid); +#endif + if (0 == stat(exef, &buf) && ino == (long) buf.st_ino) + { pidlist[i] = (pid_t) pid; ++i; } + } + } + closedir(dp); + return pidlist; +} +#else +static pid_t * procdirSamhain () +{ + return NULL; +} +#endif + +static int killprocSamhain (pid_t pid) +{ + int i; + + /* fprintf(stderr, "Killing %d\n", pid); */ + if (pid > 0 && 0 == kill (pid, SIGTERM)) + { + for (i = 0; i < 16; ++i) + { + (void) retry_msleep(1, 0); + if (0 != kill (pid, 0) && errno == ESRCH) + return (0); + } + + (void) kill (pid, SIGKILL); + return (0); + } + if (pid > 0) + { + if (errno == ESRCH) + return 7; + if (errno == EPERM) + return 4; + return 1; + } + else + return (7); +} + +static pid_t pidofSamhain (int flag) +{ + FILE * fp; + char line[256]; + char * tail; + char * p; + pid_t pid; + long inpid; + struct stat buf; + + fp = fopen (DEFAULT_ERRLOCK, "r"); + + if (!fp) + { if (errno != ENOENT) perror(_("fopen")); return 0; } + if (NULL == fgets(line, sizeof(line), fp)) + { perror(_("fgets")); (void) fclose(fp); return 0; } + (void) fclose(fp); + p = line; + while (*p == ' ' || *p == '\f' || *p == '\n' || + *p == '\r' || *p == '\t' || *p == '\v') + ++p; + errno = 0; + inpid = strtol (p, &tail, 0); + if (p == tail || errno != 0) + { perror(_("strtol")); return 0; } + + pid = (pid_t) inpid; + if (inpid != (long) pid) + { perror(_("strtol")); return 0; } + + /* remove stale pid file + */ + if (flag == 1 && pid > 0 && 0 != kill(pid, 0) && errno == ESRCH) + { + if /*@-unrecog@*/ (0 == lstat (DEFAULT_ERRLOCK, &buf))/*@+unrecog@*/ + { + if /*@-usedef@*/(S_ISREG(buf.st_mode))/*@+usedef@*/ + { + (void) unlink(DEFAULT_ERRLOCK); + } + } + else + { + perror(_("lstat")); return 0; + } + pid = 0; + } + return pid; +} + +/* 1: start 2:stop 3:reload 4:status + */ +/*@-exitarg@*/ +static int samhainctl(int ctl, int * argc, char * argv[]) +{ + char * fullpath; + pid_t pid; + int status; + int res; + pid_t respid; + int times; + char * argp[32]; + pid_t * pidlist; + int i; + + + fullpath = strdup (SH_INSTALL_PATH); + if (fullpath == NULL) + { perror(_("strdup")); exit (1); } + + argp[0] = strdup (SH_INSTALL_PATH); + if (argp[0] == NULL) + { perror(_("strdup")); exit (1); } + + for (times = 1; times < 32; ++times) argp[times] = NULL; + + res = (*argc > 32) ? 32 : *argc; + + for (times = 2; times < res; ++times) + { + argp[times-1] = strdup (argv[times]); + if (argp[times-1] == NULL) + { perror(_("strdup")); exit (1); } + } + + if (ctl == 1) + { + pid = pidofSamhain(1); + + if (pid != 0 && 0 == kill (pid, 0)) /* already started */ + exit (0); + + pid = fork(); + switch (pid) { + case ((pid_t) -1): + perror(_("fork")); + exit (1); + case 0: + if (0 != close (0)) + { + _exit(4); + } + (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */ + if (errno == EPERM) + _exit(4); + else if (errno == ENOENT) + _exit(5); + _exit (1); + default: + times = 0; + while (times < 64) { + respid = waitpid(pid, &status, WNOHANG|WUNTRACED); + if ((pid_t)-1 == respid) + { + perror(_("waitpid")); + exit (1); + } + else if (pid == respid) + { + if (0 != WIFEXITED(status)) + { + res = WEXITSTATUS(status); + exit (res == 0 ? 0 : res ); + } + else + exit (1); + } + ++times; + (void) retry_msleep(1, 0); + } + exit (1); + } + } + + pid = pidofSamhain(0); + + if (ctl == 2) /* stop */ + { + pidlist = procdirSamhain (); + if (pid == 0 && NULL == pidlist) /* pid file not found */ + { + free(fullpath); + return (0); + } + + status = 0; + if (pid != 0) + status = killprocSamhain(pid); + if (pidlist != NULL) + { + i = 0; + while (i < 65535 && pidlist[i] != 0) + { + if (pidlist[i] != pid) + status = killprocSamhain(pidlist[i]); + ++i; + } + } + free(fullpath); + if (status == 7) + return 0; + else + return status; + } + + if (ctl == 3) /* reload */ + { + if (pid == 0) + exit (7); + if (0 == kill (pid, SIGHUP)) + exit (0); + else + { + if (errno == EPERM) + exit (4); + if (errno == ESRCH) + exit (7); + exit (1); + } + } + + if (ctl == 4) /* status */ + { + if (pid == 0) + exit (3); + if (0 == kill (pid, 0)) + exit (0); + else + { + if (errno == EPERM) + exit (4); + if (errno == ESRCH) + exit (1); + } + } + free(fullpath); /* silence smatch false positive */ + exit (1); /* no exit handler installed yet */ + /*@notreached@*/ + return (0); +} +/*@+exitarg@*/ + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#include "sh_schedule.h" +static sh_schedule_t * FileSchedOne = NULL; +static sh_schedule_t * FileSchedTwo = NULL; + +/* free a linked list of schedules + */ +static sh_schedule_t * free_sched (sh_schedule_t * isched) +{ + sh_schedule_t * current = isched; + sh_schedule_t * next = NULL; + + while (current != NULL) + { + next = current->next; + SH_FREE(current); + current = next; + } + return NULL; +} + +/* Add a new schedule to the linked list of schedules + */ +static sh_schedule_t * sh_set_schedule_int (const char * str, + sh_schedule_t * FileSchedIn, + /*@out@*/ int * status) +{ + sh_schedule_t * FileSched; + + SL_ENTER(_("sh_set_schedule_int")); + + if (0 == sl_strncmp(str, _("NULL"), 4)) + { + (void) free_sched(FileSchedIn); + FileSchedIn = NULL; + *status = 0; + return 0; + } + + FileSched = SH_ALLOC(sizeof(sh_schedule_t)); + *status = create_sched(str, FileSched); + if (*status != 0) + { + SH_FREE(FileSched); + FileSched = NULL; + SL_RETURN(FileSchedIn , _("sh_set_schedule_int")); + } + FileSched->next = FileSchedIn; + SL_RETURN(FileSched , _("sh_set_schedule_int")); +} + +/* Add a new schedule to the linked list FileSchedOne + */ +int sh_set_schedule_one (const char * str) +{ + int status; + FileSchedOne = sh_set_schedule_int (str, FileSchedOne, &status); + return status; +} + +/* Add a new schedule to the linked list FileSchedTwo + */ +int sh_set_schedule_two (const char * str) +{ + int status; + FileSchedTwo = sh_set_schedule_int (str, FileSchedTwo, &status); + return status; +} + +#endif + +/******************************************************* + * + * Main program + * + *******************************************************/ +#if !defined(SH_CUTEST) +int main(int argc, char * argv[]) +#else +int undef_main(int argc, char * argv[]) +#endif +{ +#if defined(INET_SYSLOG) + extern int create_syslog_socket (int flag); +#endif +#if defined(SH_WITH_SERVER) + extern int sh_create_tcp_socket(); +#endif + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + int modnum; + time_t runtim; + float st_1, st_2; + int status; + long cct = 0; /* main loop iterations */ + + int flag_check_1 = 0; + int flag_check_2 = 0; + + int check_done = 0; +#endif + + time_t told; + time_t tcurrent; + size_t tzlen; + char * tzptr; + int res; + +#if defined (SH_STEALTH_NOCL) + char command_line[256]; + int my_argc = 0; + char * my_argv[32]; +#endif + + SL_ENTER(_("main")); + + if (argc >= 2 && 0 != getuid() && + (0 == strcmp(argv[1], _("start")) || + 0 == strcmp(argv[1], _("stop")) || + 0 == strcmp(argv[1], _("reload")) || + 0 == strcmp(argv[1], _("force-reload")) || + 0 == strcmp(argv[1], _("status")) || + 0 == strcmp(argv[1], _("restart")))) + { + return 4; + } + + if (argc >= 2 && 0 == getuid()) + { + /* return codes: + * 0 Success + * 1 Can not send signal / start program + * 2 Pid file does not exist + */ + if (0 == strcmp(argv[1], _("start"))) + { + (void) samhainctl (1, &argc, argv); /* does not return */ + } + else if (0 == strcmp(argv[1], _("stop"))) + return (samhainctl (2, &argc, argv)); + else if (0 == strcmp(argv[1], _("reload"))) + (void) samhainctl (3, &argc, argv); /* does not return */ + else if (0 == strcmp(argv[1], _("force-reload"))) + (void) samhainctl (3, &argc, argv); /* does not return */ + else if (0 == strcmp(argv[1], _("status"))) + (void) samhainctl (4, &argc, argv); /* does not return */ + else if (0 == strcmp(argv[1], _("restart"))) + { + res = samhainctl (2, &argc, argv); + if (res == 0 || res == 7) + { + (void) samhainctl (1, &argc, argv); /* does not return */ + } + else + return (res); + } + } + + /* if fd 0 is closed, presume that we want to be daemon and + * run in check mode + */ + if ((-1) == retry_fcntl(FIL__, __LINE__, 0, F_GETFL, 0) && + errno == EBADF) + { + sh.flag.opts = S_TRUE; + (void) sh_unix_setdeamon(NULL); +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + sh.flag.checkSum = SH_CHECK_CHECK; + /* (void) sh_util_setchecksum(_("check")); */ +#endif + is_samhainctl_init = S_TRUE; + sh.flag.opts = S_FALSE; + } + + + /* --- Install the exit handler. --- + */ + (void) atexit(exit_handler); + + /* --- Zero the mailer key, and fill it. --- + */ + memset (ErrFlag, 0, 2*sizeof(UINT32)); + +#ifdef MKA_01 + ErrFlag[0] |= (1 << 0); +#endif +#ifdef MKA_02 + ErrFlag[0] |= (1 << 1); +#endif +#ifdef MKA_03 + ErrFlag[0] |= (1 << 2); +#endif +#ifdef MKA_04 + ErrFlag[0] |= (1 << 3); +#endif +#ifdef MKA_05 + ErrFlag[0] |= (1 << 4); +#endif +#ifdef MKA_06 + ErrFlag[0] |= (1 << 5); +#endif +#ifdef MKA_07 + ErrFlag[0] |= (1 << 6); +#endif +#ifdef MKA_08 + ErrFlag[0] |= (1 << 7); +#endif + +#if defined(SCREW_IT_UP) + BREAKEXIT(sh_sigtrap_prepare); + (void) sh_sigtrap_prepare(); +#endif + + /* Save the timezone. + */ + if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */ + { + tzlen = strlen(tzptr); + if (tzlen < 1024) + { + sh.timezone = malloc (tzlen + 1); + if (sh.timezone != NULL) + (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); + } + else + sh.timezone = NULL; + } + else + sh.timezone = NULL; + + + /* -------- INIT -------- + */ + + /* Restrict error logging to stderr. + */ + sh_error_only_stderr (S_TRUE); + + BREAKEXIT(sh_derr); + (void) sh_derr(); + + /* Check that first three descriptors are open. + */ + if ( retry_fcntl(FIL__, __LINE__, 0, F_GETFL, 0) == (-1)) + (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0); + if ( retry_fcntl(FIL__, __LINE__, 1, F_GETFL, 0) == (-1)) + (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 1); + if ( retry_fcntl(FIL__, __LINE__, 2, F_GETFL, 0) == (-1)) + (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 2); + + /* --- Set default values. --- + */ + BREAKEXIT(sh_init); + sh_init (); /* we are still privileged here, so we can mlock skey */ +#if (defined (SH_WITH_SERVER) && !defined (SH_WITH_CLIENT)) + sh.flag.isserver = S_TRUE; +#endif + + /* --- Get local hostname. --- + */ + BREAKEXIT(sh_unix_localhost); + sh_unix_localhost(); + + /* --- Read the command line. --- + */ + sh.flag.opts = S_TRUE; + +#if !defined(SH_STEALTH_NOCL) + sh_argc_store = argc; + sh_argv_store = argv; + (void) sh_getopt_get (argc, argv); +#else + if (argc > 1 && argv[1] != NULL && + strlen(argv[1]) > 0 && strlen(NOCL_CODE) > 0) + { + if ( 0 == strcmp(argv[1], NOCL_CODE) ) + { + my_argv[0] = argv[0]; ++my_argc; + command_line[0] = '\0'; + (void*) fgets (command_line, sizeof(command_line), stdin); + command_line[sizeof(command_line)-1] = '\0'; + do { + my_argv[my_argc] = + strtok( (my_argc == 1) ? command_line : NULL, " \n"); + if (my_argv[my_argc] != NULL) { + ++my_argc; + } else { + break; + } + } while (my_argc < 32); + + sh_argc_store = my_argc; + sh_argv_store = my_argv; + + (void) sh_getopt_get (my_argc, my_argv); + } + else + { + /* discard command line */ + /* _exit(EXIT_FAILURE) */ ; + } + } +#endif + sh.flag.opts = S_FALSE; + + + /* close all other files + */ + sh_unix_closeall(3, -1); /* after processing CL options */ + + + /* --- Get user info. --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + if (0 != sh_unix_getUser ()) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + + /* ***************************** + * + * Read the configuration file. + * + * *****************************/ + + TPT((0, FIL__, __LINE__, _("msg=\n"))) + BREAKEXIT(sh_readconf_read); + (void) sh_readconf_read (); + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (sh.flag.checkSum == SH_CHECK_NONE) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("No action specified: init, update, or check"), + _("main")); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } +#endif + + /* do not append to database if run SUID + */ + if ((sh.flag.checkSum == SH_CHECK_INIT) && (0 != sl_is_suid())) + { + (void) dlog(1, FIL__, __LINE__, + _("Cannot initialize database when running with SUID credentials.\nYou need to run this with the user ID %d.\nYour current user ID is %d."), + (int) geteuid(), (int) sh.real.uid); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_ACCESS, + (long) sh.real.uid, sh.data.path); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* avoid daemon mode for initialization + */ + if (sh.flag.checkSum == SH_CHECK_INIT) + { + sh.flag.isdaemon = S_FALSE; + sh.flag.loop = S_FALSE; + } + + if (sh.flag.isdaemon == S_TRUE) + sh_error_only_stderr (BAD); + + /* --- load database; checksum of database + */ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + TPT((0, FIL__, __LINE__, _("msg=\n"))) + if (sh.flag.checkSum == SH_CHECK_CHECK) + { + if (0 != sl_strcmp(file_path('D', 'R'), _("REQ_FROM_SERVER"))) + { + (void) sl_strlcpy(sh.data.hash, + sh_tiger_hash (file_path('D', 'R'), + TIGER_FILE, 0), + KEY_LEN+1); + } + + /* this eventually fetches the file from server to get checksum + */ + sh_hash_init (); + } +#endif + + /* --- initialize signal handling etc.; fork daemon + */ + if (sh_unix_init(sh.flag.isdaemon) == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* --- drop privileges eventually --- + */ +#if defined(SH_WITH_SERVER) + sh_create_tcp_socket (); +#if defined(INET_SYSLOG) + create_syslog_socket (S_TRUE); +#endif + SL_REQUIRE(sl_policy_get_real(DEFAULT_IDENT) == SL_ENONE, + _("sl_policy_get_real(DEFAULT_IDENT) == SL_ENONE")); +#else + SL_REQUIRE(sl_policy_get_user(DEFAULT_IDENT) == SL_ENONE, + _("sl_policy_get_user(DEFAULT_IDENT) == SL_ENONE")); +#endif + + /* --- Get user info (again). --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + if (0 != sh_unix_getUser ()) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* --- now check whether we really wanted it; if not, close --- + */ +#if defined(INET_SYSLOG) && defined(SH_WITH_SERVER) + create_syslog_socket (S_FALSE); +#endif + + + /* --- Enable full error logging --- + */ + sh_error_only_stderr (S_FALSE); + + /**************************************************** + * + * SERVER + * + ****************************************************/ + +#if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) + +#if (defined(WITH_GPG) || defined(WITH_PGP)) + /* do nothing -- we exit earlier if error */ +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, + sh.prg_name, (long) sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? + _("(hidden)") : file_path('C','R'), + sh.conf.hash); +#endif + +#else + + /**************************************************** + * + * CLIENT/STANDALONE + * + ****************************************************/ + + BREAKEXIT(sh_error_handle); + + if (sh.flag.checkSum == SH_CHECK_CHECK) + { +#if (defined(WITH_GPG) || defined(WITH_PGP)) + /* do nothing -- we exit earlier if error */ +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H, + sh.prg_name, (long) sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'), sh.conf.hash, + (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('D', 'R'), sh.data.hash); +#endif + } + else + { +#if (defined(WITH_GPG) || defined(WITH_PGP)) + /* do nothing -- we exit earlier if error */ +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, + sh.prg_name, (long) sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'), sh.conf.hash); +#endif + } +#endif + + + if ((skey == NULL) || (skey->mlock_failed == SL_TRUE)) + sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK); + + /* timer + */ + tcurrent = time (NULL); + told = tcurrent; + sh.mailTime.alarm_last = told; + + + /**************************************************** + * + * SERVER + * + ****************************************************/ + +#if defined(SH_WITH_SERVER) + TPT((0, FIL__, __LINE__, _("msg=\n"))) + +#if defined (SH_WITH_CLIENT) + if (sh.flag.isserver == S_TRUE) + { + sh_receive(); + TPT((0, FIL__, __LINE__, _("msg=\n"))) + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + } +#else + sh_receive(); + TPT((0, FIL__, __LINE__, _("msg=\n"))) + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); +#endif + +#endif + + /**************************************************** + * + * CLIENT/STANDALONE + * + ****************************************************/ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + + + /* --- Initialize modules. --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (0 != (status = modList[modnum].mod_init())) + { + if (status == (-1)) { + sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, status, + MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } else { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } + modList[modnum].initval = S_FALSE; + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, + _(modList[modnum].name)); + modList[modnum].initval = S_TRUE; + } + } + + /* -------- TEST SETUP --------- + */ + (void) sh_files_setrec(); + (void) sh_files_test_setup(); + + + /* -------- NICE LEVEL --------- + */ + if (0 != sh.flag.nice) + { +#ifdef HAVE_SETPRIORITY + /*@-unrecog@*/ + (void) setpriority(PRIO_PROCESS, 0, sh.flag.nice); + /*@+unrecog@*/ +#else + (void) nice(sh.flag.nice); +#endif + } + + /* -------- MAIN LOOP --------- + */ + sh.statistics.bytes_speed = 0; + sh.statistics.bytes_hashed = 0; + + while (1 == 1) + { + ++cct; + + BREAKEXIT(sh_error_handle); + + TPT((0, FIL__, __LINE__, _("msg=, iter=<%ld>\n"), cct)) + + tcurrent = time (NULL); + + if (sig_raised > 0) + { + + TPT((0, FIL__, __LINE__, _("msg=\n"))) + + if (sig_termfast == 1) /* SIGTERM */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + /* strncpy (sh_sig_msg, _("SIGTERM"), 20); */ + --sig_raised; --sig_urgent; + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + } + + if (sig_force_check == 1) /* SIGTTOU */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + flag_check_1 = 1; + flag_check_2 = 1; + sig_force_check = 0; + --sig_raised; + } + + if (sig_config_read_again == 1) /* SIGHUP */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_RECONF); + +#if defined(WITH_EXTERNAL) + /* delete list of external tasks + */ + (void) sh_ext_cleanup(); +#endif + /* delete the file list, make all database + * entries visible (allignore = FALSE) + */ + (void) sh_files_deldirstack (); + (void) sh_files_delfilestack (); + (void) sh_ignore_clean (); + (void) hash_full_tree (); + +#if defined(SH_WITH_CLIENT) + reset_count_dev_server(); +#endif +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + + FileSchedOne = free_sched(FileSchedOne); + FileSchedTwo = free_sched(FileSchedTwo); + + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (modList[modnum].initval == GOOD) + (void) modList[modnum].mod_reconf(); + } +#endif + +#if defined(SH_WITH_MAIL) + reset_count_dev_mail(); +#endif + reset_count_dev_console(); + reset_count_dev_time(); + + (void) sh_unix_maskreset(); + + /* Should this be included ??? + * (i.e. should we reload the database ?) + */ +#ifdef RELOAD_DATABASE + sh_hash_hashdelete(); +#endif + (void) sl_trust_purge_user(); + (void) sh_files_hle_reg (NULL); + (void) sh_prelink_run (NULL, NULL, 0); + + /* -------------------------- + * --- READ CONFIGURATION --- + * -------------------------- + */ + (void) sh_readconf_read (); + sig_config_read_again = 0; + (void) sh_files_setrec(); + (void) sh_files_test_setup(); + if (0 != sh.flag.nice) + { +#ifdef HAVE_SETPRIORITY + setpriority(PRIO_PROCESS, 0, sh.flag.nice); +#else + nice(sh.flag.nice); +#endif + } + + if (sh.flag.checkSum == SH_CHECK_INIT) + { + sh.flag.isdaemon = S_FALSE; + sh.flag.loop = S_FALSE; + } + + /* --- Initialize modules. --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))); + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (0 != (status = modList[modnum].mod_init())) + { + if (status == (-1)) { + sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, + status, MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } else { + sh_error_handle ((-1), FIL__, __LINE__, + status, MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } + modList[modnum].initval = S_FALSE; + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, + _(modList[modnum].name)); + modList[modnum].initval = S_TRUE; + } + } + + --sig_raised; + } + + if (sig_fresh_trail == 1) /* SIGIOT */ + { + /* Logfile access + */ +#ifdef SH_USE_XML + (void) sh_log_file (NULL, NULL); +#endif + TPT((0, FIL__, __LINE__, _("msg=\n"))); + sh_error_only_stderr (S_TRUE); + (void) sh_unix_rm_lock_file(sh.srvlog.name); + (void) retry_msleep(3, 0); + sh.flag.log_start = S_TRUE; + sh_error_only_stderr (S_FALSE); + sig_fresh_trail = 0; + --sig_raised; + } + + if (sig_terminate == 1) /* SIGQUIT */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + strncpy (sh_sig_msg, _("Quit"), 20); + --sig_raised; --sig_urgent; + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + } + + if (sig_debug_switch == 1) /* SIGUSR1 */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + sh_error_dbg_switch(); + sig_debug_switch = 0; + --sig_raised; + } + + if (sig_suspend_switch > 0) /* SIGUSR2 */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + if (sh_global_suspend_flag == 1) { + sh_global_suspend_flag = 0; + } else { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_SUSPEND, + sh.prg_name); + sh_global_suspend_flag = 1; + } + --sig_suspend_switch; + --sig_raised; --sig_urgent; + } + sig_raised = (sig_raised < 0) ? 0 : sig_raised; + sig_urgent = (sig_urgent < 0) ? 0 : sig_urgent; + TPT((0, FIL__, __LINE__, _("msg=\n"))); + } + + if (sh_global_suspend_flag == 1) + { + (void) retry_msleep (1, 0); + continue; + } + + /* see whether its time to check files + */ + if (sh.flag.checkSum == SH_CHECK_INIT || + (sh.flag.checkSum == SH_CHECK_CHECK && + (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE))) + { + flag_check_1 = 1; + if (FileSchedTwo != NULL) + flag_check_2 = 1; + } + else if (sh.flag.checkSum == SH_CHECK_CHECK || + (sh.flag.update == S_TRUE && + (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))) + { + if (FileSchedOne == NULL) + { + /* use interval if we have no schedule + */ + if (tcurrent - sh.fileCheck.alarm_last >= + sh.fileCheck.alarm_interval) + flag_check_1 = 1; + } + else + { + flag_check_1 = test_sched(FileSchedOne); + if (FileSchedTwo != NULL) + flag_check_2 = test_sched(FileSchedTwo); + if (flag_check_2 == 1) + flag_check_1 = 1; + } + } + + check_done = 0; + + if (sh.flag.checkSum != SH_CHECK_NONE && + (flag_check_1 == 1 || flag_check_2 == 1)) + { + /* + * check directories and files + * ORDER IS IMPORTANT -- DIRZ FIRST + */ + sh.statistics.bytes_hashed = 0; + sh.statistics.time_start = time (NULL); + sh.statistics.dirs_checked = 0; + sh.statistics.files_checked = 0; + + TPT((0, FIL__, __LINE__, _("msg=\n"))) + BREAKEXIT(sh_dirs_chk); + if (flag_check_1 == 1) + { + (void) sh_dirs_chk (1); +#ifndef SH_PROFILE + (void) chdir ("/"); +#endif + } + if (flag_check_2 == 1) + { + (void) sh_dirs_chk (2); +#ifndef SH_PROFILE + (void) chdir ("/"); +#endif + } + TPT((0, FIL__, __LINE__, _("msg=\n"))) + BREAKEXIT(sh_files_chk); + if (flag_check_1 == 1) + (void) sh_files_chk (); + + if (sig_urgent > 0) + continue; + + /* + * check for files not visited + */ + if (flag_check_2 == 1 || FileSchedTwo == NULL) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + sh_hash_unvisited (ShDFLevel[SH_ERR_T_FILE]); + } + + if (sig_urgent > 0) + continue; + + /* reset + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + sh_dirs_reset (); + if (sig_urgent > 0) + continue; + + sh_files_reset (); + flag_check_1 = 0; + flag_check_2 = 0; + check_done = 1; + + (void) sh_prelink_run (NULL, NULL, 0); + + if (sig_urgent > 0) + continue; + + runtim = time(NULL) - sh.statistics.time_start; + sh.statistics.time_check = runtim; + + if ((sh.statistics.dirs_checked == 0) && + (sh.statistics.files_checked == 0)) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_CHECK_0); + + else + { + st_1 = (float) sh.statistics.bytes_hashed; + st_2 = (float) runtim; + + + if (st_1 > FLT_EPSILON && st_2 > FLT_EPSILON) + st_1 = st_1/st_2; + else if (st_1 > FLT_EPSILON) + st_1 = (float) (st_1 * 1.0); + else + st_1 = 0.0; + + sh.statistics.bytes_speed = (unsigned long) st_1; + + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_CHECK_1, + (long) runtim, + 0.001 * st_1); + } + sh.fileCheck.alarm_last = time (NULL); + + if (sig_urgent > 0) + continue; + + /* + * flush mail queue + */ +#if defined(SH_WITH_MAIL) + TPT((0, FIL__, __LINE__, _("msg=\n"))) + (void) sh_mail_msg (NULL); +#endif + } + + if (sig_urgent > 0) + continue; + + /* execute modules + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (modList[modnum].initval == GOOD && + 0 != modList[modnum].mod_timer(tcurrent)) + if (0 != (status = modList[modnum].mod_check())) + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_EXEC, + _(modList[modnum].name), (long) status); + } + + /* 27.05.2002 avoid empty database + * 22.10.2002 moved here b/o suid check initialization + */ + if (sh.flag.checkSum == SH_CHECK_INIT) + sh_hash_pushdata (NULL, NULL); + + /* write out database + */ + if (sh.flag.checkSum == SH_CHECK_CHECK && + sh.flag.update == S_TRUE && + check_done == 1) + sh_hash_writeout (); + + /* no loop if not daemon + */ + if (sh.flag.isdaemon != S_TRUE && sh.flag.loop == S_FALSE) + break; + if (sig_urgent > 0) + continue; + + /* see whether its time to send mail + */ +#if defined(SH_WITH_MAIL) + if (tcurrent - sh.mailTime.alarm_last >= sh.mailTime.alarm_interval) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + (void) sh_mail_msg (NULL); + sh.mailTime.alarm_last = time (NULL); + } +#endif + if (sig_urgent > 0) + continue; + + /* log the timestamp + */ + if ((int)(tcurrent - told) >= sh.looptime ) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + told = tcurrent; +#ifdef MEM_DEBUG + sh_mem_check(); + sh_unix_count_mlock(); +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_STAMP); +#endif + } + + /* seed / re-seed the PRNG if required + */ + (void) taus_seed(); + + if (sig_urgent > 0) + continue; + + /* go to sleep + */ + (void) retry_msleep (1, 0); + + BREAKEXIT(sh_derr); + (void) sh_derr(); + } + + /* ------ END ----------- + */ + + + + /* + * cleanup + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))); + sh_hash_hashdelete(); + +#if defined(SH_WITH_MAIL) + if (sh.mailNum.alarm_last > 0) + (void)sh_mail_msg (NULL); +#endif + + /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + SL_RETURN(0, _("main")); +} Index: branches/samhain-2_2-branch/src/samhain_erase.c =================================================================== --- branches/samhain-2_2-branch/src/samhain_erase.c (revision 66) +++ branches/samhain-2_2-branch/src/samhain_erase.c (revision 66) @@ -0,0 +1,140 @@ +/*************************************************************************** + * + * Purpose: + * ------- + * Hide loaded kernel modules with names including the string MAGIC_HIDE + + * + * Configuration: + * ------------- + * If not building within the samhain system, you may remove the + * line '#include "config.h"' and in the line + * '#define MAGIC_HIDE SH_MAGIC_HIDE', replace SH_MAGIC_HIDE with + * "someString" (in quotes !). + */ + + +#include "config.h" + +#define MAGIC_HIDE SH_MAGIC_HIDE + +/* #define MAGIC_HIDE "someString" */ + +/* define this if you have a modversioned kernel */ +/* #define MODVERSIONS */ + +/* + * Install: + * ------- + * gcc -Wall -O2 -c samhain_erase.c + * mv samhain_hide.o /lib/modules/KERNEL_VERSION/misc/ + * + * (Replace KERNEL_VERSION with your kernel's version.) + * + * Usage: + * ----- + * To load the module: + * insmod samhain_hide (for improved safety: 'sync && insmod samhain_hide') + * + * To unload the module + * rmmod samhain_hide (for improved safety: 'sync && rmmod samhain_hide') + * + * + * Tested on: + * --------- + * Linux 2.2 + * + * Copyright: + * --------- + * Copyright (C) 2001 Rainer Wichmann (http://la-samhna.de) + * + * License: + * ------- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ***************************************************************************/ + +#define __KERNEL__ +#define MODULE + +/* The configure options (#defines) for the Kernel + */ +#include + +#ifdef CONFIG_MODVERSIONS +#include +#endif + +#include +#include +#include + +#define N_(string) string +#include "config.h" + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +#undef NULL +#define NULL ((void *)0) + + +int init_module() +{ + struct module * ptr; + struct module * prev; + int found = 0; + + ptr = &(__this_module); + prev = &(__this_module); + + /* skip this module to allow 'rmmod' + */ + ptr = ptr->next; + + while (ptr) + { + found = 0; + + if (ptr->name && ptr->name[0] != '\0') + { + /* printk("%s <%s>\n", ptr->name, SH_MAGIC_HIDE); */ + if (NULL != strstr(ptr->name, SH_MAGIC_HIDE)) + { + prev->next = ptr->next; + /* printk("-->HIDE\n"); */ + found = 1; + } + } + + if (ptr->next) + { + if (found == 0) + prev = ptr; + ptr = ptr->next; + } + else + break; + } + + return 0; +} + +void cleanup_module() +{ + return; +} + + Index: branches/samhain-2_2-branch/src/samhain_hide.c =================================================================== --- branches/samhain-2_2-branch/src/samhain_hide.c (revision 66) +++ branches/samhain-2_2-branch/src/samhain_hide.c (revision 66) @@ -0,0 +1,814 @@ +/*************************************************************************** + * + * Purpose: + * ------- + * (1) Hide files with the string MAGIC_HIDE in filename, + * where MAGIC_HIDE is defined below. + * By default, MAGIC_HIDE is defined as "samhain". + * + * (2) Hide all processes, if the executable has the string MAGIC_HIDE + * in its name. + * + * + * Configuration: + * ------------- + * If not building within the samhain system, you may remove the + * line '#include "config.h"' and in the line + * '#define MAGIC_HIDE SH_MAGIC_HIDE', replace SH_MAGIC_HIDE with + * "someString" (in quotes !). + */ + +/* #define _(string) string */ +#include "config.h" + +#undef _ +#define _(string) string + +/* define if this is a 2.6 kernel */ +/* #define LINUX26 */ + +#define MAGIC_HIDE SH_MAGIC_HIDE + +/* #define MAGIC_HIDE "someString" */ + +/* define this if you have a modversioned kernel */ +/* #define MODVERSIONS */ + +/* the address of the sys_call_table (not exported in 2.5 kernels) */ +#define MAGIC_ADDRESS SH_SYSCALLTABLE + +/* + * Install: + * ------- + * gcc -Wall -O2 -c samhain_hide.c + * mv samhain_hide.o /lib/modules/KERNEL_VERSION/misc/ + * + * (Replace KERNEL_VERSION with your kernel's version.) + * + * Usage: + * ----- + * To load the module: + * insmod samhain_hide (for improved safety: 'sync && insmod samhain_hide') + * + * To unload the module + * rmmod samhain_hide (for improved safety: 'sync && rmmod samhain_hide') + * + * + * Details: + * ------- + * The following kernel syscalls are replaced: + * sys_getdents [hide files/directories/processes (/proc/PID)] + * + * Tested on: + * --------- + * Linux 2.2, 2.4, 2.6 + * + * Copyright: + * --------- + * Copyright (C) 2001, 2002 Rainer Wichmann (http://la-samhna.de) + * + * License: + * ------- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ***************************************************************************/ + + + +/***************************************************** + * + * The defines: + * + *****************************************************/ + +/* This is a Linux Loadable Kernel Module. + */ + +#ifndef LINUX26 +#define __KERNEL__ +#define MODULE +#endif +#define LINUX + +/* Define for debugging. + */ +/* #define HIDE_DEBUG */ /* query_module */ +/* #define FILE_DEBUG */ /* getdents */ +/* #define READ_DEBUG */ /* read */ +/* #define PROC_DEBUG */ /* procfs */ + + +/***************************************************** + * + * The include files: + * + *****************************************************/ + + +/* The configure options (#defines) for the Kernel + */ +#include + +#ifndef LINUX26 +#ifdef CONFIG_MODVERSIONS +#include +#endif +#endif + + +#ifdef LINUX26 +#include +#endif + +#include + +/* File tables structures. If directory caching is used, + * will be included here, and __LINUX_DCACHE_H + * will thus be defined. + */ +#include +#include + +/* Include the SYS_syscall defines. + */ +#ifndef LINUX26 +#include +#else +#define SYS_getdents 141 +#define SYS_getdents64 220 +#endif + + +/* Includes for 'getdents' per the manpage. + */ +#include +#include +#include + +/* To access userspace memory. + */ +#include + +/* Include for lock_kernel(). + */ +#include + +/* Include for fget(). + */ +#include + +/***************************************************** + * + * The global variables: + * + *****************************************************/ + +/* The kernel syscall table. Not exported anymore in 2.5 ff., and also + * not in the RedHat 2.4 kernel. + */ + +#if 0 +extern void * sys_call_table[]; +#define sh_sys_call_table sys_call_table +#endif + +unsigned long * sh_sys_call_table = (unsigned long *) MAGIC_ADDRESS; + +/* The old address of the sys_getdents syscall. + */ +int (*old_getdents)(unsigned int, struct dirent *, unsigned int); +#ifdef __NR_getdents64 +long (*old_getdents64)(unsigned int, struct dirent64 *, unsigned int); +#endif + +char hidden[] = MAGIC_HIDE; + + +/***************************************************** + * + * The functions: + * + *****************************************************/ + + +MODULE_AUTHOR("Rainer Wichmann"); +MODULE_DESCRIPTION("Hide files/processes/modules with MAGIC_HIDE in name."); +#if defined(MODULE_LICENSE) || defined(LINUX26) +MODULE_LICENSE("GPL"); +#endif + +#ifdef LINUX26 +/* Default is to hide ourselves. + */ +static int removeme = 1; + +#ifdef MODULE_PARM +MODULE_PARM (removeme, "i"); +#else +module_param(removeme, int, 0444); +#endif + +#ifdef MODULE_PARM_DESC +MODULE_PARM_DESC(removeme, "Choose zero for not hiding."); +#endif + +/* LINUX26 */ +#endif + + +/* + * struct task_struct is defined in linux/sched.h + * + * as of 2.4.20, the vanilla kernel holds (among others): + * struct task_struct *next_task, *prev_task; + * + * Redhat kernel seems to have a different scheduler. + * use: + * struct task_struct * find_task_by_pid (int pid); + */ + +#if defined(SH_VANILLA_KERNEL) && !defined(LINUX26) +/* + * Fetch the task struct for a given PID. + */ +struct task_struct * fetch_task_struct (int pid) +{ + struct task_struct * task_ptr; + +#ifdef PROC_DEBUG + printk("FETCH TASK %d\n", pid); +#endif + + task_ptr = current; + + do + { + if (task_ptr->pid == (pid_t) pid ) + return (task_ptr); + task_ptr = task_ptr->next_task; + } + while (task_ptr != current); + +#ifdef PROC_DEBUG + printk("FETCH TASK: NOT FOUND !!!\n"); +#endif + + return (NULL); +} + +#else +/* + * RedHat 2.4.20 kernel + */ +struct task_struct * fetch_task_struct (int pid) +{ + struct task_struct * task_ptr = NULL; + task_ptr = find_task_by_pid (pid); + return (task_ptr); +} +#endif + +/* Convert a string to an int. + * Does not recognize integers with a sign (+/-) in front. + */ +int my_atoi(char * in_str) +{ + int i = 0; + int retval = 0; + int conv = 0; + + if (in_str == NULL) + return (-1); + + while(in_str[i] != '\0') + { + /* Break if not numeric. + */ + if (in_str[i] < '0' || in_str[i] > '9') + break; + + ++conv; + + /* Leading zeroes (should not happen in /proc) + */ + if (retval == 0 && in_str[i] == '0') + retval = retval; + else + retval = retval * 10; + + retval = retval + (in_str[i] - '0'); + + i++; + } + + if (conv == 0) + return (-1); + else + return (retval); +} + +/* Purpose: + * + * Hide all files/dirs that include the string MAGIC_HIDE in their + * name. + */ +int new_getdents (unsigned int fd, struct dirent *dirp, unsigned int count) +{ + int status = 0; /* Return value from original getdents */ + struct inode * dir_inode; + struct file * fd_file; + int dir_is_proc = 0; + + struct dirent * dirp_prev; + struct dirent * dirp_new; + struct dirent * dirp_current; + + int dir_table_bytes; + int forward_bytes; + struct task_struct * task_ptr; + int hide_it = 0; + long dirp_offset; + + lock_kernel(); + + status = (*old_getdents)(fd, dirp, count); + +#ifdef FILE_DEBUG + printk("STATUS %d\n", status); +#endif + + /* 0: end of directory. + * -1: some error + */ + if (status <= 0) + { + unlock_kernel(); + return (status); + } + + /* Handle directory caching. dir_inode is the inode of the directory. + */ +#if defined(files_fdtable) + { + struct fdtable *fdt = files_fdtable(current->files); + fd_file = rcu_dereference(fdt->fd[fd]); + } +#else + { + fd_file = current->files->fd[fd]; + } +#endif + +#if defined(__LINUX_DCACHE_H) + dir_inode = fd_file->f_dentry->d_inode; +#else + dir_inode = fd_file->f_inode; +#endif + + /* Check for the /proc directory + */ + if (dir_inode->i_ino == PROC_ROOT_INO +#ifndef LINUX26 + && !MAJOR(dir_inode->i_dev) && + MINOR(dir_inode->i_dev) == 1 +#endif + ) + dir_is_proc = 1; + + /* Allocate space for new dirent table. Can't use GFP_KERNEL + * (kernel oops) + */ + dirp_new = (struct dirent *) kmalloc (status, GFP_ATOMIC); + + if (dirp_new == NULL) + { + unlock_kernel(); + return (status); + } + + /* Copy the dirp table to kernel space. + */ + copy_from_user(dirp_new, dirp, status); + +#ifdef FILE_DEBUG + printk("COPY to kernel\n"); +#endif + + /* Loop over the dirp table to find entries to hide. + */ + dir_table_bytes = status; + dirp_current = dirp_new; + dirp_prev = NULL; + + while (dir_table_bytes > 0) + { + hide_it = 0; + + if (dirp_current->d_reclen == 0) + break; + + dirp_offset = dirp_current->d_off; + +#ifdef FILE_DEBUG + printk("DIRENT %d %d %ld\n", + dir_table_bytes, + dirp_current->d_reclen, + dirp_current->d_off); +#endif + + dir_table_bytes -= dirp_current->d_reclen; + forward_bytes = dirp_current->d_reclen; + +#ifdef FILE_DEBUG + printk("ENTRY %s\n", dirp_current->d_name); +#endif + + /* If /proc is scanned (e.g. by 'ps'), hide the entry for + * any process where the executable has MAGIC_HIDE in its name. + */ + if (dir_is_proc == 1) + { + task_ptr = fetch_task_struct(my_atoi(dirp_current->d_name)); + if (task_ptr != NULL) + { + if (strstr(task_ptr->comm, hidden) != NULL) + hide_it = 1; + } + } + /* If it is a regular directory, hide any entry with + * MAGIC_HIDE in its name. + */ + else + { + if (strstr (dirp_current->d_name, hidden) != NULL) + hide_it = 1; + } + + if (hide_it == 1) + { +#ifdef FILE_DEBUG + printk(" -->HIDDEN %s\n", dirp_current->d_name); +#endif + if (dir_table_bytes > 0) + { + status -= dirp_current->d_reclen; + memmove (dirp_current, + (char *) dirp_current + dirp_current->d_reclen, + dir_table_bytes); + + /* Set forward_bytes to 0, because now dirp_current is the + * (previously) next entry in the dirp table. + */ + forward_bytes = 0; + dirp_prev = dirp_current; + } + else + { + status -= dirp_current->d_reclen; + if (dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + } + else + { + dirp_prev = dirp_current; + if (dir_table_bytes == 0 && dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + /* Next entry in dirp table. + */ + if (dir_table_bytes > 0) + dirp_current = (struct dirent *) ( (char *) dirp_current + + forward_bytes); + } + + /* Copy our modified dirp table back to user space. + */ + copy_to_user(dirp, dirp_new, status); +#ifdef FILE_DEBUG + printk("COPY to user\n"); +#endif + + kfree (dirp_new); +#ifdef FILE_DEBUG + printk("KFREE\n"); +#endif + + unlock_kernel(); + return (status); +} + + +/* For 2.4 kernel + */ +#ifdef __NR_getdents64 +long new_getdents64 (unsigned int fd, struct dirent64 *dirp, + unsigned int count) +{ + long status = 0; /* Return value from original getdents */ + struct inode * dir_inode; + struct file * fd_file; + int dir_is_proc = 0; + + struct dirent64 * dirp_prev; + struct dirent64 * dirp_new; + struct dirent64 * dirp_current; + + int dir_table_bytes; + int forward_bytes; + struct task_struct * task_ptr; + int hide_it = 0; + __s64 dirp_offset; + + lock_kernel(); + + status = (*old_getdents64)(fd, dirp, count); + +#ifdef FILE_DEBUG + printk("STATUS64 %ld\n", status); +#endif + + /* 0: end of directory. + * -1: some error + */ + if (status <= 0) + { + unlock_kernel(); + return (status); + } + + /* Handle directory caching. dir_inode is the inode of the directory. + */ +#if defined(files_fdtable) + { + struct fdtable *fdt = files_fdtable(current->files); + fd_file = rcu_dereference(fdt->fd[fd]); + } +#else + { + fd_file = current->files->fd[fd]; + } +#endif + +#if defined(__LINUX_DCACHE_H) + dir_inode = fd_file->f_dentry->d_inode; +#else + dir_inode = fd_file->f_inode; +#endif + +#ifdef FILE_DEBUG + printk("INODE64\n"); +#endif + + /* Check for the /proc directory + */ + if (dir_inode->i_ino == PROC_ROOT_INO +#ifndef LINUX26 + && !MAJOR(dir_inode->i_dev) /* && + MINOR(dir_inode->i_dev) == 1 */ + /* MINOR commented out because of problems with 2.4.17 */ +#endif + ) + { + dir_is_proc = 1; + +#ifdef PROC_DEBUG + printk("PROC_CHECK64\n"); +#endif + } + + /* Allocate space for new dirent table. Can't use GFP_KERNEL + * (kernel oops) + */ + dirp_new = kmalloc ((size_t)status, GFP_ATOMIC); + +#ifdef FILE_DEBUG + printk("KMALLOC64_0\n"); +#endif + + if (dirp_new == NULL) + { + unlock_kernel(); + return (status); + } + +#ifdef FILE_DEBUG + printk("KMALLOC64\n"); +#endif + + /* Copy the dirp table to kernel space. + */ + copy_from_user(dirp_new, dirp, status); + +#ifdef FILE_DEBUG + printk("COPY64 to kernel\n"); +#endif + + /* Loop over the dirp table to find entries to hide. + */ + dir_table_bytes = status; + dirp_current = dirp_new; + dirp_prev = NULL; + + while (dir_table_bytes > 0) + { + hide_it = 0; + + if (dirp_current->d_reclen == 0) + break; + + dirp_offset = dirp_current->d_off; + +#ifdef FILE_DEBUG + printk("DIRENT %d %d %lld\n", + dir_table_bytes, + dirp_current->d_reclen, + dirp_current->d_off); +#endif + + dir_table_bytes -= dirp_current->d_reclen; + forward_bytes = dirp_current->d_reclen; + +#ifdef FILE_DEBUG + printk("ENTRY %s\n", dirp_current->d_name); +#endif + + /* If /proc is scanned (e.g. by 'ps'), hide the entry for + * any process where the executable has MAGIC_HIDE in its name. + */ + if (dir_is_proc == 1) + { +#ifdef PROC_DEBUG + printk("PROC %s\n", dirp_current->d_name); +#endif + task_ptr = fetch_task_struct(my_atoi(dirp_current->d_name)); + if (task_ptr != NULL) + { +#ifdef PROC_DEBUG + printk("PROC %s <> %s\n", task_ptr->comm, hidden); +#endif + if (strstr(task_ptr->comm, hidden) != NULL) + hide_it = 1; + } + } + /* If it is a regular directory, hide any entry with + * MAGIC_HIDE in its name. + */ + else + { + if (strstr (dirp_current->d_name, hidden) != NULL) + hide_it = 1; + } + + if (hide_it == 1) + { +#ifdef FILE_DEBUG + printk(" -->HIDDEN %s\n", dirp_current->d_name); +#endif + if (dir_table_bytes > 0) + { + status -= dirp_current->d_reclen; + memmove (dirp_current, + (char *) dirp_current + dirp_current->d_reclen, + dir_table_bytes); + + /* Set forward_bytes to 0, because now dirp_current is the + * (previously) next entry in the dirp table. + */ + forward_bytes = 0; + dirp_prev = dirp_current; + } + else + { + status -= dirp_current->d_reclen; + if (dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + } + else + { + dirp_prev = dirp_current; + if (dir_table_bytes == 0 && dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + /* Next entry in dirp table. + */ + if (dir_table_bytes > 0) + dirp_current = (struct dirent64 *) ( (char *) dirp_current + + forward_bytes); + } + + /* Copy our modified dirp table back to user space. + */ + copy_to_user(dirp, dirp_new, status); + kfree (dirp_new); + unlock_kernel(); + return (status); +} +#endif + +#ifdef LINUX26 +static struct module *find_module(const char *name) +{ + struct module *mod; + struct list_head * modules = (struct list_head *) SH_LIST_MODULES; + + list_for_each_entry(mod, modules, list) { + if (strcmp(mod->name, name) == 0) + return mod; + } + return NULL; +} +#endif + +/* The initialisation function. Automatically called when module is inserted + * via the 'insmod' command. + */ +#ifdef LINUX26 +static int __init samhain_hide_init(void) +#else +int init_module(void) +#endif +{ + + lock_kernel(); + + /* Unfortunately this does not fully prevent the module from appearing + * in /proc/ksyms. + */ +#ifndef LINUX26 + EXPORT_NO_SYMBOLS; +#endif + + /* Replace the 'sys_getdents' syscall with the new version. + */ + old_getdents = (void*) sh_sys_call_table[SYS_getdents]; + sh_sys_call_table[SYS_getdents] = (unsigned long) new_getdents; + +#ifdef __NR_getdents64 + old_getdents64 = (void*) sh_sys_call_table[SYS_getdents64]; + sh_sys_call_table[SYS_getdents64] = (unsigned long) new_getdents64; +#endif + +#ifdef LINUX26 + { + spinlock_t * modlist_lock = (spinlock_t * ) SH_MODLIST_LOCK; + struct module *mod = find_module(SH_INSTALL_NAME"_hide"); + if (mod) { + /* Delete from various lists */ + spin_lock_irq(modlist_lock); + if (removeme == 1) + { + list_del(&mod->list); + } + spin_unlock_irq(modlist_lock); + } + } +#endif + + unlock_kernel(); + return (0); +} + +/* The cleanup function. Automatically called when module is removed + * via the 'rmmod' command. + */ +#ifdef LINUX26 +static void __exit samhain_hide_cleanup(void) +#else +void cleanup_module(void) +#endif +{ + lock_kernel(); + + /* Restore the new syscalls to the original version. + */ + sh_sys_call_table[SYS_getdents] = (unsigned long) old_getdents; +#ifdef __NR_getdents64 + sh_sys_call_table[SYS_getdents64] = (unsigned long) old_getdents64; +#endif + + unlock_kernel(); +} + +#ifdef LINUX26 +module_init(samhain_hide_init); +module_exit(samhain_hide_cleanup); +#endif + + Index: branches/samhain-2_2-branch/src/samhain_setpwd.c =================================================================== --- branches/samhain-2_2-branch/src/samhain_setpwd.c (revision 66) +++ branches/samhain-2_2-branch/src/samhain_setpwd.c (revision 66) @@ -0,0 +1,494 @@ +#include "config_xor.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD) +#include +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int UINT32; +#elif defined(HAVE_LONG_32) +typedef unsigned long UINT32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short UINT32; +#endif + +#define TAUS_MAX 4294967295UL + +static UINT32 taus_state[3]; + +static UINT32 taus_get () +{ + +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12); + taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4); + taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17); + return (taus_state[0] ^ taus_state[1] ^ taus_state[2]); +} + +static void taus_seed () +{ + unsigned char buf[12]; + unsigned char buf2[12]; + unsigned char buf3[12]; + ssize_t count; + size_t nbytes = sizeof(buf); + size_t where = 0; + + struct timeval t1, t2; + UINT32 delta, k[3]; + int i, j; + + int fd = open ("/dev/urandom", O_RDONLY); + + if (fd == -1) + { + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[0], &delta, 4); + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[4], &delta, 4); + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[8], &delta, 4); + goto second; + } + + while (nbytes) { + count = read(fd, &buf[where], nbytes); + if (count == -1 && errno == EINTR) + continue; + where += count; + nbytes -= count; + } while (count == -1 && errno == EINTR); + + close(fd); + + second: + for (i = 0; i < 12; ++i) + { + gettimeofday(&t1, NULL); + if (0 == fork()) + _exit(EXIT_SUCCESS); + wait(NULL); + gettimeofday(&t2, NULL); + delta = t2.tv_usec - t1.tv_usec; + buf2[i] = (unsigned char) delta; + } + + for (i = 0; i < 12; ++i) + { + gettimeofday(&t1, NULL); + for (j = 0; j < 32768; ++j) + { + if (0 == kill (j,0)) + k[i % 3] ^= j; + } + gettimeofday(&t2, NULL); + delta = t2.tv_usec - t1.tv_usec; + buf3[i] ^= (unsigned char) delta; + } + + memcpy(&taus_state[0], &buf3[0], 4); + memcpy(&taus_state[1], &buf3[4], 4); + memcpy(&taus_state[2], &buf3[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + memcpy(&k[0], &buf2[0], 4); + memcpy(&k[1], &buf2[4], 4); + memcpy(&k[2], &buf2[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + memcpy(&k[0], &buf[0], 4); + memcpy(&k[1], &buf[4], 4); + memcpy(&k[2], &buf[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + taus_state[0] |= (UINT32) 0x03; + taus_state[1] |= (UINT32) 0x09; + taus_state[2] |= (UINT32) 0x17; +} + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#ifdef SH_STEALTH +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 32 +#endif +char * globber(const char * str) +{ + register int i, j; + static int count = -1; + static char glob[SH_MAX_GLOBS][128]; + + ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; + j = strlen(str); + if (j > 127) j = 127; + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t') + glob[count][i] = str[i] ^ XOR_CODE; + else + glob[count][i] = str[i]; + } + glob[count][j] = '\0'; + return glob[count]; +} +#endif + +/* This is a very inefficient algorithm, but there is really no + * need for anything more elaborated here. Can handle NULL's in haystack + * (not in needle), which strstr() apparently cannot. + */ +char * my_strstr (char * haystack, char * needle, int haystack_size) +{ + register int i = 0, j = 0; + register int siz; + register char * ptr = haystack; + register int len; + + siz = strlen(needle); + len = haystack_size - siz; + + while (j < len) + { + i = 0; + while (i < siz) + { + if (needle[i] != ptr[i]) break; + if (i == (siz-1)) + return ptr; + ++i; + } + ++ptr; ++j; + } + return NULL; +} + +/* fread() does not return the number of chars read, thus we need to + * read only a small number of bytes, in order not to expand the binary + * too much with the last fwrite(). Too lazy to fix this now. + */ +#define GRAB_SIZE 1024 + +int readhexchar ( char c ) +{ + if ( c >= '0' && c <= '9' ) + return c - '0'; + else if ( c >= 'a' && c <= 'f' ) + return c - 'a' + 10; + else if ( c >= 'A' && c <= 'F' ) + return c - 'A' + 10; + else return -1; +} + +int main (int argc, char * argv[]) +{ + /* the default password + */ + unsigned char TcpFlag[9] = { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7 }; + unsigned char BadFlag[9] = { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF }; + + char * found_it; + int i; + int suc = 0; + int badcnt = 0; + + char * newn; + size_t nlen; + int oldf; + int newf; + + unsigned long bytecount; + + char in[9]; + int j, k; + char ccd; + char * str; + + char * buf = (char *) malloc(GRAB_SIZE); + size_t dat; + char * newpwd = (char *) malloc(5 * 8 + 2); + char * oldpwd = (char *) malloc(5 * 8 + 2); + + memset (newpwd, '\0', 5 * 8 + 2); + memset (oldpwd, '\0', 5 * 8 + 2); + + + if (argc < 4) + { + fprintf (stderr, _("\nUsage: samhain_setpwd "\ + "\n\n")); + fprintf (stderr, _(" This program is a utility that will:\n")); + fprintf (stderr, _(" - search in the binary executable "\ + "for samhain's\n")); + fprintf (stderr, _(" compiled-in default password,\n")); + fprintf (stderr, _(" - change it to ,\n")); + fprintf (stderr, _(" - and output the modified binary to "\ + ".\n\n")); + fprintf (stderr, _(" To allow for non-printable chars, "\ + " must be\n")); + fprintf (stderr, _(" a 16-digit hexadecimal "\ + "number (only 0-9,A-F allowed in input),\n")); + fprintf (stderr, _(" thus corresponding"\ + " to an 8-byte password.\n\n")); + fprintf (stderr, _(" Example: 'samhain_setpwd samhain new "\ + "4142434445464748'\n")); + fprintf (stderr, _(" takes the file 'samhain', sets the password to "\ + "'ABCDEFGH'\n")); + fprintf (stderr, _(" ('A' = 41 hex, 'B' = 42 hex, ...) "\ + "and outputs the result\n")); + fprintf (stderr, _(" to 'samhain.new'.\n")); + return EXIT_FAILURE; + } + + if (strlen(argv[3]) != 16) + { + fprintf (stdout, _("ERROR %s has not exactly 16 chars\n"), + argv[0]); + fflush(stdout); + return EXIT_FAILURE; + } + + + str = &argv[3][0]; + i = 0; + while (i < 16) + { + k = i/2; j = 0; + if (2*k == i) in[k] = 0; + while (j < 16) + { + if (-1 != readhexchar(str[i])) + { + in[k] += readhexchar(str[i]) * (i == 2*k ? 16 : 1); + break; + } + ++j; + if (j == 16) + { + fprintf(stdout, _("ERROR Invalid char %c\n"), str[i]); + fflush(stdout); + return EXIT_FAILURE; + } + } + ++i; + } + in[8] = '\0'; + + /* ---- initialize ----- + */ + (void) umask (0); + + taus_seed(); + + bytecount = 0; + + + /* ---- open files ----- + */ + + oldf = open(argv[1], O_RDONLY); + + nlen = strlen(argv[1])+strlen(argv[2])+2; + newn = (char *) malloc (nlen); + strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; + strncat(newn, ".", nlen); newn[nlen-1] = '\0'; + strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; + newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); + + if (oldf < 0) + { + fprintf(stdout, _("ERROR Cannot open input file %s.\n"), argv[1]); + fflush(stdout); + return EXIT_FAILURE; + } + if (newf < 0) + { + fprintf(stdout, _("ERROR Cannot open output file %s.\n"), newn); + fflush(stdout); + return EXIT_FAILURE; + } + + /* ---- scan file ----- + */ + + + while (1) + { + dat = read (oldf, buf, GRAB_SIZE); + if (dat == 0) + break; + + bytecount += dat; + + while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL) + { + suc = 1; + fprintf (stdout, _("INFO old password found\n")); + fflush(stdout); + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) in[i]); + *found_it = in[i]; + ++found_it; + } + fprintf (stdout, _("INFO replaced: %s by: %s\n"), + oldpwd, newpwd); + fflush(stdout); + } + + while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL) + { + badcnt++; + /* fprintf (stderr, _("INFO old filler found\n")); */ + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + + ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0))); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) ccd); + *found_it = ccd; + + ++found_it; + } + /* fprintf (stderr, _("INFO replaced: %s by: %s\n"), + oldpwd, newpwd); + */ + } + + + write (newf, buf, dat); + } + + if (suc == 1 && badcnt == 7) + { + fprintf (stdout, _("INFO finished\n")); + close (newf); + close (oldf); + fflush(stdout); + return (0); + } + + lseek (oldf, 0, SEEK_SET); + lseek (newf, 0, SEEK_SET); + + fprintf (stdout, _("INFO Not found in first pass.\n")); + fprintf (stdout, _("INFO Second pass ..\n")); + + /* offset the start point + */ + + dat = read (oldf, buf, (GRAB_SIZE / 2)); + write (newf, buf, dat); + + bytecount = 0; + suc = 0; + badcnt = 0; + + while (1) + { + dat = read (oldf, buf, GRAB_SIZE); + if (dat == 0) + break; + + bytecount += dat; + + while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL) + { + suc = 1; + fprintf (stdout, _("INFO old password found\n")); + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) in[i]); + *found_it = in[i]; + ++found_it; + } + fprintf (stdout, _("INFO Replaced: %s by: %s\n"), + oldpwd, newpwd); + } + + while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL) + { + badcnt++; + /* fprintf (stderr, _("INFO old filler found\n")); */ + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + + ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0)); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) ccd); + *found_it = ccd; + + ++found_it; + } + /* fprintf (stderr, _("INFO Replaced: %s by: %s\n"), + oldpwd, newpwd);*/ + } + + write (newf, buf, dat); + } + + close (newf); + close (oldf); + + if (suc == 1 && badcnt == 7) + { + fprintf (stdout, _("INFO finished\n")); + fflush(stdout); + return 0; + } + + if (suc == 0 || badcnt < 7) + { + fprintf (stdout, _("ERROR incomplete replacement\n")); + } + else + { + fprintf (stdout, _("ERROR bad replacement\n")); + } + fflush(stdout); + return EXIT_FAILURE; +} Index: branches/samhain-2_2-branch/src/samhain_stealth.c =================================================================== --- branches/samhain-2_2-branch/src/samhain_stealth.c (revision 66) +++ branches/samhain-2_2-branch/src/samhain_stealth.c (revision 66) @@ -0,0 +1,458 @@ +#include "config_xor.h" + +#ifdef HAVE_BROKEN_INCLUDES +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef SH_BUFSIZE +#define SH_BUFSIZE 1024 +#endif + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#ifdef SH_STEALTH + +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 32 +#endif + +#ifndef GLOB_LEN +#define GLOB_LEN 511 +#endif + +char * globber(const char * str) +{ + register int i, j; + static int count = -1; + static char glob[SH_MAX_GLOBS][GLOB_LEN+1]; + + ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; + j = strlen(str); + if (j > GLOB_LEN) j = GLOB_LEN; + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t') + glob[count][i] = str[i] ^ XOR_CODE; + else + glob[count][i] = str[i]; + } + glob[count][j] = '\0'; + return glob[count]; +} +#endif + +static unsigned long off_data; + +char sh_util_charhex( int c ) +{ + if ( c >= 0 && c <= 9 ) + return '0' + c; + else if ( c >= 10 && c <= 15 ) + return 'a' + (c - 10); + else + { + fprintf(stderr, _("Out of range: %d\n"), c); + return 'X'; + } +} + +int sh_util_hexchar( char c ) +{ + if ( c >= '0' && c <= '9' ) + return c - '0'; + else if ( c >= 'a' && c <= 'f' ) + return c - 'a' + 10; + else if ( c >= 'A' && c <= 'F' ) + return c - 'A' + 10; + else return -1; +} + +/* --------- third step ----------- + * + * get data from a block of hex data + */ +int hideout_hex_block(int fd, unsigned char * str, int len) +{ + register int i, j, k; + unsigned char c, e; + register int num; + unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + unsigned long here = 0; + unsigned long retval = 0; + + i = 0; + while (i < len) + { + for (j = 0; j < 8; ++j) + { + + /* get a low byte, modify, read back */ + for (k = 0; k < 2; ++k) + { + c = ' '; + do { + do { + num = read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num == 0) return -1; + ++here; + } while (c == '\n' || c == '\t' || c == '\r' || + c == ' '); + } + + + /* e is the value of the low byte + */ + e = (unsigned char) sh_util_hexchar( c ); + if ((e & mask[7]) != 0) /* bit is set */ + str[i] |= mask[j]; + else /* bit is not set */ + str[i] &= ~mask[j]; + + } + if (str[i] == '\n') break; + ++i; + } + str[i+1] = '\0'; + retval += here; + return retval; +} + +/* --------- second step ----------- + * + * hide data in a block of hex data + */ +int hidein_hex_block(int fd, char * str, int len) +{ + register int i, j, k; + unsigned char c, d, e; + register int num; + unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + unsigned long here = 0; + unsigned long retval = 0; + + for (i = 0; i < len; ++i) + { + d = str[i]; + for (j = 0; j < 8; ++j) + { + + /* get a low byte, modify, read back */ + for (k = 0; k < 2; ++k) + { + c = ' '; + do { + do { + num = read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num == 0) return -1; + ++here; + } while (c == '\n' || c == '\t' || c == '\r' || + c == ' '); + } + + /* e is the value of the low byte + */ + e = (unsigned char) sh_util_hexchar( c ); + if ((d & mask[j]) != 0) /* bit is set */ + e |= mask[7]; + else /* bit is not set */ + e &= ~mask[7]; + + e = sh_util_charhex ( e ); + lseek(fd, -1, SEEK_CUR); + do { + num = write(fd, &e, 1); + } while (num == 0 && errno == EINTR); + } + } + retval += here; + return retval; +} + +/* --------- first step ----------- + * + * find first block of hex data + */ +unsigned long first_hex_block(int fd, unsigned long * max) +{ + int i; + register int num = 1; + char c; + int nothex = 0; + unsigned long retval = 0; + int this_line = 0; + char theline[SH_BUFSIZE]; + + *max = 0; + + while (1) + { + theline[0] = '\0'; + this_line = 0; + c = '\0'; + while (c != '\n' && num > 0) + { + do { + num = read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num > 0) theline[this_line] = c; + else return 0; + this_line += num; + } + theline[this_line] = '\0'; + + /* not only 'newline' */ + if (this_line > 60) + { + nothex = 0; + i = 0; + while (nothex == 0 && i < (this_line-1)) + { + if (! isxdigit((int)theline[i])) nothex = 1; + ++i; + } + if (nothex == 1) retval += this_line; + } + else + { + nothex = 1; + retval += this_line; + } + + if (nothex == 0) + { + *max = 0; + do { + do { + num = read (fd, theline, SH_BUFSIZE); + } while (num == 0 && errno == EINTR); + for (i = 0; i < num; ++i) + { + c = theline[i]; + if (c == '\n' || c == '\t' || c == '\r' || c == ' ') + ; + else if (!isxdigit((int)c)) + break; + else + *max += 1; + } + } while (num > 0); + + *max /= 16; + return retval; + } + + } + /* return 0; *//* unreachable */ +} + +static void usage () +{ + fprintf(stdout, _("\nUsage: samhain_stealth -i|s|g|o "\ + "[what]\n\n")); + + fprintf(stdout, _(" -i info on PS image 'where'\n")); + fprintf(stdout, _(" (how much bytes can be hidden in it).\n")); + fprintf(stdout, _(" -s hide file 'what' in PS image 'where'\n")); + fprintf(stdout, _(" -g get hidden data from PS image 'where'\n")); + fprintf(stdout, _(" (output to stdout)\n\n")); + fprintf(stdout, _(" -o size of file 'where' = offset to "\ + "end-of-file\n")); + fprintf(stdout, _(" (same as wc -c).\n")); + + fprintf(stdout, _(" This program hides a file in an UNCOMPRESSED "\ + "postscript\n")); + fprintf(stdout, _(" image. To generate such an image, you may "\ + "use e.g.:\n")); + fprintf(stdout, _(" 'convert +compress foo.jpg bar.ps'.\n")); + fprintf(stdout, _(" 'gimp' apparently saves postscript uncompressed "\ + "by default\n")); + fprintf(stdout, _(" (V 1.06 of the postscript plugin).\n")); + fprintf(stdout, _(" 'xv' seems to save with run-length compression, "\ + "which is unsuitable.\n")); + fprintf(stdout, _(" The program does not check the compression type of "\ + "the PS file.\n")); + fprintf(stdout, _(" Just have a look at the result to check.\n\n")); + return; +} + +int main (int argc, char * argv[]) +{ + int fd; + int add_off; + unsigned long max; + char buf[1024]; + FILE * infil; + int pgp_flag = 0; + + if (argc == 2 && argv[1][0] == '-' && argv[1][1] == 'h') + { + usage(); + return (0); + } + if (argc == 2 && 0 == strcmp(argv[1], _("--help"))) + { + usage(); + return (0); + } + + if (argc < 3 || argv[1][0] != '-' || + (argv[1][1] != 'o' && argv[1][1] != 'i' && + argv[1][1] != 's' && argv[1][1] != 'g')) + { + usage (); + return (1); + } + + + + /* offset to end + */ + if (argv[1][1] == 'o') + { + fd = open(argv[2], O_RDONLY); + if (fd == -1) + { + fprintf(stderr, _("Error: could not open() %s for reading\n"), argv[2]); + return (1); + } + + off_data = lseek (fd, 0, SEEK_END); + fprintf(stdout, _("%ld %s\n"), + off_data, argv[2]); + close (fd); + return (0); + } + + fd = open(argv[2], O_RDWR); + if (fd == -1) + { + fprintf(stderr, _("Error: could not open() %s for read/write\n"), + argv[2]); + return (1); + } + + /* find the first block of hex data + */ + if (argv[1][1] == 'i') + { + off_data = first_hex_block(fd, &max); + fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"), + off_data, max); + if (max > 0) + return (0); + else + { + fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); + return (1); + } + } + + /* seek to the first block of fresh hex data and hide data + */ + if (argv[1][1] == 's') + { + infil = fopen(argv[3], "r"); + if (infil == NULL) + { + fprintf(stderr, _("Error: could not open() %s\n"), argv[3]); + return (8); + } + off_data = first_hex_block(fd, &max); + fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"), + off_data, max); + if (max == 0) + { + fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); + return (1); + } + + fprintf(stdout, _(" .. hide %s in %s .. \n"), argv[3], argv[2]); + while (fgets(buf, sizeof(buf), infil)) + { + lseek(fd, off_data, SEEK_SET); + add_off = hidein_hex_block(fd, buf, strlen(buf)); + if (add_off == -1) + { + fprintf(stderr, _("Error: %s has insufficient capacity\n"), + argv[2]); + return (1); + } + off_data += add_off; + } + fclose(infil); + /* + * make sure there is a terminator + */ + lseek(fd, off_data, SEEK_SET); + add_off = hidein_hex_block(fd, _("[EOF]\n"), 6); + if (add_off == -1) + { + fprintf(stderr, _("Error: %s has insufficient capacity\n"), + argv[2]); + return (1); + } + fprintf(stdout, _(" .. finished\n")); + return (0); + } + + if (argv[1][1] == 'g') + { + off_data = first_hex_block(fd, &max); + if (max == 0) + { + fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); + return (1); + } + lseek(fd, off_data, SEEK_SET); + + while (1 == 1) + { + add_off = hideout_hex_block(fd, (unsigned char *) buf, 1023); + if (add_off == -1) + { + fprintf(stderr, _("Error: premature end of data in %s\n"), + argv[2]); + return (1); + } + if (0 == strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n"))) + pgp_flag = 1; + fprintf(stdout, "%s", buf); + if (0 == strncmp(buf, _("[EOF]"), 5) && pgp_flag == 0) + break; + if (0 == strcmp(buf, _("-----END PGP SIGNATURE-----\n")) && + pgp_flag == 1) + break; + + off_data += add_off; + lseek(fd, off_data, SEEK_SET); + } + return (0); + } + + fprintf(stderr, _("Invalid mode of operation: %s"), argv[1]); + return (1); +} + + Index: branches/samhain-2_2-branch/src/sh_calls.c =================================================================== --- branches/samhain-2_2-branch/src/sh_calls.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_calls.c (revision 66) @@ -0,0 +1,767 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#ifdef HOST_IS_HPUX +#define _XOPEN_SOURCE_EXTENDED +#endif + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifndef S_SPLINT_S +#include +#else +#define AF_INET 2 +#endif + +#include + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +#include "samhain.h" +#include "sh_error.h" +#include "sh_calls.h" + +#undef FIL__ +#define FIL__ _("sh_calls.c") + +char aud_err_message[64]; + +typedef struct cht_struct +{ + char * str; + unsigned long val; +} cht_type; + +static cht_type aud_tab[] = +{ + { N_("execve"), AUD_EXEC }, + { N_("utime"), AUD_UTIME }, + { N_("unlink"), AUD_UNLINK }, + { N_("dup"), AUD_DUP }, + { N_("chdir"), AUD_CHDIR }, + { N_("open"), AUD_OPEN }, + { N_("kill"), AUD_KILL }, + { N_("exit"), AUD_EXIT }, + { N_("fork"), AUD_FORK }, + { N_("setuid"), AUD_SETUID }, + { N_("setgid"), AUD_SETGID }, + { N_("pipe"), AUD_PIPE }, + { NULL, 0 } +}; + +/* Set aud functions + */ +int sh_aud_set_functions(const char * str_s) +{ + int i = 0; + + SL_ENTER(_("sh_aud_set_functions")); + + if (str_s == NULL) + return -1; + + while (aud_tab[i].str != NULL) + { + if (NULL != sl_strstr (str_s, _(aud_tab[i].str))) + { + sh.flag.audit = 1; + sh.flag.aud_mask |= aud_tab[i].val; + } + ++i; + } + + SL_RETURN(0,_("sh_aud_set_functions")); +} + + + + +/* Need to catch EINTR for these functions. + */ +long int retry_sigaction(char * file, int line, + int signum, const struct sigaction *act, + struct sigaction *oldact) +{ + int error; + long int val_retry = -1; + errno = 0; + + SL_ENTER(_("retry_sigaction")); + + do { + val_retry = sigaction(signum, act, oldact); + } while (val_retry < 0 && errno == EINTR); + + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_SIGACT, + sh_error_message(error), + (long) signum ); + } + errno = error; + SL_RETURN(val_retry, _("retry_sigaction")); +} + +static struct in_addr bind_addr; +static int use_bind_addr = 0; + +int sh_calls_set_bind_addr (const char * str) +{ + static int reject = 0; + + if (reject == 1) + return (0); + + if (sh.flag.opts == S_TRUE) + reject = 1; + + if (0 == /*@-unrecog@*/inet_aton(str, &bind_addr)/*@+unrecog@*/) + { + return -1; + } + use_bind_addr = 1; + return 0; +} + + +long int retry_connect(char * file, int line, int sockfd, + struct sockaddr *serv_addr, int addrlen) +{ + int error; + long int val_retry = 0; + static struct sockaddr_in new_addr; + + SL_ENTER(_("retry_connect")); + + errno = 0; + + if (0 != use_bind_addr) + { + memcpy(&new_addr.sin_addr, &bind_addr, sizeof(struct in_addr)); + new_addr.sin_family = AF_INET; + + val_retry = /*@-unrecog@*/bind(sockfd, + (struct sockaddr*)&new_addr, + sizeof(struct sockaddr_in))/*@+unrecog@*/; + } + + if (val_retry == 0) + { + do { + val_retry = + /*@-unrecog@*/connect(sockfd, serv_addr, addrlen)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + } + + error = errno; + if (val_retry != 0) { + /* ugly cast back to struct sockaddr_in :-( + */ + sh_error_handle ((-1), file, line, error, MSG_ERR_CONNECT, + sh_error_message(error), + (long) sockfd, + /*@-unrecog -type@*/ + (long) ntohs(((struct sockaddr_in *)serv_addr)->sin_port), + /*@+unrecog +type@*/ +#ifdef HAVE_INET_ATON + /*@-unrecog -type@*/ + inet_ntoa( ((struct sockaddr_in *)serv_addr)->sin_addr ) + /*@+unrecog +type@*/ +#else + _("unknown") +#endif + ); + } + errno = error; + SL_RETURN(val_retry, _("retry_connect")); +} + +long int retry_accept(char * file, int line, int fd, + struct sockaddr *serv_addr, int * addrlen) +{ + int error; + long int val_retry = -1; + ACCEPT_TYPE_ARG3 my_addrlen = (ACCEPT_TYPE_ARG3) *addrlen; + + errno = 0; + + SL_ENTER(_("retry_accept")); + + do { + val_retry = /*@-unrecog@*/accept(fd, serv_addr, &my_addrlen)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + *addrlen = (int) my_addrlen; + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_ACCEPT, + sh_error_message(error), + (long) fd ); + } + errno = error; + SL_RETURN(val_retry, _("retry_accept")); +} + +long int retry_lstat(char * file, int line, + const char *file_name, struct stat *buf) +{ + int error; + long int val_retry = -1; + + SL_ENTER(_("retry_lstat")); + + do { + val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + error = errno; + if (val_retry < 0) { + (void) sl_strlcpy(aud_err_message, sh_error_message(error), 64); + sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT, + sh_error_message(error), + file_name ); + } + errno = error; + SL_RETURN(val_retry, _("retry_lstat")); +} + +long int retry_stat(char * file, int line, + const char *file_name, struct stat *buf) +{ + int error; + long int val_retry = -1; + + SL_ENTER(_("retry_stat")); + + do { + val_retry = stat (file_name, buf); + } while (val_retry < 0 && errno == EINTR); + error = errno; + if (val_retry < 0) { + (void) sl_strlcpy(aud_err_message, sh_error_message(error), 64); + sh_error_handle ((-1), file, line, error, MSG_ERR_STAT, + sh_error_message(error), + file_name ); + } + errno = error; + SL_RETURN(val_retry, _("retry_stat")); +} + +long int retry_fstat(char * file, int line, int filed, struct stat *buf) +{ + int error; + long int val_retry = -1; + + SL_ENTER(_("retry_fstat")); + + do { + val_retry = fstat (filed, buf); + } while (val_retry < 0 && errno == EINTR); + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_FSTAT, + sh_error_message(error), + (long) filed ); + } + errno = error; + SL_RETURN(val_retry, _("retry_fstat")); +} + +long int retry_fcntl(char * file, int line, int fd, int cmd, long arg) +{ + int error; + long int val_retry = -1; + errno = 0; + + SL_ENTER(_("retry_fcntl")); + + if (cmd == F_GETFD || cmd == F_GETFL) + { + do { + val_retry = fcntl(fd, cmd); + } while (val_retry < 0 && errno == EINTR); + } + else + { + do { + val_retry = fcntl(fd, cmd, arg); + } while (val_retry < 0 && errno == EINTR); + } + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_FCNTL, + sh_error_message(error), + (long) fd, (long) cmd, arg ); + } + errno = error; + SL_RETURN(val_retry, _("retry_fcntl")); +} + +long int retry_msleep (int sec, int millisec) +{ + int result = 0; +#if defined(HAVE_NANOSLEEP) + struct timespec req, rem; +#endif + + SL_ENTER(_("retry_fcntl")); + + errno = 0; + if (millisec > 999) millisec = 999; + if (millisec < 0) millisec = 0; + if (sec < 0) sec = 0; + +#if defined(HAVE_NANOSLEEP) + /*@-usedef@*/ + req.tv_sec = sec; rem.tv_sec = 0; + req.tv_nsec = millisec * 1000000; rem.tv_nsec = 0; + /*@+usedef@*/ + do { + result = /*@-unrecog@*/nanosleep(&req, &rem)/*@+unrecog@*/; + + req.tv_sec = rem.tv_sec; rem.tv_sec = 0; + req.tv_nsec = rem.tv_nsec; rem.tv_nsec = 0; + + } while ((result == -1) && (errno == EINTR)); +#else + if (sec > 0) + { + sleep (sec); + } + else + { +#ifdef HAVE_USLEEP + if (millisec > 0) + { + usleep(1000 * millisec); + } +#else + if (millisec > 0) + { + sleep (1); + } +#endif + } +#endif + SL_RETURN(result, _("retry_msleep")); +} + +/*************************************************** + * + * Audit these functions. + * + ***************************************************/ + +long int retry_aud_execve (char * file, int line, + const char *dateiname, char * argv[], + char * envp[]) +{ + uid_t a = geteuid(); + gid_t b = getegid(); + int i; + int error; + + SL_ENTER(_("retry_aud_execve")); + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXEC) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_EXEC, + dateiname, (long) a, (long) b ); + do { + i = execve(dateiname, argv, envp); + } while (i < 0 && errno == EINTR); + + error = errno; + if (i < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_EXEC, sh_error_message(error), + dateiname, (long) a, (long) b ); + } + errno = error; + SL_RETURN(i, _("retry_aud_execve")); +} + + +long int retry_aud_utime (char * file, int line, + char * path, struct utimbuf *buf) +{ + long int val_return; + int error; + errno = 0; + + SL_ENTER(_("retry_aud_utime")); + + do { + val_return = utime (path, buf); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UTIME) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_UTIME, + path, + (unsigned long) buf->actime, + (unsigned long) buf->modtime); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_UTIME, + sh_error_message(error), + path, + (unsigned long) buf->actime, + (unsigned long) buf->modtime); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_utime")); +} + +long int retry_aud_unlink (char * file, int line, + char * path) +{ + long int val_return; + int error; + errno = 0; + + SL_ENTER(_("retry_aud_unlink")); + + do { + val_return = unlink (path); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UNLINK) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_UNLINK, + path); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_UNLINK, sh_error_message(error), + path); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_unlink")); +} + +long int retry_aud_dup2 (char * file, int line, + int fd, int fd2) +{ + long int val_return; + int error; + errno = 0; + + SL_ENTER(_("retry_aud_dup2")); + + do { + val_return = dup2 (fd, fd2); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP, + (long) fd, val_return); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_DUP, + sh_error_message(error), + (long) fd, val_return); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_dup2")); +} + +long int retry_aud_dup (char * file, int line, + int fd) +{ + long int val_return; + int error; + errno = 0; + + SL_ENTER(_("retry_aud_dup")); + + do { + val_return = dup (fd); + } while (val_return < 0 && errno == EINTR); + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP, + (long) fd, val_return); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_DUP, + sh_error_message(error), + (long) fd, val_return); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_dup")); +} + + + +long int retry_aud_chdir (char * file, int line, + const char *path) +{ + long int val_return; + int error = 0; + errno = 0; + + SL_ENTER(_("retry_aud_chdir")); + + do { + val_return = chdir (path); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_CHDIR) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_CHDIR, + path); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_CHDIR, sh_error_message(error), + path); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_chdir")); +} + + +long int aud_open_noatime (char * file, int line, int privs, + const char *pathname, int flags, mode_t mode, + int * o_noatime) +{ + long int val_return; + int error; + + SL_ENTER(_("aud_open")); + + val_return = open (pathname, *o_noatime|flags, mode); + if ((val_return < 0) && (*o_noatime != 0)) + { + val_return = open (pathname, flags, mode); + if (val_return >= 0) + *o_noatime = 0; + } + error = errno; + /*@-noeffect@*/ + (void) privs; /* fix compiler warning */ + /*@+noeffect@*/ + + if (val_return < 0) + { + (void) sl_strlcpy(aud_err_message, sh_error_message(error), 64); + } + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0) + { + sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN, + pathname, (long) flags, (long) mode, val_return); + } + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN, + sh_error_message(error), + pathname, (long) flags, (long) mode, val_return); + } + errno = error; + SL_RETURN(val_return, _("aud_open")); +} + +long int aud_open (char * file, int line, int privs, + const char *pathname, int flags, mode_t mode) +{ + long int val_return; + int error; + + SL_ENTER(_("aud_open")); + + val_return = open (pathname, flags, mode); + error = errno; + /*@-noeffect@*/ + (void) privs; /* fix compiler warning */ + /*@+noeffect@*/ + + if (val_return < 0) + { + (void) sl_strlcpy(aud_err_message, sh_error_message(error), 64); + } + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0) + { + sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN, + pathname, (long) flags, (long) mode, val_return); + } + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN, + sh_error_message(error), + pathname, (long) flags, (long) mode, val_return); + } + errno = error; + SL_RETURN(val_return, _("aud_open")); +} + +long int aud_kill (char * file, int line, pid_t pid, int sig) +{ + int myerror; + long int val_return = kill (pid, sig); + myerror = errno; + + SL_ENTER(_("aud_kill")); + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_KILL) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_KILL, + (long) pid, (long) sig); + if (val_return < 0) { + sh_error_handle ((-1), file, line, myerror, MSG_ERR_KILL, + sh_error_message(myerror), + (long) pid, (long) sig); + } + errno = myerror; + SL_RETURN(val_return, _("aud_kill")); +} + +/*@noreturn@*/ +void aud_exit (char * file, int line, int fd) +{ + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT, + (long) fd); + + SL_ENTER(_("aud_exit")); + + sh.flag.exit = fd; + exit(fd); +} + +/*@noreturn@*/ +void aud__exit (char * file, int line, int fd) +{ + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT, + (long) fd); + + SL_ENTER(_("aud__exit")); + + sh.flag.exit = fd; + _exit(fd); +} + +pid_t aud_fork (char * file, int line) +{ + int error; + pid_t i = fork(); + + error = errno; + SL_ENTER(_("aud_fork")); + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_FORK) != 0 && (i > 0)) + sh_error_handle ((-1), file, line, 0, MSG_AUD_FORK, + (long) i); + if (i == (pid_t) -1) { + sh_error_handle ((-1), file, line, error, MSG_ERR_FORK, + sh_error_message(error), + (long) i); + } + errno = error; + SL_RETURN(i, _("aud_fork")); +} + +int aud_setuid (char * file, int line, uid_t uid) +{ + int error = 0; + int i = 0; + + SL_ENTER(_("aud_setuid")); + + if (uid != (uid_t) 0) { + i = setuid(uid); + error = errno; + } + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETUID) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_SETUID, + (long) uid); + if (uid == (uid_t) 0) { + i = setuid(uid); + error = errno; + } + if (i < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_SETUID, + sh_error_message(error), + (long) uid); + } + errno = error; + SL_RETURN(i, _("aud_setuid")); +} + +int aud_setgid (char * file, int line, gid_t gid) +{ + int error = 0; + int i = 0; + + SL_ENTER(_("aud_setgid")); + + if (gid != (gid_t) 0) { + i = setgid(gid); + error = errno; + } + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETGID) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_SETGID, + (long) gid); + if (gid == (gid_t) 0) { + i = setgid(gid); + error = errno; + } + if (i < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_SETGID, + sh_error_message(error), + (long) gid); + } + errno = error; + SL_RETURN(i, _("aud_setgid")); +} + +int aud_pipe (char * file, int line, int * modus) +{ + int error; + int i = pipe (modus); + + SL_ENTER(_("aud_pipe")); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_PIPE) != 0) + { + if (i < 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE, + (long) 0, (long) 0); + else + sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE, + (long) modus[0], (long) modus[1]); + } + if (i < 0) { + if (i < 0) + sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE, + sh_error_message(error), + (long) 0, (long) 0); + else + sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE, + sh_error_message(error), + (long) modus[0], (long) modus[1]); + } + SL_RETURN(i, _("aud_pipe")); +} Index: branches/samhain-2_2-branch/src/sh_cat.c =================================================================== --- branches/samhain-2_2-branch/src/sh_cat.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_cat.c (revision 66) @@ -0,0 +1,630 @@ +#include "config_xor.h" + +#include "samhain.h" +#include "sh_error.h" + +#include "sh_cat.h" + +/*@-nullassign@*/ + +char * class_cat[] = { + N_("AUD"), /* 0 */ + N_("PANIC"), /* 1 */ + N_("RUN_OLD"), /* 2 */ + N_("FIL_OLD"), /* 3 */ + N_("TCP"), /* 4 */ + N_("ERR"), /* 5 */ + N_("STAMP"), /* 6 */ + N_("ENET"), /* 7 */ + N_("EINPUT"), /* 8 */ + + /* new simplified classes */ + N_("EVENT"), /* 9 */ + N_("START"), /* 10 */ + N_("LOGKEY"), /* 11 */ + N_("OTHER"), /* 12 */ + /* end simplified classes */ + + N_("RUN"), /* 13 */ + N_("FIL"), /* 14 */ + N_("ERROR"), /* 15 */ + NULL +}; + + +#ifdef SH_USE_XML + +cat_entry msg_cat[] = { + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=\"Checksum\" chk=\"%s\" path=\"%s\"")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=\"d: %3ld, -: %3ld, l: %3ld, |: %3ld, s: %3ld, c: %3ld, b: %3ld\"")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=\"Checking\" path=\"%s\"")}, +#endif + + { MSG_EXIT_ABORTS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC %s\" program=\"%s\" subroutine=\"%s\"")}, + { MSG_START_SRV, SH_ERR_STAMP, START, N_("msg=\"Server up, simultaneous connections: %d\" socket_id=\"%d\"")}, + + { MSG_EXIT_ABORT1, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC Error initializing the application\" program=\"%s\"")}, + { MSG_EXIT_NORMAL, SH_ERR_FATAL, START, N_("msg=\"EXIT\" program=\"%s\" status=\"%s\"")}, + { MSG_START_KEY_MAIL, SH_ERR_FATAL, LOGKEY, N_("msg=\"LOGKEY\" program=\"%s\" hash=\"%s\"\r\n-----BEGIN LOGKEY-----\r\n%s%s")}, + { MSG_START_KEY, SH_ERR_FATAL, LOGKEY, N_("msg=\"LOGKEY\" program=\"%s\" hash=\"%s\"")}, + { MSG_START_0H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\"")}, + { MSG_START_1H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" hash=\"%s\"")}, + { MSG_START_2H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" hash=\"%s\" path_data=\"%s\" hash_data=\"%s\"")}, + { MSG_START_GH, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" key_uid=\"%s\" key_id=\"%s\"")}, + { MSG_START_GH2, SH_ERR_FATAL, START, N_("msg=\"EXIT\" program=\"%s\" userid=\"%ld\" path=\"%s\" key_uid=\"%s\" key_id=\"%s\" path_data=\"%s\" key_uid_data=\"%s\" key_id_data=\"%s\"")}, + { MSG_SUSPEND, SH_ERR_STAMP, START, N_("msg=\"SUSPEND\" program=\"%s\"")}, + + + { MSG_MLOCK, SH_ERR_WARN, RUN, N_("msg=\"Using insecure memory\"")}, + { MSG_W_SIG, SH_ERR_WARN, RUN, N_("interface=\"sigaction\" msg=\"%s\" sig=\"%ld\"")}, + { MSG_W_CHDIR, SH_ERR_ERR, RUN, N_("interface=\"chdir\" msg=\"%s\" path=\"%s\"")}, + + { MSG_MOD_FAIL, SH_ERR_WARN, RUN, N_("msg=\"Module not initialized\" module=\"%s\" return_code=\"%ld\"")}, + { MSG_MOD_OK, SH_ERR_INFO, RUN, N_("msg=\"Module initialized\" module=\"%s\"")}, + { MSG_MOD_EXEC, SH_ERR_ERR, RUN, N_("msg=\"Module execution error\" module=\"%s\" return_code=\"%ld\"")}, + + { MSG_RECONF, SH_ERR_SEVERE, START, N_("msg=\"Runtime configuration reloaded\"")}, + + { MSG_CHECK_0, SH_ERR_WARN, RUN, N_("msg=\"No files or directories defined for checking\"")}, + { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=\"File check completed.\" time=\"%ld\" kBps=\"%f\"")}, + { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=\"---- TIMESTAMP ----\"")}, + + { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=\"Downloading configuration file\"")}, + { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=\"Downloading database file\"")}, + { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=\"No file from server, trying local file\"")}, + + +#ifndef HAVE_URANDOM + { MSG_ENSTART, SH_ERR_ALL, RUN, N_("msg=\"Found entropy source\" path=\"%s\"")}, + { MSG_ENEXEC, SH_ERR_ALL, RUN, N_("msg=\"Execute entropy source\" path=\"%s\" rd_file_id=\"%ld\"")}, + { MSG_ENFAIL, SH_ERR_ALL, RUN, N_("msg=\"Could not execute entropy source\" path=\"%s\"")}, + { MSG_ENTOUT, SH_ERR_ALL, RUN, N_("msg=\"Timeout in entropy collector\" time=\"%ld\"")}, + { MSG_ENCLOS, SH_ERR_ALL, RUN, N_("msg=\"End of data, closing entropy source\" rd_file_id=\"%ld\"")}, + { MSG_ENCLOS1, SH_ERR_ALL, RUN, N_("msg=\"Close entropy source\" rd_file_id=\"%ld\"")}, + { MSG_ENREAD, SH_ERR_ALL, RUN, N_("msg=\"Data from entropy source\" rd_file_id=\"%ld\" bytes=\"%ld\"")}, +#endif + +#ifdef SH_USE_SUIDCHK + { MSG_SUID_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [SuidCheck] %s\" path=\"%s\" %s") }, + { MSG_SUID_FOUND, SH_ERR_INFO, RUN, N_("msg=\"Found suid/sgid file\" path=\"%s\"") }, + { MSG_SUID_SUMMARY,SH_ERR_INFO, RUN, N_("msg=\"Checked for SUID programs: %ld files, %ld seconds\"") }, + { MSG_SUID_QREPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"Quarantine report: %s\" path=\"%s\"") }, + { MSG_SUID_ERROR, SH_ERR_SEVERE, EVENT, N_("msg=\"Quarantine error: %s\"") }, +#endif + +#ifdef SH_USE_KERN + /* FreeBSD */ + { MSG_KERN_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY KERNEL BSD syscall table: new: %#lx old: %#lx\" syscall=\"%03d %s\"") }, + { MSG_KERN_POL_CO, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY KERNEL BSD syscall code: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\"") }, + + /* Linux */ + { MSG_KERN_SYSCALL,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] SYSCALL modified syscall\" syscall=\"%03d %s\" %s") }, + { MSG_KERN_PROC, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] PROC modified proc filesystem: %s\"") }, + { MSG_KERN_IDT, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] IDT modified interrupt %03d: new: 0x%-8.8lx %-9s %3d %c old: 0x%-8.8lx %-9s %3d %c\" %s") }, + { MSG_KERN_GATE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] SYS_GATE modified system_call: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\" %s") }, + +#endif + +#ifdef SH_USE_UTMP + { MSG_UT_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking logins\"")}, + { MSG_UT_LG1X, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG1A, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG1B, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG2X, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG2A, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG2B, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3X, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3A, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3B, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=\"Logfile size decreased\" path=\"%s\"")}, + +#endif + +#ifdef SH_USE_MOUNTS + { MSG_MNT_CHECK, SH_ERR_NOTICE, RUN, N_("msg=\"Checking mounts\"")}, + { MSG_MNT_MEMLIST, SH_ERR_ERR, RUN, N_("msg=\"Cannot read mount list from memory\"")}, + { MSG_MNT_MNTMISS, SH_ERR_WARN, EVENT, N_("msg=\"Mount missing\" path=\"%s\"")}, + { MSG_MNT_OPTMISS, SH_ERR_WARN, EVENT, N_("msg=\"Mount option missing\" path=\"%s\" option=\"%s\"")}, +#endif + +#ifdef SH_USE_USERFILES + { MSG_USERFILES_SUMMARY,SH_ERR_INFO, RUN, N_("msg=\"Checked for users files\"") }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + { MSG_FI_TOOLATE, SH_ERR_ERR, FIL, N_("msg=\"Large lstat/open overhead: %ld sec\" path=\"%s\"")}, + +#if 0 + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=\"Checksum\" chk=\"%s\" path=\"%s\"")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=\"d: %3ld, -: %3ld, l: %3ld, |: %3ld, s: %3ld, c: %3ld, b: %3ld\"")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=\"Checking\" path=\"%s\"")}, +#endif + + { MSG_FI_NULL, SH_ERR_ERR, FIL, N_("msg=\"Path is NULL\"")}, + { MSG_FI_FAIL, SH_ERR_ERR, FIL, N_("msg=\"Check failed\" path=\"%s\"")}, + { MSG_FI_GLOB, SH_ERR_ERR, FIL, N_("interface=\"glob\" msg=\"%s\" path=\"%s\"")}, + { MSG_FI_COLL, SH_ERR_WARN, FIL, N_("msg=\"Writeable file with timestamps of parent directory fixed\" dir=\"%s\" path=\"%s\"")}, + { MSG_FI_DOUBLE, SH_ERR_WARN, FIL, N_("msg=\"File or directory appears twice in configuration\" path=\"%s\"")}, + { MSG_FI_2LONG, SH_ERR_ERR, FIL, N_("msg=\"Filename too long\" path=\"%s\"")}, + { MSG_FI_2LONG2, SH_ERR_ERR, FIL, N_("msg=\"Filename too long\" path=\"%s/%s\"")}, + { MSG_FI_NOPATH, SH_ERR_ERR, FIL, N_("msg=\"Filename not an absolute path\" path=\"%s\"")}, + { MSG_FI_DLNK, SH_ERR_INFO, FIL, N_("msg=\"Dangling link\" path=\"%s\" linked_path=\"%s\"")}, + { MSG_FI_RDLNK, SH_ERR_ERR, FIL, N_("interface=\"readlink\" msg=\"%s\" path=\"%s\"")}, + { MSG_FI_NOGRP, SH_ERR_ERR, FIL, N_("interface=\"getgrgid\" msg=\"No such group\" group=\"%ld\" path=\"%s\"")}, + { MSG_FI_NOUSR, SH_ERR_ERR, FIL, N_("interface=\"getpwuid\" msg=\"No such user\" userid=\"%ld\" path=\"%s\"")}, + { MSG_FI_LSTAT, SH_ERR_ERR, FIL, N_("interface=\"lstat\" msg=\"%s\" path=\"%s\"")}, + { MSG_FI_OBSC, SH_ERR_ERR, FIL, N_("msg=\"Weird filename\" path=\"%s\"")}, + { MSG_FI_OBSC2, SH_ERR_ERR, FIL, N_("msg=\"Weird filename\" path=\"%s/%s\"")}, + { MSG_FI_LIST, SH_ERR_ALL, FIL, N_("msg=\"%10s %2d %8s %8s %14ld %21s %s\"")}, + { MSG_FI_LLNK, SH_ERR_ALL, FIL, N_("msg=\" >>> %10s %s\"")}, + { MSG_FI_MISS, SH_ERR_ERR, EVENT, N_("msg=\"POLICY MISSING\" path=\"%s\"")}, + { MSG_FI_MISS2, SH_ERR_ERR, EVENT, N_("msg=\"POLICY MISSING\" path=\"%s\" %s")}, + { MSG_FI_ADD, SH_ERR_ERR, EVENT, N_("msg=\"POLICY ADDED\" path=\"%s\"")}, + { MSG_FI_ADD2, SH_ERR_ERR, EVENT, N_("msg=\"POLICY ADDED\" path=\"%s\" %s")}, + { MSG_FI_CHAN, SH_ERR_ERR, EVENT, N_("msg=\"POLICY %s %s\" path=\"%s\" %s")}, + { MSG_FI_NODIR, SH_ERR_ERR, EVENT, N_("msg=\"POLICY NODIRECTORY\" path=\"%s\"")}, + { MSG_FI_DBEX, SH_ERR_WARN, FIL, N_("msg=\"Signature database exists\" path=\"%s\"")}, +#endif + + { MSG_TCP_NETRP, SH_ERR_ERR, TCP, N_("msg=\"Connection error: %s\" port=\"%ld\" subroutine=\"%s\"")}, + +#ifndef SH_STANDALONE + +#ifdef INET_SYSLOG + { MSG_INET_SYSLOG, SH_ERR_INET, TCP, N_("ip=\"%s\" facility=\"%s\" priority=\"%s\" syslog_msg=\"%s\"")}, + { MSG_ERR_SYSLOG, SH_ERR_ERR, TCP, N_("msg=\"syslog socket: %s\" ip=\"%s\"")}, +#endif + { MSG_TCP_MISMATCH,SH_ERR_ERR, TCP, N_("msg=\"Protocol mismatch\"")}, + { MSG_TCP_MISENC, SH_ERR_ERR, TCP, N_("msg=\"Encryption mismatch in %s: server: %s client: %s\"")}, + { MSG_TCP_NONAME, SH_ERR_ERR, TCP, N_("msg=\"No server name available\"")}, + { MSG_TCP_UNEXP, SH_ERR_ERR, TCP, N_("msg=\"Unexpected reply\"")}, + { MSG_TCP_EFIL, SH_ERR_ERR, TCP, N_("msg=\"Could not open temporary file\"")}, + { MSG_TCP_NOCONF, SH_ERR_ERR, TCP, N_("msg=\"Message delivery not confirmed\"")}, + { MSG_TCP_NOAUTH, SH_ERR_ERR, TCP, N_("msg=\"Session key negotiation failed\"")}, + { MSG_TCP_CONF, SH_ERR_ALL, TCP, N_("msg=\"Message delivery confirmed\"")}, + { MSG_TCP_AUTH, SH_ERR_INFO, TCP, N_("msg=\"Session key negotiated\"")}, + { MSG_TCP_FOK, SH_ERR_INFO, TCP, N_("msg=\"File download completed\"")}, + { MSG_TCP_FBAD, SH_ERR_ERR, TCP, N_("msg=\"File download failed\"")}, + { MSG_TCP_ECONN, SH_ERR_ERR, TCP, N_("msg=\"Connection error: %s\"")}, + { MSG_TCP_EZERO, SH_ERR_ERR, TCP, N_("msg=\"Illegal zero reply\"")}, + { MSG_TCP_EBGN, SH_ERR_ERR, TCP, N_("msg=\"Error in big integer library\"")}, + + { MSG_TCP_CREG, SH_ERR_ALL, TCP, N_("msg=\"Registered %s, salt %s, verifier %s\"")}, + { MSG_TCP_FAUTH, SH_ERR_INFO, TCP, N_("msg=\"Force authentication\" host=\"%s\"")}, + + { MSG_TCP_RESCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve client name\" host=\"%s\"")}, + { MSG_TCP_RESPEER, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve socket peer IP for client\" host=\"%s\" peer=\"%s\"")}, + { MSG_TCP_LOOKERS, SH_ERR_SEVERE, TCP, N_("msg=\"Reverse lookup of socket peer failed\" host=\"%s\" peer=\"%s\" obj=\"%s\"")}, + { MSG_TCP_LOOKUP, SH_ERR_SEVERE, TCP, N_("msg=\"No socket peer alias matches client name\" host=\"%s\" peer=\"%s\"")}, + + { MSG_TCP_TIMOUT, SH_ERR_SEVERE, TCP, N_("msg=\"Connection timeout\" host=\"%s\"")}, + { MSG_TCP_TIMEXC, SH_ERR_SEVERE, TCP, N_("msg=\"Time limit exceeded\" host=\"%s\"")}, + { MSG_TCP_NOCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Hostname is NULL\"")}, + { MSG_TCP_BADCONN, SH_ERR_SEVERE, TCP, N_("msg=\"Invalid connection attempt: %s\" host=\"%s\"")}, + { MSG_TCP_FFILE , SH_ERR_SEVERE, TCP, N_("msg=\"Unknown file request\" host=\"%s\" path=\"%s\"")}, + { MSG_TCP_NFILE , SH_ERR_SEVERE, TCP, N_("msg=\"Requested file not found\" host=\"%s\" path=\"%s\"")}, + { MSG_TCP_FINV , SH_ERR_SEVERE, TCP, N_("msg=\"Invalid request (%d) in pass %d\" host=\"%s\" request=\"%c%03o%c%03o%c%03o%c%03o\"")}, + { MSG_TCP_OKFILE, SH_ERR_INFO, TCP, N_("msg=\"File transfer completed\" host=\"%s\"")}, + { MSG_TCP_OKMSG, SH_ERR_ALL, TCP, N_("msg=\"Message transfer completed\" host=\"%s\"")}, + { MSG_TCP_MSG, SH_ERR_INET, TCP, N_("remote_host=\"%s\" > %s ")}, + { MSG_TCP_NEW, SH_ERR_NOTICE, TCP, N_("msg=\"NEW CLIENT\" host=\"%s\"")}, + { MSG_TCP_ILL, SH_ERR_SEVERE, TCP, N_("msg=\"Restart without prior exit\" host=\"%s\"")}, + { MSG_TCP_SYNC, SH_ERR_SEVERE, TCP, N_("msg=\"Out of sync\" host=\"%s\"")}, + { MSG_TCP_RESET, SH_ERR_SEVERE, TCP, N_("msg=\"Connection reset by peer\" host=\"%s\"")}, + { MSG_TCP_CNEW, SH_ERR_INFO, TCP, N_("msg=\"New connection\" socket_id=\"%d\"")}, + { MSG_E_HTML, SH_ERR_ERR, ERR, N_("msg=\"Error writing HTML status\"")}, +#endif + + + { MSG_E_AUTH, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - File modified\" path=\"%s\"")}, + { MSG_ACCESS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - Access violation\" userid=\"%ld\" path=\"%s\"")}, + { MSG_TRUST, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - Untrusted path\" userid=\"%ld\" path=\"%s\"")}, + { MSG_NOACCESS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - File not accessible\" userid=\"%ld\" path=\"%s\"")}, + { MSG_P_NODATA, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - No data in file\" path=\"%s\"")}, + + +#ifndef MEM_DEBUG + { MSG_E_MNULL, SH_ERR_ERR, ERR, N_("msg=\"Dereferenced NULL pointer\"")}, + { MSG_E_MMEM, SH_ERR_ERR, ERR, N_("msg=\"Out of memory\"")}, +#else + { MSG_MSTAMP, SH_ERR_STAMP, STAMP, N_("msg=\"Memory used: max.=%lu, current=%lu\"")}, + { MSG_MSTAMP2, SH_ERR_STAMP, STAMP, N_("msg=\"Blocks: %d allocated, %d freed, %d maximum\"")}, + { MSG_E_MNULL, SH_ERR_ERR, ERR, N_("msg=\"Dereferenced NULL pointer\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MMEM, SH_ERR_ERR, ERR, N_("msg=\"Out of memory\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MREC, SH_ERR_ERR, ERR, N_("msg=\"Free() on unrecorded block\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MOVER, SH_ERR_ERR, ERR, N_("msg=\"Memory overrun on block allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MUNDER, SH_ERR_ERR, ERR, N_("msg=\"Memory underrun on block allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_NOTFREE, SH_ERR_ERR, ERR, N_("msg=\"Block not deallocated\" size=\"%14ld\" source_file=\"%19s\" source_line=\"%d\"")}, +#endif + + { MSG_E_TRUST, SH_ERR_ERR, ERR, N_("msg=\"Untrusted path\" userid=\"%ld\" path=\"%s\"")}, + { MSG_E_HASH, SH_ERR_ERR, ERR, N_("msg=\"Incorrect checksum\" path=\"%s\"")}, + { MSG_E_ACCESS, SH_ERR_ERR, ERR, N_("msg=\"File not accessible\" userid=\"%ld\" path=\"%s\"")}, + { MSG_E_READ, SH_ERR_ERR, ERR, N_("msg=\"Not accessible or not a regular file\" path=\"%s\"")}, + { MSG_E_TIMEOUT, SH_ERR_ERR, ERR, N_("msg=\"Timeout (%d sec) while checksumming file\" path=\"%s\"")}, + { MSG_NODEV, SH_ERR_ERR, ERR, N_("msg=\"Device not available\" userid=\"%ld\" path=\"%s\"")}, + { MSG_LOCKED, SH_ERR_ERR, ERR, N_("msg=\"File lock error\" userid=\"%ld\" path=\"%s\" obj=\"%s\"")}, + { MSG_PIDFILE, SH_ERR_ERR, ERR, N_("msg=\"Could not write PID file\" userid=\"%ld\" path=\"%s\"")}, + { MSG_NOEXEC, SH_ERR_ERR, ERR, N_("msg=\"Could not execute file\" userid=\"%ld\" path=\"%s\"")}, + + { MSG_ES_ENT, SH_ERR_ERR, ERR, N_("msg=\"No entropy collected\" subroutine=\"%s\"")}, + { MSG_ES_KEY1, SH_ERR_ERR, ERR, N_("msg=\"Insecure key generation\" subroutine=\"%s\"")}, + { MSG_ES_KEY2, SH_ERR_ERR, ERR, N_("msg=\"Error copying key\" subroutine=\"%s\"")}, + { MSG_E_GPG, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in gpg checksum does not match: need %s got %s\"")}, + { MSG_E_GPG_FP, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in fingerprint modified: one %s two %s\"")}, + { MSG_E_GPG_CHK, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in checksum modified: one %s two %s\"")}, + { MSG_E_SUBGEN, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"%s\"")}, + { MSG_E_SUBGPATH, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"%s\" path=\"%s\"")}, + { MSG_E_UNLNK, SH_ERR_ERR, FIL, N_("interface=\"unlink\" msg=\"%s\" path=\"%s\"")}, + { MSG_E_REGEX, SH_ERR_ERR, ERR, N_("interface=\"regcomp\" msg=\"%s\" obj=\"%s\"")}, + { MSG_E_OPENDIR, SH_ERR_ERR, FIL, N_("interface=\"opendir\" msg=\"%s\" path=\"%s\"")}, + { MSG_E_TRUST1, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"trustfile\" path=\"%s\"")}, + { MSG_E_TRUST2, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"trustfile\" path=\"%s\" obj=\"%s\"")}, + { MSG_E_PWNULL, SH_ERR_ERR, ERR, N_("msg=\"Empty password file entry: %s\" subroutine=\"%s\" userid=\"%ld\" obj=\"%s\"")}, + { MSG_E_PWLONG, SH_ERR_ERR, ERR, N_("msg=\"Password file entry too long\" subroutine=\"%s\" userid=\"%ld\" obj=\"%s\"")}, + { MSG_E_GRNULL, SH_ERR_ERR, ERR, N_("msg=\"Empty groups file entry: %s\" subroutine=\"%s\" group=\"%ld\" obj=\"%s\"")}, + + { MSG_E_NET, SH_ERR_ERR, ENET, N_("msg=\"%s\" subroutine=\"%s\" service=\"%s\" host=\"%s\"")}, + { MSG_E_NETST, SH_ERR_ERR, ENET, N_("msg=\"Invalid connection state\" expect=\"%4s\" received=\"%4s\"")}, + { MSG_E_NETST1, SH_ERR_ERR, ENET, N_("msg=\"Invalid connection state\" expect=\"%4s\" received=\"%4s\" host=\"%s\"")}, + { MSG_E_NLOST, SH_ERR_ERR, ENET, N_("msg=\"Connection failure\" service=\"%s\" host=\"%s\"")}, + { MSG_E_NEST, SH_ERR_ERR, ENET, N_("msg=\"Connection reestablished\" service=\"%s\" host=\"%s\"")}, + + { MSG_EINVALHEAD, SH_ERR_WARN, EINPUT,N_("msg=\"Unrecognized section heading in line %ld of configuration file\"")}, + { MSG_EINVALCONF, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid line %ld in configuration file: incorrect format, unrecognized option, or missing section header\"")}, + { MSG_EINVALS, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid input\" option=\"%s\" obj=\"%s\"")}, + { MSG_EINVALL, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid input\" option=\"%s\" obj=\"%ld\"")}, + { MSG_EINVALD, SH_ERR_WARN, EINPUT,N_("msg=\"Configuration file: unmatched @end\" option=\"%s\" obj=\"%ld\"")}, + { MSG_EINVALDD, SH_ERR_WARN, EINPUT,N_("msg=\"Configuration file: missing @end\" option=\"%s\" obj=\"%ld\"")}, + + { MSG_SRV_FAIL, SH_ERR_ERR, ERR, N_("msg=\"Service failure\" service=\"%s\" obj=\"%s\"")}, + { MSG_QUEUE_FULL, SH_ERR_ERR, ERR, N_("msg=\"Queue full, messages may get lost\" service=\"%s\"")}, + + { MSG_AUD_OPEN, SH_ERR_NOTICE, AUD, N_("interface=\"open\" path=\"%s\" oflag=\"%ld\" mode=\"%ld\" return_id=\"%ld\"")}, + { MSG_AUD_DUP, SH_ERR_NOTICE, AUD, N_("interface=\"dup\" file_id=\"%ld\" return_id=\"%ld\"")}, + { MSG_AUD_PIPE, SH_ERR_NOTICE, AUD, N_("interface=\"pipe\" rd_file_id=\"%ld\" wr_file_id=\"%ld\"")}, + { MSG_AUD_FORK, SH_ERR_NOTICE, AUD, N_("interface=\"fork\" return_id=\"%ld\"")}, + { MSG_AUD_EXIT, SH_ERR_NOTICE, AUD, N_("interface=\"exit\" exit_code=\"%ld\"")}, + { MSG_AUD_SETUID, SH_ERR_NOTICE, AUD, N_("interface=\"setuid\" uid=\"%ld\"")}, + { MSG_AUD_SETGID, SH_ERR_NOTICE, AUD, N_("interface=\"setgid\" gid=\"%ld\"")}, + { MSG_AUD_UTIME, SH_ERR_NOTICE, AUD, N_("interface=\"utime\" path=\"%s\" atime=\"%ld\" mtime=\"%ld\"")}, + { MSG_AUD_EXEC, SH_ERR_NOTICE, AUD, N_("interface=\"exec\" path=\"%s\" uid=\"%ld\" gid=\"%ld\"")}, + { MSG_AUD_CHDIR, SH_ERR_NOTICE, AUD, N_("interface=\"chdir\" path=\"%s\"")}, + { MSG_AUD_UNLINK, SH_ERR_NOTICE, AUD, N_("interface=\"unlink\" path=\"%s\"")}, + { MSG_AUD_KILL, SH_ERR_NOTICE, AUD, N_("interface=\"kill\" pid=\"%ld\" sig=\"%ld\"")}, + + { MSG_ERR_OPEN, SH_ERR_ALL, ERR, N_("interface=\"open\" msg=\"%s\" path=\"%s\" oflag=\"%ld\" mode=\"%ld\" return_id=\"%ld\"")}, + { MSG_ERR_DUP, SH_ERR_ALL, ERR, N_("interface=\"dup\" msg=\"%s\" file_id=\"%ld\" return_id=\"%ld\"")}, + { MSG_ERR_PIPE, SH_ERR_ALL, ERR, N_("interface=\"pipe\" msg=\"%s\" rd_file_id=\"%ld\" wr_file_id=\"%ld\"")}, + { MSG_ERR_FORK, SH_ERR_ALL, ERR, N_("interface=\"fork\" msg=\"%s\" return_id=\"%ld\"")}, + { MSG_ERR_SETUID, SH_ERR_ALL, ERR, N_("interface=\"setuid\" msg=\"%s\" uid=\"%ld\"")}, + { MSG_ERR_SETGID, SH_ERR_ALL, ERR, N_("interface=\"setgid\" msg=\"%s\" gid=\"%ld\"")}, + { MSG_ERR_UTIME, SH_ERR_ALL, ERR, N_("interface=\"utime\" msg=\"%s\" path=\"%s\" atime=\"%ld\" mtime=\"%ld\"")}, + { MSG_ERR_EXEC, SH_ERR_ALL, ERR, N_("interface=\"exec\" msg=\"%s\" path=\"%s\" uid=\"%ld\" gid=\"%ld\"")}, + { MSG_ERR_CHDIR, SH_ERR_ALL, ERR, N_("interface=\"chdir\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_UNLINK, SH_ERR_ALL, ERR, N_("interface=\"unlink\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_KILL, SH_ERR_ALL, ERR, N_("interface=\"kill\" msg=\"%s\" pid=\"%ld\" sig=\"%ld\"")}, + + { MSG_ERR_SIGACT, SH_ERR_ALL, ERR, N_("interface=\"sigaction\" msg=\"%s\" sig=\"%ld\"")}, + { MSG_ERR_CONNECT, SH_ERR_ALL, ERR, N_("interface=\"connect\" msg=\"%s\" socket_id=\"%ld\" port=\"%ld\" host=\"%s\"")}, + { MSG_ERR_ACCEPT, SH_ERR_ALL, ERR, N_("interface=\"accept\" msg=\"%s\" socket_id=\"%ld\"")}, + { MSG_ERR_LSTAT, SH_ERR_ALL, ERR, N_("interface=\"lstat\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_STAT, SH_ERR_ALL, ERR, N_("interface=\"stat\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_FSTAT, SH_ERR_ALL, ERR, N_("interface=\"fstat\" msg=\"%s\" file_id=\"%ld\"")}, + { MSG_ERR_FCNTL, SH_ERR_ALL, ERR, N_("interface=\"fcntl\" msg=\"%s\" file_id=\"%ld\" cmd=\"%ld\" arg=\"%ld\"")}, + + { 0, 0, 0, NULL} +}; + + + +/******************************************************************** + * + * + * NO XML + * + * + ********************************************************************/ + + + + + +/* #ifdef (SH_USE_XML) */ +#else + +cat_entry msg_cat[] = { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=, chk=<%s>, path=<%s>")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=, path=<%s>")}, +#endif + + { MSG_EXIT_ABORTS, SH_ERR_FATAL, PANIC, N_("msg=, program=<%s>, subroutine=<%s>")}, + { MSG_START_SRV, SH_ERR_STAMP, START, N_("msg=, socket_id=<%d>")}, + + { MSG_EXIT_ABORT1, SH_ERR_FATAL, PANIC, N_("msg=, program=<%s>")}, + { MSG_EXIT_NORMAL, SH_ERR_FATAL, START, N_("msg=, program=<%s>, status=<%s>")}, + { MSG_START_KEY_MAIL, SH_ERR_FATAL, LOGKEY, N_("msg=, program=<%s>, hash=<%s>\r\n-----BEGIN LOGKEY-----\r\n%s%s")}, + { MSG_START_KEY, SH_ERR_FATAL, LOGKEY, N_("msg=, program=<%s>, hash=<%s>")}, + { MSG_START_0H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>")}, + { MSG_START_1H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, hash=<%s>")}, + { MSG_START_2H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, hash=<%s>, path=<%s>, hash=<%s>")}, + { MSG_START_GH, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, key_uid=<%s>, key_id=<%s>")}, + { MSG_START_GH2, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, key_uid=<%s>, key_id=<%s>, path=<%s>, key_uid=<%s>, key_id=<%s>")}, + { MSG_SUSPEND, SH_ERR_STAMP, START, N_("msg= program=<%s>")}, + + + { MSG_MLOCK, SH_ERR_WARN, RUN, N_("msg=")}, + { MSG_W_SIG, SH_ERR_WARN, RUN, N_("msg=<%s>, interface=, signal=<%ld>")}, + { MSG_W_CHDIR, SH_ERR_ERR, RUN, N_("msg=<%s>, interface=, path=<%s>")}, + + { MSG_MOD_FAIL, SH_ERR_WARN, RUN, N_("msg=, module=<%s>, return_code=<%ld>")}, + { MSG_MOD_OK, SH_ERR_INFO, RUN, N_("msg=, module=<%s>")}, + { MSG_MOD_EXEC, SH_ERR_ERR, RUN, N_("msg=, module=<%s>, return_code=<%ld>")}, + + { MSG_RECONF, SH_ERR_SEVERE, START, N_("msg=")}, + { MSG_CHECK_0, SH_ERR_WARN, RUN, N_("msg=")}, + { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=, time=<%ld>, kBps=<%f>")}, + { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=<---- TIMESTAMP ---->")}, + + { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=")}, + { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=")}, + { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=")}, + + +#ifndef HAVE_URANDOM + { MSG_ENSTART, SH_ERR_ALL, RUN, N_("msg=, path=<%s>")}, + { MSG_ENEXEC, SH_ERR_ALL, RUN, N_("msg=, path=<%s>, rd_file_id=<%ld>")}, + { MSG_ENFAIL, SH_ERR_ALL, RUN, N_("msg=, path=<%s>")}, + { MSG_ENTOUT, SH_ERR_ALL, RUN, N_("msg=, time=<%ld>")}, + { MSG_ENCLOS, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>")}, + { MSG_ENCLOS1, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>")}, + { MSG_ENREAD, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>, bytes=<%ld>")}, +#endif + +#ifdef SH_USE_SUIDCHK + { MSG_SUID_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=, path=<%s>, %s") }, + { MSG_SUID_FOUND, SH_ERR_INFO, RUN, N_("msg= path=<%s>") }, + { MSG_SUID_SUMMARY,SH_ERR_INFO, RUN, N_("msg=") }, + { MSG_SUID_QREPORT,SH_ERR_SEVERE, EVENT, N_("msg=, path=<%s>") }, + { MSG_SUID_ERROR, SH_ERR_SEVERE, EVENT, N_("msg=") }, +#endif + +#ifdef SH_USE_KERN + { MSG_KERN_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=, syscall=<%03d %s>") }, + { MSG_KERN_POL_CO, SH_ERR_SEVERE, EVENT, N_("msg=, syscall=<%03d %s>") }, + + { MSG_KERN_SYSCALL,SH_ERR_SEVERE, EVENT, N_("msg= syscall=<%03d %s>, %s") }, + { MSG_KERN_PROC, SH_ERR_SEVERE, EVENT, N_("msg=") }, + { MSG_KERN_IDT, SH_ERR_SEVERE, EVENT, N_("msg=, %s") }, + { MSG_KERN_GATE, SH_ERR_SEVERE, EVENT, N_("msg= syscall=<%03d %s>, %s") }, + +#endif + +#ifdef SH_USE_UTMP + { MSG_UT_CHECK, SH_ERR_INFO, RUN, N_("msg=")}, + + { MSG_UT_LG1X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG1A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG1B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, + + { MSG_UT_LG2X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG2A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG2B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, + + { MSG_UT_LG3X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG3A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG3B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=, tty=<%s>, time=<%s>")}, + { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=, path=<%s>")}, + +#endif + +#ifdef SH_USE_MOUNTS + { MSG_MNT_CHECK, SH_ERR_INFO, RUN, N_("msg=")}, + { MSG_MNT_MEMLIST, SH_ERR_ERR, RUN, N_("msg=")}, + { MSG_MNT_MNTMISS, SH_ERR_WARN, EVENT, N_("msg=, path=<%s>")}, + { MSG_MNT_OPTMISS, SH_ERR_WARN, EVENT, N_("msg=, path=<%s>, option=<%s>")}, +#endif + +#ifdef SH_USE_USERFILES + { MSG_USERFILES_SUMMARY,SH_ERR_INFO, RUN, N_("msg=") }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + { MSG_FI_TOOLATE, SH_ERR_ERR, FIL, N_("msg=, path=<%s>")}, + +#if 0 + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=, chk=<%s>, path=<%s>")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=, path=<%s>")}, +#endif + + { MSG_FI_NULL, SH_ERR_ERR, FIL, N_("msg=")}, + { MSG_FI_FAIL, SH_ERR_ERR, FIL, N_("msg=, path=<%s>")}, + { MSG_FI_GLOB, SH_ERR_ERR, FIL, N_("msg=<%s>, interface=, path=<%s>")}, + { MSG_FI_COLL, SH_ERR_WARN, FIL, N_("msg=, dir=<%s>, path=<%s>")}, + { MSG_FI_DOUBLE, SH_ERR_WARN, FIL, N_("msg=, path=<%s>")}, + { MSG_FI_2LONG, SH_ERR_ERR, FIL, N_("msg=, path=<%s>")}, + { MSG_FI_2LONG2, SH_ERR_ERR, FIL, N_("msg=, path=<%s/%s>")}, + { MSG_FI_NOPATH, SH_ERR_ERR, FIL, N_("msg=, path=<%s>")}, + { MSG_FI_DLNK, SH_ERR_INFO, FIL, N_("msg=, path=<%s>, linked_path=<%s>")}, + { MSG_FI_RDLNK, SH_ERR_ERR, FIL, N_("msg=<%s>, interface=, path=<%s>")}, + { MSG_FI_NOGRP, SH_ERR_ERR, FIL, N_("msg=, interface=, group=<%ld>, path=<%s>")}, + { MSG_FI_NOUSR, SH_ERR_ERR, FIL, N_("msg=, interface=, userid=<%ld>, path=<%s>")}, + { MSG_FI_LSTAT, SH_ERR_ERR, FIL, N_("msg=<%s>, interface=, path=<%s>")}, + { MSG_FI_OBSC, SH_ERR_ERR, FIL, N_("msg=, path=<%s>")}, + { MSG_FI_OBSC2, SH_ERR_ERR, FIL, N_("msg=, path=<%s/%s>")}, + { MSG_FI_LIST, SH_ERR_ALL, FIL, N_("msg=<%10s %2d %8s %8s %14ld %21s %s>")}, + { MSG_FI_LLNK, SH_ERR_ALL, FIL, N_("msg=< >>> %10s %s>")}, + { MSG_FI_MISS, SH_ERR_ERR, EVENT, N_("msg=, path=<%s>")}, + { MSG_FI_MISS2, SH_ERR_ERR, EVENT, N_("msg=, path=<%s>, %s")}, + { MSG_FI_ADD, SH_ERR_ERR, EVENT, N_("msg=, path=<%s>")}, + { MSG_FI_ADD2, SH_ERR_ERR, EVENT, N_("msg=, path=<%s>, %s")}, + { MSG_FI_CHAN, SH_ERR_ERR, EVENT, N_("msg=, path=<%s>, %s")}, + { MSG_FI_NODIR, SH_ERR_ERR, EVENT, N_("msg=, path=<%s>")}, + { MSG_FI_DBEX, SH_ERR_WARN, FIL, N_("msg=, path=<%s>")}, +#endif + + { MSG_TCP_NETRP, SH_ERR_ERR, TCP, N_("msg=, port=<%ld>, subroutine=<%s>")}, + +#ifndef SH_STANDALONE +#ifdef INET_SYSLOG + { MSG_INET_SYSLOG, SH_ERR_INET, TCP, N_("ip=<%s> facility=<%s> priority=<%s> syslog_msg=<%s>")}, + { MSG_ERR_SYSLOG, SH_ERR_ERR, TCP, N_("msg=, ip=<%s>")}, +#endif + { MSG_TCP_MISMATCH,SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_MISENC, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_NONAME, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_UNEXP, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_EFIL, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_NOCONF, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_NOAUTH, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_CONF, SH_ERR_ALL, TCP, N_("msg=")}, + { MSG_TCP_AUTH, SH_ERR_INFO, TCP, N_("msg=")}, + { MSG_TCP_FOK, SH_ERR_INFO, TCP, N_("msg=")}, + { MSG_TCP_FBAD, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_ECONN, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_EZERO, SH_ERR_ERR, TCP, N_("msg=")}, + { MSG_TCP_EBGN, SH_ERR_ERR, TCP, N_("msg=")}, + + { MSG_TCP_CREG, SH_ERR_ALL, TCP, N_("msg=")}, + { MSG_TCP_FAUTH, SH_ERR_INFO, TCP, N_("msg=, client=<%s>")}, + + { MSG_TCP_RESCLT, SH_ERR_SEVERE, TCP, N_("msg= host=<%s>")}, + { MSG_TCP_RESPEER, SH_ERR_SEVERE, TCP, N_("msg= host=<%s> peer=<%s>")}, + { MSG_TCP_LOOKERS, SH_ERR_SEVERE, TCP, N_("msg= host=<%s> peer=<%s> obj=<%s>")}, + { MSG_TCP_LOOKUP, SH_ERR_SEVERE, TCP, N_("msg= host=<%s> peer=<%s>")}, + + { MSG_TCP_TIMOUT, SH_ERR_SEVERE, TCP, N_("msg=, client=<%s>")}, + { MSG_TCP_TIMEXC, SH_ERR_SEVERE, TCP, N_("msg=
+ + Index: branches/samhain-2_2-branch/scripts/makeself/makeself-header.sh =================================================================== --- branches/samhain-2_2-branch/scripts/makeself/makeself-header.sh (revision 66) +++ branches/samhain-2_2-branch/scripts/makeself/makeself-header.sh (revision 66) @@ -0,0 +1,365 @@ +cat << EOF > "$archname" +#!/bin/sh +# This script was generated using Makeself $MS_VERSION +CRCsum="$CRCsum" +MD5="$MD5sum" +TMPROOT=\${TMPDIR:=/tmp} + +label="$LABEL" +script="$SCRIPT" +scriptargs="$SCRIPTARGS" +targetdir="$archdirname" +filesizes="$filesizes" +keep=$KEEP + +print_cmd_arg="" +if type printf > /dev/null; then + print_cmd="printf" +elif test -x /usr/ucb/echo; then + print_cmd="/usr/ucb/echo" +else + print_cmd="echo" +fi + +MS_Printf() +{ + \$print_cmd \$print_cmd_arg "\$1" +} + +MS_Progress() +{ + while read a; do + MS_Printf . + done +} + +MS_dd() +{ + blocks=\`expr \$3 / 1024\` + bytes=\`expr \$3 % 1024\` + dd if="\$1" ibs=\$2 skip=1 obs=1024 conv=sync 2> /dev/null | \\ + { test \$blocks -gt 0 && dd ibs=1024 obs=1024 count=\$blocks ; \\ + test \$bytes -gt 0 && dd ibs=1 obs=1024 count=\$bytes ; } 2> /dev/null +} + +MS_Help() +{ + cat << EOH >&2 +Makeself version $MS_VERSION + 1) Getting help or info about \$0 : + \$0 --help Print this message + \$0 --info Print embedded info : title, default target directory, embedded script ... + \$0 --lsm Print embedded lsm entry (or no LSM) + \$0 --list Print the list of files in the archive + \$0 --check Checks integrity of the archive + + 2) Running \$0 : + \$0 [options] [--] [additional arguments to embedded script] + with following options (in that order) + --confirm Ask before running embedded script + --noexec Do not run embedded script + --keep Do not erase target directory after running + the embedded script + --nox11 Do not spawn an xterm + --nochown Do not give the extracted files to the current user + --target NewDirectory Extract in NewDirectory + --tar arg1 [arg2 ...] Access the contents of the archive through the tar command + -- Following arguments will be passed to the embedded script +EOH +} + +MS_Check() +{ + OLD_PATH=\$PATH + PATH=\${GUESS_MD5_PATH:-"\$OLD_PATH:/bin:/usr/bin:/sbin:/usr/local/ssl/bin:/usr/local/bin:/opt/openssl/bin"} + MD5_PATH=\`exec 2>&-; which md5sum || type md5sum\` + MD5_PATH=\${MD5_PATH:-\`exec 2>&-; which md5 || type md5\`} + PATH=\$OLD_PATH + MS_Printf "Verifying archive integrity..." + offset=\`head -n $SKIP "\$1" | wc -c | tr -d " "\` + verb=\$2 + i=1 + for s in \$filesizes + do + crc=\`echo \$CRCsum | cut -d" " -f\$i\` + if test -x "\$MD5_PATH"; then + md5=\`echo \$MD5 | cut -d" " -f\$i\` + if test \$md5 = "00000000000000000000000000000000"; then + test x\$verb = xy && echo " \$1 does not contain an embedded MD5 checksum." >&2 + else + md5sum=\`MS_dd "\$1" \$offset \$s | "\$MD5_PATH" | cut -b-32\`; + if test "\$md5sum" != "\$md5"; then + echo "Error in MD5 checksums: \$md5sum is different from \$md5" >&2 + exit 2 + else + test x\$verb = xy && MS_Printf " MD5 checksums are OK." >&2 + fi + crc="0000000000"; verb=n + fi + fi + if test \$crc = "0000000000"; then + test x\$verb = xy && echo " \$1 does not contain a CRC checksum." >&2 + else + sum1=\`MS_dd "\$1" \$offset \$s | cksum | awk '{print \$1}'\` + if test "\$sum1" = "\$crc"; then + test x\$verb = xy && MS_Printf " CRC checksums are OK." >&2 + else + echo "Error in checksums: \$sum1 is different from \$crc" + exit 2; + fi + fi + i=\`expr \$i + 1\` + offset=\`expr \$offset + \$s\` + done + echo " All good." +} + +UnTAR() +{ + tar \$1vf - 2>&1 || { echo Extraction failed. > /dev/tty; kill -15 \$$; } +} + +finish=true +xterm_loop= +nox11=$NOX11 +copy=$COPY +ownership=y +verbose=n + +initargs="\$@" + +while true +do + case "\$1" in + -h | --help) + MS_Help + exit 0 + ;; + --info) + echo Identification: "\$label" + echo Target directory: "\$targetdir" + echo Uncompressed size: $USIZE KB + echo Compression: $COMPRESS + echo Date of packaging: $DATE + echo Built with Makeself version $MS_VERSION on $OSTYPE + echo Build command was: "$MS_COMMAND" + if test x\$script != x; then + echo Script run after extraction: + echo " " \$script \$scriptargs + fi + if test x"$copy" = xcopy; then + echo "Archive will copy itself to a temporary location" + fi + if test x"$KEEP" = xy; then + echo "directory \$targetdir is permanent" + else + echo "\$targetdir will be removed after extraction" + fi + exit 0 + ;; + --dumpconf) + echo LABEL=\"\$label\" + echo SCRIPT=\"\$script\" + echo SCRIPTARGS=\"\$scriptargs\" + echo archdirname=\"$archdirname\" + echo KEEP=$KEEP + echo COMPRESS=$COMPRESS + echo filesizes=\"\$filesizes\" + echo CRCsum=\"\$CRCsum\" + echo MD5sum=\"\$MD5\" + echo OLDUSIZE=$USIZE + echo OLDSKIP=`expr $SKIP + 1` + exit 0 + ;; + --lsm) +cat << EOLSM +EOF +eval "$LSM_CMD" +cat << EOF >> "$archname" +EOLSM + exit 0 + ;; + --list) + echo Target directory: \$targetdir + offset=\`head -n $SKIP "\$0" | wc -c | tr -d " "\` + for s in \$filesizes + do + MS_dd "\$0" \$offset \$s | eval "$GUNZIP_CMD" | UnTAR t + offset=\`expr \$offset + \$s\` + done + exit 0 + ;; + --tar) + offset=\`head -n $SKIP "\$0" | wc -c | tr -d " "\` + arg1="\$2" + shift 2 + for s in \$filesizes + do + MS_dd "\$0" \$offset \$s | eval "$GUNZIP_CMD" | tar "\$arg1" - \$* + offset=\`expr \$offset + \$s\` + done + exit 0 + ;; + --check) + MS_Check "\$0" y + exit 0 + ;; + --confirm) + verbose=y + shift + ;; + --noexec) + script="" + shift + ;; + --keep) + keep=y + shift + ;; + --target) + keep=y + targetdir=\${2:-.} + shift 2 + ;; + --nox11) + nox11=y + shift + ;; + --nochown) + ownership=n + shift + ;; + --xwin) + finish="echo Press Return to close this window...; read junk" + xterm_loop=1 + shift + ;; + --phase2) + copy=phase2 + shift + ;; + --) + shift + break ;; + -*) + echo Unrecognized flag : "\$1" >&2 + MS_Help + exit 1 + ;; + *) + break ;; + esac +done + +case "\$copy" in +copy) + SCRIPT_COPY="\$TMPROOT/makeself\$\$" + echo "Copying to a temporary location..." >&2 + cp "\$0" "\$SCRIPT_COPY" + chmod +x "\$SCRIPT_COPY" + cd "\$TMPROOT" + exec "\$SCRIPT_COPY" --phase2 + ;; +phase2) + finish="\$finish ; rm -f \$0" + ;; +esac + +if test "\$nox11" = "n"; then + if tty -s; then # Do we have a terminal? + : + else + if test x"\$DISPLAY" != x -a x"\$xterm_loop" = x; then # No, but do we have X? + if xset q > /dev/null 2>&1; then # Check for valid DISPLAY variable + GUESS_XTERMS="xterm rxvt dtterm eterm Eterm kvt konsole aterm" + for a in \$GUESS_XTERMS; do + if type \$a >/dev/null 2>&1; then + XTERM=\$a + break + fi + done + chmod a+x \$0 || echo Please add execution rights on \$0 + if test \`echo "\$0" | cut -c1\` = "/"; then # Spawn a terminal! + exec \$XTERM -title "\$label" -e "\$0" --xwin "\$initargs" + else + exec \$XTERM -title "\$label" -e "./\$0" --xwin "\$initargs" + fi + fi + fi + fi +fi + +if test "\$targetdir" = "."; then + tmpdir="." +else + if test "\$keep" = y; then + echo "Creating directory \$targetdir" >&2 + tmpdir="\$targetdir" + else + tmpdir="\$TMPROOT/selfgz\$\$" + fi + mkdir -p \$tmpdir || { + echo 'Cannot create target directory' \$tmpdir >&2 + echo 'You should try option --target OtherDirectory' >&2 + eval \$finish + exit 1 + } +fi + +location="\`pwd\`" +if test x\$SETUP_NOCHECK != x1; then + MS_Check "\$0" +fi +offset=\`head -n $SKIP "\$0" | wc -c | tr -d " "\` + +if test x"\$verbose" = xy; then + MS_Printf "About to extract $USIZE KB in \$tmpdir ... Proceed ? [Y/n] " + read yn + if test x"\$yn" = xn; then + eval \$finish; exit 1 + fi +fi + +MS_Printf "Uncompressing \$label" +res=3 +if test "\$keep" = n; then + trap 'echo Signal caught, cleaning up >&2; cd \$TMPROOT; /bin/rm -rf \$tmpdir; eval \$finish; exit 15' 1 2 3 15 +fi + +for s in \$filesizes +do + if MS_dd "\$0" \$offset \$s | eval "$GUNZIP_CMD" | ( cd "\$tmpdir"; UnTAR x ) | MS_Progress; then + if test x"\$ownership" = xy; then + (PATH=/usr/xpg4/bin:\$PATH; cd "\$tmpdir"; chown -R \`id -u\` .; chgrp -R \`id -g\` .) + fi + else + echo + echo "Unable to decompress \$0" >&2 + eval \$finish; exit 1 + fi + offset=\`expr \$offset + \$s\` +done +echo + +cd "\$tmpdir" +res=0 +if test x"\$script" != x; then + if test x"\$verbose" = xy; then + MS_Printf "OK to execute: \$script \$scriptargs \$* ? [Y/n] " + read yn + if test x"\$yn" = x -o x"\$yn" = xy -o x"\$yn" = xY; then + eval \$script \$scriptargs \$*; res=\$?; + fi + else + eval \$script \$scriptargs \$*; res=\$? + fi + if test \$res -ne 0; then + test x"\$verbose" = xy && echo "The program '\$script' returned an error code (\$res)" >&2 + fi +fi +if test "\$keep" = n; then + cd \$TMPROOT + /bin/rm -rf \$tmpdir +fi +eval \$finish; exit \$res +EOF Index: branches/samhain-2_2-branch/scripts/makeself/makeself.sh =================================================================== --- branches/samhain-2_2-branch/scripts/makeself/makeself.sh (revision 66) +++ branches/samhain-2_2-branch/scripts/makeself/makeself.sh (revision 66) @@ -0,0 +1,361 @@ +#!/bin/sh +# +# Makeself version 2.1.x +# by Stephane Peter +# +# $Id: makeself.sh,v 1.44 2004/04/23 18:28:48 megastep Exp $ +# +# Utility to create self-extracting tar.gz archives. +# The resulting archive is a file holding the tar.gz archive with +# a small Shell script stub that uncompresses the archive to a temporary +# directory and then executes a given script from withing that directory. +# +# Makeself home page: http://www.megastep.org/makeself/ +# +# Version 2.0 is a rewrite of version 1.0 to make the code easier to read and maintain. +# +# Version history : +# - 1.0 : Initial public release +# - 1.1 : The archive can be passed parameters that will be passed on to +# the embedded script, thanks to John C. Quillan +# - 1.2 : Package distribution, bzip2 compression, more command line options, +# support for non-temporary archives. Ideas thanks to Francois Petitjean +# - 1.3 : More patches from Bjarni R. Einarsson and Francois Petitjean: +# Support for no compression (--nocomp), script is no longer mandatory, +# automatic launch in an xterm, optional verbose output, and -target +# archive option to indicate where to extract the files. +# - 1.4 : Improved UNIX compatibility (Francois Petitjean) +# Automatic integrity checking, support of LSM files (Francois Petitjean) +# - 1.5 : Many bugfixes. Optionally disable xterm spawning. +# - 1.5.1 : More bugfixes, added archive options -list and -check. +# - 1.5.2 : Cosmetic changes to inform the user of what's going on with big +# archives (Quake III demo) +# - 1.5.3 : Check for validity of the DISPLAY variable before launching an xterm. +# More verbosity in xterms and check for embedded command's return value. +# Bugfix for Debian 2.0 systems that have a different "print" command. +# - 1.5.4 : Many bugfixes. Print out a message if the extraction failed. +# - 1.5.5 : More bugfixes. Added support for SETUP_NOCHECK environment variable to +# bypass checksum verification of archives. +# - 1.6.0 : Compute MD5 checksums with the md5sum command (patch from Ryan Gordon) +# - 2.0 : Brand new rewrite, cleaner architecture, separated header and UNIX ports. +# - 2.0.1 : Added --copy +# - 2.1.0 : Allow multiple tarballs to be stored in one archive, and incremental updates. +# Added --nochown for archives +# Stopped doing redundant checksums when not necesary +# - 2.1.1 : Work around insane behavior from certain Linux distros with no 'uncompress' command +# Cleaned up the code to handle error codes from compress. Simplified the extraction code. +# - 2.1.2 : Some bug fixes. Use head -n to avoid problems. +# - 2.1.3 : Bug fixes with command line when spawning terminals. +# Added --tar for archives, allowing to give arbitrary arguments to tar on the contents of the archive. +# Added --noexec to prevent execution of embedded scripts. +# Added --nomd5 and --nocrc to avoid creating checksums in archives. +# Added command used to create the archive in --info output. +# Run the embedded script through eval. +# +# (C) 1998-2004 by Stéphane Peter +# +# This software is released under the terms of the GNU GPL +# Please read the license at http://www.gnu.org/copyleft/gpl.html +# + +MS_VERSION=2.1.3 + +# Procedures + +MS_Usage() +{ + echo "Usage: $0 [params] archive_dir file_name label [startup_script] [args]" + echo "params can be one or more of the following :" + echo " --version | -v : Print out Makeself version number and exit" + echo " --help | -h : Print out this help message" + echo " --gzip : Compress using gzip (default if detected)" + echo " --bzip2 : Compress using bzip2 instead of gzip" + echo " --compress : Compress using the UNIX 'compress' command" + echo " --nocomp : Do not compress the data" + echo " --notemp : The archive will create archive_dir in the" + echo " current directory and uncompress in ./archive_dir" + echo " --copy : Upon extraction, the archive will first copy itself to" + echo " a temporary directory" + echo " --append : Append more files to an existing Makeself archive" + echo " The label and startup scripts will then be ignored" + echo " --current : Files will be extracted to the current directory." + echo " Implies --notemp." + echo " --nomd5 : Don't calculate an MD5 for archive" + echo " --nocrc : Don't calculate a CRC for archive" + echo " --header file : Specify location of the header script" + echo " --follow : Follow the symlinks in the archive" + echo " --nox11 : Disable automatic spawn of a xterm" + echo " --nowait : Do not wait for user input after executing embedded" + echo " program from an xterm" + echo " --lsm file : LSM file describing the package" + echo + echo "Do not forget to give a fully qualified startup script name" + echo "(i.e. with a ./ prefix if inside the archive)." + exit 1 +} + +# Default settings +if type gzip 2>&1 > /dev/null; then + COMPRESS=gzip +else + COMPRESS=Unix +fi +KEEP=n +CURRENT=n +NOX11=n +APPEND=n +COPY=none +TAR_ARGS=cvf +HEADER=`dirname $0`/makeself-header.sh + +# LSM file stuff +LSM_CMD="echo No LSM. >> \"\$archname\"" + +while true +do + case "$1" in + --version | -v) + echo Makeself version $MS_VERSION + exit 0 + ;; + --bzip2) + COMPRESS=bzip2 + shift + ;; + --gzip) + COMPRESS=gzip + shift + ;; + --compress) + COMPRESS=Unix + shift + ;; + --nocomp) + COMPRESS=none + shift + ;; + --notemp) + KEEP=y + shift + ;; + --copy) + COPY=copy + shift + ;; + --current) + CURRENT=y + KEEP=y + shift + ;; + --header) + HEADER="$2" + shift 2 + ;; + --follow) + TAR_ARGS=cvfh + shift + ;; + --nox11) + NOX11=y + shift + ;; + --nowait) + shift + ;; + --nomd5) + NOMD5=y + shift + ;; + --nocrc) + NOCRC=y + shift + ;; + --append) + APPEND=y + shift + ;; + --lsm) + LSM_CMD="cat \"$2\" >> \"\$archname\"" + shift 2 + ;; + -h | --help) + MS_Usage + ;; + -*) + echo Unrecognized flag : "$1" + MS_Usage + ;; + *) + break + ;; + esac +done + +archdir="$1" +archname="$2" +MS_COMMAND="$0 $*" + +if test "$APPEND" = y; then + if test $# -lt 2; then + MS_Usage + fi + + # Gather the info from the original archive + OLDENV=`sh "$archname" --dumpconf` + if test $? -ne 0; then + echo "Unable to update archive: $archname" >&2 + exit 1 + else + eval "$OLDENV" + fi +else + if test "$KEEP" = n -a $# = 3; then + echo "ERROR: Making a temporary archive with no embedded command does not make sense!" >&2 + echo + MS_Usage + fi + # We don't really want to create an absolute directory... + if test "$CURRENT" = y; then + archdirname="." + else + archdirname=`basename "$1"` + fi + + if test $# -lt 3; then + MS_Usage + fi + + LABEL="$3" + SCRIPT="$4" + test x$SCRIPT = x || shift 1 + shift 3 + SCRIPTARGS="$*" +fi + +if test "$KEEP" = n -a "$CURRENT" = y; then + echo "ERROR: It is A VERY DANGEROUS IDEA to try to combine --notemp and --current." >&2 + exit 1 +fi + +case $COMPRESS in +gzip) + GZIP_CMD="gzip -c9" + GUNZIP_CMD="gzip -cd" + ;; +bzip2) + GZIP_CMD="bzip2 -9" + GUNZIP_CMD="bzip2 -d" + ;; +Unix) + GZIP_CMD="compress -cf" + GUNZIP_CMD="exec 2>&-; uncompress -c || test \\\$? -eq 2 || gzip -cd" + ;; +none) + GZIP_CMD="cat" + GUNZIP_CMD="cat" + ;; +esac + +tmpfile="${TMPDIR:=/tmp}/mkself$$" + +if test -f $HEADER; then + oldarchname="$archname" + archname="$tmpfile" + # Generate a fake header to count its lines + SKIP=0 + . $HEADER + SKIP=`cat "$tmpfile" |wc -l` + # Get rid of any spaces + SKIP=`expr $SKIP` + rm -f "$tmpfile" + echo Header is $SKIP lines long >&2 + + archname="$oldarchname" +else + echo "Unable to open header file: $HEADER" >&2 + exit 1 +fi + +echo + +if test "$APPEND" = n; then + if test -f "$archname"; then + echo "WARNING: Overwriting existing file: $archname" >&2 + fi +fi + +test -d "$archdir" || { echo "Error: $archdir does not exist."; rm -f "$tmpfile"; exit 1; } + +USIZE=`du -ks $archdir | cut -f1` +DATE=`LC_ALL=C date` + +echo About to compress $USIZE KB of data... +echo Adding files to archive named \"$archname\"... +(cd "$archdir"; tar $TAR_ARGS - * | eval "$GZIP_CMD" ) >> "$tmpfile" || { echo Aborting; rm -f "$tmpfile"; exit 1; } +echo >> "$tmpfile" >&- # try to close the archive + +fsize=`cat "$tmpfile" | wc -c | tr -d " "` + +# Compute the checksums + +md5sum=00000000000000000000000000000000 +crcsum=0000000000 + +if test "$NOCRC" = y; then + echo "skipping crc at user request" +else + crcsum=`cat "$tmpfile" | cksum | sed -e 's/ /Z/' -e 's/ /Z/' | cut -dZ -f1` + echo "CRC: $crcsum" +fi + +# Try to locate a MD5 binary +OLD_PATH=$PATH +PATH=${GUESS_MD5_PATH:-"$OLD_PATH:/bin:/usr/bin:/sbin:/usr/local/ssl/bin:/usr/local/bin:/opt/openssl/bin"} +MD5_PATH=`type -p md5sum` +MD5_PATH=${MD5_PATH:-`type -p md5`} +PATH=$OLD_PATH + +if test "$NOMD5" = y; then + echo "skipping md5sum at user request" +else + if test -x "$MD5_PATH"; then + md5sum=`cat "$tmpfile" | "$MD5_PATH" | cut -b-32`; + echo "MD5: $md5sum" + else + echo "MD5: none, md5sum binary not found" + fi +fi + +if test "$APPEND" = y; then + mv "$archname" "$archname".bak || exit + + # Prepare entry for new archive + filesizes="$filesizes $fsize" + CRCsum="$CRCsum $crcsum" + MD5sum="$MD5sum $md5sum" + USIZE=`expr $USIZE + $OLDUSIZE` + # Generate the header + . $HEADER + # Append the original data + tail -n +$OLDSKIP "$archname".bak >> "$archname" + # Append the new data + cat "$tmpfile" >> "$archname" + + chmod +x "$archname" + rm -f "$archname".bak + echo Self-extractible archive \"$archname\" successfully updated. +else + filesizes="$fsize" + CRCsum="$crcsum" + MD5sum="$md5sum" + + # Generate the header + . $HEADER + + # Append the compressed tar data after the stub + echo + cat "$tmpfile" >> "$archname" + chmod +x "$archname" + echo Self-extractible archive \"$archname\" successfully created. +fi +rm -f "$tmpfile" Index: branches/samhain-2_2-branch/scripts/redhat_i386.client.spec.in =================================================================== --- branches/samhain-2_2-branch/scripts/redhat_i386.client.spec.in (revision 66) +++ branches/samhain-2_2-branch/scripts/redhat_i386.client.spec.in (revision 66) @@ -0,0 +1,189 @@ +# +# Accepted parameters for 'rpmbuild': +# +# --with tests - make tests before building + +Summary: File integrity and host-based IDS +Name: samhain-client +Version: @VERSION@ +Release: 5 +License: GPL +Group: System Environment/Base +Source: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/samhain-client-%{version}-root +Packager: Andre Oliveira da Costa +Provides: %{name} + + +%description +samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, and +and thus can remember file changes -- contrary to a tool that runs from +cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +NOTE: for security reasons, if you distribute binary executables to +third parties you should point out the use of the --add-key option to +modify the key material within the executable. +This spec file is intended to facilitate installation on YOUR system. +If you use this spec file to build a SRPM for distribution to third parties, +make sure to remove the --enable-base configure option below. + +%prep +%setup -q + +%build +%if %{?_with_tests:1}%{!?_with_tests:0} +# test installation (test #7 is only included if --with gpg has been +# specified) +for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done +%endif +# +#./configure --prefix=%{_usr} \ +# --sysconfdir=%{_sysconfdir} \ +# --localstatedir=%{_localstatedir} \ +# --mandir=%{_mandir} +# +./configure '--enable-network=client' \ + '--with-port=@myport@' \ + '--with-logserver=@mylogsrv@' \ + '--with-data-file=REQ_FROM_SERVER/etc/samclient.data' \ + '--with-config-file=REQ_FROM_SERVER/etc/samclient.conf' \ + '--with-kcheck=/boot/System.map' \ + '--enable-khide=/boot/System.map' \ + '--enable-suidcheck' \ + '--enable-static' \ + '--enable-login-watch' \ + '--enable-ptrace' \ + '--enable-db-reload' \ + '--enable-base=@my_key_A@,@my_key_B@' \ + '--enable-xml-log' + +make + +%install +rm -rf ${RPM_BUILD_ROOT} +# sstrip shouldn't be used since binaries will be stripped later +cat << EOF > sstrip +#!/bin/sh +echo "*** SSTRIP DISABLED ***" +EOF +make DESTDIR=${RPM_BUILD_ROOT} install +# copy script files to /var/lib/samhain so that we can use them right +# after the package is installed +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/etc +install -m 640 -o 0 -g 0 samhain_hide.o ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.o +install -m 640 -o 0 -g 0 samhain_erase.o ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_erase.o +install -m 700 -o 0 -g 0 samhain_setpwd ${RPM_BUILD_ROOT}/usr/local/sbin/samhain_setpwd + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +if [ "$1" = 1 ]; then + # Activate boot-time start up + cd /etc + ./samhain-install.sh --verbose install-boot + if test -f /sbin/chkconfig; then + /sbin/chkconfig --add samhain + fi +fi +rm -rf /etc/samclient.conf +rm -rf /etc/samhain.startLinux +rm -rf /etc/samhain.startLSB + +cat << EOF + +Samhain is installed but is NOT running yet, and the database of +file signatures is NOT initialized yet. Read the documentation, +review configuration files, and then (i) initialize it +(/usr/local/sbin/samhain -t init) +and (ii) start it manually +(/usr/local/sbin/samhain start). + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF + +%preun +# stop running instance of samhain, if any +if [ -f /var/run/%{name}.pid ]; then + /usr/local/sbin/samhain stop +fi +if [ "$1" = 0 ]; then + # remove boot-time scripts and links + cd /etc + ./samhain-install.sh --verbose uninstall-boot +fi + +%postun +if [ "$1" = 0 ]; then + # remove any kernel modules that might have been installed + RVER=`uname -r` + rm -f /lib/modules/$RVER/samhain* +fi + + +%files +%defattr(-,root,root) +%dir /var/run +%dir /var/log +#%doc docs/BUGS COPYING docs/Changelog docs/TODO +#%doc LICENSE docs/HOWTO* docs/MANUAL-2_2.* docs/README* +/etc +/usr/local/sbin/samhain +/usr/local/sbin/samhain_setpwd +/lib/modules +#%attr(644,root,root) /usr/local/man/man5/samhain* +#%attr(644,root,root) /usr/local/man/man8/samhain* +#%config(noreplace) REQ_FROM_SERVER/etc/samclient.conf + +%changelog +* Thu Apr 3 2003 Rainer Wichmann +- adapt for configure + +* Wed Mar 26 2003 Philipp Stadler +- add samhain modules installation +- stops installation of documentation to server +- replace %config entry for /etc/samclient.conf +- remove samhain.startLinux and samhain.startLSB after installation + +* Sun Jan 12 2003 Rainer Wichmann +- replace %configure with ./configure + +* Tue Dec 24 2002 Rainer Wichmann +- backported applicable changes to samhain.spec.in +- warn user that database must be initialized +- fix version of MANUAL in '%files' +- test for chkconfig, use only if found + +* Sun Dec 22 2002 Andre Oliveira da Costa 1.7.0 +- fixed typo with _usr macro on ./configure +- stops running samhain before uninstall +- implemented conditionals to allow proper uninstalls/upgrades +- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided +- run 'chkconfig' to activate samhain after installation +- warn user that samhain must be manually started after + install/upgrade + +* Fri Dec 20 2002 Rainer Wichmann +- backported to samhain.spec.in (take over user's choices from configure) +- also save samhain.startLSB and samhain.startSuSE for install-boot + +* Thu Dec 19 2002 Andre Oliveira da Costa 1.6.6 +- optional parameters '--with gpg' and '--with tests' +- use of pre-defined macros whenever possible + +* Wed Dec 18 2002 Andre Oliveira da Costa 1.6.6 +- Fixed installation process, avoiding hardcoded paths on the binaries + (thks to samhain's author Rainer Wichmann) + +* Mon Dec 16 2002 Andre Oliveira da Costa 1.6.6 +- First attempt to build from sources + Index: branches/samhain-2_2-branch/scripts/samhain.cgi =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.cgi (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.cgi (revision 66) @@ -0,0 +1,32 @@ +#! /usr/local/bin/php +\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + $machine = $HTTP_POST_VARS["machine"]; + print "$machine\n"; + $date = $HTTP_POST_VARS["date"]; + print "$date\n"; + + /* INSERT PATH TO YOUR LOGFILE !!! + */ + readfile("/var/log/yule/yule.log"); + + /* INSERT PATH TO YOUR PID FILE !!! + * The final is only written when the + * daemon exits, threfore we need to supply it here. + */ + if (TRUE == file_exists("/var/run/yule.pid")) { + echo "\n"; + fi + + echo "\n"; +?> Index: branches/samhain-2_2-branch/scripts/samhain.dtd =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.dtd (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.dtd (revision 66) @@ -0,0 +1,11 @@ + + + + + + + Index: branches/samhain-2_2-branch/scripts/samhain.ebuild-light.in =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.ebuild-light.in (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.ebuild-light.in (revision 66) @@ -0,0 +1,92 @@ +# Copyright 2004 Rainer Wichmann +# Distributed under the terms of the GNU General Public License v2 + +inherit eutils + +MY_P="${PN}_signed-${PV}" +SLOT="0" +LICENSE="GPL-2" +DESCRIPTION="Samhain is a file integrity checker with optional central logging" + +# This is a fake URI that allows us to do a 'make dist' and copy +# the file to distdir. +# The proper URI would be http://www.la-samhna.de/archive/${MY_P}.tar.gz, +# but this would force us to do a 'make dist-sign' ... +# Apparently, portage cannot handle the file:// scheme, +# and not every user might be prepared to create a signed tarball. +# +# SRC_URI="http://www.la-samhna.de/archive/${MY_P}.tar.gz" +SRC_URI="http://www.la-samhna.de/archive/${P}.tar.gz" + + +HOMEPAGE="http://www.la-samhna.de/samhain/" + +KEYWORDS="x86" + +IUSE="" + +DEPEND="app-arch/gzip + app-arch/tar" +# mysql? (>=dev-db/mysql-3.23.58)" +RDEPEND="" + +src_unpack() { + unpack ${A} + cd ${WORKDIR} + if test -f ${P}.tar.gz; then + gunzip -c ${P}.tar.gz | tar xf - || die + cd ${P} + elif test -d "samhain-${PV}"; then + mv "samhain-${PV}" "@install_name@-${PV}" + fi +} + +src_compile() { + local myconf="--with-trusted=0,250" + +# myconf="$myconf --enable-mounts-check" +# myconf="$myconf --enable-userfiles" + +# use mysql && myconf="$myconf --with-database=mysql" +# use postgres && myconf="$myconf --with-database=postgresql" + +# econf \ +# --with-pid-file=/var/run/${PN}.pid \ +# --with-state-dir=/var/lib/${PN} \ +# --with-log-file=/var/log/${PN}.log \ + + ./configure ${myconf} @mydefargs@ || die + emake || die + + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip +} + +src_install() { + make DESTDIR=${D} install-light || die + make DESTDIR=${D} install-boot || die + + rm -f ${D}/@sbindir@/@install_name@_stealth +} + +pkg_prerm() { + rc-update del @install_name@ + einfo "Stopping service @install_name@" + test -f /etc/init.d/@install_name@ && /etc/init.d/@install_name@ stop + sleep 3 +} + +pkg_postinst() { + rc-update add @install_name@ default + einfo + einfo "@install_name@ is installed but is NOT running yet, and the database" + einfo "of file signatures is NOT initialized yet." + einfo + einfo "You need to run \"@install_name@ -t init\" to initialize " + einfo "the baseline database of file signatures." + einfo + einfo "After initializing the database, you can start @install_name@" + einfo "with \"/etc/init.d/@install_name@ start\". It is configured to start" + einfo "automatically on the next boot for runlevel \"default\"" +} + Index: branches/samhain-2_2-branch/scripts/samhain.ebuild.in =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.ebuild.in (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.ebuild.in (revision 66) @@ -0,0 +1,98 @@ +# Copyright 2004 Rainer Wichmann +# Distributed under the terms of the GNU General Public License v2 + +inherit eutils + +MY_P="${PN}_signed-${PV}" +SLOT="0" +LICENSE="GPL-2" +DESCRIPTION="Samhain is a file integrity checker with optional central logging" + +# This is a fake URI that allows us to do a 'make dist' and copy +# the file to distdir. +# The proper URI would be http://www.la-samhna.de/archive/${MY_P}.tar.gz, +# but this would force us to do a 'make dist-sign' ... +# Apparently, portage cannot handle the file:// scheme, +# and not every user might be prepared to create a signed tarball. +# +# SRC_URI="http://www.la-samhna.de/archive/${MY_P}.tar.gz" +SRC_URI="http://www.la-samhna.de/archive/${P}.tar.gz" + + +HOMEPAGE="http://www.la-samhna.de/samhain/" + +KEYWORDS="x86" + +IUSE="" + +DEPEND="app-arch/gzip + app-arch/tar" +# mysql? (>=dev-db/mysql-3.23.58)" +RDEPEND="" + +src_unpack() { + unpack ${A} + cd ${WORKDIR} + if test -f ${P}.tar.gz; then + gunzip -c ${P}.tar.gz | tar xf - || die + cd ${P} + elif test -d "samhain-${PV}"; then + mv "samhain-${PV}" "@install_name@-${PV}" + fi +} + +src_compile() { + local myconf="--with-trusted=0,250" + +# myconf="$myconf --enable-mounts-check" +# myconf="$myconf --enable-userfiles" + +# use mysql && myconf="$myconf --with-database=mysql" +# use postgres && myconf="$myconf --with-database=postgresql" + +# econf \ +# --with-pid-file=/var/run/${PN}.pid \ +# --with-state-dir=/var/lib/${PN} \ +# --with-log-file=/var/log/${PN}.log \ + + ./configure ${myconf} @mydefargs@ || die + emake || die + + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip +} + +src_install() { + make DESTDIR=${D} install || die + make DESTDIR=${D} install-boot || die + + dodoc docs/BUGS COPYING docs/Changelog LICENSE docs/README \ + docs/README.UPGRADE docs/sh_mounts.txt docs/sh_userfiles.txt \ + docs/MANUAL-2_0.ps docs/MANUAL-2_0.html.tar + + dohtml docs/HOWTO-client+server.html docs/HOWTO-samhain+GnuPG.html \ + docs/HOWTO-write-modules.html docs/HOWTO-samhain-on-windows.html \ + docs/HOWTO-client+server-troubleshooting.html docs/FAQ.html +} + +pkg_prerm() { + rc-update del @install_name@ + einfo "Stopping service @install_name@" + test -f /etc/init.d/@install_name@ && /etc/init.d/@install_name@ stop + sleep 3 +} + +pkg_postinst() { + rc-update add @install_name@ default + einfo + einfo "@install_name@ is installed but is NOT running yet, and the database" + einfo "of file signatures is NOT initialized yet." + einfo + einfo "You need to run \"@install_name@ -t init\" to initialize " + einfo "the baseline database of file signatures." + einfo + einfo "After initializing the database, you can start @install_name@ " + einfo "with \"/etc/init.d/@install_name@ start\". It is configured to start" + einfo "automatically on the next boot for runlevel \"default\"" +} + Index: branches/samhain-2_2-branch/scripts/samhain.logrotator =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.logrotator (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.logrotator (revision 66) @@ -0,0 +1,26 @@ +/var/log/samhain_log { + size=1M + nocreate + compress + mail root@mail + maillast + rotate 5 + + prerotate + if test -f /var/run/samhain.pid; then \ + PIN=`cat /var/run/samhain.pid`; \ + /bin/kill -ABRT $PIN; \ + sleep 1; \ + AA=0; \ + while test "x$AA" != "x120"; do \ + let "AA = $AA + 1"; \ + if test -f /var/run/samhain.pid; then \ + sleep 1; \ + else \ + break; \ + fi \ + done; \ + fi + endscript + + Index: branches/samhain-2_2-branch/scripts/samhain.spec.in =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.spec.in (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.spec.in (revision 66) @@ -0,0 +1,168 @@ +# +# Accepted parameters for 'rpmbuild': +# +# --with gpg - enables gpg support +# --with tests - make tests before building + +Summary: File integrity and host-based IDS +Name: samhain +Version: @VERSION@ +Release: 1 +License: GPL +Group: System Environment/Base +Source: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-root +Packager: Andre Oliveira da Costa +Provides: %{name} +%if %{?_with_gpg:1}%{!?_with_gpg:0} +BuildPreReq: gpg +%endif + +%description +samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, and +and thus can remember file changes -- contrary to a tool that runs from +cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +This package contains only the single host version. + +%prep +%setup -q -n samhain-%{version} + +%build +%if %{?_with_tests:1}%{!?_with_tests:0} +# test installation (test #7 is only included if --with gpg has been +# specified) +for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done +%endif +./configure --prefix=%{_usr} \ + --sbindir=%{_sbindir} \ + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_localstatedir} \ + --mandir=%{_mandir} \ +%{?_with_gpg: --with-gpg=`type -p gpg`} + +make + +%install +rm -rf $RPM_BUILD_ROOT +# sstrip shouldn't be used since binaries will be stripped later +cat << EOF > sstrip +#!/bin/sh +echo "*** SSTRIP DISABLED ***" +EOF +make DESTDIR=${RPM_BUILD_ROOT} install +# copy script files to /var/lib/samhain so that we can use them right +# after the package is installed +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{name} + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +if [ "$1" = 1 ]; then + # Activate boot-time start up + cd %{_localstatedir}/lib/%{name} + ./samhain-install.sh --verbose install-boot + if test -f /sbin/chkconfig; then + /sbin/chkconfig --add samhain + /sbin/chkconfig samhain on + fi +fi +cat << EOF + +Samhain is installed but is NOT running yet, and the database of +file signatures is NOT initialized yet. Read the documentation, +review configuration files, and then (i) initialize it +(%{_sbindir}/samhain -t init) +and (ii) start it manually +(%{_sysconfdir}/init.d/samhain start). + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF + + +%preun +# stop running instance of samhain, if any +if [ -f %{_localstatedir}/run/%{name}.pid ]; then + %{_sysconfdir}/init.d/samhain stop +fi +if [ "$1" = 0 ]; then + # remove boot-time scripts and links + cd %{_localstatedir}/lib/samhain + if [ -f ./samhain-install.sh ]; then + ./samhain-install.sh --verbose uninstall-boot + else + if [ -f /sbin/chkconfig ]; then + /sbin/chkconfig samhain off + /sbin/chkconfig --del samhain + fi + fi +fi + +%postun +if [ "$1" = 0 ]; then + # remove any kernel modules that might have been installed + RVER=`uname -r` + rm -f /lib/modules/$RVER/samhain* +fi + + +%files +%defattr(-,root,root) +%dir %{_localstatedir}/run +%dir %{_localstatedir}/log +%doc docs/BUGS COPYING docs/Changelog docs/TODO +%doc LICENSE docs/HOWTO* docs/MANUAL-2_2.* docs/README* +%{_localstatedir}/lib/%{name} +%{_sbindir}/%{name} +%attr(644,root,root) %{_mandir}/man5/samhain* +%attr(644,root,root) %{_mandir}/man8/samhain* +%config(noreplace) %{_sysconfdir}/samhainrc + +%changelog +* Sat Jun 19 2004 Rainer Wichmann +- replace ./test.sh $i with make test$i + +* Sat Jan 03 2004 Rainer Wichmann +- Use /sbin/chkconfig as in ../samhain.spec.in + +* Thu Dec 11 2003 Christian Vanguers +- Fixed typo in samhain.spec + +* Tue Dec 24 2002 Rainer Wichmann +- warn user that database must be initialized +- fix version of MANUAL in '%files' +- test for chkconfig, use only if found + +* Sun Dec 22 2002 Andre Oliveira da Costa 1.7.0 +- fixed typo with _usr macro on ./configure +- stops running samhain before uninstall +- implemented conditionals to allow proper uninstalls/upgrades +- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided +- run 'chkconfig' to activate samhain after installation +- warn user that samhain must be manually started after + install/upgrade + +* Fri Dec 20 2002 Rainer Wichmann +- use 'configure' to set version string +- use standard macros for paths + +* Thu Dec 19 2002 Andre Oliveira da Costa 1.6.6 +- optional parameters '--with gpg' and '--with tests' +- use of pre-defined macros whenever possible + +* Wed Dec 18 2002 Andre Oliveira da Costa 1.6.6 +- Fixed installation process, avoiding hardcoded paths on the binaries + (thks to samhain's author Rainer Wichmann) + +* Mon Dec 16 2002 Andre Oliveira da Costa 1.6.6 +- First attempt to build from sources Index: branches/samhain-2_2-branch/scripts/samhain.xsl =================================================================== --- branches/samhain-2_2-branch/scripts/samhain.xsl (revision 66) +++ branches/samhain-2_2-branch/scripts/samhain.xsl (revision 66) @@ -0,0 +1,147 @@ + + + + + + + + + + + Samhain Log + + +
+
+ + +

Logs Samhain


+
+ + + + + + + + +
Date: + + + + + Machine: + + + + +

+
+ + + + + + + + + +
TYPE D'ALERTECHEMINMESSAGEDATEMACHINE
+
+ + + + + + + + + + + + + + + +
"), + sizeof("
")-1); + } + + if (SL_ISERROR(status)) + SL_RETURN((-1), _("sh_html_head")); + + SL_RETURN((0), _("sh_html_head")); +} + +static +int sh_html_foot(SL_TICKET ticket) +{ + long status = SL_ENONE; + SL_TICKET fd = (-1); + char line[512]; + char * p; + + SL_ENTER(_("sh_html_foot")); + + p = sh_util_strconcat(DEFAULT_DATAROOT, _("/foot.html"), NULL); + + if (p) + { + fd = sl_open_read (p, SL_YESPRIV); + SH_FREE(p); + } + + if (!SL_ISERROR(fd)) + { + while (!SL_ISERROR(status) && sh_unix_getline (fd, line, sizeof(line)) > 0) + { + status = sl_write_line (ticket, line, sl_strlen(line)); + } + sl_close(fd); + } + else + { + status = sl_write_line (ticket, _("
"), + sizeof("
")-1); + } + if (SL_ISERROR(status)) + SL_RETURN((-1), _("sh_html_foot")); + + SL_RETURN((0), _("sh_html_foot")); +} + + +static +char * replace_tab (const char * line, char * host, char * status, + char * timestamp) +{ + st_format rep_serv_tab[] = { + { 'H', S_FMT_STRING, 0, 0, NULL}, + { 'S', S_FMT_STRING, 0, 0, NULL}, + { 'T', S_FMT_STRING, 0, 0, NULL}, + {'\0', S_FMT_ULONG, 0, 0, NULL}, + }; + char * p; + + SL_ENTER(_("replace_tab")); + + rep_serv_tab[0].data_str = host; + rep_serv_tab[1].data_str = status; + rep_serv_tab[2].data_str = timestamp; + + p = sh_util_formatted(line, rep_serv_tab); + SL_RETURN(p, _("replace_tab")); +} + +static char * entry_orig = NULL; +static size_t entry_size = 0; + +static +int sh_html_get_entry () +{ + long retval = SL_ENONE; + SL_TICKET fd = (-1); + char line[512]; + size_t line_size; + size_t add_size = 0; + char * p; + + SL_ENTER(_("sh_html_get_entry")); + + p = sh_util_strconcat(DEFAULT_DATAROOT, _("/entry.html"), NULL); + + entry_size = 0; + if (entry_orig != NULL) + { + free (entry_orig); + entry_orig = NULL; + entry_size = 0; + } + + if (p) + { + fd = sl_open_read (p, SL_YESPRIV); + SH_FREE(p); + } + if (!SL_ISERROR(fd)) + { + while (!SL_ISERROR(retval) && sh_unix_getline (fd, line, sizeof(line)) > 0) + { + line_size = sl_strlen(line); + add_size = 0; + if (entry_orig != NULL) + { + entry_orig = realloc(entry_orig, /* free() ok */ + entry_size + line_size + 1); + if (entry_orig) { add_size = line_size; } + } + else + { + entry_orig = malloc(line_size + 1); /* free() ok */ + if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; } + } + if (!entry_orig) + { + entry_size = 0; + add_size = 0; + SL_RETURN( 0, _("sh_html_get_entry")); + } + + sl_strlcat(&entry_orig[entry_size], line, line_size + 1); + entry_size += add_size; + SH_VALIDATE_EQ(entry_orig[entry_size], '\0'); + } + sl_close(fd); + } + SL_RETURN( entry_size, _("sh_html_get_entry")); +} + +static +int sh_html_entry (SL_TICKET ticket, + char * host, char * status, char * timestamp, int flag) +{ + char outline[1024]; + long retval = SL_ENONE; + + char * formatted; + + SL_ENTER(_("sh_html_entry")); + + if (entry_size > 0 && entry_orig != NULL) + { + formatted = replace_tab(entry_orig, host, status, timestamp); + if (formatted) + { + retval = sl_write_line (ticket, formatted, sl_strlen(formatted)); + SH_FREE(formatted); + } + } + else + { + sl_snprintf(outline, 1023, + _("%s%s%s"), + host, status, timestamp); + retval = sl_write_line (ticket, outline, sl_strlen(outline)); + } + + /* write a status line + */ + if ((flag == 1) && (!SL_ISERROR(retval))) + { + sl_snprintf(outline, 1023, + _(""), + host, status, timestamp); + retval = sl_write_line (ticket, outline, sl_strlen(outline)); + } + + if (SL_ISERROR(retval)) + SL_RETURN((-1), _("sh_html_entry")); + + SL_RETURN((0), _("sh_html_entry")); +} + +typedef struct _sort_arr { + char msg[TIM_MAX]; + char tim[TIM_MAX]; +} sort_arr; + +static sort_arr sort_stat[CLT_MAX]; + +static +int comp_arr (const void * ao, const void * bo) +{ + sort_arr * a; + sort_arr * b; + + if (ao == NULL && bo == NULL) + return 0; + else if (ao == NULL && bo != NULL) + return (-1); + else if (ao != NULL && bo == NULL) + return (1); + + a = (sort_arr *) ao; + b = (sort_arr *) bo; + + return ((-1) * sl_strcmp(a->tim, b->tim)); +} + +static +int sh_html_print_one (SL_TICKET ticket, client_t * top) +{ + int status; + int clt_status; + int i, n; + + SL_ENTER(_("sh_html_print_one")); + + if (top == NULL) + SL_RETURN((0), _("sh_html_print_one")); + + clt_status = top->status_now; + status = sh_html_entry (ticket, + top->hostname, + _(clt_stat[clt_status]), + top->timestamp[clt_status], + 1); + + n = 0; + + if (clt_status != CLT_INACTIVE) + { + for (i = 1; i < CLT_MAX; ++i) + { + if (top->status_arr[i] != CLT_INACTIVE) + { + clt_status = top->status_arr[i]; + sl_strlcpy(sort_stat[n].msg, _(clt_stat[clt_status]), TIM_MAX); + sl_strlcpy(sort_stat[n].tim, top->timestamp[clt_status],TIM_MAX); + ++n; + } + } + } + + if (n > 0) + { + qsort(&(sort_stat[0]), n, sizeof(sort_arr), comp_arr); + + for (i = 1; i < n; ++i) + { + status = sh_html_entry (ticket, + " ", + sort_stat[i].msg, + sort_stat[i].tim, + 0); + } + } + + if (SL_ISERROR(status)) + SL_RETURN((-1), _("sh_html_print_one")); + + SL_RETURN((0), _("sh_html_print_one")); +} + +#include "zAVLTree.h" + +int sh_html_write(void * inptr) +{ + long fd; + zAVLCursor avlcursor; + client_t * item; + zAVLTree * top = (zAVLTree *) inptr; + + SL_ENTER(_("sh_html_write")); + + if (0 != (fd = tf_trust_check (DEFAULT_HTML_FILE, SL_YESPRIV))) + { + sh_error_handle((-1), FIL__, __LINE__, fd, MSG_E_TRUST, + (long) sh.effective.uid, + DEFAULT_HTML_FILE); + SL_RETURN((-1), _("sh_html_write")); + } + + + fd = sl_open_write_trunc (DEFAULT_HTML_FILE, SL_YESPRIV); + + if (SL_ISERROR(fd)) + { + sh_error_handle((-1), FIL__, __LINE__, fd, MSG_E_ACCESS, + (long) sh.effective.uid, + DEFAULT_HTML_FILE); + SL_RETURN((-1), _("sh_html_write")); + } + + sh_html_get_entry(); + + sh_html_head(fd); + for (item = (client_t *) zAVLFirst(&avlcursor, top); item; + item = (client_t *) zAVLNext(&avlcursor)) + sh_html_print_one (fd, item); + sh_html_foot(fd); + sl_close(fd); + + SL_RETURN((0), _("sh_html_write")); +} + +/* SH_WITH_SERVER */ +#endif + + + + + + + + + + + + + + + Index: branches/samhain-2_2-branch/src/sh_ignore.c =================================================================== --- branches/samhain-2_2-branch/src/sh_ignore.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_ignore.c (revision 66) @@ -0,0 +1,198 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2003 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#ifndef NULL +#if !defined(__cplusplus) +#define NULL ((void*)0) +#else +#define NULL (0) +#endif +#endif + +#ifdef HAVE_REGEX_H +#include +#include +#endif + +#include "samhain.h" +#include "sh_mem.h" +#include "sh_error.h" + +#define FIL__ _("sh_ignore.c") + +struct sh_ignore_list { +#ifdef HAVE_REGEX_H + regex_t preg; +#else + char * path; +#endif + struct sh_ignore_list * next; +}; + + +static struct sh_ignore_list * sh_del_ign = NULL; +static struct sh_ignore_list * sh_new_ign = NULL; + +static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list, + const char * addpath) +{ + struct sh_ignore_list * new; +#ifdef HAVE_REGEX_H + int status = -1; + char * errbuf; +#else + size_t size; +#endif + + SL_ENTER(_("sh_ignore_add")); + + if (addpath == NULL) + { + SL_RETURN(list, _("sh_ignore_add")); + } + + new = SH_ALLOC(sizeof(struct sh_ignore_list)); + +#ifdef HAVE_REGEX_H + status = regcomp(&(new->preg), addpath, REG_NOSUB|REG_EXTENDED); + if (status != 0) + { + errbuf = SH_ALLOC(BUFSIZ+2); + (void) regerror(status, &(new->preg), errbuf, BUFSIZ); + errbuf[BUFSIZ] = '\0'; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_REGEX, + errbuf, addpath); + SH_FREE(errbuf); + SH_FREE(new); + SL_RETURN(list, _("sh_ignore_add")); + } +#else + size = sl_strlen(addpath); + new->path = SH_ALLOC(size + 1); + sl_strlcpy(new->path, addpath, size+1); +#endif + + new->next = list; + + SL_RETURN(new, _("sh_ignore_add")); +} + +int sh_ignore_add_del (const char * addpath) +{ + if ((addpath == NULL) || (addpath[0] != '/')) + { + return -1; + } + sh_del_ign = sh_ignore_add_int (sh_del_ign, addpath); + return 0; +} + +int sh_ignore_add_new (const char * addpath) +{ + if ((addpath == NULL) || (addpath[0] != '/')) + { + return -1; + } + sh_new_ign = sh_ignore_add_int (sh_new_ign, addpath); + return 0; +} + +static int sh_ignore_chk_int (struct sh_ignore_list * list, + const char * chkpath) +{ + struct sh_ignore_list * new = list; + + SL_ENTER(_("sh_ignore_chk")); + + if (chkpath == NULL) + { + SL_RETURN(S_FALSE, _("sh_ignore_add")); + } + + while (new) + { +#ifdef HAVE_REGEX_H + if (0 == regexec(&(new->preg), chkpath, 0, NULL, 0)) + { + SL_RETURN(S_TRUE, _("sh_ignore_add")); + } +#else + if (0 == sl_strcmp(new->path, chkpath)) + { + SL_RETURN(S_TRUE, _("sh_ignore_add")); + } +#endif + new = new->next; + } + + SL_RETURN(S_FALSE, _("sh_ignore_add")); +} + +int sh_ignore_chk_new (const char * chkpath) +{ + return (sh_ignore_chk_int(sh_new_ign, chkpath)); +} + +int sh_ignore_chk_del (const char * chkpath) +{ + return (sh_ignore_chk_int(sh_del_ign, chkpath)); +} + +int sh_ignore_clean () +{ + struct sh_ignore_list * new; + + new = sh_new_ign; + + while (new) + { + sh_new_ign = new->next; +#ifdef HAVE_REGEX_H + regfree (&(new->preg)); +#else + SH_FREE(new->path); +#endif + SH_FREE(new); + new = sh_new_ign; + } + + new = sh_del_ign; + + while (new) + { + sh_del_ign = new->next; +#ifdef HAVE_REGEX_H + regfree (&(new->preg)); +#else + SH_FREE(new->path); +#endif + SH_FREE(new); + new = sh_del_ign; + } + + return 0; +} + + + + + + Index: branches/samhain-2_2-branch/src/sh_kern.c =================================================================== --- branches/samhain-2_2-branch/src/sh_kern.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_kern.c (revision 66) @@ -0,0 +1,1947 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2001 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#include "config_xor.h" + +#define SH_SYSCALL_CODE + +#ifdef HOST_IS_I86LINUX +#define SH_IDT_TABLE +#define SH_PROC_CHECK +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifdef SH_USE_KERN + +#undef FIL__ +#define FIL__ _("sh_kern.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_kern.h" +#include "sh_ks_xor.h" + +#include "sh_unix.h" +#include "sh_hash.h" + + + +sh_rconf sh_kern_table[] = { + { + N_("severitykernel"), + sh_kern_set_severity + }, + { + N_("kernelcheckactive"), + sh_kern_set_activate + }, + { + N_("kernelcheckinterval"), + sh_kern_set_timer + }, + { + N_("kernelcheckidt"), + sh_kern_set_idt + }, + { + N_("kernelsystemcall"), + sh_kern_set_sc_addr + }, + { + N_("kernelsyscalltable"), + sh_kern_set_sct_addr + }, + { + N_("kernelprocrootlookup"), + sh_kern_set_proc_root_lookup + }, + { + N_("kernelprocrootiops"), + sh_kern_set_proc_root_iops + }, + { + N_("kernelprocroot"), + sh_kern_set_proc_root + }, + { + NULL, + NULL + }, +}; + + +static time_t lastcheck; +static int ShKernActive = S_TRUE; +static int ShKernInterval = 300; +static int ShKernSeverity = SH_ERR_SEVERE; +static int ShKernDelay = 100; /* milliseconds */ +static int ShKernIDT = S_TRUE; + +/* The address of system_call + */ +#ifdef SH_SYS_CALL_ADDR +static unsigned long system_call_addr = SH_SYS_CALL_ADDR; +#else +static unsigned long system_call_addr = 0; +#endif + +/* The address of the sys_call_table + */ +#ifdef SH_SYS_CALL_TABLE +static unsigned int kaddr = SH_SYS_CALL_TABLE; +#else +static unsigned int kaddr = 0; +#endif + +#ifdef PROC_ROOT_LOC +static unsigned long proc_root = PROC_ROOT_LOC; +#else +static unsigned long proc_root = 0; +#endif +#ifdef PROC_ROOT_IOPS_LOC +static unsigned long proc_root_iops = PROC_ROOT_IOPS_LOC; +#else +static unsigned long proc_root_iops = 0; +#endif +#ifdef PROC_ROOT_LOOKUP_LOC +static unsigned long proc_root_lookup = PROC_ROOT_LOOKUP_LOC; +#else +static unsigned long proc_root_lookup = 0; +#endif + +int sh_kern_null() +{ + return 0; +} + +#ifdef SH_IDT_TABLE + +#include + +#define SH_MAXIDT 256 +unsigned char sh_idt_table[SH_MAXIDT * 8]; +char * sh_strseg(unsigned short segment) +{ + switch (segment) { + case __KERNEL_CS: + return _("KERNEL_CS"); + case __KERNEL_DS: + return _("KERNEL_DS"); + case __USER_CS: + return _("USER_CS"); + case __USER_DS: + return _("USER_DS"); + default: + return _("unknown"); + } +} +/* ifdef SH_IDT_TABLE */ +#endif + +static char * sh_kern_charhex( unsigned char i ) +{ + static char i2h[2]; + int j, k; + + j = i / 16; + k = i - (j*16); + + if (j < 10) i2h[0] = '0'+j; + else i2h[0] = 'A'+(j-10); + + if (k < 10) i2h[1] = '0'+k; + else i2h[1] = 'A'+(k-10); + + return i2h; +} + +static void sh_kern_push2db (char * name, unsigned long addr, + unsigned long code1, unsigned long code2, + unsigned char * code, int size) +{ + file_type tmpFile; + int i = 0; + char * p; + + sl_strlcpy(tmpFile.fullpath, name, PATH_MAX); + tmpFile.size = addr; + tmpFile.mtime = code1; + tmpFile.ctime = code2; + + tmpFile.atime = 0; + tmpFile.mode = 0; + tmpFile.owner = 0; + tmpFile.group = 0; + sl_strlcpy(tmpFile.c_owner, _("root"), 5); + sl_strlcpy(tmpFile.c_group, _("root"), 5); + + if ((code != NULL) && (size < (PATH_MAX/2)-1)) + { + tmpFile.c_mode[0] = 'l'; + tmpFile.c_mode[1] = 'r'; tmpFile.c_mode[2] = 'w'; + tmpFile.c_mode[3] = 'x'; tmpFile.c_mode[4] = 'r'; + tmpFile.c_mode[5] = 'w'; tmpFile.c_mode[6] = 'x'; + tmpFile.c_mode[7] = 'r'; tmpFile.c_mode[8] = 'w'; + tmpFile.c_mode[9] = 'x'; tmpFile.c_mode[10] = '\0'; + for (i = 0; i < size; ++i) + { + p = sh_kern_charhex (code[i]); + tmpFile.linkpath[2*i] = p[0]; + tmpFile.linkpath[2*i+1] = p[1]; + tmpFile.linkpath[2*i+2] = '\0'; + } + } + else + { + tmpFile.c_mode[0] = '-'; + tmpFile.c_mode[1] = '-'; tmpFile.c_mode[2] = '-'; + tmpFile.c_mode[3] = '-'; tmpFile.c_mode[4] = '-'; + tmpFile.c_mode[5] = '-'; tmpFile.c_mode[6] = '-'; + tmpFile.c_mode[7] = '-'; tmpFile.c_mode[8] = '-'; + tmpFile.c_mode[9] = '-'; tmpFile.c_mode[10] = '\0'; + tmpFile.linkpath[0] = '-'; tmpFile.linkpath[1] = '\0'; + } + + if (sh.flag.checkSum == SH_CHECK_CHECK && sh.flag.update == S_TRUE) + sh_hash_pushdata_memory (&tmpFile, + _("000000000000000000000000000000000000000000000000")); + else + sh_hash_pushdata (&tmpFile, + _("000000000000000000000000000000000000000000000000")); + return; +} + +extern int sh_util_hextobinary (char * binary, const char * hex, int bytes); + +static char * sh_kern_db2pop (char * name, unsigned long * addr, + unsigned long * code1, unsigned long * code2, + int * size) +{ + file_type tmpFile; + char * p; + int i; + + if (0 == sh_hash_get_it (name, &tmpFile)) + { + *addr = tmpFile.size; + *code1 = tmpFile.mtime; + *code2 = tmpFile.ctime; + + if (tmpFile.linkpath[0] != '-') + { + p = SH_ALLOC(PATH_MAX); + i = sh_util_hextobinary (p, tmpFile.linkpath, + strlen(tmpFile.linkpath)); + if (i == 0) + { + *size = (strlen(tmpFile.linkpath)/2); + p[*size] = '\0'; + return p; + } + else + { + SH_FREE(p); + *size = 0; + return NULL; + } + } + else + { + *size = 0; + return NULL; + } + } + else + { + *size = 0; + *addr = 0; + return NULL; + } +} + +char * sh_kern_db_syscall (int num, char * prefix, + void * in_name, unsigned long * addr, + unsigned int * code1, unsigned int * code2, + int * size, int direction) +{ + char path[128]; + char * p = NULL; + unsigned long x1, x2; + char * name = (char *) in_name; + + sl_snprintf(path, 128, "K_%s_%04d", prefix, num); + + if (direction == 0) + { + x1 = *code1; + x2 = *code2; + + sh_kern_push2db (path, *addr, x1, x2, + name, (name == NULL) ? 0 : (*size)); + } + else + { + p = sh_kern_db2pop (path, addr, &x1, &x2, size); + *code1 = (unsigned int) x1; + *code2 = (unsigned int) x2; + } + return p; +} + +#ifdef HOST_IS_LINUX + +int sh_kern_data_init () +{ + unsigned long store0 = 0; + unsigned int store1 = 0, store2 = 0; + int datasize, i, j; + char * databuf; + +#ifdef SH_SYSCALL_CODE + /* system_call code + */ + databuf = sh_kern_db_syscall (0, _("system_call"), + NULL, &store0, &store1, &store2, + &datasize, 1); + if (datasize == sizeof(system_call_code)) + { + memcpy (system_call_code, databuf, sizeof(system_call_code)); + SH_FREE(databuf); + } + else + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("system_call_code not found in database"), + _("sh_kern_data_init")); + return -1; + } +#endif + + /* syscall address and code + */ + for (i = 0; i < SH_MAXCALLS; ++i) + { + databuf = sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + &datasize, 1); + sh_syscalls[i].addr = store0; + if (store0 == 0) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, i, MSG_E_SUBGEN, + _("syscall address not found in database"), + _("sh_kern_data_init")); + return -1; + } +#ifdef SH_SYSCALL_CODE + sh_syscalls[i].code[0] = (unsigned int) store1; + sh_syscalls[i].code[1] = (unsigned int) store2; + if ((store1 == 0) || (store2 == 0)) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, i, MSG_E_SUBGEN, + _("syscall code not found in database"), + _("sh_kern_data_init")); + /* fprintf(stderr, "Syscall #%d\n", i); */ + /* return -1; */ + } +#endif + if (databuf != NULL) { + SH_FREE(databuf); + } + + } + +#ifdef SH_IDT_TABLE + if (ShKernIDT == S_TRUE) + { + for (j = 0; j < SH_MAXIDT; ++j) + { + databuf = sh_kern_db_syscall (j, _("idt_table"), + NULL, + &store0, &store1, &store2, + &datasize, 1); + if (datasize == 8) { + memcpy(&idt_table[j*8], databuf, 8); + SH_FREE(databuf); + } else { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, j, MSG_E_SUBGEN, + _("idt table not found in database"), + _("sh_kern_data_init")); + return -1; + } + } + } +#endif + + return 0; +} + +#ifdef SH_PROC_CHECK +struct inode_operations { + int (*create) (int *,int *,int); + int * (*lookup) (int *,int *); + int (*link) (int *,int *,int *); + int (*unlink) (int *,int *); + int (*symlink) (int *,int *,const char *); + int (*mkdir) (int *,int *,int); + int (*rmdir) (int *,int *); + int (*mknod) (int *,int *,int,int); + int (*rename) (int *, int *, + int *, int *); + /* flawfinder: ignore */ + int (*readlink) (int *, char *,int); + int (*follow_link) (int *, int *); + void (*truncate) (int *); + int (*permission) (int *, int); + int (*revalidate) (int *); + /* + int (*setattr) (int *, int *); + int (*getattr) (int *, int *); + int (*setxattr) (int *, const char *, void *, size_t, int); + ssize_t (*getxattr) (int *, const char *, void *, size_t); + ssize_t (*listxattr) (int *, char *, size_t); + int (*removexattr) (int *, const char *); + */ +}; + +/* this one is just for dummy purposes + */ +struct file_operations { + int (*create) (int *,int *,int); +}; + +struct proc_dir_entry { + unsigned short low_ino; + unsigned short namelen; + const char * name; + mode_t mode; + nlink_t nlink; + uid_t uid; + gid_t gid; +#if defined TWO_SIX_SEVENTEEN_PLUS + /* size is loff_t in 2.6.17+ kernels */ + unsigned long dummy; +#endif + unsigned long size; + struct inode_operations * proc_iops; + struct file_operations * proc_fops; + /* + get_info_t *get_info; + struct module *owner; + struct proc_dir_entry *next, *parent, *subdir; + void *data; + read_proc_t *read_proc; + write_proc_t *write_proc; + atomic_t count; + int deleted; + */ +}; +#endif + +static int sh_kern_kmem_read (int fd, unsigned long addr, + unsigned char * buf, int len) +{ + if (lseek(fd, addr, SEEK_SET) == (off_t) (-1)) + { + return -1; + } + if (read(fd, buf, len) < 0) + { + return -1; + } + return 0; +} + +static int sh_kern_read_data (int fd, unsigned long addr, + unsigned char * buf, size_t len) +{ + size_t moff, roff; + size_t sz; + char * kmap; + + /* first, try read() + */ + if (0 == sh_kern_kmem_read (fd, addr, buf, len)) + return 0; + + /* next, try mmap() + */ + sz = getpagesize(); /* unistd.h */ + + moff = ((size_t)(addr/sz)) * sz; /* lower page boundary */ + roff = addr - moff; /* off relative to lower address of mmapped area */ + + kmap = mmap(0, len+sz, PROT_READ, MAP_PRIVATE, fd, moff);/* sys/mman.h */ + + if (kmap == MAP_FAILED) + { + return -1; + } + memcpy (buf, &kmap[roff], len); + return munmap(kmap, len+sz); +} + +int sh_kern_check_internal () +{ + static int is_init = 0; + int kd; + int res; + pid_t mpid; + int mpipe[2]; + int i, j, status = 0; + /* unsigned int kaddr; */ + unsigned long kmem_call_table[512]; + +#ifdef SH_PROC_CHECK + struct inode_operations proc_root_inode; + struct proc_dir_entry proc_root_dir; +#endif + +#ifdef SH_SYSCALL_CODE + unsigned int kmem_code_table[512][2]; +#endif +#ifdef SH_IDT_TABLE + unsigned char buf[6]; + unsigned short idt_size; + unsigned long idt_addr; + /* int k, curr_keep = 0; */ + unsigned short idt_offset_lo, idt_offset_hi, idt_selector; + unsigned char idt_reserved, idt_flag; + unsigned short sh_idt_offset_lo, sh_idt_offset_hi, sh_idt_selector; + unsigned char sh_idt_reserved, sh_idt_flag; + int dpl; + unsigned long idt_iaddr; + int sh_dpl; + unsigned long sh_idt_iaddr; + char idt_type, sh_idt_type; +#endif + + unsigned char new_system_call_code[256]; + +#ifdef SH_USE_LKM + static int check_getdents = 0; + /* #ifdef __NR_getdents64 */ + static int check_getdents64 = 0; + /* #endif */ + static int copy_if_next = -1; + static int copy_if_next_64 = -1; +#endif + + unsigned long store0; + unsigned int store1, store2; + int datasize; + int mod_syscall_addr = 0; + int mod_syscall_code = 0; + UINT64 size_old = 0, size_new = 0; + UINT64 mtime_old = 0, mtime_new = 0; + UINT64 ctime_old = 0, ctime_new = 0; + char tmp[128]; + char msg[2*SH_BUFSIZE]; + char timstr_o[32]; + char timstr_n[32]; + char * p; + int k; + char * linkpath_old; + char * linkpath_new; + + int max_system_call = (SYS_CALL_LOC < 128) ? 128 : SYS_CALL_LOC; + + SL_ENTER(_("sh_kern_check_internal")); + + + if (is_init == 0) + { + if (sh.flag.checkSum != SH_CHECK_INIT && sh.flag.update != S_TRUE) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, + MSG_E_SUBGEN, + _("could not initialize - switching off"), + _("kern_check_internal") ); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + } + else if ((sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK) && + (sh.flag.update == S_TRUE)) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, status, + MSG_E_SUBGEN, + _("no or incomplete data in baseline database"), + _("kern_check_internal") ); + } + } + } + + /* + * kaddr is the address of the sys_call_table + */ + + if (kaddr == (unsigned int) -1) + { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("no address for sys_call_table - switching off"), + _("kern_check_internal") ); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + kd = aud_open(FIL__, __LINE__, SL_YESPRIV, _("/dev/kmem"), O_RDONLY, 0); + + if (kd < 0) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + _("error opening /dev/kmem"), + _("kern_check_internal") ); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + status = aud_pipe(FIL__, __LINE__, mpipe); + + if (status == 0) + { + mpid = aud_fork(FIL__, __LINE__); + + switch (mpid) + { + case -1: + status = -1; + break; + case 0: /* child */ + status = close(mpipe[0]); + setpgid(0, 0); + + /* Seek to the system call table (at kaddr) and read it into + * the kmem_call_table array + */ + if(status == 0) + { + retry_msleep (0, ShKernDelay); /* milliseconds */ + + if (sh_kern_read_data (kd, kaddr, + (unsigned char *) &kmem_call_table, + sizeof(kmem_call_table))) + { + status = -2; + } + } + +#ifdef SH_SYSCALL_CODE + /* + * Seek to the system call address (at sh_syscalls[j].addr) and + * read first 8 bytes into kmem_code_table[j][] (2 * unsigned int) + */ + if(status == 0) + { + memset(kmem_code_table, 0, sizeof(kmem_code_table)); + for (j = 0; j < SH_MAXCALLS; ++j) + { + + if (sh_syscalls[j].addr == 0UL) { + sh_syscalls[j].addr = kmem_call_table[j]; + } + + if (sh_syscalls[j].name == NULL || + sh_syscalls[j].addr == 0UL) + break; + + if ((sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK) && + (sh.flag.update == S_TRUE)) + { + sh_kern_read_data (kd, kmem_call_table[j], + (unsigned char *) &(kmem_code_table[j][0]), + 2 * sizeof(unsigned int)); + } + else + { + sh_kern_read_data (kd, sh_syscalls[j].addr, + (unsigned char *) &(kmem_code_table[j][0]), + 2 * sizeof(unsigned int)); + } + } + } +#endif + +#ifdef SH_IDT_TABLE + if(status == 0) + { + /* + * Get the address and size of Interrupt Descriptor Table, + * and read the content into sh_idt_table[] + */ + __asm__ volatile ("sidt %0": "=m" (buf)); + idt_size = *((unsigned short *) &buf[0]); + idt_addr = *((unsigned long *) &buf[2]); + idt_size = (idt_size + 1)/8; + + if (idt_size > SH_MAXIDT) + idt_size = SH_MAXIDT; + + memset(sh_idt_table, '\0', SH_MAXIDT*8); + sh_kern_read_data (kd, idt_addr, + (unsigned char *) sh_idt_table, idt_size*8); + } +#endif + + /* + * Seek to the system_call address (at system_call_addr) and + * read first 256 bytes into new_system_call_code[] + * + * system_call_addr is defined in the include file. + */ + if(status == 0) + { + sh_kern_read_data (kd, system_call_addr, + (unsigned char *) new_system_call_code, 256); + } + + + /* + * Seek to proc_root and read the structure. + * Seek to proc_root_inode_operations and get the structure. + */ +#ifdef SH_PROC_CHECK + if(status == 0) + { + sh_kern_read_data (kd, proc_root, + (unsigned char *) &proc_root_dir, + sizeof(proc_root_dir)); + sh_kern_read_data (kd, proc_root_iops, + (unsigned char *) &proc_root_inode, + sizeof(proc_root_inode)); + } +#endif + + if(status == 0) + { + status = + write(mpipe[1], &kmem_call_table, sizeof(kmem_call_table)); +#ifdef SH_SYSCALL_CODE + if(status > 0) + { + status = + write(mpipe[1], &kmem_code_table, sizeof(kmem_code_table)); + } +#endif +#ifdef SH_IDT_TABLE + if(status > 0) + { + status = + write(mpipe[1], &sh_idt_table, sizeof(sh_idt_table)); + } +#endif + if(status > 0) + { + status = + write(mpipe[1], new_system_call_code, 256); + } +#ifdef SH_PROC_CHECK + if(status > 0) + { + status = + write(mpipe[1], &proc_root_dir, sizeof(proc_root_dir)); + } + if(status > 0) + { + status = + write(mpipe[1], &proc_root_inode, sizeof(proc_root_inode)); + } +#endif + } + _exit( (status >= 0) ? 0 : status); + break; + + default: + close (mpipe[1]); + close (kd); + retry_msleep (0, ShKernDelay); /* milliseconds */ + if (sizeof(kmem_call_table) != + read(mpipe[0], &kmem_call_table, sizeof(kmem_call_table))) + status = -4; + else + status = 0; + +#ifdef SH_SYSCALL_CODE + if(status == 0) + { + if (sizeof(kmem_code_table) != + read(mpipe[0], &kmem_code_table, sizeof(kmem_code_table))) + status = -5; + else + status = 0; + } +#endif + +#ifdef SH_IDT_TABLE + if(status == 0) + { + memset(sh_idt_table, '\0', SH_MAXIDT*8); + if (sizeof(sh_idt_table) != + read(mpipe[0], &sh_idt_table, sizeof(sh_idt_table))) + status = -5; + else + status = 0; + } +#endif + + if(status == 0) + { + if (256 != read(mpipe[0], new_system_call_code, 256)) + status = -6; + else + status = 0; + } + +#ifdef SH_PROC_CHECK + if(status == 0) + { + if (sizeof(proc_root_dir) != + read(mpipe[0], &proc_root_dir, sizeof(proc_root_dir))) + status = -7; + else + status = 0; + } + if(status == 0) + { + if (sizeof(proc_root_inode) != + read(mpipe[0], &proc_root_inode, sizeof(proc_root_inode))) + status = -8; + else + status = 0; + } +#endif + + if (status < 0) + res = waitpid(mpid, NULL, WNOHANG|WUNTRACED); + else + { + res = waitpid(mpid, &status, WNOHANG|WUNTRACED); + if (res == 0 && 0 != WIFEXITED(status)) + status = WEXITSTATUS(status); + } + close (mpipe[0]); + if (res <= 0) + { + aud_kill(FIL__, __LINE__, mpid, 9); + waitpid(mpid, NULL, 0); + } + break; + } + } + + if ( status < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + _("error reading from /dev/kmem"), + _("kern_check_internal") ); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + /* Check the proc_root inode. + * + * This will detect adore-ng. + */ + if ( (unsigned int) *proc_root_inode.lookup != proc_root_lookup) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_KERN_PROC, + _("proc_root_inode_operations.lookup != proc_root_lookup")); + } + else if ( ( ((unsigned int) * &proc_root_dir.proc_iops) != proc_root_iops) + && (proc_root_dir.size != proc_root_iops)) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_KERN_PROC, + _("proc_root.proc_iops != proc_root_inode_operations")); + } + + /* Check the system_call syscall gate. + * + * Stored(old) is system_call_code[] + */ + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + store0 = 0; store1 = 0; store2 = 0; + datasize = sizeof(system_call_code); + sh_kern_db_syscall (0, _("system_call"), + new_system_call_code, &store0, &store1, &store2, + &datasize, 0); + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + for (i = 0; i < (max_system_call + 4); ++i) + { + if (system_call_code[i] != new_system_call_code[i]) + { +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("system_call"), 0); +#else + sl_snprintf(tmp, 128, "path=, ", + _("system_call"), 0); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + linkpath_old = SH_ALLOC(520); + linkpath_new = SH_ALLOC(520); + for (k = 0; k < 256; ++k) + { + p = sh_kern_charhex (system_call_code[k]); + linkpath_old[2*k] = p[0]; + linkpath_old[2*k+1] = p[1]; + linkpath_old[2*k+2] = '\0'; + } + for (k = 0; k < 256; ++k) + { + p = sh_kern_charhex (new_system_call_code[k]); + linkpath_new[2*k] = p[0]; + linkpath_new[2*k+1] = p[1]; + linkpath_new[2*k+2] = '\0'; + } +#ifdef SH_USE_XML + sl_strlcat(msg, _("link_old=\""), 2*SH_BUFSIZE); + sl_strlcat(msg, linkpath_old, 2*SH_BUFSIZE); + sl_strlcat(msg, _("\" link_new=\""), 2*SH_BUFSIZE); + sl_strlcat(msg, linkpath_new, 2*SH_BUFSIZE); + sl_strlcat(msg, _("\""), 2*SH_BUFSIZE); +#else + sl_strlcat(msg, _("link_old=<"), 2*SH_BUFSIZE); + sl_strlcat(msg, linkpath_old, 2*SH_BUFSIZE); + sl_strlcat(msg, _(">, link_new=<"), 2*SH_BUFSIZE); + sl_strlcat(msg, linkpath_new, 2*SH_BUFSIZE); + sl_strlcat(msg, _(">"), 2*SH_BUFSIZE); +#endif + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_GATE, + new_system_call_code[i], 0, + system_call_code[i], 0, + 0, _("system_call (interrupt handler)"), + msg); + + SH_FREE(linkpath_old); + SH_FREE(linkpath_new); + + for (j = 0; j < (max_system_call + 4); ++j) + system_call_code[j] = new_system_call_code[j]; + break; + } + } + } + + /* Check the individual syscalls + * + * Stored(old) is sh_syscalls[] array. + */ + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + store0 = kmem_call_table[i]; +#ifdef SH_SYSCALL_CODE + store1 = kmem_code_table[i][0]; store2 = kmem_code_table[i][1]; +#else + store1 = 0; store2 = 0; +#endif + sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + 0, 0); + } + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (sh_syscalls[i].name == NULL /* || sh_syscalls[i].addr == 0UL */) + break; + +#ifdef SH_USE_LKM + if (sh_syscalls[i].addr != kmem_call_table[i]) + { + if (check_getdents == 0 && + 0 == strcmp(_(sh_syscalls[i].name), _("sys_getdents"))) + { + check_getdents = 1; + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, + status, MSG_E_SUBGEN, + _("Modified kernel syscall (expected)."), + _(sh_syscalls[i].name) ); + copy_if_next = i; + sh_syscalls[i].addr = kmem_call_table[i]; + continue; + } + /* #ifdef __NR_getdents64 */ + else if (check_getdents64 == 0 && + 0 == strcmp(_(sh_syscalls[i].name), + _("sys_getdents64"))) + { + check_getdents64 = 1; + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, + status, MSG_E_SUBGEN, + _("Modified kernel syscall (expected)."), + _(sh_syscalls[i].name) ); + copy_if_next_64 = i; + sh_syscalls[i].addr = kmem_call_table[i]; + continue; + } + /* #endif */ + else + { + size_old = sh_syscalls[i].addr; + size_new = kmem_call_table[i]; + mod_syscall_addr = 1; + /* + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_POLICY, + kmem_call_table[i], + sh_syscalls[i].addr, + i, _(sh_syscalls[i].name) + ); + */ + } + sh_syscalls[i].addr = kmem_call_table[i]; + } +#else + if (sh_syscalls[i].addr != kmem_call_table[i]) + { + size_old = sh_syscalls[i].addr; + size_new = kmem_call_table[i]; + mod_syscall_addr = 1; + /* + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_POLICY, + kmem_call_table[i], + sh_syscalls[i].addr, + i, _(sh_syscalls[i].name) + ); + */ + sh_syscalls[i].addr = kmem_call_table[i]; + } +#endif + + + /* Check the code at syscall address + * + * Stored(old) is sh_syscalls[] + */ +#ifdef SH_SYSCALL_CODE + if ( (mod_syscall_addr == 0) && + ((sh_syscalls[i].code[0] != kmem_code_table[i][0]) || + (sh_syscalls[i].code[1] != kmem_code_table[i][1])) + ) + { + mtime_old = sh_syscalls[i].code[0]; + mtime_new = kmem_code_table[i][0]; + ctime_old = sh_syscalls[i].code[1]; + ctime_new = kmem_code_table[i][1]; + mod_syscall_code = 1; + +#ifdef SH_USE_LKM + if (i == copy_if_next) + { + mod_syscall_code = 0; + copy_if_next = -1; + } + if (i == copy_if_next_64) + { + mod_syscall_code = 0; + copy_if_next_64 = -1; + } +#endif + + /* + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_POL_CO, + kmem_code_table[i][0], kmem_code_table[i][1], + sh_syscalls[i].code[0], sh_syscalls[i].code[1], + i, _(sh_syscalls[i].name) + ); + */ + sh_syscalls[i].code[0] = kmem_code_table[i][0]; + sh_syscalls[i].code[1] = kmem_code_table[i][1]; + } +#endif + /* + * Build the error message, if something has been + * detected. + */ + if ((mod_syscall_addr != 0) || (mod_syscall_code != 0)) + { +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("syscall"), i); +#else + sl_snprintf(tmp, 128, "path=, ", + _("syscall"), i); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + if (mod_syscall_addr != 0) + { + sl_snprintf(tmp, 128, sh_hash_size_format(), + size_old, size_new); + sl_strlcat(msg, tmp, SH_BUFSIZE); + } + if (mod_syscall_code != 0) + { + sl_strlcpy (timstr_o, sh_unix_gmttime (ctime_old), 32); + sl_strlcpy (timstr_n, sh_unix_gmttime (ctime_new), 32); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("ctime_old=\"%s\" ctime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("ctime_old=<%s>, ctime_new=<%s>, "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + sl_strlcpy (timstr_o, sh_unix_gmttime (mtime_old), 32); + sl_strlcpy (timstr_n, sh_unix_gmttime (mtime_new), 32); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("mtime_old=\"%s\" mtime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("mtime_old=<%s>, mtime_new=<%s> "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + } + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_SYSCALL, + i, _(sh_syscalls[i].name), msg); + mod_syscall_addr = 0; + mod_syscall_code = 0; + } + } + } + +#ifdef SH_IDT_TABLE + if (ShKernIDT == S_TRUE) + { + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + datasize = 8; + for (j = 0; j < SH_MAXIDT; ++j) + { + sh_kern_db_syscall (j, _("idt_table"), + &sh_idt_table[j*8], + &store0, &store1, &store2, + &datasize, 0); + } + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + /* Check the Interrupt Descriptor Table + * + * Stored(old) is idt_table[] + */ + for (j = 0; j < SH_MAXIDT; ++j) + { + i = j * 8; + + sh_idt_offset_lo = *((unsigned short *) &sh_idt_table[i]); + sh_idt_selector = *((unsigned short *) &sh_idt_table[i+2]); + sh_idt_reserved = (unsigned char) sh_idt_table[i+4]; + sh_idt_flag = (unsigned char) sh_idt_table[i+5]; + sh_idt_offset_hi = *((unsigned short *) &sh_idt_table[i+6]); + sh_idt_iaddr = (unsigned long)(sh_idt_offset_hi << 16) + + sh_idt_offset_lo; + + if (sh_idt_iaddr == 0) + { + sh_idt_table[i+2] = '\0'; + sh_idt_table[i+3] = '\0'; + sh_idt_table[i+5] = '\0'; + + idt_offset_lo = *((unsigned short *) &idt_table[i]); + idt_offset_hi = *((unsigned short *) &idt_table[i+6]); + idt_iaddr = (unsigned long)(idt_offset_hi << 16) + + idt_offset_lo; + if (idt_iaddr == 0) + { + idt_table[i+2] = '\0'; + idt_table[i+3] = '\0'; + idt_table[i+5] = '\0'; + } + + } + + if (memcmp(&sh_idt_table[i], &idt_table[i], 8) != 0) + { + + idt_offset_lo = *((unsigned short *) &idt_table[i]); + idt_selector = *((unsigned short *) &idt_table[i+2]); + idt_reserved = (unsigned char) idt_table[i+4]; + idt_flag = (unsigned char) idt_table[i+5]; + idt_offset_hi = *((unsigned short *) &idt_table[i+6]); + idt_iaddr = (unsigned long)(idt_offset_hi << 16) + + idt_offset_lo; + + if (idt_iaddr != 0) + { + if (idt_flag & 64) { dpl = 3; } + else { dpl = 0; } + if (idt_flag & 1) { + if (dpl == 3) idt_type = 'S'; + else idt_type = 'T'; } + else { idt_type = 'I'; } + } + else { dpl = -1; idt_type = 'U'; } + + if (sh_idt_iaddr != 0) + { + if (sh_idt_flag & 64) { sh_dpl = 3; } + else { sh_dpl = 0; } + if (sh_idt_flag & 1) { + if (sh_dpl == 3) sh_idt_type = 'S'; + else sh_idt_type = 'T'; } + else { sh_idt_type = 'I'; } + } + else { sh_dpl = -1; sh_idt_type = 'U'; } + +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("idt_table"), j); +#else + sl_snprintf(tmp, 128, "path= ", + _("idt_table"), j); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + linkpath_old = SH_ALLOC(32); + linkpath_new = SH_ALLOC(32); + for (k = 0; k < 8; ++k) + { + p = sh_kern_charhex (idt_table[i+k]); + linkpath_old[2*k] = p[0]; + linkpath_old[2*k+1] = p[1]; + linkpath_old[2*k+2] = '\0'; + } + for (k = 0; k < 8; ++k) + { + p = sh_kern_charhex (sh_idt_table[i+k]); + linkpath_new[2*k] = p[0]; + linkpath_new[2*k+1] = p[1]; + linkpath_new[2*k+2] = '\0'; + } +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("link_old=\"%s\" link_new=\"%s\" "), + linkpath_old, linkpath_new); +#else + sl_snprintf(tmp, 128, + _("link_old=<%s> link_new=<%s> "), + linkpath_old, linkpath_new); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_IDT, + j, + sh_idt_iaddr, sh_strseg(sh_idt_selector), + (int) sh_dpl, sh_idt_type, + idt_iaddr, sh_strseg(idt_selector), + (int) dpl, idt_type, msg); + + SH_FREE(linkpath_old); + SH_FREE(linkpath_new); + + memcpy(&idt_table[i], &sh_idt_table[i], 8); + } + } + } + } +#endif + + SL_RETURN( (0), _("sh_kern_check_internal")); +} +/* ifdef HOST_IS_LINUX */ +#else + +#include +#include +#include + +/* not OpenBSD */ +#if defined(HOST_IS_FREEBSD) +#include +#endif + +#include +#ifndef SYS_MAXSYSCALL +#define SYS_MAXSYSCALL 512 +#endif + +#ifdef __OpenBSD__ +struct proc; +struct sysent { + short sy_narg; + short sy_argsize; + int (*sy_call)(struct proc *, void *, register_t *); +}; +#endif + +int sh_kern_data_init () +{ + unsigned long store0 = 0; + unsigned int store1 = 0, store2 = 0; + int datasize, i; + char * databuf = NULL; + + /* syscall address and code + */ + for (i = 0; i < SH_MAXCALLS; ++i) + { + databuf = sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + &datasize, 1); + sh_syscalls[i].addr = store0; + if (databuf != NULL) { SH_FREE(databuf); } + if (store0 == 0) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("syscall address not found in database"), + _("sh_kern_data_init")); + return -1; + } + + sh_syscalls[i].code[0] = (unsigned int) store1; + sh_syscalls[i].code[1] = (unsigned int) store2; + if ((store1 == 0) || (store2 == 0)) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("syscall code not found in database"), + _("sh_kern_data_init")); + return -1; + } + + } + + return 0; +} + +int sh_kern_check_internal () +{ + struct sysent sy; + kvm_t * kd; + int i; + int status = -1; + char errbuf[_POSIX2_LINE_MAX+1]; + struct nlist * sys_list; + struct nlist list[2]; + + unsigned long offset = 0L; + unsigned int syscall_code[2]; /* 8 bytes */ + unsigned long syscall_addr; + + unsigned long store0 = 0; + unsigned int store1 = 0, store2 = 0; + + UINT64 size_old = 0, size_new = 0; + UINT64 mtime_old = 0, mtime_new = 0; + UINT64 ctime_old = 0, ctime_new = 0; + char tmp[128]; + char msg[2*SH_BUFSIZE]; + char timstr_o[32]; + char timstr_n[32]; + + static int is_init = 0; + + SL_ENTER(_("sh_kern_check_internal")); + + if (is_init == 0) + { + if (sh.flag.checkSum != SH_CHECK_INIT && sh.flag.update != S_TRUE) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, + MSG_E_SUBGEN, + _("could not initialize - switching off"), + _("kern_check_internal") ); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + } + else if ((sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK) && + (sh.flag.update == S_TRUE)) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, + MSG_E_SUBGEN, + _("no or incomplete data in baseline database"), + _("kern_check_internal") ); + } + } + } + + /* defined, but not used + */ + ShKernDelay = 0; + + list[0].n_name = "_sysent"; + list[1].n_name = NULL; + + kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + if (!kd) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + errbuf, + _("kvm_openfiles") ); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + i = kvm_nlist(kd, list); + if (i == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_nlist (_sysent)") ); + kvm_close(kd); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + sys_list = SH_ALLOC((SYS_MAXSYSCALL+1) * sizeof(struct nlist)); + + for (i = 0; i < SH_MAXCALLS; ++i) + sys_list[i].n_name = sh_syscalls[i].name; + sys_list[SH_MAXCALLS].n_name = NULL; + + i = kvm_nlist(kd, sys_list); + if (i == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_nlist (syscalls)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + else if (i > 0) + { + sl_snprintf(tmp, 128, + _("%d invalid syscalls"), i); + /* + for (i = 0; i < SH_MAXCALLS; ++i) { + if (sys_list[i].n_type == 0 && sys_list[i].n_value == 0) + fprintf(stderr, "invalid: [%3d] %s\n", i, sh_syscalls[i].name); + } + */ + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + tmp, + _("kvm_nlist (syscalls)") ); + } + + /* Check the individual syscalls + * + * Stored(old) is sh_syscalls[] array. + */ + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (sh_syscalls[i].name == NULL) + { + sl_snprintf(tmp, 128, + _("too few entries in sh_syscalls[]: have %d, expect %d"), + i, SH_MAXCALLS); + + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + tmp, + _("sh_kern_check_internal") ); + break; + } + + /* read address of syscall from sysent table + */ + offset = list[0].n_value + (i*sizeof(struct sysent)); + if (kvm_read(kd, offset, &sy, sizeof(struct sysent)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall table)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + syscall_addr = (unsigned long) sy.sy_call; + store0 = syscall_addr; + + /* read the syscall code + */ + if(kvm_read(kd, (unsigned int) sy.sy_call, &(syscall_code[0]), + 2 * sizeof(unsigned int)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall code)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + store1 = syscall_code[0]; store2 = syscall_code[1]; + + sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + 0, 0); + } + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (sh_syscalls[i].name == NULL) + { + sl_snprintf(tmp, 128, + _("too few entries in sh_syscalls[]: have %d, expect %d"), + i, SH_MAXCALLS); + + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + tmp, + _("sh_kern_check_internal") ); + break; + } + + /* read address of syscall from sysent table + */ + offset = list[0].n_value + (i*sizeof(struct sysent)); + if (kvm_read(kd, offset, &sy, sizeof(struct sysent)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall table)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + syscall_addr = (unsigned long) sy.sy_call; + + if (sh_syscalls[i].addr != syscall_addr) + { +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("syscall"), i); +#else + sl_snprintf(tmp, 128, "path=, ", + _("syscall"), i); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + size_old = sh_syscalls[i].addr; + size_new = syscall_addr; + sl_snprintf(tmp, 128, sh_hash_size_format(), + size_old, size_new); + sl_strlcat(msg, tmp, SH_BUFSIZE); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_SYSCALL, + /* + syscall_addr, + sh_syscalls[i].addr, + */ + i, _(sh_syscalls[i].name), + msg); + sh_syscalls[i].addr = syscall_addr; + } + else + { + /* read the syscall code + */ + if(kvm_read(kd, (unsigned int) sy.sy_call, &(syscall_code[0]), + 2 * sizeof(unsigned int)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall code)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + if (sh_syscalls[i].code[0] != syscall_code[0] || + sh_syscalls[i].code[1] != syscall_code[1]) + { + mtime_old = sh_syscalls[i].code[0]; + mtime_new = syscall_code[0]; + ctime_old = sh_syscalls[i].code[1]; + ctime_new = syscall_code[1]; + +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("syscall"), i); +#else + sl_snprintf(tmp, 128, "path=, ", + _("syscall"), i); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + sl_strlcpy (timstr_o, sh_unix_gmttime (ctime_old), 32); + sl_strlcpy (timstr_n, sh_unix_gmttime (ctime_new), 32); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("ctime_old=\"%s\" ctime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("ctime_old=<%s>, ctime_new=<%s>, "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + sl_strlcpy (timstr_o, sh_unix_gmttime (mtime_old), 32); + sl_strlcpy (timstr_n, sh_unix_gmttime (mtime_new), 32); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("mtime_old=\"%s\" mtime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("mtime_old=<%s>, mtime_new=<%s> "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_SYSCALL, + /* + syscall_code[0], syscall_code[1], + sh_syscalls[i].code[0], sh_syscalls[i].code[1], + */ + i, _(sh_syscalls[i].name), + msg); + sh_syscalls[i].code[0] = syscall_code[0]; + sh_syscalls[i].code[1] = syscall_code[1]; + } + } + } + } + SH_FREE(sys_list); + if(kvm_close(kd) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_close") ); + exit(EXIT_FAILURE); + } + + SL_RETURN( (0), _("sh_kern_check_internal")); +} + +#endif + +/************* + * + * module init + * + *************/ +#if defined(HOST_IS_LINUX) +#include +#endif + +static int AddressReconf = 0; + +int sh_kern_init () +{ +#if defined(HOST_IS_LINUX) + struct utsname buf; + char * str; +#endif + + SL_ENTER(_("sh_kern_init")); + if (ShKernActive == S_FALSE) + SL_RETURN( (-1), _("sh_kern_init")); + +#if defined(HOST_IS_LINUX) + uname(&buf); + + if ((AddressReconf < 5) && (0 != strcmp(SH_KERNEL_VERSION, buf.release))) + { + str = SH_ALLOC(256); + sl_snprintf(str, 256, + "Compiled for kernel %s, but current kernel is %s, and kernel addresses have not been re-configured", + SH_KERNEL_VERSION, buf.release); + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, + str, + _("kern_check") ); + SH_FREE(str); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_init")); + } +#endif + + lastcheck = time (NULL); + if (sh.flag.checkSum != SH_CHECK_INIT) + { + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Checking kernel syscalls"), + _("kern_check") ); + } + sh_kern_check_internal (); + SL_RETURN( (0), _("sh_kern_init")); +} + +/************* + * + * module cleanup + * + *************/ +int sh_kern_end () +{ + return (0); +} + + +/************* + * + * module timer + * + *************/ +int sh_kern_timer (time_t tcurrent) +{ + if (ShKernActive == S_FALSE) + return 0; + + if ((int) (tcurrent - lastcheck) >= ShKernInterval) + { + lastcheck = tcurrent; + return (-1); + } + return 0; +} + +/************* + * + * module check + * + *************/ +int sh_kern_check () +{ + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, + _("Checking kernel syscalls"), + _("kern_check") ); + return (sh_kern_check_internal ()); +} + +/************* + * + * module setup + * + *************/ + +int sh_kern_set_severity (char * c) +{ + char tmp[32]; + tmp[0] = '='; tmp[1] = '\0'; + sl_strlcat (tmp, c, 32); + sh_error_set_level (tmp, &ShKernSeverity); + return 0; +} + +int sh_kern_set_timer (char * c) +{ + long val; + + SL_ENTER(_("sh_kern_set_timer")); + + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("kern timer"), c); + + val = (val <= 0 ? 60 : val); + + ShKernInterval = (time_t) val; + SL_RETURN( 0, _("sh_kern_set_timer")); +} + +int sh_kern_set_activate (char * c) +{ + int i; + SL_ENTER(_("sh_kern_set_activate")); + i = sh_util_flagval(c, &ShKernActive); + SL_RETURN(i, _("sh_kern_set_activate")); +} + +int sh_kern_set_idt (char * c) +{ + int i; + SL_ENTER(_("sh_kern_set_idt")); + i = sh_util_flagval(c, &ShKernIDT); + SL_RETURN(i, _("sh_kern_set_idt")); +} + +int sh_kern_set_sc_addr (char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_sc_addr")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_sc_addr")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_sc_addr")); + } + system_call_addr = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_sc_addr")); +} + +int sh_kern_set_sct_addr (char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_sct_addr")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_sct_addr")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_sct_addr")); + } + kaddr = (unsigned int) value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_sct_addr")); +} + +int sh_kern_set_proc_root (char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_proc_root")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_proc_root")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_proc_root")); + } + + proc_root = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_proc_root")); +} + +int sh_kern_set_proc_root_iops (char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_proc_root_iops")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_iops")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_iops")); + } + + proc_root_iops = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_proc_root_iops")); +} + +int sh_kern_set_proc_root_lookup (char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_proc_root_lookup")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_lookup")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_lookup")); + } + proc_root_lookup = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_proc_root_lookup")); +} + +#endif + +/* #ifdef SH_USE_UTMP */ +#endif + + + Index: branches/samhain-2_2-branch/src/sh_mail.c =================================================================== --- branches/samhain-2_2-branch/src/sh_mail.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_mail.c (revision 66) @@ -0,0 +1,2259 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(SH_WITH_MAIL) + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + + +#ifdef HAVE_MEMORY_H +#include +#endif + +#include "samhain.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_tiger.h" +#include "sh_mail.h" +#include "sh_utils.h" +#include "sh_fifo.h" +#include "sh_tools.h" + +#undef FIL__ +#define FIL__ _("sh_mail.c") +#undef GOOD +#undef BAD + +static int failedMail = SL_FALSE; + +/* MX Resolver Struct + */ +typedef struct mx_ { + int pref; + char * address; +} mx; + +typedef struct dnsrep_ { + int count; + mx * reply; +} dnsrep; + +static int free_mx (dnsrep * answers); +static dnsrep * return_mx (char *domain); + +/********************************************* + * utility function for verifying mails + *********************************************/ + +typedef struct mail_trail_struct { + char trail_id[2*SH_MINIBUF]; + char trail_key[KEY_LEN+1]; + struct mail_trail_struct * next; +} mail_trail_type; + +static mail_trail_type * mail_trail = NULL; + +int sh_mail_sigverify (const char * s) +{ + SL_TICKET fd; + long i; + char * buf; + char * bufc; + char key[81]; + char number[2*SH_MINIBUF]; + char audit_id[2 * SH_MINIBUF]; + long numsig; + char key2[KEY_LEN+1]; + + char * theSig; + + mail_trail_type * mail_trail_ptr = NULL; + + sh_error_logoff(); + + ASSERT((s != NULL && sl_strlen(s) < PATH_MAX), + _("(s != NULL && sl_strlen(s) < PATH_MAX)")); + + if (s == NULL || sl_strlen(s) >= PATH_MAX) + _exit (EXIT_FAILURE); + + /* open the file, then check it + */ + if (0 != sl_is_suid()) + { + fprintf(stderr, _("Cannot open file %s in suid mode\n"), s); + _exit (EXIT_FAILURE); + } + if ( SL_ISERROR(fd = sl_open_read (s, SL_NOPRIV))) + { + fprintf(stderr, _("Could not open file %s\n"), s); + _exit (EXIT_FAILURE); + } + + buf = SH_ALLOC( (size_t)(SH_BUFSIZE+1)); + bufc = SH_ALLOC( (size_t)(SH_MAXBUF+1)); + + while (1 == 1) + { + buf[0] = '\0'; + bufc[0] = '\0'; + + /* find start of next message + */ + while (0 != sl_strncmp(buf, _("-----BEGIN MESSAGE-----"), + sizeof("-----BEGIN MESSAGE-----")-1)) + { + (void) sh_unix_getline (fd, buf, SH_BUFSIZE); + if (buf[0] == '\0') + { + /* End of mailbox reached, exit. + */ + (void) fflush(stdout); + _exit (EXIT_SUCCESS); + + /* Fix for AIX cc complaint. + */ + /*@notreached@*/ + return 0; + } + } + + /* Read message, compress into bufc. + */ + while (1 == 1) + { + (void) sh_unix_getline (fd, buf, SH_BUFSIZE); + if (0 == sl_strncmp(buf, _("-----BEGIN SIGNATURE-----"), + sizeof("-----BEGIN SIGNATURE-----")-1)) + break; + if (buf[0] == '\0') + _exit (EXIT_FAILURE); + (void) sh_util_compress(bufc, buf, SH_MAXBUF-KEY_LEN); + } + + /* get signature and number + */ + (void) sh_unix_getline (fd, key, (int)sizeof(key)); + key[KEY_LEN] = '\0'; + + (void) sh_unix_getline (fd, number, (int)sizeof(number)); + number[(2*SH_MINIBUF) - 2] = '\0'; + numsig = atol (number); + (void) sl_strlcpy (audit_id, &number[7], 2*SH_MINIBUF); + + fprintf(stderr, _("Message %06ld Trail %s\n"), + numsig, /*@-usedef@*/ audit_id /*@+usedef@*/); + + mail_trail_ptr = mail_trail; + while (mail_trail_ptr) + { + if (0 == sl_strcmp(mail_trail_ptr->trail_id, audit_id)) + break; + mail_trail_ptr = mail_trail_ptr->next; + } + + if (!mail_trail_ptr) + { + if (numsig > 0) + { + fprintf (stderr, _("ERROR (no key -- cannot check)\n")); + continue; + } + else + { + mail_trail_ptr = SH_ALLOC (sizeof(mail_trail_type)); + mail_trail_ptr->next = mail_trail; + mail_trail = mail_trail_ptr; + (void) sl_strlcpy (mail_trail_ptr->trail_id, + audit_id, 2*SH_MINIBUF); + } + } + else if (numsig == 0) + { + fprintf (stderr, _("ERROR (repeated audit trail)\n")); + continue; + } + + + if (numsig == 0) + { + sh_util_encode(key, bufc, 1, 'A'); + (void) sl_strlcpy (mail_trail_ptr->trail_key, key, KEY_LEN+1); + fprintf (stderr, _("(unchecked)\n")); + } + else + { + /* iterate key + */ + (void) sl_strlcpy(key2, mail_trail_ptr->trail_key, KEY_LEN+1); + for (i = 0; i < numsig; ++i) + { + (void) sl_strlcpy (key2, + sh_tiger_hash (key2, TIGER_DATA, KEY_LEN), + KEY_LEN+1); + } + + + theSig = sh_util_siggen (key2, bufc, sl_strlen(bufc)); + if (sl_strncmp (key, + theSig, + KEY_LEN) != 0) + { + fprintf (stderr, _("(FAILED)\n")); + } + else + { + fprintf (stderr, _("(passed)\n")); + } + + } + + } /* end scan mailbox */ + + /*@notreached@*/ +} + +#define SH_FILT_NUM 32 +#define SH_FILT_OR 0 +#define SH_FILT_AND 1 +#define SH_FILT_NOT 2 +#define SH_FILT_INIT { 0, { NULL }, 0, { NULL }, 0, { NULL }} + +typedef struct _sh_filter_type +{ + int for_c; + char * for_v[SH_FILT_NUM]; + int fand_c; + char * fand_v[SH_FILT_NUM]; + int fnot_c; + char * fnot_v[SH_FILT_NUM]; + +} sh_filter_type; + +static +int sh_filter_filteradd (const char * argstring, + sh_filter_type * filter, int ftype) +{ + int i = 0; + int flag = 0; + size_t s; + + char * dup; + char * p; + char * end; + int * ntok; + char ** stok; + + SL_ENTER(_("sh_filter_filteradd")); + + if (NULL == argstring) + { + SL_RETURN((-1), _("sh_filter_filteradd")); + } + + if (ftype == SH_FILT_OR) { + ntok = &(filter->for_c); + stok = filter->for_v; + } + else if (ftype == SH_FILT_AND) { + ntok = &(filter->fand_c); + stok = filter->fand_v; + } + else if (ftype == SH_FILT_NOT) { + ntok = &(filter->fnot_c); + stok = filter->fnot_v; + } + else { + SL_RETURN((-1), _("sh_filter_filteradd")); + } + + *ntok = 0; + + dup = sh_util_strdup(argstring); + p = dup; + + do + { + while (*p == ',' || *p == ' ' || *p == '\t') + ++p; + if (*p == '\0') + break; + + end = p; ++end; + if (*end == '\0') + break; + + if (*p == '\'') + { + ++p; end = p; ++end; + if (*p == '\0' || *end == '\0') + break; + while (*end != '\0' && *end != '\'') + ++end; + } + else if (*p == '"') + { + ++p; end = p; ++end; + if (*p == '\0' || *end == '\0') + break; + while (*end != '\0' && *end != '"') + ++end; + } + else + { + while (*end != '\0' && *end != ',' && *end != ' ' && *end != '\t') + ++end; + } + if (*end == '\0') + flag = 1; + else + *end = '\0'; + + s = strlen(p) + 1; + if (stok[i] != NULL) + SH_FREE(stok[i]); + stok[i] = SH_ALLOC(s); + (void) sl_strlcpy(stok[i], p, s); + + p = end; ++p; + + ++i; + if (i == SH_FILT_NUM) + break; + } + while (p != NULL && *p != '\0' && flag == 0); + + *ntok = i; + SH_FREE(dup); + + SL_RETURN (0, _("sh_filter_filteradd")); +} + +/* + * -- check filters + */ +static +int sh_filter_filter (const char * message, sh_filter_type * filter) +{ + int i; + int j = 0; + + SL_ENTER(_("sh_mail_filter")); + + /* Presence of any of these keywords prevents execution. + */ + if (filter->fnot_c > 0) + { + for (i = 0; i < filter->fnot_c; ++i) + { + if (NULL != sl_strstr(message, filter->fnot_v[i])) + { + SL_RETURN ((-1), _("sh_filter_filter")); + } + } + } + + /* Presence of all of these keywords is required for execution. + */ + if (filter->fand_c > 0) + { + j = 0; + + for (i = 0; i < filter->fand_c; ++i) + if (NULL != sl_strstr(message, filter->fand_v[i])) + ++j; + + if (j != filter->fand_c) + { + SL_RETURN ((-1), _("sh_filter_filter")); + } + } + + /* Presence of at least one of these keywords is required for execution. + */ + if (filter->for_c > 0) + { + for (i = 0; i < filter->for_c; ++i) + { + if (NULL != sl_strstr(message, filter->for_v[i])) + { + goto isok; + } + } + SL_RETURN ((-1), _("sh_filter_filter")); + } + + isok: + SL_RETURN ((0), _("sh_filter_filter")); +} + + +static sh_filter_type mail_filter = SH_FILT_INIT; + +/* + * -- add keywords to the OR filter + */ +int sh_mail_add_or (const char * str) +{ + return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR)); +} + +/* + * -- add keywords to the AND filter + */ +int sh_mail_add_and (const char * str) +{ + return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND)); +} + +/* + * -- add keywords to the NOT filter + */ +int sh_mail_add_not (const char * str) +{ + return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT)); +} + + +static char * address_list[8] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL +}; + +static int address_num = 0; +static int address_num_compiled = 0; +static int setaddress_compiled = S_FALSE; + +void reset_count_dev_mail(void) +{ + /* if not, then we still have the compiled-in address (if any), so we + * don' touch them + */ + if (address_num_compiled == -99) + address_num = 0; + return; +} + +int sh_mail_setaddress (const char * address) +{ + char * p; + + SL_ENTER(_("sh_mail_setaddress")); + + if (0 == strcmp(address, _("NULL"))) + SL_RETURN ( (0), _("sh_mail_setaddress")); + + if (address != NULL && address_num < (2 * SH_PATHBUF / 64 )) + { + if (address_num < (SH_PATHBUF / 64 )) + p = &sh.srvmail.name[address_num*64]; + else + p = &sh.srvmail.alt[address_num*64]; + + (void) sl_strlcpy (p, address, 64); + + if ((p == NULL) || ( sl_strlen(address) != sl_strlen(p))) + { + memset(p, (int)'\0', 64); + SL_RETURN ( (-1), _("sh_mail_setaddress")); + } + address_list[address_num] = p; +#if 0 + if (!sl_is_suid()) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + address_num, address_list[address_num])); + } +#endif + if (setaddress_compiled == S_TRUE) + { + ++address_num; + ++address_num_compiled; + } + else + { + if (address_num == address_num_compiled) + { + address_num = 0; + address_num_compiled = -99; + } + ++address_num; + } + SL_RETURN ( (0), _("sh_mail_setaddress")); + } + SL_RETURN ( (-1), _("sh_mail_setaddress")); +} + +int sh_mail_setaddress_int (const char * address) +{ + int i; + SL_ENTER(_("sh_mail_setaddress_int")); + setaddress_compiled = S_TRUE; + i = sh_mail_setaddress(address); + setaddress_compiled = S_FALSE; + SL_RETURN(i, _("sh_mail_setaddress_int")); +} + +int sh_mail_setNum (const char * str) +{ + int i = atoi (str); + + SL_ENTER(_("sh_mail_setNum")); + + if (i >= 0 && i < SH_FIFO_MAX) + sh.mailNum.alarm_interval = (time_t) i; + else + SL_RETURN ((-1), _("sh_mail_setNum")); + SL_RETURN( (0), _("sh_mail_setNum")); +} + + +static int all_in_one = S_FALSE; + +int sh_mail_setFlag (const char * str) +{ + int i; + SL_ENTER(_("sh_mail_setFlag")); + i = sh_util_flagval(str, &all_in_one); + SL_RETURN(i, _("sh_mail_setFlag")); +} + +static char * mail_subject = NULL; + +int set_mail_subject (const char * str) +{ + SL_ENTER(_("set_mail_subject")); + if (!str) + SL_RETURN( (-1), _("set_mail_subject")); + + if (mail_subject != NULL) + SH_FREE(mail_subject); + + if (0 == sl_strncmp(str, _("NULL"), 4)) + { + mail_subject = NULL; + SL_RETURN( 0, _("set_mail_subject")); + } + + mail_subject = sh_util_strdup(str); + SL_RETURN( (0), _("set_mail_subject")); +} + + +static SH_FIFO * fifo_mail = NULL; + +static +void sh_mail_emptystack (void) +{ + char * msg; + size_t len; + + SL_ENTER(_("sh_mail_emptystack")); + + if (fifo_mail == NULL) + SL_RET0(_("sh_mail_emptystack")); + + while (NULL != (msg = pop_list(fifo_mail))) + { + len = sl_strlen(msg); + memset(msg, 0, len); + SH_FREE(msg); + } + + SL_RET0(_("sh_mail_emptystack")); +} + +/* insert "\r\n" after each 998 char + */ +static char * split_string(char * str); + +int sh_mail_pushstack (/*@null@*/char * msg) +{ + char * p; + int retval = 0; + int status; + + SL_ENTER(_("sh_mail_pushstack")); + + if (msg == NULL || failedMail == SL_TRUE || sh.srvmail.name[0] == '\0') + SL_RETURN((0), (_("sh_mail_pushstack"))); + + if (0 != sh_filter_filter(msg, &mail_filter)) + SL_RETURN((0), (_("sh_mail_pushstack"))); + +#if 0 + if (msg != NULL && sl_strlen(msg) > 998) /* RFC 2822 */ + msg[998] = '\0'; +#endif + + p = split_string(msg); + + if (fifo_mail == NULL) + { + fifo_mail = SH_ALLOC(sizeof(SH_FIFO)); + fifo_init(fifo_mail); + } + + status = push_list (fifo_mail, p); + if (status >= 0) + ++sh.mailNum.alarm_last; + + SH_FREE(p); + + if (sh.mailNum.alarm_last >= sh.mailNum.alarm_interval) + { + BREAKEXIT(sh_mail_msg); + retval = sh_mail_msg (NULL); + } + + if (status == SH_FIFO_MAX) + retval = -2; + SL_RETURN(retval, (_("sh_mail_pushstack"))); +} + + +/* The mailer. + */ +static int sh_mail_end_conn (FILE * connfile); +static FILE * sh_mail_start_conn (int aFlag); + +static +void sh_mail_get_subject(char * message, + char * mheader, size_t len) +{ + st_format rep_serv_tab[] = { + { 'T', S_FMT_TIME, 0, 0, NULL}, + { 'H', S_FMT_STRING, 0, 0, NULL}, + { 'M', S_FMT_STRING, 0, 0, NULL}, + { 'S', S_FMT_STRING, 0, 0, NULL}, + {'\0', S_FMT_ULONG, 0, 0, NULL}, + }; + + char * p; + char * mptr; + char sev[8]; + + SL_ENTER(_("sh_mail_get_subject")); + + (void) sl_strlcpy(mheader, _("Subject: "), len); + if (NULL == strchr(mail_subject, '%')) + { + (void) sl_strlcat(mheader, mail_subject, len); + SL_RET0(_("sh_mail_get_subject")); + } + + + rep_serv_tab[0].data_ulong = (unsigned long) time(NULL); + rep_serv_tab[1].data_str = sh.host.name; + + /* fast forward to the important part + */ + mptr = sl_strstr(message, _("msg=")); + if (mptr) + { + mptr += 4; + rep_serv_tab[2].data_str = mptr; + } + else + rep_serv_tab[2].data_str = message; + + mptr = sl_strstr(message, _("sev=")); + if (mptr) + { + mptr += 5; + sev[0] = *mptr; ++mptr; + sev[1] = *mptr; ++mptr; + sev[2] = *mptr; ++mptr; + sev[3] = *mptr; ++mptr; + sev[4] = '\0'; + } + else + { + mptr = message; + sev[0] = *mptr; ++mptr; + sev[1] = *mptr; ++mptr; + sev[2] = *mptr; ++mptr; + sev[3] = *mptr; ++mptr; + if (*mptr == ' ') { + sev[4] = '\0'; + } else { + sev[4] = *mptr; ++mptr; + if (*mptr == ' ') { + sev[5] = '\0'; + } else { + sev[5] = *mptr; + sev[6] = '\0'; + } + } + } + rep_serv_tab[3].data_str = sev; + + + p = sh_util_formatted(mail_subject, rep_serv_tab); + (void) sl_strlcat(mheader, p, len); + SH_FREE(p); + SL_RET0(_("sh_mail_get_subject")); +} + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +static char * sh_mail_realloc (char * inbuf, size_t * insize, size_t increase) +{ + size_t newsize; + char * outbuf = inbuf; + + SL_ENTER(_("sh_mail_realloc")); + + if (sl_ok_adds((*insize), 1)) + { + newsize = (*insize) + 1; + + if (sl_ok_adds(newsize, increase)) + { + newsize += increase; + + outbuf = SH_ALLOC(newsize); + MLOCK(outbuf, newsize); + (void) sl_strlcpy(outbuf, inbuf, newsize); + + memset (inbuf, 0, (*insize)); + MUNLOCK(inbuf, (*insize)); + SH_FREE(inbuf); + + *insize = newsize; + } + } + + SL_RETURN( (outbuf), _("sh_mail_realloc")); +} + +int sh_mail_msg (/*@null@*/char * message) +{ + char subject[32+32+SH_MINIBUF+2+3+SH_PATHBUF]; + char mheader[32+32+SH_MINIBUF+2+3]; + + char * mailMsg; + char * popMsg; + int status = 0, errcount; + size_t wrlen; + int i; + int num_popped = 0; + int retval = -1; + + char * bufcompress; + static int failcount = 0; + static int isfirst = 1; + static int mailcount = 0; + FILE * connfile = NULL; + + struct sigaction old_act; + struct sigaction new_act; + + static time_t id_audit = 0; + static time_t fail_time = 0; + static time_t success_time = 0; + + static int ma_block = 0; + + SH_FIFO * fifo_temp = NULL; + + char * theSig; + char * theMsg = NULL; + + /* #define SH_MAILBUF (256) */ +#define SH_MAILBUF (8*4096) + + size_t msgbufsize = SH_MAILBUF; + size_t combufsize = SH_MAILBUF; + + SL_ENTER(_("sh_mail_msg")); + + if (ma_block == 1) + SL_RETURN( (0), _("sh_mail_msg")); + + /* Return if we cannot mail. + */ + if (failedMail == SL_TRUE) + SL_RETURN((-1), _("sh_mail_msg")); + + if (failedMail == SL_FALSE && address_list[0] == NULL) + { + TPT((0, FIL__, __LINE__, + _("msg=\n"))); + failedMail = SL_TRUE; + SL_RETURN((-1), _("sh_mail_msg")); + } + + if ( (success_time > 0) && (fail_time > 0) && + (time(NULL) - success_time) > 3600*SH_MAX_FAIL) + { + ma_block = 1; + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL, + _("mail"), address_list[0]); + ma_block = 0; + sh_mail_emptystack(); + sh.mailNum.alarm_last = 0; + failedMail = SL_TRUE; + SL_RETURN((-1), _("sh_mail_msg")); + } + + /* Try at most each hour. + */ + if ((fail_time > 0) && (time(NULL) - fail_time) < 3/*600*/) + { + if (failcount > 3) + { + /* -- Save for later. -- + */ + sh_mail_pushstack (message); + ++failcount; + + SL_RETURN((-1), _("sh_mail_msg")); + } + else + { + (void) retry_msleep(2, 0); + ++failcount; + } + } + + /* -- Reset time of last failure. -- + */ + fail_time = 0; + + /* -- Polling, empty queue. -- + */ + if (message == NULL && sh.mailNum.alarm_last == 0) + SL_RETURN((-1), _("sh_mail_msg")); + + /* -- Filtered. -- + */ + if (message != NULL && 0 != sh_filter_filter(message, &mail_filter)) + SL_RETURN((-1), (_("sh_mail_msg"))); + + + + /* --------- Build complete message. ------------------------ */ + + theMsg = split_string(message); + + /* ---------- Header ---------------------------------------- */ + + if (mail_subject == NULL) + { + (void) sl_strlcpy(mheader, _("Subject: "), sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh_unix_time (0), sizeof(mheader)-5); + (void) sl_strlcat(mheader, " ", sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh.host.name, sizeof(mheader)-5); + } + else + { + + if (message == NULL) + { + theMsg = pop_list(fifo_mail); + message = theMsg; + if (message) + --sh.mailNum.alarm_last; + } + + if (message) + { + sh_mail_get_subject(message, mheader, sizeof(mheader)-5); + } + else + { + (void) sl_strlcpy(mheader, _("Subject: "), sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh_unix_time (0), sizeof(mheader)-5); + (void) sl_strlcat(mheader, " ", sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh.host.name, sizeof(mheader)-5); + } + } + + /* RFC 821: Header is terminated by an empty line + */ + (void) sl_strlcat(mheader, "\015\012\015\012", sizeof(mheader)); + + /* ---------- Message --------------------------------------- */ + + (void) sl_strlcpy(subject, sh_unix_time (0), sizeof(subject)); + (void) sl_strlcat(subject, " ", sizeof(subject)); + (void) sl_strlcat(subject, sh.host.name, sizeof(subject)); + (void) sl_strlcat(subject, "\r\n", sizeof(subject)); + + + mailMsg = (char *) SH_ALLOC (msgbufsize); + bufcompress = (char *) SH_ALLOC (combufsize); + + MLOCK(mailMsg , msgbufsize); + MLOCK(bufcompress , combufsize); + + (void) sl_strlcpy(mailMsg, mheader, msgbufsize); + bufcompress[0] = '\0'; + + (void) sl_strlcat(mailMsg, _("-----BEGIN MESSAGE-----\r\n"), msgbufsize); + (void) sl_strlcat(mailMsg, subject, msgbufsize); + (void) sh_util_compress (bufcompress, subject, + (combufsize - KEY_LEN - 1)); + if (message != NULL) + { + if ((sl_strlen(theMsg) + sl_strlen(mailMsg) + 1) > + (msgbufsize-(4*KEY_LEN))) + { + mailMsg = sh_mail_realloc(mailMsg, + &msgbufsize, sl_strlen(theMsg)+2); + bufcompress = sh_mail_realloc(bufcompress, + &combufsize, sl_strlen(theMsg)); + } + (void) sl_strlcat(mailMsg, theMsg, msgbufsize-(4*KEY_LEN)); + (void) sl_strlcat(mailMsg, "\r\n", msgbufsize-(4*KEY_LEN)); + + (void) sh_util_compress (bufcompress, theMsg, combufsize-KEY_LEN-1); + } + + if (sh.mailNum.alarm_last > 0) + { + fifo_temp = SH_ALLOC (sizeof(SH_FIFO)); + fifo_init (fifo_temp); + + while ( NULL != (popMsg = pop_list(fifo_mail)) ) + { + (void) push_list (fifo_temp, popMsg); + + if ((sl_strlen(popMsg) + sl_strlen(mailMsg) + 1) > + (msgbufsize-(4*KEY_LEN))) + { + mailMsg = sh_mail_realloc(mailMsg, + &msgbufsize, + sl_strlen(popMsg)+2); + bufcompress = sh_mail_realloc(bufcompress, + &combufsize, + sl_strlen(popMsg)); + } + + (void) sl_strlcat(mailMsg, popMsg, msgbufsize-(4*KEY_LEN)); + (void) sl_strlcat(mailMsg, "\r\n", msgbufsize-(4*KEY_LEN)); + (void) sh_util_compress(bufcompress, popMsg, combufsize-KEY_LEN-1); + SH_FREE(popMsg); + --sh.mailNum.alarm_last; + ++num_popped; + } + } + + /* ------ signature block ------------------------------------ */ + + (void) sl_strlcat(mailMsg, _("-----BEGIN SIGNATURE-----\r\n"), msgbufsize); + + /* Generate new signature key. + */ + if (isfirst == 1) + { + BREAKEXIT(sh_util_keyinit); + (void) sh_util_keyinit (skey->mailkey_old, KEY_LEN+1); + } + + /* iterate the key + */ + (void) sl_strlcpy(skey->mailkey_new, + sh_tiger_hash (skey->mailkey_old, TIGER_DATA, KEY_LEN), + KEY_LEN+1); + + if (isfirst == 0) + { + /* Sign the message with the signature key. + */ + theSig = sh_util_siggen (skey->mailkey_new, + bufcompress, sl_strlen(bufcompress)); + (void) sl_strlcat (mailMsg, + theSig, + msgbufsize); + } + else + { + id_audit = time (NULL); + + /* reveal first signature key + */ + /* flawfinder: ignore */ + (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); + + BREAKEXIT(sh_util_encode); + /* flawfinder: ignore */ + sh_util_encode(skey->crypt, bufcompress, 0, 'A'); + + /* flawfinder: ignore */ + (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize); + /* flawfinder: ignore */ + memset (skey->crypt, 0, KEY_LEN); + isfirst = 0; + } + (void) sl_strlcat (mailMsg, "\r\n", msgbufsize); + + /* X(n) -> X(n-1) + */ + (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1); + + sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"), + mailcount, (long) id_audit, sh.host.name); + + (void) sl_strlcat (mailMsg, subject, msgbufsize); + ++mailcount; + + (void) sl_strlcat (mailMsg, _("-----END MESSAGE-----"), msgbufsize); + + + + /* ---------- Connect ---------------------------------------- */ + + + + /* -- Catch (ignore) 'broken pipe'. + */ + new_act.sa_handler = SIG_IGN; + sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ + + (void) sigaction (SIGPIPE, &new_act, &old_act); + + i = 0; + errcount = 0; + + if (all_in_one == S_FALSE) + { + while (address_list[i] != NULL && i < address_num) + { + connfile = sh_mail_start_conn (i); + + if (NULL != connfile) + { + wrlen = fwrite (mailMsg, 1, sl_strlen(mailMsg), + connfile); + wrlen -= sl_strlen(mailMsg); + if (wrlen == 0) + status = sh_mail_end_conn (connfile); + else + status = -1; + } + if (NULL == connfile || status != 0) + { + ma_block = 1; + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL, + _("mail"), address_list[i]); + ma_block = 0; + ++errcount; + ++sh.statistics.mail_failed; + } + else + { + ++sh.statistics.mail_success; + } + + if (connfile != NULL) + { + (void) fclose (connfile); + connfile = NULL; + } + ++i; + } + } + else + { + connfile = sh_mail_start_conn ( -9 ); + + if (NULL != connfile) + { + wrlen = fwrite (mailMsg, 1, sl_strlen(mailMsg), connfile); + wrlen -= sl_strlen(mailMsg); + if (wrlen == 0) + status = sh_mail_end_conn (connfile); + else + status = -1; + } + if (NULL == connfile || status != 0) + { + ma_block = 1; + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL, + _("mail"), address_list[0]); + ma_block = 0; + errcount = address_num; + ++sh.statistics.mail_failed; + } + else + { + ++sh.statistics.mail_success; + } + + if (connfile != NULL) + { + (void) fclose (connfile); + connfile = NULL; + } + } + + + memset (bufcompress, 0, combufsize); + MUNLOCK(bufcompress , combufsize); + SH_FREE(bufcompress); + + memset (mailMsg, 0, msgbufsize); + MUNLOCK(mailMsg , msgbufsize); + SH_FREE(mailMsg); + + /* --- Stay responsible for delivery in case of failure --- */ + + if (errcount == address_num && fifo_temp != NULL) + { + while ( (NULL != (popMsg = pop_list(fifo_temp))) ) + { + if (push_list (fifo_mail, popMsg) >= 0) + ++sh.mailNum.alarm_last; + SH_FREE(popMsg); + } + if (message != NULL) + { + if (fifo_mail == NULL) + { + fifo_mail = SH_ALLOC(sizeof(SH_FIFO)); + fifo_init(fifo_mail); + } + retval = push_list (fifo_mail, theMsg); + if (retval >= 0) + ++sh.mailNum.alarm_last; + if (retval == SH_FIFO_MAX) + retval = -2; + else + retval = -1; + } + } + else if (fifo_temp != NULL) + { + while ( (NULL != (popMsg = pop_list(fifo_temp))) ) + { + SH_FREE(popMsg); + } + } + if (fifo_temp != NULL) + SH_FREE(fifo_temp); + + /* + if (connfile != NULL) + fclose (connfile); + */ + + if (theMsg != NULL) + SH_FREE(theMsg); + + /* --- Reset signal. --- + */ + (void) sigaction (SIGPIPE, &old_act, NULL); + + if (errcount == address_num) + { + fail_time = time(NULL); + SL_RETURN((retval), _("sh_mail_msg")); + } + success_time = time(NULL); + failcount = 0; + + SL_RETURN((0), _("sh_mail_msg")); +} + + +/* + * + * SMTP CODE BELOW + * + * + */ + +#include +#ifdef HOST_IS_HPUX +#define _XOPEN_SOURCE_EXTENDED +#endif +#include +#include +#include +#include +#ifndef S_SPLINT_S +#include +#else +#define AF_INET 2 +#endif + +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" + +/* missing on HP-UX 10.20 */ +#ifndef IPPORT_SMTP +#define IPPORT_SMTP 25 +#endif + +static int sh_mail_wait(int code, FILE * m_socket); + +static char * relay_host = NULL; + +int sh_mail_set_relay (const char * str_s) +{ + SL_ENTER(_("sh_mail_set_relay")); + + if (str_s == NULL) + SL_RETURN( -1, _("sh_mail_set_relay")); + + if (relay_host != NULL) + { + SH_FREE (relay_host); + relay_host = NULL; + } + + if (0 == sl_strncmp(str_s, _("NULL"), 4)) + { + SL_RETURN( 0, _("sh_mail_set_relay")); + } + + relay_host = sh_util_strdup(str_s); + + SL_RETURN( 0, _("sh_mail_set_relay")); +} + +static char * mail_sender = NULL; + +int sh_mail_set_sender (const char *str) +{ + if (mail_sender != NULL) + { + SH_FREE (mail_sender); + mail_sender = NULL; + } + if (str != NULL) + { + mail_sender = sh_util_strdup (str); + } + if (mail_sender == NULL) + { + return -1; + } + return 0; +} + + +/************************* + * + * start connection + * for details on SMTP, see RFC 821 + */ + +static time_t time_wait = 300; + +static FILE * sh_mail_start_conn (int aFlag) +{ + char * address; + + int ecount; + + char this_address[256]; + char ma_machine[256]; + char ma_user[256]; + char error_msg[256]; + char error_call[SH_MINIBUF]; + int error_num = 0; + register int i, j, k; + FILE * connFile = NULL; + struct tm * my_tm; + time_t my_time; + char my_tbuf[128]; + + int fd; + + dnsrep * answers; + mx * result; + + SL_ENTER(_("sh_mail_start_conn")); + + time_wait = 300; + + if (aFlag >= 0) + address = address_list[aFlag]; + else + address = address_list[0]; + + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + aFlag, address)); + + /* ------- split adress ------------------ */ + + if (0 == strcmp(address, _("NULL"))) + { + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + if (strchr (address, '@') == NULL) { + (void) sl_strlcpy(ma_user, address, 256); + (void) sl_strlcpy(ma_machine, _("localhost"), 256); + } else { + i = 0; + while (i < 255 && address[i] != '@') { + ma_user[i] = address[i]; + ++i; + } + + /* adress[i] = '@' + */ + ma_user[i] = '\0'; + j = i + 1; k = i; i = 0; + while (i < 255 && address[i+j] != '\0') { + ma_machine[i] = address[i+j]; + ++i; + } + ma_machine[i] = '\0'; + if (address[k] != '@' || address[k+i+1] != '\0') + { + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + } + + + if (relay_host != NULL) + { + (void) sl_strlcpy (ma_machine, relay_host, sizeof(ma_machine)); + TPT((0, FIL__, __LINE__, _("msg=\n"), + ma_user, ma_machine)); + fd = connect_port (ma_machine, IPPORT_SMTP, + error_call, &error_num, error_msg, 256); + } + else + { + answers = return_mx (ma_machine); + if (answers) + { + result = answers->reply; + fd = -1; + for (i = 0; i < answers->count; ++i) + { + (void) sl_strlcpy(ma_machine, result[i].address, + sizeof(ma_machine)); + TPT((0, FIL__, __LINE__, + _("msg=\n"), + ma_user, ma_machine, result[i].pref)); + fd = connect_port (ma_machine, IPPORT_SMTP, + error_call, &error_num, error_msg, 256); + if (fd >= 0) + break; + } + (void) free_mx(answers); + } + else + { + (void) sl_strlcpy(error_call, _("return_mx"), SH_MINIBUF); + (void) sl_strlcpy(error_msg, _("The specified host is unknown: "), + 256); + (void) sl_strlcat(error_msg, ma_machine, 256); + fd = -1; + } + } + + + if (fd < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, error_num, + MSG_E_NET, error_msg, error_call, + _("email"), ma_machine); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + /* associate a FILE structure with it + */ + connFile = fdopen (fd, "r+"); + if (connFile == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) close(fd); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + + /* say HELO to the other socket + */ + if (0 == sh_mail_wait (220, connFile)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("Timeout on SMTP session init"), + _("sh_mail_start_conn"), + _("mail"), sh.host.name); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + (void) fflush(connFile); + + if (0 != is_numeric(sh.host.name)) + { + TPT(( 0, FIL__, __LINE__, _("msg=%c%c"), + sh.host.name, 13, 10)); + } + else + { + TPT(( 0, FIL__, __LINE__, _("msg=%c%c"), + sh.host.name, 13, 10)); + } + if (0 != is_numeric(sh.host.name)) + fprintf(connFile, _("HELO [%s]%c%c"), sh.host.name, 13, 10); + else + fprintf(connFile, _("HELO %s%c%c"), sh.host.name, 13, 10); + + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, connFile)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("HELO failed"), _("sh_mail_start_conn"), + _("mail"), sh.host.name); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + /* tell them who we are + */ + (void) sl_strlcpy (this_address, + mail_sender ? mail_sender : DEFAULT_SENDER, 256); + if (NULL == strchr(this_address, '@')) + { + (void) sl_strlcat (this_address, "@", 256); + if (0 != is_numeric(sh.host.name)) + (void) sl_strlcat (this_address, _("example.com"), 256); + else + (void) sl_strlcat (this_address, sh.host.name, 256); + } + + TPT(( 0, FIL__, __LINE__, _("msg=>%c%c"), + this_address, 13, 10)); + + (void) fflush(connFile); + /*@-usedef@*/ + fprintf(connFile, _("MAIL FROM:<%s>%c%c"), this_address, 13, 10); + /*@+usedef@*/ + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, connFile)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("MAIL FROM failed"), _("sh_mail_start_conn"), + _("mail"), this_address); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + /* tell them who to send mail to + */ + if (aFlag >= 0) + { + TPT(( 0, FIL__, __LINE__, _("msg=>%c%c"), + address, 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, _("RCPT TO:<%s>%c%c"), address, 13, 10); + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, connFile)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("RCPT TO failed"), _("sh_mail_start_conn"), + _("mail"), address); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + } + else + { + ecount = 0; + for (i = 0; i < address_num; ++i) + { + if (address_list[i] == NULL) /* paranoia */ + break; + TPT(( 0, FIL__, __LINE__, _("msg=>%c%c"), + address_list[i], 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, _("RCPT TO:<%s>%c%c"), address_list[i], 13, 10); + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, connFile)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("RCPT TO failed"), _("sh_mail_start_conn"), + _("mail"), address_list[i]); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + ++ecount; + } + } + if (ecount == address_num) + { + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + } + + /* Send the message + */ + TPT(( 0, FIL__, __LINE__, _("msg=%c%c"), 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, _("DATA%c%c"), 13, 10); + (void) fflush(connFile); + + if (0 == sh_mail_wait(354, connFile)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("DATA failed"), _("sh_mail_start_conn"), + _("mail"), address); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + + my_time = time(NULL); + my_tm = localtime(&my_time); + (void) strftime(my_tbuf, 127, _("%a, %d %b %Y %H:%M:%S %Z"), my_tm); + + TPT(( 0, FIL__, __LINE__, _("msg=%c%cTo: <%s>%c%cDate: %s>%c%c"), + this_address, 13, 10, address, 13, 10, my_tbuf, 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, + _("From: <%s>%c%c"\ + "To: <%s>%c%c"\ + "Date: %s%c%c"), + this_address, 13, 10, + address, 13, 10, + my_tbuf, 13, 10); + + SL_RETURN( connFile, _("sh_mail_start_conn")); +} + +/************************* + * + * end connection + * + */ + +static int sh_mail_end_conn (FILE * connFile) +{ + SL_ENTER(_("sh_mail_end_conn")); + + time_wait = 300; + + (void) fflush(connFile); + fprintf(connFile, _("%c%c.%c%c"), 13, 10, 13, 10); + (void) fflush(connFile); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + + if (0 != sh_mail_wait(250, connFile)) + { + (void) fflush(connFile); + fprintf(connFile, _("QUIT%c%c"), 13, 10); + (void) fflush(connFile); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + + SL_RETURN (0, _("sh_mail_end_conn")); + } + + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("QUIT failed"), _("sh_mail_end_conn"), + _("mail"), _("SMTP server")); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + + SL_RETURN ((-1), _("sh_mail_end_conn")); +} + + + +/**************************** + * + * Handle server replies + * + * + */ + +static jmp_buf wait_timeout; + +static void sh_mail_alarmhandle (int mysignal) +{ + /*@-noeffect@*/ + (void) mysignal; /* avoid compiler warning */ + /*@+noeffect@*/ + + longjmp(wait_timeout, 1); +} + +static int sh_mail_wait(int code, FILE * ma_socket) +{ + int rcode, g; + + char errmsg[128]; + + enum { + WAIT_CODE_START, + WAIT_CODE, + WAIT_NL, + WAIT_NL_CONT + } state; + + time_t waited_time; + + struct sigaction old_act; + volatile unsigned int old_alarm = 0; + + struct sigaction new_act; + sigset_t unblock; + + (void) sigemptyset(&unblock); + (void) sigaddset (&unblock, SIGALRM); + + new_act.sa_handler = sh_mail_alarmhandle; + (void) sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ + + SL_ENTER(_("mail_wait")); + + /* alarm was triggered + */ + if (setjmp(wait_timeout) != 0) + { + (void) alarm(0); + (void) sigaction (SIGALRM, &old_act, NULL); + (void) alarm(old_alarm); + (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL); + TPT((0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( 0, _("mail_wait")); + } + + waited_time = time(NULL); + + /* timeout after 5 minutes + */ + old_alarm = alarm(0); + (void) sigaction (SIGALRM, &new_act, &old_act); + (void) alarm((unsigned int) time_wait); + + rcode = 0; + state = WAIT_CODE_START; + + while (0 == feof(ma_socket) && 0 == ferror(ma_socket)) { + + if ( (g=fgetc(ma_socket)) == EOF) + { + (void) alarm(0); + (void) sigaction (SIGALRM, &old_act, NULL); + (void) alarm(old_alarm); + (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL); + TPT((0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( 0, _("mail_wait")); + } + + switch(state) { + + /* wait for start of a numerical code + */ + case WAIT_CODE_START: + if (0 != isspace(g)) + break; /* Skip white space */ + if (0 == isdigit(g)) + return 0; /* No leading number */ + rcode = g-(int)'0'; /* convert to number */ + state = WAIT_CODE; + break; + + /* wait for completion of numerical code + */ + case WAIT_CODE: + if (0 != isdigit(g)) { + rcode = rcode * 10 + (g-(int)'0'); /* next digit */ + break; + } + /*@+charintliteral@*/ + state = ((g == '-') ? WAIT_NL_CONT : WAIT_NL); + /*@-charintliteral@*/ + break; + + /* wait for newline, then return with status code + */ + case WAIT_NL: + /*@+charintliteral@*/ + if (g != '\n') + break; + /*@-charintliteral@*/ + (void) alarm(0); + (void) sigaction (SIGALRM, &old_act, NULL); + (void) alarm(old_alarm); + (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL); + + TPT((0, FIL__, __LINE__, + _("msg=\n"), + rcode, (int)(rcode/100), code, (int)(code/100) )); + g = ((int)(rcode/100) == (int)(code/100)) ? 1 : 0; + if (g != 1) + { + sl_snprintf(errmsg, sizeof(errmsg), + _("Bad response (%d), expected %d"), rcode, code); + + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + errmsg, _("sh_mail_wait"), + _("mail"), _("SMTP server")); + } + waited_time = time(NULL) - waited_time; + time_wait -= waited_time; + TPT((0, FIL__, __LINE__, + _("msg=\n"), + (int) time_wait)); + SL_RETURN( (g), _("mail_wait")) ; + + /* wait for continuation line + */ + /*@fallthrough@*//* no, but splint doesn't understand */ + case WAIT_NL_CONT: + /*@+charintliteral@*/ + if (g == '\n') + state = WAIT_CODE_START; /* There is a continuation line */ + /*@-charintliteral@*/ + break; + + default: + (void) alarm(0); + (void) sigaction (SIGALRM, &old_act, NULL); + (void) alarm(old_alarm); + (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL); + + TPT((0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( 0, _("mail_wait")); + + } + } + + (void) alarm(0); /* Disable alarm */ + (void) sigaction (SIGALRM, &old_act, NULL); + (void) alarm(old_alarm); + (void) sigprocmask(SIG_UNBLOCK, &unblock, NULL); + + TPT((0, FIL__, __LINE__, _("msg=\n"))); + + /* Failed, EOF or error on socket */ + SL_RETURN( 0, _("mail_wait")); +} + +/* -- function to insert "\r\n" after each 998 chars -- + */ + +#define SPLIT_AT 998 + +static char * split_string(char * str) +{ + size_t size; + size_t blocks; + int count = 0; + + char * p, * p0; + char * q; + + if (!str) + return NULL; + + size = strlen(str) + 1; + blocks = 1 + (size / SPLIT_AT); + + if (sl_ok_muls(2, blocks) && sl_ok_adds(size, (2*blocks))) + { + size = size + (2*blocks); + } + else + { + /* integer overflow, do not split */ + p = sh_util_strdup(str); + return p; + } + + p = SH_ALLOC(size); + memset(p, 0, size); + + p0 = p; + + q = str; + while (*q != '\0') { + *p = *q; + ++p; + ++q; + ++count; + if (0 == (count % SPLIT_AT)) { + count = 0; + *p = '\r'; + ++p; + *p = '\n'; + ++p; + } + } + /* fprintf(stderr, "used = %d\n", strlen(p0)); */ + + return p0; +} + + + +/***************************************************************** + * + * MX Resolver Routines + * + *****************************************************************/ + +#if defined(HAVE_ARPA_NAMESER_H) + +#include +#ifdef __APPLE__ +#define BIND_8_COMPAT 1 +#endif +#ifndef S_SPLINT_S +#include +#include +#endif +#include +#include +#ifndef S_SPLINT_S +#include +#endif + +#include "sh_tools.h" + +#ifndef HFIXEDSZ +#define HFIXEDSZ 12 +#endif +#ifndef QFIXEDSZ +#define QFIXEDSZ 4 +#endif + +/*@unused@*//* used in get_mx() which is not parsed by splint */ +static unsigned int get_short (unsigned char * loc) +{ + unsigned int retval = 0; + if (loc) + { + /* byte order: MSB first + */ + /*@+charint@*/ + retval = (((unsigned char) * loc) * 256) | ((unsigned char) * (loc + 1)); + /*@-charint@*/ + } + return (retval); +} + +/* parser errors with splint */ +#ifndef S_SPLINT_S +static dnsrep * get_mx (char *hostname) +{ + int ret, length, status; + mx * result; + size_t len; + + typedef union + { + HEADER head; + unsigned char buffer[4096]; + } querybuf; + + querybuf reply; + char expanded[1024]; + unsigned char * comp_dn, * eom; + HEADER * header; + int type, rdlength, pref; + unsigned int count, index; + dnsrep * retval; + + SL_ENTER(_("get_mx")); + + if (0 != res_init ()) + SL_RETURN (NULL, _("get_mx")); + + errno = 0; + length = res_query (hostname, C_IN, T_MX, + (unsigned char *) &reply, 4095); + if (length < 1) + { + /* error handling + */ + if (length == -1) + { + if (errno == ECONNREFUSED) + status = ECONNREFUSED; + else + status = h_errno; + +#ifdef FIL__ + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + (errno == ECONNREFUSED) ? + sh_error_message (status) : + sh_tools_errmessage(status), + _("res_query")); +#else + if (errno == ECONNREFUSED) + fprintf(stderr, " ERROR: %s: \n", strerror(errno)); + else + fprintf(stderr, "HERROR: %s\n", hstrerror(h_errno)); +#endif + } + SL_RETURN (NULL, _("get_mx")); + } + + ret = 0; + header = (HEADER *) &reply; + + /* start of data section + */ + comp_dn = (unsigned char *) &reply + HFIXEDSZ; + + /* end-of-message + */ + eom = (unsigned char *) &reply + length; + + /* HEADER NAME -- must be skipped or decompressed + * TYPE -- type of data we got back, 16 bit integer + * CLASS -- class we got back, also a 16 bit integer + * TTL -- 32 bit time-to-live. just skip this + * RDLENGTH -- length of the data to follow + * RDATA -- the data: + * PREF -- 16 bit preference + * MX -- name of mail exchanger, must be decompressed + */ + + /* Skip the query data. + * QDCOUNT is the number of entries (unsigned 16 bit int). + */ + count = ntohs (header->qdcount); + for (index = 0; index < count; ++index) + { + ret = dn_skipname (comp_dn, eom); + comp_dn += ret + QFIXEDSZ; + if (ret < 1 || comp_dn >= eom) + SL_RETURN (NULL, _("get_mx")); + } + count = ntohs (header->ancount); + if (count < 1) + SL_RETURN (NULL, _("get_mx")); + + retval = SH_ALLOC (sizeof (dnsrep)); + if (!retval) + SL_RETURN (NULL, _("get_mx")); + retval->count = count; + + /* allocate space for the results */ + + if (!sl_ok_muls(count, sizeof (mx))) + { + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + result = SH_ALLOC (count * sizeof (mx)); + + if (!result) + { + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + retval->reply = result; + + do + { + /* HEADER NAME + */ + ret = dn_expand ((unsigned char *) &reply, eom, comp_dn, + (char *) expanded, 1023); + comp_dn += ret; + if (ret < 1 || comp_dn >= eom) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* TYPE + */ + type = get_short (comp_dn); + comp_dn += 2; + if (type != T_MX || comp_dn >= eom) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* CLASS (re-use 'type' var) + */ + type = get_short (comp_dn); + comp_dn += 2; + if (comp_dn >= eom) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* TTL + */ + comp_dn += 4; + if (comp_dn >= eom) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* RDLENGTH + */ + rdlength = get_short (comp_dn); + comp_dn += 2; + if (rdlength < 1 || comp_dn >= eom) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* RDATA + */ + pref = get_short (comp_dn); + comp_dn += 2; + if (comp_dn >= eom) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + ret = dn_expand ((unsigned char *) &reply, eom, comp_dn, + (char *) expanded, 1023); + comp_dn += ret; + if (ret < 1) + { + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + count--; + + /* fill in the struct + */ + result[count].pref = pref; + len = strlen (expanded) + 1; + result[count].address = SH_ALLOC (len); + sl_strlcpy (result[count].address, expanded, len); + } + while (ret > 0 && comp_dn < eom && count); + + SL_RETURN (retval, _("get_mx")); +} +/* ifndef S_SPLINT_S */ +#endif + +/* #if defined(HAVE_ARPA_NAMESER_H) */ +#endif + + +static int comp_mx_pref (const void * a, const void * b) +{ + const mx * ax = (const mx *) a; + const mx * bx = (const mx *) b; + + if (ax->pref > bx->pref) + return 1; + else if (ax->pref < bx->pref) + return -1; + else + return 0; +} + +/* + * return_mx returns a list of valid mail exchangers for domain + */ +static dnsrep * return_mx (char *domain) +{ + struct hostent *host = NULL; + dnsrep * answers = NULL; + mx * result; + dnsrep * retval; + char errmsg[128]; + size_t len; + + SL_ENTER(_("return_mx")); + +#if defined(HAVE_ARPA_NAMESER_H) + if (domain != NULL) + answers = /*@-unrecog@*/get_mx (domain)/*@+unrecog@*/; +#endif + + if (answers != NULL && answers->count > 0) + { + qsort(answers->reply, (size_t) answers->count, sizeof(mx), + comp_mx_pref); + SL_RETURN (answers, _("return_mx")); + } + else + { + if (domain != NULL) + { +#if defined(HAVE_ARPA_NAMESER_H) +#ifdef FIL__ + (void) sl_strlcpy (errmsg, _("No MX record for domain "), 127); + (void) sl_strlcat (errmsg, domain, 127); + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + errmsg, + _("get_mx")); +#else + /* flawfinder: ignore *//* test code only */ + strcpy (errmsg, /* known to fit */ + _("No MX record for domain ")); + strncat (errmsg, domain, 100); + errmsg[122] = '\0'; + fprintf(stderr, "Warning: %s\n", errmsg); +#endif +#endif + } + if (domain != NULL) + host = /*@-unrecog@*/sh_gethostbyname (domain)/*@+unrecog@*/; + if (!host) + { +#ifdef FIL__ + (void) sl_strlcpy (errmsg, _("Unknown host "), 127); + (void) sl_strlcat (errmsg, domain, 127); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + errmsg, + _("return_mx")); +#endif + SL_RETURN (NULL, _("return_mx")); + } + result = SH_ALLOC (sizeof (mx)); + retval = SH_ALLOC (sizeof (dnsrep)); + retval->reply = result; + retval->count = 1; + result->pref = 0; + /*@-type@*/ + len = strlen (host->h_name) + 1; + result->address = SH_ALLOC (len); + sl_strlcpy (result->address, host->h_name, len); + /*@+type@*/ + SL_RETURN (retval, _("return_mx")); + } +} + +static int free_mx (dnsrep * answers) +{ + mx * result; + int i; + + SL_ENTER(_("free_mx")); + if (!answers) + SL_RETURN (0, _("return_mx")); + + result = answers->reply; + for (i = 0; i < answers->count; ++i) + { + SH_FREE (result[i].address); + } + SH_FREE(result); + SH_FREE(answers); + SL_RETURN (0, _("return_mx")); +} + +#ifdef TEST_ONLY +int main(int argc, char * argv[]) +{ + int i; + dnsrep * answers; + mx * result; + + if (argc < 2) + { + fprintf(stderr, "Usage: dns \n"); + return -1; + } + answers = return_mx(argv[1]); + + if (!answers) + { + fprintf(stderr, "No answer\n"); + return -1; + } + + if (answers->count > 0) + { + result = answers->reply; + for (i = 0; i < answers->count; ++i) + { + fprintf(stderr, "Record %3d: [%3d] %s\n", i, + result[i].pref, result[i].address); + } + } + else + { + fprintf(stderr, "No answer\n"); + free_mx(answers); + return -1; + } + free_mx(answers); + return (0); +} +#endif + + + +/* if defined(SH_WITH_MAIL) */ +#endif + + + Index: branches/samhain-2_2-branch/src/sh_mem.c =================================================================== --- branches/samhain-2_2-branch/src/sh_mem.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_mem.c (revision 66) @@ -0,0 +1,472 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include + + +#ifdef HAVE_MEMORY_H +#include +#endif + +#define SH_REAL_SET + +#include "samhain.h" +#include "sh_error.h" +#include "sh_utils.h" +#include "sh_mem.h" + +extern int safe_logger (int signal, int method, char * details); + +#undef FIL__ +#define FIL__ _("sh_mem.c") +static int eblock = 0; + +#ifdef MEM_DEBUG + +#define CHECKBYTE 0x7F + +/* Memory alignment; should be 16 bytes on 64 bit machines. + * -> 32 bytes overhead/allocation + */ +#define SH_MEMMULT 16 + + +typedef struct mem_struct { + struct mem_struct *next; /* link to next struct */ + char * real_address; /* address assigned */ + char * address; /* address returned */ + unsigned long size; /* size allocated */ + char file[20]; /* Allocation file name */ + int line; /* Allocation line number */ +} memlist_t; + +memlist_t * memlist = NULL; + +int Free_Count = 0, Alloc_Count = 0; +int Now_Alloc_Count = 0, Max_Alloc_Count = 0; +unsigned long Mem_Current = 0, Mem_Max = 0; + +#if 0 +#define MEM_DETAILS +#endif + +#ifdef MEM_DETAILS +int max_upto_032 = 0; +int max_upto_064 = 0; +int max_upto_128 = 0; +int max_upto_256 = 0; +int max_upto_512 = 0; +int max_upto_1024 = 0; +int max_upto_4096 = 0; +int max_upto_inf = 0; + +int now_upto_032 = 0; +int now_upto_064 = 0; +int now_upto_128 = 0; +int now_upto_256 = 0; +int now_upto_512 = 0; +int now_upto_1024 = 0; +int now_upto_4096 = 0; +int now_upto_inf = 0; + +int tot_upto_032 = 0; +int tot_upto_064 = 0; +int tot_upto_128 = 0; +int tot_upto_256 = 0; +int tot_upto_512 = 0; +int tot_upto_1024 = 0; +int tot_upto_4096 = 0; +int tot_upto_inf = 0; +#endif + +#ifdef MEM_LOG +void sh_mem_dump () +{ + memlist_t * this = memlist; + + + FILE * fd = fopen(MEM_LOG, "w"); + + while (this != NULL) + { + fprintf (fd, "%20s %5d %ld\n", this->file, this->line, this->size); + this = this->next; + } + fclose(fd); + return; +} +#else +void sh_mem_dump () +{ + return; +} +#endif + +void sh_mem_stat () +{ + memlist_t * this; + + + SL_ENTER(_("sh_mem_stat")); + + if (Alloc_Count == Free_Count) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP, + Mem_Max, Mem_Current); + SL_RET0(_("sh_mem_stat")); + } + + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_MSTAMP2, + Alloc_Count, Free_Count, Max_Alloc_Count); + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_MSTAMP, + Mem_Max, Mem_Current); + +#ifdef MEM_DETAILS + fprintf(stderr, "\n"); + fprintf(stderr, "__SIZE_____TOTAL___MAXIMUM___\n"); + fprintf(stderr, " 32 %6d %6d\n", tot_upto_032, max_upto_032); + fprintf(stderr, " 64 %6d %6d\n", tot_upto_064, max_upto_064); + fprintf(stderr, " 128 %6d %6d\n", tot_upto_128, max_upto_128); + fprintf(stderr, " 256 %6d %6d\n", tot_upto_256, max_upto_256); + fprintf(stderr, " 512 %6d %6d\n", tot_upto_512, max_upto_512); + fprintf(stderr, " 1024 %6d %6d\n", tot_upto_1024, max_upto_1024); + fprintf(stderr, " 4096 %6d %6d\n", tot_upto_4096, max_upto_4096); + fprintf(stderr, " inf %6d %6d\n", tot_upto_inf, max_upto_inf); + fprintf(stderr, "\n"); +#endif + + this = memlist; + + while (this != NULL) + { + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_NOTFREE, + this->size, this->file, this->line); + this = this->next; + } + + SL_RET0(_("sh_mem_stat")); +} + +void sh_mem_check () +{ + memlist_t * this; + long nerr = 0; + + SL_ENTER(_("sh_mem_check")); + + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP, + Mem_Max, Mem_Current); + + this = memlist; + + while (this != NULL) + { + if ( this->address == NULL ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL); + ++nerr; + } + else + { + if ( this->address[this->size] != CHECKBYTE ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MOVER, + this->file, this->line, FIL__, __LINE__); + ++nerr; + } + if ( this->real_address[SH_MEMMULT-1] != CHECKBYTE ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MUNDER, + this->file, this->line, FIL__, __LINE__); + ++nerr; + } + } + this = this->next; + } + + /* if (nerr > 0) abort(); */ + + SL_RET0(_("sh_mem_check")); +} + +void * sh_mem_malloc (size_t size, char * file, int line) +{ + void * the_realAddress; + void * theAddress; + memlist_t * this; + + SL_ENTER(_("sh_mem_malloc")); + + the_realAddress = malloc(size + 2 * SH_MEMMULT); + + if ( the_realAddress == NULL ) + { + if (eblock == 0) + { + eblock = 1; + (void) safe_logger (0, 0, NULL); + /* + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, + file, line); + */ + eblock = 0; + } + /* use _exit() rather than exit() - we malloc() in atexit() functions + */ + _exit (42); + } + + /* --- Set check bytes. --- + */ + theAddress = ((char *) the_realAddress + SH_MEMMULT); + + memset(the_realAddress, CHECKBYTE, SH_MEMMULT); + memset(theAddress, CHECKBYTE, size + 1); + memset(theAddress, 0, 1); + + ++Alloc_Count; + ++Now_Alloc_Count; + + if (Max_Alloc_Count < Now_Alloc_Count) + Max_Alloc_Count = Now_Alloc_Count; + +#ifdef MEM_DETAILS + if (size <= 32) + { + ++now_upto_032; + ++tot_upto_032; + if (now_upto_032 > max_upto_032) max_upto_032 = now_upto_032; + } + else if (size <= 64) + { + ++now_upto_064; + ++tot_upto_064; + if (now_upto_064 > max_upto_064) max_upto_064 = now_upto_064; + } + else if (size <= 128) + { + ++now_upto_128; + ++tot_upto_128; + if (now_upto_128 > max_upto_128) max_upto_128 = now_upto_128; + } + else if (size <= 256) + { + ++now_upto_256; + ++tot_upto_256; + if (now_upto_256 > max_upto_256) max_upto_256 = now_upto_256; + } + else if (size <= 512) + { + ++now_upto_512; + ++tot_upto_512; + if (now_upto_512 > max_upto_512) max_upto_512 = now_upto_512; + } + else if (size <= 1024) + { + ++now_upto_1024; + ++tot_upto_1024; + if (now_upto_1024 > max_upto_1024) max_upto_1024 = now_upto_1024; + } + else if (size <= 4096) + { + ++now_upto_4096; + ++tot_upto_4096; + if (now_upto_4096 > max_upto_4096) max_upto_4096 = now_upto_4096; + } + else + { + ++now_upto_inf; + ++tot_upto_inf; + if (now_upto_inf > max_upto_inf) max_upto_inf = now_upto_inf; + + fprintf(stderr, "\n___BIGSIZE___"); + fprintf(stderr, " %6d -> %16s %10d \n", size, file, line); + fprintf(stderr, "\n"); + + } +#endif + + Mem_Current += size; + Mem_Max = ( (Mem_Current > Mem_Max) ? Mem_Current : Mem_Max); + + this = (memlist_t *) malloc (sizeof(memlist_t)); + + if ( this == NULL) + { + if (eblock == 0) + { + eblock = 1; + (void) safe_logger(0, 0, NULL); + /* + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, + file, line); + */ + eblock = 0; + } + SL_RETURN( the_realAddress, _("sh_mem_malloc")); + } + + /* make list entry */ + + this->real_address = the_realAddress; + this->address = theAddress; + this->size = size; + this->line = line; + sl_strlcpy(this->file, file, 20); + + this->next = memlist; + memlist = this; + + SL_RETURN( theAddress, _("sh_mem_malloc")); +} + + +void sh_mem_free (void * a, char * file, int line) +{ + memlist_t * this = memlist; + memlist_t * before = memlist; + unsigned long size = 0; + + SL_ENTER(_("sh_mem_free")); + + if ( a == NULL ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL, + file, line); + SL_RET0(_("sh_mem_free")); + } + + /* -- Find record. -- + */ + while (this != NULL) + { + if (this->address == a) + break; + before = this; + this = this->next; + } + + if (this == NULL) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MREC, + file, line); + SL_RET0(_("sh_mem_free")); + } + else + { + a = this->real_address; + + if ( this->address[this->size] != CHECKBYTE ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MOVER, + this->file, this->line, file, line); + } + if ( this->real_address[SH_MEMMULT-1] != CHECKBYTE ) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MUNDER, + this->file, this->line, file, line); + + size = this->size; + + if (this == memlist) + memlist = this->next; + else + before->next = this->next; + } + + free(a); + if (this) + free(this); + ++Free_Count; + --Now_Alloc_Count; + +#ifdef MEM_DETAILS + if (size <= 32) + --now_upto_032; + else if (size <= 64) + --now_upto_064; + else if (size <= 128) + --now_upto_128; + else if (size <= 256) + --now_upto_256; + else if (size <= 512) + --now_upto_512; + else if (size <= 1024) + --now_upto_1024; + else if (size <= 4096) + --now_upto_4096; + else + --now_upto_inf; +#endif + + Mem_Current -= size; + SL_RET0(_("sh_mem_free")); +} + +#else + +void sh_mem_free (void * a) +{ + SL_ENTER(_("sh_mem_free")); + + if (a) + { + free(a); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL); + } + SL_RET0(_("sh_mem_free")); +} + +void * sh_mem_malloc (size_t size) +{ + void * theAddress; + + SL_ENTER(_("sh_mem_malloc")); + + theAddress = malloc(size); + + if ( theAddress == NULL ) + { + if (eblock == 0) + { + eblock = 1; + (void) safe_logger(0, 0, NULL); + /* + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM); + */ + eblock = 0; + } + /* use _exit() rather than exit() - we malloc() in atexit() + */ + _exit (42); + } + /* memset (theAddress, 0, 1); *//* needs testing */ + + SL_RETURN( theAddress, _("sh_mem_malloc")); +} +#endif Index: branches/samhain-2_2-branch/src/sh_modules.c =================================================================== --- branches/samhain-2_2-branch/src/sh_modules.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_modules.c (revision 66) @@ -0,0 +1,106 @@ +#include "config_xor.h" + +#include +#include + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +#include "sh_modules.h" + +#include "sh_utmp.h" +#include "sh_mounts.h" +#include "sh_userfiles.h" +#include "sh_kern.h" +#include "sh_suidchk.h" + +sh_mtype modList[] = { +#ifdef SH_USE_UTMP + { + N_("UTMP"), + 0, + sh_utmp_init, + sh_utmp_timer, + sh_utmp_check, + sh_utmp_end, + sh_utmp_null, + + N_("[Utmp]"), + sh_utmp_table, + }, +#endif + +#ifdef SH_USE_MOUNTS + { + N_("MOUNTS"), + 0, + sh_mounts_init, + sh_mounts_timer, + sh_mounts_check, + sh_mounts_cleanup, + sh_mounts_reconf, + + N_("[Mounts]"), + sh_mounts_table, + }, +#endif + +#ifdef SH_USE_USERFILES + { + N_("USERFILES"), + 0, + sh_userfiles_init, + sh_userfiles_timer, + sh_userfiles_check, + sh_userfiles_cleanup, + sh_userfiles_reconf, + + N_("[UserFiles]"), + sh_userfiles_table, + }, +#endif + +#ifdef SH_USE_KERN + { + N_("KERNEL"), + 0, + sh_kern_init, + sh_kern_timer, + sh_kern_check, + sh_kern_end, + sh_kern_null, + + N_("[Kernel]"), + sh_kern_table, + }, +#endif +#ifdef SH_USE_SUIDCHK + { + N_("SUIDCHECK"), + 0, + sh_suidchk_init, + sh_suidchk_timer, + sh_suidchk_check, + sh_suidchk_end, + sh_suidchk_free_schedule, + + N_("[SuidCheck]"), + sh_suidchk_table, + }, +#endif + { + NULL, + 0, + + NULL, + NULL, + NULL, + NULL, + NULL, + + NULL, + NULL, + }, +}; + +#endif + Index: branches/samhain-2_2-branch/src/sh_mounts.c =================================================================== --- branches/samhain-2_2-branch/src/sh_mounts.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_mounts.c (revision 66) @@ -0,0 +1,798 @@ +/* + * File: sh_mounts.c + * Desc: A module for Samhain; checks for mounts present and options on them. + * Auth: Cian Synnott + * + */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +/* Used in the call tracing macros to keep track of where we are in the code */ +#undef FIL__ +#define FIL__ _("sh_mounts.c") + + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_mounts.h" + +#ifdef SH_USE_MOUNTS +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +/* + * #ifdef HAVE_STRING_H + * #include + * #endif + */ + +#ifdef TM_IN_SYS_TIME +#include +#else +#include +#endif + +/* Prototypes for configuration functions */ +int sh_mounts_config_activate (char * opt); +int sh_mounts_config_timer (char * opt); +int sh_mounts_config_mount (char * opt); +int sh_mounts_config_sevmnt (char * opt); +int sh_mounts_config_sevopt (char * opt); + +/* Prototype for the function to read info on mounted filesystems */ +static struct sh_mounts_mnt *readmounts(void); + +/* Table for configuration options, and pointers to the functions that will + * configure them. Each function is passed the string resulting from stripping + * the option and the "equals" from the config file; e.g. MountCheckActive=1 in + * the configuration file will result in the string "1" being passed to + * sh_mounts_config_activate() */ +sh_rconf sh_mounts_table[] = { + { + N_("mountcheckactive"), + sh_mounts_config_activate + }, + { + N_("mountcheckinterval"), + sh_mounts_config_timer + }, + { + N_("checkmount"), + sh_mounts_config_mount + }, + { + N_("severitymountmissing"), + sh_mounts_config_sevmnt + }, + { + N_("severityoptionmissing"), + sh_mounts_config_sevopt + }, + { + NULL, + NULL + }, +}; + +/* Structures for storing my configuration information, and functions for + * manipulating them */ +struct sh_mounts_mnt { + char * path; + struct sh_mounts_opt * opts; + struct sh_mounts_mnt * next; +}; + +struct sh_mounts_opt { + char * opt; + struct sh_mounts_opt * next; +}; + +/* Return the mount structure whose path matches 'mnt' or NULL if not found */ +static +struct sh_mounts_mnt *sh_mounts_mnt_member(struct sh_mounts_mnt *m, char *mnt) +{ + struct sh_mounts_mnt *it; + + for (it = m; it != NULL; it = it->next) { + if (0 == sl_strcmp(it->path, mnt)) { + return it; + } + } + return NULL; +} + +/* Return the opt structure whose option matches 'opt' or NULL if not found */ +static +struct sh_mounts_opt *sh_mounts_opt_member(struct sh_mounts_opt *o, char *opt) +{ + struct sh_mounts_opt *it; + + for (it = o; it != NULL; it = it->next) { + /* if (!strcmp(it->opt, opt)) { */ + if (0 == sl_strcmp(it->opt, opt)) { + return it; + } + } + return NULL; +} + +static +void sh_mounts_opt_free(struct sh_mounts_opt *o) { + if (o != NULL) { + sh_mounts_opt_free(o->next); + SH_FREE(o->opt); + SH_FREE(o); + } +} + +static +void sh_mounts_mnt_free(struct sh_mounts_mnt *m) { + if (m != NULL) { + sh_mounts_mnt_free(m->next); + sh_mounts_opt_free(m->opts); + SH_FREE(m->path); + SH_FREE(m); + } +} + +/* Some configuration variables I'll be using */ +static time_t lastcheck = (time_t) 0; +static int ShMountsActive = S_FALSE; +static time_t ShMountsInterval = 86400; +static int ShMountsSevMnt = 7; +static int ShMountsSevOpt = 7; + +static struct sh_mounts_mnt *mountlist = NULL; + +/* Module initialisation + * This is called once at the start of each samhain run. + * Non-configuration setup code should be placed here. */ +int sh_mounts_init () +{ + SL_ENTER(_("sh_mounts_init")); + + /* This is a little odd. Because we've built the configured mount list at + * this point, if we've set the module inactive, we need to free the list - + * otherwise when we reconf() with it set active, we'll end up with a + * duplicated list. Interesting. */ + if (ShMountsActive == S_FALSE) { + sh_mounts_mnt_free(mountlist); + mountlist = NULL; + SL_RETURN(-1, _("sh_mounts_init")); + } + + lastcheck = time(NULL); + + SL_RETURN(0, _("sh_mounts_init")); +} + +/* Module timer + * This timer function is called periodically with the current time to see if + * it is time to run the module's "check" function. On nonzero return, the + * check is run. */ +int sh_mounts_timer (time_t tcurrent) +{ + SL_ENTER(_("sh_mounts_timer")); + + if ((time_t) (tcurrent - lastcheck) >= ShMountsInterval) { + lastcheck = tcurrent; + SL_RETURN(-1, _("sh_mounts_timer")); + } + + SL_RETURN(0, _("sh_mounts_timer")); +} + +/* Module check + * The business end of things. This is the actual check code for this module. + * Everything you want to do periodically should go here. */ +int sh_mounts_check () +{ + struct sh_mounts_mnt *memlist; + struct sh_mounts_mnt *cfgmnt, *mnt; + struct sh_mounts_opt *cfgopt, *opt; + + SL_ENTER(_("sh_mounts_check")); + + /* Log the check run. For each message type you want, you need to define it + * as an enum in sh_cat.h, and then set it up in terms of priority and format + * string in sh_cat.c */ + sh_error_handle(-1, FIL__, __LINE__, 0, MSG_MNT_CHECK); + + /* Read the list of mounts from memory */ + memlist = readmounts(); + + if (memlist == NULL) { + sh_error_handle(-1, FIL__, __LINE__, 0, MSG_MNT_MEMLIST); + } + + /* For each mount we are configured to check, run through the list of mounted + * filesystems and compare the pathnames */ + for (cfgmnt = mountlist; cfgmnt != NULL; cfgmnt = cfgmnt->next) { + mnt = sh_mounts_mnt_member(memlist, cfgmnt->path); + + if (mnt) { + for (cfgopt = cfgmnt->opts; cfgopt != NULL; cfgopt = cfgopt->next) { + opt = sh_mounts_opt_member(mnt->opts, cfgopt->opt); + + if (!opt) { + sh_error_handle(ShMountsSevOpt, FIL__, __LINE__, 0, MSG_MNT_OPTMISS, + cfgmnt->path, cfgopt->opt); + } + } + } + + else { + sh_error_handle(ShMountsSevMnt, FIL__, __LINE__, 0, MSG_MNT_MNTMISS, + cfgmnt->path); + } + } + + /* Make sure to clean up after ourselves */ + sh_mounts_mnt_free(memlist); + + SL_RETURN(0, _("sh_mounts_check")); +} + +/* Module cleanup + * The end of the tour - when samhain is shutting down, this is run. */ +int sh_mounts_cleanup () +{ + SL_ENTER(_("sh_mounts_cleanup")); + sh_mounts_mnt_free(mountlist); + mountlist = NULL; + SL_RETURN( (0), _("sh_mounts_cleanup")); +} + +/* Module reconfiguration + * Run on receipt of a HUP. Right now this is identical to _end(), but it may + * not always be. */ +int sh_mounts_reconf() +{ + SL_ENTER(_("sh_mounts_null")); + sh_mounts_mnt_free(mountlist); + mountlist = NULL; + SL_RETURN( (0), _("sh_mounts_null")); +} + +/* Module configuration + * These functions are called when the configuration file is being parsed. */ + +/* Configure to check a particular mount */ +int sh_mounts_config_mount (char * opt) +{ + struct sh_mounts_mnt *m; + struct sh_mounts_opt *o; + char *sp, *temp; + + SL_ENTER(_("sh_mounts_config_mount")); + + /* It's probably best to make a copy of opt before messing about with it + * via string functions. Good practice and all that. */ + temp = sh_util_strdup(opt); + + /* Since we're going to "consume" this new buffer, it'll be good to have a + * reference to it's allocated memory so we can free it later. Let's use + * temp for that, and the now-unused "opt" for consumption */ + opt = temp; + + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof(struct sh_mounts_mnt)); + + /* First, strip out the mount path. */ + m->path = sh_util_strdup(sh_util_strsep(&opt, " \t")); + m->opts = NULL; + + /* Now get all of the mount options - they can be delimited by comma or + * whitespace */ + while (opt != NULL) { + sp = sh_util_strsep(&opt, ", \t"); + + /* This just catches multiple separators appearing together */ + if (*sp == '\0') { + continue; + } + + o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); + o->next = m->opts; + m->opts = o; + + o->opt = sh_util_strdup(sp); + } + + /* Add to the list of configured mounts */ + m->next = mountlist; + mountlist = m; + + /* Free the string buffer we allocated earlier */ + SH_FREE(temp); + + SL_RETURN(0, _("sh_mounts_config_mount")); +} + +/* Simply sets our boolean as to whether this module is active */ +int sh_mounts_config_activate (char * opt) +{ + int i; + SL_ENTER(_("sh_mounts_config_activate")); + i = sh_util_flagval(opt, &ShMountsActive); + SL_RETURN(i, _("sh_mounts_config_activate")); +} + +/* Sets up our timer */ +int sh_mounts_config_timer (char * opt) +{ + long val; + int retval = 0; + + SL_ENTER(_("sh_mounts_config_timer")); + val = strtol (opt, (char **)NULL, 10); + if (val <= 0) + { + sh_error_handle (-1, FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("mounts timer"), opt); + retval = -1; + } + val = (val <= 0 ? 86400 : val); + + ShMountsInterval = (time_t) val; + + SL_RETURN(retval, _("sh_mounts_config_timer")); +} + +/* Configure severity for "mount missing" messages */ +int sh_mounts_config_sevmnt (char * opt) +{ + int retval = 0; + char tmp[32]; + + + SL_ENTER(_("sh_mounts_config_sevmnt")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, opt, 32); + retval = sh_error_set_level (tmp, &ShMountsSevMnt); + SL_RETURN(retval, _("sh_mounts_config_sevmnt")); +} + +int sh_mounts_config_sevopt (char * opt) +{ + int retval = 0; + char tmp[32]; + + SL_ENTER(_("sh_mounts_config_sevopt")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, opt, 32); + retval = sh_error_set_level (tmp, &ShMountsSevOpt); + SL_RETURN(retval, _("sh_mounts_config_sevopt")); +} + + +/* + * Below here we have the code for actually reading options on mounted fs's + * I've just got code here to work on FreeBSD, Linux and Solaris. I'm sure + * others could be added. Note that some small bits of the OS-specific code + * are from mountlist.c in GNU fileutils. + */ + +/* FreeBSD includes */ +#ifdef HOST_IS_FREEBSD +#include +#include +#include +#endif + +/* Linux includes */ +#ifdef HOST_IS_LINUX +#include +#include +#endif + +/* Solaris includes */ +#ifdef HOST_IS_SOLARIS +#include +#include +#endif + +/* HP_UX includes */ +#ifdef HOST_IS_HPUX +#include +#include +#endif + +/* AIX includes and helper routines (from gnome-vfs-unix-mounts.c */ +#if 0 +#ifdef HOST_IS_AIX +#include +#include +#include + +/* gnome-vfs-unix-mounts.c - read and monitor fstab/mtab + + Copyright (C) 2003 Red Hat, Inc + + The Gnome Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + The Gnome Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with the Gnome Library; see the file COPYING.LIB. If not, + write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + + Author: Alexander Larsson +*/ + +/* read character, ignoring comments (begin with '*', end with '\n' */ +static int aix_fs_getc (FILE *fd) +{ + int c; + + while ((c = getc (fd)) == '*') { + while (((c = getc (fd)) != '\n') && (c != EOF)) {} /* do nothing */ + } +} + +/* eat all continuous spaces in a file */ +static int aix_fs_ignorespace (FILE *fd) +{ + int c; + + while ((c = aix_fs_getc (fd)) != EOF) { + if (! (isascii(c) && isspace (c)) ) { + ungetc (c,fd); + return c; + } + } + + return EOF; +} + +/* read one word from file */ +static int aix_fs_getword (FILE *fd, char *word, int len) +{ + int c; + int i = 0; + + --len; + + aix_fs_ignorespace (fd); + + while (((c = aix_fs_getc (fd)) != EOF) && !( isascii(c) && isspace(c) )) + { + if (c == '"') + { + while (((c = aix_fs_getc (fd)) != EOF) && (c != '"')) + { + *word++ = c; ++i; + if (i == len) + break; + } + } + else + { + *word++ = c; ++i; + } + if (i == len) + break; + } + *word = 0; + + return c; +} + +/* PATH_MAX is in sys/limits.h, included via stdio.h + */ +typedef struct { + char mnt_mount[PATH_MAX]; + char mnt_special[PATH_MAX]; + char mnt_fstype[16]; + char mnt_options[128]; +} AixMountTableEntry; + +/* read mount points properties */ +static int aix_fs_get (FILE *fd, AixMountTableEntry *prop) +{ + /* Need space for PATH_MAX + ':' (terminating '\0' is in PATH_MAX; SUSv3) + */ + static char word[PATH_MAX+1] = { 0 }; + char value[PATH_MAX]; + + /* reset */ + + if (fd == NULL) + { + word[0] = '\0'; + return 0; + } + + /* read stanza */ + + if (word[0] == 0) { + if (aix_fs_getword (fd, word, (PATH_MAX+1)) == EOF) + return EOF; + } + + word[strlen(word) - 1] = 0; + sl_strlcpy (prop->mnt_mount, word, PATH_MAX); + + /* read attributes and value */ + + while (aix_fs_getword (fd, word, (PATH_MAX+1)) != EOF) { + /* test if is attribute or new stanza */ + + if (word[strlen(word) - 1] == ':') { + return 0; + } + + /* read "=" */ + aix_fs_getword (fd, value, PATH_MAX); + + /* read value */ + aix_fs_getword (fd, value, PATH_MAX); + + if (strcmp (word, "dev") == 0) { + sl_strlcpy (prop->mnt_special, value, PATH_MAX); + } else if (strcmp (word, "vfs") == 0) { + sl_strlcpy (prop->mnt_fstype, value, 16); + } else if (strcmp (word, "options") == 0) { + sl_strlcpy(prop->mnt_options, value, 128); + } + } + + return 0; +} + +/* end AIX helper routines */ +#endif +#endif + +#if defined(HOST_IS_FREEBSD) + +/* FreeBSD returns flags instead of strings as mount options, so we'll convert + * them here. */ +static +struct sh_mounts_opt * getoptlist(int flags) { + struct sh_mounts_opt *list, *o; + int i; + + struct {char *opt; int flag;} table[] = { + {"ro", MNT_RDONLY}, + {"noexec", MNT_NOEXEC}, + {"nosuid", MNT_NOSUID}, + {"nodev", MNT_NODEV}, + {"sync", MNT_SYNCHRONOUS}, + {"async", MNT_ASYNC}, + {"local", MNT_LOCAL}, + {"quota", MNT_QUOTA}, + {"bound", -1} + }; + + SL_ENTER(_("getoptlist")); + + list = NULL; + + /* Add any flags found to the list */ + for (i = 0; table[i].flag != -1; i++) { + if (flags & table[i].flag) { + o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); + o->opt = sh_util_strdup(table[i].opt); + o->next = list; + list = o; + } + } + + SL_RETURN(list, _("getoptlist")); +} + +/* Solaris & Linux return identical option string formats */ +#else + +/* We just separate the options out by parsing for commas */ +static +struct sh_mounts_opt * getoptlist(char *opt) +{ + struct sh_mounts_opt *list, *o; + char *sp, *temp; + + SL_ENTER(_("getoptlist")); + + /* See the comments in sh_mounts_config_mount() above for the reasons for + * this arcane little zig-zag */ + temp = sh_util_strdup(opt); + opt = temp; + + list = NULL; + + /* For each option, add to the list */ + while (opt != NULL) { + sp = sh_util_strsep(&opt, ", \t"); + + if (*sp == '\0') { + continue; + } + + o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); + o->next = list; + list = o; + + o->opt = sh_util_strdup(sp); + } + + SH_FREE(temp); + + SL_RETURN(list, _("getoptlist")); +} + +#endif + +/* Read the list of mounts from whereever is appropriate to the OS and return + * it. Return NULL on error. */ +static struct sh_mounts_mnt * readmounts(void) { + struct sh_mounts_mnt *list, *m; + + SL_ENTER(_("readmounts")); + m = NULL; /* use it to avoid compiler warning */ + list = m; + +/* The FreeBSD way */ +#ifdef HOST_IS_FREEBSD +{ + struct statfs *fsp; + int entries; + + entries = getmntinfo(&fsp, MNT_NOWAIT); + if (entries < 0) { + SL_RETURN((NULL), _("readmounts")); + } + + for (; entries-- > 0; fsp++) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(fsp->f_mntonname); + m->opts = getoptlist(fsp->f_flags); + + m->next = list; + list = m; + } +} +#endif + +/* The Linux way */ +#ifdef HOST_IS_LINUX +{ + struct mntent *mp; + FILE *tab = setmntent(_PATH_MOUNTED, "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + mp = getmntent(tab); + while (mp != NULL) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mp->mnt_dir); + m->opts = getoptlist(mp->mnt_opts); + + m->next = list; + list = m; + + mp = getmntent(tab); + } + + (void) endmntent(tab); +} +#endif + +/* The Solaris way */ +#ifdef HOST_IS_SOLARIS +{ + struct mnttab mp; + FILE *tab = fopen(MNTTAB, "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + while (!getmntent(tab, &mp)) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mp.mnt_mountp); + m->opts = getoptlist(mp.mnt_mntopts); + + m->next = list; + list = m; + } + + fclose(tab); +} +#endif + + +/* The HP-UX way */ +#ifdef HOST_IS_HPUX +{ + struct mntent *mp; + FILE *tab = setmntent(MNT_MNTTAB, "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + mp = getmntent(tab); + while (mp != NULL) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mp->mnt_dir); + m->opts = getoptlist(mp->mnt_opts); + + m->next = list; + list = m; + + mp = getmntent(tab); + } + + (void) endmntent(tab); +} +#endif + +/* The AIX way */ +#if 0 +#ifdef HOST_IS_AIX +{ + AixMountTableEntry mntent; + FILE *tab = fopen("/etc/filesystems", "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + while (!aix_fs_get (tab, &mntent)) + { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mntent.mnt_mount); + m->opts = getoptlist(mntent.mnt_options); + + m->next = list; + list = m; + + mntent.mnt_mount[0] = '\0'; + mntent.mnt_special[0] = '\0'; + mntent.mnt_fstype[0] = '\0'; + mntent.mnt_options[0] = '\0'; + } + + (void) fclose(tab); + aix_fs_get (NULL, NULL); /* reset */ +} +#endif +#endif + + SL_RETURN((list), _("readmounts")); + +} + + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +/* #ifdef SH_USE_MOUNTS */ +#endif + Index: branches/samhain-2_2-branch/src/sh_prelink.c =================================================================== --- branches/samhain-2_2-branch/src/sh_prelink.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_prelink.c (revision 66) @@ -0,0 +1,261 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2004 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + +#include "samhain.h" +#include "sh_tiger.h" +#include "sh_extern.h" +#include "sh_utils.h" +#include "sh_unix.h" + +#undef FIL__ +#define FIL__ _("sh_prelink.c") + +static char * prelink_path = NULL; +static char * prelink_hash = NULL; + +int sh_prelink_set_path (const char * str) +{ + SL_ENTER(_("sh_prelink_set_path")); + if (prelink_path != NULL) + SH_FREE(prelink_path); + if (str[0] != '/') + { + prelink_path = NULL; + SL_RETURN((-1), _("sh_prelink_set_path")); + } + + prelink_path = sh_util_strdup(str); + + SL_RETURN(0, _("sh_prelink_set_path")); +} + +int sh_prelink_set_hash (const char * str) +{ + size_t len; + SL_ENTER(_("sh_prelink_set_hash")); + if (prelink_hash != NULL) + SH_FREE(prelink_hash); + len = sl_strlen (str); + if (len != KEY_LEN) + { + prelink_hash = NULL; + SL_RETURN((-1), _("sh_prelink_set_hash")); + } + prelink_hash = SH_ALLOC(len+1); + (void) sl_strlcpy(prelink_hash, str, len+1); + SL_RETURN(0, _("sh_prelink_set_hash")); +} + +int sh_prelink_iself (SL_TICKET fd, off_t size, int alert_timeout) +{ + long status; + char magic[4]; + if (size < 42) + return S_FALSE; + status = sl_read_timeout (fd, magic, 4, alert_timeout); + (void) sl_rewind(fd); + if (status == 4) + { + /*@-usedef@*/ + if (magic[0] == (char) 0x7f && + magic[1] == 'E' && + magic[2] == 'L' && + magic[3] == 'F') + return S_TRUE; + /*@+usedef@*/ + } + return S_FALSE; +} + +extern int get_the_fd (SL_TICKET ticket); + +static void sh_prelink_fd(sh_tas_t * task) +{ + SL_TICKET ticket; + char * tmp; + + if (task->com_ti != (-1)) + { + (void) sl_close(task->com_ti); + task->com_fd = -1; + task->com_ti = -1; + } + ticket = sl_open_read(task->command, + task->privileged == 0 ? SL_NOPRIV : SL_YESPRIV); + if (SL_ISERROR(ticket)) + { + tmp = sh_util_safe_name (task->command); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_READ, tmp); + SH_FREE(tmp); + return; + } + tiger_fd = ticket; + if (*(task->checksum) == '\0' || + 0 == sl_strcmp(task->checksum, + sh_tiger_hash (task->command, TIGER_FD, 0))) + { + task->com_fd = get_the_fd(ticket); + task->com_ti = ticket; + } + else + { + tmp = sh_util_safe_name (task->command); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_HASH, tmp); + SH_FREE(tmp); + (void) sl_close(ticket); + } + return; +} + +/* returns static storage + */ +int sh_prelink_run (char * path, char * file_hash, int alert_timeout) +{ + static int init = S_FALSE; + static int args_filled = 0; + static sh_tas_t task; + + int status = 0; + char * p; + struct sigaction new_act; + struct sigaction old_act; + + SL_ENTER(_("sh_prelink_run")); + + /* reset if path == NULL + */ + if (path == NULL) + { + if (init == S_FALSE) + { + SL_RETURN (0, _("sh_prelink_run")); + } + sh_ext_tas_free(&task); + init = S_FALSE; + args_filled = 0; + SL_RETURN (0, _("sh_prelink_run")); + } + + /* initialize task structure + */ + if (init == S_FALSE) + { + sh_ext_tas_init(&task); + p = sh_unix_getUIDdir (SH_ERR_ERR, task.run_user_uid); + if (p) + { + (void) sh_ext_tas_add_envv (&task, _("HOME"), p); + } + (void) sh_ext_tas_add_envv (&task, _("SHELL"), + _("/bin/sh")); + (void) sh_ext_tas_add_envv (&task, _("PATH"), + _("/sbin:/usr/sbin:/bin:/usr/bin")); + if (sh.timezone != NULL) + { + (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone); + } + if (prelink_path == NULL) + { + sh_ext_tas_command(&task, _("/usr/sbin/prelink")); + (void) sh_ext_tas_add_argv(&task, _("/usr/sbin/prelink")); + } + else + { + sh_ext_tas_command(&task, prelink_path); + (void) sh_ext_tas_add_argv(&task, prelink_path); + } + args_filled = sh_ext_tas_add_argv(&task, _("--verify")); + + if (prelink_hash != NULL) + { + (void) sl_strlcpy(task.checksum, prelink_hash, KEY_LEN+1); + } + task.rw = 'r'; + task.fork_twice = S_FALSE; + + sh_prelink_fd(&task); + + init = S_TRUE; + } + + /* rm filename arg if set; fill in filename + */ + if (args_filled == 3) + args_filled = sh_ext_tas_rm_argv(&task); + if (args_filled == 2) + args_filled = sh_ext_tas_add_argv(&task, path); + else + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, args_filled, MSG_E_SUBGEN, + _("Bad argument count"), _("sh_prelink_run")); + SL_RETURN ((-1), _("sh_prelink_run")); + } + + /* open pipe + */ + status = sh_ext_popen(&task); + if (status != 0) + { + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("Could not open pipe"), _("sh_prelink_run")); + SL_RETURN ((-1), _("sh_prelink_run")); + } + + if (SL_ISERROR(task.pipeTI)) + { + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task.pipeTI, MSG_E_SUBGEN, + _("No valid ticket"), _("sh_prelink_run")); + SL_RETURN ((-1), _("sh_prelink_run")); + } + + /* ignore SIGPIPE (instead get EPIPE if connection is closed) + */ + new_act.sa_handler = SIG_IGN; + (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); + + /* read from pipe + */ + tiger_fd = task.pipeTI; + + sl_read_timeout_prep (task.pipeTI); + + sl_strlcpy(file_hash, + sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout), + KEY_LEN+1); + + /* restore old signal handler + */ + (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL); + + /* close pipe and return exit status + */ + status = sh_ext_pclose(&task); + SL_RETURN ((status), _("sh_prelink_run")); +} +/* defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + */ +#endif Index: branches/samhain-2_2-branch/src/sh_prelude.c =================================================================== --- branches/samhain-2_2-branch/src/sh_prelude.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_prelude.c (revision 66) @@ -0,0 +1,1065 @@ +/* + * + * Copyright (C) 2005 Yoann Vandoorselaere, Prelude IDS Technologies + * Rainer Wichmann + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. + * + */ + +/* + * 28/04/2005 : R.W.: + * move libprelude 0.8 code to seperate file + * + * 23/04/2005 : R.W.: + * include libprelude 0.9 code from Yoann Vandoorselaere + */ + + +/* + * for strptime() + */ +#define _GNU_SOURCE 1 + +#include "config_xor.h" + +#include +#include +#include + +#if TIME_WITH_SYS_TIME + +# include +# include + +#else + +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif + +#endif + +#include +#include +#include + +int sh_argc_store; +char ** sh_argv_store; + +#if defined(HAVE_LIBPRELUDE) && defined(HAVE_LIBPRELUDE_9) + + +/* + * _() macros are samhain specific; they are used to replace string + * constants at runtime. This is part of the samhain stealth mode + * (fill string constants with encoded strings, decode at runtime). + */ +#define FIL__ _("sh_prelude.c") + + +#include +#include + +/* + * includes for samhain-specific functions (sl_strstr, sh_error_handle) + */ +#include "slib.h" +#include "sh_cat.h" +#include "sh_error_min.h" +#include "sh_prelude.h" + +/* + * When SH_USE_XML is set, value are formated using name="value". + * Otherwise, value is formatted using the format name=. + */ +#ifdef SH_USE_XML +# define VALUE_DELIM_START '"' +# define VALUE_DELIM_END '"' +#else +# define VALUE_DELIM_START '<' +# define VALUE_DELIM_END '>' +#endif + +#define IDMEF_ANALYZER_MODEL _("Samhain") +#define IDMEF_ANALYZER_CLASS _("Integrity Checker") +#define IDMEF_ANALYZER_VERSION VERSION +#define IDMEF_ANALYZER_MANUFACTURER _("Samhain by Rainer Wichmann") + +#define CLASSIFICATION_URL _("http://www.la-samhna.de/samhain/") + + + +/* + * 0 = not initialized; -1 = failed; 1 = initialized + */ +static int initialized = 0; +static int ready_for_init = 0; + +static char *profile = NULL; +static prelude_client_t *client = NULL; + +static int severity_map[1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH] = { + /* 0: unused (?) */ 0, + /* 1: INFO */ 0, + /* 2: LOW */ SH_ERR_ALL|SH_ERR_INFO, + /* 3: MEDIUM */ SH_ERR_NOTICE|SH_ERR_WARN|SH_ERR_STAMP|SH_ERR_ERR, + /* 4: HIGH */ SH_ERR_SEVERE|SH_ERR_FATAL +}; + +/* returns 0/tiger, 1/sha1, or 2/md5 + */ +extern int sh_tiger_get_hashtype(void); + +static void clear_and_set (int setpos, int flag) +{ + unsigned int i; + /* clear everywhere, and set at correct position */ + for (i = 1; i < (1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH); ++i) + severity_map[i] &= ~flag; + severity_map[setpos] |= flag; + return; +} + +static int set_prelude_severity_int (const char * str, int prelude_sev) +{ + char * p; + char * dup = strdup (str); + + if (!dup) + return -1; + + p = strtok (dup, ", \t"); + if (p) { + do { + if (0 == strcmp (p, _("alert"))) + clear_and_set (prelude_sev, SH_ERR_FATAL); + else if (0 == strcmp (p, _("crit"))) + clear_and_set (prelude_sev, SH_ERR_SEVERE); + else if (0 == strcmp (p, _("err"))) + clear_and_set (prelude_sev, SH_ERR_ERR); + else if (0 == strcmp (p, _("mark"))) + clear_and_set (prelude_sev, SH_ERR_STAMP); + else if (0 == strcmp (p, _("warn"))) + clear_and_set (prelude_sev, SH_ERR_WARN); + else if (0 == strcmp (p, _("notice"))) + clear_and_set (prelude_sev, SH_ERR_NOTICE); + else if (0 == strcmp (p, _("debug"))) + clear_and_set (prelude_sev, SH_ERR_ALL); + else if (0 == strcmp (p, _("info"))) + clear_and_set (prelude_sev, SH_ERR_INFO); + else { + free (dup); + return -1; + } + p = strtok (NULL, ", \t"); + } while (p); + } + free(dup); + return 0; +} + +int sh_prelude_map_info (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO)); +} +int sh_prelude_map_low (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW)); +} +int sh_prelude_map_medium (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM)); +} +int sh_prelude_map_high (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH)); +} + +static idmef_impact_severity_t map_severity (int sam_sev) +{ + int i; + int max = 1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH; + idmef_impact_severity_t retval = IDMEF_IMPACT_SEVERITY_MEDIUM; + + for (i = 0; i < max; ++i) { + if (severity_map[i] & sam_sev) { + retval = (idmef_impact_severity_t) i; + } + } + return retval; +} + +static char *do_get_value(char *ptr, char delim_start, char delim_end) +{ + char *ret = NULL; + + ptr = strchr(ptr, delim_start); + if ( ! ptr ) + return NULL; + + ret = ++ptr; + + ptr = strchr(ptr, delim_end); + if ( ! ptr ) + return NULL; + + *ptr = '\0'; + ret = strdup(ret); + *ptr = delim_end; + + return ret; +} + + + +static char *get_value(char *msg, const char *toktmp, const char *toksuffix) +{ + char *ptr, tok[128]; + + snprintf(tok, sizeof(tok), "%s%s=", toktmp, (toksuffix) ? toksuffix : ""); + + ptr = strstr(msg, tok); + if ( ! ptr ) + return NULL; + + return do_get_value(ptr, VALUE_DELIM_START, VALUE_DELIM_END); +} + + + +static char *get_time_value(char *msg, const char *toktmp, const char *toksuffix) +{ + + char *ret, *ptr, tok[128]; + + snprintf(tok, sizeof(tok), "%s%s=", toktmp, (toksuffix) ? toksuffix : ""); + + ptr = strstr(msg, tok); + if ( ! ptr ) + return NULL; + +#ifndef SH_USE_XML + ret = do_get_value(ptr, '[', ']'); +#else + ret = do_get_value(ptr, VALUE_DELIM_START, VALUE_DELIM_END); +#endif + + return ret; +} + + + + +#if 0 +void debug_print_message(idmef_message_t *msg) +{ + int ret; + prelude_io_t *fd; + + ret = prelude_io_new(&fd); + if ( ret < 0 ) + return; + + prelude_io_set_file_io(fd, stderr); + idmef_message_print(idmef, fd); + + prelude_io_destroy(fd); +} +#endif + + + +static int idmef_time_from_samhain(idmef_time_t **time, const char *str) +{ + int ret; + char *ptr; + time_t utc; + struct tm lt; + + /* + * Samhain stamp are encoded in UTC. + */ + ptr = strptime(str, _("%Y-%m-%dT%H:%M:%S"), <); + if ( ! ptr ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("could not format Samhain time"), _("idmef_time_from_samhain")); + return -1; + } + + utc = prelude_timegm(<); + + ret = idmef_time_new_from_time(time, &utc); + if ( ret < 0 ) + return ret; + + return 0; +} + +/* flawfinder: ignore *//* is part of name, not access() */ +static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos) +{ + int got = 0; + int ret; + prelude_string_t *str; + + do { + if ( mode[pos] == 'r' ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + prelude_string_set_dup(str, _("read")); + ++got; + } + else if ( mode[pos] == 'w' ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + prelude_string_set_dup(str, _("write")); + ++got; + } + else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + + if ( mode[pos] == 'x' && mode[0] == 'd' ) + prelude_string_set_dup(str, _("search")); + + else if ( mode[pos] == 'x' || mode[pos] == 't' ) + prelude_string_set_dup(str, _("execute")); + + else /* 's' */ + prelude_string_set_dup(str, _("executeAs")); + ++got; + } + ++pos; + } while (pos <= mpos); + + if ( got == 0 ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + prelude_string_set_dup(str, _("noAccess")); + } + return; +} + + +static void get_file_infos(idmef_target_t *target, char *msg, + idmef_file_category_t category) +{ + int ret; + int hashtype = 0; + char *ptr; + idmef_time_t *time; + idmef_file_t *file; + idmef_inode_t *inode; + prelude_string_t *str; + idmef_checksum_t *checksum; + idmef_file_access_t *access; /* flawfinder: ignore */ + idmef_user_id_t *userid; + const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old"; + char *mode = NULL; + + ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + idmef_file_set_category(file, category); + + ptr = get_value(msg, _("path"), NULL); + if ( ptr ) { + /* + * In term of IDMEF, this is the full path, + * including the name. + */ + ret = idmef_file_new_path(file, &str); + if ( ret < 0 ) { + free(ptr); + return; + } + prelude_string_set_nodup(str, ptr); + + ptr = strrchr(ptr, '/'); + if ( ptr ) { + ret = idmef_file_new_name(file, &str); + if ( ret == 0 ) { + prelude_string_set_dup(str, ptr + 1); + } + } + } + + ptr = get_value(msg, _("size"), suffix); + if ( ptr ) { + idmef_file_set_data_size(file, strtoul(ptr, NULL, 10)); + free(ptr); + } + + ptr = get_time_value(msg, _("mtime"), suffix); + if ( ptr ) { + ret = idmef_time_from_samhain(&time, ptr); + if ( ret == 0 ) { + idmef_file_set_modify_time(file, time); + } + free(ptr); + } + + ptr = get_time_value(msg, _("ctime"), suffix); + if ( ptr ) { + ret = idmef_time_from_samhain(&time, ptr); + if ( ret == 0 ) { + idmef_file_set_create_time(file, time); + } + free(ptr); + } + + ptr = get_value(msg, _("inode"), suffix); + if ( ptr ) { + ret = idmef_file_new_inode(file, &inode); + if ( ret == 0 ) { + char * dev = get_value(msg, _("dev"), suffix); + if (dev) { + char * q = strchr(dev, ','); + if (*q) { + *q = '\0'; ++q; + idmef_inode_set_major_device(inode, strtoul(dev, NULL, 0)); + idmef_inode_set_minor_device(inode, strtoul( q, NULL, 0)); + } + free(dev); + } + idmef_inode_set_number(inode, strtoul(ptr, NULL, 10)); + } + free(ptr); + } + + ptr = get_value(msg, _("chksum"), suffix); + if ( ptr ) { + ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + goto get_mode; + } + + hashtype = sh_tiger_get_hashtype(); + + if (hashtype == 0) + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_TIGER); + + else if (hashtype == 1) + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_SHA1); + + else if (hashtype == 2) + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_MD5); + + else + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_TIGER); + + + ret = idmef_checksum_new_value(checksum, &str); + if ( ret < 0 ) { + free(ptr); + goto get_mode; + } + + /* will be freed on destroy() + */ + prelude_string_set_nodup(str, ptr); + } + + get_mode: + + mode = get_value(msg, _("mode"), suffix); + if ( mode ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); + if ( ret < 0 ) + goto get_owner; + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_user_id(access, &userid); + if ( ret < 0 ) + goto get_owner; + idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS); + + /* flawfinder: ignore *//* is part of name, not access() */ + get_access_info ( access, mode, 7, 9 ); + } + + get_owner: + + ptr = get_value(msg, _("owner"), suffix); + if ( ptr ) { + char * uid; + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + goto get_group; + } + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_user_id(access, &userid); + if ( ret < 0 ) { + free(ptr); + goto get_group; + } + idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_USER_PRIVS); + + ret = idmef_user_id_new_name(userid, &str); + if ( ret < 0 ) { + free(ptr); + goto get_group; + } + prelude_string_set_nodup(str, ptr); + + uid = get_value(msg, _("iowner"), suffix); + if ( ! uid ) + goto get_group; + + idmef_user_id_set_number(userid, strtoul(uid, NULL, 0)); + + if ( mode ) { + /* flawfinder: ignore *//* is part of name, not access() */ + get_access_info ( access, mode, 1, 3 ); + } + + free(uid); + } + + get_group: + + ptr = get_value(msg, _("group"), suffix); + if ( ptr ) { + char *gid; + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + goto mode_free; + } + + ret = idmef_file_access_new_user_id(access, &userid);/* flawfinder: ignore *//* is part of name, not access() */ + if ( ret < 0 ) { + free(ptr); + goto mode_free; + } + + idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_GROUP_PRIVS); + + ret = idmef_user_id_new_name(userid, &str); + if ( ret < 0 ) { + free(ptr); + goto mode_free; + } + + prelude_string_set_nodup(str, ptr); + + gid = get_value(msg, _("igroup"), suffix); + if ( ! gid ) + goto mode_free; + + idmef_user_id_set_number(userid, strtoul(gid, NULL, 0)); + + if ( mode ) { + get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */ + } + + free(gid); + } + + mode_free: + + if ( mode ) { + free ( mode ); + } + + return; +} + + + +static int map_policy_to_class(char *msg, unsigned long msgid, idmef_impact_t *impact, prelude_string_t *out) +{ + char *ptr; + int ret, i; + struct tbl { + unsigned int msgid; + const char *name; + idmef_impact_type_t type; + } tbl[] = { + +#ifdef SH_USE_UTMP + { MSG_UT_LG1X, N_("User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG1A, N_("User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG1B, N_("User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG2X, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG2A, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG2B, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3X, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3A, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3B, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3C, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + { MSG_FI_MISS, N_("File Missing"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_MISS2, N_("File Missing"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_ADD, N_("File Added"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_ADD2, N_("File Added"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_CHAN, N_("File Modified"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE }, +#endif + +#ifdef SH_USE_KERN + { MSG_KERN_POLICY, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_POL_CO, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_PROC, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_GATE, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_IDT, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_SYSCALL, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, +#endif + +#ifdef SH_USE_SUIDCHK + { MSG_SUID_POLICY, N_("SUID/SGID File Detected"), IDMEF_IMPACT_TYPE_FILE }, +#endif + /* + * This must be the last table entry + */ + { 0, NULL, IDMEF_IMPACT_TYPE_OTHER }, + }; + + for ( i = 0; tbl[i].name != NULL; i++ ) { + if ( tbl[i].msgid != msgid ) + continue; + + idmef_impact_set_type(impact, tbl[i].type); + return prelude_string_cat(out, _(tbl[i].name)); + } + + /* some other message + */ + ptr = get_value(msg, _("msg"), NULL); + if ( ! ptr ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("could not format Samhain message"), _("map_policy_to_class")); + return -1; + } + + ret = prelude_string_cat(out, ptr); + free(ptr); + + return ret; +} + + + +static int get_login_info(char *msg, idmef_alert_t *alert) +{ + int ret; + char *ptr, *ip; + idmef_user_t *user; + idmef_node_t *node; + struct passwd *pw; + prelude_string_t *str; + idmef_user_id_t *user_id; + idmef_address_t *address; + idmef_target_t *target = idmef_alert_get_next_target(alert, NULL); + idmef_source_t *source = idmef_alert_get_next_source(alert, NULL); + + ip = ptr = get_value(msg, _("ip"), NULL); + if ( ptr ) { + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + } + + ret = idmef_source_new_node(source, &node); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_address_new_address(address, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + prelude_string_set_nodup(str, ptr); + } + + ptr = get_value(msg, _("host"), NULL); + if ( ptr ) { + if ( ip && strcmp(ptr, ip) == 0 ) + free(ptr); + else { + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + } + + ret = idmef_source_new_node(source, &node); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_node_new_name(node, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + prelude_string_set_nodup(str, ptr); + } + } + + ptr = get_value(msg, _("name"), NULL); + if ( ptr ) { + ret = idmef_target_new_user(target, &user); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + idmef_user_set_category(user, IDMEF_USER_CATEGORY_OS_DEVICE); + + ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER); + + pw = getpwnam(ptr); + if ( pw ) + idmef_user_id_set_number(user_id, pw->pw_uid); + + ret = idmef_user_id_new_name(user_id, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + prelude_string_set_nodup(str, ptr); + + ptr = get_value(msg, _("tty"), NULL); + if ( ptr ) { + ret = idmef_user_id_new_tty(user_id, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + prelude_string_set_nodup(str, ptr); + } + } + + ptr = get_time_value(msg, _("time"), NULL); + if ( ptr ) { + idmef_time_t *time; + + ret = idmef_time_from_samhain(&time, ptr); + free(ptr); + + if ( ret < 0 ) + return ret; + + idmef_alert_set_detect_time(alert, time); + } + + return 0; +} + + +static int samhain_alert_prelude(int priority, int sh_class, + char *message, unsigned long msgid) +{ + int ret; + idmef_time_t *time; + idmef_alert_t *alert; + idmef_message_t *idmef; + idmef_classification_t *classification; + idmef_assessment_t *assessment; + idmef_additional_data_t *data; + idmef_impact_t *impact; + idmef_target_t *target; + idmef_confidence_t *confidence; + prelude_string_t *str; + + if ( !client || sh_class == STAMP) + return 0; + + ret = idmef_message_new(&idmef); + if ( ret < 0 ) + goto err; + + ret = idmef_message_new_alert(idmef, &alert); + if ( ret < 0 ) + goto err; + + idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), IDMEF_LIST_PREPEND); + + ret = idmef_time_new_from_gettimeofday(&time); + if ( ret < 0 ) + goto err; + idmef_alert_set_detect_time(alert, time); + + ret = idmef_time_new_from_gettimeofday(&time); + if ( ret < 0 ) + goto err; + idmef_alert_set_create_time(alert, time); + + ret = idmef_alert_new_classification(alert, &classification); + if ( ret < 0 ) + goto err; + + ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND); + if ( ret < 0 ) + goto err; + + idmef_target_set_decoy(target, IDMEF_TARGET_DECOY_NO); + + if ( idmef_analyzer_get_node(prelude_client_get_analyzer(client)) ) { + idmef_node_ref(idmef_analyzer_get_node(prelude_client_get_analyzer(client))); + idmef_target_set_node(target, idmef_analyzer_get_node(prelude_client_get_analyzer(client))); + } + + if ( strstr(message, _("path=")) ) { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + if ( msgid != MSG_FI_ADD && msgid != MSG_FI_ADD2 ) + get_file_infos(target, message, IDMEF_FILE_CATEGORY_ORIGINAL); +#endif + + get_file_infos(target, message, IDMEF_FILE_CATEGORY_CURRENT); + } + + ret = idmef_alert_new_assessment(alert, &assessment); + if ( ret < 0 ) + goto err; + + ret = idmef_assessment_new_impact(assessment, &impact); + if ( ret < 0 ) + goto err; + + ret = idmef_classification_new_text(classification, &str); + if ( ret < 0 ) + goto err; + + ret = get_login_info(message, alert); + if ( ret < 0 ) + goto err; + + map_policy_to_class(message, msgid, impact, str); + +#if 0 + if ( priority == SH_ERR_SEVERE || priority == SH_ERR_FATAL ) + idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_HIGH); + + else if ( priority == SH_ERR_ALL || priority == SH_ERR_INFO || priority == SH_ERR_NOTICE ) + idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_LOW); + + else + idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_MEDIUM); +#endif + idmef_impact_set_severity(impact, map_severity(priority)); + + idmef_impact_set_completion(impact, IDMEF_IMPACT_COMPLETION_SUCCEEDED); + + ret = idmef_assessment_new_confidence(assessment, &confidence); + if ( ret < 0 ) + goto err; + + idmef_confidence_set_rating(confidence, IDMEF_CONFIDENCE_RATING_HIGH); + + ret = idmef_alert_new_additional_data(alert, &data, IDMEF_LIST_APPEND); + if ( ret < 0 ) + goto err; + + ret = idmef_additional_data_new_meaning(data, &str); + if ( ret < 0 ) + goto err; + + prelude_string_set_dup(str, _("Message generated by Samhain")); + idmef_additional_data_set_type(data, IDMEF_ADDITIONAL_DATA_TYPE_STRING); + idmef_additional_data_set_string_ref(data, message); + + /* debug_print_message(idmef); */ + + prelude_client_send_idmef(client, idmef); + idmef_message_destroy(idmef); + + return 0; + + err: + idmef_message_destroy(idmef); + return -1; +} + + +int sh_prelude_alert(int priority, int sh_class, char *message, long msgflags, unsigned long msgid) +{ + int ret; + + (void) msgflags; /* fix compiler warning */ + + if ( initialized < 1 ) + return -1; + + ret = samhain_alert_prelude(priority, sh_class, message, msgid); + if ( ret < 0 ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Problem with IDMEF for prelude-ids support: alert lost"), + _("sh_prelude_alert")); + } + + return ret; +} + + + +int sh_prelude_set_profile(const char *arg) +{ + if ( profile ) { + free(profile); + profile = NULL; + } + + if ( arg ) { + profile = strdup(arg); + if ( ! profile ) + return -1; + } + + return 0; +} + + +void sh_prelude_reset(void) +{ + extern void sh_error_init_prelude(); + + ready_for_init = 1; + sh_error_init_prelude(); + return; +} + + + +void sh_prelude_stop(void) +{ + if (initialized < 1) + return; + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS); + client = NULL; + initialized = 0; + return; +} + + + +int sh_prelude_init(void) +{ + int ret; + prelude_string_t *str; + idmef_analyzer_t *analyzer; + prelude_client_flags_t flags; +#ifdef SH_NOFAILOVER + prelude_connection_pool_t *pool; + prelude_connection_pool_flags_t conn_flags; +#endif + + if (ready_for_init == 0) + return initialized; + + if (initialized > 0) + return initialized; + + prelude_thread_init(NULL); + prelude_init(&sh_argc_store, sh_argv_store); + + ret = prelude_client_new(&client, profile ? profile : _("samhain")); + if ( ret < 0 ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Failed to initialize Prelude"), _("sh_prelude_init")); + initialized = -1; + return -1; + } + + /* + * Enable automatic heartbeat sending. + */ + flags = prelude_client_get_flags(client); + ret = prelude_client_set_flags(client, flags | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER); + + analyzer = prelude_client_get_analyzer(client); + + ret = idmef_analyzer_new_model(analyzer, &str); + prelude_string_set_dup(str, IDMEF_ANALYZER_MODEL); + + ret = idmef_analyzer_new_class(analyzer, &str); + prelude_string_set_dup(str, IDMEF_ANALYZER_CLASS); + + ret = idmef_analyzer_new_version(analyzer, &str); + prelude_string_set_dup(str, IDMEF_ANALYZER_VERSION); + +#ifdef SH_NOFAILOVER + pool = prelude_client_get_connection_pool(client); + conn_flags = prelude_connection_pool_get_flags(pool); + + conn_flags &= ~PRELUDE_CONNECTION_POOL_FLAGS_FAILOVER; + prelude_connection_pool_set_flags(pool, conn_flags); +#endif + + ret = prelude_client_start(client); + if ( ret < 0 ) { + prelude_perror(ret, _("error starting prelude client")); + + if ( prelude_client_is_setup_needed(ret) ) + prelude_client_print_setup_error(client); + + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Failed to start Prelude"), _("sh_prelude_init")); + initialized = -1; + return -1; + } + + initialized = 1; + return 1; +} + +/* HAVE_LIBPRELUDE_9 */ +#endif + Index: branches/samhain-2_2-branch/src/sh_prelude_old.c =================================================================== --- branches/samhain-2_2-branch/src/sh_prelude_old.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_prelude_old.c (revision 66) @@ -0,0 +1,825 @@ +/* + * + * Copyright (C) 2004, 2005 Rainer Wichmann, Patrice Bourgin, + * Yoann Vandoorselaere + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. + * + */ + +/* + * + * 03/12/2004 : R.W.: + * fix more memory leaks in get_file_infos() + * workaround (re-init) for file descriptor closing problem with GPG + * + * R.W.: fix missing treatment of alternative XML-style messages + * fix get_value (if terminating '>' or '"' is not found, may + * overwrite the NULL terminator of the string ...) + * fix memory leaks in get_file_infos(), retrieve_time() + * + * 13/03/2004 : This file is modified by Patrice Bourgin + * + * + * R.W.: Some problems with the patch by Patrice Bourgin fixed + * (e.g. memory leak) + * + * Modifications (13/03/2004) by Patrice bourgin (pbourgin@xpconseil.com) : + * Comment : thanks for memory leak fix :p + * 1 : remove translation of HTML tag + * 2 : send detailled information about files to prelude (with two + * functions : get_value and get_file_infos) + * these two functions were written by Yoann, but for future + * version of prelude, I adapt them to work + * with version 0.8.10 of libprelude + * 3 : send a heartbeat just after initialization, to alert prelude that + * samhain is started + * 4 : these modifications was tested successfully, and all informations are + * correctly transmitted to prelude and displayed with piwi + * + * Modifications (7/03/2004) by Patrice bourgin (pbourgin@xpconseil.com) : + * 1 : translation of HTML tag <> to tag () in alert to permit + * displaying alerts on piwi + * 2 : add the address in the source and in the target for displaying on piwi + * 3 : add information about the classification, because there was only + * one classification and it was not enough + * 4 : add impact field to classify alert in prelude, becuse impact is + * needed to treat information + * 5 : correct some errors with transmission to prelude with libprelude + */ + +#include "config_xor.h" + +#include +#include +#include + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif +#include +#include + +#if defined(HAVE_LIBPRELUDE) && !defined(HAVE_LIBPRELUDE_9) + +/* + * _() macros are samhain specific; they are used to replace string + * constants at runtime. This is part of the samhain stealth mode + * (fill string constants with encoded strings, decode at runtime). + */ +#define FIL__ _("sh_prelude.c") + +#if defined(__GNUC__) +extern char *strptime (const char * s, + const char * fmt, struct tm * tp); +#endif + +#include +#include +#include +#include +#ifdef HAVE_LIBGEN_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef HAVE_BASENAME +#define basename(a) ((NULL == strrchr(a, '/')) ? (a) : (strrchr(a, '/'))) +#endif + +/* + * includes for samhain-specific functions (sl_strstr, sh_error_handle) + */ +#include "slib.h" +#include "sh_mem.h" +#include "sh_cat.h" +#include "sh_error_min.h" +#include "sh_prelude.h" +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" + +static char programname[64]; +static idmef_heartbeat_t heartbeat; +static prelude_msgbuf_t * hb_msgbuf = NULL; +static struct utsname * uname_data = NULL; + +static char hostname[256]; + +static char model[64]; +static char class[64]; +static char version[8]; +static char manufacturer[64]; + +static char name[16]; +static char url[32]; + +static char meaning[64]; +static char description[128]; + +static char * path_basename = NULL; +static char * path_fullname = NULL; + +/* safe string duplication function + */ +static char * xstrdup (const char * str) +{ + size_t len; + char * ret; + + if (!str) + return NULL; + len = sl_strlen(str); + ret = SH_ALLOC(len+1); + sl_strlcpy (ret, str, len+1); + return (ret); +} + +/* Get the value for a key. The key is built from toktmp + toksuffix. + * msg is modified temporarily, so it should not be declared 'const'. + */ +static char *get_value (char *msg, const char *toktmp, + const char *toksuffix) +{ + char * ret = NULL, *ptr, tok[128]; + + snprintf(tok, sizeof(tok), "%s%s", toktmp, (toksuffix) ? toksuffix : ""); + + ptr = strstr(msg, tok); + if ( ! ptr ) + return NULL; + +#ifdef SH_USE_XML + while (*ptr && *ptr != '"') ptr++; + if (*ptr) { + ret = ptr + 1; ptr = ret; + } + while (*ptr && *ptr != '"') ptr++; + if (*ptr) + { + *ptr = '\0'; + if (ret) ret = xstrdup(ret); + *ptr = '"'; + } + else + { + if (ret) ret = xstrdup(ret); + } +#else + while (*ptr && *ptr != '<') ptr++; + if (*ptr) ret = ptr + 1; + while (*ptr && *ptr != '>') ptr++; + if (*ptr) + { + *ptr = '\0'; + if (ret) ret = xstrdup(ret); + *ptr = '>'; + } + else + { + if (ret) ret = xstrdup(ret); + } +#endif + + return ret; +} + +int sh_prelude_init () +{ + int ret = -1; + + if (uname_data != NULL) { + SH_FREE(uname_data); + uname_data = NULL; + } + uname_data = SH_ALLOC(sizeof(struct utsname)); /* only once */ + if (!uname_data) { + return -1; + } + ret = uname(uname_data); + if (ret < 0) { + uname_data = NULL; + return -1; + } + + /* ------- LibPrelude Init ------- + */ + strncpy(programname, _("Samhain"), 64); + programname[63] = '\0'; + + if ( prelude_sensor_init(programname, NULL, 0, NULL) < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Failed to initialize Prelude"), + _("sh_prelude_init")); + return -1; + } + + strncpy(model, _("Samhain"), 64); + model[63] = '\0'; + strncpy(class, _("Samhain Host Intrusion Detection System"), 64); + class[63] = '\0'; + strncpy(version, VERSION, 8); + version[7] = '\0'; + strncpy(manufacturer, _("Samhain by Rainer Wichmann"), 64); + manufacturer[63] = '\0'; + + /* + if (sh.host.name[0] != '\0') { + strncpy(hostname, sh.host.name, 256); hostname[255] = '\0'; + } else { + gethostname (hostname, 256); hostname[255] = '\0'; + } + */ + + /* According to the manpage, if gethostname returns a truncated hostname, + * it may or may not be NULL terminated. So we terminate explicitely. + */ + gethostname (hostname, 256); hostname[255] = '\0'; + + strncpy (name, _("Samhain HIDS"), 16); + name[15] = '\0'; + strncpy (url, _("http://www.la-samhna.de/samhain/"), 32); + url[31] = '\0'; + + strncpy (meaning, _("Message generated by Samhain"), 64); + meaning[63] = '\0'; + + /* analyzer information */ + idmef_string_set (&heartbeat.analyzer.model, model); + idmef_string_set (&heartbeat.analyzer.class, class); + idmef_string_set (&heartbeat.analyzer.version, version); + + /* analyzer address */ + idmef_analyzer_node_new(&heartbeat.analyzer); + idmef_string_set (&heartbeat.analyzer.node->name, hostname); + + /* analyzer type */ + idmef_string_set(&heartbeat.analyzer.ostype, uname_data->sysname); + idmef_string_set(&heartbeat.analyzer.osversion, uname_data->release); + + + INIT_LIST_HEAD(&heartbeat.additional_data_list); + + if (hb_msgbuf != NULL) + { + prelude_msgbuf_close (hb_msgbuf); + hb_msgbuf = NULL; + } + hb_msgbuf = prelude_msgbuf_new(0); + if (!hb_msgbuf) { + return -1; + } + + /* prelude_heartbeat_register_cb(&SendHeartbeat, NULL); */ + return 1; +} + +/* Retrieve the content of "msg=" for adding informations on + * impact tag with prelude + */ +char *RetrieveImpact(const char *msg) +{ + char *tmp1; + char *tmp2; + char *tmp0; + char *ret = NULL; + + tmp2 = xstrdup(msg); + /* + * don't use strtok - strtok (str, delim) is 'one of the chars + * in delim', not the full 'delim' string + */ + if (tmp2) + tmp1 = sl_strstr (tmp2, _("msg=")); + else + return NULL; + + if (tmp1) + { + tmp1 += 5; +#ifdef SH_USE_XML + tmp0 = strchr(tmp1, '"'); +#else + tmp0 = strchr(tmp1, '>'); +#endif + if (tmp0) + *tmp0 = '\0'; + ret = xstrdup(tmp1); + } + SH_FREE(tmp2); /* fix memory leak */ + + return ret; +} + +/* Transform the string time from the event into time + */ +time_t retrieve_time(char *stime) +{ +#ifdef HAVE_STRPTIME + struct tm tmptime; + time_t rettime = -1; + char *tmp0, *tmp1, *tmp2; + + /* fix more memory leaks + */ + if ( stime ) + { + tmp0 = xstrdup(stime); + tmp1 = tmp0; + tmp2 = tmp1 + 1; + + while (*tmp1 && *tmp1 != ']') tmp1++; + if (*tmp1) + { + *tmp1 = '\0'; + tmp2 = xstrdup(tmp2); + SH_FREE (tmp0); + } + else + { + tmp2 = xstrdup(tmp2); + SH_FREE (tmp0); + } + + memset (&tmptime, '\0', sizeof(struct tm)); + strptime(tmp2,"%Y-%m-%dT%H:%M:%S", &tmptime); + rettime = mktime(&tmptime); + + SH_FREE(tmp2); + + if ( rettime != -1 ) + return rettime; + else + return 0; + } +#endif + return 0; +} + +/* msg is modified temporarily in get_value(), + * so it should not be declared 'const'. + */ +void get_file_infos(idmef_target_t *target, char *msg, + idmef_file_category_t category) +{ + char *ptr; + idmef_file_t *file; + idmef_time_t *temps; + idmef_inode_t *inode; + const char *suffix = (category == current) ? "_new" : "_old"; + + file = idmef_target_file_new(target); + if ( ! file ) + return; + + file->category = category; + /* + * Fix memory leak - the pointer to get_value(msg, "path", NULL) is lost + * libprelude does not strdup, only sets a pointer, so need a global pointer + * to keep track of this :( + */ + if (category == original) + path_fullname = get_value(msg, "path", NULL); + idmef_string_set (&file->path, path_fullname); + + if (category == original) + path_basename = get_value(msg, "path", NULL); + if (path_basename) { + idmef_string_set (&file->name, basename(path_basename)); + } + + ptr = get_value(msg, "size", suffix); + if ( ptr ) { + file->data_size = strtoul(ptr, NULL, 10); + SH_FREE(ptr); + } + + ptr = get_value(msg, "mtime", suffix); + if ( ptr ) { + temps = idmef_file_modify_time_new(file); + temps->sec = retrieve_time(ptr); + SH_FREE(ptr); + } + + ptr = get_value(msg, "ctime", suffix); + if ( ptr ) { + temps = idmef_file_create_time_new(file); + temps->sec = retrieve_time(ptr); + SH_FREE(ptr); + } + + ptr = get_value(msg, "atime", suffix); + if ( ptr ) { + temps = idmef_file_access_time_new(file); + temps->sec = retrieve_time(ptr); + SH_FREE(ptr); + } + + ptr = get_value(msg, "inode", suffix); + if ( ptr ) { + inode = idmef_file_inode_new(file); + inode->number = strtoul(ptr, NULL, 10); + SH_FREE(ptr); + } +} + +void sh_prelude_reset() +{ + (void) sh_prelude_alert (0, 0, NULL, 0, 0); + return; +} + +int sh_prelude_alert (int priority, int sh_class, char * message, + long msgflags, unsigned long msgid) +{ + static int initialized = 0; + struct timeval tv; + + idmef_alert_t * alert; + idmef_message_t * idmef; + prelude_msgbuf_t * msgbuf; + idmef_classification_t * classification; + idmef_target_t * target; + idmef_address_t * taddr; + idmef_source_t * source; + idmef_assessment_t * assessment; + idmef_additional_data_t * data; + /* To store impact */ + char * impactmsg = NULL; + struct hostent * myhost; + char * src_ip = NULL; + + static int some_error = 0; + + (void) msgflags; + (void) msgid; + + /* Workaround for the file closing bug + */ + if (message == NULL && priority == 0 && sh_class == 0) + { + initialized = 0; + return 0; + } + + if (initialized == 0) + { + /* initialize + */ + initialized = sh_prelude_init(); + + /* send a heartbeat after initialization to say to prelude "I'm alive" */ + + gettimeofday(&tv, NULL); + heartbeat.create_time.sec = tv.tv_sec; + heartbeat.create_time.usec = tv.tv_usec; + + /* + * we could use additional data to send stats. + */ + prelude_msgbuf_set_header(hb_msgbuf, PRELUDE_MSG_IDMEF, 0); + idmef_send_heartbeat(hb_msgbuf, &heartbeat); + prelude_msgbuf_mark_end(hb_msgbuf); + } + if (initialized == -1) + { + /* init failed + */ + if (some_error == 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Problem with prelude-ids support: init failed"), + _("sh_prelude_alert")); + } + some_error = 1; + return -1; + } + + if (sh_class == STAMP) + { + gettimeofday(&tv, NULL); + heartbeat.create_time.sec = tv.tv_sec; + heartbeat.create_time.usec = tv.tv_usec; + + /* + * we could use additional data to send stats. + */ + prelude_msgbuf_set_header(hb_msgbuf, PRELUDE_MSG_IDMEF, 0); + idmef_send_heartbeat(hb_msgbuf, &heartbeat); + prelude_msgbuf_mark_end(hb_msgbuf); + return 0; + } + + /* This function serves to initialize a message structure. + * The returned idmef_message_t structure is a static variable + * declared in idmef_message_new(). + */ + idmef = idmef_message_new(); + if ( ! idmef ) + goto err; + + /* 'alert' is a static variable that gets initialized and + * associated with the idmef_message_t idmef_alert_t member. + * -> no new memory allocated; not signal-safe or thread-safe. + */ + idmef_alert_new(idmef); + alert = idmef->message.alert; + + /* Set the 'detect time'. idmef_alert_new() will already set the + * 'create time', whatever the difference is supposed to be. + */ + gettimeofday(&tv, NULL); + idmef_alert_detect_time_new(alert); + alert->detect_time->sec = tv.tv_sec; + alert->detect_time->usec = tv.tv_usec; + + /* ------- Analyzer. ------- + * + * This apparently is supposed to provide some information + * about the sensor to the server (what sensor process ? where ?). + * + * idmef_string_set (x, y) is a macro that will make x + * a pointer to y. Therefore the caller must guarantee that y will + * never be overwritten until the alert is sent. + * With the samhain _() macros, this means we must copy to another + * storage region. + * + * N.B.: with constant strings, you can use idmef_string_set_constant() + * instead. + */ + idmef_string_set (&alert->analyzer.model, model); + idmef_string_set (&alert->analyzer.class, class); + idmef_string_set (&alert->analyzer.version, version); + idmef_string_set (&alert->analyzer.manufacturer, manufacturer); + + /* Here we add some information on the host OS. + */ + idmef_string_set (&alert->analyzer.ostype, uname_data->sysname); + idmef_string_set (&alert->analyzer.osversion, uname_data->release); + + /* ------- Analyzer / Process ------- + * + * Fill in minimal info about the process. Apparently one could also + * supply things like path, argv, env (?). + */ + idmef_analyzer_process_new (&alert->analyzer); + alert->analyzer.process->pid = getpid(); + + /* ------- Analyzer / Node ------- + * + * Provide the name of this node, i.e. host. + */ + idmef_analyzer_node_new (&alert->analyzer); + idmef_string_set (&alert->analyzer.node->name, hostname); + + + + /* ------- Classification ------- + * + * Apparently 'classification' provides details about the sensor + * program. + * + * For reasons unbeknown to me (did not care to investigate), + * this function does allocate memory, instead of using a static variable. + * + */ + classification = idmef_alert_classification_new(alert); + if ( ! classification ) + goto err; + + + impactmsg = RetrieveImpact(message); + if (impactmsg) + idmef_string_set (&classification->name, impactmsg); + idmef_string_set (&classification->url, url); + + classification->origin = vendor_specific; + + /* Get information about ip address */ + + myhost = sh_gethostbyname(hostname); + src_ip = xstrdup(inet_ntoa(*((struct in_addr *)myhost->h_addr_list[0]))); + + + /* ------- Target ------- + * + * Purpose ? To provide informations about destination of alert + * + * Allocates memory. + * + */ + target = idmef_alert_target_new(alert); + if ( ! target ) + goto err; + idmef_target_node_new(target); + idmef_string_set(&target->node->name, hostname); + + if ( strstr(message, "path=") ) { + get_file_infos(target, message, original); + get_file_infos(target, message, current); + } + + if (src_ip) + { + taddr = idmef_node_address_new(target->node); + if (!taddr) + goto err; + + taddr->category = ipv4_addr; + idmef_string_set(&taddr->address, src_ip); + } + + /* ------- Source ------- + * + * Purpose ? To provide informations about source of alert + * + * Allocates memory. + * + */ + source = idmef_alert_source_new(alert); + if ( ! source ) + goto err; + + /* ------- Impact ------- + */ + idmef_alert_assessment_new(alert); + assessment = alert->assessment; + idmef_assessment_impact_new(assessment); + + if ((priority == SH_ERR_SEVERE) || (priority == SH_ERR_FATAL)) + { + assessment->impact->severity = impact_high; + } + else if ((priority == SH_ERR_ALL) || (priority == SH_ERR_INFO) || + (priority == SH_ERR_NOTICE)) + { + assessment->impact->severity = impact_low; + } + else + { + assessment->impact->severity = impact_medium; + } + + if (NULL != sl_strstr(message, _("POLICY"))) + { + if (NULL != sl_strstr(message, _("POLICY KERNEL"))) + { + assessment->impact->severity = impact_high; + assessment->impact->completion = succeeded; + assessment->impact->type = other; + strncpy(description, + _("Kernel modification detected by Samhain."), + 128); + description[127] = '\0'; + } + else + { + assessment->impact->severity = impact_high; + assessment->impact->completion = succeeded; + assessment->impact->type = file; + strncpy(description, + _("File system modification detected by Samhain."), + 128); + description[127] = '\0'; + } + } + else + { + if ( ((NULL != sl_strstr(message, _("Login"))) || + (NULL != sl_strstr(message, _("Multiple login"))) || + (NULL != sl_strstr(message, _("Logout")))) && + (NULL == sl_strstr(message, _("Checking")))) + { + assessment->impact->completion = succeeded; + assessment->impact->type = user; + strncpy(description, + _("Login/logout detected by Samhain."), + 128); + description[127] = '\0'; + } + else + { + /* assessment->impact->severity = impact_low; */ + assessment->impact->completion = succeeded; + assessment->impact->type = other; + strncpy(description, + _("Message by Samhain."), + 128); + description[127] = '\0'; + } + } + idmef_string_set (&assessment->impact->description, description); + idmef_assessment_confidence_new(assessment); + assessment->confidence->rating = high; + + /* ------- Additional Data ------- + * + * Here we supply the log message. + * + */ + data = idmef_alert_additional_data_new(alert); + if ( ! data ) + goto err; + + data->type = string; + idmef_string_set (&data->meaning, meaning); + if (message) + idmef_additional_data_set_data (data, string, message, + strlen(message) + 1); + + /* ------- Send ------- + * + * Finally, the preparated message is sent. + */ + msgbuf = prelude_msgbuf_new(0); + if ( ! msgbuf ) + goto err; + + /* Always return 0 (in libprelude 0.8.10); i.e. no useful + * exit status + */ + idmef_msg_send(msgbuf, idmef, PRELUDE_MSG_PRIORITY_HIGH); + + /* Cleanup + */ + idmef_message_free(idmef); + prelude_msgbuf_close(msgbuf); + if (path_basename) + { + SH_FREE(path_basename); + path_basename = NULL; + } + if (path_fullname) + { + SH_FREE(path_fullname); + path_fullname = NULL; + } + if (impactmsg) + SH_FREE(impactmsg); + if (src_ip) + SH_FREE(src_ip); + + some_error = 0; + + return 0; + + err: + /* Cleanup + */ + idmef_message_free(idmef); + if (0 == some_error) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Problem with IDMEF for prelude-ids support: alert lost"), + _("sh_prelude_alert")); + } + if (path_basename) + { + SH_FREE(path_basename); + path_basename = NULL; + } + if (path_fullname) + { + SH_FREE(path_fullname); + path_fullname = NULL; + } + if (impactmsg) + SH_FREE(impactmsg); + if (src_ip) + SH_FREE(src_ip); + some_error = 1; + return -1; + +} + +/* HAVE_LIBPRELUDE */ +#endif Index: branches/samhain-2_2-branch/src/sh_readconf.c =================================================================== --- branches/samhain-2_2-branch/src/sh_readconf.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_readconf.c (revision 66) @@ -0,0 +1,1261 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include + + +#include "samhain.h" +#include "sh_error.h" +#include "sh_database.h" +#include "sh_unix.h" +#include "sh_utils.h" +#include "sh_files.h" +#include "sh_mail.h" +#include "sh_calls.h" +#include "sh_tiger.h" +#include "sh_forward.h" +#include "sh_modules.h" +#include "sh_gpg.h" +#include "sh_hash.h" +#include "sh_ignore.h" +#include "sh_prelink.h" +#include "sh_extern.h" + +#ifdef WITH_DATABASE +#include "sh_database.h" +#endif + +#ifdef HAVE_LIBPRELUDE_9 +#include "sh_prelude.h" +#endif + +extern int set_reverse_lookup (const char * c); + +#undef FIL__ +#define FIL__ _("sh_readconf.c") + +typedef enum { + SH_SECTION_NONE, + SH_SECTION_LOG, + SH_SECTION_MISC, + SH_SECTION_ATTRIBUTES, + SH_SECTION_READONLY, + SH_SECTION_LOGFILES, + SH_SECTION_LOGGROW, + SH_SECTION_NOIGNORE, + SH_SECTION_ALLIGNORE, + SH_SECTION_USER0, + SH_SECTION_USER1, + SH_SECTION_USER2, + SH_SECTION_USER3, + SH_SECTION_USER4, + SH_SECTION_PRELINK, +#if defined (SH_WITH_MAIL) + SH_SECTION_MAIL, +#endif +#if defined (SH_WITH_CLIENT) + SH_SECTION_CLT, +#endif +#ifdef WITH_EXTERNAL + SH_SECTION_EXTERNAL, +#endif +#ifdef WITH_DATABASE + SH_SECTION_DATABASE, +#endif +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + SH_SECTION_OTHER, +#endif +#ifdef SH_WITH_SERVER + SH_SECTION_CLIENTS, + SH_SECTION_SRV, +#endif + SH_SECTION_THRESHOLD +} ShSectionType; + +typedef struct str_ListSections { + char * name; + int type; +} sh_str_ListSections; + +struct str_ListSections tab_ListSections[] = { + { N_("[Log]"), SH_SECTION_LOG}, + { N_("[Misc]"), SH_SECTION_MISC}, + { N_("[Attributes]"), SH_SECTION_ATTRIBUTES}, + { N_("[ReadOnly]"), SH_SECTION_READONLY}, + { N_("[LogFiles]"), SH_SECTION_LOGFILES}, + { N_("[GrowingLogFiles]"), SH_SECTION_LOGGROW}, + { N_("[IgnoreAll]"), SH_SECTION_ALLIGNORE}, + { N_("[IgnoreNone]"), SH_SECTION_NOIGNORE}, + { N_("[User0]"), SH_SECTION_USER0}, + { N_("[User1]"), SH_SECTION_USER1}, + { N_("[User2]"), SH_SECTION_USER2}, + { N_("[User3]"), SH_SECTION_USER3}, + { N_("[User4]"), SH_SECTION_USER4}, + { N_("[Prelink]"), SH_SECTION_PRELINK}, +#ifdef WITH_EXTERNAL + { N_("[External]"), SH_SECTION_EXTERNAL}, +#endif +#ifdef WITH_DATABASE + { N_("[Database]"), SH_SECTION_DATABASE}, +#endif + { N_("[EventSeverity]"), SH_SECTION_THRESHOLD}, +#ifdef SH_WITH_SERVER + { N_("[Clients]"), SH_SECTION_CLIENTS}, + { N_("[Server]"), SH_SECTION_SRV}, +#endif +#if defined (SH_WITH_CLIENT) + { N_("[Client]"), SH_SECTION_CLT}, +#endif +#if defined (SH_WITH_MAIL) + { N_("[Mail]"), SH_SECTION_MAIL}, +#endif + { NULL, SH_SECTION_NONE} +}; + + +static int sh_readconfig_line (char * line); + +static ShSectionType read_mode = SH_SECTION_NONE; + +static int conf_line = 0; + +/* --- Read the configuration file. --- + */ +int sh_readconf_read (void) +{ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /* This is for modules. + */ + int modnum; +#endif + + int i; + + SL_TICKET fd = -1; +#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) + SL_TICKET fdTmp = -1; + SL_TICKET open_tmp (void); +#endif + char * tmp; + char * lptr; + + char line_in[512+2]; + char * line; + int line_int; + + char myident[3*SH_MINIBUF+3]; + + /* This is for nested conditionals. + */ + int some_other_host[16] = { 0 }; + int some_other_system[16] = { 0 }; + int seen_host = 0; + int seen_system = 0; + int host_int = 0; + int sys_int = 0; + + int invert = 0; + int length = sl_strlen(sh.host.name); + + int local_file = 1; + char local_flag = 'R'; + +#if defined(WITH_GPG) || defined(WITH_PGP) + int signed_content = S_FALSE; + int true_content = S_FALSE; +#endif +#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) + int hidden_count = 0; +#endif + uid_t euid; + + SL_ENTER(_("sh_readconf_read")); + + /* --- Open config file, exit on failure. --- + */ +#if defined(SH_WITH_CLIENT) + if (0 == sl_strcmp(file_path('C', 'R'), _("REQ_FROM_SERVER"))) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_D_START); + + fd = sh_forward_req_file(_("CONF")); + + if (!SL_ISERROR(fd)) + local_file = 0; + else if (sh.flag.checkSum != SH_CHECK_INIT) + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + else + { + sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_D_FAIL); + local_file = 1; + local_flag = 'I'; + } + } +#endif + + /* Use a local configuration file. + */ + if (local_file == 1) + { + if (0 != tf_trust_check (file_path('C', local_flag), SL_YESPRIV)) + { + sl_get_euid(&euid); + dlog(1, FIL__, __LINE__, + _("The configuration file: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"), + ( (NULL == file_path('C', local_flag)) + ? _("(null)") : file_path('C', local_flag) )); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST, + (long) euid, + ( (NULL == file_path('C', local_flag)) + ? _("(null)") : file_path('C', local_flag) ) + ); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + if (SL_ISERROR(fd = sl_open_read(file_path('C',local_flag),SL_YESPRIV))) + { + sl_get_euid(&euid); + dlog(1, FIL__, __LINE__, + _("Could not open the local configuration file for reading because\nof the following error: %s (errnum = %ld)\nIf this is a permission problem, you need to change file permissions\nto make the file readable for the effective UID: %d\n"), + sl_get_errmsg(), fd, (int) euid); + sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_NOACCESS, + (long) euid, + ( (NULL == file_path('C', local_flag)) + ? _("(null)") : file_path('C', local_flag) ) + ); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + } + + /* Compute the checksum of the open file. + */ + tiger_fd = fd; + sl_strlcpy(sh.conf.hash, + sh_tiger_hash(file_path('C',local_flag),TIGER_FD, 0), + KEY_LEN+1); + sl_rewind (fd); + +#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) + /* extract the data and copy to temporary file + */ + fdTmp = open_tmp(); + while ( sh_unix_getline_stealth (fd, line_in, 512) > 0) { + hidden_count++; + if (line_in[0] == '\n') + { + sl_write(fdTmp, line_in, 1); + } + else + { + sl_write_line(fdTmp, line_in, sl_strlen(line_in)); + } +#if defined(WITH_GPG) || defined(WITH_PGP) + if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25)) + break; +#else + if (0 == sl_strncmp(line_in, _("[EOF]"), 5)) + break; +#endif + if (hidden_count > 4096) /* arbitrary safeguard */ + break; + } + sl_close(fd); + fd = fdTmp; + sl_rewind (fd); +#endif + + /* The system type, release, and machine. + */ + sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), + sh.host.system, /* flawfinder: ignore */ + sh.host.release, sh.host.machine); + + + /* --- Start reading lines. --- + */ + conf_line = 0; + + while ( sh_unix_getline (fd, line_in, 512) > 0) { + + ++conf_line; + + line = &(line_in[0]); + + /* fprintf(stderr, "<%s>\n", line); */ + + /* Sun May 27 18:40:05 CEST 2001 + */ +#if defined(WITH_GPG) || defined(WITH_PGP) + if (signed_content == S_FALSE) + { + if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) + signed_content = S_TRUE; + else + continue; + } + else if (true_content == S_FALSE) + { + if (line[0] == '\n') + true_content = S_TRUE; + else + continue; + } + else if (signed_content == S_TRUE) + { + if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----"))) + break; + else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("second signed message in file"), + _("sh_readconf_read")); + dlog(1, FIL__, __LINE__, + _("There seems to be more than one signed message in the configuration\nfile. Please make sure there is only one signed message.\n")); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__,EXIT_FAILURE); + } + } +#endif + + /* Skip leading white space. + */ + while (*line) + { + line_int = *line; + if (!isspace(line_int)) + break; + ++line; + } + + /* Skip header etc. + */ + if (line[0] == '#' || line[0] == '\0' || line[0] == ';' || + (line[0] == '/' && line[1] == '/')) + continue; + + /* Clip off trailing white space. + */ + tmp = line + sl_strlen( line ); --tmp; + while( isspace((int) *tmp ) && tmp >= line ) *tmp-- = '\0'; + + + /* ------- starts a section ------------ */ + + if (line[0] == '[' && + some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0) + { + read_mode = SH_SECTION_NONE; + + if (sl_strncmp (line, _("[EOF]"), + 5) == 0) + { + goto nopel; + } + + i = 0; + + while (tab_ListSections[i].name != 0) + { + if (sl_strncmp (line, _(tab_ListSections[i].name), + sl_strlen(tab_ListSections[i].name)) == 0) + { + read_mode = tab_ListSections[i].type; + break; + } + ++i; + } + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (read_mode == SH_SECTION_NONE) + { + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (0 == sl_strncmp (line, _(modList[modnum].conf_section), + sl_strlen(modList[modnum].conf_section)) ) + read_mode = SH_SECTION_OTHER; + } + } +#endif + if (read_mode == SH_SECTION_NONE) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALHEAD, + (long) conf_line); + } + } + + /* --- an @host directive -------------- */ + + else if (line[0] == '@' || (line[0] == '!' && line[1] == '@')) + { + if (line[0] == '!') + { + lptr = &line[2]; + invert = 1; + } + else + { + lptr = &line[1]; + invert = 0; + } + + if (sl_strncmp (lptr, _("end"), 3) == 0) + { + if (0 == seen_host) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD, + _("config file"), + (long) conf_line); + + else if (host_int == 0) + { + /* end of an @host directive + */ + some_other_host[seen_host] = 0; + --seen_host; + seen_host = (seen_host < 0) ? 0 : seen_host; + } + + else + { + --host_int; + host_int = (host_int < 0) ? 0 : host_int; + } + } + else if (some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0 && + seen_host < 15) + { + if (sl_strncmp (lptr, sh.host.name, length) == 0 +#ifdef HAVE_REGEX_H + || sh_util_regcmp (lptr, sh.host.name) == 0 +#endif + ) + { + /* if match and '@', set some_other_host = 0; + * if match and '!@', set some_other_host = 1; + */ + ++seen_host; + some_other_host[seen_host] = invert; + } + else + { + /* if no match and '@', set some_other_host = 1; + * if no match and '!@', set some_other_host = 0; + */ + ++seen_host; + some_other_host[seen_host] = (invert == 0) ? 1 : 0; + } + } + else + ++host_int; + } + + /* --- an %schedule directive ------------ */ + + else if (line[0] == '%' || (line[0] == '!' && line[1] == '%')) + { +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (line[0] == '!' && 0 == sl_strcmp(&(line[2]), _("SCHEDULE_TWO"))) + set_dirList(1); + else if (0 == sl_strcmp(&(line[1]), _("SCHEDULE_TWO"))) + set_dirList(2); +#else + ; +#endif + } + + /* --- an $system directive -------------- */ + + else if (line[0] == '$' || (line[0] == '!' && line[1] == '$')) + { + if (line[0] == '!') + { + lptr = &line[2]; + invert = 1; + } + else + { + lptr = &line[1]; + invert = 0; + } + + if (sl_strncmp (lptr, _("end"), 3) == 0) + { + if (0 == seen_system) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD, + _("config file"), + (long) conf_line); + + else if (sys_int == 0) + { + /* end of an $system directive + */ + some_other_system[seen_system] = 0; + --seen_system; + seen_system = (seen_system < 0) ? 0 : seen_system; + } + else + { + --sys_int; + sys_int = (sys_int < 0) ? 0 : sys_int; + } + } + else if (some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0 && + seen_system < 15) + { + if (sl_strncmp (lptr, myident, sl_strlen(myident)) == 0 +#ifdef HAVE_REGEX_H + || sh_util_regcmp (lptr, myident) == 0 +#endif + ) + { + ++seen_system; + some_other_system[seen_system] = invert; + } + else + { + ++seen_system; + some_other_system[seen_system] = (invert == 0) ? 1 : 0; + } + } + else + ++sys_int; + } + + /* ------ no new section -------------- */ + + + else if (some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0 && + read_mode != SH_SECTION_NONE) + { + if (0 != sh_readconfig_line (line)) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALCONF, + (long) conf_line); + } + } + + } + + nopel: + + if (0 != seen_host || 0 != seen_system) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALDD, + _("config file"), + (long) conf_line); + +#if defined(WITH_GPG) || defined(WITH_PGP) + /* Validate signature of open file. + */ + sl_rewind (fd); + sh_error_only_stderr (S_FALSE); + if (0 != sh_gpg_check_sign (fd, 0, 1)) + aud_exit (FIL__, __LINE__, EXIT_FAILURE); +#endif + + sl_close (fd); + + sh_error_fixup(); + + read_mode = SH_SECTION_NONE; /* reset b/o sighup reload */ + + SL_RETURN( 0, _("sh_readconf_read")); +} + +int sh_readconf_set_path (char * which, const char * what) +{ + int len; + SL_ENTER( _("sh_readconf_set_path")); + + if (which == NULL || what == NULL) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"))); + SL_RETURN( -1, _("sh_readconf_set_path")); + } + + if (0 == sl_strcmp(what, _("AUTO"))) + { + len = sl_strlen(which); + if ( (len + sl_strlen(sh.host.name) + 2) > SH_PATHBUF) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"), + which, sh.host.name)); + SL_RETURN( -1, _("sh_readconf_set_path")); + } + else + { + which[len] = ':'; which[len+1] = '\0'; + sl_strlcat(which, sh.host.name, SH_PATHBUF); + } + } + else /* not auto */ + { + if (sl_strlen(what) > (SH_PATHBUF-1)) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"), what)); + SL_RETURN( -1, _("sh_readconf_set_path")); + } + else + { + sl_strlcpy(which, what, SH_PATHBUF); + } + } + SL_RETURN( 0, _("sh_readconf_set_path")); +} + +int sh_readconf_set_database_path (const char * what) +{ + return (sh_readconf_set_path(sh.data.path, what)); +} + +int sh_readconf_set_logfile_path (const char * what) +{ + return (sh_readconf_set_path(sh.srvlog.name, what)); +} + +int sh_readconf_set_lockfile_path (const char * what) +{ + return( sh_readconf_set_path(sh.srvlog.alt, what)); +} + + + + +typedef enum { + SET_MAILTIME, + SET_FILETIME +} ShTimerItem; + + +int sh_readconf_setTime (const char * str, ShTimerItem what) +{ + unsigned long i = atoi (str); + + SL_ENTER( _("sh_readconf_setTime")); + + if (i < LONG_MAX) + { + if (what == SET_MAILTIME) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), i)); + sh.mailTime.alarm_interval = i; + } + else if (what == SET_FILETIME) + { + TPT((0, FIL__, __LINE__, _("msg=\n"),i)); + sh.fileCheck.alarm_interval = i; + } + + SL_RETURN( 0, _("sh_readconf_setTime")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALL, + _("set timer"), (long) i); + SL_RETURN( (-1), _("sh_readconf_setTime")); + } +} + +int sh_readconf_setMailtime (const char * c) +{ + return sh_readconf_setTime (c, SET_MAILTIME); +} + +int sh_readconf_setFiletime (const char * c) +{ + return sh_readconf_setTime (c, SET_FILETIME); +} + +int sh_readconf_set_nice (const char * c) +{ + long val; + + SL_ENTER(_("sh_readconf_set_nice")); + + val = strtol (c, (char **)NULL, 10); + if (val < -20 || val > 20) + { + SL_RETURN((-1), _("sh_readconf_set_nice")); + } + + val = (val < -19 ? -19 : val); + val = (val > 19 ? 19 : val); + + sh.flag.nice = val; + SL_RETURN((0), _("sh_readconf_set_nice")); +} + +#ifdef FANCY_LIBCAP +int sh_readconf_setCaps(const char * c) +{ + int i; + SL_ENTER(_("sh_readconf_setCaps")); + + i = sh_util_flagval(c, &sl_useCaps); + SL_RETURN((i), _("sh_readconf_setCaps")); +} +#endif + +typedef struct _cfg_options { + char * optname; + ShSectionType section; + ShSectionType alt_section; + int (*func)(const char * opt); +} cfg_options; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +extern int sh_set_schedule_one(const char * str); +extern int sh_set_schedule_two(const char * str); +#endif +#if defined (SH_WITH_SERVER) +extern int sh_socket_use (const char * c); +extern int sh_socket_uid (const char * c); +extern int sh_socket_password (const char * c); +#endif + +cfg_options ext_table[] = { +#if defined(WITH_EXTERNAL) + { N_("opencommand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_setcommand }, + { N_("setcommandline"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_argv }, + { N_("setchecksum"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_checksum }, + { N_("setdefault"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_default }, + { N_("setenviron"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_environ }, + { N_("setdeadtime"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_deadtime }, + { N_("settype"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_type }, + { N_("setcredentials"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_priv }, + { N_("setfilternot"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_not }, + { N_("setfilterand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_and }, + { N_("setfilteror"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_or }, + { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL, + sh_error_set_external }, + { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL, + sh_error_external_mask }, +#endif + +#if defined(WITH_DATABASE) + { N_("usepersistent"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_use_persistent }, + { N_("setdbname"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_database }, + { N_("setdbtable"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_table }, + { N_("setdbhost"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_host }, + { N_("setdbuser"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_user }, + { N_("setdbpassword"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_password }, + { N_("addtodbhash"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_add_to_hash }, + { N_("databaseseverity"),SH_SECTION_LOG, SH_SECTION_DATABASE, + sh_error_set_database }, + { N_("databaseclass"), SH_SECTION_LOG, SH_SECTION_DATABASE, + sh_error_database_mask }, + { N_("setdbservertstamp"), SH_SECTION_DATABASE, SH_SECTION_NONE, + set_enter_wrapper }, +#endif + + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + { N_("dir"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE, + sh_files_pushdir_attr }, + { N_("file"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE, + sh_files_pushfile_attr }, + { N_("dir"), SH_SECTION_READONLY, SH_SECTION_NONE, + sh_files_pushdir_ro }, + { N_("file"), SH_SECTION_READONLY, SH_SECTION_NONE, + sh_files_pushfile_ro }, + { N_("dir"), SH_SECTION_LOGFILES, SH_SECTION_NONE, + sh_files_pushdir_log }, + { N_("file"), SH_SECTION_LOGFILES, SH_SECTION_NONE, + sh_files_pushfile_log }, + { N_("dir"), SH_SECTION_LOGGROW, SH_SECTION_NONE, + sh_files_pushdir_glog }, + { N_("file"), SH_SECTION_LOGGROW, SH_SECTION_NONE, + sh_files_pushfile_glog }, + { N_("dir"), SH_SECTION_NOIGNORE, SH_SECTION_NONE, + sh_files_pushdir_noig }, + { N_("file"), SH_SECTION_NOIGNORE, SH_SECTION_NONE, + sh_files_pushfile_noig }, + { N_("dir"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE, + sh_files_pushdir_allig }, + { N_("file"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE, + sh_files_pushfile_allig }, + + { N_("dir"), SH_SECTION_USER0, SH_SECTION_NONE, + sh_files_pushdir_user0 }, + { N_("file"), SH_SECTION_USER0, SH_SECTION_NONE, + sh_files_pushfile_user0 }, + { N_("dir"), SH_SECTION_USER1, SH_SECTION_NONE, + sh_files_pushdir_user1 }, + { N_("file"), SH_SECTION_USER1, SH_SECTION_NONE, + sh_files_pushfile_user1 }, + { N_("dir"), SH_SECTION_USER2, SH_SECTION_NONE, + sh_files_pushdir_user2 }, + { N_("file"), SH_SECTION_USER2, SH_SECTION_NONE, + sh_files_pushfile_user2 }, + { N_("dir"), SH_SECTION_USER3, SH_SECTION_NONE, + sh_files_pushdir_user3 }, + { N_("file"), SH_SECTION_USER3, SH_SECTION_NONE, + sh_files_pushfile_user3 }, + { N_("dir"), SH_SECTION_USER4, SH_SECTION_NONE, + sh_files_pushdir_user4 }, + { N_("file"), SH_SECTION_USER4, SH_SECTION_NONE, + sh_files_pushfile_user4 }, + { N_("dir"), SH_SECTION_PRELINK, SH_SECTION_NONE, + sh_files_pushdir_prelink }, + { N_("file"), SH_SECTION_PRELINK, SH_SECTION_NONE, + sh_files_pushfile_prelink }, + + { N_("ignoreadded"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_ignore_add_new }, + { N_("ignoremissing"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_ignore_add_del }, + + { N_("filecheckscheduleone"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_set_schedule_one }, + { N_("filecheckscheduletwo"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_set_schedule_two }, + + { N_("usehardlinkcheck"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_check_hardlinks }, + { N_("hardlinkoffset"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_hle_reg }, + { N_("addokchars"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_obscure_ok }, + { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_setrecursion }, + { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_setchecksum }, + { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_reportonce }, + { N_("reportfulldetail"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_fulldetail }, + { N_("uselocaltime"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_uselocaltime }, + + { N_("setnicelevel"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_nice }, + +#if defined(FANCY_LIBCAP) + { N_("usecaps"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_setCaps }, +#endif + + { N_("setiolimit"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_set_io_limit }, + + { N_("versionstring"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_hash_version_string }, + + { N_("digestalgo"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_tiger_hashtype }, + + { N_("redefreadonly"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_readonly }, + + { N_("redeflogfiles"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_logfiles }, + + { N_("redefgrowinglogfiles"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_loggrow }, + + { N_("redefattributes"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_attributes }, + + { N_("redefignorenone"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_noignore }, + + { N_("redefignoreall"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_allignore }, + + { N_("redefuser0"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user0 }, + + { N_("redefuser1"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user1 }, + + { N_("redefuser2"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user2 }, + + { N_("redefuser3"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user3 }, + + { N_("redefuser4"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user4 }, + + { N_("redefprelink"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_prelink }, + + + { N_("setprelinkpath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelink_set_path }, + { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelink_set_hash }, + + /* client or standalone + */ +#endif + +#ifdef SH_WITH_SERVER +#ifdef INET_SYSLOG + { N_("setudpactive"), SH_SECTION_SRV, SH_SECTION_MISC, + set_syslog_active }, +#endif + { N_("setusesocket"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_socket_use }, + { N_("setsocketallowuid"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_socket_uid }, + { N_("setsocketpassword"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_socket_password }, + { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_strip }, + { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC, + set_flag_sep_log }, + { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_unix_set_chroot }, + { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_time_limit }, + { N_("useclientseverity"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_use_clt_sev }, + { N_("useclientclass"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_use_clt_class }, + { N_("severitylookup"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_lookup_level }, + { N_("setclientfromaccept"), SH_SECTION_SRV, SH_SECTION_MISC, + set_socket_peer }, + { N_("setserverport"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_port }, + { N_("setserverinterface"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_interface }, + { N_("client"), SH_SECTION_CLIENTS, SH_SECTION_NONE, + sh_forward_register_client }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setexport }, + { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_export_mask }, +#if defined(SH_WITH_SERVER) + { N_("setlogserver"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_setlogserver }, +#else + { N_("setlogserver"), SH_SECTION_CLT, SH_SECTION_MISC, + sh_forward_setlogserver }, +#endif +#endif + { N_("setfilechecktime"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_setFiletime }, + { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_setlooptime }, + +#ifdef SH_WITH_MAIL + { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setseverity }, + { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_mail_mask }, + { N_("setmailtime"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_readconf_setMailtime }, + { N_("setmailnum"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_setNum }, + { N_("setmailaddress"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_setaddress }, + { N_("setmailrelay"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_set_relay }, + { N_("mailsingle"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_setFlag }, + { N_("mailsubject"), SH_SECTION_MAIL, SH_SECTION_MISC, + set_mail_subject }, + { N_("setmailsender"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_set_sender }, + { N_("setmailfilternot"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_add_not }, + { N_("setmailfilterand"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_add_and }, + { N_("setmailfilteror"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_add_or }, +#endif + { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_calls_set_bind_addr }, + { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_setdeamon }, + { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_self_hash }, + { N_("trusteduser"), SH_SECTION_MISC, SH_SECTION_NONE, + tf_add_trusted_user }, + { N_("settimeserver"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_settimeserver }, + + { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setprint }, + { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_print_mask }, + + { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setlog }, + { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_log_mask }, + + { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_set_syslog }, + { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_syslog_mask }, +#ifdef HAVE_LIBPRELUDE + { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_set_prelude }, + { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_prelude_mask }, +#ifdef HAVE_LIBPRELUDE_9 + { N_("preludeprofile"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_set_profile }, + { N_("preludemaptoinfo"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_info }, + { N_("preludemaptolow"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_low }, + { N_("preludemaptomedium"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_medium }, + { N_("preludemaptohigh"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_high }, +#endif +#endif + + { N_("logcalls"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_aud_set_functions }, + + { N_("messageheader"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_error_ehead }, + + { N_("setconsole"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_log_set_console }, + +#ifdef WITH_MESSAGE_QUEUE + { N_("messagequeueactive"),SH_SECTION_MISC, SH_SECTION_NONE, + enable_msgq }, +#endif + + { N_("setreverselookup"), SH_SECTION_MISC, SH_SECTION_NONE, + set_reverse_lookup }, + + { N_("setdatabasepath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_database_path }, + + { N_("setlogfilepath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_logfile_path }, + + { N_("setlockfilepath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_lockfile_path }, + + { N_("hidesetup"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_hidesetup }, + + { N_("syslogfacility"), SH_SECTION_LOG, SH_SECTION_MISC, + sh_log_set_facility }, + + { N_("mactype"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_sigtype }, + + { NULL, 0, 0, NULL} +}; + + + + +static int sh_readconfig_line (char * line) +{ + char * c; + char * tmp; + int i; + int good_opt = -1; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + int modnum, modkey; +#endif + + static char *ident[] = { + N_("severityreadonly"), + N_("severitylogfiles"), + N_("severitygrowinglogs"), + N_("severityignorenone"), + N_("severityignoreall"), + N_("severityattributes"), + N_("severitydirs"), + N_("severityfiles"), + N_("severitynames"), + N_("severityuser0"), + N_("severityuser1"), + N_("severityuser2"), + N_("severityuser3"), + N_("severityuser4"), + N_("severityprelink"), + NULL + }; + + static int identnum[] = { + SH_ERR_T_RO, + SH_ERR_T_LOGS, + SH_ERR_T_GLOG, + SH_ERR_T_NOIG, + SH_ERR_T_ALLIG, + SH_ERR_T_ATTR, + SH_ERR_T_DIR, + SH_ERR_T_FILE, + SH_ERR_T_NAME, + SH_ERR_T_USER0, + SH_ERR_T_USER1, + SH_ERR_T_USER2, + SH_ERR_T_USER3, + SH_ERR_T_USER4, + SH_ERR_T_PRELINK, + }; + + SL_ENTER(_("sh_readconf_line")); + + /* interpret line */ + + c = strchr(line, '='); + if (c == NULL || (*c) == '\0') + { + if (line != NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + line)); + } + SL_RETURN(good_opt, _("sh_readconf_line")); + } + else + ++c; + + /* skip leading whitespace + */ + while ((*c) == ' ' || (*c) == '\t') + ++c; + + if ((*c) == '\0') /* no value */ + { + if (line != NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + line)); + } + SL_RETURN(good_opt, _("sh_readconf_line")); + } + + /* convert to lowercase */ + + tmp = line; + while (*tmp != '=') + { + *tmp = tolower( (int) *tmp); + ++tmp; + } + + if (!sl_is_suid()) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), line)); + } + + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (read_mode == SH_SECTION_OTHER) + { + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + for (modkey = 0; modList[modnum].conf_table[modkey].the_opt != NULL; + ++modkey) + { + if (sl_strncmp (line, + _(modList[modnum].conf_table[modkey].the_opt), + sl_strlen(modList[modnum].conf_table[modkey].the_opt) ) == 0) + { + good_opt = 0; + if (0 != modList[modnum].conf_table[modkey].func(c)) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS, + _(modList[modnum].conf_table[modkey].the_opt), c); + if (!sl_is_suid()) + { + TPT(( 0, FIL__, __LINE__, + _("msg=\n"), line, + _(modList[modnum].conf_table[modkey].the_opt))); + } + goto outburst; + } + } + } + } + outburst: +#endif + + + if (read_mode == SH_SECTION_THRESHOLD) + { + i = 0; + while (ident[i] != NULL) { + if (sl_strncmp (line, _(ident[i]), sl_strlen(ident[i])-1) == 0) + { + good_opt = 0; + sh_error_set_iv (identnum[i], c); + break; + } + ++i; + } + } + else + { + i = 0; + while (ext_table[i].optname != NULL) + { + if ((ext_table[i].section == read_mode || + ext_table[i].alt_section == read_mode) && + sl_strncmp (line, _(ext_table[i].optname), + sl_strlen(ext_table[i].optname)) == 0) + { + good_opt = 0; + if (0 != ext_table[i].func (c)) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS, + _(ext_table[i].optname), c); + break; + } + ++i; + } + } + + SL_RETURN(good_opt, _("sh_readconf_line")); +} + + Index: branches/samhain-2_2-branch/src/sh_schedule.c =================================================================== --- branches/samhain-2_2-branch/src/sh_schedule.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_schedule.c (revision 66) @@ -0,0 +1,427 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2002 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include + +#include +#include +#include + +/* + gcc -Wall -O2 -o mysched sh_schedule.c -DTESTONLY + */ +#ifndef TESTONLY + + +#undef FIL__ +#define FIL__ _("sh_schedule.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#define SCHEDULER_YES +#endif + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#include "samhain.h" +#include "sh_mem.h" + +/* TESTONLY */ +#else + +#define SCHEDULER_YES +#include + +#endif + +#include "sh_schedule.h" + + + +#ifdef SCHEDULER_YES + +/************************************************ + * + * Scheduler class - private area + * + ************************************************/ + + +static const int sh_schedule_max[5] = { 59, 23, 31, 12, 7 }; +static const int sh_schedule_min[5] = { 0, 0, 0, 0, 0 }; + +static +int test_val (int i, int min, int max, int min_step, + time_t * last, time_t now, int nval, int first_flag) +{ + /* don't miss a minute's task + * IDEA: set last = now after first check (? seems to work) + */ + if (i == 0 && max == min && nval > max + /* && ( ((now - *last) > min_step) || (*last == (time_t)-1) ) */ ) + { + if (*last == (time_t)-1) + { + /* fake execution at nval-max + */ + *last = now - 60 * (nval-max); + return 0; + } + if ((int)(now - *last) > min_step) + return 1; + } + + /* out of range + */ + if (nval > max || nval < min) + return 0; + + /* first call - invalid last_exec + + if (*last == (time_t)-1) + return 1; + */ + + if (first_flag == 0) + return 1; + + + /* before min_step - too early (e.g. same minute) + */ + if ((int)(now - *last) <= min_step) + return 0; + + return 1; +} + +static +int test_sched_int (sh_schedule_t * isched) +{ + time_t now; + struct tm * tval; + int count, i, nval; + + if (!isched) + return 0; + + now = time(NULL); + tval = localtime(&now); + + count = 0; + for (i = 0; i < 5; ++i) + { + if (i == 0) nval = tval->tm_min; + else if (i == 1) nval = tval->tm_hour; + else if (i == 2) nval = tval->tm_mday; + else if (i == 3) nval = tval->tm_mon; + else nval = tval->tm_wday; + count += test_val (i, isched->min[i], isched->max[i], + isched->min_step, &(isched->last_exec), + now, nval, isched->first); + } + + if (count == 5) + { + isched->first = 1; + isched->last_exec = now; + return 1; + } + + return 0; +} + +/* test a linked list of schedules + */ +int test_sched (sh_schedule_t * isched) +{ + sh_schedule_t * intern = isched; + int retval = 0; + + while (intern != NULL) + { + if (test_sched_int(intern) == 1) + retval = 1; + intern = intern->next; + } + return retval; +} + +static +char DayNames[7][4] = { "sun", "mon", "tue", "wed", "thu", "fri", "sat" }; +static +char MonNames[12][4] = { "jan", "feb", "mar", "apr", "may", "jun", + "jul", "aug", "sep", "oct", "nov", "dec" }; + +static +int parse_func (int i, char * p) +{ + int j, k, l; + char *tail; + + errno = 0; + j = (int) strtol(p, &tail, 10); + + if (errno != 0) /* overflow */ + return -1; + if (j < 0) + return -1; + if (tail != p) /* numeric */ + return j; + if (i < 3) /* names not allowed */ + return -1; + + if (i == 3) + { + for (j = 0; j < 12; ++j) { + l = 0; + /*@+charint@*//* Incompatible types for == (char, char): ??? */ + for (k = 0; k < 3; ++k) + if (p[k] != '\0' && tolower(p[k]) == MonNames[j][k]) ++l; + /*@-charint@*/ + if (l == 3) + return j; + } + } + if (i == 4) + { + for (j = 0; j < 7; ++j) { + l = 0; + /*@+charint@*//* Incompatible types for == (char, char): ??? */ + for (k = 0; k < 3; ++k) + if (p[k] != '\0' && tolower(p[k]) == DayNames[j][k]) ++l; + /*@-charint@*/ + if (l == 3) + return j; + } + } + + return -1; +} + +static +int parse_token(int i, sh_schedule_t * isched, char * p) +{ + char * q; + + if ( NULL != (q = strchr(p, ','))) + return -1; + + if (*p == '*') + { + isched->min[i] = sh_schedule_min[i]; + isched->max[i] = sh_schedule_max[i]; + } + else + { + isched->min[i] = parse_func(i, p); + if (i == 4 && isched->min[i] == 7) + isched->min[i] = 0; + if (isched->min[i] < sh_schedule_min[i] || + isched->min[i] > sh_schedule_max[i]) + { + return -1; + } + if ( NULL != (q = strchr(p, '-'))) + { + ++q; + isched->max[i] = parse_func(i, q); + if (i == 4 && isched->max[i] == 7) + isched->max[i] = 0; + if (isched->max[i] < sh_schedule_min[i] || + isched->max[i] > sh_schedule_max[i] || + isched->max[i] < isched->min[i]) + { + return -1; + } + } + else + isched->max[i] = isched->min[i]; + } + + if ( NULL != (q = strchr(p, '/'))) + { + ++q; + isched->step[i] = atoi(q); + if (isched->step[i] < 1 || isched->step[i] > sh_schedule_max[i]) + { + return -1; + } + if (i == 4 && isched->step[i] == 7) + isched->step[i] = 6; + } + else + { + isched->step[i] = 1; + } + + switch (i) + { + case 0: + if (isched->max[i] == isched->min[i]) + isched->min_step = 3599; + else + isched->min_step = (isched->step[i] * 60) - 1; + break; + case 1: + if (isched->max[i] == isched->min[i]) + { + /* fix for daylight saving time: subtract 3600 sec + */ + if (isched->min_step == 3599) + isched->min_step = 86399 - 3600; + } + else + { + if (isched->min_step == 3599) + isched->min_step = (isched->step[i] * 3600) - 1; + } + break; + default: + break; + } + + return 0; +} + +static +int parse_sched (const char * ssched, sh_schedule_t * isched) +{ + char * p; + char * copy; + int i = 0; + size_t len; + + if (!ssched || !isched) + return -1; + + len = strlen(ssched)+1; +#ifdef TESTONLY + copy = malloc(len); /* testonly code */ +#else + copy = SH_ALLOC(len); +#endif + sl_strlcpy(copy, ssched, len); + + p = strtok(copy, " \t"); /* parse crontab-style schedule */ + if (!p) + goto err; + if (parse_token(i, isched, p) == -1) + goto err; + + for (i = 1; i < 5; ++i) + { + p = strtok(NULL, " \t"); /* parse crontab-style schedule */ + if (!p) + goto err; + if (parse_token(i, isched, p) == -1) + goto err; + } + + isched->last_exec = (time_t)-1; + isched->first = 0; + isched->next = NULL; + +#ifdef TESTONLY + free(copy); +#else + SH_FREE(copy); +#endif + return 0; + + err: +#ifdef TESTONLY + free(copy); +#else + SH_FREE(copy); +#endif + return -1; +} + +int create_sched (const char * ssched, sh_schedule_t * isched) +{ + int j; + + if (!isched || !ssched) + return -1; + + j = parse_sched(ssched, isched); + +#ifdef TESTONLY + if (j == 0) + { + int i; + for (i = 0; i < 5; ++i) + printf("%2d MIN %3d MAX %3d STEP %3d\n", + i, isched->max[i], isched->min[i], isched->step[i]); + printf("MINSTEP %7d\n", isched->min_step); + printf("LASTEXEC %7ld\n", (long) isched->last_exec); + } +#endif + + return j; +} + +/* #ifdef SCHEDULER_YES */ +#endif + +/************************************************** + * + * Schedule class - Test driver + * + **************************************************/ +#ifdef TESTONLY + +int main(int argc, char * argv[]) +{ + sh_schedule_t isched; + + if (argc < 2) + { + fprintf(stderr, "Usage: %s 'schedule'\n", argv[0]); + exit (1); + } + + if (create_sched(argv[1], &isched) < 0) + { + fprintf(stderr, "Bad schedule <%s>\n", argv[1]); + exit (1); + } + + while (1 == 1) + { + if (test_sched(&isched)) + printf("EXECUTE at: %s", ctime(&(isched.last_exec))); + sleep (1); /* TESTONLY */ + } + return 0; +} +#endif Index: branches/samhain-2_2-branch/src/sh_socket.c =================================================================== --- branches/samhain-2_2-branch/src/sh_socket.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_socket.c (revision 66) @@ -0,0 +1,1019 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2003,2005 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +/* define if you want debug info + * #define SH_DEBUG_SOCKET + */ + +#include +#include +#include +#include + +#include "samhain.h" +#include "sh_socket.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_calls.h" + +#undef FIL__ +#define FIL__ _("sh_socket.c") + +#if defined (SH_WITH_CLIENT) + +#include + +void sh_socket_server_cmd(const char * srvcmd) +{ + SL_ENTER(_("sh_tools_server_cmd")); + + if ((srvcmd == NULL) || (srvcmd[0] == '\0') || (sl_strlen(srvcmd) < 4)) + { + SL_RET0(_("sh_socket_server_cmd")); + } + if ((srvcmd[0] == 'S') || (srvcmd[1] == 'T') || + (srvcmd[2] == 'O') || (srvcmd[3] == 'P')) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#ifdef SIGQUIT + raise(SIGQUIT); +#else + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#endif + } + else if ((srvcmd[0] == 'R') || (srvcmd[1] == 'E') || + (srvcmd[2] == 'L') || (srvcmd[3] == 'O') || + (srvcmd[4] == 'A') || (srvcmd[5] == 'D')) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#ifdef SIGHUP + raise(SIGHUP); +#else + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#endif + } + else + { + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + srvcmd, + _("sh_socket_server_cmd")); + } + SL_RET0(_("sh_socket_server_cmd")); +} +/* #if defined (SH_WITH_CLIENT) + */ +#endif + +#if defined(SH_WITH_SERVER) +#include + +#include +#include + +#include +#include + +#include + +#include +#include + + +#ifdef HAVE_SYS_UIO_H +#include +#endif +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) +#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED) +#include +#include +#endif +#endif + + +int pf_unix_fd = -1; +static char * sh_sockname = NULL; +static char sh_sockpass_real[SOCKPASS_MAX+1]; + +struct socket_cmd { + char cmd[SH_MAXMSGLEN]; + char clt[SH_MAXMSGLEN]; + char cti[81]; + struct socket_cmd * next; +}; + +#if !defined(O_NONBLOCK) +#if defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#else +#define O_NONBLOCK 0 +#endif +#endif + +#if !defined(AF_FILE) +#define AF_FILE AF_UNIX +#endif + +static struct socket_cmd * cmdlist = NULL; +static struct socket_cmd * runlist = NULL; + +static int sh_socket_flaguse = S_FALSE; +static int sh_socket_flaguid = 0; + +#include "sh_utils.h" + + +struct reload_cmd { + char clt[SH_MAXMSGLEN]; + time_t cti; + struct reload_cmd * next; +}; +static struct reload_cmd * reloadlist = NULL; + +void sh_socket_add2reload (const char * clt) +{ + struct reload_cmd * new = reloadlist; + + while (new) + { + if (0 == sl_strcmp(new->clt, clt)) + { + sl_strlcpy (new->clt, clt, SH_MAXMSGLEN); + new->cti = time(NULL); + return; + } + new = new->next; + } + + new = SH_ALLOC(sizeof(struct reload_cmd)); + sl_strlcpy (new->clt, clt, SH_MAXMSGLEN); + new->cti = time(NULL); + + new->next = reloadlist; + reloadlist = new; + + return; +} + +#include "zAVLTree.h" +#include "sh_html.h" +#include "sh_tools.h" +static void sh_socket_add2list (struct socket_cmd * in); + +static void sh_socket_probe4reload () +{ + struct reload_cmd * new; + struct socket_cmd cmd; + + zAVLCursor avlcursor; + client_t * item; + extern zAVLTree * all_clients; + + char * file; + unsigned long dummy; + struct stat buf; + + for (item = (client_t *) zAVLFirst(&avlcursor, all_clients); item; + item = (client_t *) zAVLNext(&avlcursor)) + { + if (item->status_now != CLT_INACTIVE) + { + file = get_client_conf_file (item->hostname, &dummy); + + if (0 == stat (file, &buf)) + { + new = reloadlist; + while (new) + { + if (0 == sl_strcmp(new->clt, item->hostname)) + { + if (buf.st_mtime > new->cti) + { + /* reload */ + sl_strlcpy(cmd.cmd, _("RELOAD"), SH_MAXMSGLEN); + sl_strlcpy(cmd.clt, item->hostname, SH_MAXMSGLEN); + sh_socket_add2list (&cmd); + } + break; + } + new = new->next; + } + } + } + } + return; +} + +char * sh_get_sockpass () +{ + size_t j = 0; + + while (skey->sh_sockpass[2*j] != '\0' && j < sizeof(sh_sockpass_real)) + { + sh_sockpass_real[j] = skey->sh_sockpass[2*j]; + ++j; + } + sh_sockpass_real[j] = '\0'; + + return sh_sockpass_real; +} + +void sh_set_sockpass () +{ + int j; + for (j = 0; j < 15; ++j) + { + sh_sockpass_real[j] = '\0'; + } +} + +int sh_socket_use (const char * c) +{ + return sh_util_flagval(c, &sh_socket_flaguse); +} + +int sh_socket_remove () +{ + int retval = 0; +#ifdef S_ISSOCK + struct stat sbuf; +#endif + + SL_ENTER(_("sh_socket_remove")); + + if (NULL == sh_sockname) + { + SL_RETURN((retval),_("sh_socket_remove")); + } + + if (0 != tf_trust_check (DEFAULT_PIDDIR, SL_YESPRIV)) + { + SL_RETURN((-1),_("sh_socket_remove")); + } + + if ( (retry_lstat(FIL__, __LINE__, sh_sockname, &sbuf) == 0) && + (sbuf.st_uid == getuid())) + { +#ifdef S_ISSOCK + if (S_ISSOCK (sbuf.st_mode)) + { + retval = retry_aud_unlink (FIL__, __LINE__, sh_sockname); + } +#else + retval = retry_aud_unlink (FIL__, __LINE__, sh_sockname); +#endif + } + SL_RETURN((retval),_("sh_socket_remove")); +} + +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(HAVE_STRUCT_CMSGCRED) && !defined(HAVE_STRUCT_FCRED) && !(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + +#define NEED_PASSWORD_AUTH + +#endif + +int sh_socket_uid (const char * c) +{ + uid_t val = (uid_t) strtol (c, (char **)NULL, 10); + sh_socket_flaguid = val; +#if defined(NEED_PASSWORD_AUTH) + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Config option SetSocketAllowUID not supported, use SetSocketPassword"), + _("sh_socket_uid")); +#endif + return 0; +} + +int sh_socket_password (const char * c) +{ +#if defined(NEED_PASSWORD_AUTH) + int j, i; + +#define LCG(n) ((69069 * n) & 0xffffffffUL) + + i = sl_strlen(c); + if (i > SOCKPASS_MAX) { + return -1; + } + for (j = 0; j < (2*SOCKPASS_MAX+1); ++j) + { + skey->sh_sockpass[j] = '\0'; + } + for (j = 0; j < i; ++j) + { + skey->sh_sockpass[2*j] = c[j]; + skey->sh_sockpass[(2*j)+1] = (LCG(c[j]) % 256); + } + return 0; +#else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Config option SetSocketPassword not supported, use SetSocketAllowUID"), + _("sh_socket_password")); + (void) c; + return 0; +#endif +} + + +int sh_socket_open_int () +{ + struct sockaddr_un name; + size_t size; + int flags; +#if defined(SO_PASSCRED) + socklen_t optval = 1; +#endif + struct stat buf; + + SL_ENTER(_("sh_socket_open_int")); + + if (sh_socket_flaguse == S_FALSE) + { + SL_RETURN(0, _("sh_socket_open_int")); + } + + if (sh_sockname == NULL) + { + size = sl_strlen(DEFAULT_PIDDIR) + 1 + sl_strlen(SH_INSTALL_NAME) + 6; + sh_sockname = SH_ALLOC(size); /* compile-time constant */ + sl_strlcpy(sh_sockname, DEFAULT_PIDDIR, size); + sl_strlcat(sh_sockname, "/", size); + sl_strlcat(sh_sockname, SH_INSTALL_NAME, size); + sl_strlcat(sh_sockname, _(".sock"), size); + } + + pf_unix_fd = socket (PF_UNIX, SOCK_STREAM, 0); + if ((pf_unix_fd) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_open_int: socket")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + if (sizeof(name.sun_path) < (1 + sl_strlen(sh_sockname))) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("PID dir path too long"), + _("sh_socket_open_int")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + name.sun_family = AF_FILE; + sl_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path)); + + size = (offsetof (struct sockaddr_un, sun_path) + + strlen (name.sun_path) + 1); + + flags = retry_lstat (FIL__, __LINE__, sh_sockname, &buf); + + if (flags == 0) + { + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Socket exists, trying to unlink it"), + _("sh_socket_open_int")); + if (sh_socket_remove() < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Unlink of socket failed, maybe path not trusted"), + _("sh_socket_open_int")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + } + + if (bind ((pf_unix_fd), (struct sockaddr *) &name, size) < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_open_int: bind")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + +#ifdef SO_PASSCRED + if (0 != setsockopt(pf_unix_fd, SOL_SOCKET, SO_PASSCRED, + &optval, sizeof(optval))) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_open_int: setsockopt")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } +#endif + + flags = fcntl((pf_unix_fd), F_GETFL); + if (flags < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_open_int: fcntl1")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + flags = fcntl((pf_unix_fd), F_SETFL, flags|O_NONBLOCK); + if (flags < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_open_int: fcntl2")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + if (0 != listen(pf_unix_fd, 5)) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_open_int: listen")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + SL_RETURN( (0), _("sh_socket_open_int")); +} +/* #if !defined(HAVE_CMSGCRED) || !defined(SO_PEERCRED) */ +/* #endif */ + +/* +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(HAVE_STRUCT_CMSGCRED) && !defined(HAVE_STRUCT_FCRED) && !(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) +static +int sh_socket_read (struct socket_cmd * srvcmd) +{ + srvcmd->cmd[0] = '\0'; + srvcmd->clt[0] = '\0'; + return 0; +} +#else +*/ + +/* + * Parts of the socket authentication code is copied from PostgreSQL: + * + * PostgreSQL Database Management System + * (formerly known as Postgres, then as Postgres95) + * + * Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group + * + * Portions Copyright (c) 1994, The Regents of the University of California + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose, without fee, and without a written agreement + * is hereby granted, provided that the above copyright notice and this + * paragraph and the following two paragraphs appear in all copies. + * + * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR + * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING + * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS + * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS + * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO + * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + */ +static +int sh_socket_read (struct socket_cmd * srvcmd) +{ + struct socket_cmd * list_cmd; + char message[SH_MAXMSG]; + struct sockaddr_un name; + int size; + int nbytes; + int talkfd; + int retry = 0; + + char * cmd = NULL; + char * clt = NULL; + + int client_uid = -1; + + + struct msghdr msg; + struct iovec iov; + +#if defined(NEED_PASSWORD_AUTH) + char * eopw = NULL; + char * goodpassword = NULL; +#endif + +#if defined(HAVE_GETPEEREID) + uid_t peer_uid; + gid_t peer_gid; +#elif defined(SO_PEERCRED) + struct ucred cr; +#ifdef HAVE_SOCKLEN_T + socklen_t cl = sizeof(cr); +#else + int cl = sizeof(cr); +#endif + +#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + +#ifdef HAVE_STRUCT_CMSGCRED + typedef struct cmsgcred Cred; +#define CRED_UID cmcred_uid + +#elif HAVE_STRUCT_FCRED + typedef struct fcred Cred; +#define CRED_UID fc_uid + +#elif HAVE_STRUCT_SOCKCRED + typedef struct sockcred Cred; +#define CRED_UID sc_uid + +#endif + Cred *cred; + + /* Compute size without padding */ + char cmsgmem[ALIGN(sizeof(struct cmsghdr)) + ALIGN(sizeof(Cred))]; + /* for NetBSD */ + + /* Point to start of first structure */ + struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; +#endif + + if (pf_unix_fd < 0) + { + return 0; + } + + iov.iov_base = (char *) &message; + iov.iov_len = sizeof(message); + + memset (&msg, 0, sizeof (msg)); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + +#if !defined(SO_PEERCRED) && !defined(HAVE_GETPEEREID) +#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + msg.msg_control = (char *) cmsg; + msg.msg_controllen = sizeof (cmsgmem); + memset (cmsg, 0, sizeof (cmsgmem)); +#endif +#endif + + /* the socket is non-blocking + * 'name' is the address of the sender socket + */ + size = sizeof (name); + talkfd = retry_accept(FIL__, __LINE__, + pf_unix_fd, (struct sockaddr *) & name, &size); + if ((talkfd < 0) && (errno == EAGAIN)) + { + return 0; + } + else if (talkfd < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: accept")); + return -1; + } + + +#if defined(LOCAL_CREDS) && !defined(SO_PEERCRED) && !defined(HAVE_GETPEEREID) + /* Set the socket to receive credentials on the next message + */ + { + int on = 1; + if (setsockopt (talkfd, 0, LOCAL_CREDS, &on, sizeof (on)) < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: setsockopt")); + close(talkfd); + return -1; + } + } +#endif + + do { + nbytes = recvmsg (talkfd, &msg, 0); + if ((nbytes < 0) && (errno != EAGAIN)) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: recvmsg")); + close(talkfd); + return -1; + } + else if (nbytes < 0) + { + ++retry; + retry_msleep(0, 1); + } + } while ((nbytes < 0) && (retry < 3)); + +#ifdef SH_DEBUG_SOCKET + fprintf(stderr, "%d bytes received\n", nbytes); +#endif + + /* msg.msg_iov.iov_base, filled by recvmsg + */ + message[sizeof(message)-1] = '\0'; + + if (nbytes < 0) + { + if (errno == EAGAIN) + { + /* no data */ + close(talkfd); + return 0; + } + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: recvfrom")); + close(talkfd); + return -1; + } + +#if defined(HAVE_GETPEEREID) + if (0 != getpeereid(talkfd, &peer_uid, &peer_gid)) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: getpeereid")); + close(talkfd); + return -1; + } + client_uid = peer_uid; + cmd = message; +#elif defined(SO_PEERCRED) + if (0 != getsockopt(talkfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: getsockopt")); + close(talkfd); + return -1; + } + client_uid = cr.uid; + cmd = message; +#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + if (cmsg->cmsg_len < sizeof (cmsgmem) || cmsg->cmsg_type != SCM_CREDS) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Message from recvmsg() was not SCM_CREDS"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + cred = (Cred *) CMSG_DATA (cmsg); + client_uid = cred->CRED_UID; + cmd = message; +#elif defined(NEED_PASSWORD_AUTH) + goodpassword = sh_get_sockpass(); + eopw = strchr(message, '@'); + if (eopw) + *eopw = '\0'; + /* + * message is null-terminated and >> goodpassword + */ + if (0 == strcmp(goodpassword, message) && + strlen(goodpassword) < (sizeof(message)/2)) + { + client_uid = sh_socket_flaguid; + cmd = &message[strlen(goodpassword)+1]; + sh_set_sockpass(); + } + else + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Bad password"), + _("sh_socket_read")); + sh_set_sockpass(); + close(talkfd); + return -1; + } +#else + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Socket credentials not supported on this OS"), + _("sh_socket_read")); + close(talkfd); + return -1; +#endif + +#ifdef SH_DEBUG_SOCKET + fprintf(stderr, "Peer uid=%d, required=%d\n", + client_uid, sh_socket_flaguid); +#endif + + if (client_uid != sh_socket_flaguid) + { + sh_error_handle((-1), FIL__, __LINE__, client_uid, MSG_E_SUBGEN, + _("client does not have required uid"), + _("sh_socket_read: getsockopt")); + close(talkfd); + return -1; + } + + + /* Give a diagnostic message. + */ +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: got message: %s\n", cmd); +#endif + + clt = strchr(cmd, ':'); + if (clt != NULL) + { + *clt = '\0'; ++clt; + if (sl_strlen(cmd) >= SH_MAXMSGLEN) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Bad message format: command too long"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + else if (sl_strlen(clt) >= SH_MAXMSGLEN) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Bad message format: hostname too long"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + if (cmd[0] == 'L' && cmd[1] == 'I' && + cmd[2] == 'S' && cmd[3] == 'T') + { + goto list_all; + } + else if (cmd[0] == 'P' && cmd[1] == 'R' && + cmd[2] == 'O' && cmd[3] == 'B' && cmd[4] == 'E') + { + sh_socket_probe4reload(); + cmd[0] = 'L'; cmd[1] = 'I'; cmd[2] = 'S'; cmd[3] = 'T';cmd[4] = '\0'; + goto list_all; + } + sl_strlcpy (srvcmd->cmd, cmd, SH_MAXMSGLEN); + sl_strlcpy (srvcmd->clt, clt, SH_MAXMSGLEN); + --clt; *clt = ':'; + } + else + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Bad message format"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + + /* Bounce the message back to the sender. + * 'name' is the receiver address; it has been been filled + * with the sender address in the recvfrom call + */ +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: send message: %s to %s\n", + cmd, name.sun_path); +#endif + /* + nbytes = sendto (pf_unix_fd, message, nbytes, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (talkfd, cmd, strlen(cmd) + 1, 0); + close(talkfd); + if (nbytes < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: send")); + return -1; + } +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: message is out\n"); +#endif + return nbytes; + + list_all: +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: list all\n"); +#endif + if (cmd[4] == 'A' && cmd[5] == 'L' && cmd[6] == 'L') + { + list_cmd = runlist; + while (list_cmd) + { + sl_snprintf(message, sizeof(message), _("SENT %8s %32s %s"), + list_cmd->cmd, list_cmd->clt, list_cmd->cti); + /* + sl_strlcpy(message, _("DONE"), SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cmd, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->clt, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cti, SH_MAXMSG); + */ + nbytes = send (talkfd, message, sl_strlen(message) + 1, 0); + if (nbytes < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: sendto")); + close(talkfd); + return -1; + } + list_cmd = list_cmd->next; + } + } + + list_cmd = cmdlist; + while (list_cmd) + { + sl_snprintf(message, sizeof(message), _(">>>> %8s %32s %s"), + list_cmd->cmd, list_cmd->clt, list_cmd->cti); + /* + sl_strlcpy(message, _(">>>>"), SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cmd, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->clt, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cti, SH_MAXMSG); + */ + /* + nbytes = sendto (pf_unix_fd, message, sl_strlen(message) + 1, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (talkfd, message, sl_strlen(message) + 1, 0); + if (nbytes < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno), + _("sh_socket_read: sendto")); + close(talkfd); + return -1; + } + list_cmd = list_cmd->next; + } + + /* + nbytes = sendto (pf_unix_fd, _("END"), 4, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (talkfd, _("END"), 4, 0); + close(talkfd); + return 0; +} +/* #if !defined(HAVE_CMSGCRED) || !defined(SO_PEERCRED) */ +/* #endif */ + +static void sh_socket_add2list (struct socket_cmd * in) +{ + struct socket_cmd * new; + + new = SH_ALLOC(sizeof(struct socket_cmd)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); + new->next = cmdlist; + cmdlist = new; + + return; +} + +static void sh_socket_add2run (struct socket_cmd * in) +{ + struct socket_cmd * new = runlist; + char * client_name = in->clt; + + while (new) + { + if (0 == sl_strcmp(new->clt, client_name)) + { + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); + return; + } + new = new->next; + } + + new = SH_ALLOC(sizeof(struct socket_cmd)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); + new->next = runlist; + runlist = new; + + return; +} + + + +static void sh_socket_rm2list (const char * client_name) +{ + struct socket_cmd * old = cmdlist; + struct socket_cmd * new = cmdlist; + + while (new) + { + if (0 == sl_strcmp(new->clt, client_name)) + { + if ((new == cmdlist) && (new->next == NULL)) + { + cmdlist = NULL; + SH_FREE(new); + return; + } + else if (new == cmdlist) + { + cmdlist = new->next; + SH_FREE(new); + return; + } + else + { + old->next = new->next; + SH_FREE(new); + return; + } + } + old = new; + new = new->next; + } + return; +} + +/* poll the socket to gather input + */ +int sh_socket_poll() +{ + struct socket_cmd cmd; + char cancel_cmd[SH_MAXMSGLEN]; + + /* struct pollfd sh_poll = { pf_unix_fd, POLLIN, 0 }; */ + + if (pf_unix_fd < 0) + { + return 0; + } + + sl_strlcpy(cancel_cmd, _("CANCEL"), sizeof(cancel_cmd)); + + while (sh_socket_read (&cmd) > 0) + { + if (0 == sl_strcmp(cmd.cmd, cancel_cmd)) + { + sh_socket_rm2list (cmd.clt); + } + else + { + sh_socket_rm2list (cmd.clt); + sh_socket_add2list (&cmd); + } + } + return 0; +} + +/* return the command associated with client_name + and remove the corresponding entry + */ +char * sh_socket_check(const char * client_name) +{ + struct socket_cmd * old = cmdlist; + struct socket_cmd * new = cmdlist; + static char out[SH_MAXMSGLEN]; + + while (new) + { + if (0 == sl_strcmp(new->clt, client_name)) + { + sl_strlcpy(out, new->cmd, sizeof(out)); + sh_socket_add2run (new); + sh_socket_rm2list (client_name); + return out; + } + old = new; + new = new->next; + } + return NULL; +} + +/* #if defined (SH_WITH_SERVER) + */ +#endif + Index: branches/samhain-2_2-branch/src/sh_srp.c =================================================================== --- branches/samhain-2_2-branch/src/sh_srp.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_srp.c (revision 66) @@ -0,0 +1,711 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include + + +#include "samhain.h" + +#ifdef USE_SRP_PROTOCOL + +#if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + +#include "sh_tiger.h" +#include "sh_mem.h" +#include "sh_utils.h" +#include "sh_srp.h" + +#if !defined(HAVE_LIBGMP) || !defined(HAVE_GMP_H) +#include "bignum.h" +#else + +#include + +#define BIG_OK 0 +#define bigerr_t int +int big_errno = BIG_OK; + +#define bignum MP_INT + +inline +int big_create (bignum * a) +{ + mpz_init(a); + return 0; +} + +inline +int big_zerop (bignum * a) +{ + mpz_t b; + int i; + mpz_init_set_str(b, "0", 10); + i = mpz_cmp(a, b); + mpz_clear(b); + if (i) + return 0; + else + return 1; +} + +inline +int big_trunc (bignum * a, bignum * b, bignum * q, bignum *r) +{ + mpz_tdiv_qr(q, r, a, b); + return 0; +} + +inline +int big_exptmod (bignum * a, bignum * b, bignum * c, bignum *d) +{ + mpz_powm(d, a, b, c); + return 0; +} + +char * get_str_internal = NULL; +int siz_str_internal = 0; + +inline +char * big_string (bignum * a, int base) +{ + char * str = NULL; + int size; + int i; + str = mpz_get_str (str, base, a); + + if (get_str_internal == NULL) + { + get_str_internal = malloc(512); /* only once */ + if (get_str_internal) + { + siz_str_internal = 512; + } + else + { + if (str != NULL) + free(str); + return 0; + } + get_str_internal[0] = '\0'; + } + + if (str != NULL) + { + size = strlen(str) + 1; + if (size > siz_str_internal) + get_str_internal = realloc (get_str_internal, size); + if (get_str_internal == NULL) + { + free(str); + return NULL; + } + siz_str_internal = size; + sl_strlcpy (get_str_internal, str, siz_str_internal); + for (i = 0; i < (size-1); ++i) + if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' ) + get_str_internal[i] = get_str_internal[i] - 'a' + 'A'; + free (str); + } + return get_str_internal; +} + +inline +int big_add(bignum * a, bignum * b, bignum * c) +{ + mpz_add(c, a, b); + return 0; +} + +inline +int big_sub(bignum * a, bignum * b, bignum * c) +{ + mpz_sub(c, a, b); + return 0; +} + +inline +int big_mul(bignum * a, bignum * b, bignum * c) +{ + mpz_mul(c, a, b); + return 0; +} + +inline +int big_greaterp(bignum * a, bignum * b) +{ + return mpz_cmp(a, b) > 0; +} + +inline +int big_set_big(bignum * a, bignum * b) +{ + mpz_set(b, a); + return 0; +} + + +inline +int big_set_string(const char * str, int base, bignum * a) +{ + mpz_set_str (a, str, base); + return 0; +} + + +#define big_init_pkg() 0 +#define big_release_pkg() +#define big_destroy mpz_clear + +/* #if defined(HAVE_LIBGMP) + */ +#endif + +#undef FIL__ +#define FIL__ _("sh_srp.c") + +typedef struct sh_srp_struc { + char x[KEY_LEN+1]; + bignum a; + bignum p; + bignum g; +} sh_srp_t; + +static sh_srp_t sh_srp; + +void sh_srp_x (char * salt, char * password) +{ + + char *combi; + size_t len, l2; + register int i; + unsigned char * dez = NULL; + + SL_ENTER(_("sh_srp_x")); + + /* patch by Andreas Piesk + */ + if (password == NULL) + dez = (unsigned char *) &(skey->pw[0]); + else + dez = (unsigned char *) password; + + for (i = 0; i < PW_LEN; ++i) + { + skey->vernam[i] = (char)(*dez); + ++dez; + } + skey->vernam[PW_LEN] = '\0'; + + (void) sl_strlcpy (skey->vernam, + sh_tiger_hash(skey->vernam, TIGER_DATA, PW_LEN), KEY_LEN); + skey->vernam[KEY_LEN] = '\0'; + + len = sl_strlen(salt) + 1; + l2 = sl_strlen(skey->vernam); + if (sl_ok_adds(len, l2)) + len += l2; + + /* H(s,P) + */ + combi = SH_ALLOC(len); + (void) sl_strlcpy (combi, salt, len); + (void) sl_strlcat (combi, skey->vernam, len); + (void) sl_strlcpy (sh_srp.x, + sh_tiger_hash(combi, TIGER_DATA, + (unsigned long) sl_strlen(combi)), + KEY_LEN+1); + SH_FREE (combi); + + SL_RET0(_("sh_srp_x")); +} + +char * sh_srp_M (char * x1, char * x2, char * x3) +{ + char *combi; + size_t len, l2, l3; + static char hash[KEY_LEN+1]; + + SL_ENTER(_("sh_srp_M")); + + ASSERT_RET((x1 != NULL && x2 != NULL && x3 !=NULL), + _("x1 != NULL && x2 != NULL && x3 !=NULL"), NULL); + + len = sl_strlen(x1) + 1; + l2 = sl_strlen(x2); + l3 = sl_strlen(x3); + + if (sl_ok_adds(len, l2)) + len += l2; + if (sl_ok_adds(len, l3)) + len += l3; + + /* H(x1,x2,x3) + */ + combi = SH_ALLOC(len); + (void) sl_strlcpy (combi, x1, len); + (void) sl_strlcat (combi, x2, len); + (void) sl_strlcat (combi, x3, len); + (void) sl_strlcpy (hash, + sh_tiger_hash(combi, TIGER_DATA, (unsigned long) (len-1)), + KEY_LEN+1); + SH_FREE (combi); + + SL_RETURN(hash, _("sh_srp_M")); +} + + +void sh_srp_exit() +{ + SL_ENTER(_("sh_srp_exit")); + big_destroy(&sh_srp.g); + big_destroy(&sh_srp.p); + big_destroy(&sh_srp.a); + + big_release_pkg(); + + big_errno = BIG_OK; + SL_RET0(_("sh_srp_exit")); +} + + +int sh_srp_init() +{ + bigerr_t res; + char modulus[80*4]; + + SL_ENTER(_("sh_srp_init")); + + big_errno = BIG_OK; + + res = big_init_pkg(); + + if (res == BIG_OK) + { + res = big_create(&sh_srp.p); + if (res == BIG_OK) + res = big_create(&sh_srp.g); + if (res == BIG_OK) + res = big_create(&sh_srp.a); + if (res == BIG_OK) + { + (void) sl_strlcpy(modulus, SRP_MODULUS_1024_1, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_2, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_3, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_4, sizeof(modulus)); + } + if (res == BIG_OK) + res = big_set_string (modulus, 16, &sh_srp.p); + if (res == BIG_OK) + res = big_set_string (SRP_GENERATOR_1024, 16, &sh_srp.g); + if (res == BIG_OK) + { + SL_RETURN (0, _("sh_srp_init")); + } + else + sh_srp_exit(); + } + SL_RETURN ((-1), _("sh_srp_init")); +} + + +int sh_srp_make_a () +{ + UINT32 randl[6]; + int i; + int res; + char hash[KEY_LEN+1]; + + SL_ENTER(_("sh_srp_make_a")); + + for (i = 0; i < 6; ++i) + randl[i] = (UINT32) taus_get (&(skey->rng0[0]), + &(skey->rng1[0]), + &(skey->rng2[0])); + (void) sl_strlcpy (hash, + sh_tiger_hash((char *)&randl[0], TIGER_DATA, + (unsigned long) 6*sizeof(UINT32)), + KEY_LEN+1); + + hash[KEY_LEN] = '\0'; + + res = big_set_string (hash, 16, &sh_srp.a); + if (res == BIG_OK) + { + SL_RETURN((0), _("sh_srp_make_a")); + } + else + { + SL_RETURN((-1), _("sh_srp_make_a")); + } +} + +/* return 0 if AB is NOT zero + */ +int sh_srp_check_zero (char * AB_str) +{ + bignum AB, q, r; + bigerr_t res; + int val; + + SL_ENTER(_("sh_srp_check_zero")); + + ASSERT_RET((AB_str != NULL), _("AB_str != NULL"), (-1)); + + res = big_create(&AB); + if (res == BIG_OK) + res = big_create(&q); + if (res == BIG_OK) + res = big_create(&r); + + if (res == BIG_OK) + res = big_set_string (AB_str, 16, &AB); + if (res == BIG_OK) + res = big_trunc(&AB, &sh_srp.p, &q, &r); /* is last one the remainder ? */ + + if (res != BIG_OK) val = (-1); + else if (0 != big_zerop(&AB) ) val = (-1); /* 0 != (sign == 0) */ + else val = 0; + + big_destroy(&AB); + big_destroy(&q); + big_destroy(&r); + + SL_RETURN((val), _("sh_srp_check_zero")); +} + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + + +char * sh_srp_A () +{ + bignum A; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_A")); + + res = big_create(&A); + + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &sh_srp.a, &sh_srp.p, &A); + + if (res == BIG_OK) + str = big_string (&A, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&A); + SL_RETURN(combi, _("sh_srp_A")); +} + +/* #ifdef SH_WITH_CLIENT */ +#endif + +#ifdef SH_WITH_SERVER + +char * sh_srp_B (char * verifier) +{ + bignum B, v, t, dummy; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_B")); + + ASSERT_RET((verifier != NULL), _("verifier != NULL"), (NULL)); + + res = big_create(&dummy); + + if (res == BIG_OK) + res = big_create(&t); + if (res == BIG_OK) + res = big_create(&v); + if (res == BIG_OK) + res = big_create(&B); + + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &sh_srp.a, &sh_srp.p, &t); + + if (res == BIG_OK) + big_set_string (verifier, 16, &v); + + if (res == BIG_OK) + res = big_add (&t, &v, &dummy); + + if (res == BIG_OK) + { + if ( big_greaterp(&dummy, &sh_srp.p) ) + res = big_sub(&dummy, &sh_srp.p, &B); + else + res = big_set_big(&dummy, &B); + } + + if (res == BIG_OK) + str = big_string (&B, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&B); + big_destroy(&v); + big_destroy(&t); + big_destroy(&dummy); + + SL_RETURN(combi, _("sh_srp_B")); +} +/* #ifdef SH_WITH_SERVER */ +#endif + + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +char * sh_srp_S_c (char * u_str, char * B_str) +{ + bignum u, B, x, t, base, z1, z2; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_S_c")); + + ASSERT_RET((u_str != NULL && B_str != NULL), + _("u_str != NULL && B_str != NULL"), (NULL)); + + big_errno = BIG_OK; + + res = big_create(&z2); + if (res == BIG_OK) + res = big_create(&z1); + if (res == BIG_OK) + res = big_create(&base); + if (res == BIG_OK) + res = big_create(&t); + if (res == BIG_OK) + res = big_create(&x); + if (res == BIG_OK) + res = big_create(&B); + if (res == BIG_OK) + res = big_create(&u); + + if (res == BIG_OK) + res = big_set_string (B_str, 16, &B); + if (res == BIG_OK) + res = big_set_string (sh_srp.x, 16, &x); + if (res == BIG_OK) + res = big_set_string (u_str, 16, &u); + + /* the base (B - g^x) + */ + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &x, &sh_srp.p, &t); + + if (res == BIG_OK) + { + if ( big_greaterp(&B, &t) != 0) + { + res = big_sub(&B, &t, &base); + } + else + { + res = big_add(&B, &sh_srp.p, &z2); + if (res == BIG_OK) + res = big_sub(&z2, &t, &base); + } + } + + /* the exponent (a + ux) + */ + if (res == BIG_OK) + res = big_mul (&u, &x, &t); + if (res == BIG_OK) + res = big_trunc(&t, &sh_srp.p, &z1, &z2); /* is last one the remainder ? */ + if (res == BIG_OK) + res = big_add(&sh_srp.a, &z2, &z1); + if (res == BIG_OK) + { + if ( big_greaterp(&z1, &sh_srp.p) != 0) + res = big_sub(&z1, &sh_srp.p, &z2); + else + res = big_set_big(&z1, &z2); + } + + if (res == BIG_OK) + res = big_exptmod (&base, &z2, &sh_srp.p, &t); + + if (res == BIG_OK) + str = big_string (&t, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&z1); + big_destroy(&z2); + big_destroy(&base); + big_destroy(&t); + big_destroy(&x); + big_destroy(&B); + big_destroy(&u); + + SL_RETURN(combi, _("sh_srp_S_c")); +} + +/* #ifdef SH_WITH_CLIENT */ +#endif + +#ifdef SH_WITH_SERVER + + +char * sh_srp_S_s (char * u_str, char * A_str, char * v_str) +{ + bignum u, A, v, t, base, z1, z2; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_S_s")); + + ASSERT_RET((u_str != NULL && A_str != NULL && v_str != NULL), + _("u_str != NULL && A_str != NULL && v_str != NULL"), + (NULL)); + + big_errno = BIG_OK; + + res = big_create(&z2); + if (res == BIG_OK) + res = big_create(&z1); + if (res == BIG_OK) + res = big_create(&base); + if (res == BIG_OK) + res = big_create(&t); + if (res == BIG_OK) + res = big_create(&v); + if (res == BIG_OK) + res = big_create(&A); + if (res == BIG_OK) + res = big_create(&u); + + if (res == BIG_OK) + res = big_set_string (A_str, 16, &A); + if (res == BIG_OK) + res = big_set_string (v_str, 16, &v); + if (res == BIG_OK) + res = big_set_string (u_str, 16, &u); + + /* the base (Av^u) + */ + if (res == BIG_OK) + res = big_exptmod (&v, &u, &sh_srp.p, &t); + if (res == BIG_OK) + res = big_mul (&A, &t, &z1); + if (res == BIG_OK) + res = big_trunc(&z1, &sh_srp.p, &z2, &base); /* is last the remainder ? */ + + if (res == BIG_OK) + res = big_exptmod (&base, &sh_srp.a, &sh_srp.p, &t); + + if (res == BIG_OK) + str = big_string (&t, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&z1); + big_destroy(&z2); + big_destroy(&base); + big_destroy(&t); + big_destroy(&v); + big_destroy(&A); + big_destroy(&u); + + SL_RETURN(combi, _("sh_srp_S_s")); +} + +/* #ifdef SH_WITH_SERVER */ +#endif + + +char * sh_srp_verifier (void) +{ + bignum x, v; + char *combi; + char *str; + bigerr_t res; + + SL_ENTER(_("sh_srp_verifier")); + + res = big_create(&x); + if (res == BIG_OK) + res = big_create(&v); + + if (res == BIG_OK) + res = big_set_string (sh_srp.x, 16, &x); + + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &x, &sh_srp.p, &v); + + if (res == BIG_OK) + str = big_string (&v, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&x); + big_destroy(&v); + + SL_RETURN(combi, _("sh_srp_verifier")); +} + + +/* #if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) */ + +#endif + +/* #ifdef USE_SRP_PROTOCOL */ + +#endif + + + + Index: branches/samhain-2_2-branch/src/sh_static.c =================================================================== --- branches/samhain-2_2-branch/src/sh_static.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_static.c (revision 66) @@ -0,0 +1,1994 @@ +/* Copyright (C) 2003 Manuel Novoa III + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Nov 6, 2003 Initial version. + * + * NOTE: This implementation is quite strict about requiring all + * field seperators. It also does not allow leading whitespace + * except when processing the numeric fields. glibc is more + * lenient. See the various glibc difference comments below. + * + * TODO: + * Move to dynamic allocation of (currently staticly allocated) + * buffers; especially for the group-related functions since + * large group member lists will cause error returns. + * + */ + +/* Jul 20, 2004 Adapted for samhain. Rainer Wichmann. + * + * Stripped all unneeded code. + */ + +#include "config_xor.h" + +#if defined(SH_COMPILE_STATIC) && defined(__linux__) + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef _PATH_PASSWD +#define _PATH_PASSWD "/etc/passwd" +#endif +#ifndef _PATH_GROUP +#define _PATH_GROUP "/etc/group" +#endif + +extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); +extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz); + + +/**********************************************************************/ +/* Sizes for staticly allocated buffers. */ + +#define PWD_BUFFER_SIZE 256 +#define GRP_BUFFER_SIZE 256 + +/**********************************************************************/ +/* Prototypes for internal functions. */ + +static int __parsepwent(void *pw, char *line); +static int __parsegrent(void *gr, char *line); + +static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data, + char *__restrict line_buff, + size_t buflen, FILE *f); + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getpwnam_r +#define GETXXKEY_R_PARSER __parsepwent +#define GETXXKEY_R_ENTTYPE struct passwd +#define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->pw_name, key)) +#define DO_GETXXKEY_R_KEYTYPE const char *__restrict +#define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD + +static int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getgrnam_r +#define GETXXKEY_R_PARSER __parsegrent +#define GETXXKEY_R_ENTTYPE struct group +#define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->gr_name, key)) +#define DO_GETXXKEY_R_KEYTYPE const char *__restrict +#define DO_GETXXKEY_R_PATHNAME _PATH_GROUP + +static int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getpwuid_r +#define GETXXKEY_R_PARSER __parsepwent +#define GETXXKEY_R_ENTTYPE struct passwd +#define GETXXKEY_R_TEST(ENT) ((ENT)->pw_uid == key) +#define DO_GETXXKEY_R_KEYTYPE uid_t +#define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD + +static int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getgrgid_r +#define GETXXKEY_R_PARSER __parsegrent +#define GETXXKEY_R_ENTTYPE struct group +#define GETXXKEY_R_TEST(ENT) ((ENT)->gr_gid == key) +#define DO_GETXXKEY_R_KEYTYPE gid_t +#define DO_GETXXKEY_R_PATHNAME _PATH_GROUP + +static int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +struct passwd * sh_getpwuid(uid_t uid) +{ + static char buffer[PWD_BUFFER_SIZE]; + static struct passwd resultbuf; + struct passwd *result; + + sh_getpwuid_r(uid, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +struct group * sh_getgrgid(gid_t gid) +{ + static char buffer[GRP_BUFFER_SIZE]; + static struct group resultbuf; + struct group *result; + + sh_getgrgid_r(gid, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + + +struct passwd * sh_getpwnam(const char *name) +{ + static char buffer[PWD_BUFFER_SIZE]; + static struct passwd resultbuf; + struct passwd *result; + + sh_getpwnam_r(name, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +struct group * sh_getgrnam(const char *name) +{ + static char buffer[GRP_BUFFER_SIZE]; + static struct group resultbuf; + struct group *result; + + sh_getgrnam_r(name, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +#define LOCK ((void) 0) +#define UNLOCK ((void) 0) + +static FILE *pwf = NULL; + +void sh_setpwent(void) +{ + LOCK; + if (pwf) { + rewind(pwf); + } + UNLOCK; +} + +void sh_endpwent(void) +{ + LOCK; + if (pwf) { + fclose(pwf); + pwf = NULL; + } + UNLOCK; +} + + +static int sh_getpwent_r(struct passwd *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + struct passwd **__restrict result) +{ + int rv; + + LOCK; + + *result = NULL; /* In case of error... */ + + if (!pwf) { + if (!(pwf = fopen(_PATH_PASSWD, "r"))) { + rv = errno; + goto ERR; + } + /* __STDIO_SET_USER_LOCKING(pwf); */ + } + + if (!(rv = __pgsreader(__parsepwent, resultbuf, + buffer, buflen, pwf))) { + *result = resultbuf; + } + + ERR: + UNLOCK; + + return rv; +} + +#define LOCK ((void) 0) +#define UNLOCK ((void) 0) + +static FILE *grf = NULL; + +void sh_setgrent(void) +{ + LOCK; + if (grf) { + rewind(grf); + } + UNLOCK; +} + +void sh_endgrent(void) +{ + LOCK; + if (grf) { + fclose(grf); + grf = NULL; + } + UNLOCK; +} + +static int sh_getgrent_r(struct group *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + struct group **__restrict result) +{ + int rv; + + LOCK; + + *result = NULL; /* In case of error... */ + + if (!grf) { + if (!(grf = fopen(_PATH_GROUP, "r"))) { + rv = errno; + goto ERR; + } + /* __STDIO_SET_USER_LOCKING(grf); */ + } + + if (!(rv = __pgsreader(__parsegrent, resultbuf, + buffer, buflen, grf))) { + *result = resultbuf; + } + + ERR: + UNLOCK; + + return rv; +} + + +struct passwd * sh_getpwent(void) +{ + static char line_buff[PWD_BUFFER_SIZE]; + static struct passwd pwd; + struct passwd *result; + + sh_getpwent_r(&pwd, line_buff, sizeof(line_buff), &result); + return result; +} + + +struct group * sh_getgrent(void) +{ + static char line_buff[GRP_BUFFER_SIZE]; + static struct group gr; + struct group *result; + + sh_getgrent_r(&gr, line_buff, sizeof(line_buff), &result); + return result; +} + +int sh_initgroups(const char *user, gid_t gid) +{ + FILE *grf; + gid_t *group_list; + int num_groups, rv; + char **m; + struct group group; + char buff[PWD_BUFFER_SIZE]; + + rv = -1; + + /* We alloc space for 8 gids at a time. */ + if (((group_list = (gid_t *) malloc(8*sizeof(gid_t *))) != NULL) + && ((grf = fopen(_PATH_GROUP, "r")) != NULL) + ) { + + /* __STDIO_SET_USER_LOCKING(grf); */ + + *group_list = gid; + num_groups = 1; + + while (!__pgsreader(__parsegrent, &group, buff, sizeof(buff), grf)) { + assert(group.gr_mem); /* Must have at least a NULL terminator. */ + if (group.gr_gid != gid) { + for (m=group.gr_mem ; *m ; m++) { + if (!strcmp(*m, user)) { + if (!(num_groups & 7)) { + gid_t *tmp = (gid_t *) + realloc(group_list, + (num_groups+8) * sizeof(gid_t *)); + if (!tmp) { + rv = -1; + goto DO_CLOSE; + } + group_list = tmp; + } + group_list[num_groups++] = group.gr_gid; + break; + } + } + } + } + + rv = setgroups(num_groups, group_list); + DO_CLOSE: + fclose(grf); + } + + /* group_list will be NULL if initial malloc failed, which may trigger + * warnings from various malloc debuggers. */ + free(group_list); + return rv; +} + + +/**********************************************************************/ +/* Internal uClibc functions. */ +/**********************************************************************/ + +static const unsigned char pw_off[] = { + offsetof(struct passwd, pw_name), /* 0 */ + offsetof(struct passwd, pw_passwd), /* 1 */ + offsetof(struct passwd, pw_uid), /* 2 - not a char ptr */ + offsetof(struct passwd, pw_gid), /* 3 - not a char ptr */ + offsetof(struct passwd, pw_gecos), /* 4 */ + offsetof(struct passwd, pw_dir), /* 5 */ + offsetof(struct passwd, pw_shell) /* 6 */ +}; + +static int __parsepwent(void *data, char *line) +{ + char *endptr; + char *p; + int i; + + i = 0; + do { + p = ((char *) ((struct passwd *) data)) + pw_off[i]; + + if ((i & 6) ^ 2) { /* i!=2 and i!=3 */ + *((char **) p) = line; + if (i==6) { + return 0; + } + /* NOTE: glibc difference - glibc allows omission of + * ':' seperators after the gid field if all remaining + * entries are empty. We require all separators. */ + if (!(line = strchr(line, ':'))) { + break; + } + } else { + unsigned long t = strtoul(line, &endptr, 10); + /* Make sure we had at least one digit, and that the + * failing char is the next field seperator ':'. See + * glibc difference note above. */ + /* TODO: Also check for leading whitespace? */ + if ((endptr == line) || (*endptr != ':')) { + break; + } + line = endptr; + if (i & 1) { /* i == 3 -- gid */ + *((gid_t *) p) = t; + } else { /* i == 2 -- uid */ + *((uid_t *) p) = t; + } + } + + *line++ = 0; + ++i; + } while (1); + + return -1; +} + +static const unsigned char gr_off[] = { + offsetof(struct group, gr_name), /* 0 */ + offsetof(struct group, gr_passwd), /* 1 */ + offsetof(struct group, gr_gid) /* 2 - not a char ptr */ +}; + +static int __parsegrent(void *data, char *line) +{ + char *endptr; + char *p; + int i; + char **members; + char *end_of_buf; + + end_of_buf = ((struct group *) data)->gr_name; /* Evil hack! */ + i = 0; + do { + p = ((char *) ((struct group *) data)) + gr_off[i]; + + if (i < 2) { + *((char **) p) = line; + if (!(line = strchr(line, ':'))) { + break; + } + *line++ = 0; + ++i; + } else { + *((gid_t *) p) = strtoul(line, &endptr, 10); + + /* NOTE: glibc difference - glibc allows omission of the + * trailing colon when there is no member list. We treat + * this as an error. */ + + /* Make sure we had at least one digit, and that the + * failing char is the next field seperator ':'. See + * glibc difference note above. */ + if ((endptr == line) || (*endptr != ':')) { + break; + } + + i = 1; /* Count terminating NULL ptr. */ + p = endptr; + + if (p[1]) { /* We have a member list to process. */ + /* Overwrite the last ':' with a ',' before counting. + * This allows us to test for initial ',' and adds + * one ',' so that the ',' count equals the member + * count. */ + *p = ','; + do { + /* NOTE: glibc difference - glibc allows and trims leading + * (but not trailing) space. We treat this as an error. */ + /* NOTE: glibc difference - glibc allows consecutive and + * trailing commas, and ignores "empty string" users. We + * treat this as an error. */ + if (*p == ',') { + ++i; + *p = 0; /* nul-terminate each member string. */ + if (!*++p || (*p == ',') || isspace(*p)) { + goto ERR; + } + } + } while (*++p); + } + + /* Now align (p+1), rounding up. */ + /* Assumes sizeof(char **) is a power of 2. */ + members = (char **)( (((intptr_t) p) + sizeof(char **)) + & ~((intptr_t)(sizeof(char **) - 1)) ); + + if (((char *)(members + i)) > end_of_buf) { /* No space. */ + break; + } + + ((struct group *) data)->gr_mem = members; + + if (--i) { + p = endptr; /* Pointing to char prior to first member. */ + do { + *members++ = ++p; + if (!--i) break; + while (*++p) {} + } while (1); + } + *members = NULL; + + return 0; + } + } while (1); + + ERR: + return -1; +} + +/* Reads until if EOF, or until if finds a line which fits in the buffer + * and for which the parser function succeeds. + * + * Returns 0 on success and ENOENT for end-of-file (glibc concession). + */ + +static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data, + char *__restrict line_buff, size_t buflen, FILE *f) +{ + size_t line_len; /* int -> size_t R.W. */ + int skip; + int rv = ERANGE; + + if (buflen < PWD_BUFFER_SIZE) { + errno = rv; + } else { + /* __STDIO_THREADLOCK(f); */ + + skip = 0; + do { + if (!fgets_unlocked(line_buff, buflen, f)) { + if (feof_unlocked(f)) { + rv = ENOENT; + } + break; + } + + line_len = strlen(line_buff) - 1; /* strlen() must be > 0. */ + if (line_buff[line_len] == '\n') { + line_buff[line_len] = 0; + } else if (line_len + 2 == buflen) { /* line too long */ + ++skip; + continue; + } + + if (skip) { + --skip; + continue; + } + + /* NOTE: glibc difference - glibc strips leading whitespace from + * records. We do not allow leading whitespace. */ + + /* Skip empty lines, comment lines, and lines with leading + * whitespace. */ + if (*line_buff && (*line_buff != '#') && !isspace(*line_buff)) { + if (__parserfunc == __parsegrent) { /* Do evil group hack. */ + /* The group entry parsing function needs to know where + * the end of the buffer is so that it can construct the + * group member ptr table. */ + ((struct group *) data)->gr_name = line_buff + buflen; + } + + if (!__parserfunc(data, line_buff)) { + rv = 0; + break; + } + } + } while (1); + + /* __STDIO_THREADUNLOCK(f); */ + } + + return rv; +} + +/* resolv.c: DNS Resolver + * + * Copyright (C) 1998 Kenneth Albanowski , + * The Silver Hammer Group, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. +*/ + +/* + * Portions Copyright (c) 1985, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1996-1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * + * 5-Oct-2000 W. Greathouse wgreathouse@smva.com + * Fix memory leak and memory corruption. + * -- Every name resolution resulted in + * a new parse of resolv.conf and new + * copy of nameservers allocated by + * strdup. + * -- Every name resolution resulted in + * a new read of resolv.conf without + * resetting index from prior read... + * resulting in exceeding array bounds. + * + * Limit nameservers read from resolv.conf + * + * Add "search" domains from resolv.conf + * + * Some systems will return a security + * signature along with query answer for + * dynamic DNS entries. + * -- skip/ignore this answer + * + * Include arpa/nameser.h for defines. + * + * General cleanup + * + * 20-Jun-2001 Michal Moskal + * partial IPv6 support (i.e. gethostbyname2() and resolve_address2() + * functions added), IPv6 nameservers are also supported. + * + * 6-Oct-2001 Jari Korva + * more IPv6 support (IPv6 support for gethostbyaddr(); + * address family parameter and improved IPv6 support for get_hosts_byname + * and read_etc_hosts; getnameinfo() port from glibc; defined + * defined ip6addr_any and in6addr_loopback) + * + * 2-Feb-2002 Erik Andersen + * Added gethostent(), sethostent(), and endhostent() + * + * 17-Aug-2002 Manuel Novoa III + * Fixed __read_etc_hosts_r to return alias list, and modified buffer + * allocation accordingly. See MAX_ALIASES and ALIAS_DIM below. + * This fixes the segfault in the Python 2.2.1 socket test. + * + * 04-Jan-2003 Jay Kulpinski + * Fixed __decode_dotted to count the terminating null character + * in a host name. + * + * 02-Oct-2003 Tony J. White + * Lifted dn_expand() and dependent ns_name_uncompress(), ns_name_unpack(), + * and ns_name_ntop() from glibc 2.3.2 for compatibility with ipsec-tools + * and openldap. + * + */ + +#include +#include +#include + +/* close() + */ +#include + +/* 'struct hostent' + */ +#include + +/* constanst like HFIXEDSZ + */ +#include + +#define BIGLOCK +#define BIGUNLOCK + +#define __UCLIBC_HAS_IPV6__ +#define MAX_RECURSE 5 +#define REPLY_TIMEOUT 10 +#define MAX_RETRIES 3 +#define MAX_SERVERS 3 +#define MAX_SEARCH 4 +#define MAX_ALIASES 5 + +/* 1:ip + 1:full + MAX_ALIASES:aliases + 1:NULL */ +#define ALIAS_DIM (2 + MAX_ALIASES + 1) + +static int __nameservers; +static char * __nameserver[MAX_SERVERS]; +static int __searchdomains; +static char * __searchdomain[MAX_SEARCH]; + +#undef DEBUG +/*#define DEBUG*/ + +#ifdef DEBUG +/* flawfinder: ignore *//* definition of debug macro */ +#define DPRINTF(X,args...) fprintf(stderr, X, ##args) +#else +#define DPRINTF(X,args...) +#endif /* DEBUG */ + +struct resolv_header { + int id; + int qr,opcode,aa,tc,rd,ra,rcode; + int qdcount; + int ancount; + int nscount; + int arcount; +}; + +struct resolv_question { + char * dotted; + int qtype; + int qclass; +}; + +struct resolv_answer { + char * dotted; + int atype; + int aclass; + int ttl; + int rdlength; + unsigned char * rdata; + int rdoffset; +}; + +enum etc_hosts_action { + GET_HOSTS_BYNAME = 0, + GETHOSTENT, + GET_HOSTS_BYADDR, +}; + +static int __encode_header(struct resolv_header *h, unsigned char *dest, int maxlen) +{ + if (maxlen < HFIXEDSZ) + return -1; + + dest[0] = (h->id & 0xff00) >> 8; + dest[1] = (h->id & 0x00ff) >> 0; + dest[2] = (h->qr ? 0x80 : 0) | + ((h->opcode & 0x0f) << 3) | + (h->aa ? 0x04 : 0) | + (h->tc ? 0x02 : 0) | + (h->rd ? 0x01 : 0); + dest[3] = (h->ra ? 0x80 : 0) | (h->rcode & 0x0f); + dest[4] = (h->qdcount & 0xff00) >> 8; + dest[5] = (h->qdcount & 0x00ff) >> 0; + dest[6] = (h->ancount & 0xff00) >> 8; + dest[7] = (h->ancount & 0x00ff) >> 0; + dest[8] = (h->nscount & 0xff00) >> 8; + dest[9] = (h->nscount & 0x00ff) >> 0; + dest[10] = (h->arcount & 0xff00) >> 8; + dest[11] = (h->arcount & 0x00ff) >> 0; + + return HFIXEDSZ; +} + +static int __decode_header(unsigned char *data, struct resolv_header *h) +{ + h->id = (data[0] << 8) | data[1]; + h->qr = (data[2] & 0x80) ? 1 : 0; + h->opcode = (data[2] >> 3) & 0x0f; + h->aa = (data[2] & 0x04) ? 1 : 0; + h->tc = (data[2] & 0x02) ? 1 : 0; + h->rd = (data[2] & 0x01) ? 1 : 0; + h->ra = (data[3] & 0x80) ? 1 : 0; + h->rcode = data[3] & 0x0f; + h->qdcount = (data[4] << 8) | data[5]; + h->ancount = (data[6] << 8) | data[7]; + h->nscount = (data[8] << 8) | data[9]; + h->arcount = (data[10] << 8) | data[11]; + + return HFIXEDSZ; +} + +static int __length_dotted(const unsigned char *data, int offset) +{ + int orig_offset = offset; + int l; + + if (!data) + return -1; + + while ((l = data[offset++])) { + + if ((l & 0xc0) == (0xc0)) { + offset++; + break; + } + + offset += l; + } + + return offset - orig_offset; +} + +static int __length_question(unsigned char *message, int offset) +{ + int i; + + i = __length_dotted(message, offset); + if (i < 0) + return i; + + return i + 4; +} + +/* Decode a dotted string from nameserver transport-level encoding. + This routine understands compressed data. */ + +static int __decode_dotted(const unsigned char *data, int offset, + char *dest, int maxlen) +{ + int l; + int measure = 1; + int total = 0; + int used = 0; + + if (!data) + return -1; + + while ((l=data[offset++])) { + if (measure) + total++; + if ((l & 0xc0) == (0xc0)) { + if (measure) + total++; + /* compressed item, redirect */ + offset = ((l & 0x3f) << 8) | data[offset]; + measure = 0; + continue; + } + + if ((used + l + 1) >= maxlen) + return -1; + + memcpy(dest + used, data + offset, l); + offset += l; + used += l; + if (measure) + total += l; + + if (data[offset] != 0) + dest[used++] = '.'; + else + dest[used++] = '\0'; + } + + /* The null byte must be counted too */ + if (measure) { + total++; + } + + DPRINTF("Total decode len = %d\n", total); + + return total; +} + +static int __decode_answer(unsigned char *message, int offset, + struct resolv_answer *a) +{ + char temp[256]; + int i; + + i = __decode_dotted(message, offset, temp, sizeof(temp)); + if (i < 0) + return i; + + message += offset + i; + + a->dotted = strdup(temp); + a->atype = (message[0] << 8) | message[1]; + message += 2; + a->aclass = (message[0] << 8) | message[1]; + message += 2; + a->ttl = (message[0] << 24) | + (message[1] << 16) | (message[2] << 8) | (message[3] << 0); + message += 4; + a->rdlength = (message[0] << 8) | message[1]; + message += 2; + a->rdata = message; + a->rdoffset = offset + i + RRFIXEDSZ; + + DPRINTF("i=%d,rdlength=%d\n", i, a->rdlength); + + return i + RRFIXEDSZ + a->rdlength; +} + + +/* Encode a dotted string into nameserver transport-level encoding. + This routine is fairly dumb, and doesn't attempt to compress + the data */ + +static int __encode_dotted(const char *dotted, unsigned char *dest, int maxlen) +{ + unsigned int used = 0; + + while (dotted && *dotted) { + char *c = strchr(dotted, '.'); + unsigned int l = c ? (unsigned int)(c - dotted) : strlen(dotted); + + if (l >= ((unsigned int)maxlen - used - 1)) + return -1; + + dest[used++] = l; + memcpy(dest + used, dotted, l); + used += l; + + if (c) + dotted = c + 1; + else + break; + } + + if (maxlen < 1) + return -1; + + dest[used++] = 0; + + return used; +} + +static int __encode_question(struct resolv_question *q, + unsigned char *dest, int maxlen) +{ + int i; + + i = __encode_dotted(q->dotted, dest, maxlen); + if (i < 0) + return i; + + dest += i; + maxlen -= i; + + if (maxlen < 4) + return -1; + + dest[0] = (q->qtype & 0xff00) >> 8; + dest[1] = (q->qtype & 0x00ff) >> 0; + dest[2] = (q->qclass & 0xff00) >> 8; + dest[3] = (q->qclass & 0x00ff) >> 0; + + return i + 4; +} + + +/* Just for the record, having to lock __dns_lookup() just for these two globals + * is pretty lame. I think these two variables can probably be de-global-ized, + * which should eliminate the need for doing locking here... Needs a closer + * look anyways. */ +static int ns=0, id=1; + +static int __dns_lookup(const char *name, int type, int nscount, char **nsip, + unsigned char **outpacket, struct resolv_answer *a) +{ + int i, j, len, fd, pos, rc; + struct timeval tv; + fd_set fds; + struct resolv_header h; + struct resolv_question q; + int retries = 0; + unsigned char * packet = malloc(PACKETSZ); + char *dns, *lookup = malloc(MAXDNAME); + int variant = 0; + struct sockaddr_in sa; +#ifdef __UCLIBC_HAS_IPV6__ + int v6; + struct sockaddr_in6 sa6; +#endif + + fd = -1; + + if (!packet || !lookup || !nscount) + goto fail; + + DPRINTF("Looking up type %d answer for '%s'\n", type, name); + + LOCK; + ns %= nscount; + UNLOCK; + + while (retries++ < MAX_RETRIES) { + if (fd != -1) + close(fd); + + memset(packet, 0, PACKETSZ); + + memset(&h, 0, sizeof(h)); + + /* Mess with globals while under lock */ + LOCK; + ++id; + id &= 0xffff; + h.id = id; + dns = nsip[ns]; + UNLOCK; + + h.qdcount = 1; + h.rd = 1; + + DPRINTF("encoding header\n", h.rd); + + i = __encode_header(&h, packet, PACKETSZ); + if (i < 0) + goto fail; + + sl_strlcpy(lookup,name,MAXDNAME); + BIGLOCK; + if (variant < __searchdomains && strchr(lookup, '.') == NULL) + { + sl_strlcat(lookup,".", MAXDNAME); + sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); + } + BIGUNLOCK; + DPRINTF("lookup name: %s\n", lookup); + q.dotted = (char *)lookup; + q.qtype = type; + q.qclass = C_IN; /* CLASS_IN */ + + j = __encode_question(&q, packet+i, PACKETSZ-i); + if (j < 0) + goto fail; + + len = i + j; + + DPRINTF("On try %d, sending query to port %d of machine %s\n", + retries, NAMESERVER_PORT, dns); + +#ifdef __UCLIBC_HAS_IPV6__ + v6 = inet_pton(AF_INET6, dns, &sa6.sin6_addr) > 0; + fd = socket(v6 ? AF_INET6 : AF_INET, SOCK_DGRAM, IPPROTO_UDP); +#else + fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); +#endif + if (fd < 0) { + continue; + } + + /* Connect to the UDP socket so that asyncronous errors are returned */ +#ifdef __UCLIBC_HAS_IPV6__ + if (v6) { + sa6.sin6_family = AF_INET6; + sa6.sin6_port = htons(NAMESERVER_PORT); + /* sa6.sin6_addr is already here */ + rc = connect(fd, (struct sockaddr *) &sa6, sizeof(sa6)); + } else { +#endif + sa.sin_family = AF_INET; + sa.sin_port = htons(NAMESERVER_PORT); + sa.sin_addr.s_addr = inet_addr(dns); + rc = connect(fd, (struct sockaddr *) &sa, sizeof(sa)); +#ifdef __UCLIBC_HAS_IPV6__ + } +#endif + if (rc < 0) { + if (errno == ENETUNREACH) { + /* routing error, presume not transient */ + goto tryall; + } else + /* retry */ + continue; + } + + DPRINTF("Transmitting packet of length %d, id=%d, qr=%d\n", + len, h.id, h.qr); + + send(fd, packet, len, 0); + + FD_ZERO(&fds); + FD_SET(fd, &fds); + tv.tv_sec = REPLY_TIMEOUT; + tv.tv_usec = 0; + if (select(fd + 1, &fds, NULL, NULL, &tv) <= 0) { + DPRINTF("Timeout\n"); + + /* timed out, so retry send and receive, + * to next nameserver on queue */ + goto again; + } + + i = recv(fd, packet, 512, 0); + if (i < HFIXEDSZ) { + /* too short ! */ + goto again; + } + + __decode_header(packet, &h); + + DPRINTF("id = %d, qr = %d\n", h.id, h.qr); + + LOCK; + if ((h.id != id) || (!h.qr)) { + UNLOCK; + /* unsolicited */ + goto again; + } + UNLOCK; + + + DPRINTF("Got response %s\n", "(i think)!"); + DPRINTF("qrcount=%d,ancount=%d,nscount=%d,arcount=%d\n", + h.qdcount, h.ancount, h.nscount, h.arcount); + DPRINTF("opcode=%d,aa=%d,tc=%d,rd=%d,ra=%d,rcode=%d\n", + h.opcode, h.aa, h.tc, h.rd, h.ra, h.rcode); + + if ((h.rcode) || (h.ancount < 1)) { + /* negative result, not present */ + goto again; + } + + pos = HFIXEDSZ; + + for (j = 0; j < h.qdcount; j++) { + DPRINTF("Skipping question %d at %d\n", j, pos); + i = __length_question(packet, pos); + DPRINTF("Length of question %d is %d\n", j, i); + if (i < 0) + goto again; + pos += i; + } + DPRINTF("Decoding answer at pos %d\n", pos); + + for (j=0;jatype != T_SIG) + break; + + DPRINTF("skipping T_SIG %d\n", i); + free(a->dotted); + pos += i; + } + + DPRINTF("Answer name = |%s|\n", a->dotted); + DPRINTF("Answer type = |%d|\n", a->atype); + + close(fd); + + if (outpacket) + *outpacket = packet; + else + free(packet); + free(lookup); + return (0); /* success! */ + + tryall: + /* if there are other nameservers, give them a go, + otherwise return with error */ + { + int sdomains; + + BIGLOCK; + sdomains=__searchdomains; + BIGUNLOCK; + variant = 0; + if (retries >= nscount*(sdomains+1)) + goto fail; + } + + again: + /* if there are searchdomains, try them or fallback as passed */ + { + int sdomains; + BIGLOCK; + sdomains=__searchdomains; + BIGUNLOCK; + + if (variant < sdomains) { + /* next search */ + variant++; + } else { + /* next server, first search */ + LOCK; + ns = (ns + 1) % nscount; + UNLOCK; + variant = 0; + } + } + } + +fail: + if (fd != -1) + close(fd); + if (lookup) + free(lookup); + if (packet) + free(packet); + return -1; +} + +static void __open_etc_hosts(FILE **fp) +{ + if ((*fp = fopen("/etc/hosts", "r")) == NULL) { + *fp = fopen("/etc/config/hosts", "r"); + } + return; +} + +static int __read_etc_hosts_r(FILE * fp, const char * name, int type, + enum etc_hosts_action action, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ + struct in_addr *in=NULL; + struct in_addr **addr_list=NULL; +#ifdef __UCLIBC_HAS_IPV6__ + struct in6_addr *in6=NULL; + struct in6_addr **addr_list6=NULL; +#endif /* __UCLIBC_HAS_IPV6__ */ + char *cp; + char **alias; + int aliases, i; + int ret=HOST_NOT_FOUND; + + if (buflen < sizeof(char *)*(ALIAS_DIM)) + return ERANGE; + alias=(char **)buf; + buf+=sizeof(char **)*(ALIAS_DIM); + buflen-=sizeof(char **)*(ALIAS_DIM); + + if (action!=GETHOSTENT) { +#ifdef __UCLIBC_HAS_IPV6__ + char *p=buf; + size_t len=buflen; +#endif /* __UCLIBC_HAS_IPV6__ */ + *h_errnop=NETDB_INTERNAL; + if (buflen < sizeof(*in)) + return ERANGE; + in=(struct in_addr*)buf; + buf+=sizeof(*in); + buflen-=sizeof(*in); + + if (buflen < sizeof(*addr_list)*2) + return ERANGE; + addr_list=(struct in_addr **)buf; + buf+=sizeof(*addr_list)*2; + buflen-=sizeof(*addr_list)*2; + +#ifdef __UCLIBC_HAS_IPV6__ + if (len < sizeof(*in6)) + return ERANGE; + in6=(struct in6_addr*)p; + p+=sizeof(*in6); + len-=sizeof(*in6); + + if (len < sizeof(*addr_list6)*2) + return ERANGE; + addr_list6=(struct in6_addr**)p; + p+=sizeof(*addr_list6)*2; + len-=sizeof(*addr_list6)*2; + + if (len < buflen) { + buflen=len; + buf=p; + } +#endif /* __UCLIBC_HAS_IPV6__ */ + + if (buflen < 80) + return ERANGE; + + __open_etc_hosts(&fp); + if (fp == NULL) { + result=NULL; + return errno; + } + } + + *h_errnop=HOST_NOT_FOUND; + while (fgets(buf, buflen, fp)) { + if ((cp = strchr(buf, '#'))) + *cp = '\0'; + DPRINTF("Looking at: %s\n", buf); + aliases = 0; + + cp = buf; + while (*cp) { + while (*cp && isspace(*cp)) + *cp++ = '\0'; + if (!*cp) + continue; + if (aliases < (2+MAX_ALIASES)) + alias[aliases++] = cp; + while (*cp && !isspace(*cp)) + cp++; + } + alias[aliases] = 0; + + if (aliases < 2) + continue; /* syntax error really */ + + if (action==GETHOSTENT) { + /* Return whatever the next entry happens to be. */ + break; + } else if (action==GET_HOSTS_BYADDR) { + if (strcmp(name, alias[0]) != 0) + continue; + } else { + /* GET_HOSTS_BYNAME */ + for (i = 1; i < aliases; i++) + if (strcasecmp(name, alias[i]) == 0) + break; + if (i >= aliases) + continue; + } + + if (type == AF_INET && inet_pton(AF_INET, alias[0], in) > 0) { + DPRINTF("Found INET\n"); + addr_list[0] = in; + addr_list[1] = 0; + result_buf->h_name = alias[1]; + result_buf->h_addrtype = AF_INET; + result_buf->h_length = sizeof(*in); + result_buf->h_addr_list = (char**) addr_list; + result_buf->h_aliases = alias + 2; + *result=result_buf; + ret=NETDB_SUCCESS; +#ifdef __UCLIBC_HAS_IPV6__ + } else if (type == AF_INET6 && inet_pton(AF_INET6, alias[0], in6) > 0) { + DPRINTF("Found INET6\n"); + addr_list6[0] = in6; + addr_list6[1] = 0; + result_buf->h_name = alias[1]; + result_buf->h_addrtype = AF_INET6; + result_buf->h_length = sizeof(*in6); + result_buf->h_addr_list = (char**) addr_list6; + result_buf->h_aliases = alias + 2; + *result=result_buf; + ret=NETDB_SUCCESS; +#endif /* __UCLIBC_HAS_IPV6__ */ + } else { + DPRINTF("Error\n"); + ret=TRY_AGAIN; + break; /* bad ip address */ + } + + if (action!=GETHOSTENT) { + fclose(fp); + } + return ret; + } + if (action!=GETHOSTENT) { + fclose(fp); + } + return ret; +} + +/* + * we currently read formats not quite the same as that on normal + * unix systems, we can have a list of nameservers after the keyword. + */ +int __get_hosts_byname_r(const char * name, int type, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ + return(__read_etc_hosts_r(NULL, name, type, GET_HOSTS_BYNAME, result_buf, buf, buflen, result, h_errnop)); +} + +static int __open_nameservers() +{ + FILE *fp; + int i; +#define RESOLV_ARGS 5 + char szBuffer[128], *p, *argv[RESOLV_ARGS]; + int argc; + + BIGLOCK; + if (__nameservers > 0) { + BIGUNLOCK; + return 0; + } + + if ((fp = fopen("/etc/resolv.conf", "r")) || + (fp = fopen("/etc/config/resolv.conf", "r"))) { + + while (fgets(szBuffer, sizeof(szBuffer), fp) != NULL) { + + for (p = szBuffer; *p && isspace(*p); p++) + /* skip white space */; + if (*p == '\0' || *p == '\n' || *p == '#') /* skip comments etc */ + continue; + argc = 0; + while (*p && argc < RESOLV_ARGS) { + argv[argc++] = p; + while (*p && !isspace(*p) && *p != '\n') + p++; + while (*p && (isspace(*p) || *p == '\n')) /* remove spaces */ + *p++ = '\0'; + } + + if (strcmp(argv[0], "nameserver") == 0) { + for (i = 1; i < argc && __nameservers < MAX_SERVERS; i++) { + __nameserver[__nameservers++] = strdup(argv[i]); + DPRINTF("adding nameserver %s\n", argv[i]); + } + } + + /* domain and search are mutually exclusive, the last one wins */ + if (strcmp(argv[0],"domain")==0 || strcmp(argv[0],"search")==0) { + while (__searchdomains > 0) { + free(__searchdomain[--__searchdomains]); + __searchdomain[__searchdomains] = NULL; + } + for (i=1; i < argc && __searchdomains < MAX_SEARCH; i++) { + __searchdomain[__searchdomains++] = strdup(argv[i]); + DPRINTF("adding search %s\n", argv[i]); + } + } + } + fclose(fp); + } else { + DPRINTF("failed to open %s\n", "resolv.conf"); + } + DPRINTF("nameservers = %d\n", __nameservers); + BIGUNLOCK; + return 0; +} + +static int sh_gethostbyname_r(const char * name, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ + struct in_addr *in; + struct in_addr **addr_list; + unsigned char *packet; + struct resolv_answer a; + int i; + int nest = 0; + int __nameserversXX; + char ** __nameserverXX; + + __open_nameservers(); + + *result=NULL; + if (!name) + return EINVAL; + + /* do /etc/hosts first */ + if ((i=__get_hosts_byname_r(name, AF_INET, result_buf, + buf, buflen, result, h_errnop))==0) + return i; + switch (*h_errnop) { + case HOST_NOT_FOUND: + case NO_ADDRESS: + break; + case NETDB_INTERNAL: + if (errno == ENOENT) { + break; + } + /* else fall through */ + default: + return i; + } + + DPRINTF("Nothing found in /etc/hosts\n"); + + *h_errnop = NETDB_INTERNAL; + if (buflen < sizeof(*in)) + return ERANGE; + in=(struct in_addr*)buf; + buf+=sizeof(*in); + buflen-=sizeof(*in); + + if (buflen < sizeof(*addr_list)*2) + return ERANGE; + addr_list=(struct in_addr**)buf; + buf+=sizeof(*addr_list)*2; + buflen-=sizeof(*addr_list)*2; + + addr_list[0] = in; + addr_list[1] = 0; + + if (buflen<256) + return ERANGE; + strncpy(buf, name, buflen); + + /* First check if this is already an address */ + if (inet_aton(name, in)) { + result_buf->h_name = buf; + result_buf->h_addrtype = AF_INET; + result_buf->h_length = sizeof(*in); + result_buf->h_addr_list = (char **) addr_list; + *result=result_buf; + *h_errnop = NETDB_SUCCESS; + return NETDB_SUCCESS; + } + + for (;;) { + + BIGLOCK; + __nameserversXX=__nameservers; + __nameserverXX=__nameserver; + BIGUNLOCK; + i = __dns_lookup(buf, T_A, __nameserversXX, __nameserverXX, &packet, &a); + + if (i < 0) { + *h_errnop = HOST_NOT_FOUND; + DPRINTF("__dns_lookup\n"); + return TRY_AGAIN; + } + + strncpy(buf, a.dotted, buflen); + free(a.dotted); + + if (a.atype == T_CNAME) { /* CNAME */ + DPRINTF("Got a CNAME in gethostbyname()\n"); + i = __decode_dotted(packet, a.rdoffset, buf, buflen); + free(packet); + + if (i < 0) { + *h_errnop = NO_RECOVERY; + DPRINTF("__decode_dotted\n"); + return -1; + } + if (++nest > MAX_RECURSE) { + *h_errnop = NO_RECOVERY; + DPRINTF("recursion\n"); + return -1; + } + continue; + } else if (a.atype == T_A) { /* ADDRESS */ + memcpy(in, a.rdata, sizeof(*in)); + result_buf->h_name = buf; + result_buf->h_addrtype = AF_INET; + result_buf->h_length = sizeof(*in); + result_buf->h_addr_list = (char **) addr_list; + free(packet); + break; + } else { + free(packet); + *h_errnop=HOST_NOT_FOUND; + return TRY_AGAIN; + } + } + + *result=result_buf; + *h_errnop = NETDB_SUCCESS; + return NETDB_SUCCESS; +} + +struct hostent * sh_gethostbyname(const char *name) +{ + static struct hostent h; + static char buf[sizeof(struct in_addr) + + sizeof(struct in_addr *)*2 + + sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; + struct hostent *hp; + + sh_gethostbyname_r(name, &h, buf, sizeof(buf), &hp, &h_errno); + + return hp; +} + +static int __get_hosts_byaddr_r(const char * addr, int len, int type, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ +#ifndef __UCLIBC_HAS_IPV6__ + char ipaddr[INET_ADDRSTRLEN]; +#else + char ipaddr[INET6_ADDRSTRLEN]; +#endif /* __UCLIBC_HAS_IPV6__ */ + + switch (type) { + case AF_INET: + if (len != sizeof(struct in_addr)) + return 0; + break; +#ifdef __UCLIBC_HAS_IPV6__ + case AF_INET6: + if (len != sizeof(struct in6_addr)) + return 0; + break; +#endif /* __UCLIBC_HAS_IPV6__ */ + default: + return 0; + } + + inet_ntop(type, addr, ipaddr, sizeof(ipaddr)); + + return(__read_etc_hosts_r(NULL, ipaddr, type, GET_HOSTS_BYADDR, + result_buf, buf, buflen, result, h_errnop)); +} + +static int sh_gethostbyaddr_r (const void *addr, socklen_t len, int type, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) + +{ + struct in_addr *in; + struct in_addr **addr_list; +#ifdef __UCLIBC_HAS_IPV6__ + char *qp; + size_t plen; + struct in6_addr *in6; + struct in6_addr **addr_list6; +#endif /* __UCLIBC_HAS_IPV6__ */ + unsigned char *packet; + struct resolv_answer a; + int i; + int nest = 0; + int __nameserversXX; + char ** __nameserverXX; + + *result=NULL; + if (!addr) + return EINVAL; + + switch (type) { + case AF_INET: + if (len != sizeof(struct in_addr)) + return EINVAL; + break; +#ifdef __UCLIBC_HAS_IPV6__ + case AF_INET6: + if (len != sizeof(struct in6_addr)) + return EINVAL; + break; +#endif /* __UCLIBC_HAS_IPV6__ */ + default: + return EINVAL; + } + + /* do /etc/hosts first */ + if ((i=__get_hosts_byaddr_r(addr, len, type, result_buf, + buf, buflen, result, h_errnop))==0) + return i; + switch (*h_errnop) { + case HOST_NOT_FOUND: + case NO_ADDRESS: + break; + default: + return i; + } + + __open_nameservers(); + +#ifdef __UCLIBC_HAS_IPV6__ + qp=buf; + plen=buflen; +#endif /* __UCLIBC_HAS_IPV6__ */ + + *h_errnop = NETDB_INTERNAL; + if (buflen < sizeof(*in)) + return ERANGE; + in=(struct in_addr*)buf; + buf+=sizeof(*in); + buflen-=sizeof(*in); + + if (buflen < sizeof(*addr_list)*2) + return ERANGE; + addr_list=(struct in_addr**)buf; + buf+=sizeof(*addr_list)*2; + buflen-=sizeof(*addr_list)*2; + +#ifdef __UCLIBC_HAS_IPV6__ + if (plen < sizeof(*in6)) + return ERANGE; + in6=(struct in6_addr*)qp; + qp+=sizeof(*in6); + plen-=sizeof(*in6); + + if (plen < sizeof(*addr_list6)*2) + return ERANGE; + addr_list6=(struct in6_addr**)qp; + qp+=sizeof(*addr_list6)*2; + plen-=sizeof(*addr_list6)*2; + + if (plen < buflen) { + buflen=plen; + buf=qp; + } +#endif /* __UCLIBC_HAS_IPV6__ */ + + if (buflen<256) + return ERANGE; + + if(type == AF_INET) { + unsigned char *tmp_addr = (unsigned char *)addr; + + memcpy(&in->s_addr, addr, len); + + addr_list[0] = in; + + sprintf(buf, "%u.%u.%u.%u.in-addr.arpa", + tmp_addr[3], tmp_addr[2], tmp_addr[1], tmp_addr[0]); +#ifdef __UCLIBC_HAS_IPV6__ + } else { + memcpy(in6->s6_addr, addr, len); + + addr_list6[0] = in6; + qp = buf; + + for (i = len - 1; i >= 0; i--) { + qp += sprintf(qp, "%x.%x.", in6->s6_addr[i] & 0xf, + (in6->s6_addr[i] >> 4) & 0xf); + } + strcpy(qp, "ip6.int"); +#endif /* __UCLIBC_HAS_IPV6__ */ + } + + addr_list[1] = 0; + + for (;;) { + + BIGLOCK; + __nameserversXX=__nameservers; + __nameserverXX=__nameserver; + BIGUNLOCK; + i = __dns_lookup(buf, T_PTR, __nameserversXX, __nameserverXX, &packet, &a); + + if (i < 0) { + *h_errnop = HOST_NOT_FOUND; + return TRY_AGAIN; + } + + strncpy(buf, a.dotted, buflen); + free(a.dotted); + + if (a.atype == T_CNAME) { /* CNAME */ + DPRINTF("Got a CNAME in gethostbyaddr()\n"); + i = __decode_dotted(packet, a.rdoffset, buf, buflen); + free(packet); + + if (i < 0) { + *h_errnop = NO_RECOVERY; + return -1; + } + if (++nest > MAX_RECURSE) { + *h_errnop = NO_RECOVERY; + return -1; + } + continue; + } else if (a.atype == T_PTR) { /* ADDRESS */ + i = __decode_dotted(packet, a.rdoffset, buf, buflen); + free(packet); + + result_buf->h_name = buf; + result_buf->h_addrtype = type; + + if(type == AF_INET) { + result_buf->h_length = sizeof(*in); +#ifdef __UCLIBC_HAS_IPV6__ + } else { + result_buf->h_length = sizeof(*in6); +#endif /* __UCLIBC_HAS_IPV6__ */ + } + + result_buf->h_addr_list = (char **) addr_list; + break; + } else { + free(packet); + *h_errnop = NO_ADDRESS; + return TRY_AGAIN; + } + } + + *result=result_buf; + *h_errnop = NETDB_SUCCESS; + return NETDB_SUCCESS; +} + +struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type) +{ + static struct hostent h; + static char buf[ +#ifndef __UCLIBC_HAS_IPV6__ + sizeof(struct in_addr) + sizeof(struct in_addr *)*2 + +#else + sizeof(struct in6_addr) + sizeof(struct in6_addr *)*2 + +#endif /* __UCLIBC_HAS_IPV6__ */ + sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; + struct hostent *hp; + + sh_gethostbyaddr_r(addr, len, type, &h, buf, sizeof(buf), &hp, &h_errno); + + return hp; +} + +/* NEED_STATIC_LIBS */ +#else + +/* include something to avoid empty compilation unit */ +#include + +#endif + Index: branches/samhain-2_2-branch/src/sh_suidchk.c =================================================================== --- branches/samhain-2_2-branch/src/sh_suidchk.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_suidchk.c (revision 66) @@ -0,0 +1,1964 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2001 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LIBGEN_H +#include +#endif +#ifdef HAVE_SCHED_H +#include +#endif + +#ifdef SH_USE_SUIDCHK + +#ifndef HAVE_BASENAME +#define basename(a) ((NULL == strrchr(a, '/')) ? (a) : (strrchr(a, '/'))) +#endif + +#undef FIL__ +#define FIL__ _("sh_suidchk.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_DIRENT_H +#include +#define NAMLEN(dirent) sl_strlen((dirent)->d_name) +#else +#define dirent direct +#define NAMLEN(dirent) (dirent)->d_namlen +#ifdef HAVE_SYS_NDIR_H +#include +#endif +#ifdef HAVE_SYS_DIR_H +#include +#endif +#ifdef HAVE_NDIR_H +#include +#endif +#endif + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_suidchk.h" +#include "sh_hash.h" +#include "sh_unix.h" +#include "sh_files.h" +#include "sh_schedule.h" +#include "sh_calls.h" + + +sh_rconf sh_suidchk_table[] = { + { + N_("severitysuidcheck"), + sh_suidchk_set_severity + }, + { + N_("suidcheckactive"), + sh_suidchk_set_activate + }, + { + N_("suidcheckinterval"), + sh_suidchk_set_timer + }, + { + N_("suidcheckschedule"), + sh_suidchk_set_schedule + }, + { + N_("suidcheckexclude"), + sh_suidchk_set_exclude + }, + { + N_("suidcheckfps"), + sh_suidchk_set_fps + }, + { + N_("suidcheckyield"), + sh_suidchk_set_yield + }, + { + N_("suidcheckquarantinefiles"), + sh_suidchk_set_quarantine + }, + { + N_("suidcheckquarantinemethod"), + sh_suidchk_set_qmethod + }, + { + N_("suidcheckquarantinedelete"), + sh_suidchk_set_qdelete + }, + { + NULL, + NULL + }, +}; + + +static time_t lastcheck = (time_t) 0; +static int ShSuidchkActive = S_TRUE; +static time_t ShSuidchkInterval = 7200; +static long ShSuidchkFps = 0; +static int ShSuidchkYield = S_FALSE; +static int ShSuidchkQEnable = S_FALSE; +static int ShSuidchkQMethod = SH_Q_CHANGEPERM; +static int ShSuidchkQDelete = S_FALSE; +static int ShSuidchkSeverity = SH_ERR_SEVERE; +static char * ShSuidchkExclude = NULL; +static int ExcludeLen = 0; + +static time_t FileLimNow = 0; +static time_t FileLimStart = 0; +static long FileLimNum = 0; +static long FileLimTotal = 0; + +static sh_schedule_t * ShSuidchkSched = NULL; + +static char * +filesystem_type (char * path, char * relpath, struct stat * statp); + +#ifndef PATH_MAX +#define PATH_MAX 1024 +#endif + +extern unsigned long sh_files_maskof (int class); + +/* Recursively descend into the directory to make sure that + * there is no symlink in the path. + */ +static int do_truncate_int (char * path, int depth) +{ + char * q; + struct stat one; + struct stat two; + int fd; + + if (depth > 99) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("do_truncate: max depth 99 exceeded")); + return -1; + } + ++depth; + if (path[0] != '/') + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("do_truncate: not an absolute path")); + return -1; + } + ++path; + q = strchr(path, '/'); + if (q) + { + *q = '\0'; + if (0 != retry_lstat(FIL__, __LINE__, path, &one)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + *q = '/'; + return -1; + } + if (/*@-usedef@*/!S_ISDIR(one.st_mode)/*@+usedef@*/) + + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: not a directory")); + *q = '/'; + return -1; + } + + + if (0 != chdir(path)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + *q = '/'; + return -1; + } + *q = '/'; + if (0 != retry_lstat(FIL__, __LINE__, ".", &two)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + return -1; + } + if (/*@-usedef@*/(one.st_dev != two.st_dev) || + (one.st_ino != two.st_ino) || + (!S_ISDIR(two.st_mode))/*@+usedef@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: lstat(dir) != lstat(.)")); + return -1; + } + + + return (do_truncate_int(q, depth)); + } + else + { + /* no more '/', so this is the file + */ + if (*path == '\0') + return -1; + if (0 != retry_lstat(FIL__, __LINE__, path, &one)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + return -1; + } + fd = open(path, O_RDWR); + if (-1 == fd) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + return -1; + } + if (0 != retry_fstat(FIL__, __LINE__, fd, &two)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + (void) close(fd); + return -1; + } + if (/*@-usedef@*/(one.st_dev != two.st_dev) || + (one.st_ino != two.st_ino)/*@+usedef@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: lstat != fstat")); + (void) close(fd); + return -1; + } + if (!S_ISREG(two.st_mode)) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: not a regular file")); + (void) close(fd); + return -1; + } + if ((0 == (two.st_mode & S_ISUID)) && (0 == (two.st_mode & S_ISGID))) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: not a suid/sgid file")); + (void) close(fd); + return -1; + } + if (ShSuidchkQDelete == S_FALSE) + { + if ((two.st_mode & S_ISUID) > 0) + two.st_mode -= S_ISUID; + if ((two.st_mode & S_ISGID) > 0) + two.st_mode -= S_ISGID; +#ifdef HAVE_FCHMOD + if (-1 == /*@-unrecog@*/fchmod(fd, two.st_mode)/*@+unrecog@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + (void) close(fd); + return -1; + } +#else + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + _("The fchmod() function is not available")); + (void) close(fd); + return -1; +#endif + if (two.st_nlink > 1) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_SUID_ERROR, + _("Not truncated because hardlink count gt 1")); + (void) close(fd); + return -1; + } + /* The man page says: 'POSIX has ftruncate' + */ + if (-1 == /*@-unrecog@*/ftruncate(fd, 0)/*@+unrecog@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + (void) close(fd); + return -1; + } + } + else + { + if (-1 == retry_aud_unlink(FIL__, __LINE__, path)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + (void) close(fd); + return -1; + } + } + (void) close (fd); + return (0); + } +} + +static int do_truncate (char * path) +{ + int caperr; + int result; + + if (0 != chdir("/")) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + } + + if (0 != (caperr = sl_get_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, + sh_error_message (caperr), + _("sl_get_cap_qdel")); + } + + result = do_truncate_int (path, 0); + + if (0 != (caperr = sl_drop_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, + sh_error_message (caperr), + _("sl_drop_cap_qdel")); + } + + if (0 != chdir("/")) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno)); + } + return result; +} + +static +int sh_suidchk_check_internal (char * iname) +{ + int caperr; + DIR * thisDir = NULL; + FILE * filePtr = NULL; + struct dirent * thisEntry; + char * tmpcat; + char * tmp; + char * msg; + char * dir; + char * filetmp; + char * basetmp; + char timestrc[32]; + char timestra[32]; + char timestrm[32]; + char buffer[1024]; + struct stat buf; + int status; + int count; + int readFile = -1; + int writeFile = -1; + char * fs; + long sl_status = SL_ENONE; + struct stat fileInfo; + struct stat fileInfo_F; + int file_d; + + file_type theFile; + char fileHash[2*(KEY_LEN + 1)]; + + mode_t umask_old; + int cperm_status; + + SL_ENTER(_("sh_suidchk_check_internal")); + + if (iname == NULL) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"))); + SL_RETURN( (-1), _("sh_suidchk_check_internal")); + } + + if (sig_urgent > 0) { + SL_RETURN( (0), _("sh_suidchk_check_internal")); + } + + thisDir = opendir (iname); + + if (thisDir == NULL) + { + status = errno; + tmp = sh_util_safe_name(iname); + sh_error_handle (ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, status, + MSG_E_OPENDIR, + sh_error_message (status), tmp); + SH_FREE(tmp); + SL_RETURN( (-1), _("sh_suidchk_check_internal")); + } + + do { + + if (sig_urgent > 0) { + SL_RETURN( (0), _("sh_suidchk_check_internal")); + } + + + thisEntry = readdir (thisDir); + + if (thisEntry != NULL) { + + if (sl_strcmp (thisEntry->d_name, ".") == 0) + continue; + + if (sl_strcmp (thisEntry->d_name, "..") == 0) + continue; + + tmpcat = SH_ALLOC(PATH_MAX); + (void) sl_strlcpy(tmpcat, iname, PATH_MAX); + + if ((sl_strlen(tmpcat) != sl_strlen(iname)) || (tmpcat[0] == '\0')) + sl_status = SL_ETRUNC; + else + { + if (tmpcat[1] != '\0') + sl_status = sl_strlcat(tmpcat, "/", PATH_MAX); + } + if (! SL_ISERROR(sl_status)) + sl_status = sl_strlcat(tmpcat, thisEntry->d_name, PATH_MAX); + if (SL_ISERROR(sl_status)) + { + tmp = sh_util_safe_name(tmpcat); + sh_error_handle ((-1), FIL__, __LINE__, (int) sl_status, + MSG_E_SUBGPATH, + _("path too long"), + _("sh_suidchk_check_internal"), tmp ); + SH_FREE(tmp); + continue; + } + + ++FileLimNum; + ++FileLimTotal; + + if ((ShSuidchkFps > 0 && FileLimNum > ShSuidchkFps && FileLimTotal > 0)&& + (ShSuidchkYield == S_FALSE)) + { + FileLimNum = 0; + FileLimNow = time(NULL); + + if ( (FileLimNow - FileLimStart) > 0 && + FileLimTotal/(FileLimNow - FileLimStart) > ShSuidchkFps ) + (void) retry_msleep((int)((FileLimTotal/(FileLimNow-FileLimStart))/ + ShSuidchkFps) , 0); + } + + status = (int) retry_lstat(FIL__, __LINE__, tmpcat, &buf); + + if (status != 0) + { + status = errno; + tmp = sh_util_safe_name(tmpcat); + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT, + sh_error_message(status), + tmpcat ); + SH_FREE(tmp); + } + else + { + if (/*@-usedef@*/S_ISDIR(buf.st_mode)/*@+usedef@*/ && + (ShSuidchkExclude == NULL || + 0 != strcmp(tmpcat, ShSuidchkExclude))) + { + /* fs is a STATIC string or NULL + */ + fs = filesystem_type (tmpcat, tmpcat, &buf); + if (fs != NULL +#ifndef SH_SUIDTESTDIR + && + 0 != strncmp (_("afs"), fs, 3) && + 0 != strncmp (_("devfs"), fs, 5) && + 0 != strncmp (_("iso9660"), fs, 7) && + 0 != strncmp (_("lustre"), fs, 6) && + 0 != strncmp (_("mmfs"), fs, 4) && + 0 != strncmp (_("msdos"), fs, 5) && + 0 != strncmp (_("nfs"), fs, 3) && + 0 != strncmp (_("nosuid"), fs, 6) && + 0 != strncmp (_("proc"), fs, 4) && + 0 != strncmp (_("vfat"), fs, 4) +#endif + ) + { + /* fprintf(stderr, "%s: %s\n", fs, tmpcat); */ + (void) sh_suidchk_check_internal(tmpcat); + } + } + else if (S_ISREG(buf.st_mode) && + (0 !=(S_ISUID & buf.st_mode) || +#if defined(HOST_IS_LINUX) + (0 !=(S_ISGID & buf.st_mode) && + 0 !=(S_IXGRP & buf.st_mode)) +#else + 0 !=(S_ISGID & buf.st_mode) +#endif + ) + ) + { + + (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); + theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); + theFile.reported = S_FALSE; + status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], + thisEntry->d_name, + &theFile, fileHash, 0); + + tmp = sh_util_safe_name(tmpcat); + + if (status != 0) + { + sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, + 0, MSG_E_SUBGPATH, + _("Could not check suid/sgid file"), + _("sh_suidchk_check_internal"), + tmp); + } + else + { + if (sh.flag.update == S_TRUE && + (sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK)) + { + if (-1 == sh_hash_have_it (tmpcat)) + { + sh_error_handle ((-1), FIL__, __LINE__, + 0, MSG_SUID_FOUND, + tmp ); + } + else + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, + 0, MSG_SUID_FOUND, + tmp ); + } + if (0 == sh_hash_compdata (SH_LEVEL_READONLY, + &theFile, fileHash, + _("[SuidCheck]"), + ShSuidchkSeverity)) + { + sh_hash_pushdata_memory (&theFile, fileHash); + } + } + else if (sh.flag.checkSum == SH_CHECK_INIT && + sh.flag.update == S_FALSE ) + { + sh_hash_pushdata (&theFile, fileHash); + sh_error_handle ((-1), FIL__, __LINE__, + 0, MSG_SUID_FOUND, + tmp ); + } + else if (sh.flag.checkSum == SH_CHECK_CHECK ) + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, + 0, MSG_SUID_FOUND, + tmp ); + if (-1 == sh_hash_have_it (tmpcat)) + { + msg = SH_ALLOC(SH_BUFSIZE); + msg[0] = '\0'; + /*@-usedef@*/ + (void) sl_strlcpy (timestrc, + sh_unix_gmttime (theFile.ctime), + 32); + (void) sl_strlcpy (timestra, + sh_unix_gmttime (theFile.atime), + 32); + (void) sl_strlcpy (timestrm, + sh_unix_gmttime (theFile.mtime), + 32); +#ifdef SH_USE_XML + (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=\"%s\" iowner_new=\"%ld\" group_new=\"%s\" igroup_new=\"%ld\" size_new=\"%lu\" ctime_new=\"%s\" atime_new=\"%s\" mtime_new=\"%s\""), + theFile.c_owner, theFile.owner, + theFile.c_group, theFile.group, + (unsigned long) theFile.size, + timestrc, timestra, timestrm); +#else + (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=<%s>, iowner_new=<%ld>, group_new=<%s>, igroup_new=<%ld>, filesize=<%lu>, ctime=<%s>, atime=<%s>, mtime=<%s>"), + theFile.c_owner, theFile.owner, + theFile.c_group, theFile.group, + (unsigned long) theFile.size, + timestrc, timestra, timestrm); +#endif + /*@+usedef@*/ + + sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, + 0, MSG_SUID_POLICY, + _("suid/sgid file not in database"), + tmp, msg ); + SH_FREE(msg); + + /* Quarantine file according to configured method + */ + if (ShSuidchkQEnable == S_TRUE) + { + switch (ShSuidchkQMethod) + { + case SH_Q_DELETE: + /* if (unlink (theFile.fullpath) == -1) */ + if (do_truncate (theFile.fullpath) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + } + else + { + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, 0, + MSG_SUID_QREPORT, + _("Quarantine method applied"), + tmp ); + } + break; + case SH_Q_CHANGEPERM: + cperm_status = 0; + file_d = -1; + if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + + if (cperm_status == 0) + { + if (0 != (caperr = sl_get_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, + caperr, MSG_E_SUBGEN, + sh_error_message (caperr), + _("sl_get_cap_qdel")); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, + tmpcat, O_RDONLY, 0); + if (-1 == file_d) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + if (fileInfo_F.st_ino != fileInfo.st_ino || + fileInfo_F.st_dev != fileInfo.st_dev || + fileInfo_F.st_mode != fileInfo.st_mode) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Race detected. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + + if ((fileInfo.st_mode & S_ISUID) > 0) + fileInfo.st_mode -= S_ISUID; + if ((fileInfo.st_mode & S_ISGID) > 0) + fileInfo.st_mode -= S_ISGID; + + if (cperm_status == 0) + { + if (fchmod(file_d, fileInfo.st_mode) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(msg); + } + else + { + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + 0, + MSG_SUID_QREPORT, + _("Quarantine method applied"), + tmp ); + } + } + + if (0 != (caperr = sl_drop_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, + caperr, MSG_E_SUBGEN, + sh_error_message (caperr), + _("sl_drop_cap_qdel")); + } + + if (file_d != -1) + { + do { + status = close (file_d); + } while (status == -1 && errno == EINTR); + + if (-1 == status) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + break; + case SH_Q_MOVE: + dir = SH_ALLOC(PATH_MAX+1); + (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); + if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + } + else + { + if (retry_lstat (FIL__, __LINE__, + theFile.fullpath, &fileInfo) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld(stat)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(msg); + } + else + { + basetmp = sh_util_strdup(theFile.fullpath); + filetmp = SH_ALLOC(PATH_MAX+1); + (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s", + DEFAULT_QDIR, basename(basetmp)); + SH_FREE(basetmp); + + readFile = open (theFile.fullpath, O_RDONLY); + if (readFile != -1) + writeFile = open (filetmp, O_WRONLY|O_CREAT); + + if ((readFile == -1) || (writeFile == -1)) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (open)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(msg); + } + else + { + /* sizeof(buffer) is 1024 */ + while ((count = (int) read (readFile, buffer, sizeof (buffer))) > 0) + if ((int) write (writeFile, buffer, (size_t) count) != count) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld (write)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, + __LINE__, + status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(msg); + } + } + (void) close (readFile); + (void) fchmod(writeFile, S_IRUSR | S_IWUSR | S_IXUSR); + (void) close (writeFile); + /* if (unlink (theFile.fullpath) == -1) */ + if (do_truncate (theFile.fullpath) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(msg); + } + else + { + (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s.info", + DEFAULT_QDIR, + basename(theFile.fullpath)); + /* + * avoid chmod by setting umask + */ + umask_old = umask (0077); + filePtr = fopen (filetmp, "w+"); + /*@-usedef@*/ + if (filePtr) + { + fprintf(filePtr, _("File Info:\n filename=%s\n size=%lu\n owner=%s(%d)\n group=%s(%d)\n ctime=%s\n atime=%s\n mtime=%s\n"), + theFile.fullpath, + (unsigned long) theFile.size, + theFile.c_owner, (int) theFile.owner, + theFile.c_group, (int) theFile.group, + timestrc, timestra, timestrm); + (void) fclose (filePtr); + } + /*@+usedef@*/ + umask (umask_old); + + sh_error_handle (ShSuidchkSeverity, + FIL__,__LINE__, + 0, MSG_SUID_QREPORT, + _("Quarantine method applied"), + tmp ); + } + SH_FREE(filetmp); + } + } + SH_FREE(dir); + break; + default: + sh_error_handle (ShSuidchkSeverity, FIL__, + __LINE__, 0, MSG_SUID_QREPORT, + _("Bad quarantine method"), + tmp); + break; + } + } + else + { + /* 1.8.1 push file to in-memory database + */ + (void) sh_hash_compdata (SH_LEVEL_READONLY, + &theFile, fileHash, + _("[SuidCheck]"), + ShSuidchkSeverity); + } + } + else + { + (void) sh_hash_compdata (SH_LEVEL_READONLY, + &theFile, fileHash, + _("[SuidCheck]"), + ShSuidchkSeverity); + } + } + } + SH_FREE(tmp); + + } + } + SH_FREE(tmpcat); + } +#ifdef HAVE_SCHED_YIELD + if (ShSuidchkYield == S_TRUE) + { + if (sched_yield() == -1) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + _("Failed to release time slice"), + _("sh_suidchk_check_internal") ); + + } + } +#endif + } while (thisEntry != NULL); + + (void) closedir (thisDir); + SL_RETURN( (0), _("sh_suidchk_check_internal")); +} + +/************* + * + * module init + * + *************/ +int sh_suidchk_init () +{ + if (ShSuidchkActive == S_FALSE) + return (-1); + + return (0); +} + + +/************* + * + * module cleanup + * + *************/ +int sh_suidchk_end () +{ + return (0); +} + + +/************* + * + * module timer + * + *************/ +int sh_suidchk_timer (time_t tcurrent) +{ + if (sh.flag.checkSum == SH_CHECK_INIT) + return -1; + + /* One-shot (not daemon and not loop forever) + */ + if (sh.flag.isdaemon != S_TRUE && sh.flag.loop == S_FALSE) + return -1; + + if (ShSuidchkSched != NULL) + { + return test_sched(ShSuidchkSched); + } + if ((time_t) (tcurrent - lastcheck) >= ShSuidchkInterval) + { + lastcheck = tcurrent; + return (-1); + } + return 0; +} + +/************* + * + * module check + * + *************/ + +int sh_suidchk_check () +{ + int status; + + SL_ENTER(_("sh_suidchk_check")); + + sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, + _("Checking for SUID programs"), + _("suidchk_check") ); + + FileLimNow = time(NULL); + FileLimStart = FileLimNow; + FileLimNum = 0; + FileLimTotal = 0; + +#ifdef SH_SUIDTESTDIR + status = sh_suidchk_check_internal (SH_SUIDTESTDIR); +#else + status = sh_suidchk_check_internal ("/"); +#endif + + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, + FileLimTotal, + (long) (time(NULL) - FileLimStart) ); + + SL_RETURN(status, _("sh_suidchk_check")); +} + +/************* + * + * module setup + * + *************/ + +int sh_suidchk_set_severity (char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_suidchk_set_severity")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + retval = sh_error_set_level (tmp, &ShSuidchkSeverity); + SL_RETURN(retval, _("sh_suidchk_set_severity")); +} + +int sh_suidchk_set_exclude (char * c) +{ + SL_ENTER(_("sh_suidchk_set_exclude")); + if (c == NULL || c[0] == '\0') + { + SL_RETURN(-1, _("sh_suidchk_set_exclude")); + } + + if (0 == sl_strncmp(c, _("NULL"), 4)) + { + if (ShSuidchkExclude != NULL) + SH_FREE(ShSuidchkExclude); + ShSuidchkExclude = NULL; + SL_RETURN(0, _("sh_suidchk_set_exclude")); + } + + if (ShSuidchkExclude != NULL) + SH_FREE(ShSuidchkExclude); + + ExcludeLen = (int) sl_strlen(c); + if (c[ExcludeLen-1] == '/') + { + c[ExcludeLen-1] = '\0'; + ExcludeLen--; + } + ShSuidchkExclude = SH_ALLOC((size_t) ExcludeLen + 1); + (void) sl_strlcpy(ShSuidchkExclude, c, (size_t)(ExcludeLen + 1)); + + SL_RETURN(0, _("sh_suidchk_set_exclude")); +} + +int sh_suidchk_set_timer (char * c) +{ + long val; + + SL_ENTER(_("sh_suidchk_set_timer")); + + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk timer"), c); + + val = (val <= 0 ? 7200 : val); + + ShSuidchkInterval = (time_t) val; + SL_RETURN( 0, _("sh_suidchk_set_timer")); +} + + +int sh_suidchk_free_schedule () +{ + sh_schedule_t * current = ShSuidchkSched; + sh_schedule_t * next = NULL; + + while (current != NULL) + { + next = current->next; + SH_FREE(current); + current = next; + } + ShSuidchkSched = NULL; + return 0; +} + +int sh_suidchk_set_schedule (char * str) +{ + int status; + sh_schedule_t * newSched = NULL; + + SL_ENTER(_("sh_suidchk_set_schedule")); + + /* + if (ShSuidchkSched != NULL) + { + SH_FREE(ShSuidchkSched); + ShSuidchkSched = NULL; + } + */ + + if (0 == sl_strncmp(str, _("NULL"), 4)) + { + (void) sh_suidchk_free_schedule (); + return 0; + } + + newSched = SH_ALLOC(sizeof(sh_schedule_t)); + status = create_sched(str, newSched); + if (status != 0) + { + SH_FREE(newSched); + newSched = NULL; + } + else + { + newSched->next = ShSuidchkSched; + ShSuidchkSched = newSched; + } + SL_RETURN( status, _("sh_suidchk_set_schedule")); +} + + + +int sh_suidchk_set_fps (char * c) +{ + long val; + + SL_ENTER(_("sh_suidchk_set_fps")); + + val = strtol (c, (char **)NULL, 10); + if (val < 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk fps"), c); + + val = (val < 0 ? 0 : val); + + ShSuidchkFps = val; + SL_RETURN( 0, _("sh_suidchk_set_fps")); +} + +int sh_suidchk_set_yield (char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_yield")); +#ifdef HAVE_SCHED_YIELD + i = sh_util_flagval(c, &ShSuidchkYield); +#else + (void) c; /* cast to void to avoid compiler warning */ + i = -1; +#endif + SL_RETURN(i, _("sh_suidchk_set_yield")); +} + +int sh_suidchk_set_activate (char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_activate")); + i = sh_util_flagval(c, &ShSuidchkActive); + SL_RETURN(i, _("sh_suidchk_set_activate")); +} + +int sh_suidchk_set_quarantine (char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_quarantine")); + i = sh_util_flagval(c, &ShSuidchkQEnable); + SL_RETURN(i, _("sh_suidchk_set_quarantine")); +} + +int sh_suidchk_set_qdelete (char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_qdelete")); + i = sh_util_flagval(c, &ShSuidchkQDelete); + SL_RETURN(i, _("sh_suidchk_set_qdelete")); +} + +int sh_suidchk_set_qmethod (char * c) +{ + long val; + int ret = 0; + struct stat buf; + + SL_ENTER(_("sh_suidchk_set_qmethod")); + + val = strtol (c, (char **)NULL, 10); + if (val < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk qmethod"), c); + ret = -1; + } + else + { + switch (val) + { + case SH_Q_DELETE: + ShSuidchkQMethod = SH_Q_DELETE; + break; + case SH_Q_CHANGEPERM: + ShSuidchkQMethod = SH_Q_CHANGEPERM; + break; + case SH_Q_MOVE: + if (retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0) + { + if (mkdir (DEFAULT_QDIR, 0750) == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Unable to create quarantine directory")); + } + } + ShSuidchkQMethod = SH_Q_MOVE; + break; + default: + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk qmethod"), c); + ShSuidchkQMethod = -1; + ret = -1; + break; + } + } + + SL_RETURN( ret, _("sh_suidchk_set_qmethod")); +} + +#if defined(FSTYPE_STATFS) || defined(FSTYPE_AIX_STATFS) +/* dirname.c -- return all but the last element in a path + Copyright (C) 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + +/* Return the leading directories part of PATH, + allocated with malloc. If out of memory, return 0. + Assumes that trailing slashes have already been + removed. */ + +char * sh_dirname (const char * path) +{ + char *newpath; + char *slash; + int length; /* Length of result, not including NUL. */ + + slash = strrchr (path, '/'); + if (slash == NULL) + { + /* File is in the current directory. */ + path = "."; + length = 1; + } + else + { + /* Remove any trailing slashes from the result. */ + while (slash > path && *slash == '/') + --slash; + + length = slash - path + 1; + } + newpath = (char *) SH_ALLOC (length + 1); + if (newpath == NULL) + return NULL; + strncpy (newpath, path, length); + newpath[length] = '\0'; + return newpath; +} +/* #ifdef FSTYPE_STATFS */ +#endif + +/* fstype.c -- determine type of filesystems that files are on + Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/* Written by David MacKenzie . */ + +/* Modified by R. Wichmann: + - replaced error() by sh_error_handle() + - replaced xstrdup() by sl_strdup() + - replaced strstr() by sl_strstr() + - some additions to recognize nosuid fs +*/ + +/* modetype.h -- file type bits definitions for POSIX systems + Requires sys/types.h sys/stat.h. + Copyright (C) 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/* POSIX.1 doesn't mention the S_IFMT bits; instead, it uses S_IStype + test macros. To make storing file types more convenient, define + them; the values don't need to correspond to what the kernel uses, + because of the way we use them. */ +#ifndef S_IFMT /* Doesn't have traditional Unix macros. */ +#define S_IFBLK 1 +#define S_IFCHR 2 +#define S_IFDIR 4 +#define S_IFREG 8 +#ifdef S_ISLNK +#define S_IFLNK 16 +#endif +#ifdef S_ISFIFO +#define S_IFIFO 32 +#endif +#ifdef S_ISSOCK +#define S_IFSOCK 64 +#endif +#endif /* !S_IFMT */ + +#ifdef STAT_MACROS_BROKEN +#undef S_ISBLK +#undef S_ISCHR +#undef S_ISDIR +#undef S_ISREG +#undef S_ISFIFO +#undef S_ISLNK +#undef S_ISSOCK +#undef S_ISMPB +#undef S_ISMPC +#undef S_ISNWK +#endif + +/* Do the reverse: define the POSIX.1 macros for traditional Unix systems + that don't have them. */ +#if !defined(S_ISBLK) && defined(S_IFBLK) +#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK) +#endif +#if !defined(S_ISCHR) && defined(S_IFCHR) +#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) +#endif +#if !defined(S_ISDIR) && defined(S_IFDIR) +#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) +#endif +#if !defined(S_ISREG) && defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#endif +#if !defined(S_ISFIFO) && defined(S_IFIFO) +#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) +#endif +#if !defined(S_ISLNK) && defined(S_IFLNK) +#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) +#endif +#if !defined(S_ISSOCK) && defined(S_IFSOCK) +#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) +#endif +#if !defined(S_ISMPB) && defined(S_IFMPB) /* V7 */ +#define S_ISMPB(m) (((m) & S_IFMT) == S_IFMPB) +#define S_ISMPC(m) (((m) & S_IFMT) == S_IFMPC) +#endif +#if !defined(S_ISNWK) && defined(S_IFNWK) /* HP/UX */ +#define S_ISNWK(m) (((m) & S_IFMT) == S_IFNWK) +#endif + + +static char *filesystem_type_uncached (char *path, char *relpath, + struct stat *statp); + +#ifdef FSTYPE_MNTENT /* 4.3BSD etc. */ +static int xatoi (char *cp); +#endif + +#ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ +#include +#if !defined(MOUNTED) +# if defined(MNT_MNTTAB) /* HP-UX. */ +# define MOUNTED MNT_MNTTAB +# endif +# if defined(MNTTABNAME) /* Dynix. */ +# define MOUNTED MNTTABNAME +# endif +#endif +#endif + +#ifdef FSTYPE_GETMNT /* Ultrix. */ +#include +#include +#include +#endif + +#ifdef FSTYPE_USG_STATFS /* SVR3. */ +#include +#include +#endif + +#ifdef FSTYPE_STATVFS /* SVR4. */ +#include +#include +#endif + +#ifdef FSTYPE_STATFS /* 4.4BSD. */ +#include /* NetBSD needs this. */ +#include + +#ifndef MFSNAMELEN /* NetBSD defines this. */ +static char * +fstype_to_string (t) + short t; +{ +#ifdef INITMOUNTNAMES /* Defined in 4.4BSD, not in NET/2. */ + static char *mn[] = INITMOUNTNAMES; + if (t >= 0 && t <= MOUNT_MAXTYPE) + return mn[t]; + else + return "?"; +#else /* !INITMOUNTNAMES */ + switch (t) + { + case MOUNT_UFS: + return _("ufs"); + case MOUNT_NFS: + return _("nfs"); +#ifdef MOUNT_PC + case MOUNT_PC: + return _("pc"); +#endif +#ifdef MOUNT_MFS + case MOUNT_MFS: + return _("mfs"); +#endif +#ifdef MOUNT_LO + case MOUNT_LO: + return _("lofs"); +#endif +#ifdef MOUNT_TFS + case MOUNT_TFS: + return _("tfs"); +#endif +#ifdef MOUNT_TMP + case MOUNT_TMP: + return _("tmp"); +#endif +#ifdef MOUNT_MSDOS + case MOUNT_MSDOS: + return _("msdos"); +#endif +#ifdef MOUNT_ISO9660 + case MOUNT_ISO9660: + return _("iso9660fs"); +#endif + default: + return "?"; + } +#endif /* !INITMOUNTNAMES */ +} +#endif /* !MFSNAMELEN */ +#endif /* FSTYPE_STATFS */ + +#ifdef FSTYPE_AIX_STATFS /* AIX. */ +#include +#include + +#define FSTYPE_STATFS /* Otherwise like 4.4BSD. */ +#define f_type f_vfstype + +static char * +fstype_to_string (t) + short t; +{ + switch (t) + { + case MNT_AIX: + return _("aix"); /* AIX 4.3: NFS filesystems are actually MNT_AIX. */ +#ifdef MNT_NAMEFS + case MNT_NAMEFS: + return _("namefs"); +#endif + case MNT_NFS: + return _("nfs"); + case MNT_JFS: + return _("jfs"); + case MNT_CDROM: + return _("cdrom"); +#ifdef MNT_PROCFS + case MNT_PROCFS: + return _("procfs"); +#endif +#ifdef MNT_SFS + case MNT_SFS: + return _("sfs"); +#endif +#ifdef MNT_CACHEFS + case MNT_CACHEFS: + return _("cachefs"); +#endif +#ifdef MNT_NFS3 + case MNT_NFS3: + return _("nfs3"); +#endif +#ifdef MNT_AUTOFS + case MNT_AUTOFS: + return _("autofs"); +#endif +#ifdef MNT_VXFS + case MNT_VXFS: + return _("vxfs"); +#endif +#ifdef MNT_VXODM + case MNT_VXODM: + return _("veritasfs"); +#endif +#ifdef MNT_UDF + case MNT_UDF: + return _("udfs"); +#endif +#ifdef MNT_NFS4 + case MNT_NFS4: + return _("nfs4"); +#endif +#ifdef MNT_RFS4 + case MNT_RFS4: + return _("nfs4"); +#endif +#ifdef MNT_CIFS + case MNT_CIFS: + return _("cifs"); +#endif + default: + return "?"; + } +} +#endif /* FSTYPE_AIX_STATFS */ + +#ifdef AFS +#include +#include +#if __STDC__ +/* On SunOS 4, afs/vice.h defines this to rely on a pre-ANSI cpp. */ +#undef _VICEIOCTL +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#endif +#ifndef _IOW +/* AFS on Solaris 2.3 doesn't get this definition. */ +#include +#endif + +static int +in_afs (path) + char *path; +{ + static char space[2048]; + struct ViceIoctl vi; + + vi.in_size = 0; + vi.out_size = sizeof (space); + vi.out = space; + + if (pioctl (path, VIOC_FILE_CELL_NAME, &vi, 1) + && (errno == EINVAL || errno == ENOENT)) + return 0; + return 1; +} +#endif /* AFS */ + +/* Nonzero if the current filesystem's type is known. */ +static int fstype_known = 0; + +/* Return a static string naming the type of filesystem that the file PATH, + described by STATP, is on. + RELPATH is the file name relative to the current directory. + Return "unknown" if its filesystem type is unknown. */ + +static char * +filesystem_type (char * path, char * relpath, struct stat * statp) +{ + static char *current_fstype = NULL; + static dev_t current_dev; + + if (current_fstype != NULL) + { + if ((0 != fstype_known) && statp->st_dev == current_dev) + return current_fstype; /* Cached value. */ + SH_FREE (current_fstype); + } + current_dev = statp->st_dev; + current_fstype = filesystem_type_uncached (path, relpath, statp); + return current_fstype; +} + +/* Return a newly allocated string naming the type of filesystem that the + file PATH, described by STATP, is on. + RELPATH is the file name relative to the current directory. + Return "unknown" if its filesystem type is unknown. */ + +static char * +filesystem_type_uncached (path, relpath, statp) + char *path; + char *relpath; + struct stat *statp; +{ + char * type = NULL; +#ifdef MFSNAMELEN /* NetBSD. */ + static char my_tmp_type[64]; +#endif + +#ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ + char *table = MOUNTED; + FILE *mfp; + struct mntent *mnt; + + if (path == NULL || relpath == NULL) + return NULL; + + mfp = setmntent (table, "r"); + if (mfp == NULL) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("setmntent() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + + /* Find the entry with the same device number as STATP, and return + that entry's fstype. */ + while (type == NULL && (mnt = getmntent (mfp)) != NULL) + { + char *devopt; + dev_t dev; + struct stat disk_stats; + +#ifdef MNTTYPE_IGNORE + if (0 == strcmp (mnt->mnt_type, MNTTYPE_IGNORE)) + continue; +#endif + + /* Newer systems like SunOS 4.1 keep the dev number in the mtab, + in the options string. For older systems, we need to stat the + directory that the filesystem is mounted on to get it. + + Unfortunately, the HPUX 9.x mnttab entries created by automountq + contain a dev= option but the option value does not match the + st_dev value of the file (maybe the lower 16 bits match?). */ + +#if !defined(hpux) && !defined(__hpux__) + devopt = sl_strstr (mnt->mnt_opts, "dev="); + if (devopt) + { + if (devopt[4] == '0' && (devopt[5] == 'x' || devopt[5] == 'X')) + dev = (dev_t) xatoi (devopt + 6); + else + dev = (dev_t) xatoi (devopt + 4); + } + else +#endif /* not hpux */ + { + if (stat (mnt->mnt_dir, &disk_stats) == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("stat() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + dev = disk_stats.st_dev; + } + + if (dev == statp->st_dev) + { + /* check for the "nosuid" option + */ +#ifdef HAVE_HASMNTOPT + if (NULL == hasmntopt(mnt, "nosuid")) + type = mnt->mnt_type; + else + type = _("nosuid"); /* hasmntopt (nosuid) */ +#else + type = mnt->mnt_type; +#endif + } + } + + if (endmntent (mfp) == 0) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("endmntent() failed"), + _("filesystem_type_uncached") ); + } +#endif + +#ifdef FSTYPE_GETMNT /* Ultrix. */ + int offset = 0; + struct fs_data fsd; + + if (path == NULL || relpath == NULL) + return NULL; + + while (type == NULL + && getmnt (&offset, &fsd, sizeof (fsd), NOSTAT_MANY, 0) > 0) + { + if (fsd.fd_req.dev == statp->st_dev) + type = gt_names[fsd.fd_req.fstype]; + } +#endif + +#ifdef FSTYPE_USG_STATFS /* SVR3. */ + struct statfs fss; + char typebuf[FSTYPSZ]; + + if (path == NULL || relpath == NULL) + return NULL; + + if (statfs (relpath, &fss, sizeof (struct statfs), 0) == -1) + { + /* Don't die if a file was just removed. */ + if (errno != ENOENT) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("statfs() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + } + else if (!sysfs (GETFSTYP, fss.f_fstyp, typebuf)) + type = typebuf; +#endif + +#ifdef FSTYPE_STATVFS /* SVR4. */ + struct statvfs fss; + + if (path == NULL || relpath == NULL) + return NULL; + + if (statvfs (relpath, &fss) == -1) + { + /* Don't die if a file was just removed. */ + if (errno != ENOENT) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("statvfs() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + } + else + { + type = fss.f_basetype; + + /* patch by Konstantin Khrooschev + */ + if( fss.f_flag & ST_NOSUID ) + type = _("nosuid"); + } + (void) statp; /* fix compiler warning */ +#endif + +#ifdef FSTYPE_STATFS /* 4.4BSD. */ + struct statfs fss; + char *p; +#if defined(MNT_VISFLAGMASK) && defined(HAVE_STRUCT_STATFS_F_FLAGS) + int flags; +#endif + /* char * sh_dirname(const char *path); */ + + if (path == NULL || relpath == NULL) + return NULL; + + if (S_ISLNK (statp->st_mode)) + p = sh_dirname (relpath); + else + p = relpath; + + if (statfs (p, &fss) == -1) + { + /* Don't die if symlink to nonexisting file, or a file that was + just removed. */ + if (errno != ENOENT) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("statfs() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + } + else + { + +#ifdef MFSNAMELEN /* NetBSD. */ + /* MEMORY LEAK !!! + * type = sh_util_strdup (fss.f_fstypename); + */ + sl_strlcpy (my_tmp_type, fss.f_fstypename, 64); + type = my_tmp_type; +#else + type = fstype_to_string (fss.f_type); +#endif + +#ifdef HAVE_STRUCT_STATFS_F_FLAGS +#ifdef MNT_VISFLAGMASK + flags = fss.f_flags & MNT_VISFLAGMASK; + if (flags & MNT_NOSUID) +#else + if (fss.f_flags & MNT_NOSUID) +#endif + type = _("nosuid"); +#endif + } + if (p != relpath) + SH_FREE (p); +#endif + +#ifdef AFS + if ((!type || !strcmp (type, "xx")) && in_afs (relpath)) + type = "afs"; +#endif + + /* An unknown value can be caused by an ENOENT error condition. + Don't cache those values. */ + fstype_known = (int)(type != NULL); + + return sh_util_strdup (type ? type : "unknown"); +} + +#ifdef FSTYPE_MNTENT /* 4.3BSD etc. */ +/* Return the value of the hexadecimal number represented by CP. + No prefix (like '0x') or suffix (like 'h') is expected to be + part of CP. */ + +static int +xatoi (cp) + char *cp; +{ + int val; + + val = 0; + while (*cp != '\0') + { + /*@+charint@*/ + if (*cp >= 'a' && *cp <= 'f') + val = val * 16 + *cp - 'a' + 10; + else if (*cp >= 'A' && *cp <= 'F') + val = val * 16 + *cp - 'A' + 10; + else if (*cp >= '0' && *cp <= '9') + val = val * 16 + *cp - '0'; + else + break; + /*@-charint@*/ + cp++; + } + return val; +} +#endif + + + +#endif + + +/* #ifdef SH_USE_UTMP */ +#endif + + + Index: branches/samhain-2_2-branch/src/sh_tiger0.c =================================================================== --- branches/samhain-2_2-branch/src/sh_tiger0.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_tiger0.c (revision 66) @@ -0,0 +1,1731 @@ +#include "config_xor.h" + +#define USE_MD5 +#define USE_SHA1 + +#include +#include + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_MEMORY_H +#include +#endif + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#include "sh_tiger.h" + +#include "sh_unix.h" +#include "sh_error.h" +#include "sh_utils.h" + +#define PRIV_MAX 32768 + +#if defined(TIGER_64_BIT) +#if defined(HAVE_LONG_64) +typedef unsigned long int word64; +#elif defined(HAVE_LONG_LONG_64) +typedef unsigned long long int word64; +#else +#error No 64 bit type found ! +#endif +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#define MYFORMAT (_("%08X%08X%08X%08X%08X%08X")) +#define GPGFORMAT (_("%08X %08X %08X %08X %08X %08X")) +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#define MYFORMAT (_("%08lX%08lX%08lX%08lX%08lX%08lX")) +#define GPGFORMAT (_("%08lX %08lX %08lX %08lX %08lX %08lX")) +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#define MYFORMAT (_("%08X%08X%08X%08X%08X%08X")) +#define GPGFORMAT (_("%08X %08X %08X %08X %08X %08X")) +#else +#error No 32 bit type found ! +#endif + +typedef unsigned char sh_byte; + +#undef FIL__ +#define FIL__ _("sh_tiger0.c") + +#if defined(TIGER_64_BIT) + +void tiger_t(word64 *str, word64 length, word64 * res); +void tiger(word64 *str, word64 length, word64 * res); + +#ifdef TIGER_DBG +static void tiger_dbg(word64 res[3], int step, + unsigned long nblocks, unsigned long ncount) +{ + return; +} +#endif +#else +void tiger(sh_word32 *str, sh_word32 length, sh_word32 * res); +void tiger_t(sh_word32 *str, sh_word32 length, sh_word32 * res); + +#ifdef TIGER_DBG +static +void tiger_dbg(sh_word32 res[6], int step, + unsigned long nblocks, unsigned long ncount) +{ + fprintf(stderr, + _("ST %d BLK %2ld CT %2ld %08lX %08lX %08lX %08lX %08lX %08lX\n"), + step, + nblocks, + ncount, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +} +#endif +#endif + +/* this is the wrapper function -- not part of the tiger reference + * implementation + */ +SL_TICKET tiger_fd = (-1); + +static sh_byte buffer[PRIV_MAX + 72]; + +#if defined(TIGER_64_BIT) +static +word64 * sh_tiger_hash_val (const char * filename, TigerType what, + UINT64 Length, int timeout) +#else +static +sh_word32 * sh_tiger_hash_val (const char * filename, TigerType what, + UINT64 Length, int timeout) +#endif +{ + SL_TICKET fd; + int i, j, tt; + int count = 0; + int blk; + char * tmp; + sh_byte * bptr; + sh_byte bbuf[64]; + UINT64 bcount = 0; + + static int lockflag = SL_FALSE; + + unsigned long pages_read; + uid_t euid; + + unsigned long ncount = 0, nblocks = 0; + unsigned long t, msb, lsb; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /*@-nestedextern@*/ + extern long IO_Limit; + /*@+nestedextern@*/ +#endif + +#if defined(TIGER_64_BIT) +#define TIGER_CAST (word64*) + static word64 res[3]; + res[0]= (word64) 0x0123456789ABCDEFLL; + res[1]= (word64) 0xFEDCBA9876543210LL; + res[2]= (word64) 0xF096A5B4C3B2E187LL; +#else +#define TIGER_CAST (sh_word32*) + static sh_word32 res[6]; + res[0]= (sh_word32) 0x89ABCDEF; + res[1]= (sh_word32) 0x01234567; + res[2]= (sh_word32) 0x76543210; + res[3]= (sh_word32) 0xFEDCBA98; + res[4]= (sh_word32) 0xC3B2E187; + res[5]= (sh_word32) 0xF096A5B4; +#endif + + SL_ENTER(_("sh_tiger_hash_val")); + + if (what == TIGER_FD || what == TIGER_FILE) + { + if (what == TIGER_FD) + { + fd = tiger_fd; + TPT((0,FIL__, __LINE__, _("msg=, fd=<%ld>\n"), tiger_fd)); + } + else + { + TPT((0,FIL__, __LINE__, _("msg=, path=<%s>\n"), + (filename == NULL ? _("(null)") : filename) )); + fd = sl_open_read (filename, SL_YESPRIV); + } + + if (SL_ISERROR (fd)) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), tiger_fd)); + tmp = sh_util_safe_name (filename); + (void) sl_get_euid(&euid); + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, (int)fd, + MSG_E_ACCESS, (long) euid, tmp); + SH_FREE(tmp); + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + if ((lockflag == SL_FALSE) && (skey->mlock_failed == SL_FALSE)) + { + lockflag = SL_TRUE; + if ( (-1) == sh_unix_mlock(FIL__, __LINE__, + (char *)buffer, + (PRIV_MAX)*sizeof(sh_byte))) + skey->mlock_failed = SL_TRUE; + } +#else + if (lockflag == SL_FALSE && skey->mlock_failed == SL_FALSE) + { + lockflag = SL_TRUE; + skey->mlock_failed = SL_TRUE; + } +#endif + +#ifdef TIGER_DBG + tiger_dbg (res, 0, nblocks, ncount); +#endif + + pages_read = 0; + + while (1) + { + if (timeout > 0) + count = sl_read_timeout (fd, buffer, PRIV_MAX, timeout); + else + count = sl_read (fd, buffer, PRIV_MAX); + + ++pages_read; + + if (SL_ISERROR (count)) + { + if (sig_termfast == 1) { + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + TPT((0, FIL__ , __LINE__ , _("msg=\n"), count)); + tmp = sh_util_safe_name (filename); + if (count == SL_TIMEOUT) + { + if (timeout != 7) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, count, + MSG_E_TIMEOUT, timeout, tmp); + } + } + else + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, + count, MSG_E_READ, tmp); + SH_FREE(tmp); + memset (bbuf, 0, 64); + memset (buffer, 0, PRIV_MAX); + + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + + if (Length > 0) + { + bcount += count; + if (bcount > Length) + count = count - (bcount - Length); + count = (count < 0) ? 0 : count; + } + + blk = (count / 64); /* number of 64-byte words */ + + /* nblocks += blk; number of 64-byte words + * count cannot be negative here, see 'if (SL_ISERROR (count))' + */ + tt = blk*64; + + ncount = (unsigned long) (count - tt); + + nblocks += blk; + sh.statistics.bytes_hashed += tt; + + bptr = buffer; tt = 0; + for (i = 0; i < blk; ++i) + { + bptr = &buffer[tt]; tt += 64; + + tiger_t(TIGER_CAST bptr, 64, res); + +#ifdef TIGER_DBG + tiger_dbg (res, 3, nblocks, ncount); +#endif + } + + if (blk < (PRIV_MAX / 64)) /* this must be (PRIV_MAX / 64) */ + break; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (sig_termfast == 1) + { + memset (bbuf, 0, 64); + memset (buffer, 0, PRIV_MAX); + + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + if ((IO_Limit) > 0 && (pages_read == 32)) /* check for I/O limit */ + { + sh_unix_io_pause (); + pages_read = 0; + } +#endif + } + + TPT((0, FIL__, __LINE__ , _("msg=\n"))); + + /* copy incomplete block + */ + j = 0; + for (i = 0; i < 64; i += 4) + { + bbuf[i] = (sh_byte) '\0'; + bbuf[i+1] = (sh_byte) '\0'; + bbuf[i+2] = (sh_byte) '\0'; + bbuf[i+3] = (sh_byte) '\0'; + } + for (i = (count/64) * 64; i < count; ++i) + /*@-usedef@*/bbuf[j++] = buffer[i];/*@+usedef@*/ + +#ifdef TIGER_DBG + tiger_dbg (res, 5, nblocks, ncount); +#endif + + msb = 0; + t = nblocks; + if( (lsb = t << 6) < t ) + msb++; + msb += t >> 26; + t = lsb; + if( (lsb = t + ncount) < t ) + msb++; + t = lsb; + if( (lsb = t << 3) < t ) + msb++; + msb += t >> 29; + + if( j < 56 ) + { + bbuf[j++] = (sh_byte) 0x01; ++ncount; + while( j < 56 ) + { bbuf[j++] = (sh_byte) 0; ++ncount; } + } + else + { + bbuf[j++] = (sh_byte) 0x01; + while( j < 64 ) + bbuf[j++] = (sh_byte) 0; + tiger_t(TIGER_CAST bbuf, 64, res); + sh.statistics.bytes_hashed += 64; + ++nblocks; ncount = 0; + for (i = 0; i < 56; i += 4) + { + bbuf[i] = (sh_byte) '\0'; + bbuf[i+1] = (sh_byte) '\0'; + bbuf[i+2] = (sh_byte) '\0'; + bbuf[i+3] = (sh_byte) '\0'; + } + /* memset(bbuf, 0, 56 ); */ + } + +#ifdef TIGER_DBG + tiger_dbg (res, 6, nblocks, ncount); +#endif + + bbuf[56] = (sh_byte) (lsb ); + bbuf[57] = (sh_byte) (lsb >> 8); + bbuf[58] = (sh_byte) (lsb >> 16); + bbuf[59] = (sh_byte) (lsb >> 24); + bbuf[60] = (sh_byte) (msb ); + bbuf[61] = (sh_byte) (msb >> 8); + bbuf[62] = (sh_byte) (msb >> 16); + bbuf[63] = (sh_byte) (msb >> 24); + + tiger_t(TIGER_CAST bbuf, 64, res); + sh.statistics.bytes_hashed += 64; + +#ifdef TIGER_DBG + tiger_dbg (res, 7, nblocks, ncount); +#endif + + for (i = 0; i < 64; i += 4) + { + bbuf[i] = (sh_byte) '\0'; + bbuf[i+1] = (sh_byte) '\0'; + bbuf[i+2] = (sh_byte) '\0'; + bbuf[i+3] = (sh_byte) '\0'; + } + + bptr = buffer; + + memcpy(bptr, bbuf, 64); bptr += 64; + memcpy(bptr, bbuf, 64); bptr += 64; + memcpy(bptr, buffer, 128); bptr += 128; + memcpy(bptr, buffer, 256); bptr += 256; + memcpy(bptr, buffer, 512); bptr += 512; + memcpy(bptr, buffer, 1024); bptr += 1024; + memcpy(bptr, buffer, 2048); bptr += 2048; + memcpy(bptr, buffer, 4096); bptr += 4096; + memcpy(bptr, buffer, 8192); bptr += 8192; + memcpy(bptr, buffer,16384); + + if (what == TIGER_FILE) + (void) sl_close (fd); + else + tiger_fd = (-1); + + + SL_RETURN( res, _("sh_tiger_hash_val")); + } + + if (what == TIGER_DATA && filename != NULL) + { + tiger(TIGER_CAST filename, (sh_word32) Length, res); + SL_RETURN(res, _("sh_tiger_hash_val")); + } + SL_RETURN( NULL, _("sh_tiger_hash_val")); +} + +/* Thu Oct 18 18:53:33 CEST 2001 + */ + +#ifdef USE_MD5 +/*@-type@*/ +/* md5.c - Functions to compute MD5 message digest of files or memory blocks + * according to the definition of MD5 in RFC 1321 from April 1992. + * Copyright (C) 1995, 1996 Free Software Foundation, Inc. + * + * NOTE: The canonical source of this file is maintained with the GNU C + * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* Written by Ulrich Drepper , 1995. */ + +/* Hacked to work with samhain by R. Wichmann */ + +typedef UINT32 md5_uint32; + + +/* Structure to save state of computation between the single steps. */ +typedef struct md5_ctx +{ + md5_uint32 A; + md5_uint32 B; + md5_uint32 C; + md5_uint32 D; + + md5_uint32 total[2]; + md5_uint32 buflen; + char buffer[128]; +} md5Param; + +/* + * The following three functions are build up the low level used in + * the functions `md5_stream' and `md5_buffer'. + */ + +/* Initialize structure containing state of computation. + (RFC 1321, 3.3: Step 3) */ +static void md5_init_ctx (struct md5_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function update the context for the next LEN bytes + starting at BUFFER. + It is necessary that LEN is a multiple of 64!!! */ +static void md5_process_block (const void *buffer, size_t len, + struct md5_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function update the context for the next LEN bytes + starting at BUFFER. + It is NOT required that LEN is a multiple of 64. */ +static void md5_process_bytes (const void *buffer, size_t len, + struct md5_ctx *ctx); + +/* Process the remaining bytes in the buffer and put result from CTX + in first 16 bytes following RESBUF. The result is always in little + endian byte order, so that a byte-wise output yields to the wanted + ASCII representation of the message digest. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_finish_ctx (struct md5_ctx *ctx, void *resbuf); + + +/* Put result from CTX in first 16 bytes following RESBUF. The result is + always in little endian byte order, so that a byte-wise output yields + to the wanted ASCII representation of the message digest. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_read_ctx (const struct md5_ctx *ctx, void *resbuf); + +#if WORDS_BIGENDIAN +static md5_uint32 swapu32(md5_uint32 n) +{ + return ( ((n & 0xffU) << 24) | + ((n & 0xff00U) << 8) | + ((n & 0xff0000U) >> 8) | + ((n & 0xff000000U) >> 24) ); +} +#define SWAP(n) swapu32(n) +#else +#define SWAP(n) (n) +#endif + +/* This array contains the bytes used to pad the buffer to the next + 64-byte boundary. (RFC 1321, 3.1: Step 1) */ +static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; + +/* Initialize structure containing state of computation. + (RFC 1321, 3.3: Step 3) */ +static void md5_init_ctx(struct md5_ctx *ctx) +{ + ctx->A = 0x67452301; + ctx->B = 0xefcdab89; + ctx->C = 0x98badcfe; + ctx->D = 0x10325476; + + ctx->total[0] = ctx->total[1] = 0; + ctx->buflen = 0; +} + +/* Put result from CTX in first 16 bytes following RESBUF. The result + must be in little endian byte order. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_read_ctx(const struct md5_ctx *ctx, void *resbuf) +{ + ((md5_uint32 *) resbuf)[0] = SWAP(ctx->A); + ((md5_uint32 *) resbuf)[1] = SWAP(ctx->B); + ((md5_uint32 *) resbuf)[2] = SWAP(ctx->C); + ((md5_uint32 *) resbuf)[3] = SWAP(ctx->D); + + return resbuf; +} + +/* Process the remaining bytes in the internal buffer and the usual + prolog according to the standard and write the result to RESBUF. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_finish_ctx(struct md5_ctx *ctx, void *resbuf) +{ + /* Take yet unprocessed bytes into account. */ + md5_uint32 bytes = ctx->buflen; + size_t pad; + + /* Now count remaining bytes. */ + ctx->total[0] += bytes; + if (ctx->total[0] < bytes) + ++ctx->total[1]; + + pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; + memcpy(&ctx->buffer[bytes], fillbuf, pad); + + /* Put the 64-bit file length in *bits* at the end of the buffer. */ + *(md5_uint32 *) & ctx->buffer[bytes + pad] = SWAP(ctx->total[0] << 3); + *(md5_uint32 *) & ctx->buffer[bytes + pad + 4] = + SWAP((ctx->total[1] << 3) | (ctx->total[0] >> 29)); + + /* Process last bytes. */ + md5_process_block(ctx->buffer, bytes + pad + 8, ctx); + + return md5_read_ctx(ctx, resbuf); +} + +/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The + result is always in little endian byte order, so that a byte-wise + output yields to the wanted ASCII representation of the message + digest. */ +void *md5_buffer(const char *buffer, size_t len, void *resblock) +{ + struct md5_ctx ctx; + + /* Initialize the computation context. */ + md5_init_ctx(&ctx); + + /* Process whole buffer but last len % 64 bytes. */ + md5_process_bytes(buffer, len, &ctx); + + /* Put result in desired memory area. */ + return md5_finish_ctx(&ctx, resblock); +} + +static void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx) +{ + /* When we already have some bits in our internal buffer concatenate + both inputs first. */ + if (ctx->buflen != 0) { + size_t left_over = ctx->buflen; + size_t add = 128 - left_over > len ? len : 128 - left_over; + + memcpy(&ctx->buffer[left_over], buffer, add); + ctx->buflen += add; + + if (left_over + add > 64) { + md5_process_block(ctx->buffer, (left_over + add) & ~63, ctx); + /* The regions in the following copy operation cannot overlap. */ + memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~63], + (left_over + add) & 63); + ctx->buflen = (left_over + add) & 63; + } + + buffer = (const char *) buffer + add; + len -= add; + } + + /* Process available complete blocks. */ + if (len > 64) { + md5_process_block(buffer, len & ~63, ctx); + buffer = (const char *) buffer + (len & ~63); + len &= 63; + } + + /* Move remaining bytes in internal buffer. */ + if (len > 0) { + memcpy(ctx->buffer, buffer, len); + ctx->buflen = len; + } +} + +/* These are the four functions used in the four steps of the MD5 algorithm + and defined in the RFC 1321. The first function is a little bit optimized + (as found in Colin Plumbs public domain implementation). */ +/* #define FF(b, c, d) ((b & c) | (~b & d)) */ +#define FF(b, c, d) (d ^ (b & (c ^ d))) +#define FG(b, c, d) FF (d, b, c) +#define FH(b, c, d) (b ^ c ^ d) +#define FI(b, c, d) (c ^ (b | ~d)) + +/* Process LEN bytes of BUFFER, accumulating context into CTX. + It is assumed that LEN % 64 == 0. */ +static void md5_process_block(const void *buffer, size_t len, struct md5_ctx *ctx) +{ + md5_uint32 correct_words[16]; + const md5_uint32 *words = buffer; + size_t nwords = len / sizeof(md5_uint32); + const md5_uint32 *endp = words + nwords; + md5_uint32 A = ctx->A; + md5_uint32 B = ctx->B; + md5_uint32 C = ctx->C; + md5_uint32 D = ctx->D; + + /* First increment the byte count. RFC 1321 specifies the possible + length of the file up to 2^64 bits. Here we only compute the + number of bytes. Do a double word increment. */ + ctx->total[0] += len; + if (ctx->total[0] < len) + ++ctx->total[1]; + + /* Process all bytes in the buffer with 64 bytes in each round of + the loop. */ + while (words < endp) { + md5_uint32 *cwp = correct_words; + md5_uint32 A_save = A; + md5_uint32 B_save = B; + md5_uint32 C_save = C; + md5_uint32 D_save = D; + + /* First round: using the given function, the context and a constant + the next context is computed. Because the algorithms processing + unit is a 32-bit word and it is determined to work on words in + little endian byte order we perhaps have to change the byte order + before the computation. To reduce the work for the next steps + we store the swapped words in the array CORRECT_WORDS. */ + +#define OP(a, b, c, d, s, T) \ + do \ + { \ + a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ + ++words; \ + CYCLIC (a, s); \ + a += b; \ + } \ + while (0) + + /* It is unfortunate that C does not provide an operator for + cyclic rotation. Hope the C compiler is smart enough. */ +#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) + + /* Before we start, one word to the strange constants. + They are defined in RFC 1321 as + + T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 + */ + + /* Round 1. */ + OP(A, B, C, D, 7, 0xd76aa478); + OP(D, A, B, C, 12, 0xe8c7b756); + OP(C, D, A, B, 17, 0x242070db); + OP(B, C, D, A, 22, 0xc1bdceee); + OP(A, B, C, D, 7, 0xf57c0faf); + OP(D, A, B, C, 12, 0x4787c62a); + OP(C, D, A, B, 17, 0xa8304613); + OP(B, C, D, A, 22, 0xfd469501); + OP(A, B, C, D, 7, 0x698098d8); + OP(D, A, B, C, 12, 0x8b44f7af); + OP(C, D, A, B, 17, 0xffff5bb1); + OP(B, C, D, A, 22, 0x895cd7be); + OP(A, B, C, D, 7, 0x6b901122); + OP(D, A, B, C, 12, 0xfd987193); + OP(C, D, A, B, 17, 0xa679438e); + OP(B, C, D, A, 22, 0x49b40821); + /* For the second to fourth round we have the possibly swapped words + in CORRECT_WORDS. Redefine the macro to take an additional first + argument specifying the function to use. */ +#undef OP +#define OP(f, a, b, c, d, k, s, T) \ + do \ + { \ + a += f (b, c, d) + correct_words[k] + T; \ + CYCLIC (a, s); \ + a += b; \ + } \ + while (0) + + /* Round 2. */ + OP(FG, A, B, C, D, 1, 5, 0xf61e2562); + OP(FG, D, A, B, C, 6, 9, 0xc040b340); + OP(FG, C, D, A, B, 11, 14, 0x265e5a51); + OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); + OP(FG, A, B, C, D, 5, 5, 0xd62f105d); + OP(FG, D, A, B, C, 10, 9, 0x02441453); + OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); + OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); + OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); + OP(FG, D, A, B, C, 14, 9, 0xc33707d6); + OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); + OP(FG, B, C, D, A, 8, 20, 0x455a14ed); + OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); + OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); + OP(FG, C, D, A, B, 7, 14, 0x676f02d9); + OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); + + /* Round 3. */ + OP(FH, A, B, C, D, 5, 4, 0xfffa3942); + OP(FH, D, A, B, C, 8, 11, 0x8771f681); + OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); + OP(FH, B, C, D, A, 14, 23, 0xfde5380c); + OP(FH, A, B, C, D, 1, 4, 0xa4beea44); + OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); + OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); + OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); + OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); + OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); + OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); + OP(FH, B, C, D, A, 6, 23, 0x04881d05); + OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); + OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); + OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); + OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); + + /* Round 4. */ + OP(FI, A, B, C, D, 0, 6, 0xf4292244); + OP(FI, D, A, B, C, 7, 10, 0x432aff97); + OP(FI, C, D, A, B, 14, 15, 0xab9423a7); + OP(FI, B, C, D, A, 5, 21, 0xfc93a039); + OP(FI, A, B, C, D, 12, 6, 0x655b59c3); + OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); + OP(FI, C, D, A, B, 10, 15, 0xffeff47d); + OP(FI, B, C, D, A, 1, 21, 0x85845dd1); + OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); + OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); + OP(FI, C, D, A, B, 6, 15, 0xa3014314); + OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); + OP(FI, A, B, C, D, 4, 6, 0xf7537e82); + OP(FI, D, A, B, C, 11, 10, 0xbd3af235); + OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); + OP(FI, B, C, D, A, 9, 21, 0xeb86d391); + + /* Add the starting values of the context. */ + A += A_save; + B += B_save; + C += C_save; + D += D_save; + } + + /* Put checksum in context given as argument. */ + ctx->A = A; + ctx->B = B; + ctx->C = C; + ctx->D = D; +} + + +/*---------------------------------------------------------------------------- + *--------end of md5.c + *----------------------------------------------------------------------------*/ + + +int md5Reset(register md5Param* p) +{ + unsigned int i; + + md5_init_ctx(p); + + for (i = 0; i < 16; i += 8) + { + p->buffer[i] = 0x00; + p->buffer[i+1] = 0x00; + p->buffer[i+2] = 0x00; + p->buffer[i+3] = 0x00; + p->buffer[i+4] = 0x00; + p->buffer[i+5] = 0x00; + p->buffer[i+6] = 0x00; + p->buffer[i+7] = 0x00; + } + + return 0; +} + +int md5Update(md5Param* p, const sh_byte* data, int size) +{ + md5_process_bytes(data, size, p); + return 0; +} + +static void md5Finish(md5Param* p, void *resblock) +{ + (void) md5_finish_ctx(p, resblock); +} + +int md5Digest(md5Param* p, md5_uint32* data) +{ + md5Finish(p, data); + (void) md5Reset(p); + return 0; +} +/*@+type@*/ + + +/* Compute MD5 message digest for bytes read from STREAM. The + resulting message digest number will be written into the 16 bytes + beginning at RESBLOCK. */ +static int md5_stream(char * filename, void *resblock, + UINT64 Length, int timeout) +{ + /* Important: BLOCKSIZE must be a multiple of 64. */ + static const int BLOCKSIZE = 8192; + struct md5_ctx ctx; + char buffer[8264]; /* BLOCKSIZE + 72 AIX compiler chokes */ + size_t sum; + + SL_TICKET fd; + char * tmp; + uid_t euid; + UINT64 bcount = 0; + + unsigned long pages_read; +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /*@-nestedextern@*/ + extern long IO_Limit; + /*@+nestedextern@*/ +#endif + + /* Initialize the computation context. */ + (void) md5Reset (&ctx); + + fd = tiger_fd; + + if (SL_ISERROR (fd)) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), tiger_fd)); + tmp = sh_util_safe_name (filename); + (void) sl_get_euid(&euid); + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, fd, + MSG_E_ACCESS, (long) euid, tmp); + SH_FREE(tmp); + return -1; + } + + pages_read = 0; + + /* Iterate over full file contents. */ + while (1 == 1) { + /* We read the file in blocks of BLOCKSIZE bytes. One call of the + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ + off_t n; + sum = 0; + + /* Read block. Take care for partial reads. */ + do { + + n = (off_t) sl_read_timeout (fd, buffer + sum, + (size_t) BLOCKSIZE - sum, timeout); + + if (SL_ISERROR (n)) + { + if (sig_termfast == 1) + return -1; + TPT((0, FIL__ , __LINE__ , _("msg=\n"), n)); + tmp = sh_util_safe_name (filename); + if (n == SL_TIMEOUT) + { + if (timeout != 7) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, n, MSG_E_TIMEOUT, + timeout, tmp); + } + } + else + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, n, + MSG_E_READ, tmp); + SH_FREE(tmp); + return -1; + } + + if (Length > 0) + { + bcount += n; + if (bcount > Length) + n = n - (bcount - Length); + n = (n < 0) ? 0 : n; + } + + sum += n; + } + while (sum < (size_t) BLOCKSIZE + && n != 0); + + ++pages_read; + + /* If end of file is reached, end the loop. */ + if (n == 0) + break; + + /* Process buffer with BLOCKSIZE bytes. Note that + BLOCKSIZE % 64 == 0 + */ + md5_process_block(buffer, BLOCKSIZE, &ctx); + sh.statistics.bytes_hashed += BLOCKSIZE; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if ((IO_Limit) > 0 && (pages_read == 32)) /* check for I/O limit */ + { + sh_unix_io_pause (); + pages_read = 0; + } + if (sig_termfast == 1) + { + return -1; + } +#endif + } + + /* Add the last bytes if necessary. */ + if (sum > 0) + { + md5_process_bytes(buffer, sum, &ctx); + sh.statistics.bytes_hashed += BLOCKSIZE; + } + + /* Construct result in desired memory. */ + (void) md5Digest(&ctx, resblock); + + return 0; +} + +static +char * sh_tiger_md5_hash (char * filename, TigerType what, + UINT64 Length, int timeout) +{ + int cnt; + static char out[KEY_LEN+1]; + unsigned char md5buffer[16]; + + if (what != TIGER_FD) + { + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, 0, + MSG_E_SUBGEN, _("Not TIGER_FD"), + _("sh_tiger_md5_hash")); + out[0] = '\0'; + return out; + } + + (void) md5_stream (filename, md5buffer, Length, timeout); + + /*@-bufferoverflowhigh -usedef@*/ + for (cnt = 0; cnt < 16; ++cnt) + sprintf (&out[cnt*2], _("%02X"), /* known to fit */ + (unsigned int) md5buffer[cnt]); + /*@+bufferoverflowhigh +usedef@*/ + for (cnt = 32; cnt < KEY_LEN; ++cnt) + out[cnt] = '0'; + out[KEY_LEN] = '\0'; + + return out; +} + +/* USE_MD5 */ +#endif + +/*************************************************************** + * + * SHA1 + * + ***************************************************************/ + +#ifdef USE_SHA1 +/*@-type@*/ + +typedef unsigned char sha_word8; +typedef sh_word32 sha_word32; + +/* The SHA block size and message digest sizes, in bytes */ + +#define SHA_DATASIZE 64 +#define SHA_DATALEN 16 +#define SHA_DIGESTSIZE 20 +#define SHA_DIGESTLEN 5 +/* The structure for storing SHA info */ + +typedef struct sha_ctx { + sha_word32 digest[SHA_DIGESTLEN]; /* Message digest */ + sha_word32 count_l, count_h; /* 64-bit block count */ + sha_word8 block[SHA_DATASIZE]; /* SHA data buffer */ + int index; /* index into buffer */ +} SHA_CTX; + +static void sha_init(struct sha_ctx *ctx); +static void sha_update(struct sha_ctx *ctx, sha_word8 *buffer,sha_word32 len); +static void sha_final(struct sha_ctx *ctx); +static void sha_digest(struct sha_ctx *ctx, sha_word8 *s); + + +/* The SHA f()-functions. The f1 and f3 functions can be optimized to + save one boolean operation each - thanks to Rich Schroeppel, + rcs@cs.arizona.edu for discovering this */ + +/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */ +#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */ +#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ +/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */ +#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */ +#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ + +/* The SHA Mysterious Constants */ + +#define K1 0x5A827999L /* Rounds 0-19 */ +#define K2 0x6ED9EBA1L /* Rounds 20-39 */ +#define K3 0x8F1BBCDCL /* Rounds 40-59 */ +#define K4 0xCA62C1D6L /* Rounds 60-79 */ + +/* SHA initial values */ + +#define h0init 0x67452301L +#define h1init 0xEFCDAB89L +#define h2init 0x98BADCFEL +#define h3init 0x10325476L +#define h4init 0xC3D2E1F0L + +/* 32-bit rotate left - kludged with shifts */ + +#define ROTL(n,X) ( ( (X) << (n) ) | ( (X) >> ( 32 - (n) ) ) ) + +/* The initial expanding function. The hash function is defined over an + 80-word expanded input array W, where the first 16 are copies of the input + data, and the remaining 64 are defined by + + W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ] + + This implementation generates these values on the fly in a circular + buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this + optimization. + + The updated SHA changes the expanding function by adding a rotate of 1 + bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor + for this information */ + +#define expand(W,i) ( W[ i & 15 ] = \ + ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \ + W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) ) + + +/* The prototype SHA sub-round. The fundamental sub-round is: + + a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data; + b' = a; + c' = ROTL( 30, b ); + d' = c; + e' = d; + + but this is implemented by unrolling the loop 5 times and renaming the + variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration. + This code is then replicated 20 times for each of the 4 functions, using + the next 20 values from the W[] array each time */ + +#define subRound(a, b, c, d, e, f, k, data) \ + ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) ) + +/* Initialize the SHA values */ + +static void sha_init(struct sha_ctx *ctx) +{ + /* Set the h-vars to their initial values */ + ctx->digest[ 0 ] = h0init; + ctx->digest[ 1 ] = h1init; + ctx->digest[ 2 ] = h2init; + ctx->digest[ 3 ] = h3init; + ctx->digest[ 4 ] = h4init; + + /* Initialize bit count */ + ctx->count_l = ctx->count_h = 0; + + /* Initialize buffer */ + ctx->index = 0; +} + +/* Perform the SHA transformation. Note that this code, like MD5, seems to + break some optimizing compilers due to the complexity of the expressions + and the size of the basic block. It may be necessary to split it into + sections, e.g. based on the four subrounds + + Note that this function destroys the data area */ + +static void sha_transform(struct sha_ctx *ctx, sha_word32 *data ) +{ + register sha_word32 A, B, C, D, E; /* Local vars */ + + /* Set up first buffer and local data buffer */ + A = ctx->digest[0]; + B = ctx->digest[1]; + C = ctx->digest[2]; + D = ctx->digest[3]; + E = ctx->digest[4]; + + /* Heavy mangling, in 4 sub-rounds of 20 interations each. */ + subRound( A, B, C, D, E, f1, K1, data[ 0] ); + subRound( E, A, B, C, D, f1, K1, data[ 1] ); + subRound( D, E, A, B, C, f1, K1, data[ 2] ); + subRound( C, D, E, A, B, f1, K1, data[ 3] ); + subRound( B, C, D, E, A, f1, K1, data[ 4] ); + subRound( A, B, C, D, E, f1, K1, data[ 5] ); + subRound( E, A, B, C, D, f1, K1, data[ 6] ); + subRound( D, E, A, B, C, f1, K1, data[ 7] ); + subRound( C, D, E, A, B, f1, K1, data[ 8] ); + subRound( B, C, D, E, A, f1, K1, data[ 9] ); + subRound( A, B, C, D, E, f1, K1, data[10] ); + subRound( E, A, B, C, D, f1, K1, data[11] ); + subRound( D, E, A, B, C, f1, K1, data[12] ); + subRound( C, D, E, A, B, f1, K1, data[13] ); + subRound( B, C, D, E, A, f1, K1, data[14] ); + subRound( A, B, C, D, E, f1, K1, data[15] ); + subRound( E, A, B, C, D, f1, K1, expand( data, 16 ) ); + subRound( D, E, A, B, C, f1, K1, expand( data, 17 ) ); + subRound( C, D, E, A, B, f1, K1, expand( data, 18 ) ); + subRound( B, C, D, E, A, f1, K1, expand( data, 19 ) ); + + subRound( A, B, C, D, E, f2, K2, expand( data, 20 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 21 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 22 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 23 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 24 ) ); + subRound( A, B, C, D, E, f2, K2, expand( data, 25 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 26 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 27 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 28 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 29 ) ); + subRound( A, B, C, D, E, f2, K2, expand( data, 30 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 31 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 32 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 33 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 34 ) ); + subRound( A, B, C, D, E, f2, K2, expand( data, 35 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 36 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 37 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 38 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 39 ) ); + + subRound( A, B, C, D, E, f3, K3, expand( data, 40 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 41 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 42 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 43 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 44 ) ); + subRound( A, B, C, D, E, f3, K3, expand( data, 45 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 46 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 47 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 48 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 49 ) ); + subRound( A, B, C, D, E, f3, K3, expand( data, 50 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 51 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 52 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 53 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 54 ) ); + subRound( A, B, C, D, E, f3, K3, expand( data, 55 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 56 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 57 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 58 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 59 ) ); + + subRound( A, B, C, D, E, f4, K4, expand( data, 60 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 61 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 62 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 63 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 64 ) ); + subRound( A, B, C, D, E, f4, K4, expand( data, 65 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 66 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 67 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 68 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 69 ) ); + subRound( A, B, C, D, E, f4, K4, expand( data, 70 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 71 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 72 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 73 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 74 ) ); + subRound( A, B, C, D, E, f4, K4, expand( data, 75 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 76 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 77 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 78 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 79 ) ); + + /* Build message digest */ + ctx->digest[0] += A; + ctx->digest[1] += B; + ctx->digest[2] += C; + ctx->digest[3] += D; + ctx->digest[4] += E; +} + +#if 1 + +#ifndef EXTRACT_UCHAR +#define EXTRACT_UCHAR(p) (*(unsigned char *)(p)) +#endif + +#define STRING2INT(s) ((((((EXTRACT_UCHAR(s) << 8) \ + | EXTRACT_UCHAR(s+1)) << 8) \ + | EXTRACT_UCHAR(s+2)) << 8) \ + | EXTRACT_UCHAR(s+3)) +#else +sha_word32 STRING2INT(word8 *s) +{ + sha_word32 r; + int i; + + for (i = 0, r = 0; i < 4; i++, s++) + r = (r << 8) | *s; + return r; +} +#endif + +static void sha_block(struct sha_ctx *ctx, sha_word8 *block) +{ + sha_word32 data[SHA_DATALEN]; + int i; + + /* Update block count */ + /*@-boolops@*/ + if (!++ctx->count_l) + ++ctx->count_h; + /*@+boolops@*/ + + /* Endian independent conversion */ + for (i = 0; iindex != 0) + { /* Try to fill partial block */ + unsigned left = SHA_DATASIZE - ctx->index; + if (len < left) + { + memmove(ctx->block + ctx->index, buffer, len); + ctx->index += len; + return; /* Finished */ + } + else + { + memmove(ctx->block + ctx->index, buffer, left); + sha_block(ctx, ctx->block); + buffer += left; + len -= left; + } + } + while (len >= SHA_DATASIZE) + { + sha_block(ctx, buffer); + buffer += SHA_DATASIZE; + len -= SHA_DATASIZE; + } + /*@-predboolint@*/ + if ((ctx->index = len)) /* This assignment is intended */ + /*@+predboolint@*/ + /* Buffer leftovers */ + memmove(ctx->block, buffer, len); +} + +/* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern + 1 0* (64-bit count of bits processed, MSB-first) */ + +static void sha_final(struct sha_ctx *ctx) +{ + sha_word32 data[SHA_DATALEN]; + int i; + int words; + + i = ctx->index; + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + ctx->block[i++] = 0x80; + + /* Fill rest of word */ + /*@-predboolint@*/ + for( ; i & 3; i++) + ctx->block[i] = 0; + /*@+predboolint@*/ + + /* i is now a multiple of the word size 4 */ + /*@-shiftimplementation@*/ + words = i >> 2; + /*@+shiftimplementation@*/ + for (i = 0; i < words; i++) + data[i] = STRING2INT(ctx->block + 4*i); + + if (words > (SHA_DATALEN-2)) + { /* No room for length in this block. Process it and + * pad with another one */ + for (i = words ; i < SHA_DATALEN; i++) + data[i] = 0; + sha_transform(ctx, data); + for (i = 0; i < (SHA_DATALEN-2); i++) + data[i] = 0; + } + else + for (i = words ; i < SHA_DATALEN - 2; i++) + data[i] = 0; + /* Theres 512 = 2^9 bits in one block */ + /*@-shiftimplementation@*/ + data[SHA_DATALEN-2] = (ctx->count_h << 9) | (ctx->count_l >> 23); + data[SHA_DATALEN-1] = (ctx->count_l << 9) | (ctx->index << 3); + /*@+shiftimplementation@*/ + sha_transform(ctx, data); +} + +static void sha_digest(struct sha_ctx *ctx, sha_word8 *s) +{ + int i; + + for (i = 0; i < SHA_DIGESTLEN; i++) + { + *s++ = ctx->digest[i] >> 24; + *s++ = 0xff & (ctx->digest[i] >> 16); + *s++ = 0xff & (ctx->digest[i] >> 8); + *s++ = 0xff & ctx->digest[i]; + } +} +/*@+type@*/ + +/* Compute SHA1 message digest for bytes read from STREAM. The + resulting message digest number will be written into the 16 bytes + beginning at RESBLOCK. */ +static int sha1_stream(char * filename, void *resblock, + UINT64 Length, int timeout) +{ + /* Important: BLOCKSIZE must be a multiple of 64. */ + static const int BLOCKSIZE = 4096; + struct sha_ctx ctx; + char buffer[4168]; /* BLOCKSIZE + 72 AIX compiler chokes */ + off_t sum = 0; + SL_TICKET fd; + char * tmp; + uid_t euid; + UINT64 bcount = 0; + + unsigned long pages_read; +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /*@-nestedextern@*/ + extern long IO_Limit; + /*@+nestedextern@*/ +#endif + + /* Initialize the computation context. */ + (void) sha_init(&ctx); + + fd = tiger_fd; + + if (SL_ISERROR (fd)) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), tiger_fd)); + tmp = sh_util_safe_name (filename); + (void) sl_get_euid(&euid); + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, fd, + MSG_E_ACCESS, (long) euid, tmp); + SH_FREE(tmp); + return -1; + } + + /* Iterate over full file contents. */ + + pages_read = 0; + + while (1 == 1) { + /* We read the file in blocks of BLOCKSIZE bytes. One call of the + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ + off_t n; + sum = 0; + + /* Read block. Take care for partial reads. */ + do { + n = (off_t) sl_read_timeout(fd, buffer + sum, + (size_t) BLOCKSIZE - sum, timeout); + + if (SL_ISERROR (n)) + { + if (sig_termfast == 1) + return -1; + + TPT((0, FIL__ , __LINE__ , _("msg=\n"), n)); + tmp = sh_util_safe_name (filename); + if (n == SL_TIMEOUT) + { + if (timeout != 7) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, n, MSG_E_TIMEOUT, + timeout, tmp); + } + } + else + { + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, n, + MSG_E_READ, tmp); + } + SH_FREE(tmp); + return -1; + } + + if (Length > 0) + { + bcount += n; + if (bcount > Length) + n = n - (bcount - Length); + n = (n < 0) ? 0 : n; + } + + sum += n; + } + while (sum < (off_t)BLOCKSIZE + && n != 0); + + ++pages_read; + + /* If end of file is reached, end the loop. */ + if (n == 0) + break; + + /* Process buffer with BLOCKSIZE bytes. Note that + BLOCKSIZE % 64 == 0 + */ + sha_update(&ctx, (sha_word8*) buffer, (sha_word32) BLOCKSIZE); + sh.statistics.bytes_hashed += BLOCKSIZE; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if ((IO_Limit) > 0 && (pages_read == 32)) /* check for I/O limit */ + { + sh_unix_io_pause (); + pages_read = 0; + } + if (sig_termfast == 1) + { + return -1; + } +#endif + + } + + /* Add the last bytes if necessary. */ + if (sum > 0) + { + sha_update(&ctx, (sha_word8*) buffer, (sha_word32) sum); + sh.statistics.bytes_hashed += sum; + } + + sha_final (&ctx); + + /* Construct result in desired memory. */ + sha_digest (&ctx, resblock); + return 0; +} + + +static char * sh_tiger_sha1_hash (char * filename, TigerType what, + UINT64 Length, int timeout) +{ + int cnt = (int) Length; /* fix compiler warning */ + static char out[KEY_LEN+1]; + unsigned char sha1buffer[20]; + + if (what != TIGER_FD) + { + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, 0, + MSG_E_SUBGEN, _("Not TIGER_FD"), + _("sh_tiger_sha1_hash")); + out[0] = '\0'; + return out; + } + + (void) sha1_stream (filename, sha1buffer, Length, timeout); + + /*@-bufferoverflowhigh -usedef@*/ + for (cnt = 0; cnt < 20; ++cnt) + sprintf (&out[cnt*2], _("%02X"), /* known to fit */ + (unsigned int) sha1buffer[cnt]); + /*@+bufferoverflowhigh +usedef@*/ + for (cnt = 40; cnt < KEY_LEN; ++cnt) + out[cnt] = '0'; + out[KEY_LEN] = '\0'; + + return out; +} + +/* ifdef USE_SHA1 */ +#endif + +static int hash_type = 0; + +int sh_tiger_get_hashtype () +{ + return hash_type; +} + +int sh_tiger_hashtype (const char * c) +{ + SL_ENTER( _("sh_tiger_hashtype")); + + if (!c) + { + SL_RETURN( -1, _("sh_tiger_hashtype")); + } + + if (0 == strcmp(c, _("TIGER192"))) + hash_type = 0; +#ifdef USE_MD5 + else if (0 == strcmp(c, _("SHA1"))) + hash_type = 1; +#endif +#ifdef USE_SHA1 + else if (0 == strcmp(c, _("MD5"))) + hash_type = 2; +#endif + else + { + SL_RETURN( -1, _("sh_tiger_hashtype")); + } + SL_RETURN( 0, _("sh_tiger_hashtype")); +} + +static char * sh_tiger_hash_internal (const char * filename, TigerType what, + UINT64 Length, int timeout); + +char * sh_tiger_hash (const char * filename, TigerType what, + UINT64 Length) +{ + return sh_tiger_hash_internal (filename, what, Length, 0); +} + +char * sh_tiger_generic_hash (char * filename, TigerType what, + UINT64 Length, int timeout) +{ +#ifdef USE_SHA1 + if (hash_type == 1) + return sh_tiger_sha1_hash (filename, what, Length, timeout); +#endif +#ifdef USE_MD5 + if (hash_type == 2) + return sh_tiger_md5_hash (filename, what, Length, timeout); +#endif + return sh_tiger_hash_internal (filename, what, Length, timeout); +} + +/* + * ------- end new --------- */ + +static char * sh_tiger_hash_internal (const char * filename, TigerType what, + UINT64 Length, int timeout) +{ +#if defined(TIGER_64_BIT) + word64 * res; +#else + sh_word32 * res; +#endif + static char out[KEY_LEN+1]; + + SL_ENTER( _("sh_tiger_hash_internal")); + + res = sh_tiger_hash_val (filename, what, Length, timeout); + + if (res != NULL) + { +#if defined(TIGER_64_BIT) + sl_snprintf(out, + sizeof(out), + MYFORMAT, + (sh_word32)(res[0]>>32), + (sh_word32)(res[0]), + (sh_word32)(res[1]>>32), + (sh_word32)(res[1]), + (sh_word32)(res[2]>>32), + (sh_word32)(res[2]) ); +#else + sl_snprintf(out, + sizeof(out), + MYFORMAT, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +#endif + out[sizeof(out)-1] = '\0'; + SL_RETURN( out, _("sh_tiger_hash_internal")); + + } + + SL_RETURN( _("000000000000000000000000000000000000000000000000"), + _("sh_tiger_hash_internal")); +} + +char * sh_tiger_hash_gpg (const char * filename, TigerType what, + UINT64 Length) +{ + size_t len; + char * out; + char outhash[48+6+1]; +#if defined(TIGER_64_BIT) + word64 * res; +#else + sh_word32 * res; +#endif + + SL_ENTER(_("sh_tiger_hash_gpg")); + + res = sh_tiger_hash_val (filename, what, Length, 0); + if (res != NULL) + { +#if defined(TIGER_64_BIT) + sl_snprintf(outhash, + sizeof(outhash), + GPGFORMAT, + (sh_word32)(res[0]>>32), + (sh_word32)(res[0]), + (sh_word32)(res[1]>>32), + (sh_word32)(res[1]), + (sh_word32)(res[2]>>32), + (sh_word32)(res[2]) ); +#else + sl_snprintf(outhash, + sizeof(outhash), + GPGFORMAT, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +#endif + outhash[sizeof(outhash)-1] = '\0'; + } + else + { + sl_strlcpy(outhash, + _("00000000 00000000 00000000 00000000 00000000 00000000"), + sizeof(outhash)); + } + + if (what == TIGER_FILE && sl_ok_adds(sl_strlen (filename), (2 + 48 + 6))) + len = sl_strlen (filename) + 2 + 48 + 6; + else + len = 48 + 6; + + out = SH_ALLOC(len + 1); + + if (what == TIGER_FILE) + { + (void) sl_strlcpy (out, filename, len+1); + (void) sl_strlcat (out, _(": "), len+1); + (void) sl_strlcat (out, outhash, len+1); + } + else + { + (void) sl_strlcpy (out, outhash, len+1); + } + SL_RETURN( out, _("sh_tiger_hash_gpg")); +} + + +UINT32 * sh_tiger_hash_uint32 (char * filename, + TigerType what, + UINT64 Length) +{ +#if defined(TIGER_64_BIT) + word64 * res; +#else + sh_word32 * res; +#endif + + static UINT32 out[6]; + + SL_ENTER(_("sh_tiger_hash_uint32")); + + out[0] = 0; out[1] = 0; out[2] = 0; + out[3] = 0; out[4] = 0; out[5] = 0; + + res = sh_tiger_hash_val (filename, what, Length, 0); + + if (res != NULL) + { +#if defined(TIGER_64_BIT) + out[0] = (UINT32)(res[0]>>32); + out[1] = (UINT32)(res[0]); + out[2] = (UINT32)(res[1]>>32); + out[3] = (UINT32)(res[1]); + out[4] = (UINT32)(res[2]>>32); + out[5] = (UINT32)(res[2]); +#else + out[0] = (UINT32)(res[1]); + out[1] = (UINT32)(res[0]); + out[2] = (UINT32)(res[3]); + out[3] = (UINT32)(res[2]); + out[4] = (UINT32)(res[5]); + out[5] = (UINT32)(res[4]); +#endif + } + + SL_RETURN(out, _("sh_tiger_hash_uint32")); +} + + + + Index: branches/samhain-2_2-branch/src/sh_tiger1.c =================================================================== --- branches/samhain-2_2-branch/src/sh_tiger1.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_tiger1.c (revision 66) @@ -0,0 +1,349 @@ +/* Do not include ANY system headers here. The implementation is */ +/* somehow flawed - maybe something gets overlayed by definitions */ +/* in the system headers. Results will become incorrect. */ + +#include "config_xor.h" + +/* we already inline in the function used for file checksums */ +/* #define UNROLL_COMPRESS */ +#undef UNROLL_COMPRESS + +#if !defined(TIGER_64_BIT) + +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + + +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#else +#error No 32 bit type found ! +#endif + +typedef unsigned char sh_byte; + +/* Big endian: */ +#ifdef WORDS_BIGENDIAN +#define BIG_ENDIAN +#endif + +/* The number of passes of the hash function. */ +/* Three passes are recommended. */ +/* Use four passes when you need extra security. */ +/* Must be at least three. */ +#define PASSES 3 + +extern sh_word32 tiger_table[4*256][2]; + +#define t1 (tiger_table) +#define t2 (tiger_table+256) +#define t3 (tiger_table+256*2) +#define t4 (tiger_table+256*3) + +#define sub64(s0, s1, p0, p1) \ + temps0 = (p0); \ + tcarry = s0 < temps0; \ + s0 -= temps0; \ + s1 -= (p1) + tcarry; + +#define add64(s0, s1, p0, p1) \ + temps0 = (p0); \ + s0 += temps0; \ + tcarry = s0 < temps0; \ + s1 += (p1) + tcarry; + +#define xor64(s0, s1, p0, p1) \ + s0 ^= (p0); \ + s1 ^= (p1); + +#define mul5(s0, s1) \ + tempt0 = s0<<2; \ + tempt1 = (s1<<2)|(s0>>30); \ + add64(s0, s1, tempt0, tempt1); + +#define mul7(s0, s1) \ + tempt0 = s0<<3; \ + tempt1 = (s1<<3)|(s0>>29); \ + sub64(tempt0, tempt1, s0, s1); \ + s0 = tempt0; \ + s1 = tempt1; + +#define mul9(s0, s1) \ + tempt0 = s0<<3; \ + tempt1 = (s1<<3)|(s0>>29); \ + add64(s0, s1, tempt0, tempt1); + +#define save_abc \ + aa0 = a0; \ + aa1 = a1; \ + bb0 = b0; \ + bb1 = b1; \ + cc0 = c0; \ + cc1 = c1; + +#define roundX(a0,a1,b0,b1,c0,c1,x0,x1) \ + xor64(c0, c1, x0, x1); \ + temp0 = t1[((c0)>>(0*8))&0xFF][0] ; \ + temp1 = t1[((c0)>>(0*8))&0xFF][1] ; \ + temp0 ^= t2[((c0)>>(2*8))&0xFF][0] ; \ + temp1 ^= t2[((c0)>>(2*8))&0xFF][1] ; \ + temp0 ^= t3[((c1)>>(0*8))&0xFF][0] ; \ + temp1 ^= t3[((c1)>>(0*8))&0xFF][1] ; \ + temp0 ^= t4[((c1)>>(2*8))&0xFF][0] ; \ + temp1 ^= t4[((c1)>>(2*8))&0xFF][1] ; \ + sub64(a0, a1, temp0, temp1); \ + temp0 = t4[((c0)>>(1*8))&0xFF][0] ; \ + temp1 = t4[((c0)>>(1*8))&0xFF][1] ; \ + temp0 ^= t3[((c0)>>(3*8))&0xFF][0] ; \ + temp1 ^= t3[((c0)>>(3*8))&0xFF][1] ; \ + temp0 ^= t2[((c1)>>(1*8))&0xFF][0] ; \ + temp1 ^= t2[((c1)>>(1*8))&0xFF][1] ; \ + temp0 ^= t1[((c1)>>(3*8))&0xFF][0] ; \ + temp1 ^= t1[((c1)>>(3*8))&0xFF][1] ; \ + add64(b0, b1, temp0, temp1); + + +#define round5(a0,a1,b0,b1,c0,c1,x0,x1) \ + roundX(a0,a1,b0,b1,c0,c1,x0,x1); \ + mul5(b0, b1); + +#define round7(a0,a1,b0,b1,c0,c1,x0,x1) \ + roundX(a0,a1,b0,b1,c0,c1,x0,x1); \ + mul7(b0, b1); + +#define round9(a0,a1,b0,b1,c0,c1,x0,x1) \ + roundX(a0,a1,b0,b1,c0,c1,x0,x1); \ + mul9(b0, b1); + + +/* mixed with key_schedule + */ +#define pass5(a0,a1,b0,b1,c0,c1) \ + round5(a0,a1,b0,b1,c0,c1,x00,x01); \ + sub64(x00, x01, x70^0xA5A5A5A5, x71^0xA5A5A5A5); \ + round5(b0,b1,c0,c1,a0,a1,x10,x11); \ + xor64(x10, x11, x00, x01); \ + round5(c0,c1,a0,a1,b0,b1,x20,x21); \ + add64(x20, x21, x10, x11); \ + round5(a0,a1,b0,b1,c0,c1,x30,x31); \ + sub64(x30, x31, x20^((~x10)<<19), ~x21^(((x11)<<19)|((x10)>>13))); \ + round5(b0,b1,c0,c1,a0,a1,x40,x41); \ + xor64(x40, x41, x30, x31); \ + round5(c0,c1,a0,a1,b0,b1,x50,x51); \ + add64(x50, x51, x40, x41); \ + round5(a0,a1,b0,b1,c0,c1,x60,x61); \ + sub64(x60, x61, ~x50^(((x40)>>23)|((x41)<<9)), x51^((~x41)>>23)); \ + round5(b0,b1,c0,c1,a0,a1,x70,x71); + +/* mixed with key_schedule + */ +#define pass7(a0,a1,b0,b1,c0,c1) \ + round7(a0,a1,b0,b1,c0,c1,x00,x01); \ + sub64(x00, x01, x70^0xA5A5A5A5, x71^0xA5A5A5A5); \ + round7(b0,b1,c0,c1,a0,a1,x10,x11); \ + xor64(x10, x11, x00, x01); \ + round7(c0,c1,a0,a1,b0,b1,x20,x21); \ + add64(x20, x21, x10, x11); \ + round7(a0,a1,b0,b1,c0,c1,x30,x31); \ + sub64(x30, x31, x20^((~x10)<<19), ~x21^(((x11)<<19)|((x10)>>13))); \ + round7(b0,b1,c0,c1,a0,a1,x40,x41); \ + xor64(x40, x41, x30, x31); \ + round7(c0,c1,a0,a1,b0,b1,x50,x51); \ + add64(x50, x51, x40, x41); \ + round7(a0,a1,b0,b1,c0,c1,x60,x61); \ + sub64(x60, x61, ~x50^(((x40)>>23)|((x41)<<9)), x51^((~x41)>>23)); \ + round7(b0,b1,c0,c1,a0,a1,x70,x71); + +/* mixed with key_schedule + */ +#define pass9(a0,a1,b0,b1,c0,c1) \ + round9(a0,a1,b0,b1,c0,c1,x00,x01); \ + sub64(x00, x01, x70^0xA5A5A5A5, x71^0xA5A5A5A5); \ + round9(b0,b1,c0,c1,a0,a1,x10,x11); \ + xor64(x10, x11, x00, x01); \ + round9(c0,c1,a0,a1,b0,b1,x20,x21); \ + add64(x20, x21, x10, x11); \ + round9(a0,a1,b0,b1,c0,c1,x30,x31); \ + sub64(x30, x31, x20^((~x10)<<19), ~x21^(((x11)<<19)|((x10)>>13))); \ + round9(b0,b1,c0,c1,a0,a1,x40,x41); \ + xor64(x40, x41, x30, x31); \ + round9(c0,c1,a0,a1,b0,b1,x50,x51); \ + add64(x50, x51, x40, x41); \ + round9(a0,a1,b0,b1,c0,c1,x60,x61); \ + sub64(x60, x61, ~x50^(((x40)>>23)|((x41)<<9)), x51^((~x41)>>23)); \ + round9(b0,b1,c0,c1,a0,a1,x70,x71); + +#define key_schedule \ + xor64(x70, x71, x60, x61); \ + add64(x00, x01, x70, x71); \ + sub64(x10, x11, x00^((~x70)<<19), ~x01^(((x71)<<19)|((x70)>>13))); \ + xor64(x20, x21, x10, x11); \ + add64(x30, x31, x20, x21); \ + sub64(x40, x41, ~x30^(((x20)>>23)|((x21)<<9)), x31^((~x21)>>23)); \ + xor64(x50, x51, x40, x41); \ + add64(x60, x61, x50, x51); \ + sub64(x70, x71, x60^0x89ABCDEF, x61^0x01234567); + +#define feedforward \ + xor64(a0, a1, aa0, aa1); \ + sub64(b0, b1, bb0, bb1); \ + add64(c0, c1, cc0, cc1); + +#define compress \ + pass5(a0,a1,b0,b1,c0,c1); \ + key_schedule; \ + pass7(c0,c1,a0,a1,b0,b1); \ + key_schedule; \ + pass9(b0,b1,c0,c1,a0,a1); \ + feedforward + +#define tiger_compress_macro(str, state) \ +{ \ + register sh_word32 a0, a1, b0, b1, c0, c1; \ + sh_word32 aa0, aa1, bb0, bb1, cc0, cc1; \ + sh_word32 x00, x01, x10, x11, x20, x21, x30, x31, \ + x40, x41, x50, x51, x60, x61, x70, x71; \ + sh_word32 temp0, temp1, tempt0, tempt1, temps0, tcarry; \ +\ + a0 = state[0]; \ + a1 = state[1]; \ + b0 = state[2]; \ + b1 = state[3]; \ + c0 = state[4]; \ + c1 = state[5]; \ +\ + save_abc \ +\ + x00=str[0*2]; x01=str[0*2+1]; x10=str[1*2]; x11=str[1*2+1]; \ + x20=str[2*2]; x21=str[2*2+1]; x30=str[3*2]; x31=str[3*2+1]; \ + x40=str[4*2]; x41=str[4*2+1]; x50=str[5*2]; x51=str[5*2+1]; \ + x60=str[6*2]; x61=str[6*2+1]; x70=str[7*2]; x71=str[7*2+1]; \ +\ + compress; \ +\ + state[0] = a0; \ + state[1] = a1; \ + state[2] = b0; \ + state[3] = b1; \ + state[4] = c0; \ + state[5] = c1; \ +} + +#if defined(UNROLL_COMPRESS) +/* The compress function is inlined */ +#define tiger_compress(str, state) \ + tiger_compress_macro(((sh_word32*)str), ((sh_word32*)state)) + +#else + +void +tiger_compress(sh_word32 *str, sh_word32 state[6]) +{ + tiger_compress_macro(((sh_word32*)str), ((sh_word32*)state)); +} +#endif + +void +tiger_t(sh_word32 *str, sh_word32 length, sh_word32 res[6]) +{ + register sh_word32 i; +#ifdef BIG_ENDIAN + register sh_word32 j; + sh_byte temp[64]; +#endif + + for(i=length; i>=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^3] = ((sh_byte*)str)[j]; + tiger_compress_macro(((sh_word32*)temp), res); +#else + tiger_compress_macro(str, res); +#endif + str += 16; + } +} + + +void tiger(sh_word32 *str, sh_word32 length, sh_word32 res[6]) +{ + register sh_word32 i, j; + sh_byte temp[64]; + + /* + * res[0]=0x89ABCDEF; + * res[1]=0x01234567; + * res[2]=0x76543210; + * res[3]=0xFEDCBA98; + * res[4]=0xC3B2E187; + * res[5]=0xF096A5B4; + */ + + for(i=length; i>=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^3] = ((sh_byte*)str)[j]; + tiger_compress(((sh_word32*)temp), res); +#else + tiger_compress(str, res); +#endif + str += 16; + } + +#ifdef BIG_ENDIAN + for(j=0; j56) + { + for(; j<64; j++) + temp[j] = 0; + tiger_compress(((sh_word32*)temp), res); + j=0; + } + + for(; j<56; j++) + temp[j] = 0; + ((sh_word32*)(&(temp[56])))[0] = ((sh_word32)length)<<3; + ((sh_word32*)(&(temp[56])))[1] = 0; + tiger_compress(((sh_word32*)temp), res); +} + +#endif + Index: branches/samhain-2_2-branch/src/sh_tiger1.s =================================================================== --- branches/samhain-2_2-branch/src/sh_tiger1.s (revision 66) +++ branches/samhain-2_2-branch/src/sh_tiger1.s (revision 66) @@ -0,0 +1,4866 @@ + .file "sh_tiger1.c" + .text +.globl tiger_compress + .type tiger_compress, @function +tiger_compress: + pushl %ebp + pushl %edi + pushl %esi + pushl %ebx + subl $544, %esp + movl 568(%esp), %ebp + movl 568(%esp), %eax + movl 568(%esp), %ebx + movl (%ebp), %ecx + movl 564(%esp), %edi + movl %ecx, 12(%esp) + movl 4(%eax), %esi + movl %esi, 8(%esp) + movl 12(%ebx), %edx + movl 8(%ebx), %ecx + movl %edx, 4(%esp) + movl 16(%ebx), %eax + movl 20(%ebx), %ebp + movl %ecx, 540(%esp) + movl %eax, 536(%esp) + movl %ebp, (%esp) + movl (%edi), %esi + movl %esi, 532(%esp) + movl 4(%edi), %edx + movl %edx, 528(%esp) + movl 8(%edi), %ebx + movl %ebx, 524(%esp) + movl 12(%edi), %ebp + movl %ebp, 520(%esp) + movl 16(%edi), %eax + movl %eax, 516(%esp) + movl 20(%edi), %ecx + movl %ecx, 512(%esp) + movl 24(%edi), %esi + movl %esi, 508(%esp) + movl 28(%edi), %edx + movl %edx, 504(%esp) + movl 32(%edi), %ebx + movl %ebx, 500(%esp) + movl 36(%edi), %ebp + movl %ebp, 496(%esp) + movl 40(%edi), %eax + movl %eax, 492(%esp) + movl 44(%edi), %ecx + movl 532(%esp), %eax + movl %ecx, 488(%esp) + movl 48(%edi), %esi + movl 528(%esp), %ecx + movl %esi, 484(%esp) + movl 52(%edi), %edx + movl (%esp), %esi + movl %edx, 480(%esp) + movl 56(%edi), %ebx + xorl %ecx, %esi + movl %ebx, 476(%esp) + movl 60(%edi), %ebp + movl %esi, 468(%esp) + movl $tiger_table, %esi + movl %ebp, 472(%esp) + movl 536(%esp), %ebp + xorl %eax, %ebp + movl %ebp, %edi + movl %ebp, %ebx + shrl $16, %edi + andl $255, %ebx + andl $255, %edi + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%edi,8), %ecx + movl 4(%esi,%ebx,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%edi,8), %edx + xorl %eax, %edx + movzbl 468(%esp),%eax + movl tiger_table+4096(,%eax,8), %edi + movl tiger_table+4100(,%eax,8), %ebx + movl 468(%esp), %eax + xorl %edi, %ecx + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %edi + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %edi, %ecx + xorl %ebx, %edx + cmpl %ecx, 12(%esp) + movl 12(%esp), %edi + setb %al + subl %ecx, %edi + addl %eax, %edx + movl %edi, 464(%esp) + movl 8(%esp), %eax + subl %edx, %eax + movl %eax, 460(%esp) + movl %ebp, %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + xorl %ebx, %eax + movl tiger_table+4100(,%edx,8), %ebx + movl tiger_table+6148(,%ecx,8), %edx + movl 468(%esp), %ecx + xorl %edx, %ebx + movzbl %ch, %edx + movl tiger_table+2048(,%edx,8), %edi + xorl %edi, %eax + movl tiger_table+2052(,%edx,8), %edi + movl %ecx, %edx + shrl $24, %edx + xorl %edi, %ebx + movl 4(%esi,%edx,8), %edi + movl (%esi,%edx,8), %ecx + xorl %edi, %ebx + movl 540(%esp), %edi + xorl %ecx, %eax + addl %eax, %edi + cmpl %eax, %edi + setb %al + movzbl %al, %ecx + leal (%ebx,%ecx), %edx + movl 4(%esp), %ebx + leal 0(,%edi,4), %ecx + movl %edi, %eax + addl %edx, %ebx + addl %ecx, %edi + shrl $30, %eax + leal 0(,%ebx,4), %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %edi + setb %al + addl %eax, %edx + xorl %ecx, %ecx + addl %edx, %ebx + movl %ebx, 444(%esp) + movl 476(%esp), %edx + movl 532(%esp), %ebx + movl 472(%esp), %eax + xorl $-1515870811, %edx + cmpl %edx, 532(%esp) + setb %cl + subl %edx, %ebx + movl %ebx, 456(%esp) + movl 524(%esp), %ebx + xorl $-1515870811, %eax + xorl %ebx, 464(%esp) + addl %ecx, %eax + movl 528(%esp), %edx + movl 520(%esp), %ecx + movzbl 464(%esp),%ebx + subl %eax, %edx + movl 464(%esp), %eax + xorl %ecx, 460(%esp) + movl %edx, 452(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 460(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 460(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %ecx, %edi + setb %bl + subl %ecx, %edi + addl %ebx, %edx + movl %edi, 448(%esp) + movl 464(%esp), %eax + subl %edx, 444(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 460(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %edi + xorl %edi, %eax + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %edi, %edx + movl (%esi,%ecx,8), %edi + movl 4(%esi,%ecx,8), %ebx + xorl %edi, %eax + xorl %ebx, %edx + leal (%ebp,%eax), %ebx + cmpl %eax, %ebx + setb %al + movl %ebx, %edi + movzbl %al, %ebp + addl %ebp, %edx + movl 468(%esp), %ebp + leal 0(,%ebx,4), %ecx + shrl $30, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,4), %edx + orl %edi, %edx + leal (%ebx,%ecx), %edi + cmpl %ecx, %edi + setb %al + movl 456(%esp), %ecx + addl %eax, %edx + leal (%ebp,%edx), %ebx + movl 516(%esp), %ebp + xorl %ebp, 448(%esp) + movl 452(%esp), %eax + movl %ebx, 424(%esp) + movl 520(%esp), %ebx + movl 524(%esp), %edx + xorl %eax, %ebx + movl 448(%esp), %eax + movl %ebx, 432(%esp) + xorl %ecx, %edx + movl 512(%esp), %ecx + movzbl 448(%esp),%ebx + shrl $16, %eax + andl $255, %eax + xorl %ecx, 444(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl %edx, 440(%esp) + movl (%esi,%ebx,8), %edx + movl 4(%esi,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 444(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 444(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %edi + setb %bl + subl %ecx, %edi + addl %ebx, %edx + movl %edi, 428(%esp) + movl 448(%esp), %eax + subl %edx, 424(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 444(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %ebp + xorl %edi, %edx + xorl %ebx, %edx + movl 464(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %al + movzbl %al, %edi + leal 0(,%ebx,4), %ecx + addl %edi, %edx + movl 460(%esp), %edi + shrl $30, %ebp + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + cmpl %ecx, %ebp + movl 440(%esp), %ebx + setb %al + addl %eax, %edx + movl 516(%esp), %eax + leal (%edi,%edx), %edx + movl 440(%esp), %edi + addl %ebx, %eax + movl %edx, 412(%esp) + movl 432(%esp), %edx + cmpl %edi, %eax + movl %eax, 436(%esp) + setb %cl + movl 512(%esp), %ebx + movl 508(%esp), %edi + movzbl %cl, %eax + addl %edx, %eax + xorl %edi, 428(%esp) + addl %ebx, %eax + movl 504(%esp), %ecx + movl %eax, 420(%esp) + movl 428(%esp), %eax + movzbl 428(%esp),%ebx + xorl %ecx, 424(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%esi,%ebx,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 424(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %edi + movl 424(%esp), %eax + xorl %ebx, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %edi + xorl %ebx, %ecx + xorl %edi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 416(%esp) + movl 428(%esp), %eax + subl %edx, 412(%esp) + movl %eax, %edx + movzbl %ah, %edi + shrl $24, %edx + movl tiger_table+6148(,%edi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%edi,8), %ecx + xorl %ebx, %edx + movl 424(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %edi, %edx + shrl $24, %ebp + movl (%esi,%ebp,8), %ebx + movl 4(%esi,%ebp,8), %edi + xorl %ebx, %eax + movl 448(%esp), %ebx + xorl %edi, %edx + movl 444(%esp), %edi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 436(%esp), %ebx + leal (%edi,%edx), %eax + movl %eax, 396(%esp) + movl 440(%esp), %edx + movl 508(%esp), %edi + movl 432(%esp), %eax + notl %edx + movl 440(%esp), %ecx + sall $19, %edx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %edx, 508(%esp) + setb %bl + subl %edx, %edi + movl %edi, 408(%esp) + movl 420(%esp), %edx + shrl $13, %ecx + sall $19, %eax + movl 500(%esp), %edi + orl %ecx, %eax + xorl %edi, 416(%esp) + notl %edx + xorl %eax, %edx + addl %ebx, %edx + movl 504(%esp), %ebx + movl 416(%esp), %eax + movl 496(%esp), %ecx + subl %edx, %ebx + shrl $16, %eax + movl %ebx, 404(%esp) + movzbl 416(%esp),%ebx + andl $255, %eax + xorl %ecx, 412(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl (%esi,%ebx,8), %edx + movl 4(%esi,%ebx,8), %edi + movzbl 412(%esp),%ebx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4096(,%ebx,8), %eax + xorl %edi, %edx + movl tiger_table+4100(,%ebx,8), %edi + movl 412(%esp), %ebx + xorl %eax, %ecx + xorl %edi, %edx + shrl $16, %ebx + andl $255, %ebx + movl tiger_table+6144(,%ebx,8), %eax + movl tiger_table+6148(,%ebx,8), %edi + xorl %eax, %ecx + xorl %edi, %edx + xorl %eax, %eax + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + movl %ebp, 400(%esp) + subl %edx, 396(%esp) + movl 416(%esp), %edx + movzbl %dh, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %ecx + xorl %ebx, %edx + movl 412(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %edi + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + xorl %edi, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %edi + xorl %ebp, %edx + xorl %ebx, %edx + movl 428(%esp), %ebx + xorl %edi, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %edi + setb %al + movzbl %al, %ebp + leal 0(,%ebx,4), %ecx + addl %ebp, %edx + movl 424(%esp), %ebp + shrl $30, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,4), %edx + orl %edi, %edx + leal (%ebx,%ecx), %edi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + movl 404(%esp), %eax + leal (%ebp,%edx), %ebx + movl %ebx, 376(%esp) + movl 492(%esp), %ebp + movl 496(%esp), %ebx + xorl %ebp, 400(%esp) + movl 408(%esp), %ecx + movl 500(%esp), %edx + xorl %eax, %ebx + movl 400(%esp), %eax + xorl %ecx, %edx + movl %ebx, 384(%esp) + movl 488(%esp), %ecx + shrl $16, %eax + movzbl 400(%esp),%ebx + movl %edx, 392(%esp) + andl $255, %eax + xorl %ecx, 396(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl (%esi,%ebx,8), %edx + movl 4(%esi,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 396(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 396(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %edi + setb %bl + subl %ecx, %edi + addl %ebx, %edx + movl %edi, 380(%esp) + movl 400(%esp), %eax + subl %edx, 376(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 396(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %ebp + xorl %edi, %edx + xorl %ebx, %edx + movl 416(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %al + movzbl %al, %edi + leal 0(,%ebx,4), %ecx + addl %edi, %edx + movl 412(%esp), %edi + shrl $30, %ebp + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + cmpl %ecx, %ebp + movl 392(%esp), %ebx + setb %al + addl %eax, %edx + movl 492(%esp), %eax + leal (%edi,%edx), %edx + movl 392(%esp), %edi + addl %ebx, %eax + movl %edx, 364(%esp) + movl 384(%esp), %edx + cmpl %edi, %eax + movl %eax, 388(%esp) + setb %cl + movl 488(%esp), %ebx + movl 484(%esp), %edi + movzbl %cl, %eax + addl %edx, %eax + xorl %edi, 380(%esp) + addl %ebx, %eax + movl 480(%esp), %ecx + movl %eax, 372(%esp) + movl 380(%esp), %eax + movzbl 380(%esp),%ebx + xorl %ecx, 376(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%esi,%ebx,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 376(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %edi + movl 376(%esp), %eax + xorl %ebx, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %edi + xorl %ebx, %ecx + xorl %edi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 368(%esp) + movl 380(%esp), %eax + subl %edx, 364(%esp) + movl %eax, %edx + movzbl %ah, %edi + shrl $24, %edx + movl tiger_table+6148(,%edi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%edi,8), %ecx + xorl %ebx, %edx + movl 376(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %edi, %edx + shrl $24, %ebp + movl (%esi,%ebp,8), %ebx + movl 4(%esi,%ebp,8), %edi + xorl %ebx, %eax + movl 400(%esp), %ebx + xorl %edi, %edx + movl 396(%esp), %edi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %edi + leal 0(,%edi,4), %edx + movl 392(%esp), %eax + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 388(%esp), %ebx + leal (%edi,%edx), %ecx + movl 384(%esp), %edx + shrl $23, %eax + movl %ecx, 288(%esp) + notl %ebx + movl 484(%esp), %edi + sall $9, %edx + movl 372(%esp), %ecx + orl %edx, %eax + xorl %eax, %ebx + xorl %edx, %edx + movl 384(%esp), %eax + cmpl %ebx, 484(%esp) + notl %eax + setb %dl + subl %ebx, %edi + shrl $23, %eax + movl 480(%esp), %ebx + movl %edi, 356(%esp) + movl 476(%esp), %edi + xorl %ecx, %eax + xorl %edi, 368(%esp) + addl %edx, %eax + subl %eax, %ebx + movl %ebx, 352(%esp) + movl 472(%esp), %ecx + movl 368(%esp), %eax + movzbl 368(%esp),%ebx + xorl %ecx, 364(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%esi,%ebx,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 364(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %edi + movl 364(%esp), %eax + xorl %ebx, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %edi + xorl %ebx, %ecx + xorl %edi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 292(%esp) + movl 368(%esp), %eax + subl %edx, 288(%esp) + movl %eax, %edx + movzbl %ah, %edi + shrl $24, %edx + movl tiger_table+6148(,%edi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%edi,8), %ecx + xorl %ebx, %edx + movl 364(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %ebp + xorl %edi, %edx + xorl %ebx, %edx + movl 380(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + leal 0(,%ebx,4), %ecx + setb %al + movzbl %al, %edi + movl %ebx, %ebp + addl %edi, %edx + movl 376(%esp), %edi + addl %ecx, %ebx + shrl $30, %ebp + movl %ebx, 360(%esp) + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + cmpl %ecx, %ebx + setb %al + movl 356(%esp), %ebp + addl %eax, %edx + leal (%edi,%edx), %eax + movl 476(%esp), %edi + movl 456(%esp), %edx + movl %eax, 268(%esp) + movl 352(%esp), %ecx + xorl %ebp, %edi + movl 472(%esp), %ebp + addl %edi, %edx + movl %edx, 348(%esp) + xorl %ecx, %ebp + cmpl %edi, %edx + setb %bl + movl 452(%esp), %ecx + movzbl %bl, %eax + leal (%ebp,%eax), %edx + movl 348(%esp), %ebx + movl %edi, %eax + notl %eax + addl %ecx, %edx + sall $19, %eax + movl %edx, 344(%esp) + xorl %ebx, %eax + xorl %ebx, %ebx + cmpl %eax, 440(%esp) + movl %edi, %ecx + movl 440(%esp), %edx + setb %bl + subl %eax, %edx + movl %ebp, %eax + movl %edx, 340(%esp) + movl 344(%esp), %edx + shrl $13, %ecx + sall $19, %eax + orl %ecx, %eax + notl %edx + xorl %eax, %edx + movl 432(%esp), %ecx + addl %ebx, %edx + movl 340(%esp), %eax + movl 436(%esp), %ebx + subl %edx, %ecx + movl %ecx, 336(%esp) + xorl %eax, %ebx + xorl %eax, %eax + movl %ebx, 332(%esp) + movl 420(%esp), %edx + xorl %ecx, %edx + movl %edx, 324(%esp) + movl 408(%esp), %edx + movl 324(%esp), %ecx + addl %ebx, %edx + cmpl %ebx, %edx + setb %al + movl %edx, 328(%esp) + addl %ecx, %eax + movl 404(%esp), %ecx + addl %ecx, %eax + movl %edx, %ecx + notl %ecx + movl %eax, 320(%esp) + movl %ebx, %eax + movl 324(%esp), %ebx + shrl $23, %eax + xorl %edx, %edx + sall $9, %ebx + orl %ebx, %eax + xorl %eax, %ecx + movl 392(%esp), %ebx + cmpl %ecx, 392(%esp) + movl 324(%esp), %eax + setb %dl + subl %ecx, %ebx + movl 320(%esp), %ecx + notl %eax + movl %ebx, 316(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 384(%esp), %edx + movl 388(%esp), %ecx + subl %eax, %edx + movl 356(%esp), %eax + xorl %ebx, %ecx + movl %edx, 312(%esp) + movl 372(%esp), %ebx + movl %ecx, 308(%esp) + addl %ecx, %eax + xorl %edx, %ebx + movl %eax, 304(%esp) + cmpl %ecx, %eax + setb %dl + movl %ebx, 300(%esp) + movl 352(%esp), %ecx + movzbl %dl, %eax + movl 304(%esp), %edx + addl %ebx, %eax + xorl %ebx, %ebx + addl %ecx, %eax + xorl $-1985229329, %edx + movl %eax, 296(%esp) + cmpl %edx, %edi + movl 296(%esp), %eax + setb %bl + subl %edx, %edi + movl 344(%esp), %ecx + movl %edi, 280(%esp) + movl 348(%esp), %edi + xorl $19088743, %eax + xorl %edi, 292(%esp) + addl %ebx, %eax + subl %eax, %ebp + movl %ebp, 276(%esp) + movl 292(%esp), %ebx + movzbl 292(%esp),%ebp + xorl %ecx, 288(%esp) + shrl $16, %ebx + andl $255, %ebx + movl (%esi,%ebp,8), %edx + movl tiger_table+2048(,%ebx,8), %ecx + movl 4(%esi,%ebp,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebx,8), %edx + movzbl 288(%esp),%ebx + xorl %eax, %edx + movl tiger_table+4096(,%ebx,8), %edi + movl tiger_table+4100(,%ebx,8), %ebp + xorl %edi, %ecx + movl 288(%esp), %edi + xorl %ebp, %edx + movl 360(%esp), %ebp + shrl $16, %edi + andl $255, %edi + movl tiger_table+6144(,%edi,8), %eax + movl tiger_table+6148(,%edi,8), %ebx + xorl %eax, %ecx + xorl %ebx, %edx + xorl %eax, %eax + cmpl %ecx, 360(%esp) + setb %al + subl %ecx, %ebp + movl %ebp, 272(%esp) + addl %eax, %edx + movl 292(%esp), %eax + subl %edx, 268(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 288(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl (%esi,%ecx,8), %ebx + movl 4(%esi,%ecx,8), %ebp + xorl %edi, %edx + movl 368(%esp), %ecx + xorl %ebx, %eax + movl %esi, %edi + xorl %ebp, %edx + addl %eax, %ecx + movl 364(%esp), %ebp + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + addl %ebp, %edx + movl %ecx, %eax + leal 0(,%ecx,8), %ebx + shrl $29, %eax + leal 0(,%edx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + leal (%edx,%eax), %eax + movl 280(%esp), %edx + subl %ecx, %ebx + movl %ebx, 284(%esp) + subl %eax, %ebp + xorl %ecx, %ecx + xorl $-1515870811, %edx + movl 348(%esp), %ebx + movl 276(%esp), %eax + cmpl %edx, 348(%esp) + setb %cl + subl %edx, %ebx + movl %ebx, 260(%esp) + movl 340(%esp), %ebx + xorl $-1515870811, %eax + xorl %ebx, 272(%esp) + addl %ecx, %eax + movl 344(%esp), %edx + movl 336(%esp), %ecx + movzbl 272(%esp),%ebx + subl %eax, %edx + movl 272(%esp), %eax + xorl %ecx, 268(%esp) + movl %edx, 256(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 268(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 268(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 284(%esp), %ebx + cmpl %ecx, 284(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 252(%esp) + addl %eax, %edx + movl 272(%esp), %eax + subl %edx, %ebp + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 268(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%esi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%esi,%ecx,8), %ebx + movl 292(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %bl + movzbl %bl, %eax + movl 288(%esp), %ebx + addl %eax, %edx + addl %ebx, %edx + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 228(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 228(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + movl 340(%esp), %ecx + movl %ebx, 264(%esp) + movl 260(%esp), %ebx + leal (%edx,%eax), %eax + subl %eax, 228(%esp) + xorl %ebx, %ecx + movl 256(%esp), %edx + movl %ecx, 244(%esp) + movl 332(%esp), %ebx + movl 336(%esp), %eax + xorl %ebx, 252(%esp) + movl 324(%esp), %ecx + xorl %edx, %eax + movl %eax, 236(%esp) + movl 252(%esp), %eax + xorl %ecx, %ebp + movzbl 252(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 264(%esp), %ebx + cmpl %ecx, 264(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 232(%esp) + addl %eax, %edx + movl 252(%esp), %eax + subl %edx, 228(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl (%esi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%esi,%ecx,8), %ebx + movl 272(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %bl + movzbl %bl, %eax + movl 268(%esp), %ebx + addl %eax, %edx + addl %ebx, %edx + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 212(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 212(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + leal (%edx,%eax), %ecx + movl %ebx, 248(%esp) + movl 244(%esp), %eax + movl 332(%esp), %edx + subl %ecx, 212(%esp) + movl 244(%esp), %ebx + addl %eax, %edx + movl %edx, 240(%esp) + movl 236(%esp), %ecx + xorl %eax, %eax + cmpl %ebx, %edx + movl 324(%esp), %edx + setb %al + movl 328(%esp), %ebx + addl %ecx, %eax + movl 320(%esp), %ecx + xorl %ebx, 232(%esp) + addl %edx, %eax + movl %eax, 220(%esp) + xorl %ecx, 228(%esp) + movl 232(%esp), %eax + movzbl 232(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 228(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 228(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 248(%esp), %ebx + cmpl %ecx, 248(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 216(%esp) + addl %eax, %edx + movl 232(%esp), %eax + subl %edx, 212(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 228(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%esi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%esi,%ecx,8), %ebx + movl 252(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl %ecx, %eax + leal (%ebp,%edx), %ebx + shrl $29, %eax + leal 0(,%ecx,8), %edx + leal 0(,%ebx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 224(%esp) + movl 244(%esp), %eax + subl %ecx, %ebp + movl 240(%esp), %ebx + movl 328(%esp), %edx + notl %eax + sall $19, %eax + movl 244(%esp), %ecx + xorl %ebx, %eax + xorl %ebx, %ebx + cmpl %eax, 328(%esp) + setb %bl + subl %eax, %edx + movl %edx, 204(%esp) + movl 236(%esp), %eax + shrl $13, %ecx + movl 220(%esp), %edx + sall $19, %eax + orl %ecx, %eax + notl %edx + movl 312(%esp), %ecx + xorl %eax, %edx + xorl %ecx, 212(%esp) + addl %ebx, %edx + movl 320(%esp), %eax + movl 316(%esp), %ebx + xorl %ebx, 216(%esp) + subl %edx, %eax + movl %eax, 200(%esp) + movl 216(%esp), %eax + movzbl 216(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 212(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 212(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebx, %ecx + xorl %esi, %edx + movl 224(%esp), %esi + cmpl %ecx, 224(%esp) + setb %al + addl %eax, %edx + subl %edx, %ebp + movl 216(%esp), %edx + subl %ecx, %esi + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 212(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%edi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%edi,%ecx,8), %ebx + movl 232(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl 228(%esp), %ebx + addl %edx, %ebx + leal 0(,%ebx,8), %eax + leal 0(,%ecx,8), %edx + movl %eax, 176(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 176(%esp) + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + movl 316(%esp), %ecx + movl %edx, 208(%esp) + leal (%ebx,%eax), %edx + movl 204(%esp), %ebx + subl %edx, 176(%esp) + movl 200(%esp), %eax + xorl %ebx, %ecx + movl %ecx, 192(%esp) + movl 308(%esp), %ebx + movl 312(%esp), %edx + movl 300(%esp), %ecx + xorl %ebx, %esi + xorl %eax, %edx + movl %edx, 184(%esp) + movl %esi, %eax + movl %esi, %ebx + shrl $16, %eax + andl $255, %ebx + andl $255, %eax + xorl %ecx, %ebp + movl (%edi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + cmpl %ecx, 208(%esp) + movl 208(%esp), %ebx + setb %al + addl %eax, %edx + movl %esi, %eax + subl %ecx, %ebx + subl %edx, 176(%esp) + movl %esi, %edx + movzbl %ah, %ecx + movl %ebx, 180(%esp) + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl (%edi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%edi,%ecx,8), %ebx + movl 216(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl 212(%esp), %ebx + addl %edx, %ebx + leal 0(,%ebx,8), %eax + leal 0(,%ecx,8), %edx + movl %eax, 164(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 164(%esp) + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 196(%esp) + movl 192(%esp), %eax + movl 308(%esp), %edx + subl %ecx, 164(%esp) + movl 192(%esp), %ebx + addl %eax, %edx + movl %edx, 188(%esp) + movl 184(%esp), %ecx + xorl %eax, %eax + cmpl %ebx, %edx + movl 300(%esp), %edx + setb %al + movl 304(%esp), %ebx + addl %ecx, %eax + movl 296(%esp), %ecx + xorl %ebx, 180(%esp) + addl %edx, %eax + movl %eax, 172(%esp) + xorl %ecx, 176(%esp) + movl 180(%esp), %eax + movzbl 180(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%edi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%ebx,8), %eax + xorl %eax, %edx + movzbl 176(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 176(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 196(%esp), %ebx + cmpl %ecx, 196(%esp) + setb %al + addl %eax, %edx + subl %ecx, %ebx + movl %ebx, 168(%esp) + subl %edx, 164(%esp) + movl 180(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 176(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%edi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%edi,%ecx,8), %ebx + leal (%esi,%eax), %ecx + xorl %ebx, %edx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + leal (%ebp,%edx), %esi + movl %ecx, %ebp + leal 0(,%esi,8), %eax + movl %eax, 88(%esp) + leal 0(,%ecx,8), %ebx + xorl %eax, %eax + shrl $29, %ebp + movl 184(%esp), %edx + orl %ebp, 88(%esp) + cmpl %ecx, %ebx + movl 192(%esp), %ebp + setb %al + subl %ecx, %ebx + leal (%esi,%eax), %ecx + subl %ecx, 88(%esp) + sall $9, %edx + movl 188(%esp), %esi + shrl $23, %ebp + movl 304(%esp), %eax + orl %edx, %ebp + notl %esi + xorl %edx, %edx + movl 172(%esp), %ecx + xorl %ebp, %esi + movl 184(%esp), %ebp + cmpl %esi, 304(%esp) + notl %ebp + setb %dl + subl %esi, %eax + shrl $23, %ebp + movl 296(%esp), %esi + movl %eax, 156(%esp) + movl 280(%esp), %eax + xorl %ecx, %ebp + xorl %eax, 168(%esp) + addl %edx, %ebp + subl %ebp, %esi + movl %esi, 152(%esp) + movl 276(%esp), %ecx + movl 168(%esp), %ebp + movzbl 168(%esp),%esi + xorl %ecx, 164(%esp) + shrl $16, %ebp + andl $255, %ebp + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%ebp,8), %ecx + movl 4(%edi,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebp,8), %edx + xorl %eax, %edx + movzbl 164(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebp + movl tiger_table+4100(,%eax,8), %esi + movl 164(%esp), %eax + xorl %ebp, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebp + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebp, %ecx + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 88(%esp) + movl 168(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 164(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl (%edi,%ecx,8), %esi + xorl %ebp, %edx + movl 4(%edi,%ecx,8), %ebp + xorl %esi, %eax + movl 180(%esp), %ecx + xorl %ebp, %edx + addl %eax, %ecx + cmpl %eax, %ecx + leal 0(,%ecx,8), %ebp + setb %al + movzbl %al, %esi + addl %esi, %edx + movl 176(%esp), %esi + addl %edx, %esi + leal 0(,%esi,8), %eax + movl %ecx, %edx + movl %eax, 76(%esp) + shrl $29, %edx + xorl %eax, %eax + orl %edx, 76(%esp) + cmpl %ecx, %ebp + setb %al + leal (%esi,%eax), %edx + subl %ecx, %ebp + movl 156(%esp), %ecx + subl %edx, 76(%esp) + xorl %eax, %eax + movl 280(%esp), %edx + movl %ebp, 160(%esp) + movl 152(%esp), %ebp + movl 256(%esp), %esi + xorl %ecx, %edx + movl 276(%esp), %ecx + movl %edx, 148(%esp) + xorl %ebp, %ecx + movl 260(%esp), %ebp + movl %ecx, 144(%esp) + addl %edx, %ebp + cmpl %edx, %ebp + setb %al + addl %ecx, %eax + addl %esi, %eax + movl %eax, 140(%esp) + movl %edx, %eax + notl %eax + sall $19, %eax + xorl %ebp, %eax + cmpl %eax, 244(%esp) + setb %dl + movzbl %dl, %esi + movl 244(%esp), %edx + subl %eax, %edx + movl %ecx, %eax + movl %edx, 136(%esp) + movl 148(%esp), %ecx + sall $19, %eax + movl 140(%esp), %edx + shrl $13, %ecx + orl %ecx, %eax + notl %edx + movl 236(%esp), %ecx + xorl %eax, %edx + addl %esi, %edx + subl %edx, %ecx + movl %ecx, 132(%esp) + movl 220(%esp), %edx + movl 136(%esp), %eax + movl 240(%esp), %esi + xorl %ecx, %edx + movl %edx, 120(%esp) + movl 204(%esp), %edx + xorl %eax, %esi + movl %esi, 128(%esp) + movl 120(%esp), %ecx + xorl %eax, %eax + addl %esi, %edx + cmpl %esi, %edx + setb %al + movl %edx, 124(%esp) + addl %ecx, %eax + movl 200(%esp), %ecx + addl %ecx, %eax + movl %edx, %ecx + notl %ecx + movl %eax, 116(%esp) + movl %esi, %eax + movl 120(%esp), %esi + shrl $23, %eax + xorl %edx, %edx + sall $9, %esi + orl %esi, %eax + xorl %eax, %ecx + movl 192(%esp), %esi + cmpl %ecx, 192(%esp) + movl 120(%esp), %eax + setb %dl + subl %ecx, %esi + movl 116(%esp), %ecx + notl %eax + movl %esi, 112(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 184(%esp), %edx + movl 188(%esp), %ecx + subl %eax, %edx + movl 156(%esp), %eax + xorl %esi, %ecx + movl %edx, 108(%esp) + movl 172(%esp), %esi + movl %ecx, 104(%esp) + addl %ecx, %eax + xorl %edx, %esi + movl %eax, 100(%esp) + cmpl %ecx, %eax + setb %dl + movl %esi, 96(%esp) + movl 152(%esp), %ecx + movzbl %dl, %eax + movl 100(%esp), %edx + addl %esi, %eax + addl %ecx, %eax + movl %eax, 92(%esp) + xorl $-1985229329, %edx + xorl %eax, %eax + cmpl %edx, 148(%esp) + movl 92(%esp), %esi + movl 140(%esp), %ecx + setb %al + xorl %ebp, %ebx + xorl $19088743, %esi + subl %edx, 148(%esp) + addl %eax, %esi + movl %ebx, %eax + subl %esi, 144(%esp) + shrl $16, %eax + movzbl %bl,%esi + xorl %ecx, 88(%esp) + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%edi,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 88(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 88(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, 160(%esp) + movl 160(%esp), %esi + setb %al + addl %eax, %edx + subl %ecx, %esi + movzbl %bh, %ecx + subl %edx, 76(%esp) + movl %ebx, %edx + shrl $24, %edx + movl %esi, 80(%esp) + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 88(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 168(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 164(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 84(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 136(%esp), %esi + setb %al + movl 132(%esp), %ecx + addl %eax, %edx + xorl %esi, 80(%esp) + movl 84(%esp), %eax + addl %eax, %edx + movl %edx, 68(%esp) + xorl %ecx, 76(%esp) + movl 80(%esp), %eax + movzbl 80(%esp),%esi + shrl $16, %eax + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 76(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 76(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + subl %edx, 68(%esp) + movl 80(%esp), %edx + movl %ebp, 72(%esp) + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 76(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl (%edi,%ecx,8), %esi + xorl %ebp, %edx + movl 4(%edi,%ecx,8), %ebp + xorl %esi, %eax + addl %eax, %ebx + xorl %ebp, %edx + cmpl %eax, %ebx + leal 0(,%ebx,8), %ecx + setb %al + movzbl %al, %esi + movl %ebx, %ebp + addl %esi, %edx + movl 88(%esp), %esi + addl %ecx, %ebx + shrl $29, %ebp + xorl %eax, %eax + addl %edx, %esi + leal 0(,%esi,8), %edx + orl %ebp, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + movl 128(%esp), %eax + leal (%esi,%edx), %ebp + xorl %eax, 72(%esp) + movl 120(%esp), %ecx + movl %ebp, 60(%esp) + movl 72(%esp), %ebp + movzbl 72(%esp),%esi + xorl %ecx, 68(%esp) + shrl $16, %ebp + andl $255, %ebp + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%ebp,8), %ecx + movl 4(%edi,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebp,8), %edx + xorl %eax, %edx + movzbl 68(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebp + movl tiger_table+4100(,%eax,8), %esi + movl 68(%esp), %eax + xorl %ebp, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebp + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebp, %ecx + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 60(%esp) + movl 72(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 68(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 80(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 76(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 64(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 124(%esp), %esi + setb %al + movl 116(%esp), %ecx + addl %eax, %edx + xorl %ecx, 60(%esp) + xorl %esi, %ebx + movl 64(%esp), %eax + movzbl %bl,%esi + addl %eax, %edx + movl %ebx, %eax + movl %edx, 48(%esp) + shrl $16, %eax + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 60(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 60(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + movzbl %bh, %ecx + subl %edx, 48(%esp) + movl %ebx, %edx + shrl $24, %edx + movl %ebp, 52(%esp) + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 60(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 72(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 68(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 56(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 112(%esp), %esi + setb %al + xorl %esi, 52(%esp) + addl %eax, %edx + movl 56(%esp), %eax + movl 108(%esp), %ecx + movzbl 52(%esp),%esi + addl %eax, %edx + movl 52(%esp), %eax + xorl %ecx, 48(%esp) + movl %edx, 40(%esp) + shrl $16, %eax + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 48(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 48(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + subl %edx, 40(%esp) + movl 52(%esp), %edx + movl %ebp, 44(%esp) + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 48(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl (%edi,%ecx,8), %esi + xorl %ebp, %edx + movl 4(%edi,%ecx,8), %ebp + xorl %esi, %eax + addl %eax, %ebx + xorl %ebp, %edx + cmpl %eax, %ebx + leal 0(,%ebx,8), %ecx + setb %al + movzbl %al, %esi + movl %ebx, %ebp + addl %esi, %edx + movl 60(%esp), %esi + addl %ecx, %ebx + shrl $29, %ebp + xorl %eax, %eax + addl %edx, %esi + leal 0(,%esi,8), %edx + orl %ebp, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + leal (%esi,%edx), %ebp + movl %ebp, 32(%esp) + movl 104(%esp), %eax + movl 96(%esp), %ecx + xorl %eax, 44(%esp) + xorl %ecx, 40(%esp) + movl 44(%esp), %ebp + movzbl 44(%esp),%esi + shrl $16, %ebp + andl $255, %ebp + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%ebp,8), %ecx + movl 4(%edi,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebp,8), %edx + xorl %eax, %edx + movzbl 40(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebp + movl tiger_table+4100(,%eax,8), %esi + movl 40(%esp), %eax + xorl %ebp, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebp + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebp, %ecx + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 32(%esp) + movl 44(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 40(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 52(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 48(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 36(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + movl 36(%esp), %eax + addl %eax, %edx + movl %edx, 20(%esp) + movl 100(%esp), %esi + movl 92(%esp), %ecx + xorl %ecx, 32(%esp) + xorl %esi, %ebx + movl %ebx, %eax + shrl $16, %eax + movzbl %bl,%esi + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 32(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 32(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + movzbl %bh, %ecx + subl %edx, 20(%esp) + movl %ebx, %edx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 32(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl (%edi,%ecx,8), %esi + xorl %esi, %eax + movl 4(%edi,%ecx,8), %esi + xorl %esi, %edx + movl 44(%esp), %esi + addl %eax, %esi + cmpl %eax, %esi + setb %cl + movzbl %cl, %eax + movl 40(%esp), %ecx + addl %eax, %edx + movl %esi, %eax + shrl $29, %eax + addl %ecx, %edx + movl %edx, 28(%esp) + leal 0(,%esi,8), %ecx + addl %ecx, %esi + movl %esi, 24(%esp) + sall $3, %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %esi + setb %al + movl 148(%esp), %esi + addl %eax, %edx + movl 28(%esp), %eax + movl 144(%esp), %ecx + xorl %esi, %ebp + addl %eax, %edx + movl %edx, 16(%esp) + movl %ebp, %eax + movl %ebp, %esi + xorl %ecx, 20(%esp) + shrl $16, %eax + andl $255, %esi + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 20(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 20(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, 24(%esp) + setb %al + addl %eax, %edx + subl %edx, 16(%esp) + movl %ebp, %eax + movl %ebp, %edx + subl %ecx, 24(%esp) + shrl $24, %edx + movzbl %ah, %ecx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 20(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl (%edi,%ecx,8), %esi + xorl %esi, %eax + movl 4(%edi,%ecx,8), %esi + addl %eax, %ebx + leal 0(,%ebx,8), %ecx + xorl %esi, %edx + cmpl %eax, %ebx + movl %ebx, %esi + setb %al + movzbl %al, %edi + shrl $29, %esi + addl %edi, %edx + movl 32(%esp), %edi + addl %ecx, %ebx + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,8), %edx + orl %esi, %edx + cmpl %ecx, %ebx + movl 8(%esp), %esi + setb %al + movl 4(%esp), %ecx + addl %eax, %edx + movl 12(%esp), %eax + leal (%edi,%edx), %edx + xorl %esi, %edx + movl 540(%esp), %edi + xorl %eax, %ebx + xorl %eax, %eax + cmpl 540(%esp), %ebp + movl (%esp), %esi + setb %al + addl %ecx, %eax + movl 24(%esp), %ecx + subl %edi, %ebp + subl %eax, 20(%esp) + movl 536(%esp), %eax + movl 16(%esp), %edi + addl %eax, %ecx + xorl %eax, %eax + cmpl 536(%esp), %ecx + setb %al + addl %esi, %eax + movl 568(%esp), %esi + addl %edi, %eax + movl %ebx, (%esi) + movl %edx, 4(%esi) + movl %ebp, 8(%esi) + movl 20(%esp), %edx + movl %ecx, 16(%esi) + movl %eax, 20(%esi) + movl %edx, 12(%esi) + addl $544, %esp + popl %ebx + popl %esi + popl %edi + popl %ebp + ret + .size tiger_compress, .-tiger_compress +.globl tiger_t + .type tiger_t, @function +tiger_t: + pushl %ebp + pushl %edi + pushl %esi + pushl %ebx + subl $504, %esp + movl 528(%esp), %eax + movl %eax, 500(%esp) + cmpl $63, %eax + jbe .L8 +.L6: + movl 532(%esp), %edx + movl 532(%esp), %ebx + movl 532(%esp), %edi + movl (%edx), %esi + movl %esi, 72(%esp) + movl 4(%ebx), %ebp + movl 524(%esp), %ebx + movl %ebp, 68(%esp) + movl 12(%edi), %ecx + movl 8(%edi), %edx + movl %ecx, 64(%esp) + movl 16(%edi), %esi + movl 20(%edi), %eax + movl %edx, 496(%esp) + movl 524(%esp), %ecx + movl %esi, 492(%esp) + movl %eax, 60(%esp) + movl (%ebx), %ebp + movl %ebp, 56(%esp) + movl 4(%ecx), %edi + movl 524(%esp), %ebp + movl %edi, 52(%esp) + movl 12(%ebp), %eax + movl 8(%ebp), %edi + movl %eax, 48(%esp) + movl 16(%ebp), %edx + movl 524(%esp), %eax + movl %edx, 44(%esp) + movl 20(%ebp), %esi + movl %esi, 40(%esp) + movl 24(%ebp), %ebx + movl %ebx, 36(%esp) + movl 28(%ebp), %ecx + movl %ecx, 32(%esp) + movl 32(%eax), %edx + movl %edx, 28(%esp) + movl 524(%esp), %esi + movl 524(%esp), %ebx + movl 524(%esp), %eax + movl 36(%esi), %ebp + movl 524(%esp), %esi + movl %ebp, 24(%esp) + movl 40(%ebx), %ecx + movl 524(%esp), %ebx + movl %ecx, 20(%esp) + movl 44(%eax), %edx + movl 524(%esp), %eax + movl %edx, 16(%esp) + movl 48(%esi), %ebp + movl 524(%esp), %esi + movl %ebp, 12(%esp) + movl 52(%ebx), %ecx + movl 56(%esp), %ebx + movl %ecx, 8(%esp) + movl 56(%eax), %edx + movl 52(%esp), %ecx + movl 60(%esp), %eax + movl %edx, 4(%esp) + movl 60(%esi), %ebp + xorl %ecx, %eax + movl %eax, 488(%esp) + movl %ebp, (%esp) + movl 492(%esp), %ebp + xorl %ebx, %ebp + movl %ebp, %esi + movl %ebp, %ebx + shrl $16, %esi + andl $255, %ebx + andl $255, %esi + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%esi,8), %ecx + movl tiger_table+4(,%ebx,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%esi,8), %edx + xorl %eax, %edx + movzbl 488(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebx + movl 488(%esp), %eax + xorl %esi, %ecx + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebx, %edx + cmpl %ecx, 72(%esp) + movl 72(%esp), %esi + setb %al + subl %ecx, %esi + addl %eax, %edx + movl %ebp, %eax + movl %esi, 484(%esp) + movl 68(%esp), %ecx + movl %ebp, %esi + shrl $24, %esi + subl %edx, %ecx + movl %ecx, 480(%esp) + movzbl %ah, %ecx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%esi,8), %eax + movl tiger_table+6148(,%ecx,8), %edx + movl 488(%esp), %ecx + xorl %ebx, %eax + movl tiger_table+4100(,%esi,8), %ebx + xorl %edx, %ebx + movzbl %ch, %edx + movl tiger_table+2048(,%edx,8), %esi + xorl %esi, %eax + movl tiger_table+2052(,%edx,8), %esi + movl %ecx, %edx + shrl $24, %edx + xorl %esi, %ebx + movl tiger_table+4(,%edx,8), %esi + movl tiger_table(,%edx,8), %ecx + xorl %esi, %ebx + movl 496(%esp), %esi + xorl %ecx, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movzbl %al, %ecx + leal (%ebx,%ecx), %edx + movl 64(%esp), %ebx + leal 0(,%esi,4), %ecx + movl %esi, %eax + shrl $30, %eax + addl %edx, %ebx + addl %ecx, %esi + leal 0(,%ebx,4), %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %esi + setb %al + addl %eax, %edx + xorl %ecx, %ecx + addl %edx, %ebx + movl 4(%esp), %edx + movl (%esp), %eax + movl %ebx, 464(%esp) + xorl $-1515870811, %edx + movl 56(%esp), %ebx + cmpl %edx, 56(%esp) + setb %cl + subl %edx, %ebx + xorl %edi, 484(%esp) + xorl $-1515870811, %eax + addl %ecx, %eax + movl %ebx, 476(%esp) + movl 52(%esp), %ebx + movl 48(%esp), %ecx + xorl %ecx, 480(%esp) + subl %eax, %ebx + movl 484(%esp), %eax + movl %ebx, 472(%esp) + movzbl 484(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movzbl 480(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 480(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + subl %ecx, %esi + addl %ebx, %edx + movl %esi, 468(%esp) + movl 484(%esp), %eax + subl %edx, 464(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %esi + xorl %ebx, %edx + movl 480(%esp), %ebx + xorl %esi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+2052(,%ecx,8), %esi + xorl %esi, %edx + movl %ebx, %esi + shrl $24, %esi + movl tiger_table(,%esi,8), %ecx + movl tiger_table+4(,%esi,8), %ebx + xorl %ecx, %eax + xorl %ebx, %edx + leal (%ebp,%eax), %ebx + cmpl %eax, %ebx + setb %cl + movl 488(%esp), %ebp + movl %ebx, %esi + movzbl %cl, %eax + shrl $30, %esi + addl %eax, %edx + addl %edx, %ebp + leal 0(,%ebx,4), %ecx + movl 472(%esp), %eax + leal 0(,%ebp,4), %edx + orl %esi, %edx + leal (%ebx,%ecx), %esi + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + addl %ebx, %edx + leal (%ebp,%edx), %ecx + movl 44(%esp), %ebp + xorl %ebp, 468(%esp) + movl 48(%esp), %ebx + movl %ecx, 448(%esp) + movl 476(%esp), %edx + movl 40(%esp), %ecx + xorl %ecx, 464(%esp) + xorl %eax, %ebx + movl 468(%esp), %eax + movl %ebx, 456(%esp) + movzbl 468(%esp),%ebx + xorl %edx, %edi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 464(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 464(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + subl %ecx, %esi + addl %ebx, %edx + movl %esi, 452(%esp) + movl 468(%esp), %eax + subl %edx, 448(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %esi + xorl %ebx, %edx + movl 464(%esp), %ebx + xorl %esi, %eax + movzbl %bh, %esi + movl tiger_table+2048(,%esi,8), %ecx + movl tiger_table+2052(,%esi,8), %ebp + xorl %ecx, %eax + movl %ebx, %ecx + xorl %ebp, %edx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + movl tiger_table+4(,%ecx,8), %esi + xorl %ebx, %eax + movl 484(%esp), %ebx + xorl %esi, %edx + movl 480(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %esi + leal 0(,%esi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + movl 44(%esp), %ecx + setb %bl + addl %ebx, %edx + leal (%esi,%edx), %eax + movl %eax, 436(%esp) + addl %edi, %ecx + movl 456(%esp), %edx + movl %ecx, 460(%esp) + movl 40(%esp), %ebx + xorl %eax, %eax + movl 36(%esp), %esi + cmpl %edi, %ecx + setb %al + xorl %esi, 452(%esp) + addl %edx, %eax + addl %ebx, %eax + movl %eax, 444(%esp) + movl 32(%esp), %ecx + movl 452(%esp), %eax + movzbl 452(%esp),%ebx + xorl %ecx, 448(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 448(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 448(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 440(%esp) + movl 452(%esp), %eax + subl %edx, 436(%esp) + movl %eax, %edx + movzbl %ah, %esi + shrl $24, %edx + movl tiger_table+6148(,%esi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%esi,8), %ecx + xorl %ebx, %edx + movl 448(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %esi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %esi, %edx + shrl $24, %ebp + movl tiger_table(,%ebp,8), %ebx + movl tiger_table+4(,%ebp,8), %esi + xorl %ebx, %eax + movl 468(%esp), %ebx + xorl %esi, %edx + movl 464(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %esi + leal 0(,%esi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 460(%esp), %ebx + leal (%esi,%edx), %eax + movl %eax, 420(%esp) + movl %edi, %edx + movl 36(%esp), %esi + notl %edx + movl 456(%esp), %eax + movl %edi, %ecx + sall $19, %edx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %edx, 36(%esp) + setb %bl + subl %edx, %esi + movl %esi, 432(%esp) + movl 444(%esp), %edx + shrl $13, %ecx + sall $19, %eax + movl 28(%esp), %esi + orl %ecx, %eax + xorl %esi, 440(%esp) + notl %edx + xorl %eax, %edx + addl %ebx, %edx + movl 32(%esp), %ebx + movl 440(%esp), %eax + movl 24(%esp), %ecx + subl %edx, %ebx + shrl $16, %eax + movl %ebx, 428(%esp) + movzbl 440(%esp),%ebx + andl $255, %eax + xorl %ecx, 436(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 436(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 436(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 424(%esp) + movl 440(%esp), %eax + subl %edx, 420(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %ecx + xorl %ebx, %edx + movl 436(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %esi + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl tiger_table(,%ecx,8), %esi + xorl %ebp, %edx + xorl %ebx, %edx + movl 452(%esp), %ebx + xorl %esi, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %esi + setb %al + movzbl %al, %ebp + leal 0(,%ebx,4), %ecx + addl %ebp, %edx + movl 448(%esp), %ebp + shrl $30, %esi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,4), %edx + orl %esi, %edx + leal (%ebx,%ecx), %esi + cmpl %ecx, %esi + setb %al + addl %eax, %edx + movl 428(%esp), %eax + leal (%ebp,%edx), %ebx + movl %ebx, 400(%esp) + movl 20(%esp), %ebp + movl 24(%esp), %ebx + xorl %ebp, 424(%esp) + movl 432(%esp), %ecx + xorl %eax, %ebx + movl %ebx, 408(%esp) + movl 424(%esp), %eax + movl 28(%esp), %edx + movzbl 424(%esp),%ebx + shrl $16, %eax + xorl %ecx, %edx + movl %edx, 416(%esp) + andl $255, %eax + movl 16(%esp), %ecx + xorl %ecx, 420(%esp) + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 420(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 420(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + subl %ecx, %esi + addl %ebx, %edx + movl %esi, 404(%esp) + movl 424(%esp), %eax + subl %edx, 400(%esp) + movl %eax, %edx + movzbl %ah, %esi + shrl $24, %edx + movl tiger_table+6148(,%esi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%esi,8), %ecx + xorl %ebx, %edx + movl 420(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %esi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl tiger_table(,%ecx,8), %ebp + xorl %esi, %edx + xorl %ebx, %edx + movl 440(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %al + movzbl %al, %esi + leal 0(,%ebx,4), %ecx + addl %esi, %edx + movl 436(%esp), %esi + shrl $30, %ebp + xorl %eax, %eax + addl %edx, %esi + leal 0(,%esi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + cmpl %ecx, %ebp + movl 416(%esp), %ebx + setb %al + addl %eax, %edx + leal (%esi,%edx), %edx + movl %edx, 388(%esp) + movl 20(%esp), %esi + movl 416(%esp), %eax + movl 408(%esp), %edx + addl %ebx, %esi + cmpl %eax, %esi + movl %esi, 412(%esp) + setb %cl + movl 16(%esp), %ebx + movl 12(%esp), %esi + movzbl %cl, %eax + addl %edx, %eax + xorl %esi, 404(%esp) + addl %ebx, %eax + movl 8(%esp), %ecx + movl %eax, 396(%esp) + movl 404(%esp), %eax + movzbl 404(%esp),%ebx + xorl %ecx, 400(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 400(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 400(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 392(%esp) + movl 404(%esp), %eax + subl %edx, 388(%esp) + movl %eax, %edx + movzbl %ah, %esi + shrl $24, %edx + movl tiger_table+6148(,%esi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%esi,8), %ecx + xorl %ebx, %edx + movl 400(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %esi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %esi, %edx + shrl $24, %ebp + movl tiger_table(,%ebp,8), %ebx + movl tiger_table+4(,%ebp,8), %esi + xorl %ebx, %eax + movl 424(%esp), %ebx + xorl %esi, %edx + movl 420(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %esi + leal 0(,%esi,4), %edx + movl 416(%esp), %eax + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 412(%esp), %ebx + leal (%esi,%edx), %ecx + movl 408(%esp), %edx + shrl $23, %eax + movl %ecx, 316(%esp) + notl %ebx + movl 12(%esp), %esi + sall $9, %edx + movl 396(%esp), %ecx + orl %edx, %eax + xorl %eax, %ebx + xorl %edx, %edx + movl 408(%esp), %eax + cmpl %ebx, 12(%esp) + notl %eax + setb %dl + subl %ebx, %esi + shrl $23, %eax + movl 8(%esp), %ebx + movl %esi, 380(%esp) + movl 4(%esp), %esi + xorl %ecx, %eax + xorl %esi, 392(%esp) + addl %edx, %eax + subl %eax, %ebx + movl %ebx, 376(%esp) + movl (%esp), %ecx + movl 392(%esp), %eax + movzbl 392(%esp),%ebx + xorl %ecx, 388(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 388(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 388(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 320(%esp) + movl 392(%esp), %eax + subl %edx, 316(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %esi + xorl %ebx, %edx + movl 388(%esp), %ebx + xorl %esi, %eax + movzbl %bh, %esi + movl tiger_table+2048(,%esi,8), %ecx + movl tiger_table+2052(,%esi,8), %ebp + xorl %ecx, %eax + movl %ebx, %ecx + xorl %ebp, %edx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + movl tiger_table+4(,%ecx,8), %esi + xorl %ebx, %eax + movl 404(%esp), %ebx + xorl %esi, %edx + movl 400(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + leal 0(,%ebx,4), %ecx + setb %al + movzbl %al, %ebp + addl %ebp, %edx + addl %edx, %esi + movl %ebx, %edx + shrl $30, %edx + addl %ecx, %ebx + leal 0(,%esi,4), %ebp + orl %edx, %ebp + movl %ebx, 384(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + movl 376(%esp), %ecx + addl %eax, %ebp + leal (%esi,%ebp), %edx + movl 380(%esp), %ebp + movl 4(%esp), %esi + movl %edx, 300(%esp) + movl 476(%esp), %eax + xorl %ebp, %esi + movl (%esp), %ebp + addl %esi, %eax + movl %eax, 372(%esp) + xorl %ecx, %ebp + cmpl %esi, %eax + setb %bl + movl 472(%esp), %ecx + movzbl %bl, %edx + leal (%ebp,%edx), %eax + movl 372(%esp), %ebx + movl %esi, %edx + notl %edx + addl %ecx, %eax + sall $19, %edx + movl %eax, 368(%esp) + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %edx, %edi + movl %ebp, %eax + setb %bl + subl %edx, %edi + movl 368(%esp), %edx + movl %esi, %ecx + shrl $13, %ecx + sall $19, %eax + orl %ecx, %eax + notl %edx + xorl %eax, %edx + movl 456(%esp), %eax + addl %ebx, %edx + movl 460(%esp), %ebx + subl %edx, %eax + movl %eax, 364(%esp) + movl 444(%esp), %edx + xorl %edi, %ebx + movl %ebx, 360(%esp) + xorl %eax, %edx + xorl %eax, %eax + movl %edx, 352(%esp) + movl 432(%esp), %edx + addl %ebx, %edx + movl %edx, 356(%esp) + movl 352(%esp), %ecx + cmpl %ebx, %edx + setb %al + addl %ecx, %eax + movl 428(%esp), %ecx + addl %ecx, %eax + movl %edx, %ecx + notl %ecx + movl %eax, 348(%esp) + movl %ebx, %eax + movl 352(%esp), %ebx + shrl $23, %eax + xorl %edx, %edx + sall $9, %ebx + orl %ebx, %eax + xorl %eax, %ecx + movl 416(%esp), %ebx + cmpl %ecx, 416(%esp) + movl 352(%esp), %eax + setb %dl + subl %ecx, %ebx + movl 348(%esp), %ecx + notl %eax + movl %ebx, 344(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 408(%esp), %edx + movl 412(%esp), %ecx + subl %eax, %edx + movl 380(%esp), %eax + xorl %ebx, %ecx + movl %edx, 340(%esp) + movl 396(%esp), %ebx + movl %ecx, 336(%esp) + addl %ecx, %eax + xorl %edx, %ebx + movl %eax, 332(%esp) + cmpl %ecx, %eax + setb %dl + movl %ebx, 328(%esp) + movl 376(%esp), %ecx + movzbl %dl, %eax + addl %ebx, %eax + movl 332(%esp), %edx + xorl %ebx, %ebx + addl %ecx, %eax + xorl $-1985229329, %edx + movl %eax, 324(%esp) + movl 324(%esp), %eax + cmpl %edx, %esi + setb %bl + subl %edx, %esi + movl 368(%esp), %ecx + movl %esi, 312(%esp) + xorl $19088743, %eax + addl %ebx, %eax + xorl %ecx, 316(%esp) + subl %eax, %ebp + movl %ebp, 308(%esp) + movl 372(%esp), %ebp + xorl %ebp, 320(%esp) + movl 320(%esp), %ebx + movzbl 320(%esp),%esi + shrl $16, %ebx + andl $255, %ebx + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%ebx,8), %ecx + movl tiger_table+4(,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebx,8), %edx + movzbl 316(%esp),%ebx + xorl %eax, %edx + movl tiger_table+4096(,%ebx,8), %ebp + movl tiger_table+4100(,%ebx,8), %esi + xorl %ebp, %ecx + movl 316(%esp), %ebp + xorl %esi, %edx + movl 384(%esp), %esi + shrl $16, %ebp + andl $255, %ebp + movl tiger_table+6144(,%ebp,8), %eax + movl tiger_table+6148(,%ebp,8), %ebx + xorl %eax, %ecx + xorl %ebx, %edx + xorl %eax, %eax + cmpl %ecx, 384(%esp) + setb %al + subl %ecx, %esi + movl %esi, 304(%esp) + addl %eax, %edx + movl 320(%esp), %eax + subl %edx, 300(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %ecx + xorl %ebx, %edx + movl 316(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %esi + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + xorl %esi, %eax + movl tiger_table(,%ecx,8), %esi + xorl %ebp, %edx + movl tiger_table+4(,%ecx,8), %ebp + movl 392(%esp), %ecx + xorl %esi, %eax + xorl %ebp, %edx + movl 388(%esp), %esi + addl %eax, %ecx + cmpl %eax, %ecx + movl %ecx, %ebp + setb %bl + movzbl %bl, %eax + shrl $29, %ebp + addl %eax, %edx + leal 0(,%ecx,8), %ebx + addl %esi, %edx + leal 0(,%edx,8), %esi + xorl %eax, %eax + orl %ebp, %esi + cmpl %ecx, %ebx + movl %ebx, %ebp + setb %al + leal (%edx,%eax), %eax + movl 312(%esp), %edx + subl %ecx, %ebp + subl %eax, %esi + xorl %ecx, %ecx + movl 372(%esp), %ebx + movl 308(%esp), %eax + xorl $-1515870811, %edx + cmpl %edx, 372(%esp) + setb %cl + subl %edx, %ebx + xorl %edi, 304(%esp) + xorl $-1515870811, %eax + addl %ecx, %eax + movl %ebx, 292(%esp) + movl 368(%esp), %ebx + movl 364(%esp), %ecx + xorl %ecx, 300(%esp) + subl %eax, %ebx + movl 304(%esp), %eax + movl %ebx, 288(%esp) + movzbl 304(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movzbl 300(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 300(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + subl %edx, %esi + movl %ebp, 284(%esp) + movl 304(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %ebp + xorl %ebx, %edx + movl 300(%esp), %ebx + xorl %ebp, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + xorl %ebp, %eax + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + xorl %ebp, %edx + movl tiger_table+4(,%ecx,8), %ebp + movl 320(%esp), %ecx + xorl %ebx, %eax + xorl %ebp, %edx + addl %eax, %ecx + movl 316(%esp), %ebp + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + addl %ebp, %edx + movl %ecx, %eax + leal 0(,%ecx,8), %ebx + shrl $29, %eax + leal 0(,%edx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + movl 292(%esp), %ecx + movl %ebx, 296(%esp) + leal (%edx,%eax), %ebx + subl %ebx, %ebp + movl 288(%esp), %edx + xorl %ecx, %edi + movl 360(%esp), %ebx + xorl %ebx, 284(%esp) + movl 364(%esp), %eax + movl 352(%esp), %ecx + movzbl 284(%esp),%ebx + xorl %edx, %eax + xorl %ecx, %esi + movl %eax, 272(%esp) + movl 284(%esp), %eax + movl tiger_table(,%ebx,8), %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %esi, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %esi, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + cmpl %ecx, 296(%esp) + movl 296(%esp), %ebx + setb %al + subl %ecx, %ebx + addl %eax, %edx + subl %edx, %ebp + movl %ebx, 268(%esp) + movl 284(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %esi, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %esi, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 304(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %bl + movzbl %bl, %eax + movl 300(%esp), %ebx + addl %eax, %edx + addl %ebx, %edx + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 252(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 252(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + leal (%edx,%eax), %eax + movl %ebx, 280(%esp) + movl 360(%esp), %ebx + movl 272(%esp), %ecx + subl %eax, 252(%esp) + xorl %eax, %eax + addl %edi, %ebx + movl %ebx, 276(%esp) + cmpl %edi, %ebx + movl 352(%esp), %edx + movl 356(%esp), %ebx + setb %al + addl %ecx, %eax + xorl %ebx, 268(%esp) + addl %edx, %eax + movl 348(%esp), %ecx + movl %eax, 260(%esp) + movl 268(%esp), %eax + xorl %ecx, %ebp + movzbl 268(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 280(%esp), %ebx + cmpl %ecx, 280(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 256(%esp) + addl %eax, %edx + movl 268(%esp), %eax + subl %edx, 252(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 284(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl %ecx, %eax + leal (%esi,%edx), %ebx + shrl $29, %eax + leal 0(,%ecx,8), %edx + leal 0(,%ebx,8), %esi + orl %eax, %esi + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 264(%esp) + movl 276(%esp), %ebx + movl %edi, %eax + notl %eax + subl %ecx, %esi + movl 356(%esp), %edx + sall $19, %eax + movl %edi, %ecx + xorl %ebx, %eax + xorl %ebx, %ebx + cmpl %eax, 356(%esp) + setb %bl + subl %eax, %edx + movl %edx, 244(%esp) + movl 272(%esp), %eax + shrl $13, %ecx + movl 260(%esp), %edx + sall $19, %eax + orl %ecx, %eax + notl %edx + movl 340(%esp), %ecx + xorl %eax, %edx + xorl %ecx, 252(%esp) + addl %ebx, %edx + movl 348(%esp), %eax + movl 344(%esp), %ebx + xorl %ebx, 256(%esp) + subl %edx, %eax + movl %eax, 240(%esp) + movl 256(%esp), %eax + movzbl 256(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movzbl 252(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 252(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 264(%esp), %ebx + cmpl %ecx, 264(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 236(%esp) + addl %eax, %edx + movl 256(%esp), %eax + subl %edx, %esi + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 252(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 268(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl %ecx, %eax + leal (%ebp,%edx), %ebx + shrl $29, %eax + leal 0(,%ecx,8), %edx + leal 0(,%ebx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + leal (%ebx,%eax), %eax + subl %ecx, %edx + movl %edx, 248(%esp) + movl 244(%esp), %ebx + subl %eax, %ebp + movl 344(%esp), %ecx + movl 240(%esp), %edx + movl 340(%esp), %eax + xorl %ebx, %ecx + movl 336(%esp), %ebx + xorl %edx, %eax + xorl %ebx, 236(%esp) + movl %eax, 220(%esp) + movl %ecx, 228(%esp) + movl 236(%esp), %eax + movl 328(%esp), %ecx + movzbl 236(%esp),%ebx + shrl $16, %eax + andl $255, %eax + xorl %ecx, %esi + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %esi, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %esi, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + cmpl %ecx, 248(%esp) + movl 248(%esp), %ebx + setb %al + subl %ecx, %ebx + addl %eax, %edx + subl %edx, %ebp + movl %ebx, 216(%esp) + movl 236(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %esi, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %esi, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 256(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl 252(%esp), %ebx + addl %edx, %ebx + leal 0(,%ebx,8), %eax + leal 0(,%ecx,8), %edx + movl %eax, 204(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 204(%esp) + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 232(%esp) + movl 228(%esp), %eax + movl 336(%esp), %edx + subl %ecx, 204(%esp) + movl 228(%esp), %ebx + addl %eax, %edx + movl %edx, 224(%esp) + movl 220(%esp), %ecx + xorl %eax, %eax + cmpl %ebx, %edx + movl 328(%esp), %edx + setb %al + movl 332(%esp), %ebx + addl %ecx, %eax + movl 324(%esp), %ecx + xorl %ebx, 216(%esp) + addl %edx, %eax + movl %eax, 212(%esp) + xorl %ecx, %ebp + movl 216(%esp), %eax + movzbl 216(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 232(%esp), %ebx + cmpl %ecx, 232(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 208(%esp) + addl %eax, %edx + movl 216(%esp), %eax + subl %edx, 204(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 236(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + leal (%esi,%edx), %edx + movl %ecx, %esi + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 132(%esp) + shrl $29, %esi + xorl %eax, %eax + orl %esi, 132(%esp) + cmpl %ecx, %ebx + setb %al + leal (%edx,%eax), %esi + movl 228(%esp), %eax + movl 220(%esp), %edx + subl %esi, 132(%esp) + subl %ecx, %ebx + movl 224(%esp), %ecx + sall $9, %edx + movl 332(%esp), %esi + shrl $23, %eax + orl %edx, %eax + notl %ecx + xorl %eax, %ecx + xorl %edx, %edx + cmpl %ecx, 332(%esp) + movl 220(%esp), %eax + setb %dl + subl %ecx, %esi + movl 212(%esp), %ecx + notl %eax + movl %esi, 196(%esp) + shrl $23, %eax + xorl %ecx, %eax + movl 312(%esp), %esi + addl %edx, %eax + movl 324(%esp), %edx + xorl %esi, 208(%esp) + movl 308(%esp), %ecx + subl %eax, %edx + movzbl 208(%esp),%esi + movl %edx, 192(%esp) + movl 208(%esp), %eax + xorl %ecx, 204(%esp) + shrl $16, %eax + movl tiger_table(,%esi,8), %edx + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%esi,8), %eax + xorl %eax, %edx + movzbl 204(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 204(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 132(%esp) + movl 208(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 204(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl tiger_table(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %esi + movl 216(%esp), %ecx + xorl %esi, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %esi + addl %esi, %edx + leal (%ebp,%edx), %esi + leal 0(,%esi,8), %eax + movl %ecx, %edx + leal 0(,%ecx,8), %ebp + movl %eax, 120(%esp) + shrl $29, %edx + xorl %eax, %eax + orl %edx, 120(%esp) + cmpl %ecx, %ebp + setb %al + leal (%esi,%eax), %edx + subl %ecx, %ebp + movl 196(%esp), %ecx + subl %edx, 120(%esp) + xorl %eax, %eax + movl 312(%esp), %edx + movl %ebp, 200(%esp) + movl 192(%esp), %ebp + movl 288(%esp), %esi + xorl %ecx, %edx + movl 308(%esp), %ecx + movl %edx, 188(%esp) + xorl %ebp, %ecx + movl 292(%esp), %ebp + movl %ecx, 184(%esp) + addl %edx, %ebp + cmpl %edx, %ebp + setb %al + addl %ecx, %eax + addl %esi, %eax + movl %eax, 180(%esp) + movl %edx, %eax + notl %eax + sall $19, %eax + xorl %ebp, %eax + cmpl %eax, %edi + setb %dl + subl %eax, %edi + movl %ecx, %eax + movl 188(%esp), %ecx + movzbl %dl, %esi + sall $19, %eax + movl 180(%esp), %edx + shrl $13, %ecx + orl %ecx, %eax + notl %edx + movl 272(%esp), %ecx + xorl %eax, %edx + addl %esi, %edx + movl 276(%esp), %eax + subl %edx, %ecx + movl %ecx, 176(%esp) + movl 260(%esp), %edx + xorl %edi, %eax + movl %eax, 172(%esp) + xorl %ecx, %edx + movl %edx, 164(%esp) + movl 244(%esp), %ecx + movl 240(%esp), %esi + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movl %ecx, 168(%esp) + movzbl %al, %eax + addl %edx, %eax + addl %esi, %eax + movl 172(%esp), %esi + sall $9, %edx + movl %eax, 160(%esp) + notl %ecx + movl 164(%esp), %eax + shrl $23, %esi + orl %edx, %esi + xorl %esi, %ecx + xorl %edx, %edx + cmpl %ecx, 228(%esp) + movl 228(%esp), %esi + notl %eax + setb %dl + subl %ecx, %esi + movl 160(%esp), %ecx + movl %esi, 156(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 220(%esp), %edx + movl 224(%esp), %ecx + subl %eax, %edx + movl 196(%esp), %eax + xorl %esi, %ecx + movl %edx, 152(%esp) + movl 212(%esp), %esi + movl %ecx, 148(%esp) + addl %ecx, %eax + xorl %edx, %esi + movl %eax, 144(%esp) + cmpl %ecx, %eax + setb %dl + movl %esi, 140(%esp) + movl 192(%esp), %ecx + movzbl %dl, %eax + movl 144(%esp), %edx + addl %esi, %eax + addl %ecx, %eax + movl %eax, 136(%esp) + xorl $-1985229329, %edx + xorl %eax, %eax + cmpl %edx, 188(%esp) + movl 136(%esp), %esi + movl 180(%esp), %ecx + setb %al + xorl %ebp, %ebx + xorl $19088743, %esi + xorl %ecx, 132(%esp) + addl %eax, %esi + movl %ebx, %eax + subl %esi, 184(%esp) + shrl $16, %eax + movzbl %bl,%esi + subl %edx, 188(%esp) + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 132(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 132(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, 200(%esp) + movl 200(%esp), %esi + setb %al + addl %eax, %edx + subl %ecx, %esi + movzbl %bh, %ecx + movl %esi, 124(%esp) + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + subl %edx, 120(%esp) + movl %ebx, %edx + shrl $24, %edx + movl tiger_table+4096(,%edx,8), %eax + movl 132(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %ebp, %edx + movl tiger_table(,%ecx,8), %ebp + xorl %esi, %edx + movl 208(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 204(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 128(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 128(%esp), %esi + setb %al + xorl %edi, 124(%esp) + addl %eax, %edx + movl 176(%esp), %ecx + xorl %ecx, 120(%esp) + addl %esi, %edx + movl 124(%esp), %eax + movzbl 124(%esp),%esi + movl %edx, 112(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 120(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %edi + movl 120(%esp), %eax + xorl %esi, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %edi + xorl %eax, %eax + xorl %esi, %ecx + xorl %edi, %edx + cmpl %ecx, %ebp + setb %al + subl %ecx, %ebp + addl %eax, %edx + movl %ebp, 116(%esp) + movl 124(%esp), %eax + subl %edx, 112(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 120(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table+4(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %eax + addl %eax, %ebx + xorl %edi, %edx + cmpl %eax, %ebx + movl 132(%esp), %esi + setb %al + movl %ebx, %ecx + movzbl %al, %ebp + addl %ebp, %edx + shrl $29, %ecx + addl %edx, %esi + leal 0(,%ebx,8), %edx + xorl %eax, %eax + addl %edx, %ebx + leal 0(,%esi,8), %edi + orl %ecx, %edi + cmpl %edx, %ebx + setb %al + movl 164(%esp), %ecx + addl %eax, %edi + xorl %ecx, 112(%esp) + leal (%esi,%edi), %ebp + movl 172(%esp), %esi + xorl %esi, 116(%esp) + movl %ebp, 108(%esp) + movl 116(%esp), %eax + movzbl 116(%esp),%edi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%edi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%edi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 112(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %edi + xorl %eax, %eax + xorl %esi, %ecx + movl 112(%esp), %esi + xorl %edi, %edx + shrl $16, %esi + andl $255, %esi + movl tiger_table+6144(,%esi,8), %ebp + movl tiger_table+6148(,%esi,8), %edi + xorl %ebp, %ecx + xorl %edi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 108(%esp) + movl 116(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 112(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %edx + movl 124(%esp), %esi + xorl %edi, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %edi + movzbl %al, %ebp + addl %ebp, %edx + movl 120(%esp), %ebp + leal 0(,%esi,8), %ecx + shrl $29, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,8), %edx + orl %edi, %edx + leal (%esi,%ecx), %edi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + leal (%ebp,%edx), %esi + movl %esi, 100(%esp) + movl 168(%esp), %ebp + movl 160(%esp), %ecx + xorl %ecx, 108(%esp) + xorl %ebp, %ebx + movl %ebx, %eax + shrl $16, %eax + movzbl %bl,%esi + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 108(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 108(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, %edi + setb %al + addl %eax, %edx + subl %ecx, %edi + subl %edx, 100(%esp) + movl %ebx, %edx + movzbl %bh, %ecx + movl %edi, 104(%esp) + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 108(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %edi, %eax + xorl %ebp, %edx + movl tiger_table(,%ecx,8), %edi + xorl %esi, %edx + movl 116(%esp), %esi + xorl %edi, %eax + addl %eax, %esi + cmpl %eax, %esi + movl %esi, %edi + setb %al + movzbl %al, %ebp + leal 0(,%esi,8), %ecx + addl %ebp, %edx + movl 112(%esp), %ebp + shrl $29, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,8), %edx + orl %edi, %edx + leal (%esi,%ecx), %edi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + movl 152(%esp), %ecx + leal (%ebp,%edx), %esi + movl %esi, 92(%esp) + movl 156(%esp), %ebp + xorl %ebp, 104(%esp) + xorl %ecx, 100(%esp) + movl 104(%esp), %eax + movzbl 104(%esp),%esi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 100(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 100(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, %edi + setb %al + addl %eax, %edx + subl %ecx, %edi + subl %edx, 92(%esp) + movl 104(%esp), %edx + movl %edi, 96(%esp) + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 100(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table+4(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %eax + addl %eax, %ebx + movl 108(%esp), %esi + xorl %edi, %edx + cmpl %eax, %ebx + setb %al + movzbl %al, %ebp + movl %ebx, %ecx + addl %ebp, %edx + addl %edx, %esi + leal 0(,%ebx,8), %edx + addl %edx, %ebx + shrl $29, %ecx + xorl %eax, %eax + leal 0(,%esi,8), %edi + orl %ecx, %edi + cmpl %edx, %ebx + movl 140(%esp), %ecx + setb %al + addl %eax, %edi + leal (%esi,%edi), %ebp + xorl %ecx, 92(%esp) + movl 148(%esp), %esi + xorl %esi, 96(%esp) + movl %ebp, 88(%esp) + movl 96(%esp), %eax + movzbl 96(%esp),%edi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%edi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%edi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 92(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %edi + xorl %eax, %eax + xorl %esi, %ecx + movl 92(%esp), %esi + xorl %edi, %edx + shrl $16, %esi + andl $255, %esi + movl tiger_table+6144(,%esi,8), %ebp + movl tiger_table+6148(,%esi,8), %edi + xorl %ebp, %ecx + xorl %edi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 88(%esp) + movl 96(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 92(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %edx + movl 104(%esp), %esi + xorl %edi, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %edi + movzbl %al, %ebp + addl %ebp, %edx + movl 100(%esp), %ebp + leal 0(,%esi,8), %ecx + shrl $29, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,8), %edx + orl %edi, %edx + leal (%esi,%ecx), %edi + movl 144(%esp), %esi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + movl 136(%esp), %ecx + xorl %esi, %ebx + xorl %ecx, 88(%esp) + movl %ebx, %eax + shrl $16, %eax + movzbl %bl,%esi + andl $255, %eax + addl %edx, %ebp + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%esi,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%esi,8), %eax + xorl %eax, %edx + movzbl 88(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 88(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %edi + setb %al + addl %eax, %edx + subl %ecx, %edi + subl %edx, %ebp + movl %ebx, %edx + movzbl %bh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 88(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl tiger_table(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %esi + xorl %esi, %edx + movl 96(%esp), %esi + addl %eax, %esi + cmpl %eax, %esi + setb %cl + movzbl %cl, %eax + movl 92(%esp), %ecx + addl %eax, %edx + movl %esi, %eax + shrl $29, %eax + addl %ecx, %edx + movl %edx, 84(%esp) + leal 0(,%esi,8), %ecx + addl %ecx, %esi + movl %esi, 80(%esp) + sall $3, %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %esi + setb %al + movl 188(%esp), %esi + addl %eax, %edx + movl 84(%esp), %eax + movl 184(%esp), %ecx + xorl %esi, %edi + addl %eax, %edx + movl %edx, 76(%esp) + movl %edi, %eax + movl %edi, %esi + shrl $16, %eax + andl $255, %esi + andl $255, %eax + xorl %ecx, %ebp + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%esi,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %esi, %edx + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, 80(%esp) + setb %al + addl %eax, %edx + subl %edx, 76(%esp) + movl %edi, %eax + movl %edi, %edx + subl %ecx, 80(%esp) + shrl $24, %edx + movzbl %ah, %ecx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl %ebp, %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl tiger_table(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %esi + addl %eax, %ebx + xorl %esi, %edx + cmpl %eax, %ebx + setb %cl + movl %ebx, %eax + movzbl %cl, %esi + leal 0(,%ebx,8), %ecx + addl %esi, %edx + movl 88(%esp), %esi + shrl $29, %eax + addl %ecx, %ebx + addl %edx, %esi + leal 0(,%esi,8), %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + movl 72(%esp), %ecx + movl 68(%esp), %eax + leal (%esi,%edx), %edx + xorl %ecx, %ebx + movl 64(%esp), %ecx + xorl %eax, %edx + xorl %eax, %eax + movl 496(%esp), %esi + cmpl 496(%esp), %edi + setb %al + addl %ecx, %eax + subl %eax, %ebp + movl 80(%esp), %ecx + subl %esi, %edi + movl 492(%esp), %eax + movl 60(%esp), %esi + addl %eax, %ecx + xorl %eax, %eax + cmpl 492(%esp), %ecx + setb %al + addl %esi, %eax + movl 76(%esp), %esi + addl %esi, %eax + movl 532(%esp), %esi + movl %ebx, (%esi) + movl %edx, 4(%esi) + movl %edi, 8(%esi) + movl %ebp, 12(%esi) + movl %ecx, 16(%esi) + movl %eax, 20(%esi) + subl $64, 500(%esp) + addl $64, 524(%esp) + cmpl $63, 500(%esp) + ja .L6 +.L8: + addl $504, %esp + popl %ebx + popl %esi + popl %edi + popl %ebp + ret + .size tiger_t, .-tiger_t +.globl tiger + .type tiger, @function +tiger: + pushl %ebp + movl %esp, %ebp + pushl %edi + pushl %esi + pushl %ebx + subl $84, %esp + movl 12(%ebp), %esi + movl 8(%ebp), %ebx + movl 16(%ebp), %edi + cmpl $63, %esi + jbe .L33 +.L42: + movl %ebx, (%esp) + subl $64, %esi + addl $64, %ebx + movl %edi, 4(%esp) + call tiger_compress + cmpl $63, %esi + ja .L42 +.L33: + xorl %ecx, %ecx + cmpl %esi, %ecx + jb .L126 +.L35: + movb $1, -88(%ecx,%ebp) + leal 1(%ecx), %eax + testb $7, %al + je .L37 +.L44: + movb $0, -88(%ebp,%eax) + incl %eax + testb $7, %al + jne .L44 +.L37: + cmpl $56, %eax + jbe .L23 + cmpl $63, %eax + jbe .L127 +.L39: + movl %edi, 4(%esp) + leal -88(%ebp), %eax + movl %eax, (%esp) + call tiger_compress + xorl %eax, %eax +.L23: + cmpl $55, %eax + ja .L41 + movb $0, -88(%ebp,%eax) + movl %eax, %ecx + leal 1(%eax), %edx + notl %ecx + andl $7, %ecx + cmpl $55, %edx + ja .L41 + testl %ecx, %ecx + je .L46 + cmpl $1, %ecx + je .L129 + cmpl $2, %ecx + je .L130 + cmpl $3, %ecx + je .L131 + cmpl $4, %ecx + je .L132 + cmpl $5, %ecx + je .L133 + cmpl $6, %ecx + je .L134 + movb $0, -88(%ebp,%edx) + leal 2(%eax), %edx +.L134: + movb $0, -88(%ebp,%edx) + incl %edx +.L133: + movb $0, -88(%ebp,%edx) + incl %edx +.L132: + movb $0, -88(%ebp,%edx) + incl %edx +.L131: + movb $0, -88(%ebp,%edx) + incl %edx +.L130: + movb $0, -88(%ebp,%edx) + incl %edx +.L129: + movb $0, -88(%ebp,%edx) + incl %edx + cmpl $55, %edx + ja .L41 +.L46: + movb $0, -88(%ebp,%edx) + movb $0, -87(%edx,%ebp) + movb $0, -86(%edx,%ebp) + movb $0, -85(%edx,%ebp) + movb $0, -84(%edx,%ebp) + movb $0, -83(%edx,%ebp) + movb $0, -82(%edx,%ebp) + movb $0, -81(%edx,%ebp) + addl $8, %edx + cmpl $55, %edx + ja .L41 + jmp .L46 +.L127: + movb $0, -88(%ebp,%eax) + movl %eax, %ecx + leal 1(%eax), %edx + notl %ecx + andl $7, %ecx + cmpl $63, %edx + ja .L39 + testl %ecx, %ecx + je .L45 + cmpl $1, %ecx + je .L135 + cmpl $2, %ecx + je .L136 + cmpl $3, %ecx + je .L137 + cmpl $4, %ecx + je .L138 + cmpl $5, %ecx + je .L139 + cmpl $6, %ecx + je .L140 + movb $0, -88(%ebp,%edx) + leal 2(%eax), %edx +.L140: + movb $0, -88(%ebp,%edx) + incl %edx +.L139: + movb $0, -88(%ebp,%edx) + incl %edx +.L138: + movb $0, -88(%ebp,%edx) + incl %edx +.L137: + movb $0, -88(%ebp,%edx) + incl %edx +.L136: + movb $0, -88(%ebp,%edx) + incl %edx +.L135: + movb $0, -88(%ebp,%edx) + incl %edx + cmpl $63, %edx + ja .L39 +.L45: + movb $0, -88(%ebp,%edx) + movb $0, -87(%edx,%ebp) + movb $0, -86(%edx,%ebp) + movb $0, -85(%edx,%ebp) + movb $0, -84(%edx,%ebp) + movb $0, -83(%edx,%ebp) + movb $0, -82(%edx,%ebp) + movb $0, -81(%edx,%ebp) + addl $8, %edx + cmpl $63, %edx + ja .L39 + jmp .L45 +.L126: + movl %ecx, %eax + notl %eax + leal (%eax,%esi), %edx + movzbl (%ebx,%ecx), %eax + andl $7, %edx + movb %al, -88(%ebp,%ecx) + incl %ecx + cmpl %esi, %ecx + jae .L35 + testl %edx, %edx + je .L43 + cmpl $1, %edx + je .L141 + cmpl $2, %edx + je .L142 + cmpl $3, %edx + je .L143 + cmpl $4, %edx + je .L144 + cmpl $5, %edx + je .L145 + cmpl $6, %edx + je .L146 + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx +.L146: + movzbl (%ebx,%ecx), %eax + movb %al, -88(%ebp,%ecx) + incl %ecx +.L145: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx +.L144: + movzbl (%ebx,%ecx), %eax + movb %al, -88(%ebp,%ecx) + incl %ecx +.L143: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx +.L142: + movzbl (%ebx,%ecx), %eax + movb %al, -88(%ebp,%ecx) + incl %ecx +.L141: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx + cmpl %esi, %ecx + jae .L35 +.L43: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + leal 1(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 2(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 3(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 4(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 5(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 6(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 7(%ecx), %edx + addl $8, %ecx + movzbl (%ebx,%edx), %eax + cmpl %esi, %ecx + movb %al, -88(%ebp,%edx) + jae .L35 + jmp .L43 +.L41: + movl %edi, 4(%esp) + movl 12(%ebp), %ebx + leal -88(%ebp), %ecx + movl $0, -28(%ebp) + movl %ecx, (%esp) + sall $3, %ebx + movl %ebx, -32(%ebp) + call tiger_compress + addl $84, %esp + popl %ebx + popl %esi + popl %edi + popl %ebp + ret + .size tiger, .-tiger + .section .note.GNU-stack,"",@progbits + .ident "GCC: (GNU) 3.4.0" Index: branches/samhain-2_2-branch/src/sh_tiger1_64.c =================================================================== --- branches/samhain-2_2-branch/src/sh_tiger1_64.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_tiger1_64.c (revision 66) @@ -0,0 +1,475 @@ +/* Do not include ANY system headers here. The implementation is */ +/* somehow flawed - maybe something gets overlayed by definitions */ +/* in the system headers. Results will become incorrect. */ + +#include "config_xor.h" + +#if defined(TIGER_64_BIT) + +/* #if defined(HAVE_LONG_64) || defined(HAVE_LONG_LONG_64) */ + +#undef USE_MEMSET + +/* Big endian: */ +#ifdef WORDS_BIGENDIAN +#define BIG_ENDIAN +#endif + +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + +#if defined(HAVE_LONG_64) +typedef unsigned long int word64; +#elif defined(HAVE_LONG_LONG_64) +typedef unsigned long long int word64; +#else +#error No 64 bit type found ! +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#else +#error No 32 bit type found ! +#endif + +typedef unsigned char sh_byte; + +#if defined(TIGER_OPT_ASM) +#define TIGER_ASM64_2 1 +#else +#define TIGER_C 1 +#endif + +/* The number of passes of the hash function. */ +/* Three passes are recommended. */ +/* Use four passes when you need extra security. */ +/* Must be at least three. */ +#define PASSES 3 + +extern word64 tiger_table[4*256]; + +/* Volatile can help if compiler is smart enough to use memory operand */ +static /*volatile*/ const word64 XOR_CONST1=0xA5A5A5A5A5A5A5A5LL; +static /*volatile*/ const word64 XOR_CONST2=0x0123456789ABCDEFLL; + +#define t1 (tiger_table) +#define t2 (tiger_table+256) +#define t3 (tiger_table+256*2) +#define t4 (tiger_table+256*3) + +#define pass_start +#define pass_end + + + +#define save_abc \ + aa = a; \ + bb = b; \ + cc = c; + +#ifdef TIGER_C + +#define BN(x,n) (((x)>>((n)*8))&0xFF) + + +/* Depending on outer code one of these two can be better*/ +#define roundX(a,b,c,x) \ + c ^= x; \ + a -= t1[BN(c,0)] ^ t2[BN(c,2)] ^ \ + t3[BN(c,4)] ^ t4[BN(c,6)] ; \ + b += t4[BN(c,1)] ^ t3[BN(c,3)] ^ \ + t2[BN(c,5)] ^ t1[BN(c,7)] ; + +#define round5(a,b,c,x) roundX(a,b,c,x) b = b+b*4; +#define round7(a,b,c,x) roundX(a,b,c,x) b = b*8-b; +#define round9(a,b,c,x) roundX(a,b,c,x) b = b+b*8; + +#endif + + +#ifdef TIGER_OPT_ASM + +#define MASK0 0xFFL +#define MASK8 0xFF00L +#define MASK16 0xFF0000L +#define MASK32 0xFF00000000LL +#define MASK40 0xFF0000000000LL +#define MASK48 0xFF000000000000LL + +#define roundstart __asm__ ( + +/* a will be moved into different reg each round + * using register substitution feature of GCC asm + * b will be moved in 2-nd pass rounds only + */ + + +#define roundend(a,b,c,x) \ + : "+r" (a), "+r" (b), "+r" (c) \ + : "r" (a), "r" (b), "r" (c), "m" (x), "r" (&tiger_table),\ + "i" (MASK0), "i" (MASK8), "i" (MASK16), "r" (MASK32), "r" (MASK40), "r" (MASK48) \ + : "3", "%rax","%rbx","%rcx","%rdx","%rsi", "%edi", "%r8" ); + + +/* c ^= x; + a -= t1[BN(c,0)] ^ t2[BN(c,2)] ^ + t3[BN(c,4)] ^ t4[BN(c,6)] ; + b += t4[BN(c,1)] ^ t3[BN(c,3)] ^ + t2[BN(c,5)] ^ t1[BN(c,7)] ; */ + +#define roundX(a,b,c,x) \ +" movl %10, %%ebx \n"\ +" movq %11, %%rcx \n"\ +" movq %13, %%rdx \n"\ +" movq %6, %%r8 \n"\ +" xorq %%r8, %2 \n" \ +" andq %2, %%rbx \n"\ +" andq %2, %%rcx \n"\ +" andq %2, %%rdx \n"\ +" shrl $(16-3), %%ebx \n"\ +" shrq $(32-3), %%rcx \n"\ +" shrq $(48-3), %%rdx \n"\ +" movzbl %2b, %%eax \n"\ +" movzwl %2w, %%edi \n"\ +" movq (%7,%%rax,8), %%rsi \n"\ +" shrl $(8), %%edi \n" \ +" movq %2, %%rax \n" \ +" xorq (2048*1)(%7,%%rbx), %%rsi \n"\ +" movq %2, %%rbx \n"\ +" shrl $24, %%eax \n"\ +" andq %12, %%rbx \n"\ +" xorq (2048*2)(%7,%%rcx), %%rsi \n"\ +" shrq $(40-3), %%rbx \n"\ +" movq %2, %%rcx \n"\ +" xorq (2048*3)(%7,%%rdx), %%rsi \n"\ +" movq (2048*3)(%7,%%rdi,8), %%rdx \n"\ +" shrq $56, %%rcx \n"\ +" xorq (2048*2)(%7,%%rax,8), %%rdx \n"\ +" xorq (2048*1)(%7,%%rbx), %%rdx \n" \ +" subq %%rsi, %0 \n"\ +" xorq (%7,%%rcx,8), %%rdx \n"\ +" addq %%rdx, %1 \n" + +#define round5(a,b,c,x) \ + roundstart \ + roundX(a,b,c,x) \ + /* b*=5; */ \ + "leaq (%1,%1,4), %1\n" \ + roundend(a,b,c,x) + + +#define round7(a,b,c,x) \ + roundstart \ + roundX(a,b,c,x) \ + roundend(a,b,c,x) \ + /* b*=7; */ \ + __asm__ ( \ + "leaq (%1,%1,8), %0\n" \ + "addq %1, %1 \n" \ + "subq %1, %0 " \ + :"=&r" (b): "r"(b): "1" ); + +#define round9(a,b,c,x) \ + roundstart \ + roundX(a,b,c,x) \ + "leaq (%1,%1,8), %1\n" \ + roundend(a,b,c,x) + +#endif + + + + +/* ============== Common macros ================== */ + +#define key_schedule \ + x0 -= x7 ^ XOR_CONST1; \ + x1 ^= x0; \ + x2 += x1;\ + x3 -= x2 ^ ((~x1)<<19);\ + x4 ^= x3;\ + x5 += x4;\ + x6 -= x5 ^ ((~x4)>>23); \ + x7 ^= x6; \ + x0 += x7; \ + x1 -= x0 ^ ((~x7)<<19); \ + x2 ^= x1; \ + x3 += x2; \ + x4 -= x3 ^ ((~x2)>>23); \ + x5 ^= x4; \ + x6 += x5; \ + x7 -= x6 ^ XOR_CONST2; + +#define pass5n(a,b,c) \ + round5(a,b,c,x0) \ + x0 -= x7 ^ XOR_CONST1; \ + round5(b,c,a,x1) \ + x1 ^= x0; \ + round5(c,a,b,x2) \ + x2 += x1; \ + round5(a,b,c,x3) \ + x3 -= x2 ^ ((~x1)<<19); \ + round5(b,c,a,x4) \ + x4 ^= x3; \ + round5(c,a,b,x5) \ + x5 += x4; \ + round5(a,b,c,x6) \ + x6 -= x5 ^ ((~x4)>>23); \ + round5(b,c,a,x7) \ + x7 ^= x6; \ + x0 += x7; \ + x1 -= x0 ^ ((~x7)<<19); \ + x2 ^= x1; \ + x3 += x2; \ + x4 -= x3 ^ ((~x2)>>23); \ + x5 ^= x4; \ + x6 += x5; \ + x7 -= x6 ^ XOR_CONST2; + +#define pass7n(a,b,c) \ + round7(a,b,c,x0) \ + x0 -= x7 ^ XOR_CONST1; \ + round7(b,c,a,x1) \ + x1 ^= x0; \ + round7(c,a,b,x2) \ + x2 += x1; \ + round7(a,b,c,x3) \ + x3 -= x2 ^ ((~x1)<<19); \ + round7(b,c,a,x4) \ + x4 ^= x3; \ + round7(c,a,b,x5) \ + x5 += x4; \ + round7(a,b,c,x6) \ + x6 -= x5 ^ ((~x4)>>23); \ + round7(b,c,a,x7) \ + x7 ^= x6; \ + x0 += x7; \ + x1 -= x0 ^ ((~x7)<<19); \ + x2 ^= x1; \ + x3 += x2; \ + x4 -= x3 ^ ((~x2)>>23); \ + x5 ^= x4; \ + x6 += x5; \ + x7 -= x6 ^ XOR_CONST2; + +#define pass5(a,b,c) \ + pass_start \ + round5(a,b,c,x0) \ + round5(b,c,a,x1) \ + round5(c,a,b,x2) \ + round5(a,b,c,x3) \ + round5(b,c,a,x4) \ + round5(c,a,b,x5) \ + round5(a,b,c,x6) \ + round5(b,c,a,x7) \ + pass_end + +#define pass7(a,b,c) \ + pass_start \ + round7(a,b,c,x0) \ + round7(b,c,a,x1) \ + round7(c,a,b,x2) \ + round7(a,b,c,x3) \ + round7(b,c,a,x4) \ + round7(c,a,b,x5) \ + round7(a,b,c,x6) \ + round7(b,c,a,x7) \ + pass_end + + +#define pass9(a,b,c) \ + pass_start \ + round9(a,b,c,x0) \ + round9(b,c,a,x1) \ + round9(c,a,b,x2) \ + round9(a,b,c,x3) \ + round9(b,c,a,x4) \ + round9(c,a,b,x5) \ + round9(a,b,c,x6) \ + round9(b,c,a,x7) \ + pass_end + +#define feedforward \ + a ^= aa; \ + b -= bb; \ + c += cc; + + +/* This version works ok with C variant and also with new asm version + * that just wastes a register r8 + * reason? who knows, write forwarding is faster than keeping value + * in register? :) + */ +#define compress \ + save_abc \ + pass5n(a,b,c) \ + pass7n(c,a,b) \ + pass9(b,c,a) \ + for(pass_no=3; pass_no=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^7] = ((sh_byte*)str)[j]; + tiger_compress(((word64*)temp), res); +#else + tiger_compress(str, res); +#endif + str += 8; + } +} + +void tiger(word64 *str, word64 length, word64 res[3]) +{ + register word64 i; + register word64 j = 0; + unsigned char temp[64]; + + /* + * res[0]=0x0123456789ABCDEFLL; + * res[1]=0xFEDCBA9876543210LL; + * res[2]=0xF096A5B4C3B2E187LL; + */ + + for(i=length; i>=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^7] = ((sh_byte*)str)[j]; + tiger_compress(((word64*)temp), res); +#else + tiger_compress(str, res); +#endif + str += 8; + } + +#ifdef BIG_ENDIAN + for(j=0; j56) + { +#ifndef USE_MEMSET + for(; j<64; j++) + temp[j] = 0; +#else + memset( temp+j, 0, 64-j); +#endif + tiger_compress(((word64*)temp), res); + j=0; + } + +#ifndef USE_MEMSET + for(; j<56; j++) + temp[j] = 0; +#else + memset( temp+j, 0, 56-j); +#endif + + ((word64*)(&(temp[56])))[0] = ((word64)length)<<3; + tiger_compress(((word64*)temp), res); +} + +#endif Index: branches/samhain-2_2-branch/src/sh_tiger2.c =================================================================== --- branches/samhain-2_2-branch/src/sh_tiger2.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_tiger2.c (revision 66) @@ -0,0 +1,561 @@ +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + +#include "config_xor.h" + + +#if !defined(TIGER_64_BIT) + +/* #if !defined(HAVE_LONG_64) && !defined(HAVE_LONG_LONG_64) */ + +/* sboxes32.c: Tiger S boxes for 32-bit-only compilers */ +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#else +#error No 32 bit type found ! +#endif + +sh_word32 tiger_table[4*256][2] = { + { 0xF7E90C5E, 0x02AAB17C /* 0 */}, { 0xE243A8EC, 0xAC424B03 /* 1 */}, + { 0x0DD5FCD3, 0x72CD5BE3 /* 2 */}, { 0xF6F97F3A, 0x6D019B93 /* 3 */}, + { 0xD21F9193, 0xCD9978FF /* 4 */}, { 0x708029E2, 0x7573A1C9 /* 5 */}, + { 0x922A83C3, 0xB164326B /* 6 */}, { 0x04915870, 0x46883EEE /* 7 */}, + { 0x7103ECE6, 0xEAACE305 /* 8 */}, { 0x08A3535C, 0xC54169B8 /* 9 */}, + { 0x8DDEC47C, 0x4CE75491 /* 10 */}, { 0xDC0DF40C, 0x0AA2F4DF /* 11 */}, + { 0xA74DBEFA, 0x10B76F18 /* 12 */}, { 0x5AD1AB6A, 0xC6CCB623 /* 13 */}, + { 0x572FE2FF, 0x13726121 /* 14 */}, { 0x199D921E, 0x1A488C6F /* 15 */}, + { 0xDA0007CA, 0x4BC9F9F4 /* 16 */}, { 0xE85241C7, 0x26F5E6F6 /* 17 */}, + { 0xEA5947B6, 0x859079DB /* 18 */}, { 0xC99E8C92, 0x4F1885C5 /* 19 */}, + { 0xA96F864B, 0xD78E761E /* 20 */}, { 0x52B5C17D, 0x8E36428C /* 21 */}, + { 0x373063C1, 0x69CF6827 /* 22 */}, { 0x9BB4C56E, 0xB607C93D /* 23 */}, + { 0x0E76B5EA, 0x7D820E76 /* 24 */}, { 0xF07FDC42, 0x645C9CC6 /* 25 */}, + { 0x243342E0, 0xBF38A078 /* 26 */}, { 0x9D2E7D04, 0x5F6B343C /* 27 */}, + { 0x600B0EC6, 0xF2C28AEB /* 28 */}, { 0x7254BCAC, 0x6C0ED85F /* 29 */}, + { 0xA4DB4FE5, 0x71592281 /* 30 */}, { 0xCE0FED9F, 0x1967FA69 /* 31 */}, + { 0xB96545DB, 0xFD5293F8 /* 32 */}, { 0xF2A7600B, 0xC879E9D7 /* 33 */}, + { 0x0193194E, 0x86024892 /* 34 */}, { 0x2D9CC0B3, 0xA4F9533B /* 35 */}, + { 0x15957613, 0x9053836C /* 36 */}, { 0xFC357BF1, 0xDB6DCF8A /* 37 */}, + { 0x7A370F57, 0x18BEEA7A /* 38 */}, { 0x50B99066, 0x037117CA /* 39 */}, + { 0x74424A35, 0x6AB30A97 /* 40 */}, { 0xE325249B, 0xF4E92F02 /* 41 */}, + { 0x061CCAE1, 0x7739DB07 /* 42 */}, { 0xECA42A05, 0xD8F3B49C /* 43 */}, + { 0x51382F73, 0xBD56BE3F /* 44 */}, { 0x43B0BB28, 0x45FAED58 /* 45 */}, + { 0x11BF1F83, 0x1C813D5C /* 46 */}, { 0xD75FA169, 0x8AF0E4B6 /* 47 */}, + { 0x87AD9999, 0x33EE18A4 /* 48 */}, { 0xB1C94410, 0x3C26E8EA /* 49 */}, + { 0xC0A822F9, 0xB510102B /* 50 */}, { 0x0CE6123B, 0x141EEF31 /* 51 */}, + { 0x59DDB154, 0xFC65B900 /* 52 */}, { 0xC5E0E607, 0xE0158640 /* 53 */}, + { 0x26C3A3CF, 0x884E0798 /* 54 */}, { 0x23C535FD, 0x930D0D95 /* 55 */}, + { 0x4E9A2B00, 0x35638D75 /* 56 */}, { 0x40469DD5, 0x4085FCCF /* 57 */}, + { 0x8BE23A4C, 0xC4B17AD2 /* 58 */}, { 0x6A3E6A2E, 0xCAB2F0FC /* 59 */}, + { 0x6B943FCD, 0x2860971A /* 60 */}, { 0x12E30446, 0x3DDE6EE2 /* 61 */}, + { 0xE01765AE, 0x6222F32A /* 62 */}, { 0x478308FE, 0x5D550BB5 /* 63 */}, + { 0xA0EDA22A, 0xA9EFA98D /* 64 */}, { 0x86C40DA7, 0xC351A716 /* 65 */}, + { 0x9C867C84, 0x1105586D /* 66 */}, { 0xFDA22853, 0xDCFFEE85 /* 67 */}, + { 0x2C5EEF76, 0xCCFBD026 /* 68 */}, { 0x8990D201, 0xBAF294CB /* 69 */}, + { 0x2AFAD975, 0xE69464F5 /* 70 */}, { 0xDF133E14, 0x94B013AF /* 71 */}, + { 0x2823C958, 0x06A7D1A3 /* 72 */}, { 0x30F61119, 0x6F95FE51 /* 73 */}, + { 0x462C06C0, 0xD92AB34E /* 74 */}, { 0x887C71D2, 0xED7BDE33 /* 75 */}, + { 0x6518393E, 0x79746D6E /* 76 */}, { 0x5D713329, 0x5BA41938 /* 77 */}, + { 0x48A97564, 0x7C1BA6B9 /* 78 */}, { 0x7BFDAC67, 0x31987C19 /* 79 */}, + { 0x4B053D02, 0xDE6C23C4 /* 80 */}, { 0xD002D64D, 0x581C49FE /* 81 */}, + { 0x38261571, 0xDD474D63 /* 82 */}, { 0xE473D062, 0xAA4546C3 /* 83 */}, + { 0x9455F860, 0x928FCE34 /* 84 */}, { 0xCAAB94D9, 0x48161BBA /* 85 */}, + { 0x770E6F68, 0x63912430 /* 86 */}, { 0x02C6641C, 0x6EC8A5E6 /* 87 */}, + { 0x337DDD2B, 0x87282515 /* 88 */}, { 0x034B701B, 0x2CDA6B42 /* 89 */}, + { 0x81CB096D, 0xB03D37C1 /* 90 */}, { 0x66C71C6F, 0xE1084382 /* 91 */}, + { 0xEB51B255, 0x2B3180C7 /* 92 */}, { 0x96C08BBC, 0xDF92B82F /* 93 */}, + { 0xA632F3BA, 0x5C68C8C0 /* 94 */}, { 0x1C3D0556, 0x5504CC86 /* 95 */}, + { 0x5FB26B8F, 0xABBFA4E5 /* 96 */}, { 0xB3BACEB4, 0x41848B0A /* 97 */}, + { 0xAA445D32, 0xB334A273 /* 98 */}, { 0xA85AD881, 0xBCA696F0 /* 99 */}, + { 0xB528D56C, 0x24F6EC65 /* 100 */}, { 0x90F4524A, 0x0CE1512E /* 101 */}, + { 0x5506D35A, 0x4E9DD79D /* 102 */}, { 0xC6CE9779, 0x258905FA /* 103 */}, + { 0x3E109B33, 0x2019295B /* 104 */}, { 0x73A054CC, 0xF8A9478B /* 105 */}, + { 0x34417EB0, 0x2924F2F9 /* 106 */}, { 0x536D1BC4, 0x3993357D /* 107 */}, + { 0x1DB6FF8B, 0x38A81AC2 /* 108 */}, { 0x7D6016BF, 0x47C4FBF1 /* 109 */}, + { 0x7667E3F5, 0x1E0FAADD /* 110 */}, { 0x938BEB96, 0x7ABCFF62 /* 111 */}, + { 0x8FC179C9, 0xA78DAD94 /* 112 */}, { 0x2911E50D, 0x8F1F98B7 /* 113 */}, + { 0x27121A91, 0x61E48EAE /* 114 */}, { 0x31859808, 0x4D62F7AD /* 115 */}, + { 0xEF5CEAEB, 0xECEBA345 /* 116 */}, { 0xBC9684CE, 0xF5CEB25E /* 117 */}, + { 0xB7F76221, 0xF633E20C /* 118 */}, { 0xAB8293E4, 0xA32CDF06 /* 119 */}, + { 0xA5EE2CA4, 0x985A202C /* 120 */}, { 0xCC8A8FB1, 0xCF0B8447 /* 121 */}, + { 0x979859A3, 0x9F765244 /* 122 */}, { 0xA1240017, 0xA8D516B1 /* 123 */}, + { 0xBB5DC726, 0x0BD7BA3E /* 124 */}, { 0xB86ADB39, 0xE54BCA55 /* 125 */}, + { 0x6C478063, 0x1D7A3AFD /* 126 */}, { 0xE7669EDD, 0x519EC608 /* 127 */}, + { 0xD149AA23, 0x0E5715A2 /* 128 */}, { 0x848FF194, 0x177D4571 /* 129 */}, + { 0x41014C22, 0xEEB55F32 /* 130 */}, { 0x3A6E2EC2, 0x0F5E5CA1 /* 131 */}, + { 0x75F5C361, 0x8029927B /* 132 */}, { 0xC3D6E436, 0xAD139FAB /* 133 */}, + { 0x4CCF402F, 0x0D5DF1A9 /* 134 */}, { 0xBEA5DFC8, 0x3E8BD948 /* 135 */}, + { 0xBD3FF77E, 0xA5A0D357 /* 136 */}, { 0x1F74F645, 0xA2D12E25 /* 137 */}, + { 0x5E81A082, 0x66FD9E52 /* 138 */}, { 0x7F687A49, 0x2E0C90CE /* 139 */}, + { 0xBA973BC5, 0xC2E8BCBE /* 140 */}, { 0xE509745F, 0x000001BC /* 141 */}, + { 0xE6DAB3D6, 0x423777BB /* 142 */}, { 0xAEF06EB5, 0xD1661C7E /* 143 */}, + { 0x4DAACFD8, 0xA1781F35 /* 144 */}, { 0x2B16AFFC, 0x2D11284A /* 145 */}, + { 0xFA891D1F, 0xF1FC4F67 /* 146 */}, { 0xCB920ADA, 0x73ECC25D /* 147 */}, + { 0xC2A12651, 0xAE610C22 /* 148 */}, { 0xD356B78A, 0x96E0A810 /* 149 */}, + { 0x2FE7870F, 0x5A9A381F /* 150 */}, { 0xE94E5530, 0xD5AD62ED /* 151 */}, + { 0x368D1427, 0xD225E5E8 /* 152 */}, { 0xC7AF4631, 0x65977B70 /* 153 */}, + { 0xDE39D74F, 0x99F889B2 /* 154 */}, { 0x54E1D143, 0x233F30BF /* 155 */}, + { 0xD9A63C97, 0x9A9675D3 /* 156 */}, { 0xF334F9A8, 0x5470554F /* 157 */}, + { 0x4A4F5688, 0x166ACB74 /* 158 */}, { 0xB2E4AEAD, 0x70C74CAA /* 159 */}, + { 0x6F294D12, 0xF0D09164 /* 160 */}, { 0x684031D1, 0x57B82A89 /* 161 */}, + { 0x61BE0B6B, 0xEFD95A5A /* 162 */}, { 0x69F2F29A, 0x2FBD12E9 /* 163 */}, + { 0xFEFF9FE8, 0x9BD37013 /* 164 */}, { 0xD6085A06, 0x3F9B0404 /* 165 */}, + { 0x166CFE15, 0x4940C1F3 /* 166 */}, { 0xCDF3DEFB, 0x09542C4D /* 167 */}, + { 0x85CD5CE3, 0xB4C52183 /* 168 */}, { 0x4462A641, 0xC935B7DC /* 169 */}, + { 0x8ED3B63F, 0x3417F8A6 /* 170 */}, { 0x5B215B40, 0xB8095929 /* 171 */}, + { 0x3B8C8572, 0xF99CDAEF /* 172 */}, { 0xF8FCB95D, 0x018C0614 /* 173 */}, + { 0x1A3ACDF3, 0x1B14ACCD /* 174 */}, { 0x00BB732D, 0x84D471F2 /* 175 */}, + { 0x95E8DA16, 0xC1A3110E /* 176 */}, { 0xBF1A82B8, 0x430A7220 /* 177 */}, + { 0x39DF210E, 0xB77E090D /* 178 */}, { 0x3CD05E9D, 0x5EF4BD9F /* 179 */}, + { 0x7E57A444, 0x9D4FF6DA /* 180 */}, { 0x83D4A5F8, 0xDA1D60E1 /* 181 */}, + { 0x17998E47, 0xB287C384 /* 182 */}, { 0x1BB31886, 0xFE3EDC12 /* 183 */}, + { 0x980CCBEF, 0xC7FE3CCC /* 184 */}, { 0x189BFD03, 0xE46FB590 /* 185 */}, + { 0x9A4C57DC, 0x3732FD46 /* 186 */}, { 0x7CF1AD65, 0x7EF700A0 /* 187 */}, + { 0xA31D8859, 0x59C64468 /* 188 */}, { 0xD45B61F6, 0x762FB0B4 /* 189 */}, + { 0x99047718, 0x155BAED0 /* 190 */}, { 0x3D50BAA6, 0x68755E4C /* 191 */}, + { 0x22D8B4DF, 0xE9214E7F /* 192 */}, { 0x2EAC95F4, 0x2ADDBF53 /* 193 */}, + { 0xB4BD0109, 0x32AE3909 /* 194 */}, { 0xB08E3450, 0x834DF537 /* 195 */}, + { 0x4220728D, 0xFA209DA8 /* 196 */}, { 0x9EFE23F7, 0x9E691D9B /* 197 */}, + { 0xC4AE8D7F, 0x0446D288 /* 198 */}, { 0xE169785B, 0x7B4CC524 /* 199 */}, + { 0x35CA1385, 0x21D87F01 /* 200 */}, { 0x137B8AA5, 0xCEBB400F /* 201 */}, + { 0x580796BE, 0x272E2B66 /* 202 */}, { 0x25C2B0DE, 0x36122641 /* 203 */}, + { 0xAD1EFBB2, 0x057702BD /* 204 */}, { 0xACF84BE9, 0xD4BABB8E /* 205 */}, + { 0x641BC67B, 0x91583139 /* 206 */}, { 0x8036E024, 0x8BDC2DE0 /* 207 */}, + { 0xF49F68ED, 0x603C8156 /* 208 */}, { 0xDBEF5111, 0xF7D236F7 /* 209 */}, + { 0x8AD21E80, 0x9727C459 /* 210 */}, { 0x670A5FD7, 0xA08A0896 /* 211 */}, + { 0x09EBA9CB, 0xCB4A8F43 /* 212 */}, { 0x0F7036A1, 0x81AF564B /* 213 */}, + { 0x78199ABD, 0xC0B99AA7 /* 214 */}, { 0x3FC8E952, 0x959F1EC8 /* 215 */}, + { 0x794A81B9, 0x8C505077 /* 216 */}, { 0x056338F0, 0x3ACAAF8F /* 217 */}, + { 0x627A6778, 0x07B43F50 /* 218 */}, { 0xF5ECCC77, 0x4A44AB49 /* 219 */}, + { 0xB679EE98, 0x3BC3D6E4 /* 220 */}, { 0xCF14108C, 0x9CC0D4D1 /* 221 */}, + { 0x206BC8A0, 0x4406C00B /* 222 */}, { 0xC8D72D89, 0x82A18854 /* 223 */}, + { 0x5C3C432C, 0x67E366B3 /* 224 */}, { 0x102B37F2, 0xB923DD61 /* 225 */}, + { 0xD884271D, 0x56AB2779 /* 226 */}, { 0xFF1525AF, 0xBE83E1B0 /* 227 */}, + { 0x217E49A9, 0xFB7C65D4 /* 228 */}, { 0x6D48E7D4, 0x6BDBE0E7 /* 229 */}, + { 0x45D9179E, 0x08DF8287 /* 230 */}, { 0xDD53BD34, 0x22EA6A9A /* 231 */}, + { 0x5622200A, 0xE36E141C /* 232 */}, { 0x8CB750EE, 0x7F805D1B /* 233 */}, + { 0x9F58E837, 0xAFE5C7A5 /* 234 */}, { 0x4FB1C23C, 0xE27F996A /* 235 */}, + { 0x0775F0D0, 0xD3867DFB /* 236 */}, { 0x6E88891A, 0xD0E673DE /* 237 */}, + { 0xAFB86C25, 0x123AEB9E /* 238 */}, { 0xC145B895, 0x30F1D5D5 /* 239 */}, + { 0xEE7269E7, 0xBB434A2D /* 240 */}, { 0xF931FA38, 0x78CB67EC /* 241 */}, + { 0x323BBF9C, 0xF33B0372 /* 242 */}, { 0xFB279C74, 0x52D66336 /* 243 */}, + { 0x0AFB4EAA, 0x505F33AC /* 244 */}, { 0xA2CCE187, 0xE8A5CD99 /* 245 */}, + { 0x1E2D30BB, 0x53497480 /* 246 */}, { 0xD5876D90, 0x8D2D5711 /* 247 */}, + { 0x91BC038E, 0x1F1A4128 /* 248 */}, { 0x82E56648, 0xD6E2E71D /* 249 */}, + { 0x497732B7, 0x74036C3A /* 250 */}, { 0x6361F5AB, 0x89B67ED9 /* 251 */}, + { 0xF1EA02A2, 0xFFED95D8 /* 252 */}, { 0x1464D43D, 0xE72B3BD6 /* 253 */}, + { 0x0BDC4820, 0xA6300F17 /* 254 */}, { 0xED78A77A, 0xEBC18760 /* 255 */}, + { 0x05A12138, 0xE6A6BE5A /* 256 */}, { 0xB4F87C98, 0xB5A122A5 /* 257 */}, + { 0x140B6990, 0x563C6089 /* 258 */}, { 0x391F5DD5, 0x4C46CB2E /* 259 */}, + { 0xC9B79434, 0xD932ADDB /* 260 */}, { 0x2015AFF5, 0x08EA70E4 /* 261 */}, + { 0x3E478CF1, 0xD765A667 /* 262 */}, { 0xAB278D99, 0xC4FB757E /* 263 */}, + { 0x2D6E0692, 0xDF11C686 /* 264 */}, { 0x0D7F3B16, 0xDDEB84F1 /* 265 */}, + { 0xA665EA04, 0x6F2EF604 /* 266 */}, { 0xF0E0DFB3, 0x4A8E0F0F /* 267 */}, + { 0x3DBCBA51, 0xA5EDEEF8 /* 268 */}, { 0x0EA4371E, 0xFC4F0A2A /* 269 */}, + { 0x5CB38429, 0xE83E1DA8 /* 270 */}, { 0xBA1B1CE2, 0xDC8FF882 /* 271 */}, + { 0x8353E80D, 0xCD45505E /* 272 */}, { 0xD4DB0717, 0x18D19A00 /* 273 */}, + { 0xA5F38101, 0x34A0CFED /* 274 */}, { 0x8887CAF2, 0x0BE77E51 /* 275 */}, + { 0xB3C45136, 0x1E341438 /* 276 */}, { 0x9089CCF9, 0xE05797F4 /* 277 */}, + { 0xF2591D14, 0xFFD23F9D /* 278 */}, { 0x8595C5CD, 0x543DDA22 /* 279 */}, + { 0x99052A33, 0x661F81FD /* 280 */}, { 0xDB0F7B76, 0x8736E641 /* 281 */}, + { 0x418E5307, 0x15227725 /* 282 */}, { 0x162EB2FA, 0xE25F7F46 /* 283 */}, + { 0x6C13D9FE, 0x48A8B212 /* 284 */}, { 0x92E76EEA, 0xAFDC5417 /* 285 */}, + { 0xC6D1898F, 0x03D912BF /* 286 */}, { 0x1B83F51B, 0x31B1AAFA /* 287 */}, + { 0xE42AB7D9, 0xF1AC2796 /* 288 */}, { 0xFCD2EBAC, 0x40A3A7D7 /* 289 */}, + { 0x0AFBBCC5, 0x1056136D /* 290 */}, { 0x9A6D0C85, 0x7889E1DD /* 291 */}, + { 0x2A7974AA, 0xD3352578 /* 292 */}, { 0x078AC09B, 0xA7E25D09 /* 293 */}, + { 0xEAC6EDD0, 0xBD4138B3 /* 294 */}, { 0x71EB9E70, 0x920ABFBE /* 295 */}, + { 0x4FC2625C, 0xA2A5D0F5 /* 296 */}, { 0x0B1290A3, 0xC054E36B /* 297 */}, + { 0x62FE932B, 0xF6DD59FF /* 298 */}, { 0x11A8AC7D, 0x35373545 /* 299 */}, + { 0x72FADCD4, 0xCA845E91 /* 300 */}, { 0x329D20DC, 0x84F82B60 /* 301 */}, + { 0xCD672F18, 0x79C62CE1 /* 302 */}, { 0xD124642C, 0x8B09A2AD /* 303 */}, + { 0x19D9E726, 0xD0C1E96A /* 304 */}, { 0x4BA9500C, 0x5A786A9B /* 305 */}, + { 0x634C43F3, 0x0E020336 /* 306 */}, { 0xEB66D822, 0xC17B474A /* 307 */}, + { 0xEC9BAAC2, 0x6A731AE3 /* 308 */}, { 0xE0840258, 0x8226667A /* 309 */}, + { 0x91CAECA5, 0x67D45676 /* 310 */}, { 0x4875ADB5, 0x1D94155C /* 311 */}, + { 0x5B813FDF, 0x6D00FD98 /* 312 */}, { 0xB774CD06, 0x51286EFC /* 313 */}, + { 0x1FA744AF, 0x5E883447 /* 314 */}, { 0xE761AE2E, 0xF72CA0AE /* 315 */}, + { 0xAEE8E09A, 0xBE40E4CD /* 316 */}, { 0x5118F665, 0xE9970BBB /* 317 */}, + { 0x33DF1964, 0x726E4BEB /* 318 */}, { 0x29199762, 0x703B0007 /* 319 */}, + { 0xF5EF30A7, 0x4631D816 /* 320 */}, { 0x1504A6BE, 0xB880B5B5 /* 321 */}, + { 0x7ED84B6C, 0x641793C3 /* 322 */}, { 0xF6E97D96, 0x7B21ED77 /* 323 */}, + { 0x2EF96B73, 0x77630631 /* 324 */}, { 0xE86FF3F4, 0xAE528948 /* 325 */}, + { 0x86A3F8F8, 0x53DBD7F2 /* 326 */}, { 0x4CFC1063, 0x16CADCE7 /* 327 */}, + { 0xFA52C6DD, 0x005C19BD /* 328 */}, { 0x64D46AD3, 0x68868F5D /* 329 */}, + { 0xCF1E186A, 0x3A9D512C /* 330 */}, { 0x385660AE, 0x367E62C2 /* 331 */}, + { 0x77DCB1D7, 0xE359E7EA /* 332 */}, { 0x749ABE6E, 0x526C0773 /* 333 */}, + { 0xD09F734B, 0x735AE5F9 /* 334 */}, { 0x8A558BA8, 0x493FC7CC /* 335 */}, + { 0x3041AB45, 0xB0B9C153 /* 336 */}, { 0x470A59BD, 0x321958BA /* 337 */}, + { 0x5F46C393, 0x852DB00B /* 338 */}, { 0xD336B0E5, 0x91209B2B /* 339 */}, + { 0x659EF19F, 0x6E604F7D /* 340 */}, { 0x782CCB24, 0xB99A8AE2 /* 341 */}, + { 0xC814C4C7, 0xCCF52AB6 /* 342 */}, { 0xBE11727B, 0x4727D9AF /* 343 */}, + { 0x0121B34D, 0x7E950D0C /* 344 */}, { 0x70AD471F, 0x756F4356 /* 345 */}, + { 0x615A6849, 0xF5ADD442 /* 346 */}, { 0x80B9957A, 0x4E87E099 /* 347 */}, + { 0x50AEE355, 0x2ACFA1DF /* 348 */}, { 0xFD2FD556, 0xD898263A /* 349 */}, + { 0xD80C8FD6, 0xC8F4924D /* 350 */}, { 0x754A173A, 0xCF99CA3D /* 351 */}, + { 0xAF91BF3C, 0xFE477BAC /* 352 */}, { 0xD690C12D, 0xED5371F6 /* 353 */}, + { 0x5E687094, 0x831A5C28 /* 354 */}, { 0x3708A0A4, 0xC5D3C90A /* 355 */}, + { 0x17D06580, 0x0F7F9037 /* 356 */}, { 0xB8FDF27F, 0x19F9BB13 /* 357 */}, + { 0x4D502843, 0xB1BD6F1B /* 358 */}, { 0x8FFF4012, 0x1C761BA3 /* 359 */}, + { 0xE2E21F3B, 0x0D1530C4 /* 360 */}, { 0xA7372C8A, 0x8943CE69 /* 361 */}, + { 0xFEB5CE66, 0xE5184E11 /* 362 */}, { 0xBD736621, 0x618BDB80 /* 363 */}, + { 0x8B574D0B, 0x7D29BAD6 /* 364 */}, { 0x25E6FE5B, 0x81BB613E /* 365 */}, + { 0xBC07913F, 0x071C9C10 /* 366 */}, { 0x09AC2D97, 0xC7BEEB79 /* 367 */}, + { 0x3BC5D757, 0xC3E58D35 /* 368 */}, { 0xF38F61E8, 0xEB017892 /* 369 */}, + { 0x9B1CC21A, 0xD4EFFB9C /* 370 */}, { 0xF494F7AB, 0x99727D26 /* 371 */}, + { 0x956B3E03, 0xA3E063A2 /* 372 */}, { 0x4AA09C30, 0x9D4A8B9A /* 373 */}, + { 0x00090FB4, 0x3F6AB7D5 /* 374 */}, { 0x57268AC0, 0x9CC0F2A0 /* 375 */}, + { 0xEDBF42D1, 0x3DEE9D2D /* 376 */}, { 0x7960A972, 0x330F49C8 /* 377 */}, + { 0x87421B41, 0xC6B27202 /* 378 */}, { 0x7C00369C, 0x0AC59EC0 /* 379 */}, + { 0xCB353425, 0xEF4EAC49 /* 380 */}, { 0xEF0129D8, 0xF450244E /* 381 */}, + { 0xCAF4DEB6, 0x8ACC46E5 /* 382 */}, { 0x989263F7, 0x2FFEAB63 /* 383 */}, + { 0x5D7A4578, 0x8F7CB9FE /* 384 */}, { 0x4E634635, 0x5BD8F764 /* 385 */}, + { 0xBF2DC900, 0x427A7315 /* 386 */}, { 0x2125261C, 0x17D0C4AA /* 387 */}, + { 0x93518E50, 0x3992486C /* 388 */}, { 0xA2D7D4C3, 0xB4CBFEE0 /* 389 */}, + { 0x2C5DDD8D, 0x7C75D620 /* 390 */}, { 0xE35B6C61, 0xDBC295D8 /* 391 */}, + { 0x02032B19, 0x60B369D3 /* 392 */}, { 0xDCE44132, 0xCE42685F /* 393 */}, + { 0xDDF65610, 0x06F3DDB9 /* 394 */}, { 0xB5E148F0, 0x8EA4D21D /* 395 */}, + { 0x2FCD496F, 0x20B0FCE6 /* 396 */}, { 0x58B0EE31, 0x2C1B9123 /* 397 */}, + { 0x18F5A308, 0xB28317B8 /* 398 */}, { 0x9CA6D2CF, 0xA89C1E18 /* 399 */}, + { 0x6AAADBC8, 0x0C6B1857 /* 400 */}, { 0x1299FAE3, 0xB65DEAA9 /* 401 */}, + { 0x7F1027E7, 0xFB2B794B /* 402 */}, { 0x443B5BEB, 0x04E4317F /* 403 */}, + { 0x5939D0A6, 0x4B852D32 /* 404 */}, { 0xFB207FFC, 0xD5AE6BEE /* 405 */}, + { 0x81C7D374, 0x309682B2 /* 406 */}, { 0x94C3B475, 0xBAE309A1 /* 407 */}, + { 0x13B49F05, 0x8CC3F97B /* 408 */}, { 0xF8293967, 0x98A9422F /* 409 */}, + { 0x1076FF7C, 0x244B16B0 /* 410 */}, { 0x663D67EE, 0xF8BF571C /* 411 */}, + { 0xEEE30DA1, 0x1F0D6758 /* 412 */}, { 0x7ADEB9B7, 0xC9B611D9 /* 413 */}, + { 0x7B6C57A2, 0xB7AFD588 /* 414 */}, { 0x6B984FE1, 0x6290AE84 /* 415 */}, + { 0xACC1A5FD, 0x94DF4CDE /* 416 */}, { 0xC5483AFF, 0x058A5BD1 /* 417 */}, + { 0x42BA3C37, 0x63166CC1 /* 418 */}, { 0xB2F76F40, 0x8DB8526E /* 419 */}, + { 0x6F0D6D4E, 0xE1088003 /* 420 */}, { 0x971D311D, 0x9E0523C9 /* 421 */}, + { 0xCC7CD691, 0x45EC2824 /* 422 */}, { 0xE62382C9, 0x575B8359 /* 423 */}, + { 0xC4889995, 0xFA9E400D /* 424 */}, { 0x45721568, 0xD1823ECB /* 425 */}, + { 0x8206082F, 0xDAFD983B /* 426 */}, { 0x2386A8CB, 0xAA7D2908 /* 427 */}, + { 0x03B87588, 0x269FCD44 /* 428 */}, { 0x28BDD1E0, 0x1B91F5F7 /* 429 */}, + { 0x040201F6, 0xE4669F39 /* 430 */}, { 0x8CF04ADE, 0x7A1D7C21 /* 431 */}, + { 0xD79CE5CE, 0x65623C29 /* 432 */}, { 0x96C00BB1, 0x23684490 /* 433 */}, + { 0x9DA503BA, 0xAB9BF187 /* 434 */}, { 0xA458058E, 0xBC23ECB1 /* 435 */}, + { 0xBB401ECC, 0x9A58DF01 /* 436 */}, { 0xA85F143D, 0xA070E868 /* 437 */}, + { 0x7DF2239E, 0x4FF18830 /* 438 */}, { 0x1A641183, 0x14D565B4 /* 439 */}, + { 0x52701602, 0xEE133374 /* 440 */}, { 0x3F285E09, 0x950E3DCF /* 441 */}, + { 0xB9C80953, 0x59930254 /* 442 */}, { 0x8930DA6D, 0x3BF29940 /* 443 */}, + { 0x53691387, 0xA955943F /* 444 */}, { 0xA9CB8784, 0xA15EDECA /* 445 */}, + { 0x352BE9A0, 0x29142127 /* 446 */}, { 0xFF4E7AFB, 0x76F0371F /* 447 */}, + { 0x274F2228, 0x0239F450 /* 448 */}, { 0x1D5E868B, 0xBB073AF0 /* 449 */}, + { 0xC10E96C1, 0xBFC80571 /* 450 */}, { 0x68222E23, 0xD2670885 /* 451 */}, + { 0x8E80B5B0, 0x9671A3D4 /* 452 */}, { 0xE193BB81, 0x55B5D38A /* 453 */}, + { 0xA18B04B8, 0x693AE2D0 /* 454 */}, { 0xADD5335F, 0x5C48B4EC /* 455 */}, + { 0x4916A1CA, 0xFD743B19 /* 456 */}, { 0x34BE98C4, 0x25770181 /* 457 */}, + { 0x3C54A4AD, 0xE77987E8 /* 458 */}, { 0xDA33E1B9, 0x28E11014 /* 459 */}, + { 0x226AA213, 0x270CC59E /* 460 */}, { 0x6D1A5F60, 0x71495F75 /* 461 */}, + { 0x60AFEF77, 0x9BE853FB /* 462 */}, { 0xF7443DBF, 0xADC786A7 /* 463 */}, + { 0x73B29A82, 0x09044561 /* 464 */}, { 0xC232BD5E, 0x58BC7A66 /* 465 */}, + { 0x673AC8B2, 0xF306558C /* 466 */}, { 0xB6C9772A, 0x41F639C6 /* 467 */}, + { 0x9FDA35DA, 0x216DEFE9 /* 468 */}, { 0x1C7BE615, 0x11640CC7 /* 469 */}, + { 0x565C5527, 0x93C43694 /* 470 */}, { 0x46777839, 0xEA038E62 /* 471 */}, + { 0x5A3E2469, 0xF9ABF3CE /* 472 */}, { 0x0FD312D2, 0x741E768D /* 473 */}, + { 0xCED652C6, 0x0144B883 /* 474 */}, { 0xA33F8552, 0xC20B5A5B /* 475 */}, + { 0xC3435A9D, 0x1AE69633 /* 476 */}, { 0x088CFDEC, 0x97A28CA4 /* 477 */}, + { 0x1E96F420, 0x8824A43C /* 478 */}, { 0x6EEEA746, 0x37612FA6 /* 479 */}, + { 0xF9CF0E5A, 0x6B4CB165 /* 480 */}, { 0xA0ABFB4A, 0x43AA1C06 /* 481 */}, + { 0xF162796B, 0x7F4DC26F /* 482 */}, { 0x54ED9B0F, 0x6CBACC8E /* 483 */}, + { 0xD2BB253E, 0xA6B7FFEF /* 484 */}, { 0xB0A29D4F, 0x2E25BC95 /* 485 */}, + { 0xDEF1388C, 0x86D6A58B /* 486 */}, { 0x76B6F054, 0xDED74AC5 /* 487 */}, + { 0x2B45805D, 0x8030BDBC /* 488 */}, { 0xE94D9289, 0x3C81AF70 /* 489 */}, + { 0x9E3100DB, 0x3EFF6DDA /* 490 */}, { 0xDFCC8847, 0xB38DC39F /* 491 */}, + { 0x8D17B87E, 0x12388552 /* 492 */}, { 0x40B1B642, 0xF2DA0ED2 /* 493 */}, + { 0xD54BF9A9, 0x44CEFADC /* 494 */}, { 0x433C7EE6, 0x1312200E /* 495 */}, + { 0x3A78C748, 0x9FFCC84F /* 496 */}, { 0x248576BB, 0xF0CD1F72 /* 497 */}, + { 0x3638CFE4, 0xEC697405 /* 498 */}, { 0x0CEC4E4C, 0x2BA7B67C /* 499 */}, + { 0xE5CE32ED, 0xAC2F4DF3 /* 500 */}, { 0x26EA4C11, 0xCB33D143 /* 501 */}, + { 0xC77E58BC, 0xA4E9044C /* 502 */}, { 0xD934FCEF, 0x5F513293 /* 503 */}, + { 0x06E55444, 0x5DC96455 /* 504 */}, { 0x317DE40A, 0x50DE418F /* 505 */}, + { 0x69DDE259, 0x388CB31A /* 506 */}, { 0x55820A86, 0x2DB4A834 /* 507 */}, + { 0x84711AE9, 0x9010A91E /* 508 */}, { 0xB1498371, 0x4DF7F0B7 /* 509 */}, + { 0xC0977179, 0xD62A2EAB /* 510 */}, { 0xAA8D5C0E, 0x22FAC097 /* 511 */}, + { 0xF1DAF39B, 0xF49FCC2F /* 512 */}, { 0x6FF29281, 0x487FD5C6 /* 513 */}, + { 0xFCDCA83F, 0xE8A30667 /* 514 */}, { 0xD2FCCE63, 0x2C9B4BE3 /* 515 */}, + { 0x93FBBBC2, 0xDA3FF74B /* 516 */}, { 0xFE70BA66, 0x2FA165D2 /* 517 */}, + { 0x970E93D4, 0xA103E279 /* 518 */}, { 0xB0E45E71, 0xBECDEC77 /* 519 */}, + { 0x3985E497, 0xCFB41E72 /* 520 */}, { 0x5EF75017, 0xB70AAA02 /* 521 */}, + { 0x3840B8E0, 0xD42309F0 /* 522 */}, { 0x35898579, 0x8EFC1AD0 /* 523 */}, + { 0xE2B2ABC5, 0x96C6920B /* 524 */}, { 0x375A9172, 0x66AF4163 /* 525 */}, + { 0xCA7127FB, 0x2174ABDC /* 526 */}, { 0x4A72FF41, 0xB33CCEA6 /* 527 */}, + { 0x083066A5, 0xF04A4933 /* 528 */}, { 0xD7289AF5, 0x8D970ACD /* 529 */}, + { 0x31C8C25E, 0x8F96E8E0 /* 530 */}, { 0x76875D47, 0xF3FEC022 /* 531 */}, + { 0x056190DD, 0xEC7BF310 /* 532 */}, { 0xBB0F1491, 0xF5ADB0AE /* 533 */}, + { 0x0FD58892, 0x9B50F885 /* 534 */}, { 0x58B74DE8, 0x49754883 /* 535 */}, + { 0x91531C61, 0xA3354FF6 /* 536 */}, { 0x81D2C6EE, 0x0702BBE4 /* 537 */}, + { 0x7DEDED98, 0x89FB2405 /* 538 */}, { 0x8596E902, 0xAC307513 /* 539 */}, + { 0x172772ED, 0x1D2D3580 /* 540 */}, { 0x8E6BC30D, 0xEB738FC2 /* 541 */}, + { 0x63044326, 0x5854EF8F /* 542 */}, { 0x5ADD3BBE, 0x9E5C5232 /* 543 */}, + { 0x325C4623, 0x90AA53CF /* 544 */}, { 0x349DD067, 0xC1D24D51 /* 545 */}, + { 0xA69EA624, 0x2051CFEE /* 546 */}, { 0x862E7E4F, 0x13220F0A /* 547 */}, + { 0x04E04864, 0xCE393994 /* 548 */}, { 0x7086FCB7, 0xD9C42CA4 /* 549 */}, + { 0x8A03E7CC, 0x685AD223 /* 550 */}, { 0xAB2FF1DB, 0x066484B2 /* 551 */}, + { 0xEFBF79EC, 0xFE9D5D70 /* 552 */}, { 0x9C481854, 0x5B13B9DD /* 553 */}, + { 0xED1509AD, 0x15F0D475 /* 554 */}, { 0x0EC79851, 0x0BEBCD06 /* 555 */}, + { 0x183AB7F8, 0xD58C6791 /* 556 */}, { 0x52F3EEE4, 0xD1187C50 /* 557 */}, + { 0xE54E82FF, 0xC95D1192 /* 558 */}, { 0xB9AC6CA2, 0x86EEA14C /* 559 */}, + { 0x53677D5D, 0x3485BEB1 /* 560 */}, { 0x1F8C492A, 0xDD191D78 /* 561 */}, + { 0xA784EBF9, 0xF60866BA /* 562 */}, { 0xA2D08C74, 0x518F643B /* 563 */}, + { 0xE1087C22, 0x8852E956 /* 564 */}, { 0xC410AE8D, 0xA768CB8D /* 565 */}, + { 0xBFEC8E1A, 0x38047726 /* 566 */}, { 0xCD3B45AA, 0xA67738B4 /* 567 */}, + { 0xEC0DDE19, 0xAD16691C /* 568 */}, { 0x80462E07, 0xC6D43193 /* 569 */}, + { 0x0BA61938, 0xC5A5876D /* 570 */}, { 0xA58FD840, 0x16B9FA1F /* 571 */}, + { 0x3CA74F18, 0x188AB117 /* 572 */}, { 0xC99C021F, 0xABDA2F98 /* 573 */}, + { 0x134AE816, 0x3E0580AB /* 574 */}, { 0x73645ABB, 0x5F3B05B7 /* 575 */}, + { 0x5575F2F6, 0x2501A2BE /* 576 */}, { 0x4E7E8BA9, 0x1B2F7400 /* 577 */}, + { 0x71E8D953, 0x1CD75803 /* 578 */}, { 0x62764E30, 0x7F6ED895 /* 579 */}, + { 0x596F003D, 0xB15926FF /* 580 */}, { 0xA8C5D6B9, 0x9F65293D /* 581 */}, + { 0xD690F84C, 0x6ECEF04D /* 582 */}, { 0xFF33AF88, 0x4782275F /* 583 */}, + { 0x3F820801, 0xE4143308 /* 584 */}, { 0x9A1AF9B5, 0xFD0DFE40 /* 585 */}, + { 0x2CDB396B, 0x4325A334 /* 586 */}, { 0xB301B252, 0x8AE77E62 /* 587 */}, + { 0x6655615A, 0xC36F9E9F /* 588 */}, { 0x92D32C09, 0x85455A2D /* 589 */}, + { 0x49477485, 0xF2C7DEA9 /* 590 */}, { 0x33A39EBA, 0x63CFB4C1 /* 591 */}, + { 0x6EBC5462, 0x83B040CC /* 592 */}, { 0xFDB326B0, 0x3B9454C8 /* 593 */}, + { 0x87FFD78C, 0x56F56A9E /* 594 */}, { 0x99F42BC6, 0x2DC2940D /* 595 */}, + { 0x6B096E2D, 0x98F7DF09 /* 596 */}, { 0x3AD852BF, 0x19A6E01E /* 597 */}, + { 0xDBD4B40B, 0x42A99CCB /* 598 */}, { 0x45E9C559, 0xA59998AF /* 599 */}, + { 0x07D93186, 0x366295E8 /* 600 */}, { 0xFAA1F773, 0x6B48181B /* 601 */}, + { 0x157A0A1D, 0x1FEC57E2 /* 602 */}, { 0xF6201AD5, 0x4667446A /* 603 */}, + { 0xCFB0F075, 0xE615EBCA /* 604 */}, { 0x68290778, 0xB8F31F4F /* 605 */}, + { 0xCE22D11E, 0x22713ED6 /* 606 */}, { 0x2EC3C93B, 0x3057C1A7 /* 607 */}, + { 0x7C3F1F2F, 0xCB46ACC3 /* 608 */}, { 0x02AAF50E, 0xDBB893FD /* 609 */}, + { 0x600B9FCF, 0x331FD92E /* 610 */}, { 0x48EA3AD6, 0xA498F961 /* 611 */}, + { 0x8B6A83EA, 0xA8D8426E /* 612 */}, { 0xB7735CDC, 0xA089B274 /* 613 */}, + { 0x1E524A11, 0x87F6B373 /* 614 */}, { 0xCBC96749, 0x118808E5 /* 615 */}, + { 0xB19BD394, 0x9906E4C7 /* 616 */}, { 0x9B24A20C, 0xAFED7F7E /* 617 */}, + { 0xEB3644A7, 0x6509EADE /* 618 */}, { 0xE8EF0EDE, 0x6C1EF1D3 /* 619 */}, + { 0xE9798FB4, 0xB9C97D43 /* 620 */}, { 0x740C28A3, 0xA2F2D784 /* 621 */}, + { 0x6197566F, 0x7B849647 /* 622 */}, { 0xB65F069D, 0x7A5BE3E6 /* 623 */}, + { 0x78BE6F10, 0xF96330ED /* 624 */}, { 0x7A076A15, 0xEEE60DE7 /* 625 */}, + { 0xA08B9BD0, 0x2B4BEE4A /* 626 */}, { 0xC7B8894E, 0x6A56A63E /* 627 */}, + { 0xBA34FEF4, 0x02121359 /* 628 */}, { 0x283703FC, 0x4CBF99F8 /* 629 */}, + { 0x0CAF30C8, 0x39807135 /* 630 */}, { 0xF017687A, 0xD0A77A89 /* 631 */}, + { 0x9E423569, 0xF1C1A9EB /* 632 */}, { 0x2DEE8199, 0x8C797628 /* 633 */}, + { 0xDD1F7ABD, 0x5D1737A5 /* 634 */}, { 0x09A9FA80, 0x4F53433C /* 635 */}, + { 0xDF7CA1D9, 0xFA8B0C53 /* 636 */}, { 0x886CCB77, 0x3FD9DCBC /* 637 */}, + { 0xA91B4720, 0xC040917C /* 638 */}, { 0xF9D1DCDF, 0x7DD00142 /* 639 */}, + { 0x4F387B58, 0x8476FC1D /* 640 */}, { 0xF3316503, 0x23F8E7C5 /* 641 */}, + { 0xE7E37339, 0x032A2244 /* 642 */}, { 0x50F5A74B, 0x5C87A5D7 /* 643 */}, + { 0x3698992E, 0x082B4CC4 /* 644 */}, { 0xB858F63C, 0xDF917BEC /* 645 */}, + { 0x5BF86DDA, 0x3270B8FC /* 646 */}, { 0x29B5DD76, 0x10AE72BB /* 647 */}, + { 0x7700362B, 0x576AC94E /* 648 */}, { 0xC61EFB8F, 0x1AD112DA /* 649 */}, + { 0xC5FAA427, 0x691BC30E /* 650 */}, { 0xCC327143, 0xFF246311 /* 651 */}, + { 0x30E53206, 0x3142368E /* 652 */}, { 0xE02CA396, 0x71380E31 /* 653 */}, + { 0x0AAD76F1, 0x958D5C96 /* 654 */}, { 0xC16DA536, 0xF8D6F430 /* 655 */}, + { 0x1BE7E1D2, 0xC8FFD13F /* 656 */}, { 0x004DDBE1, 0x7578AE66 /* 657 */}, + { 0x067BE646, 0x05833F01 /* 658 */}, { 0x3BFE586D, 0xBB34B5AD /* 659 */}, + { 0xA12B97F0, 0x095F34C9 /* 660 */}, { 0x25D60CA8, 0x247AB645 /* 661 */}, + { 0x017477D1, 0xDCDBC6F3 /* 662 */}, { 0xDECAD24D, 0x4A2E14D4 /* 663 */}, + { 0xBE0A1EEB, 0xBDB5E6D9 /* 664 */}, { 0x794301AB, 0x2A7E70F7 /* 665 */}, + { 0x270540FD, 0xDEF42D8A /* 666 */}, { 0xA34C22C1, 0x01078EC0 /* 667 */}, + { 0xF4C16387, 0xE5DE511A /* 668 */}, { 0xBD9A330A, 0x7EBB3A52 /* 669 */}, + { 0xAA7D6435, 0x77697857 /* 670 */}, { 0x03AE4C32, 0x004E8316 /* 671 */}, + { 0xAD78E312, 0xE7A21020 /* 672 */}, { 0x6AB420F2, 0x9D41A70C /* 673 */}, + { 0xEA1141E6, 0x28E06C18 /* 674 */}, { 0x984F6B28, 0xD2B28CBD /* 675 */}, + { 0x446E9D83, 0x26B75F6C /* 676 */}, { 0x4D418D7F, 0xBA47568C /* 677 */}, + { 0xE6183D8E, 0xD80BADBF /* 678 */}, { 0x5F166044, 0x0E206D7F /* 679 */}, + { 0x11CBCA3E, 0xE258A439 /* 680 */}, { 0xB21DC0BC, 0x723A1746 /* 681 */}, + { 0xF5D7CDD3, 0xC7CAA854 /* 682 */}, { 0x3D261D9C, 0x7CAC3288 /* 683 */}, + { 0x23BA942C, 0x7690C264 /* 684 */}, { 0x478042B8, 0x17E55524 /* 685 */}, + { 0x56A2389F, 0xE0BE4776 /* 686 */}, { 0x67AB2DA0, 0x4D289B5E /* 687 */}, + { 0x8FBBFD31, 0x44862B9C /* 688 */}, { 0x9D141365, 0xB47CC804 /* 689 */}, + { 0x2B91C793, 0x822C1B36 /* 690 */}, { 0xFB13DFD8, 0x4EB14655 /* 691 */}, + { 0x14E2A97B, 0x1ECBBA07 /* 692 */}, { 0x5CDE5F14, 0x6143459D /* 693 */}, + { 0xD5F0AC89, 0x53A8FBF1 /* 694 */}, { 0x1C5E5B00, 0x97EA04D8 /* 695 */}, + { 0xD4FDB3F3, 0x622181A8 /* 696 */}, { 0x572A1208, 0xE9BCD341 /* 697 */}, + { 0x43CCE58A, 0x14112586 /* 698 */}, { 0xA4C6E0A4, 0x9144C5FE /* 699 */}, + { 0x65CF620F, 0x0D33D065 /* 700 */}, { 0x9F219CA1, 0x54A48D48 /* 701 */}, + { 0x6D63C821, 0xC43E5EAC /* 702 */}, { 0x72770DAF, 0xA9728B3A /* 703 */}, + { 0x20DF87EF, 0xD7934E7B /* 704 */}, { 0x1A3E86E5, 0xE35503B6 /* 705 */}, + { 0xC819D504, 0xCAE321FB /* 706 */}, { 0xAC60BFA6, 0x129A50B3 /* 707 */}, + { 0x7E9FB6C3, 0xCD5E68EA /* 708 */}, { 0x9483B1C7, 0xB01C9019 /* 709 */}, + { 0xC295376C, 0x3DE93CD5 /* 710 */}, { 0x2AB9AD13, 0xAED52EDF /* 711 */}, + { 0xC0A07884, 0x2E60F512 /* 712 */}, { 0xE36210C9, 0xBC3D86A3 /* 713 */}, + { 0x163951CE, 0x35269D9B /* 714 */}, { 0xD0CDB5FA, 0x0C7D6E2A /* 715 */}, + { 0xD87F5733, 0x59E86297 /* 716 */}, { 0x898DB0E7, 0x298EF221 /* 717 */}, + { 0xD1A5AA7E, 0x55000029 /* 718 */}, { 0xB5061B45, 0x8BC08AE1 /* 719 */}, + { 0x6C92703A, 0xC2C31C2B /* 720 */}, { 0xAF25EF42, 0x94CC596B /* 721 */}, + { 0x22540456, 0x0A1D73DB /* 722 */}, { 0xD9C4179A, 0x04B6A0F9 /* 723 */}, + { 0xAE3D3C60, 0xEFFDAFA2 /* 724 */}, { 0xB49496C4, 0xF7C8075B /* 725 */}, + { 0x1D1CD4E3, 0x9CC5C714 /* 726 */}, { 0x218E5534, 0x78BD1638 /* 727 */}, + { 0xF850246A, 0xB2F11568 /* 728 */}, { 0x9502BC29, 0xEDFABCFA /* 729 */}, + { 0xDA23051B, 0x796CE5F2 /* 730 */}, { 0xDC93537C, 0xAAE128B0 /* 731 */}, + { 0xEE4B29AE, 0x3A493DA0 /* 732 */}, { 0x416895D7, 0xB5DF6B2C /* 733 */}, + { 0x122D7F37, 0xFCABBD25 /* 734 */}, { 0x105DC4B1, 0x70810B58 /* 735 */}, + { 0xF7882A90, 0xE10FDD37 /* 736 */}, { 0x518A3F5C, 0x524DCAB5 /* 737 */}, + { 0x8451255B, 0x3C9E8587 /* 738 */}, { 0x19BD34E2, 0x40298281 /* 739 */}, + { 0x5D3CECCB, 0x74A05B6F /* 740 */}, { 0x42E13ECA, 0xB6100215 /* 741 */}, + { 0x2F59E2AC, 0x0FF979D1 /* 742 */}, { 0xE4F9CC50, 0x6037DA27 /* 743 */}, + { 0x0DF1847D, 0x5E92975A /* 744 */}, { 0xD3E623FE, 0xD66DE190 /* 745 */}, + { 0x7B568048, 0x5032D6B8 /* 746 */}, { 0x8235216E, 0x9A36B7CE /* 747 */}, + { 0x24F64B4A, 0x80272A7A /* 748 */}, { 0x8C6916F7, 0x93EFED8B /* 749 */}, + { 0x4CCE1555, 0x37DDBFF4 /* 750 */}, { 0x4B99BD25, 0x4B95DB5D /* 751 */}, + { 0x69812FC0, 0x92D3FDA1 /* 752 */}, { 0x90660BB6, 0xFB1A4A9A /* 753 */}, + { 0x46A4B9B2, 0x730C1969 /* 754 */}, { 0x7F49DA68, 0x81E289AA /* 755 */}, + { 0x83B1A05F, 0x64669A0F /* 756 */}, { 0x9644F48B, 0x27B3FF7D /* 757 */}, + { 0x8DB675B3, 0xCC6B615C /* 758 */}, { 0xBCEBBE95, 0x674F20B9 /* 759 */}, + { 0x75655982, 0x6F312382 /* 760 */}, { 0x3E45CF05, 0x5AE48871 /* 761 */}, + { 0x54C21157, 0xBF619F99 /* 762 */}, { 0x40A8EAE9, 0xEABAC460 /* 763 */}, + { 0xF2C0C1CD, 0x454C6FE9 /* 764 */}, { 0x6412691C, 0x419CF649 /* 765 */}, + { 0x265B0F70, 0xD3DC3BEF /* 766 */}, { 0xC3578A9E, 0x6D0E60F5 /* 767 */}, + { 0x26323C55, 0x5B0E6085 /* 768 */}, { 0xFA1B59F5, 0x1A46C1A9 /* 769 */}, + { 0x7C4C8FFA, 0xA9E245A1 /* 770 */}, { 0xDB2955D7, 0x65CA5159 /* 771 */}, + { 0xCE35AFC2, 0x05DB0A76 /* 772 */}, { 0xA9113D45, 0x81EAC77E /* 773 */}, + { 0xB6AC0A0D, 0x528EF88A /* 774 */}, { 0x597BE3FF, 0xA09EA253 /* 775 */}, + { 0xAC48CD56, 0x430DDFB3 /* 776 */}, { 0xF45CE46F, 0xC4B3A67A /* 777 */}, + { 0xFBE2D05E, 0x4ECECFD8 /* 778 */}, { 0xB39935F0, 0x3EF56F10 /* 779 */}, + { 0x9CD619C6, 0x0B22D682 /* 780 */}, { 0x74DF2069, 0x17FD460A /* 781 */}, + { 0x8510ED40, 0x6CF8CC8E /* 782 */}, { 0x3A6ECAA7, 0xD6C824BF /* 783 */}, + { 0x1A817049, 0x61243D58 /* 784 */}, { 0xBBC163A2, 0x048BACB6 /* 785 */}, + { 0x7D44CC32, 0xD9A38AC2 /* 786 */}, { 0xAAF410AB, 0x7FDDFF5B /* 787 */}, + { 0xA804824B, 0xAD6D495A /* 788 */}, { 0x2D8C9F94, 0xE1A6A74F /* 789 */}, + { 0x35DEE8E3, 0xD4F78512 /* 790 */}, { 0x6540D893, 0xFD4B7F88 /* 791 */}, + { 0x2AA4BFDA, 0x247C2004 /* 792 */}, { 0x17D1327C, 0x096EA1C5 /* 793 */}, + { 0x361A6685, 0xD56966B4 /* 794 */}, { 0x1221057D, 0x277DA5C3 /* 795 */}, + { 0xA43ACFF7, 0x94D59893 /* 796 */}, { 0xCDC02281, 0x64F0C51C /* 797 */}, + { 0xFF6189DB, 0x3D33BCC4 /* 798 */}, { 0x4CE66AF1, 0xE005CB18 /* 799 */}, + { 0x1DB99BEA, 0xFF5CCD1D /* 800 */}, { 0xFE42980F, 0xB0B854A7 /* 801 */}, + { 0x718D4B9F, 0x7BD46A6A /* 802 */}, { 0x22A5FD8C, 0xD10FA8CC /* 803 */}, + { 0x2BE4BD31, 0xD3148495 /* 804 */}, { 0xCB243847, 0xC7FA975F /* 805 */}, + { 0x5846C407, 0x4886ED1E /* 806 */}, { 0x1EB70B04, 0x28CDDB79 /* 807 */}, + { 0xF573417F, 0xC2B00BE2 /* 808 */}, { 0x2180F877, 0x5C959045 /* 809 */}, + { 0xF370EB00, 0x7A6BDDFF /* 810 */}, { 0xD6D9D6A4, 0xCE509E38 /* 811 */}, + { 0x647FA702, 0xEBEB0F00 /* 812 */}, { 0x76606F06, 0x1DCC06CF /* 813 */}, + { 0xA286FF0A, 0xE4D9F28B /* 814 */}, { 0xC918C262, 0xD85A305D /* 815 */}, + { 0x32225F54, 0x475B1D87 /* 816 */}, { 0x68CCB5FE, 0x2D4FB516 /* 817 */}, + { 0xD72BBA20, 0xA679B9D9 /* 818 */}, { 0x912D43A5, 0x53841C0D /* 819 */}, + { 0xBF12A4E8, 0x3B7EAA48 /* 820 */}, { 0xF22F1DDF, 0x781E0E47 /* 821 */}, + { 0x0AB50973, 0xEFF20CE6 /* 822 */}, { 0x9DFFB742, 0x20D261D1 /* 823 */}, + { 0x062A2E39, 0x16A12B03 /* 824 */}, { 0x39650495, 0x1960EB22 /* 825 */}, + { 0xD50EB8B8, 0x251C16FE /* 826 */}, { 0xF826016E, 0x9AC0C330 /* 827 */}, + { 0x953E7671, 0xED152665 /* 828 */}, { 0xA6369570, 0x02D63194 /* 829 */}, + { 0x94B1C987, 0x5074F083 /* 830 */}, { 0x90B25CE1, 0x70BA598C /* 831 */}, + { 0x0B9742F6, 0x794A1581 /* 832 */}, { 0xFCAF8C6C, 0x0D5925E9 /* 833 */}, + { 0xD868744E, 0x3067716C /* 834 */}, { 0xE8D7731B, 0x910AB077 /* 835 */}, + { 0x5AC42F61, 0x6A61BBDB /* 836 */}, { 0xF0851567, 0x93513EFB /* 837 */}, + { 0x9E83E9D5, 0xF494724B /* 838 */}, { 0x5C09648D, 0xE887E198 /* 839 */}, + { 0x75370CFD, 0x34B1D3C6 /* 840 */}, { 0xBC0D255D, 0xDC35E433 /* 841 */}, + { 0x34131BE0, 0xD0AAB842 /* 842 */}, { 0xB48B7EAF, 0x08042A50 /* 843 */}, + { 0x44A3AB35, 0x9997C4EE /* 844 */}, { 0x201799D0, 0x829A7B49 /* 845 */}, + { 0xB7C54441, 0x263B8307 /* 846 */}, { 0xFD6A6CA6, 0x752F95F4 /* 847 */}, + { 0x2C08C6E5, 0x92721740 /* 848 */}, { 0xA795D9EE, 0x2A8AB754 /* 849 */}, + { 0x2F72943D, 0xA442F755 /* 850 */}, { 0x19781208, 0x2C31334E /* 851 */}, + { 0xEAEE6291, 0x4FA98D7C /* 852 */}, { 0x665DB309, 0x55C3862F /* 853 */}, + { 0x5D53B1F3, 0xBD061017 /* 854 */}, { 0x40413F27, 0x46FE6CB8 /* 855 */}, + { 0xDF0CFA59, 0x3FE03792 /* 856 */}, { 0x2EB85E8F, 0xCFE70037 /* 857 */}, + { 0xADBCE118, 0xA7BE29E7 /* 858 */}, { 0xDE8431DD, 0xE544EE5C /* 859 */}, + { 0x41F1873E, 0x8A781B1B /* 860 */}, { 0xA0D2F0E7, 0xA5C94C78 /* 861 */}, + { 0x77B60728, 0x39412E28 /* 862 */}, { 0xAFC9A62C, 0xA1265EF3 /* 863 */}, + { 0x6A2506C5, 0xBCC2770C /* 864 */}, { 0xDCE1CE12, 0x3AB66DD5 /* 865 */}, + { 0x4A675B37, 0xE65499D0 /* 866 */}, { 0x81BFD216, 0x7D8F5234 /* 867 */}, + { 0xEC15F389, 0x0F6F64FC /* 868 */}, { 0x8B5B13C8, 0x74EFBE61 /* 869 */}, + { 0x14273E1D, 0xACDC82B7 /* 870 */}, { 0x03199D17, 0xDD40BFE0 /* 871 */}, + { 0xE7E061F8, 0x37E99257 /* 872 */}, { 0x04775AAA, 0xFA526269 /* 873 */}, + { 0x463D56F9, 0x8BBBF63A /* 874 */}, { 0x43A26E64, 0xF0013F15 /* 875 */}, + { 0x879EC898, 0xA8307E9F /* 876 */}, { 0x150177CC, 0xCC4C27A4 /* 877 */}, + { 0xCA1D3348, 0x1B432F2C /* 878 */}, { 0x9F6FA013, 0xDE1D1F8F /* 879 */}, + { 0x47A7DDD6, 0x606602A0 /* 880 */}, { 0xCC1CB2C7, 0xD237AB64 /* 881 */}, + { 0x25FCD1D3, 0x9B938E72 /* 882 */}, { 0x8E0FF476, 0xEC4E0370 /* 883 */}, + { 0x3D03C12D, 0xFEB2FBDA /* 884 */}, { 0xEE43889A, 0xAE0BCED2 /* 885 */}, + { 0xEBFB4F43, 0x22CB8923 /* 886 */}, { 0x3CF7396D, 0x69360D01 /* 887 */}, + { 0xD2D4E022, 0x855E3602 /* 888 */}, { 0xD01F784C, 0x073805BA /* 889 */}, + { 0x3852F546, 0x33E17A13 /* 890 */}, { 0x8AC7B638, 0xDF487405 /* 891 */}, + { 0x678AA14A, 0xBA92B29C /* 892 */}, { 0x6CFAADCD, 0x0CE89FC7 /* 893 */}, + { 0x08339E34, 0x5F9D4E09 /* 894 */}, { 0x1F5923B9, 0xF1AFE929 /* 895 */}, + { 0x0F4A265F, 0x6E3480F6 /* 896 */}, { 0xB29B841C, 0xEEBF3A2A /* 897 */}, + { 0x8F91B4AD, 0xE21938A8 /* 898 */}, { 0x45C6D3C3, 0x57DFEFF8 /* 899 */}, + { 0xF62CAAF2, 0x2F006B0B /* 900 */}, { 0x6F75EE78, 0x62F479EF /* 901 */}, + { 0x1C8916A9, 0x11A55AD4 /* 902 */}, { 0x84FED453, 0xF229D290 /* 903 */}, + { 0x16B000E6, 0x42F1C27B /* 904 */}, { 0x9823C074, 0x2B1F7674 /* 905 */}, + { 0xC2745360, 0x4B76ECA3 /* 906 */}, { 0xB91691BD, 0x8C98F463 /* 907 */}, + { 0xF1ADE66A, 0x14BCC93C /* 908 */}, { 0x6D458397, 0x8885213E /* 909 */}, + { 0x274D4711, 0x8E177DF0 /* 910 */}, { 0x503F2951, 0xB49B73B5 /* 911 */}, + { 0xC3F96B6B, 0x10168168 /* 912 */}, { 0x63CAB0AE, 0x0E3D963B /* 913 */}, + { 0x55A1DB14, 0x8DFC4B56 /* 914 */}, { 0x6E14DE5C, 0xF789F135 /* 915 */}, + { 0x4E51DAC1, 0x683E68AF /* 916 */}, { 0x8D4B0FD9, 0xC9A84F9D /* 917 */}, + { 0x52A0F9D1, 0x3691E03F /* 918 */}, { 0xE1878E80, 0x5ED86E46 /* 919 */}, + { 0x99D07150, 0x3C711A0E /* 920 */}, { 0x0C4E9310, 0x5A0865B2 /* 921 */}, + { 0xE4F0682E, 0x56FBFC1F /* 922 */}, { 0x105EDF9B, 0xEA8D5DE3 /* 923 */}, + { 0x2379187A, 0x71ABFDB1 /* 924 */}, { 0xBEE77B9C, 0x2EB99DE1 /* 925 */}, + { 0x33CF4523, 0x21ECC0EA /* 926 */}, { 0x1805C7A1, 0x59A4D752 /* 927 */}, + { 0x56AE7C72, 0x3896F5EB /* 928 */}, { 0xB18F75DC, 0xAA638F3D /* 929 */}, + { 0xABE9808E, 0x9F39358D /* 930 */}, { 0xC00B72AC, 0xB7DEFA91 /* 931 */}, + { 0x62492D92, 0x6B5541FD /* 932 */}, { 0xF92E4D5B, 0x6DC6DEE8 /* 933 */}, + { 0xC4BEEA7E, 0x353F57AB /* 934 */}, { 0xDA5690CE, 0x735769D6 /* 935 */}, + { 0x42391484, 0x0A234AA6 /* 936 */}, { 0x28F80D9D, 0xF6F95080 /* 937 */}, + { 0x7AB3F215, 0xB8E319A2 /* 938 */}, { 0x51341A4D, 0x31AD9C11 /* 939 */}, + { 0x7BEF5805, 0x773C22A5 /* 940 */}, { 0x07968633, 0x45C7561A /* 941 */}, + { 0x249DBE36, 0xF913DA9E /* 942 */}, { 0x78A64C68, 0xDA652D9B /* 943 */}, + { 0x3BC334EF, 0x4C27A97F /* 944 */}, { 0xE66B17F4, 0x76621220 /* 945 */}, + { 0x9ACD7D0B, 0x96774389 /* 946 */}, { 0xE0ED6782, 0xF3EE5BCA /* 947 */}, + { 0x00C879FC, 0x409F7536 /* 948 */}, { 0xB5926DB6, 0x06D09A39 /* 949 */}, + { 0x317AC588, 0x6F83AEB0 /* 950 */}, { 0x86381F21, 0x01E6CA4A /* 951 */}, + { 0xD19F3025, 0x66FF3462 /* 952 */}, { 0xDDFD3BFB, 0x72207C24 /* 953 */}, + { 0xE2ECE2EB, 0x4AF6B6D3 /* 954 */}, { 0xC7EA08DE, 0x9C994DBE /* 955 */}, + { 0xB09A8BC4, 0x49ACE597 /* 956 */}, { 0xCF0797BA, 0xB38C4766 /* 957 */}, + { 0xC57C2A75, 0x131B9373 /* 958 */}, { 0x61931E58, 0xB1822CCE /* 959 */}, + { 0x09BA1C0C, 0x9D7555B9 /* 960 */}, { 0x937D11D2, 0x127FAFDD /* 961 */}, + { 0xC66D92E4, 0x29DA3BAD /* 962 */}, { 0x54C2ECBC, 0xA2C1D571 /* 963 */}, + { 0x82F6FE24, 0x58C5134D /* 964 */}, { 0x5B62274F, 0x1C3AE351 /* 965 */}, + { 0x01CB8126, 0xE907C82E /* 966 */}, { 0x13E37FCB, 0xF8ED0919 /* 967 */}, + { 0xC80046C9, 0x3249D8F9 /* 968 */}, { 0xE388FB63, 0x80CF9BED /* 969 */}, + { 0x116CF19E, 0x1881539A /* 970 */}, { 0x6BD52457, 0x5103F3F7 /* 971 */}, + { 0xAE47F7A8, 0x15B7E6F5 /* 972 */}, { 0xD47E9CCF, 0xDBD7C6DE /* 973 */}, + { 0x0228BB1A, 0x44E55C41 /* 974 */}, { 0x5EDB4E99, 0xB647D425 /* 975 */}, + { 0xB8AAFC30, 0x5D11882B /* 976 */}, { 0x29D3212A, 0xF5098BBB /* 977 */}, + { 0xE90296B3, 0x8FB5EA14 /* 978 */}, { 0x57DD025A, 0x677B9421 /* 979 */}, + { 0xA390ACB5, 0xFB58E7C0 /* 980 */}, { 0x83BD4A01, 0x89D3674C /* 981 */}, + { 0x4BF3B93B, 0x9E2DA4DF /* 982 */}, { 0x8CAB4829, 0xFCC41E32 /* 983 */}, + { 0xBA582C52, 0x03F38C96 /* 984 */}, { 0x7FD85DB2, 0xCAD1BDBD /* 985 */}, + { 0x6082AE83, 0xBBB442C1 /* 986 */}, { 0xA5DA9AB0, 0xB95FE86B /* 987 */}, + { 0x3771A93F, 0xB22E0467 /* 988 */}, { 0x493152D8, 0x845358C9 /* 989 */}, + { 0x97B4541E, 0xBE2A4886 /* 990 */}, { 0xD38E6966, 0x95A2DC2D /* 991 */}, + { 0x923C852B, 0xC02C11AC /* 992 */}, { 0x0DF2A87B, 0x2388B199 /* 993 */}, + { 0x1B4F37BE, 0x7C8008FA /* 994 */}, { 0x4D54E503, 0x1F70D0C8 /* 995 */}, + { 0x7ECE57D4, 0x5490ADEC /* 996 */}, { 0xD9063A3A, 0x002B3C27 /* 997 */}, + { 0x8030A2BF, 0x7EAEA384 /* 998 */}, { 0xED2003C0, 0xC602326D /* 999 */}, + { 0x69A94086, 0x83A7287D /* 1000 */}, { 0x30F57A8A, 0xC57A5FCB /* 1001 */}, + { 0x79EBE779, 0xB56844E4 /* 1002 */}, { 0x05DCBCE9, 0xA373B40F /* 1003 */}, + { 0x88570EE2, 0xD71A786E /* 1004 */}, { 0xBDE8F6A0, 0x879CBACD /* 1005 */}, + { 0xC164A32F, 0x976AD1BC /* 1006 */}, { 0x9666D78B, 0xAB21E25E /* 1007 */}, + { 0xE5E5C33C, 0x901063AA /* 1008 */}, { 0x48698D90, 0x9818B344 /* 1009 */}, + { 0x3E1E8ABB, 0xE36487AE /* 1010 */}, { 0x893BDCB4, 0xAFBDF931 /* 1011 */}, + { 0x5FBBD519, 0x6345A0DC /* 1012 */}, { 0x9B9465CA, 0x8628FE26 /* 1013 */}, + { 0x3F9C51EC, 0x1E5D0160 /* 1014 */}, { 0xA15049B7, 0x4DE44006 /* 1015 */}, + { 0xF776CBB1, 0xBF6C70E5 /* 1016 */}, { 0xEF552BED, 0x411218F2 /* 1017 */}, + { 0x705A36A3, 0xCB0C0708 /* 1018 */}, { 0x4F986044, 0xE74D1475 /* 1019 */}, + { 0x0EA8280E, 0xCD56D943 /* 1020 */}, { 0x535F5065, 0xC12591D7 /* 1021 */}, + { 0x720AEF96, 0xC83223F1 /* 1022 */}, { 0x7363A51F, 0xC3A0396F /* 1023 */} + }; + +#else +void dummy_2 (int a) +{ + (void) a; + return; +} +#endif Index: branches/samhain-2_2-branch/src/sh_tiger2_64.c =================================================================== --- branches/samhain-2_2-branch/src/sh_tiger2_64.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_tiger2_64.c (revision 66) @@ -0,0 +1,561 @@ +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + +#include "config_xor.h" + +#if defined(TIGER_64_BIT) + +/* #if defined(HAVE_LONG_64) || defined(HAVE_LONG_LONG_64) */ + +/*@-type@*/ +/* sboxes.c: Tiger S boxes */ + +#if defined(HAVE_LONG_64) +typedef unsigned long int word64; +#elif defined(HAVE_LONG_LONG_64) +typedef unsigned long long int word64; +#else +#error No 64 bit type found ! +#endif + +word64 tiger_table[4*256] = { + 0x02AAB17CF7E90C5ELL /* 0 */, 0xAC424B03E243A8ECLL /* 1 */, + 0x72CD5BE30DD5FCD3LL /* 2 */, 0x6D019B93F6F97F3ALL /* 3 */, + 0xCD9978FFD21F9193LL /* 4 */, 0x7573A1C9708029E2LL /* 5 */, + 0xB164326B922A83C3LL /* 6 */, 0x46883EEE04915870LL /* 7 */, + 0xEAACE3057103ECE6LL /* 8 */, 0xC54169B808A3535CLL /* 9 */, + 0x4CE754918DDEC47CLL /* 10 */, 0x0AA2F4DFDC0DF40CLL /* 11 */, + 0x10B76F18A74DBEFALL /* 12 */, 0xC6CCB6235AD1AB6ALL /* 13 */, + 0x13726121572FE2FFLL /* 14 */, 0x1A488C6F199D921ELL /* 15 */, + 0x4BC9F9F4DA0007CALL /* 16 */, 0x26F5E6F6E85241C7LL /* 17 */, + 0x859079DBEA5947B6LL /* 18 */, 0x4F1885C5C99E8C92LL /* 19 */, + 0xD78E761EA96F864BLL /* 20 */, 0x8E36428C52B5C17DLL /* 21 */, + 0x69CF6827373063C1LL /* 22 */, 0xB607C93D9BB4C56ELL /* 23 */, + 0x7D820E760E76B5EALL /* 24 */, 0x645C9CC6F07FDC42LL /* 25 */, + 0xBF38A078243342E0LL /* 26 */, 0x5F6B343C9D2E7D04LL /* 27 */, + 0xF2C28AEB600B0EC6LL /* 28 */, 0x6C0ED85F7254BCACLL /* 29 */, + 0x71592281A4DB4FE5LL /* 30 */, 0x1967FA69CE0FED9FLL /* 31 */, + 0xFD5293F8B96545DBLL /* 32 */, 0xC879E9D7F2A7600BLL /* 33 */, + 0x860248920193194ELL /* 34 */, 0xA4F9533B2D9CC0B3LL /* 35 */, + 0x9053836C15957613LL /* 36 */, 0xDB6DCF8AFC357BF1LL /* 37 */, + 0x18BEEA7A7A370F57LL /* 38 */, 0x037117CA50B99066LL /* 39 */, + 0x6AB30A9774424A35LL /* 40 */, 0xF4E92F02E325249BLL /* 41 */, + 0x7739DB07061CCAE1LL /* 42 */, 0xD8F3B49CECA42A05LL /* 43 */, + 0xBD56BE3F51382F73LL /* 44 */, 0x45FAED5843B0BB28LL /* 45 */, + 0x1C813D5C11BF1F83LL /* 46 */, 0x8AF0E4B6D75FA169LL /* 47 */, + 0x33EE18A487AD9999LL /* 48 */, 0x3C26E8EAB1C94410LL /* 49 */, + 0xB510102BC0A822F9LL /* 50 */, 0x141EEF310CE6123BLL /* 51 */, + 0xFC65B90059DDB154LL /* 52 */, 0xE0158640C5E0E607LL /* 53 */, + 0x884E079826C3A3CFLL /* 54 */, 0x930D0D9523C535FDLL /* 55 */, + 0x35638D754E9A2B00LL /* 56 */, 0x4085FCCF40469DD5LL /* 57 */, + 0xC4B17AD28BE23A4CLL /* 58 */, 0xCAB2F0FC6A3E6A2ELL /* 59 */, + 0x2860971A6B943FCDLL /* 60 */, 0x3DDE6EE212E30446LL /* 61 */, + 0x6222F32AE01765AELL /* 62 */, 0x5D550BB5478308FELL /* 63 */, + 0xA9EFA98DA0EDA22ALL /* 64 */, 0xC351A71686C40DA7LL /* 65 */, + 0x1105586D9C867C84LL /* 66 */, 0xDCFFEE85FDA22853LL /* 67 */, + 0xCCFBD0262C5EEF76LL /* 68 */, 0xBAF294CB8990D201LL /* 69 */, + 0xE69464F52AFAD975LL /* 70 */, 0x94B013AFDF133E14LL /* 71 */, + 0x06A7D1A32823C958LL /* 72 */, 0x6F95FE5130F61119LL /* 73 */, + 0xD92AB34E462C06C0LL /* 74 */, 0xED7BDE33887C71D2LL /* 75 */, + 0x79746D6E6518393ELL /* 76 */, 0x5BA419385D713329LL /* 77 */, + 0x7C1BA6B948A97564LL /* 78 */, 0x31987C197BFDAC67LL /* 79 */, + 0xDE6C23C44B053D02LL /* 80 */, 0x581C49FED002D64DLL /* 81 */, + 0xDD474D6338261571LL /* 82 */, 0xAA4546C3E473D062LL /* 83 */, + 0x928FCE349455F860LL /* 84 */, 0x48161BBACAAB94D9LL /* 85 */, + 0x63912430770E6F68LL /* 86 */, 0x6EC8A5E602C6641CLL /* 87 */, + 0x87282515337DDD2BLL /* 88 */, 0x2CDA6B42034B701BLL /* 89 */, + 0xB03D37C181CB096DLL /* 90 */, 0xE108438266C71C6FLL /* 91 */, + 0x2B3180C7EB51B255LL /* 92 */, 0xDF92B82F96C08BBCLL /* 93 */, + 0x5C68C8C0A632F3BALL /* 94 */, 0x5504CC861C3D0556LL /* 95 */, + 0xABBFA4E55FB26B8FLL /* 96 */, 0x41848B0AB3BACEB4LL /* 97 */, + 0xB334A273AA445D32LL /* 98 */, 0xBCA696F0A85AD881LL /* 99 */, + 0x24F6EC65B528D56CLL /* 100 */, 0x0CE1512E90F4524ALL /* 101 */, + 0x4E9DD79D5506D35ALL /* 102 */, 0x258905FAC6CE9779LL /* 103 */, + 0x2019295B3E109B33LL /* 104 */, 0xF8A9478B73A054CCLL /* 105 */, + 0x2924F2F934417EB0LL /* 106 */, 0x3993357D536D1BC4LL /* 107 */, + 0x38A81AC21DB6FF8BLL /* 108 */, 0x47C4FBF17D6016BFLL /* 109 */, + 0x1E0FAADD7667E3F5LL /* 110 */, 0x7ABCFF62938BEB96LL /* 111 */, + 0xA78DAD948FC179C9LL /* 112 */, 0x8F1F98B72911E50DLL /* 113 */, + 0x61E48EAE27121A91LL /* 114 */, 0x4D62F7AD31859808LL /* 115 */, + 0xECEBA345EF5CEAEBLL /* 116 */, 0xF5CEB25EBC9684CELL /* 117 */, + 0xF633E20CB7F76221LL /* 118 */, 0xA32CDF06AB8293E4LL /* 119 */, + 0x985A202CA5EE2CA4LL /* 120 */, 0xCF0B8447CC8A8FB1LL /* 121 */, + 0x9F765244979859A3LL /* 122 */, 0xA8D516B1A1240017LL /* 123 */, + 0x0BD7BA3EBB5DC726LL /* 124 */, 0xE54BCA55B86ADB39LL /* 125 */, + 0x1D7A3AFD6C478063LL /* 126 */, 0x519EC608E7669EDDLL /* 127 */, + 0x0E5715A2D149AA23LL /* 128 */, 0x177D4571848FF194LL /* 129 */, + 0xEEB55F3241014C22LL /* 130 */, 0x0F5E5CA13A6E2EC2LL /* 131 */, + 0x8029927B75F5C361LL /* 132 */, 0xAD139FABC3D6E436LL /* 133 */, + 0x0D5DF1A94CCF402FLL /* 134 */, 0x3E8BD948BEA5DFC8LL /* 135 */, + 0xA5A0D357BD3FF77ELL /* 136 */, 0xA2D12E251F74F645LL /* 137 */, + 0x66FD9E525E81A082LL /* 138 */, 0x2E0C90CE7F687A49LL /* 139 */, + 0xC2E8BCBEBA973BC5LL /* 140 */, 0x000001BCE509745FLL /* 141 */, + 0x423777BBE6DAB3D6LL /* 142 */, 0xD1661C7EAEF06EB5LL /* 143 */, + 0xA1781F354DAACFD8LL /* 144 */, 0x2D11284A2B16AFFCLL /* 145 */, + 0xF1FC4F67FA891D1FLL /* 146 */, 0x73ECC25DCB920ADALL /* 147 */, + 0xAE610C22C2A12651LL /* 148 */, 0x96E0A810D356B78ALL /* 149 */, + 0x5A9A381F2FE7870FLL /* 150 */, 0xD5AD62EDE94E5530LL /* 151 */, + 0xD225E5E8368D1427LL /* 152 */, 0x65977B70C7AF4631LL /* 153 */, + 0x99F889B2DE39D74FLL /* 154 */, 0x233F30BF54E1D143LL /* 155 */, + 0x9A9675D3D9A63C97LL /* 156 */, 0x5470554FF334F9A8LL /* 157 */, + 0x166ACB744A4F5688LL /* 158 */, 0x70C74CAAB2E4AEADLL /* 159 */, + 0xF0D091646F294D12LL /* 160 */, 0x57B82A89684031D1LL /* 161 */, + 0xEFD95A5A61BE0B6BLL /* 162 */, 0x2FBD12E969F2F29ALL /* 163 */, + 0x9BD37013FEFF9FE8LL /* 164 */, 0x3F9B0404D6085A06LL /* 165 */, + 0x4940C1F3166CFE15LL /* 166 */, 0x09542C4DCDF3DEFBLL /* 167 */, + 0xB4C5218385CD5CE3LL /* 168 */, 0xC935B7DC4462A641LL /* 169 */, + 0x3417F8A68ED3B63FLL /* 170 */, 0xB80959295B215B40LL /* 171 */, + 0xF99CDAEF3B8C8572LL /* 172 */, 0x018C0614F8FCB95DLL /* 173 */, + 0x1B14ACCD1A3ACDF3LL /* 174 */, 0x84D471F200BB732DLL /* 175 */, + 0xC1A3110E95E8DA16LL /* 176 */, 0x430A7220BF1A82B8LL /* 177 */, + 0xB77E090D39DF210ELL /* 178 */, 0x5EF4BD9F3CD05E9DLL /* 179 */, + 0x9D4FF6DA7E57A444LL /* 180 */, 0xDA1D60E183D4A5F8LL /* 181 */, + 0xB287C38417998E47LL /* 182 */, 0xFE3EDC121BB31886LL /* 183 */, + 0xC7FE3CCC980CCBEFLL /* 184 */, 0xE46FB590189BFD03LL /* 185 */, + 0x3732FD469A4C57DCLL /* 186 */, 0x7EF700A07CF1AD65LL /* 187 */, + 0x59C64468A31D8859LL /* 188 */, 0x762FB0B4D45B61F6LL /* 189 */, + 0x155BAED099047718LL /* 190 */, 0x68755E4C3D50BAA6LL /* 191 */, + 0xE9214E7F22D8B4DFLL /* 192 */, 0x2ADDBF532EAC95F4LL /* 193 */, + 0x32AE3909B4BD0109LL /* 194 */, 0x834DF537B08E3450LL /* 195 */, + 0xFA209DA84220728DLL /* 196 */, 0x9E691D9B9EFE23F7LL /* 197 */, + 0x0446D288C4AE8D7FLL /* 198 */, 0x7B4CC524E169785BLL /* 199 */, + 0x21D87F0135CA1385LL /* 200 */, 0xCEBB400F137B8AA5LL /* 201 */, + 0x272E2B66580796BELL /* 202 */, 0x3612264125C2B0DELL /* 203 */, + 0x057702BDAD1EFBB2LL /* 204 */, 0xD4BABB8EACF84BE9LL /* 205 */, + 0x91583139641BC67BLL /* 206 */, 0x8BDC2DE08036E024LL /* 207 */, + 0x603C8156F49F68EDLL /* 208 */, 0xF7D236F7DBEF5111LL /* 209 */, + 0x9727C4598AD21E80LL /* 210 */, 0xA08A0896670A5FD7LL /* 211 */, + 0xCB4A8F4309EBA9CBLL /* 212 */, 0x81AF564B0F7036A1LL /* 213 */, + 0xC0B99AA778199ABDLL /* 214 */, 0x959F1EC83FC8E952LL /* 215 */, + 0x8C505077794A81B9LL /* 216 */, 0x3ACAAF8F056338F0LL /* 217 */, + 0x07B43F50627A6778LL /* 218 */, 0x4A44AB49F5ECCC77LL /* 219 */, + 0x3BC3D6E4B679EE98LL /* 220 */, 0x9CC0D4D1CF14108CLL /* 221 */, + 0x4406C00B206BC8A0LL /* 222 */, 0x82A18854C8D72D89LL /* 223 */, + 0x67E366B35C3C432CLL /* 224 */, 0xB923DD61102B37F2LL /* 225 */, + 0x56AB2779D884271DLL /* 226 */, 0xBE83E1B0FF1525AFLL /* 227 */, + 0xFB7C65D4217E49A9LL /* 228 */, 0x6BDBE0E76D48E7D4LL /* 229 */, + 0x08DF828745D9179ELL /* 230 */, 0x22EA6A9ADD53BD34LL /* 231 */, + 0xE36E141C5622200ALL /* 232 */, 0x7F805D1B8CB750EELL /* 233 */, + 0xAFE5C7A59F58E837LL /* 234 */, 0xE27F996A4FB1C23CLL /* 235 */, + 0xD3867DFB0775F0D0LL /* 236 */, 0xD0E673DE6E88891ALL /* 237 */, + 0x123AEB9EAFB86C25LL /* 238 */, 0x30F1D5D5C145B895LL /* 239 */, + 0xBB434A2DEE7269E7LL /* 240 */, 0x78CB67ECF931FA38LL /* 241 */, + 0xF33B0372323BBF9CLL /* 242 */, 0x52D66336FB279C74LL /* 243 */, + 0x505F33AC0AFB4EAALL /* 244 */, 0xE8A5CD99A2CCE187LL /* 245 */, + 0x534974801E2D30BBLL /* 246 */, 0x8D2D5711D5876D90LL /* 247 */, + 0x1F1A412891BC038ELL /* 248 */, 0xD6E2E71D82E56648LL /* 249 */, + 0x74036C3A497732B7LL /* 250 */, 0x89B67ED96361F5ABLL /* 251 */, + 0xFFED95D8F1EA02A2LL /* 252 */, 0xE72B3BD61464D43DLL /* 253 */, + 0xA6300F170BDC4820LL /* 254 */, 0xEBC18760ED78A77ALL /* 255 */, + 0xE6A6BE5A05A12138LL /* 256 */, 0xB5A122A5B4F87C98LL /* 257 */, + 0x563C6089140B6990LL /* 258 */, 0x4C46CB2E391F5DD5LL /* 259 */, + 0xD932ADDBC9B79434LL /* 260 */, 0x08EA70E42015AFF5LL /* 261 */, + 0xD765A6673E478CF1LL /* 262 */, 0xC4FB757EAB278D99LL /* 263 */, + 0xDF11C6862D6E0692LL /* 264 */, 0xDDEB84F10D7F3B16LL /* 265 */, + 0x6F2EF604A665EA04LL /* 266 */, 0x4A8E0F0FF0E0DFB3LL /* 267 */, + 0xA5EDEEF83DBCBA51LL /* 268 */, 0xFC4F0A2A0EA4371ELL /* 269 */, + 0xE83E1DA85CB38429LL /* 270 */, 0xDC8FF882BA1B1CE2LL /* 271 */, + 0xCD45505E8353E80DLL /* 272 */, 0x18D19A00D4DB0717LL /* 273 */, + 0x34A0CFEDA5F38101LL /* 274 */, 0x0BE77E518887CAF2LL /* 275 */, + 0x1E341438B3C45136LL /* 276 */, 0xE05797F49089CCF9LL /* 277 */, + 0xFFD23F9DF2591D14LL /* 278 */, 0x543DDA228595C5CDLL /* 279 */, + 0x661F81FD99052A33LL /* 280 */, 0x8736E641DB0F7B76LL /* 281 */, + 0x15227725418E5307LL /* 282 */, 0xE25F7F46162EB2FALL /* 283 */, + 0x48A8B2126C13D9FELL /* 284 */, 0xAFDC541792E76EEALL /* 285 */, + 0x03D912BFC6D1898FLL /* 286 */, 0x31B1AAFA1B83F51BLL /* 287 */, + 0xF1AC2796E42AB7D9LL /* 288 */, 0x40A3A7D7FCD2EBACLL /* 289 */, + 0x1056136D0AFBBCC5LL /* 290 */, 0x7889E1DD9A6D0C85LL /* 291 */, + 0xD33525782A7974AALL /* 292 */, 0xA7E25D09078AC09BLL /* 293 */, + 0xBD4138B3EAC6EDD0LL /* 294 */, 0x920ABFBE71EB9E70LL /* 295 */, + 0xA2A5D0F54FC2625CLL /* 296 */, 0xC054E36B0B1290A3LL /* 297 */, + 0xF6DD59FF62FE932BLL /* 298 */, 0x3537354511A8AC7DLL /* 299 */, + 0xCA845E9172FADCD4LL /* 300 */, 0x84F82B60329D20DCLL /* 301 */, + 0x79C62CE1CD672F18LL /* 302 */, 0x8B09A2ADD124642CLL /* 303 */, + 0xD0C1E96A19D9E726LL /* 304 */, 0x5A786A9B4BA9500CLL /* 305 */, + 0x0E020336634C43F3LL /* 306 */, 0xC17B474AEB66D822LL /* 307 */, + 0x6A731AE3EC9BAAC2LL /* 308 */, 0x8226667AE0840258LL /* 309 */, + 0x67D4567691CAECA5LL /* 310 */, 0x1D94155C4875ADB5LL /* 311 */, + 0x6D00FD985B813FDFLL /* 312 */, 0x51286EFCB774CD06LL /* 313 */, + 0x5E8834471FA744AFLL /* 314 */, 0xF72CA0AEE761AE2ELL /* 315 */, + 0xBE40E4CDAEE8E09ALL /* 316 */, 0xE9970BBB5118F665LL /* 317 */, + 0x726E4BEB33DF1964LL /* 318 */, 0x703B000729199762LL /* 319 */, + 0x4631D816F5EF30A7LL /* 320 */, 0xB880B5B51504A6BELL /* 321 */, + 0x641793C37ED84B6CLL /* 322 */, 0x7B21ED77F6E97D96LL /* 323 */, + 0x776306312EF96B73LL /* 324 */, 0xAE528948E86FF3F4LL /* 325 */, + 0x53DBD7F286A3F8F8LL /* 326 */, 0x16CADCE74CFC1063LL /* 327 */, + 0x005C19BDFA52C6DDLL /* 328 */, 0x68868F5D64D46AD3LL /* 329 */, + 0x3A9D512CCF1E186ALL /* 330 */, 0x367E62C2385660AELL /* 331 */, + 0xE359E7EA77DCB1D7LL /* 332 */, 0x526C0773749ABE6ELL /* 333 */, + 0x735AE5F9D09F734BLL /* 334 */, 0x493FC7CC8A558BA8LL /* 335 */, + 0xB0B9C1533041AB45LL /* 336 */, 0x321958BA470A59BDLL /* 337 */, + 0x852DB00B5F46C393LL /* 338 */, 0x91209B2BD336B0E5LL /* 339 */, + 0x6E604F7D659EF19FLL /* 340 */, 0xB99A8AE2782CCB24LL /* 341 */, + 0xCCF52AB6C814C4C7LL /* 342 */, 0x4727D9AFBE11727BLL /* 343 */, + 0x7E950D0C0121B34DLL /* 344 */, 0x756F435670AD471FLL /* 345 */, + 0xF5ADD442615A6849LL /* 346 */, 0x4E87E09980B9957ALL /* 347 */, + 0x2ACFA1DF50AEE355LL /* 348 */, 0xD898263AFD2FD556LL /* 349 */, + 0xC8F4924DD80C8FD6LL /* 350 */, 0xCF99CA3D754A173ALL /* 351 */, + 0xFE477BACAF91BF3CLL /* 352 */, 0xED5371F6D690C12DLL /* 353 */, + 0x831A5C285E687094LL /* 354 */, 0xC5D3C90A3708A0A4LL /* 355 */, + 0x0F7F903717D06580LL /* 356 */, 0x19F9BB13B8FDF27FLL /* 357 */, + 0xB1BD6F1B4D502843LL /* 358 */, 0x1C761BA38FFF4012LL /* 359 */, + 0x0D1530C4E2E21F3BLL /* 360 */, 0x8943CE69A7372C8ALL /* 361 */, + 0xE5184E11FEB5CE66LL /* 362 */, 0x618BDB80BD736621LL /* 363 */, + 0x7D29BAD68B574D0BLL /* 364 */, 0x81BB613E25E6FE5BLL /* 365 */, + 0x071C9C10BC07913FLL /* 366 */, 0xC7BEEB7909AC2D97LL /* 367 */, + 0xC3E58D353BC5D757LL /* 368 */, 0xEB017892F38F61E8LL /* 369 */, + 0xD4EFFB9C9B1CC21ALL /* 370 */, 0x99727D26F494F7ABLL /* 371 */, + 0xA3E063A2956B3E03LL /* 372 */, 0x9D4A8B9A4AA09C30LL /* 373 */, + 0x3F6AB7D500090FB4LL /* 374 */, 0x9CC0F2A057268AC0LL /* 375 */, + 0x3DEE9D2DEDBF42D1LL /* 376 */, 0x330F49C87960A972LL /* 377 */, + 0xC6B2720287421B41LL /* 378 */, 0x0AC59EC07C00369CLL /* 379 */, + 0xEF4EAC49CB353425LL /* 380 */, 0xF450244EEF0129D8LL /* 381 */, + 0x8ACC46E5CAF4DEB6LL /* 382 */, 0x2FFEAB63989263F7LL /* 383 */, + 0x8F7CB9FE5D7A4578LL /* 384 */, 0x5BD8F7644E634635LL /* 385 */, + 0x427A7315BF2DC900LL /* 386 */, 0x17D0C4AA2125261CLL /* 387 */, + 0x3992486C93518E50LL /* 388 */, 0xB4CBFEE0A2D7D4C3LL /* 389 */, + 0x7C75D6202C5DDD8DLL /* 390 */, 0xDBC295D8E35B6C61LL /* 391 */, + 0x60B369D302032B19LL /* 392 */, 0xCE42685FDCE44132LL /* 393 */, + 0x06F3DDB9DDF65610LL /* 394 */, 0x8EA4D21DB5E148F0LL /* 395 */, + 0x20B0FCE62FCD496FLL /* 396 */, 0x2C1B912358B0EE31LL /* 397 */, + 0xB28317B818F5A308LL /* 398 */, 0xA89C1E189CA6D2CFLL /* 399 */, + 0x0C6B18576AAADBC8LL /* 400 */, 0xB65DEAA91299FAE3LL /* 401 */, + 0xFB2B794B7F1027E7LL /* 402 */, 0x04E4317F443B5BEBLL /* 403 */, + 0x4B852D325939D0A6LL /* 404 */, 0xD5AE6BEEFB207FFCLL /* 405 */, + 0x309682B281C7D374LL /* 406 */, 0xBAE309A194C3B475LL /* 407 */, + 0x8CC3F97B13B49F05LL /* 408 */, 0x98A9422FF8293967LL /* 409 */, + 0x244B16B01076FF7CLL /* 410 */, 0xF8BF571C663D67EELL /* 411 */, + 0x1F0D6758EEE30DA1LL /* 412 */, 0xC9B611D97ADEB9B7LL /* 413 */, + 0xB7AFD5887B6C57A2LL /* 414 */, 0x6290AE846B984FE1LL /* 415 */, + 0x94DF4CDEACC1A5FDLL /* 416 */, 0x058A5BD1C5483AFFLL /* 417 */, + 0x63166CC142BA3C37LL /* 418 */, 0x8DB8526EB2F76F40LL /* 419 */, + 0xE10880036F0D6D4ELL /* 420 */, 0x9E0523C9971D311DLL /* 421 */, + 0x45EC2824CC7CD691LL /* 422 */, 0x575B8359E62382C9LL /* 423 */, + 0xFA9E400DC4889995LL /* 424 */, 0xD1823ECB45721568LL /* 425 */, + 0xDAFD983B8206082FLL /* 426 */, 0xAA7D29082386A8CBLL /* 427 */, + 0x269FCD4403B87588LL /* 428 */, 0x1B91F5F728BDD1E0LL /* 429 */, + 0xE4669F39040201F6LL /* 430 */, 0x7A1D7C218CF04ADELL /* 431 */, + 0x65623C29D79CE5CELL /* 432 */, 0x2368449096C00BB1LL /* 433 */, + 0xAB9BF1879DA503BALL /* 434 */, 0xBC23ECB1A458058ELL /* 435 */, + 0x9A58DF01BB401ECCLL /* 436 */, 0xA070E868A85F143DLL /* 437 */, + 0x4FF188307DF2239ELL /* 438 */, 0x14D565B41A641183LL /* 439 */, + 0xEE13337452701602LL /* 440 */, 0x950E3DCF3F285E09LL /* 441 */, + 0x59930254B9C80953LL /* 442 */, 0x3BF299408930DA6DLL /* 443 */, + 0xA955943F53691387LL /* 444 */, 0xA15EDECAA9CB8784LL /* 445 */, + 0x29142127352BE9A0LL /* 446 */, 0x76F0371FFF4E7AFBLL /* 447 */, + 0x0239F450274F2228LL /* 448 */, 0xBB073AF01D5E868BLL /* 449 */, + 0xBFC80571C10E96C1LL /* 450 */, 0xD267088568222E23LL /* 451 */, + 0x9671A3D48E80B5B0LL /* 452 */, 0x55B5D38AE193BB81LL /* 453 */, + 0x693AE2D0A18B04B8LL /* 454 */, 0x5C48B4ECADD5335FLL /* 455 */, + 0xFD743B194916A1CALL /* 456 */, 0x2577018134BE98C4LL /* 457 */, + 0xE77987E83C54A4ADLL /* 458 */, 0x28E11014DA33E1B9LL /* 459 */, + 0x270CC59E226AA213LL /* 460 */, 0x71495F756D1A5F60LL /* 461 */, + 0x9BE853FB60AFEF77LL /* 462 */, 0xADC786A7F7443DBFLL /* 463 */, + 0x0904456173B29A82LL /* 464 */, 0x58BC7A66C232BD5ELL /* 465 */, + 0xF306558C673AC8B2LL /* 466 */, 0x41F639C6B6C9772ALL /* 467 */, + 0x216DEFE99FDA35DALL /* 468 */, 0x11640CC71C7BE615LL /* 469 */, + 0x93C43694565C5527LL /* 470 */, 0xEA038E6246777839LL /* 471 */, + 0xF9ABF3CE5A3E2469LL /* 472 */, 0x741E768D0FD312D2LL /* 473 */, + 0x0144B883CED652C6LL /* 474 */, 0xC20B5A5BA33F8552LL /* 475 */, + 0x1AE69633C3435A9DLL /* 476 */, 0x97A28CA4088CFDECLL /* 477 */, + 0x8824A43C1E96F420LL /* 478 */, 0x37612FA66EEEA746LL /* 479 */, + 0x6B4CB165F9CF0E5ALL /* 480 */, 0x43AA1C06A0ABFB4ALL /* 481 */, + 0x7F4DC26FF162796BLL /* 482 */, 0x6CBACC8E54ED9B0FLL /* 483 */, + 0xA6B7FFEFD2BB253ELL /* 484 */, 0x2E25BC95B0A29D4FLL /* 485 */, + 0x86D6A58BDEF1388CLL /* 486 */, 0xDED74AC576B6F054LL /* 487 */, + 0x8030BDBC2B45805DLL /* 488 */, 0x3C81AF70E94D9289LL /* 489 */, + 0x3EFF6DDA9E3100DBLL /* 490 */, 0xB38DC39FDFCC8847LL /* 491 */, + 0x123885528D17B87ELL /* 492 */, 0xF2DA0ED240B1B642LL /* 493 */, + 0x44CEFADCD54BF9A9LL /* 494 */, 0x1312200E433C7EE6LL /* 495 */, + 0x9FFCC84F3A78C748LL /* 496 */, 0xF0CD1F72248576BBLL /* 497 */, + 0xEC6974053638CFE4LL /* 498 */, 0x2BA7B67C0CEC4E4CLL /* 499 */, + 0xAC2F4DF3E5CE32EDLL /* 500 */, 0xCB33D14326EA4C11LL /* 501 */, + 0xA4E9044CC77E58BCLL /* 502 */, 0x5F513293D934FCEFLL /* 503 */, + 0x5DC9645506E55444LL /* 504 */, 0x50DE418F317DE40ALL /* 505 */, + 0x388CB31A69DDE259LL /* 506 */, 0x2DB4A83455820A86LL /* 507 */, + 0x9010A91E84711AE9LL /* 508 */, 0x4DF7F0B7B1498371LL /* 509 */, + 0xD62A2EABC0977179LL /* 510 */, 0x22FAC097AA8D5C0ELL /* 511 */, + 0xF49FCC2FF1DAF39BLL /* 512 */, 0x487FD5C66FF29281LL /* 513 */, + 0xE8A30667FCDCA83FLL /* 514 */, 0x2C9B4BE3D2FCCE63LL /* 515 */, + 0xDA3FF74B93FBBBC2LL /* 516 */, 0x2FA165D2FE70BA66LL /* 517 */, + 0xA103E279970E93D4LL /* 518 */, 0xBECDEC77B0E45E71LL /* 519 */, + 0xCFB41E723985E497LL /* 520 */, 0xB70AAA025EF75017LL /* 521 */, + 0xD42309F03840B8E0LL /* 522 */, 0x8EFC1AD035898579LL /* 523 */, + 0x96C6920BE2B2ABC5LL /* 524 */, 0x66AF4163375A9172LL /* 525 */, + 0x2174ABDCCA7127FBLL /* 526 */, 0xB33CCEA64A72FF41LL /* 527 */, + 0xF04A4933083066A5LL /* 528 */, 0x8D970ACDD7289AF5LL /* 529 */, + 0x8F96E8E031C8C25ELL /* 530 */, 0xF3FEC02276875D47LL /* 531 */, + 0xEC7BF310056190DDLL /* 532 */, 0xF5ADB0AEBB0F1491LL /* 533 */, + 0x9B50F8850FD58892LL /* 534 */, 0x4975488358B74DE8LL /* 535 */, + 0xA3354FF691531C61LL /* 536 */, 0x0702BBE481D2C6EELL /* 537 */, + 0x89FB24057DEDED98LL /* 538 */, 0xAC3075138596E902LL /* 539 */, + 0x1D2D3580172772EDLL /* 540 */, 0xEB738FC28E6BC30DLL /* 541 */, + 0x5854EF8F63044326LL /* 542 */, 0x9E5C52325ADD3BBELL /* 543 */, + 0x90AA53CF325C4623LL /* 544 */, 0xC1D24D51349DD067LL /* 545 */, + 0x2051CFEEA69EA624LL /* 546 */, 0x13220F0A862E7E4FLL /* 547 */, + 0xCE39399404E04864LL /* 548 */, 0xD9C42CA47086FCB7LL /* 549 */, + 0x685AD2238A03E7CCLL /* 550 */, 0x066484B2AB2FF1DBLL /* 551 */, + 0xFE9D5D70EFBF79ECLL /* 552 */, 0x5B13B9DD9C481854LL /* 553 */, + 0x15F0D475ED1509ADLL /* 554 */, 0x0BEBCD060EC79851LL /* 555 */, + 0xD58C6791183AB7F8LL /* 556 */, 0xD1187C5052F3EEE4LL /* 557 */, + 0xC95D1192E54E82FFLL /* 558 */, 0x86EEA14CB9AC6CA2LL /* 559 */, + 0x3485BEB153677D5DLL /* 560 */, 0xDD191D781F8C492ALL /* 561 */, + 0xF60866BAA784EBF9LL /* 562 */, 0x518F643BA2D08C74LL /* 563 */, + 0x8852E956E1087C22LL /* 564 */, 0xA768CB8DC410AE8DLL /* 565 */, + 0x38047726BFEC8E1ALL /* 566 */, 0xA67738B4CD3B45AALL /* 567 */, + 0xAD16691CEC0DDE19LL /* 568 */, 0xC6D4319380462E07LL /* 569 */, + 0xC5A5876D0BA61938LL /* 570 */, 0x16B9FA1FA58FD840LL /* 571 */, + 0x188AB1173CA74F18LL /* 572 */, 0xABDA2F98C99C021FLL /* 573 */, + 0x3E0580AB134AE816LL /* 574 */, 0x5F3B05B773645ABBLL /* 575 */, + 0x2501A2BE5575F2F6LL /* 576 */, 0x1B2F74004E7E8BA9LL /* 577 */, + 0x1CD7580371E8D953LL /* 578 */, 0x7F6ED89562764E30LL /* 579 */, + 0xB15926FF596F003DLL /* 580 */, 0x9F65293DA8C5D6B9LL /* 581 */, + 0x6ECEF04DD690F84CLL /* 582 */, 0x4782275FFF33AF88LL /* 583 */, + 0xE41433083F820801LL /* 584 */, 0xFD0DFE409A1AF9B5LL /* 585 */, + 0x4325A3342CDB396BLL /* 586 */, 0x8AE77E62B301B252LL /* 587 */, + 0xC36F9E9F6655615ALL /* 588 */, 0x85455A2D92D32C09LL /* 589 */, + 0xF2C7DEA949477485LL /* 590 */, 0x63CFB4C133A39EBALL /* 591 */, + 0x83B040CC6EBC5462LL /* 592 */, 0x3B9454C8FDB326B0LL /* 593 */, + 0x56F56A9E87FFD78CLL /* 594 */, 0x2DC2940D99F42BC6LL /* 595 */, + 0x98F7DF096B096E2DLL /* 596 */, 0x19A6E01E3AD852BFLL /* 597 */, + 0x42A99CCBDBD4B40BLL /* 598 */, 0xA59998AF45E9C559LL /* 599 */, + 0x366295E807D93186LL /* 600 */, 0x6B48181BFAA1F773LL /* 601 */, + 0x1FEC57E2157A0A1DLL /* 602 */, 0x4667446AF6201AD5LL /* 603 */, + 0xE615EBCACFB0F075LL /* 604 */, 0xB8F31F4F68290778LL /* 605 */, + 0x22713ED6CE22D11ELL /* 606 */, 0x3057C1A72EC3C93BLL /* 607 */, + 0xCB46ACC37C3F1F2FLL /* 608 */, 0xDBB893FD02AAF50ELL /* 609 */, + 0x331FD92E600B9FCFLL /* 610 */, 0xA498F96148EA3AD6LL /* 611 */, + 0xA8D8426E8B6A83EALL /* 612 */, 0xA089B274B7735CDCLL /* 613 */, + 0x87F6B3731E524A11LL /* 614 */, 0x118808E5CBC96749LL /* 615 */, + 0x9906E4C7B19BD394LL /* 616 */, 0xAFED7F7E9B24A20CLL /* 617 */, + 0x6509EADEEB3644A7LL /* 618 */, 0x6C1EF1D3E8EF0EDELL /* 619 */, + 0xB9C97D43E9798FB4LL /* 620 */, 0xA2F2D784740C28A3LL /* 621 */, + 0x7B8496476197566FLL /* 622 */, 0x7A5BE3E6B65F069DLL /* 623 */, + 0xF96330ED78BE6F10LL /* 624 */, 0xEEE60DE77A076A15LL /* 625 */, + 0x2B4BEE4AA08B9BD0LL /* 626 */, 0x6A56A63EC7B8894ELL /* 627 */, + 0x02121359BA34FEF4LL /* 628 */, 0x4CBF99F8283703FCLL /* 629 */, + 0x398071350CAF30C8LL /* 630 */, 0xD0A77A89F017687ALL /* 631 */, + 0xF1C1A9EB9E423569LL /* 632 */, 0x8C7976282DEE8199LL /* 633 */, + 0x5D1737A5DD1F7ABDLL /* 634 */, 0x4F53433C09A9FA80LL /* 635 */, + 0xFA8B0C53DF7CA1D9LL /* 636 */, 0x3FD9DCBC886CCB77LL /* 637 */, + 0xC040917CA91B4720LL /* 638 */, 0x7DD00142F9D1DCDFLL /* 639 */, + 0x8476FC1D4F387B58LL /* 640 */, 0x23F8E7C5F3316503LL /* 641 */, + 0x032A2244E7E37339LL /* 642 */, 0x5C87A5D750F5A74BLL /* 643 */, + 0x082B4CC43698992ELL /* 644 */, 0xDF917BECB858F63CLL /* 645 */, + 0x3270B8FC5BF86DDALL /* 646 */, 0x10AE72BB29B5DD76LL /* 647 */, + 0x576AC94E7700362BLL /* 648 */, 0x1AD112DAC61EFB8FLL /* 649 */, + 0x691BC30EC5FAA427LL /* 650 */, 0xFF246311CC327143LL /* 651 */, + 0x3142368E30E53206LL /* 652 */, 0x71380E31E02CA396LL /* 653 */, + 0x958D5C960AAD76F1LL /* 654 */, 0xF8D6F430C16DA536LL /* 655 */, + 0xC8FFD13F1BE7E1D2LL /* 656 */, 0x7578AE66004DDBE1LL /* 657 */, + 0x05833F01067BE646LL /* 658 */, 0xBB34B5AD3BFE586DLL /* 659 */, + 0x095F34C9A12B97F0LL /* 660 */, 0x247AB64525D60CA8LL /* 661 */, + 0xDCDBC6F3017477D1LL /* 662 */, 0x4A2E14D4DECAD24DLL /* 663 */, + 0xBDB5E6D9BE0A1EEBLL /* 664 */, 0x2A7E70F7794301ABLL /* 665 */, + 0xDEF42D8A270540FDLL /* 666 */, 0x01078EC0A34C22C1LL /* 667 */, + 0xE5DE511AF4C16387LL /* 668 */, 0x7EBB3A52BD9A330ALL /* 669 */, + 0x77697857AA7D6435LL /* 670 */, 0x004E831603AE4C32LL /* 671 */, + 0xE7A21020AD78E312LL /* 672 */, 0x9D41A70C6AB420F2LL /* 673 */, + 0x28E06C18EA1141E6LL /* 674 */, 0xD2B28CBD984F6B28LL /* 675 */, + 0x26B75F6C446E9D83LL /* 676 */, 0xBA47568C4D418D7FLL /* 677 */, + 0xD80BADBFE6183D8ELL /* 678 */, 0x0E206D7F5F166044LL /* 679 */, + 0xE258A43911CBCA3ELL /* 680 */, 0x723A1746B21DC0BCLL /* 681 */, + 0xC7CAA854F5D7CDD3LL /* 682 */, 0x7CAC32883D261D9CLL /* 683 */, + 0x7690C26423BA942CLL /* 684 */, 0x17E55524478042B8LL /* 685 */, + 0xE0BE477656A2389FLL /* 686 */, 0x4D289B5E67AB2DA0LL /* 687 */, + 0x44862B9C8FBBFD31LL /* 688 */, 0xB47CC8049D141365LL /* 689 */, + 0x822C1B362B91C793LL /* 690 */, 0x4EB14655FB13DFD8LL /* 691 */, + 0x1ECBBA0714E2A97BLL /* 692 */, 0x6143459D5CDE5F14LL /* 693 */, + 0x53A8FBF1D5F0AC89LL /* 694 */, 0x97EA04D81C5E5B00LL /* 695 */, + 0x622181A8D4FDB3F3LL /* 696 */, 0xE9BCD341572A1208LL /* 697 */, + 0x1411258643CCE58ALL /* 698 */, 0x9144C5FEA4C6E0A4LL /* 699 */, + 0x0D33D06565CF620FLL /* 700 */, 0x54A48D489F219CA1LL /* 701 */, + 0xC43E5EAC6D63C821LL /* 702 */, 0xA9728B3A72770DAFLL /* 703 */, + 0xD7934E7B20DF87EFLL /* 704 */, 0xE35503B61A3E86E5LL /* 705 */, + 0xCAE321FBC819D504LL /* 706 */, 0x129A50B3AC60BFA6LL /* 707 */, + 0xCD5E68EA7E9FB6C3LL /* 708 */, 0xB01C90199483B1C7LL /* 709 */, + 0x3DE93CD5C295376CLL /* 710 */, 0xAED52EDF2AB9AD13LL /* 711 */, + 0x2E60F512C0A07884LL /* 712 */, 0xBC3D86A3E36210C9LL /* 713 */, + 0x35269D9B163951CELL /* 714 */, 0x0C7D6E2AD0CDB5FALL /* 715 */, + 0x59E86297D87F5733LL /* 716 */, 0x298EF221898DB0E7LL /* 717 */, + 0x55000029D1A5AA7ELL /* 718 */, 0x8BC08AE1B5061B45LL /* 719 */, + 0xC2C31C2B6C92703ALL /* 720 */, 0x94CC596BAF25EF42LL /* 721 */, + 0x0A1D73DB22540456LL /* 722 */, 0x04B6A0F9D9C4179ALL /* 723 */, + 0xEFFDAFA2AE3D3C60LL /* 724 */, 0xF7C8075BB49496C4LL /* 725 */, + 0x9CC5C7141D1CD4E3LL /* 726 */, 0x78BD1638218E5534LL /* 727 */, + 0xB2F11568F850246ALL /* 728 */, 0xEDFABCFA9502BC29LL /* 729 */, + 0x796CE5F2DA23051BLL /* 730 */, 0xAAE128B0DC93537CLL /* 731 */, + 0x3A493DA0EE4B29AELL /* 732 */, 0xB5DF6B2C416895D7LL /* 733 */, + 0xFCABBD25122D7F37LL /* 734 */, 0x70810B58105DC4B1LL /* 735 */, + 0xE10FDD37F7882A90LL /* 736 */, 0x524DCAB5518A3F5CLL /* 737 */, + 0x3C9E85878451255BLL /* 738 */, 0x4029828119BD34E2LL /* 739 */, + 0x74A05B6F5D3CECCBLL /* 740 */, 0xB610021542E13ECALL /* 741 */, + 0x0FF979D12F59E2ACLL /* 742 */, 0x6037DA27E4F9CC50LL /* 743 */, + 0x5E92975A0DF1847DLL /* 744 */, 0xD66DE190D3E623FELL /* 745 */, + 0x5032D6B87B568048LL /* 746 */, 0x9A36B7CE8235216ELL /* 747 */, + 0x80272A7A24F64B4ALL /* 748 */, 0x93EFED8B8C6916F7LL /* 749 */, + 0x37DDBFF44CCE1555LL /* 750 */, 0x4B95DB5D4B99BD25LL /* 751 */, + 0x92D3FDA169812FC0LL /* 752 */, 0xFB1A4A9A90660BB6LL /* 753 */, + 0x730C196946A4B9B2LL /* 754 */, 0x81E289AA7F49DA68LL /* 755 */, + 0x64669A0F83B1A05FLL /* 756 */, 0x27B3FF7D9644F48BLL /* 757 */, + 0xCC6B615C8DB675B3LL /* 758 */, 0x674F20B9BCEBBE95LL /* 759 */, + 0x6F31238275655982LL /* 760 */, 0x5AE488713E45CF05LL /* 761 */, + 0xBF619F9954C21157LL /* 762 */, 0xEABAC46040A8EAE9LL /* 763 */, + 0x454C6FE9F2C0C1CDLL /* 764 */, 0x419CF6496412691CLL /* 765 */, + 0xD3DC3BEF265B0F70LL /* 766 */, 0x6D0E60F5C3578A9ELL /* 767 */, + 0x5B0E608526323C55LL /* 768 */, 0x1A46C1A9FA1B59F5LL /* 769 */, + 0xA9E245A17C4C8FFALL /* 770 */, 0x65CA5159DB2955D7LL /* 771 */, + 0x05DB0A76CE35AFC2LL /* 772 */, 0x81EAC77EA9113D45LL /* 773 */, + 0x528EF88AB6AC0A0DLL /* 774 */, 0xA09EA253597BE3FFLL /* 775 */, + 0x430DDFB3AC48CD56LL /* 776 */, 0xC4B3A67AF45CE46FLL /* 777 */, + 0x4ECECFD8FBE2D05ELL /* 778 */, 0x3EF56F10B39935F0LL /* 779 */, + 0x0B22D6829CD619C6LL /* 780 */, 0x17FD460A74DF2069LL /* 781 */, + 0x6CF8CC8E8510ED40LL /* 782 */, 0xD6C824BF3A6ECAA7LL /* 783 */, + 0x61243D581A817049LL /* 784 */, 0x048BACB6BBC163A2LL /* 785 */, + 0xD9A38AC27D44CC32LL /* 786 */, 0x7FDDFF5BAAF410ABLL /* 787 */, + 0xAD6D495AA804824BLL /* 788 */, 0xE1A6A74F2D8C9F94LL /* 789 */, + 0xD4F7851235DEE8E3LL /* 790 */, 0xFD4B7F886540D893LL /* 791 */, + 0x247C20042AA4BFDALL /* 792 */, 0x096EA1C517D1327CLL /* 793 */, + 0xD56966B4361A6685LL /* 794 */, 0x277DA5C31221057DLL /* 795 */, + 0x94D59893A43ACFF7LL /* 796 */, 0x64F0C51CCDC02281LL /* 797 */, + 0x3D33BCC4FF6189DBLL /* 798 */, 0xE005CB184CE66AF1LL /* 799 */, + 0xFF5CCD1D1DB99BEALL /* 800 */, 0xB0B854A7FE42980FLL /* 801 */, + 0x7BD46A6A718D4B9FLL /* 802 */, 0xD10FA8CC22A5FD8CLL /* 803 */, + 0xD31484952BE4BD31LL /* 804 */, 0xC7FA975FCB243847LL /* 805 */, + 0x4886ED1E5846C407LL /* 806 */, 0x28CDDB791EB70B04LL /* 807 */, + 0xC2B00BE2F573417FLL /* 808 */, 0x5C9590452180F877LL /* 809 */, + 0x7A6BDDFFF370EB00LL /* 810 */, 0xCE509E38D6D9D6A4LL /* 811 */, + 0xEBEB0F00647FA702LL /* 812 */, 0x1DCC06CF76606F06LL /* 813 */, + 0xE4D9F28BA286FF0ALL /* 814 */, 0xD85A305DC918C262LL /* 815 */, + 0x475B1D8732225F54LL /* 816 */, 0x2D4FB51668CCB5FELL /* 817 */, + 0xA679B9D9D72BBA20LL /* 818 */, 0x53841C0D912D43A5LL /* 819 */, + 0x3B7EAA48BF12A4E8LL /* 820 */, 0x781E0E47F22F1DDFLL /* 821 */, + 0xEFF20CE60AB50973LL /* 822 */, 0x20D261D19DFFB742LL /* 823 */, + 0x16A12B03062A2E39LL /* 824 */, 0x1960EB2239650495LL /* 825 */, + 0x251C16FED50EB8B8LL /* 826 */, 0x9AC0C330F826016ELL /* 827 */, + 0xED152665953E7671LL /* 828 */, 0x02D63194A6369570LL /* 829 */, + 0x5074F08394B1C987LL /* 830 */, 0x70BA598C90B25CE1LL /* 831 */, + 0x794A15810B9742F6LL /* 832 */, 0x0D5925E9FCAF8C6CLL /* 833 */, + 0x3067716CD868744ELL /* 834 */, 0x910AB077E8D7731BLL /* 835 */, + 0x6A61BBDB5AC42F61LL /* 836 */, 0x93513EFBF0851567LL /* 837 */, + 0xF494724B9E83E9D5LL /* 838 */, 0xE887E1985C09648DLL /* 839 */, + 0x34B1D3C675370CFDLL /* 840 */, 0xDC35E433BC0D255DLL /* 841 */, + 0xD0AAB84234131BE0LL /* 842 */, 0x08042A50B48B7EAFLL /* 843 */, + 0x9997C4EE44A3AB35LL /* 844 */, 0x829A7B49201799D0LL /* 845 */, + 0x263B8307B7C54441LL /* 846 */, 0x752F95F4FD6A6CA6LL /* 847 */, + 0x927217402C08C6E5LL /* 848 */, 0x2A8AB754A795D9EELL /* 849 */, + 0xA442F7552F72943DLL /* 850 */, 0x2C31334E19781208LL /* 851 */, + 0x4FA98D7CEAEE6291LL /* 852 */, 0x55C3862F665DB309LL /* 853 */, + 0xBD0610175D53B1F3LL /* 854 */, 0x46FE6CB840413F27LL /* 855 */, + 0x3FE03792DF0CFA59LL /* 856 */, 0xCFE700372EB85E8FLL /* 857 */, + 0xA7BE29E7ADBCE118LL /* 858 */, 0xE544EE5CDE8431DDLL /* 859 */, + 0x8A781B1B41F1873ELL /* 860 */, 0xA5C94C78A0D2F0E7LL /* 861 */, + 0x39412E2877B60728LL /* 862 */, 0xA1265EF3AFC9A62CLL /* 863 */, + 0xBCC2770C6A2506C5LL /* 864 */, 0x3AB66DD5DCE1CE12LL /* 865 */, + 0xE65499D04A675B37LL /* 866 */, 0x7D8F523481BFD216LL /* 867 */, + 0x0F6F64FCEC15F389LL /* 868 */, 0x74EFBE618B5B13C8LL /* 869 */, + 0xACDC82B714273E1DLL /* 870 */, 0xDD40BFE003199D17LL /* 871 */, + 0x37E99257E7E061F8LL /* 872 */, 0xFA52626904775AAALL /* 873 */, + 0x8BBBF63A463D56F9LL /* 874 */, 0xF0013F1543A26E64LL /* 875 */, + 0xA8307E9F879EC898LL /* 876 */, 0xCC4C27A4150177CCLL /* 877 */, + 0x1B432F2CCA1D3348LL /* 878 */, 0xDE1D1F8F9F6FA013LL /* 879 */, + 0x606602A047A7DDD6LL /* 880 */, 0xD237AB64CC1CB2C7LL /* 881 */, + 0x9B938E7225FCD1D3LL /* 882 */, 0xEC4E03708E0FF476LL /* 883 */, + 0xFEB2FBDA3D03C12DLL /* 884 */, 0xAE0BCED2EE43889ALL /* 885 */, + 0x22CB8923EBFB4F43LL /* 886 */, 0x69360D013CF7396DLL /* 887 */, + 0x855E3602D2D4E022LL /* 888 */, 0x073805BAD01F784CLL /* 889 */, + 0x33E17A133852F546LL /* 890 */, 0xDF4874058AC7B638LL /* 891 */, + 0xBA92B29C678AA14ALL /* 892 */, 0x0CE89FC76CFAADCDLL /* 893 */, + 0x5F9D4E0908339E34LL /* 894 */, 0xF1AFE9291F5923B9LL /* 895 */, + 0x6E3480F60F4A265FLL /* 896 */, 0xEEBF3A2AB29B841CLL /* 897 */, + 0xE21938A88F91B4ADLL /* 898 */, 0x57DFEFF845C6D3C3LL /* 899 */, + 0x2F006B0BF62CAAF2LL /* 900 */, 0x62F479EF6F75EE78LL /* 901 */, + 0x11A55AD41C8916A9LL /* 902 */, 0xF229D29084FED453LL /* 903 */, + 0x42F1C27B16B000E6LL /* 904 */, 0x2B1F76749823C074LL /* 905 */, + 0x4B76ECA3C2745360LL /* 906 */, 0x8C98F463B91691BDLL /* 907 */, + 0x14BCC93CF1ADE66ALL /* 908 */, 0x8885213E6D458397LL /* 909 */, + 0x8E177DF0274D4711LL /* 910 */, 0xB49B73B5503F2951LL /* 911 */, + 0x10168168C3F96B6BLL /* 912 */, 0x0E3D963B63CAB0AELL /* 913 */, + 0x8DFC4B5655A1DB14LL /* 914 */, 0xF789F1356E14DE5CLL /* 915 */, + 0x683E68AF4E51DAC1LL /* 916 */, 0xC9A84F9D8D4B0FD9LL /* 917 */, + 0x3691E03F52A0F9D1LL /* 918 */, 0x5ED86E46E1878E80LL /* 919 */, + 0x3C711A0E99D07150LL /* 920 */, 0x5A0865B20C4E9310LL /* 921 */, + 0x56FBFC1FE4F0682ELL /* 922 */, 0xEA8D5DE3105EDF9BLL /* 923 */, + 0x71ABFDB12379187ALL /* 924 */, 0x2EB99DE1BEE77B9CLL /* 925 */, + 0x21ECC0EA33CF4523LL /* 926 */, 0x59A4D7521805C7A1LL /* 927 */, + 0x3896F5EB56AE7C72LL /* 928 */, 0xAA638F3DB18F75DCLL /* 929 */, + 0x9F39358DABE9808ELL /* 930 */, 0xB7DEFA91C00B72ACLL /* 931 */, + 0x6B5541FD62492D92LL /* 932 */, 0x6DC6DEE8F92E4D5BLL /* 933 */, + 0x353F57ABC4BEEA7ELL /* 934 */, 0x735769D6DA5690CELL /* 935 */, + 0x0A234AA642391484LL /* 936 */, 0xF6F9508028F80D9DLL /* 937 */, + 0xB8E319A27AB3F215LL /* 938 */, 0x31AD9C1151341A4DLL /* 939 */, + 0x773C22A57BEF5805LL /* 940 */, 0x45C7561A07968633LL /* 941 */, + 0xF913DA9E249DBE36LL /* 942 */, 0xDA652D9B78A64C68LL /* 943 */, + 0x4C27A97F3BC334EFLL /* 944 */, 0x76621220E66B17F4LL /* 945 */, + 0x967743899ACD7D0BLL /* 946 */, 0xF3EE5BCAE0ED6782LL /* 947 */, + 0x409F753600C879FCLL /* 948 */, 0x06D09A39B5926DB6LL /* 949 */, + 0x6F83AEB0317AC588LL /* 950 */, 0x01E6CA4A86381F21LL /* 951 */, + 0x66FF3462D19F3025LL /* 952 */, 0x72207C24DDFD3BFBLL /* 953 */, + 0x4AF6B6D3E2ECE2EBLL /* 954 */, 0x9C994DBEC7EA08DELL /* 955 */, + 0x49ACE597B09A8BC4LL /* 956 */, 0xB38C4766CF0797BALL /* 957 */, + 0x131B9373C57C2A75LL /* 958 */, 0xB1822CCE61931E58LL /* 959 */, + 0x9D7555B909BA1C0CLL /* 960 */, 0x127FAFDD937D11D2LL /* 961 */, + 0x29DA3BADC66D92E4LL /* 962 */, 0xA2C1D57154C2ECBCLL /* 963 */, + 0x58C5134D82F6FE24LL /* 964 */, 0x1C3AE3515B62274FLL /* 965 */, + 0xE907C82E01CB8126LL /* 966 */, 0xF8ED091913E37FCBLL /* 967 */, + 0x3249D8F9C80046C9LL /* 968 */, 0x80CF9BEDE388FB63LL /* 969 */, + 0x1881539A116CF19ELL /* 970 */, 0x5103F3F76BD52457LL /* 971 */, + 0x15B7E6F5AE47F7A8LL /* 972 */, 0xDBD7C6DED47E9CCFLL /* 973 */, + 0x44E55C410228BB1ALL /* 974 */, 0xB647D4255EDB4E99LL /* 975 */, + 0x5D11882BB8AAFC30LL /* 976 */, 0xF5098BBB29D3212ALL /* 977 */, + 0x8FB5EA14E90296B3LL /* 978 */, 0x677B942157DD025ALL /* 979 */, + 0xFB58E7C0A390ACB5LL /* 980 */, 0x89D3674C83BD4A01LL /* 981 */, + 0x9E2DA4DF4BF3B93BLL /* 982 */, 0xFCC41E328CAB4829LL /* 983 */, + 0x03F38C96BA582C52LL /* 984 */, 0xCAD1BDBD7FD85DB2LL /* 985 */, + 0xBBB442C16082AE83LL /* 986 */, 0xB95FE86BA5DA9AB0LL /* 987 */, + 0xB22E04673771A93FLL /* 988 */, 0x845358C9493152D8LL /* 989 */, + 0xBE2A488697B4541ELL /* 990 */, 0x95A2DC2DD38E6966LL /* 991 */, + 0xC02C11AC923C852BLL /* 992 */, 0x2388B1990DF2A87BLL /* 993 */, + 0x7C8008FA1B4F37BELL /* 994 */, 0x1F70D0C84D54E503LL /* 995 */, + 0x5490ADEC7ECE57D4LL /* 996 */, 0x002B3C27D9063A3ALL /* 997 */, + 0x7EAEA3848030A2BFLL /* 998 */, 0xC602326DED2003C0LL /* 999 */, + 0x83A7287D69A94086LL /* 1000 */, 0xC57A5FCB30F57A8ALL /* 1001 */, + 0xB56844E479EBE779LL /* 1002 */, 0xA373B40F05DCBCE9LL /* 1003 */, + 0xD71A786E88570EE2LL /* 1004 */, 0x879CBACDBDE8F6A0LL /* 1005 */, + 0x976AD1BCC164A32FLL /* 1006 */, 0xAB21E25E9666D78BLL /* 1007 */, + 0x901063AAE5E5C33CLL /* 1008 */, 0x9818B34448698D90LL /* 1009 */, + 0xE36487AE3E1E8ABBLL /* 1010 */, 0xAFBDF931893BDCB4LL /* 1011 */, + 0x6345A0DC5FBBD519LL /* 1012 */, 0x8628FE269B9465CALL /* 1013 */, + 0x1E5D01603F9C51ECLL /* 1014 */, 0x4DE44006A15049B7LL /* 1015 */, + 0xBF6C70E5F776CBB1LL /* 1016 */, 0x411218F2EF552BEDLL /* 1017 */, + 0xCB0C0708705A36A3LL /* 1018 */, 0xE74D14754F986044LL /* 1019 */, + 0xCD56D9430EA8280ELL /* 1020 */, 0xC12591D7535F5065LL /* 1021 */, + 0xC83223F1720AEF96LL /* 1022 */, 0xC3A0396F7363A51FLL /* 1023 */}; + +#else + +void dummy_2_64 (int a) +{ + (void) a; + return; +} + +#endif Index: branches/samhain-2_2-branch/src/sh_tools.c =================================================================== --- branches/samhain-2_2-branch/src/sh_tools.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_tools.c (revision 66) @@ -0,0 +1,1707 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include + +/* Must be early on FreeBSD + */ +#include + +#ifdef HAVE_MEMORY_H +#include +#endif + +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + +#include + +#ifdef HOST_IS_HPUX +#define _XOPEN_SOURCE_EXTENDED +#endif +#include +#include +#include + +#ifndef FD_SET +#define NFDBITS 32 +#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) +#endif /* !FD_SET */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 32 +#endif +#ifndef FD_ZERO +#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#endif + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#define SH_REAL_SET + +#include "samhain.h" +#include "sh_mem.h" +#include "sh_error.h" +#include "sh_tools.h" +#include "sh_utils.h" +#include "sh_tiger.h" +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" + +#undef FIL__ +#define FIL__ _("sh_tools.c") + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +char * errorExplain (int err_num) +{ + if (err_num == BAD_KEY_DIR) + return (_("Key direction is invalid")); + else if (err_num == BAD_KEY_MAT) + return (_("Key material not of correct length")); + else if (err_num == BAD_KEY_INSTANCE) + return (_("Key passed is not valid")); + else if (err_num == BAD_CIPHER_MODE) + return (_("Params struct passed to cipherInit invalid")); + else if (err_num == BAD_CIPHER_STATE) + return (_("Cipher in wrong state")); + else if (err_num == BAD_BLOCK_LENGTH) + return (_("Bad block length")); + else if (err_num == BAD_CIPHER_INSTANCE) + return (_("Bad cipher instance")); + else if (err_num == BAD_DATA) + return (_("Data contents are invalid")); + else + return (_("Unknown error")); +} + +#endif + +/* --- recode all \blah escapes to '=XX' format, and also code all + * remaining unprintable chars --- + */ +#define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c); + +char * sh_tools_safe_name (const char * instr, int flag) +{ + unsigned char c, d; + const char * p; + char tmp[4]; + char * outstr; + size_t len = 1; + int i = 0; + unsigned char val_octal = '\0'; + static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; + + SL_ENTER(_("sh_tools_safe_name")); + + if (instr) + { + len = strlen(instr); + if (sl_ok_muls (3, len) && sl_ok_adds ((3*len), 4)) + { + len = (3 * len) + 4; + p = instr; + } + else + { + len = 1; + p = NULL; + } + } + else + { + p = NULL; + } + + outstr = SH_ALLOC(len); + + outstr[0] = '\0'; + tmp[3] = '\0'; + +#if !defined(SH_USE_XML) + (void) flag; /* fix compiler warning */ +#endif + + if (!p) + goto end; + + while (*p) + { + c = *p; + + if (*p == '\n') + { + outstr[i] = ' '; ++i; ++p; + continue; + } + +#ifdef SH_USE_XML + if (flag == 1) + { + if ((*p) == '"') + { + SH_PUT_4(&outstr[i], '=', '2', '2'); + i+=3; ++p; + continue; + } + else if ((*p) == '&') + { + SH_PUT_4(&outstr[i], '=', '2', '6'); + i+=3; ++p; + continue; + } + else if ((*p) == '<') + { /* left angle */ + SH_PUT_4(&outstr[i], '=', '3', 'c'); + i+=3; ++p; + continue; + } + else if ((*p) == '>') + { /* right angle */ + SH_PUT_4(&outstr[i], '=', '3', 'e'); + i+=3; ++p; + continue; + } + } +#endif + + if ( (*p) != '\\' && (*p) != '&' && (*p) != '=' && (*p) != '\'') + { + outstr[i] = *p; ++i; + ++p; + + if (c < 31 || c > 126) + { + --i; + d = c % 16; c = c / 16; + outstr[i] = '='; ++i; + outstr[i] = ctable[c]; ++i; + outstr[i] = ctable[d]; ++i; + } + + continue; + } + else if ((*p) == '\'') + { + SH_PUT_4(&outstr[i], '=', '2', '7'); + i+=3; ++p; + } + else if (*p == '=') + { + if (p[1] != '"' && p[1] != '<') + { + SH_PUT_4(&outstr[i], '=', '3', 'd'); + i+=3; ++p; + } + else + { outstr[i] = *p; ++i; ++p; } + } + else if (*p == '\\') + { + ++p; + if (!p) + break; + if (!(*p)) + break; + + c = *p; + + switch (*p) { + case '\\': + SH_PUT_4(&outstr[i], '=', '5', 'c'); + i+=3; ++p; + break; + case 'n': + SH_PUT_4(&outstr[i], '=', '0', 'a'); + i+=3; ++p; + break; + case 'b': + SH_PUT_4(&outstr[i], '=', '0', '8'); + i+=3; ++p; + break; + case 'r': + SH_PUT_4(&outstr[i], '=', '0', 'd'); + i+=3; ++p; + break; + case 't': + SH_PUT_4(&outstr[i], '=', '0', '9'); + i+=3; ++p; + break; + case 'v': + SH_PUT_4(&outstr[i], '=', '0', 'b'); + i+=3; ++p; + break; + case 'f': + SH_PUT_4(&outstr[i], '=', '0', 'c'); + i+=3; ++p; + break; + case '\'': + SH_PUT_4(&outstr[i], '=', '2', '7'); + i+=3; ++p; + break; + case '"': /* also encode quoted '"' */ + SH_PUT_4(&outstr[i], '=', '2', '2'); + i+=3; ++p; + break; + case ' ': + SH_PUT_4(&outstr[i], '=', '2', '0'); + i+=3; ++p; + break; + default: + if (strlen(p) < 3) /* certainly not an octal number, skip */ + { + p += strlen(p); + } + else + { + tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2]; + val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8); + if (val_octal != '\0') { + c = val_octal; + d = c % 16; c = c / 16; + outstr[i] = '='; ++i; + outstr[i] = ctable[c]; ++i; + outstr[i] = ctable[d]; ++i; + } + p += 3; + } + } + } + else if (*p == '&') + { + ++p; + if (!p || !(*p)) + { + outstr[i] = '&'; ++i; + break; + } + + if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';') + { + SH_PUT_4(&outstr[i], '=', '2', '6'); + i+=3; p += 4; + } + else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' && + p[4] == ';') + { + SH_PUT_4(&outstr[i], '=', '2', '2'); + i+=3; p += 5; + } + else if (p[0] == 'l' && p[1] == 't' && p[2] == ';') + { + SH_PUT_4(&outstr[i], '=', '3', 'c'); + i+=3; p += 3; + } + else if (p[0] == 'g' && p[1] == 't' && p[2] == ';') + { + SH_PUT_4(&outstr[i], '=', '3', 'e'); + i+=3; p += 3; + } + else /* conserve the '&' */ + { + outstr[i] = '&'; ++i; + } + } + else + { + outstr[i] = *p; ++i; + ++p; + } + } /* while (p && *p) */ + + end: + + outstr[i] = '\0'; + SL_RETURN( outstr, _("sh_tools_safe_name")); +} + + +/* extern int h_errno; */ + +char * sh_tools_errmessage (int tellme) +{ + +#ifdef HOST_NOT_FOUND + if (tellme == HOST_NOT_FOUND) + return _("The specified host is unknown: "); +#endif +#ifdef NO_ADDRESS + if (tellme == NO_ADDRESS) + return _("The requested name is valid but does not have an IP address: "); +#endif +#ifdef NO_RECOVERY + if (tellme == NO_RECOVERY) + return _("A non-recoverable name server error occurred: "); +#endif +#ifdef TRY_AGAIN + if (tellme == TRY_AGAIN) + return _("A temporary error occurred on an authoritative name server. The specified host is unknown: "); +#endif + return _("Unknown error"); +} + +int is_numeric (const char * address) +{ + int j; + int len = sl_strlen(address); + + for (j = 0; j < len; ++j) + if ( (address[j] < '0' || address[j] > '9') && address[j] != '.') + return (1 == 0); + return (1 == 1); +} + +#if defined (SH_WITH_SERVER) + +int get_open_max () +{ + int value; + +#ifdef _SC_OPEN_MAX + value = sysconf (_SC_OPEN_MAX); +#else +#ifdef OPEN_MAX + value = OPEN_MAX; +#else + value = _POSIX_OPEN_MAX; +#endif +#endif + + if (value < 0) + value = 8; /* POSIX lower limit */ + + if (value > 4096) + value = 4096; + + return value; +} + +#endif + +typedef struct _sin_cache { + char * address; + struct sockaddr_in sin; + struct _sin_cache * next; +} sin_cache; + +static sin_cache * conn_cache = NULL; +static int cached_addr = 0; + +void delete_cache() +{ + sin_cache * check_cache = conn_cache; + sin_cache * old_entry = conn_cache; + + SL_ENTER(_("delete_cache")); + + while (check_cache != NULL) + { + old_entry = check_cache; + check_cache = check_cache->next; + SH_FREE(old_entry->address); + SH_FREE(old_entry); + } + + cached_addr = 0; + + conn_cache = NULL; + SL_RET0(_("delete_cache")); +} + +int DoReverseLookup = S_TRUE; + +int set_reverse_lookup (const char * c) +{ + return sh_util_flagval(c, &DoReverseLookup); +} + +int connect_port (char * address, int port, + char * ecall, int * errnum, char * errmsg, int errsiz) +{ + struct in_addr haddr; /* host address from numeric */ + /* host details returned by the DNS */ + struct hostent *host_entry = NULL; + struct sockaddr_in sinr; /* socket to the remote host */ + + char * host_name; + + int fd = (-1); + int status; + int fail = 0; + int cached = 0; + + int retval; + + sin_cache * check_cache = conn_cache; + + SL_ENTER(_("connect_port")); + + /* paranoia -- should not happen + */ + if (cached_addr > 128) + delete_cache(); + + if (check_cache != NULL) + { + while (check_cache && check_cache->address) + { + if ( 0 == sl_strncmp(check_cache->address, + address, sl_strlen(address))) + { + memcpy (&sinr, &(check_cache->sin), sizeof(struct sockaddr_in)); + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + cached = 1; + break; + } + if (check_cache->next) + check_cache = check_cache->next; + else + check_cache = NULL; + } + } + + /* only use gethostbyname() if neccessary + */ + if (cached == 0) + { +#ifdef HAVE_INET_ATON + if (0 == inet_aton(address, &haddr)) +#else + if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address))) +#endif + { + + host_entry = sh_gethostbyname(address); + + if (host_entry == NULL || host_entry->h_addr == NULL) + { + sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF); +#ifndef NO_H_ERRNO + *errnum = h_errno; +#else + *errnum = 666; +#endif + sl_strlcpy(errmsg, sh_tools_errmessage (*errnum), errsiz); + sl_strlcat(errmsg, address, errsiz); + fail = (-1); + } + else + { + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + sinr.sin_addr = *(struct in_addr *) host_entry->h_addr; + + + /* reverse DNS lookup + */ + if (DoReverseLookup == S_TRUE) + { + if (host_entry->h_name == NULL) + { + host_name = SH_ALLOC(1); + host_name[0] = '\0'; + } + else + { + host_name = sh_util_strdup(host_entry->h_name); + } + + host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr, + sizeof(struct in_addr), + AF_INET); + if (host_entry == NULL || host_entry->h_name == NULL) + { + sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF); +#ifndef NO_H_ERRNO + *errnum = h_errno; +#else + *errnum = 666; +#endif + sl_strlcpy(errmsg, + sh_tools_errmessage (*errnum), errsiz); + sl_strlcat(errmsg, + inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)), + errsiz); + fail = (-1); + } + else + { + *errnum = 0; + if (sl_strlen(host_entry->h_name) == 0 || + (*errnum = sl_strcmp(host_name,host_entry->h_name)) != 0) + { + if (*errnum) + sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF); + else + sl_strlcpy(ecall, _("strlen"), SH_MINIBUF); + sl_strlcpy(errmsg, _("Reverse lookup failed."), + errsiz); + sl_strlcat(errmsg, address, errsiz); + sl_strlcat(errmsg, _(" vs "), errsiz); + sl_strlcat(errmsg, + inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)), + errsiz); + fail = -1; + } + } + + SH_FREE(host_name); + } + } + } + + else /* address was numeric */ + { + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + sinr.sin_addr = haddr; + } + + + if (fail != -1) + { + /* put it into the cache + */ + check_cache = SH_ALLOC(sizeof(sin_cache)); + check_cache->address = SH_ALLOC(sl_strlen(address) + 1); + sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1); + memcpy(&(check_cache->sin), &sinr, sizeof(struct sockaddr_in)); + ++cached_addr; + + if (conn_cache) + { + if (conn_cache->next) + check_cache->next = conn_cache->next; + else + check_cache->next = NULL; + conn_cache->next = check_cache; + } + else + { + check_cache->next = NULL; + conn_cache = check_cache; + } + } + } + + + if (fail != (-1)) + { + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd < 0) { + fail = (-1); + status = errno; + sl_strlcpy(ecall, _("socket"), SH_MINIBUF); + *errnum = status; + sl_strlcpy(errmsg, sh_error_message (status), errsiz); + sl_strlcat(errmsg, _(", address "), errsiz); + sl_strlcat(errmsg, address, errsiz); + } + } + + if (fail != (-1)) { + + if ( retry_connect(FIL__, __LINE__, fd, + (struct sockaddr *) &sinr, sizeof(sinr)) < 0) + { + status = errno; + sl_strlcpy(ecall, _("connect"), SH_MINIBUF); + *errnum = status; + sl_strlcpy(errmsg, sh_error_message (status), errsiz); + sl_strlcat(errmsg, _(", address "), errsiz); + sl_strlcat(errmsg, address, errsiz); + close(fd); + fail = (-1); + } + } + + retval = (fail < 0) ? (-1) : fd; + SL_RETURN(retval, _("connect_port")); +} + +int connect_port_2 (char * address1, char * address2, int port, + char * ecall, int * errnum, char * errmsg, int errsiz) +{ + int retval = (-1); + + SL_ENTER(_("connect_port_2")); + + errmsg[0] = '\0'; + *errnum = 0; + + if (address1 != NULL && address1[0] != '\0') + retval = connect_port (address1, port, + ecall, errnum, + errmsg, errsiz); + + if (retval < 0 && address2 != NULL && address2[0] != '\0') + { + /* can't use sh_error_handle here, as this would cause an infinite + * loop if called from sh_unix_time + */ + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + address2)); + retval = connect_port (address2, port, + ecall, errnum, + errmsg, errsiz); + } + + if ((retval < 0) && + (address1 == NULL || address1[0] == '\0') && + (address1 == NULL || address1[0] == '\0')) + { + sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF); + sl_strlcpy(errmsg, _("No server address known"), errsiz); + } + SL_RETURN(retval, _("connect_port_2")); + /* return retval; */ +} + +#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) +static +int sh_write_select(int type, int sockfd, + char *buf, int nbytes, + int * w_error, int timeout) +{ + int countbytes, count; + fd_set fds; + struct timeval tv; + int select_now; + int num_sel; + + struct sigaction new_act; + struct sigaction old_act; + + SL_ENTER(_("sh_write_select")); + + /* ignore SIGPIPE (instead get EPIPE if connection is closed) + */ + new_act.sa_handler = SIG_IGN; + sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ + sigaction (SIGPIPE, &new_act, &old_act); + + FD_ZERO(&fds); + FD_SET(sockfd, &fds); + + countbytes = 0; + tv.tv_sec = 1; + tv.tv_usec = 0; + select_now = 0; + + *w_error = 0; + + while ( countbytes < nbytes ) { + + FD_ZERO(&fds); + FD_SET(sockfd, &fds); + + if (type == SH_DO_WRITE) + { + if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1) + { + if (sig_raised == 1) + { + sig_raised = 2; + continue; + } + if ( errno == EINTR) /* try again */ + continue; + *w_error = errno; + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + sh_error_message(*w_error))); + sigaction (SIGPIPE, &old_act, NULL); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + else + { + if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1) + { + if (sig_raised == 1) + { + sig_raised = 2; + continue; + } + if ( errno == EINTR ) /* try again */ + continue; + *w_error = errno; + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + sh_error_message(*w_error))); + sigaction (SIGPIPE, &old_act, NULL); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + + /* on Linux, timeout is modified to reflect the amount of + * time not slept + */ + tv.tv_sec = 1; + tv.tv_usec = 0; + + + /* let's not hang on forever + */ + if (num_sel == 0) + { + ++select_now; /* timeout */ + if ( select_now > timeout ) /* 5 minutes */ + { +#ifdef ETIMEDOUT + *w_error = ETIMEDOUT; +#else + *w_error = 0; +#endif + sigaction (SIGPIPE, &old_act, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + + if ( FD_ISSET (sockfd, &fds) ) + { + if (type == SH_DO_WRITE) + count = write (sockfd, buf, nbytes-countbytes); + else + count = read (sockfd, buf, nbytes-countbytes); + + if (count > 0) + { + countbytes += count; + buf += count; /* move buffer pointer forward */ + if (countbytes < nbytes) FD_SET( sockfd, &fds ); + } + else if (count < 0 && errno == EINTR) + { + FD_SET( sockfd, &fds ); + } + else if (count < 0) + { + *w_error = errno; + sigaction (SIGPIPE, &old_act, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( countbytes, _("sh_write_select")); + } + else /* count == 0 */ + { + *w_error = errno; + sigaction (SIGPIPE, &old_act, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + } + + + /* restore signal handler + */ + sigaction (SIGPIPE, &old_act, NULL); + + *w_error = 0; + + TPT(( 0, FIL__, __LINE__, _("msg=\n"), countbytes)); + SL_RETURN( countbytes, _("sh_write_select")); +} +#endif + +#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) +unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout) +{ + unsigned long bytes; + char errmsg[256]; + + SL_ENTER(_("write_port")); + + bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout); + if (*w_error != 0) + { + sl_strlcpy(errmsg, sh_error_message (*w_error), sizeof(errmsg)); + sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP, + errmsg, (long) sockfd, _("write_port")); + } + SL_RETURN( bytes, _("write_port")); +} +#endif + +#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout) +{ + unsigned long bytes; + char errmsg[256]; + + SL_ENTER(_("read_port")); + + bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout); + if (*w_error != 0) + { + sl_strlcpy(errmsg, sh_error_message (*w_error), sizeof(errmsg)); + sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP, + errmsg, (long) sockfd, _("read_port")); + } + SL_RETURN( bytes, _("read_port")); +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +int check_request_nerr (char * have, char * need) +{ + SL_ENTER(_("check_request_nerr")); + ASSERT_RET((have != NULL && need != NULL), + _("have != NULL && need != NULL"), (-1)) + + if ( (have[0] == need[0]) && (have[1] == need[1]) && + (have[2] == need[2]) && (have[3] == need[3])) + SL_RETURN(0, _("check_request_nerr")); + SL_RETURN((-1), _("check_request_nerr")); +} +#endif + +#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +int check_request (char * have, char * need) +{ + char first[21], second[5]; + int i; + + SL_ENTER(_("check_request")); + i = check_request_nerr (have, need); + + if (i == 0) + SL_RETURN(0, _("check_request")); + + for (i = 0; i < 4; ++i) + { + second[i] = need[i]; + sprintf(&first[i*4], _("%c%03o"), /* known to fit */ + '\\', (unsigned char) have[i]); + } + + first[20] = '\0'; second[4] = '\0'; + + sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST, + second, first); + SL_RETURN((-1), _("check_request")); +} +#endif + +#if defined (SH_WITH_SERVER) + +int check_request_s (char * have, char * need, char * clt) +{ + char first[21], second[5]; + int i; + + SL_ENTER(_("check_request_s")); + i = check_request_nerr (have, need); + + if (i == 0) + SL_RETURN( (0), _("check_request_s")); + + for (i = 0; i < 4; ++i) + { + second[i] = need[i]; + sprintf(&first[i*4], _("%c%03o"), /* known to fit */ + '\\', (unsigned char) have[i]); + } + first[20] = '\0'; second[4] = '\0'; + sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1, + second, first, clt); + SL_RETURN( (-1), _("check_request_s")); +} +#endif + +#if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER) + +void get_header (unsigned char * head, unsigned long * bytes, char * u) +{ + SL_ENTER(_("get_header")); + + *bytes = + (256 * (unsigned int)head[1] + (unsigned int)head[2]); + + if (u != NULL) + { + u[0] = head[3]; + u[1] = head[4]; + u[2] = head[5]; + u[3] = head[6]; + u[4] = '\0'; + } + + SL_RET0(_("get_header")); +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +#ifdef SH_ENCRYPT_2 +#define TRANS_BYTES 65120 +#else +#define TRANS_BYTES 65280 +#endif + +void put_header (unsigned char * head, int protocol, + unsigned long * length, char * u) +{ + + /* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */ + static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN; + + SL_ENTER(_("put_header")); + + head[0] = protocol; + + ASSERT((*length < transfer_limit), _("*length < transfer_limit")) + + if (*length > transfer_limit) + *length = transfer_limit; + + head[1] = (unsigned int)(*length/256); + head[2] = (unsigned int)(*length-256 * head[1]); + if (u == NULL) + { + head[3] = 0x01; + head[4] = 0x01; + head[5] = 0x01; + head[6] = 0x01; + } + else + { + head[3] = u[0]; + head[4] = u[1]; + head[5] = u[2]; + head[6] = u[3]; + } + + SL_RET0(_("put_header")); +} +#endif + +/* ------------------------------------------ + * + * version 2 client/server protocol + * + * ------------------------------------------ + * + * header : flag size[2] + * + * payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding + * + * full_size <= 8192; payload_size <= 8176 (511*16); msg_size <= 8128 (508*16) + * (msg_size = payload_size - key_len = payload_size - 48) + */ + +/* + * only SH_V2_FULLSIZE is used, and only once + */ +#if 0 +#ifdef SH_WITH_SERVER +#define SH_V2_FULLSIZE 240 +#define SH_V2_PAYLOAD 224 +#define SH_V2_MESSAGE 176 +#else +#define SH_V2_FULLSIZE 1024 +#define SH_V2_PAYLOAD 1008 +#define SH_V2_MESSAGE 960 +#endif +#endif +#define SH_V2_FULLSIZE 1024 + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +#endif + +void sh_tools_show_header (unsigned char * head, char sign) +{ +#define SH_IS_ASCII(c) (((c) & ~0x7f) == 0) + + + int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]); + char code[32]; + char * p = &code[0]; + + memset (code, ' ', 32); /* space */ + + if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';} + p += 4; + if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';} + p += 4; + if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';} + p += 4; + if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';} + p += 4; + if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';} + p += 4; + if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';} + code[23] = '\0'; + + if (SH_IS_ASCII(head[3]) && isalpha(head[3]) && + SH_IS_ASCII(head[4]) && isalpha(head[4]) && + SH_IS_ASCII(head[5]) && isalpha(head[5]) && + SH_IS_ASCII(head[6]) && isalpha(head[6])) { + fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign, + head[0], code, msg_size, head[3], head[4], head[5], head[6]); + } else { + fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign, + head[0], code, msg_size, head[3], head[4], head[5], head[6]); + } + return; +} + +#ifdef SH_ENCRYPT +/* + * #define DEBUG_EN2 + * + * ingest version 1 7-byte header and payload, return version2 header/payload + * last 4 bytes of outgoing header are set to dummy value + */ +char * sh_tools_makePack (unsigned char * header, + char * payload, unsigned long payload_size, + keyInstance * keyInstE) +{ + UINT32 rpad[3]; + unsigned char head[16]; + double epad; + unsigned long i_epad = 0; + unsigned long i_blk = payload_size / 16; + unsigned long i_blkmax = SH_V2_FULLSIZE / 16; + unsigned long pads = 0; + size_t full_size; + char * full_ret; + + char * p; + RIJ_BYTE inBlock[B_SIZ]; + RIJ_BYTE outBlock[B_SIZ]; + int j; + cipherInstance cipherInst; + int err_num; + int blkfac; + int oflow = 0; + + /* + SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0")); + */ + if ((i_blk * 16) != payload_size) ++i_blk; +#ifdef DEBUG_EN2 + fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk); +#endif + /* random_pad + */ + rpad[1] = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0])); + memcpy (head, &rpad[1], 4); + rpad[0] = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0])); + memcpy (&head[4], &rpad[0], 4); + rpad[2] = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0])); + memcpy (&head[8], &rpad[2], 4); + + /* protocol + */ + /* memcpy (&head[8], &header[3], 4); */ + + /* size (payload) + */ + head[12] = header[1]; + head[13] = header[2]; + head[14] = '\0'; + head[15] = '\0'; + + if (i_blk < i_blkmax) + { + pads = i_blkmax - i_blk; + /* memcpy((char *) &rpad[2], &head[12], 4); */ + epad = taus_get_double (&rpad); +#ifdef DEBUG_EN2 + fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad); +#endif + i_epad = (unsigned long) (pads * epad); +#ifdef DEBUG_EN2 + fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16)); +#endif + } + + full_size = 16; /* head */ + if (sl_ok_muls(i_blk, 16) && sl_ok_adds(full_size, (i_blk*16))) + full_size = full_size + (i_blk*16); /* payload */ + else + oflow = 1; + if (sl_ok_adds(full_size, (i_epad*16))) + full_size = full_size + (i_epad*16); /* pad */ + else + i_epad = 0; + + if (oflow) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("integer overflow"), + _("sh_tools_makePack")); + } + + full_ret = SH_ALLOC(full_size); + memcpy(full_ret, head, 16); + if (payload != NULL && !oflow) + { + memcpy(&full_ret[16], payload, payload_size); + } + if ((i_blk*16) > payload_size && !oflow) + { +#ifdef DEBUG_EN2 + fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size); +#endif + memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size); + payload_size = i_blk * 16; + } + memset(&full_ret[16+payload_size], '\0', i_epad*16); +#ifdef DEBUG_EN2 + fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16); +#endif + + /* rewrite header + */ + header[1] = (unsigned int)(full_size/256); + header[2] = (unsigned int)(full_size - (256 * header[1])); + /* don't erase protocol from header + memset(&header[3], '\0', 4); + */ + p = full_ret; blkfac = full_size / 16; + + err_num = cipherInit (&cipherInst, MODE_CBC, NULL); + + if (err_num < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num), + _("sh_tools_makePack: cipherInit")); + } + for (j = 0; j < blkfac; ++j) + { + memcpy(inBlock, p, B_SIZ); + err_num = blockEncrypt(&cipherInst, keyInstE, + inBlock, 128 * BNUM, outBlock); + if (err_num < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num), + _("sh_tools_makePack: blockEncrypt")); + } + memcpy(p, outBlock, B_SIZ); + p += B_SIZ; + } + + return full_ret; +} + +/* write a 7-byte header and return payload as expected by version 1 + * last 4 bytes of incoming header are dummy + */ +char * sh_tools_revertPack (unsigned char * header, char * message, + keyInstance * keyInstD, + unsigned long message_size) +{ + unsigned long msg_size; + char * msg_ret; + + char * p; + RIJ_BYTE inBlock[B_SIZ]; + RIJ_BYTE outBlock[B_SIZ]; + int j; + cipherInstance cipherInst; + int err_num; + int blkfac; + + msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]); +#ifdef DEBUG_EN2 + fprintf(stderr, "RECV <%lu>\n", msg_size); +#endif + if (msg_size > message_size) { + msg_size = message_size; +#ifdef DEBUG_EN2 + fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size); +#endif + } + + p = message; blkfac = msg_size / 16; + + err_num = cipherInit (&cipherInst, MODE_CBC, NULL); + + if (err_num < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num), + _("sh_tools_revertPack: cipherInit")); + } + for (j = 0; j < blkfac; ++j) + { + memcpy(inBlock, p, B_SIZ); + err_num = blockDecrypt(&cipherInst, keyInstD, + inBlock, 128 * BNUM, outBlock); + if (err_num < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num), + _("sh_tools_revertPack: blockDecrypt")); + } + memcpy(p, outBlock, B_SIZ); + p += B_SIZ; + } + + /* rewrite size in header + */ + header[1] = message[12]; + header[2] = message[13]; + msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]); + + if (msg_size > (message_size-16)) + { + msg_size = message_size-16; + header[1] = (unsigned int)(msg_size/256); + header[2] = (unsigned int)(msg_size - (256 * header[1])); +#ifdef DEBUG_EN2 + fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size); +#endif + } +#ifdef DEBUG_EN2 + fprintf(stderr, "REC2 <%lu>\n", msg_size); +#endif + /* protocol + */ + /* memcpy(&header[3], &message[8], 4); */ + + /* payload + */ + msg_ret = SH_ALLOC(msg_size+1); + if (msg_size > 0) + { + memcpy(msg_ret, &message[16], msg_size); + } + msg_ret[msg_size] = '\0'; +#ifdef DEBUG_EN2 + fprintf(stderr, "REC3 <%lu>\n", msg_size); +#endif + SH_FREE(message); + + return msg_ret; +} +#endif + +int sh_tools_hash_add(char * key, char * buf, int buflen) +{ + char * theSig; + + SL_ENTER(_("sh_tools_hash_add")); + + theSig = sh_util_siggen (key, buf, buflen); + sl_strlcat(buf, theSig, buflen + KEY_LEN + 1); + + SL_RETURN((0), _("sh_tools_hash_add")); +} + + +/* return 0 (== FALSE) if no match, else 1 (== TRUE) + */ +int sh_tools_hash_vfy(char * key, char * buf, int buflen) +{ + char hash[KEY_LEN+1]; + register int i; + char * theSig; + + SL_ENTER(_("sh_tools_hash_vfy")); + + theSig = sh_util_siggen (key, buf, buflen); + sl_strlcpy(hash, theSig, KEY_LEN+1); + + for (i = 0; i < KEY_LEN; ++i) + { + if (buf[buflen + i] != hash[i]) + SL_RETURN((0), _("sh_tools_hash_vfy")); + } + + SL_RETURN((1), _("sh_tools_hash_vfy")); +} + +/* ------------------------------------------ */ + +#if defined (SH_WITH_SERVER) + +/* add a checksum to a buffer; put checksum in front + */ +char * hash_me (char * key, char * buf, int buflen) +{ + char hash[KEY_LEN+1]; + char * temp = NULL; + register int i; + int total = 0; + char * theSig; + + + SL_ENTER(_("hash_me")); + +#ifdef DEBUG_EN2 + fprintf(stderr, "hash_me <%s> <%d>\n", + (key == NULL) ? "NULL" : key, buflen); +#endif + /* key = H(NSRV,NCLT,SK) + */ + ASSERT_RET((key != NULL), _("key != NULL"), (NULL)); + ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL)); + + theSig = sh_util_siggen (key, buf, buflen); + sl_strlcpy(hash, theSig, KEY_LEN+1); + + if (sl_ok_adds(buflen, KEY_LEN)) + { + total = KEY_LEN + buflen; + temp = SH_ALLOC (total); + + for (i = 0; i < KEY_LEN; ++i) + temp[i] = hash[i]; + + for (i = 0; i < buflen; ++i) + temp[i+KEY_LEN] = buf[i]; + } + else + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("integer overflow"), + _("hash_me")); + temp = sh_util_strdup(buf); + } + SL_RETURN(temp, _("hash_me")); +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +/* verify the checksum of a buffer; checksum comes first + */ +int hash_check(char * key, + char * buf, int buflen) +{ + char hash[KEY_LEN+1]; + register int i; + char * theSig; + + SL_ENTER(_("hash_check")); + +#ifdef DEBUG_EN2 + fprintf(stderr, "hash_check <%s> <%d>\n", + (key == NULL) ? "NULL" : key, buflen); +#endif + theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN); + sl_strlcpy(hash, theSig, KEY_LEN+1); + + for (i = 0; i < KEY_LEN; ++i) + { + if (buf[i] != hash[i]) + SL_RETURN((-1), _("hash_check")); + } + SL_RETURN((0), _("hash_check")); +} + +#endif + +#if defined (SH_WITH_SERVER) + +char * get_client_conf_file (char * peer, unsigned long * length) +{ + char * ret; + int status; + struct stat buf; + char * base; + size_t size; + + SL_ENTER(_("get_client_conf_file")); + + base = sh_util_strdup(DEFAULT_DATAROOT); + + size = sl_strlen(base); + if (sl_ok_adds(size, sl_strlen(peer))) + size += sl_strlen(peer); + if (sl_ok_adds(size, 6)) + size += 6; + + ret = SH_ALLOC(size); + sl_strlcpy(ret, base, size); + sl_strlcat(ret, _("/rc."), size); + sl_strlcat(ret, peer, size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab_end; + else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + sl_strlcpy(ret, base, size); + sl_strlcat(ret, "/rc", size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab_end; + else + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + SH_FREE(base); + SH_FREE(ret); + *length=0; + SL_RETURN(NULL, _("get_client_conf_file")); + + lab_end: + if (buf.st_size > 0x7fffffff) + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("File too large"), _("get_client_conf_file")); + SH_FREE(base); + SL_RETURN(NULL, _("get_client_conf_file")); + } + *length = (unsigned long) buf.st_size; + SH_FREE(base); + SL_RETURN(ret, _("get_client_conf_file")); +} + +char * get_client_data_file (char * peer, unsigned long * length) +{ + char * ret; + int status; + struct stat buf; + + char * base; + size_t size; + + SL_ENTER(_("get_client_data_file")); + + base = sh_util_strdup(DEFAULT_DATAROOT); + + size = sl_strlen(base); + if (sl_ok_adds(size, sl_strlen(peer))) + size += sl_strlen(peer); + if (sl_ok_adds(size, 8)) + size += 8; + + ret = SH_ALLOC(size); + sl_strlcpy(ret, base, size); + sl_strlcat(ret, _("/file."), size); + sl_strlcat(ret, peer, size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab1_end; + else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + + sl_strlcpy(ret, base, size); + sl_strlcat(ret, _("/file"), size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab1_end; + else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + + *length = 0; + SH_FREE(base); + SH_FREE(ret); + SL_RETURN(NULL, _("get_client_data_file")); + + lab1_end: + if (buf.st_size > 0x7fffffff) + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("File too large"), _("get_client_data_file")); + SH_FREE(base); + SL_RETURN(NULL, _("get_client_data_file")); + } + *length = (unsigned long) buf.st_size; + SH_FREE(base); + SL_RETURN(ret, _("get_client_data_file")); + +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) + +/* --------- secure temporary file ------------ */ + +SL_TICKET open_tmp () +{ + SL_TICKET fd; + UINT32 ticks; + char * file; + struct stat buf; + int error; + int status = BAD; + char * my_tmp_dir; + + SL_ENTER(_("open_tmp")); + +#if defined(SH_TMPDIR) + my_tmp_dir = sh_util_strdup(SH_TMPDIR); +#else +#if defined(SH_WITH_SERVER) + my_tmp_dir = sh_util_strdup(DEFAULT_LOGDIR); +#else + my_tmp_dir = sh_util_strdup(sh.effective.home); +#endif +#endif + + if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV)) + { + dlog(1, FIL__, __LINE__, + _("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"), + my_tmp_dir); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST, + (long) sh.effective.uid, + my_tmp_dir); + SH_FREE(my_tmp_dir); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + + do { + + /* create random filename in effective users home directory + */ + ticks = taus_get (&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0])); + if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0') + file = sh_util_strconcat (my_tmp_dir, + sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4), + NULL); + else + file = sh_util_strconcat (my_tmp_dir, + "/", + sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4), + NULL); + + /* check whether it already exists (paranoia) + */ + errno = 0; + status = retry_lstat(FIL__, __LINE__, file, &buf); + error = errno; + + if ( (status < 0) && (error == ENOENT) ) /* file does not exist */ + status = GOOD; + else if (status < 0) /* unexpected error condition */ + { + SH_FREE (file); + SH_FREE(my_tmp_dir); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), error)); + SL_RETURN((-1), _("open_tmp")); + } + else /* file exists */ + { + status = BAD; + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + } + + if (status == GOOD) + { + if (0 == tf_trust_check (file, SL_YESPRIV)) + status = GOOD; + else + { + status = BAD; + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + } + } + + if (status == BAD) + SH_FREE (file); + + } while (status == BAD); + + fd = sl_open_safe_rdwr (file, SL_YESPRIV); + if (SL_ISERROR(fd)) + { + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN, + _("Error opening temporary file"), _("open_tmp")); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + fd, file)); + } + + + SH_FREE (file); + SH_FREE(my_tmp_dir); + + if (!SL_ISERROR(fd)) { + sl_unlink(fd); + } + + if (!SL_ISERROR(fd)) + SL_RETURN((fd), _("open_tmp")); + else + SL_RETURN((-1), _("open_tmp")); +} + + +int close_tmp (SL_TICKET fd) +{ + SL_ENTER(_("close_tmp")); + + if (SL_ISERROR(sl_close (fd))) + SL_RETURN((-1), _("close_tmp")); + SL_RETURN((0), _("close_tmp")); +} + +int rewind_tmp (SL_TICKET fd) +{ + SL_ENTER(_("rewind_tmp")); + + if (SL_ISERROR(sl_rewind (fd))) + SL_RETURN((-1), _("rewind_tmp")); + SL_RETURN((0), _("rewind_tmp")); +} +#endif Index: branches/samhain-2_2-branch/src/sh_unix.c =================================================================== --- branches/samhain-2_2-branch/src/sh_unix.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_unix.c (revision 66) @@ -0,0 +1,4358 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include + + +#ifdef HAVE_MEMORY_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/********************* +#ifdef HAVE_SYS_VFS_H +#include +#endif +**********************/ +#endif + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifndef FD_SET +#define NFDBITS 32 +#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) +#endif /* !FD_SET */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 32 +#endif +#ifndef FD_ZERO +#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#endif + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#include "samhain.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_utils.h" +#include "sh_mem.h" +#include "sh_hash.h" +#include "sh_tools.h" +#include "sh_tiger.h" +#include "sh_prelink.h" + +/* moved here from far below + */ +#include + +#define SH_NEED_PWD_GRP +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +#if defined(S_IFLNK) && !defined(S_ISLNK) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#else +#if !defined(S_ISLNK) +#define S_ISLNK(mode) (0) +#endif +#endif + +#if defined(S_IFSOCK) && !defined(S_ISSOCK) +#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK) +#else +#if !defined(S_ISSOCK) +#define S_ISSOCK(mode) (0) +#endif +#endif + +#if defined(S_IFDOOR) && !defined(S_ISDOOR) +#define S_ISDOOR(mode) (((mode) & S_IFMT) == S_IFDOOR) +#else +#if !defined(S_ISDOOR) +#define S_ISDOOR(mode) (0) +#endif +#endif + +#if defined(S_IFPORT) && !defined(S_ISPORT) +#define S_ISPORT(mode) (((mode) & S_IFMT) == S_IFPORT) +#else +#if !defined(S_ISPORT) +#define S_ISPORT(mode) (0) +#endif +#endif + + +#undef FIL__ +#define FIL__ _("sh_unix.c") + +unsigned long mask_PRELINK = MASK_PRELINK_; +unsigned long mask_USER0 = MASK_USER_; +unsigned long mask_USER1 = MASK_USER_; +unsigned long mask_USER2 = MASK_USER_; +unsigned long mask_USER3 = MASK_USER_; +unsigned long mask_USER4 = MASK_USER_; +unsigned long mask_ALLIGNORE = MASK_ALLIGNORE_; +unsigned long mask_ATTRIBUTES = MASK_ATTRIBUTES_; +unsigned long mask_LOGFILES = MASK_LOGFILES_; +unsigned long mask_LOGGROW = MASK_LOGGROW_; +unsigned long mask_READONLY = MASK_READONLY_; +unsigned long mask_NOIGNORE = MASK_NOIGNORE_; + + +extern char **environ; + +int sh_unix_maskreset() +{ + mask_PRELINK = MASK_PRELINK_; + mask_USER0 = MASK_USER_; + mask_USER1 = MASK_USER_; + mask_USER2 = MASK_USER_; + mask_USER3 = MASK_USER_; + mask_USER4 = MASK_USER_; + mask_ALLIGNORE = MASK_ALLIGNORE_; + mask_ATTRIBUTES = MASK_ATTRIBUTES_; + mask_LOGFILES = MASK_LOGFILES_; + mask_LOGGROW = MASK_LOGGROW_; + mask_READONLY = MASK_READONLY_; + mask_NOIGNORE = MASK_NOIGNORE_; + return 0; +} + + +#ifdef SYS_SIGLIST_DECLARED +/* extern const char * const sys_siglist[]; */ +#else +char * sh_unix_siglist (int signum) +{ + switch (signum) + { +#ifdef SIGHUP + case SIGHUP: + return _("Hangup"); +#endif +#ifdef SIGINT + case SIGINT: + return _("Interrupt"); +#endif +#ifdef SIGQUIT + case SIGQUIT: + return _("Quit"); +#endif +#ifdef SIGILL + case SIGILL: + return _("Illegal instruction"); +#endif +#ifdef SIGTRAP + case SIGTRAP: + return _("Trace/breakpoint trap"); +#endif +#ifdef SIGABRT + case SIGABRT: + return _("IOT trap/Abort"); +#endif +#ifdef SIGBUS + case SIGBUS: + return _("Bus error"); +#endif +#ifdef SIGFPE + case SIGFPE: + return _("Floating point exception"); +#endif +#ifdef SIGUSR1 + case SIGUSR1: + return _("User defined signal 1"); +#endif +#ifdef SIGSEGV + case SIGSEGV: + return _("Segmentation fault"); +#endif +#ifdef SIGUSR2 + case SIGUSR2: + return _("User defined signal 2"); +#endif +#ifdef SIGPIPE + case SIGPIPE: + return _("Broken pipe"); +#endif +#ifdef SIGALRM + case SIGALRM: + return _("Alarm clock"); +#endif +#ifdef SIGTERM + case SIGTERM: + return _("Terminated"); +#endif +#ifdef SIGSTKFLT + case SIGSTKFLT: + return _("Stack fault"); +#endif +#ifdef SIGCHLD + case SIGCHLD: + return _("Child exited"); +#endif +#ifdef SIGCONT + case SIGCONT: + return _("Continued"); +#endif +#ifdef SIGSTOP + case SIGSTOP: + return _("Stopped"); +#endif +#ifdef SIGTSTP + case SIGTSTP: + return _("Stop typed at tty"); +#endif +#ifdef SIGTTIN + case SIGTTIN: + return _("Stopped (tty input)"); +#endif +#ifdef SIGTTOU + case SIGTTOU: + return _("Stopped (tty output)"); +#endif +#ifdef SIGURG + case SIGURG: + return _("Urgent condition"); +#endif +#ifdef SIGXCPU + case SIGXCPU: + return _("CPU time limit exceeded"); +#endif +#ifdef SIGXFSZ + case SIGXFSZ: + return _("File size limit exceeded"); +#endif +#ifdef SIGVTALRM + case SIGVTALRM: + return _("Virtual time alarm"); +#endif +#ifdef SIGPROF + case SIGPROF: + return _("Profile signal"); +#endif +#ifdef SIGWINCH + case SIGWINCH: + return _("Window size changed"); +#endif +#ifdef SIGIO + case SIGIO: + return _("Possible I/O"); +#endif +#ifdef SIGPWR + case SIGPWR: + return _("Power failure"); +#endif +#ifdef SIGUNUSED + case SIGUNUSED: + return _("Unused signal"); +#endif + } + return _("Unknown"); +} +#endif + + +/* Log from within a signal handler without using any + * functions that are not async signal safe. + * + * This is the safe_itoa helper function. + */ +char * safe_itoa(int i, char * str, int size) +{ + unsigned int u; + int iisneg = 0; + char *p = &str[size-1]; + + *p = '\0'; + if (i < 0) { + iisneg = 1; + u = ((unsigned int)(-(1+i))) + 1; + } else { + u = i; + } + do { + --p; + *p = '0' + (u % 10); + u /= 10; + } while (u && (p != str)); + if ((iisneg == 1) && (p != str)) { + --p; + *p = '-'; + } + return p; +} + +/* Log from within a signal handler without using any + * functions that are not async signal safe. + * + * This is the safe_logger function. + * Arguments: signal (signal number), method (0=logger, 1=stderr), thepid (pid) + */ +extern int OnlyStderr; + +int safe_logger (int signal, int method, char * details) +{ + unsigned int i = 0; + int status = -1; + struct stat buf; + pid_t newpid; + char str[128]; + char * p; + + char l0[64], l1[64], l2[64], l3[64]; + char a0[32], a1[32], a2[32]; + char e0[128]; + char msg[128]; + + char * locations[] = { NULL, NULL, NULL, NULL, NULL }; + char * envp[] = { NULL, NULL }; + char * argp[] = { NULL, NULL, NULL, NULL, NULL }; + + pid_t thepid = getpid(); + + if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) + method = 1; + + /* seems that solaris cc needs this way of initializing ... + */ + locations[0] = l0; + locations[1] = l1; + locations[2] = l2; + locations[3] = l3; + + envp[0] = e0; + + argp[0] = a0; + argp[1] = a1; + argp[2] = a2; + + sl_strlcpy(msg, _("samhain["), 128); + p = safe_itoa((int) thepid, str, 128); + if (p && *p) + sl_strlcat(msg, p, 128); + if (signal == 0) + { + if (details == NULL) { + sl_strlcat(msg, _("]: out of memory"), 128); + } else { + sl_strlcat(msg, _("]: "), 128); + sl_strlcat(msg, details, 128); + } + } + else + { + sl_strlcat(msg, _("]: exit on signal "), 128); + p = safe_itoa(signal, str, 128); + if (p && *p) + sl_strlcat(msg, p, 128); + } + + if (method == 1) { +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + write(STDERR_FILENO, msg, strlen(msg)); + write(STDERR_FILENO, "\n", 1); + return 0; + } + + sl_strlcpy (l0, _("/usr/bin/logger"), 64); + sl_strlcpy (l1, _("/usr/sbin/logger"), 64); + sl_strlcpy (l2, _("/usr/ucb/logger"), 64); + sl_strlcpy (l3, _("/bin/logger"), 64); + + sl_strlcpy (a0, _("logger"), 32); + sl_strlcpy (a1, _("-p"), 32); + sl_strlcpy (a2, _("daemon.alert"), 32); + + sl_strlcpy (e0, + _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"), + 128); + + while (locations[i] != NULL) { + status = stat(locations[i], &buf); + if (status == 0) + break; + ++i; + } + + if (locations[i] != NULL) { + argp[3] = msg; + newpid = fork(); + if (newpid == 0) { + execve(locations[i], argp, envp); + _exit(1); + } + else if (newpid > 0) { + waitpid(newpid, &status, WUNTRACED); + } + } + return 0; +} + +void safe_fatal (char * details, + char * file, int line) +{ + char msg[128]; + char str[128]; + char * p; + int signal = 0; + int method = 0; + + p = safe_itoa((int) line, str, 128); + sl_strlcpy(msg, _("FATAL: "), 128); + sl_strlcat(msg, file, 128); + sl_strlcat(msg, ": ", 128); + if (p && (*p)) { + sl_strlcat(msg, p , 128); + sl_strlcat(msg, ": ", 128); + } + sl_strlcat(msg, details, 128); + safe_logger (signal, method, msg); + _exit(EXIT_FAILURE); +} + +extern char sh_sig_msg[64]; + +volatile int immediate_exit_normal = 0; + +#if defined(SA_SIGACTION_WORKS) +static +void sh_unix_sigexit (int mysignal, siginfo_t * signal_info, void * signal_add) +#else +static +void sh_unix_sigexit (int mysignal) +#endif +{ + +#if defined(SA_SIGACTION_WORKS) + if (signal_info != NULL && signal_info->si_code == SI_USER && + mysignal != SIGTERM && mysignal != SIGINT) + { + return; + } + + /* avoid compiler warning (unused var) + */ + (void) signal_add; +#endif + + /* + * Block re-entry + */ + if (immediate_exit_normal > 0) + { + ++immediate_exit_normal; + if ((skey != NULL) && (immediate_exit_normal == 2)) + memset (skey, '\0', sizeof(sh_key_t)); + if (immediate_exit_normal == 2) + { + chdir ("/"); + safe_logger (mysignal, 0, NULL); + } + _exit(mysignal); + } + else + { + immediate_exit_normal = 1; + } + +#ifdef SYS_SIGLIST_DECLARED + strncpy (sh_sig_msg, sys_siglist[mysignal], 40); +#else + strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); +#endif + sh_sig_msg[63] = '\0'; + + ++sig_raised; + ++sig_urgent; + sig_termfast = 1; + return; +} + +volatile int immediate_exit_fast = 0; + +#if defined(SA_SIGACTION_WORKS) +static +void sh_unix_sigexit_fast (int mysignal, siginfo_t * signal_info, + void * signal_add) +#else +static +void sh_unix_sigexit_fast (int mysignal) +#endif +{ +#if defined(SA_SIGACTION_WORKS) + if (signal_info != NULL && signal_info->si_code == SI_USER) + { + return; + } +#endif + + /* avoid compiler warning (unused var) + */ +#if defined(SA_SIGACTION_WORKS) + (void) signal_add; +#endif + + /* Check whether the heap is ok; otherwise _exit + */ +#if !defined(SL_DEBUG) + ++immediate_exit_fast; + if (skey != NULL && immediate_exit_fast < 2) + memset (skey, '\0', sizeof(sh_key_t)); + if (immediate_exit_fast < 2) + safe_logger (mysignal, 0, NULL); + _exit(mysignal); +#else + + /* debug code + */ + if (immediate_exit_fast == 1) + { + ++immediate_exit_fast; + if (skey != NULL) + memset (skey, '\0', sizeof(sh_key_t)); +#ifdef WITH_MESSAGE_QUEUE + close_ipc (); +#endif + safe_logger (mysignal, 0, NULL); + chdir ("/"); + raise(SIGFPE); + } + else if (immediate_exit_fast == 2) + { + chdir ("/"); + raise(SIGFPE); + } + else if (immediate_exit_fast != 0) + { + _exit(mysignal); + } + + ++immediate_exit_fast; + + /* The FPE|BUS|SEGV|ILL signals leave the system in an undefined + * state, thus it is best to exit immediately. + */ +#ifdef SYS_SIGLIST_DECLARED + strncpy (sh_sig_msg, sys_siglist[mysignal], 40); +#else + strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); +#endif + + sl_stack_print(); + + /* Try to push out an error message. + */ + sh_error_handle ((-1), FIL__, __LINE__, mysignal, MSG_EXIT_NORMAL, + sh.prg_name, sh_sig_msg); + + if (skey != NULL) + memset (skey, '\0', sizeof(sh_key_t)); +#ifdef WITH_MESSAGE_QUEUE + close_ipc (); +#endif + + chdir ("/"); + raise(SIGFPE); +#endif +} + + +static +void sh_unix_sigaction (int mysignal) +{ + ++sig_raised; +#ifdef SIGUSR1 + if (mysignal == SIGUSR1) + sig_debug_switch = 1; +#endif +#ifdef SIGUSR2 + if (mysignal == SIGUSR2) + { + ++sig_suspend_switch; + ++sig_urgent; + } +#endif +#ifdef SIGHUP + if (mysignal == SIGHUP) + sig_config_read_again = 1; +#endif +#ifdef SIGTTOU + if (mysignal == SIGTTOU) + sig_force_check = 1; +#endif +#ifdef SIGABRT + if (mysignal == SIGABRT) + sig_fresh_trail = 1; +#endif +#ifdef SIGQUIT + if (mysignal == SIGQUIT) + { + sig_terminate = 1; + ++sig_urgent; + } +#endif +#ifdef SIGTERM + if (mysignal == SIGTERM) + { + strncpy (sh_sig_msg, _("Terminated"), 40); + sig_termfast = 1; + ++sig_urgent; + } +#endif + + return; +} + +static +void sh_unix_siginstall (int goDaemon) +{ + struct sigaction act, act_fast, act2, oldact, ignact; +#if defined (SH_WITH_SERVER) + (void) goDaemon; +#endif + + SL_ENTER(_("sh_unix_siginstall")); + + ignact.sa_handler = SIG_IGN; /* signal action */ + sigemptyset( &ignact.sa_mask ); /* set an empty mask */ + ignact.sa_flags = 0; /* init sa_flags */ + +#if defined(SA_SIGACTION_WORKS) + act.sa_sigaction = &sh_unix_sigexit; /* signal action */ +#else + act.sa_handler = &sh_unix_sigexit; /* signal action */ +#endif + + sigfillset ( &act.sa_mask ); /* set a full mask */ + + + /* Block all but deadly signals. + */ +#ifdef SIGILL + sigdelset ( &act.sa_mask, SIGILL ); +#endif +#ifndef SL_DEBUG +#ifdef SIGFPE + sigdelset ( &act.sa_mask, SIGFPE ); +#endif +#endif +#ifdef SIGSEGV + sigdelset ( &act.sa_mask, SIGSEGV ); +#endif +#ifdef SIGBUS + sigdelset ( &act.sa_mask, SIGBUS ); +#endif + +#if defined(SA_SIGACTION_WORKS) + act_fast.sa_sigaction = &sh_unix_sigexit_fast; /* signal action */ +#else + act_fast.sa_handler = &sh_unix_sigexit_fast; /* signal action */ +#endif + + sigfillset ( &act_fast.sa_mask ); /* set a full mask */ + +#ifdef SIGILL + sigdelset ( &act_fast.sa_mask, SIGILL ); +#endif +#ifndef SL_DEBUG +#ifdef SIGFPE + sigdelset ( &act_fast.sa_mask, SIGFPE ); +#endif +#endif +#ifdef SIGSEGV + sigdelset ( &act_fast.sa_mask, SIGSEGV ); +#endif +#ifdef SIGBUS + sigdelset ( &act_fast.sa_mask, SIGBUS ); +#endif + + + /* Use siginfo to verify origin of signal, if possible. + */ +#if defined(SA_SIGACTION_WORKS) + act.sa_flags = SA_SIGINFO; + act_fast.sa_flags = SA_SIGINFO; +#else + act.sa_flags = 0; + act_fast.sa_flags = 0; +#endif + + /* Do not block the signal from being received in its handler ... + * (is this a good or a bad idea ??). + */ +#if defined(SA_NOMASK) + act_fast.sa_flags |= SA_NOMASK; +#elif defined(SA_NODEFER) + act_fast.sa_flags |= SA_NODEFER; +#endif + + + act2.sa_handler = &sh_unix_sigaction; /* signal action */ + sigemptyset( &act2.sa_mask ); /* set an empty mask */ + act2.sa_flags = 0; /* init sa_flags */ + + /* signals to control the daemon */ + +#ifdef SIGHUP + retry_sigaction(FIL__, __LINE__, SIGHUP, &act2, &oldact); +#endif +#ifdef SIGABRT + retry_sigaction(FIL__, __LINE__, SIGABRT, &act2, &oldact); +#endif +#ifdef SIGUSR1 + retry_sigaction(FIL__, __LINE__, SIGUSR1, &act2, &oldact); +#endif +#ifdef SIGUSR2 + retry_sigaction(FIL__, __LINE__, SIGUSR2, &act2, &oldact); +#endif +#ifdef SIGQUIT + retry_sigaction(FIL__, __LINE__, SIGQUIT, &act2, &oldact); +#endif +#ifdef SIGTERM + retry_sigaction(FIL__, __LINE__, SIGTERM, &act, &oldact); +#endif + + /* fatal signals that may cause termination */ + +#ifdef SIGILL + retry_sigaction(FIL__, __LINE__, SIGILL, &act_fast, &oldact); +#endif +#ifndef SL_DEBUG +#ifdef SIGFPE + retry_sigaction(FIL__, __LINE__, SIGFPE, &act_fast, &oldact); +#endif +#endif +#ifdef SIGSEGV + retry_sigaction(FIL__, __LINE__, SIGSEGV, &act_fast, &oldact); +#endif +#ifdef SIGBUS + retry_sigaction(FIL__, __LINE__, SIGBUS, &act_fast, &oldact); +#endif + + /* other signals */ + +#ifdef SIGINT + retry_sigaction(FIL__, __LINE__, SIGINT, &act, &oldact); +#endif +#ifdef SIGPIPE + retry_sigaction(FIL__, __LINE__, SIGPIPE, &act, &oldact); +#endif +#ifdef SIGALRM + retry_sigaction(FIL__, __LINE__, SIGALRM, &ignact, &oldact); +#endif +#ifdef SIGTSTP + retry_sigaction(FIL__, __LINE__, SIGTSTP, &ignact, &oldact); +#endif +#ifdef SIGTTIN + retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); +#endif +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#ifdef SIGTTOU + if (goDaemon == 1) + retry_sigaction(FIL__, __LINE__, SIGTTOU, &act2, &oldact); + else + retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); +#endif +#else +#ifdef SIGTTOU + retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); +#endif +#endif + +#ifdef SIGTRAP +#if !defined(SCREW_IT_UP) + retry_sigaction(FIL__, __LINE__, SIGTRAP, &act, &oldact); +#endif +#endif + +#ifdef SIGPOLL + retry_sigaction(FIL__, __LINE__, SIGPOLL, &ignact, &oldact); +#endif +#if defined(SIGPROF) && !defined(SH_PROFILE) + retry_sigaction(FIL__, __LINE__, SIGPROF, &ignact, &oldact); +#endif +#ifdef SIGSYS + retry_sigaction(FIL__, __LINE__, SIGSYS, &act, &oldact); +#endif +#ifdef SIGURG + retry_sigaction(FIL__, __LINE__, SIGURG, &ignact, &oldact); +#endif +#if defined(SIGVTALRM) && !defined(SH_PROFILE) + retry_sigaction(FIL__, __LINE__, SIGVTALRM, &ignact, &oldact); +#endif +#ifdef SIGXCPU + retry_sigaction(FIL__, __LINE__, SIGXCPU, &act, &oldact); +#endif +#ifdef SIGXFSZ + retry_sigaction(FIL__, __LINE__, SIGXFSZ, &act, &oldact); +#endif + +#ifdef SIGEMT + retry_sigaction(FIL__, __LINE__, SIGEMT, &ignact, &oldact); +#endif +#ifdef SIGSTKFLT + retry_sigaction(FIL__, __LINE__, SIGSTKFLT, &act, &oldact); +#endif +#ifdef SIGIO + retry_sigaction(FIL__, __LINE__, SIGIO, &ignact, &oldact); +#endif +#ifdef SIGPWR + retry_sigaction(FIL__, __LINE__, SIGPWR, &act, &oldact); +#endif + +#ifdef SIGLOST + retry_sigaction(FIL__, __LINE__, SIGLOST, &ignact, &oldact); +#endif +#ifdef SIGUNUSED + retry_sigaction(FIL__, __LINE__, SIGUNUSED, &ignact, &oldact); +#endif + + SL_RET0(_("sh_unix_siginstall")); +} + +/* ---------------------------------------------------------------- */ + +/* checksum the own binary + */ +int sh_unix_self_hash (const char * c) +{ + char message[512]; + + SL_ENTER(_("sh_unix_self_hash")); + + if (c == NULL) + { + sh.exec.path[0] = '\0'; + SL_RETURN((0), _("sh_unix_self_hash")); + } + sl_strlcpy(sh.exec.path, c, SH_PATHBUF); + + sl_strlcpy(sh.exec.hash, + sh_tiger_hash (c, TIGER_FILE, 0), + KEY_LEN+1); + sl_snprintf(message, 512, _("%s has checksum: %s"), + sh.exec.path, sh.exec.hash); + message[511] = '\0'; + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + message, _("sh_unix_self_hash")); + if (0 == sl_strcmp(sh.exec.hash, + _("000000000000000000000000000000000000000000000000") + )) + { + dlog(1, FIL__, __LINE__, + _("Could not checksum my own executable because of the\nfollowing error: %s: %s\n\nPossible reasons include:\n Wrong path in configure file option SamhainPath=/path/to/executable\n No read permission for the effective UID: %d\n"), + sh.exec.path, sl_get_errmsg(), (int) sl_ret_euid()); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_NOACCESS, + (long) sh.real.uid, c); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + SL_RETURN((0), _("sh_unix_self_hash")); +} + +int sh_unix_self_check () +{ + char newhash[KEY_LEN+1]; + char message[512]; + + SL_ENTER(_("sh_unix_self_check")); + if (sh.exec.path == NULL || sh.exec.path[0] == '\0') + SL_RETURN((0), _("sh_unix_self_check")); + + sl_strlcpy(newhash, sh_tiger_hash (sh.exec.path, TIGER_FILE, 0), KEY_LEN+1); + if (0 == sl_strncmp(sh.exec.hash, + newhash, + KEY_LEN)) + SL_RETURN((0), _("sh_unix_self_check")); + + + dlog(1, FIL__, __LINE__, + _("The checksum of the executable: %s has changed since startup (%s -> %s).\n"), + sh.exec.path, sh.exec.hash, newhash); + + sl_snprintf(message, 512, + _("The checksum of %s has changed since startup (%s -> %s)"), + sh.exec.path, sh.exec.hash, newhash); + message[511] = '\0'; + + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + message, _("sh_unix_self_check")); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_E_AUTH, + sh.exec.path); + SL_RETURN((-1), _("sh_unix_self_check")); +} + + +/* ---------------------------------------------------------------- */ + + +/* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ +static int tf_add_trusted_user_int(const char * c) +{ + register struct passwd * w; + int count; + uid_t pwid = (uid_t)-1; + + SL_ENTER(_("tf_add_trusted_user_int")); + + /* First check for a user name. + */ + if ((w = sh_getpwnam(c)) != NULL && ((pwid = w->pw_uid) > 0)) + goto succe; + + /* Failed, so check for a numerical value. + */ + pwid = strtol(c, (char **)NULL, 10); + if (pwid > 0 && pwid < 65535) + goto succe; + + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("add trusted user"), c); + SL_RETURN((-1), _("tf_add_trusted_user_int")); + + succe: + count = sl_trust_add_user(pwid); + SL_RETURN((count), _("tf_add_trusted_user_int")); +} + +int tf_add_trusted_user(const char * c) +{ + int i; + char * q; + char * p = sh_util_strdup (c); + + SL_ENTER(_("tf_add_trusted_user")); + + q = strtok(p, ", \t"); + if (!q) + { + SH_FREE(p); + SL_RETURN((-1), _("tf_add_trusted_user")); + } + while (q) + { + i = tf_add_trusted_user_int(q); + if (SL_ISERROR(i)) + { + SH_FREE(p); + SL_RETURN((i), _("tf_add_trusted_user")); + } + q = strtok(NULL, ", \t"); + } + SH_FREE(p); + SL_RETURN((0), _("tf_add_trusted_user")); +} + +extern uid_t sl_trust_baduid(); +extern gid_t sl_trust_badgid(); + +#if defined(HOST_IS_CYGWIN) || defined(__cygwin__) || defined(__CYGWIN32__) || defined(__CYGWIN__) +int tf_trust_check (char * file, int mode) +{ + (void) file; + (void) mode; + return 0; +} +#else +int tf_trust_check (char * file, int mode) +{ + char * tmp; + char * tmp2; + char * p; + int status; + int level; + uid_t ff_euid; + + SL_ENTER(_("tf_trust_check")); + + if (mode == SL_YESPRIV) + sl_get_euid(&ff_euid); + else + sl_get_ruid(&ff_euid); + +#if defined(SH_WITH_SERVER) + if (0 == sl_ret_euid()) /* privileges not dropped yet */ + { + struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); + + if (!tempres) + { + dlog(1, FIL__, __LINE__, + _("User %s does not exist. Please add the user to your system.\n"), + DEFAULT_IDENT); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + ff_euid = tempres->pw_uid; + } +#endif + + status = sl_trustfile_euid(file, ff_euid); + + if ( SL_ENONE != status) + { + if (status == SL_ESTAT) + level = SH_ERR_ALL; + else + level = SH_ERR_ERR; + + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + if (p && *p != '\0') + { + tmp2 = sh_util_safe_name (sl_trust_errfile()); + sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST2, + sl_error_string(status), tmp, tmp2); + SH_FREE(tmp2); + } + else + { + sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST1, + sl_error_string(status), tmp); + } + SH_FREE(tmp); + + if (status == SL_EBADUID || status == SL_EBADGID || + status == SL_EBADOTH || status == SL_ETRUNC || + status == SL_EINTERNAL ) + { + switch (status) { + case SL_EINTERNAL: + dlog(1, FIL__, __LINE__, + _("An internal error occured in the trustfile function.\n")); + break; + case SL_ETRUNC: + tmp = sh_util_safe_name (file); + dlog(1, FIL__, __LINE__, + _("A filename truncation occured in the trustfile function.\nProbably the normalized filename for %s\nis too long. This may be due e.g. to deep or circular softlinks.\n"), + tmp); + SH_FREE(tmp); + break; + case SL_EBADOTH: + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + dlog(1, FIL__, __LINE__, + _("The path element: %s\nin the filename: %s is world writeable.\n"), + p, tmp); + SH_FREE(tmp); + break; + case SL_EBADUID: + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + dlog(1, FIL__, __LINE__, + _("The owner (UID = %ld) of the path element: %s\nin the filename: %s\nis not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), + (UID_CAST)sl_trust_baduid(), p, tmp); + SH_FREE(tmp); + break; + case SL_EBADGID: + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + dlog(1, FIL__, __LINE__, + _("The path element: %s\nin the filename: %s\nis group writeable (GID = %ld), and at least one of the group\nmembers (UID = %ld) is not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), + p, tmp, (UID_CAST)sl_trust_badgid(), + (UID_CAST)sl_trust_baduid()); + SH_FREE(tmp); + break; + default: + break; + } + + SL_RETURN((-1), _("tf_trust_check")); + } + } + + SL_RETURN((0), _("tf_trust_check")); +} +#endif + +#ifdef HAVE_INITGROUPS +#ifdef HOST_IS_OSF +int sh_unix_initgroups ( char * in_user, gid_t in_gid) +#else +int sh_unix_initgroups (const char * in_user, gid_t in_gid) +#endif +{ + int status = -1; + status = sh_initgroups (in_user, in_gid); + if (status < 0) + { + if (errno == EPERM) + return 0; + if (errno == EINVAL) + return 0; + return -1; + } + return 0; +} +#else +int sh_unix_initgroups (const char * in_user, gid_t in_gid) +{ + (void) in_user; + (void) in_gid; + return 0; +} +#endif + +#ifdef HAVE_INITGROUPS +char * sh_unix_getUIDname (int level, uid_t uid); +int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid) +{ + int status = -1; + char * user = NULL; + + SL_ENTER(_("sh_unix_initgroups2")); + + user = sh_unix_getUIDname (SH_ERR_ERR, in_pid); + if (user == NULL) + SL_RETURN((-1), _("sh_unix_initgroups2")); + status = sh_initgroups (user, in_gid); + if (status < 0) + { + if (errno == EPERM) + status = 0; + if (errno == EINVAL) + status = 0; + } + SL_RETURN((status), _("sh_unix_initgroups2")); +} +#else +int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid) +{ + (void) in_pid; + (void) in_gid; + return 0; +} +#endif + +void sh_unix_closeall (int fd, int except) +{ + int fdx = fd; +#ifdef _SC_OPEN_MAX + int fdlimit = sysconf (_SC_OPEN_MAX); +#else +#ifdef OPEN_MAX + int fdlimit = OPEN_MAX; +#else + int fdlimit = _POSIX_OPEN_MAX; +#endif +#endif + + SL_ENTER(_("sh_unix_closeall")); + + /* can't happen - so fix it :-( + */ + if (fdlimit < 0) + fdlimit = 8; /* POSIX lower limit */ + + if (fdlimit > 65536) + fdlimit = 65536; + + /* Close everything from fd (inclusive) up to fdlimit (exclusive). + */ + while (fd < fdlimit) + { + if (fd == except) + fd++; + else if (slib_do_trace != 0 && fd == slib_trace_fd) + fd++; + else + close(fd++); + } + + sl_dropall (fdx, except); + + SL_RET0(_("sh_unix_closeall")); +} + +static void sh_unix_setlimits(void) +{ + struct rlimit limits; + + SL_ENTER(_("sh_unix_setlimits")); + + limits.rlim_cur = RLIM_INFINITY; + limits.rlim_max = RLIM_INFINITY; + +#ifdef RLIMIT_CPU + setrlimit (RLIMIT_CPU, &limits); +#endif +#ifdef RLIMIT_FSIZE + setrlimit (RLIMIT_FSIZE, &limits); +#endif +#ifdef RLIMIT_DATA + setrlimit (RLIMIT_DATA, &limits); +#endif +#ifdef RLIMIT_STACK + setrlimit (RLIMIT_STACK, &limits); +#endif +#ifdef RLIMIT_RSS + setrlimit (RLIMIT_RSS, &limits); +#endif +#ifdef RLIMIT_NPROC + setrlimit (RLIMIT_NPROC, &limits); +#endif +#ifdef RLIMIT_MEMLOCK + setrlimit (RLIMIT_MEMLOCK, &limits); +#endif + +#if !defined(SL_DEBUG) + /* no core dumps + */ + limits.rlim_cur = 0; + limits.rlim_max = 0; +#ifdef RLIMIT_CORE + setrlimit (RLIMIT_CORE, &limits); +#endif +#else +#ifdef RLIMIT_CORE + setrlimit (RLIMIT_CORE, &limits); +#endif +#endif + + limits.rlim_cur = 1024; + limits.rlim_max = 1024; + +#if defined(RLIMIT_NOFILE) + setrlimit (RLIMIT_NOFILE, &limits); +#elif defined(RLIMIT_OFILE) + setrlimit (RLIMIT_OFILE, &limits); +#endif + + SL_RET0(_("sh_unix_setlimits")); +} + +static void sh_unix_copyenv(void) +{ + char ** env0 = environ; + char ** env1; + int envlen = 0; + size_t len; + + SL_ENTER(_("sh_unix_copyenv")); + + while (env0 != NULL && env0[envlen] != NULL) { + /* printf("%2d: %s\n", envlen, env0[envlen]); */ + ++envlen; + } + ++envlen; + + /* printf("-> %2d: slots allocated\n", envlen); */ + env1 = malloc (sizeof(char *) * envlen); /* only once */ + if (env1 == NULL) + { + fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); + SL_RET0(_("sh_unix_copyenv")); + } + env0 = environ; + envlen = 0; + + while (env0 != NULL && env0[envlen] != NULL) { + len = strlen(env0[envlen]) + 1; + env1[envlen] = malloc (len); /* only once */ + if (env1[envlen] == NULL) + { + fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); + SL_RET0(_("sh_unix_copyenv")); + } + sl_strlcpy(env1[envlen], env0[envlen], len); + ++envlen; + } + env1[envlen] = NULL; + + environ = env1; + SL_RET0(_("sh_unix_copyenv")); +} + +/* delete all environment variables + */ +static void sh_unix_zeroenv(void) +{ + char * c; + char ** env; + + SL_ENTER(_("sh_unix_zeroenv")); + + sh_unix_copyenv(); + env = environ; + + while (env != NULL && *env != NULL) { + c = strchr ((*env), '='); +#ifdef WITH_MYSQL + /* + * Skip the MYSQL_UNIX_PORT environment variable; MySQL may need it. + */ + if (0 == sl_strncmp((*env), _("MYSQL_UNIX_PORT="), 16)) + { + ++(env); + continue; + } + if (0 == sl_strncmp((*env), _("MYSQL_TCP_PORT="), 15)) + { + ++(env); + continue; + } + if (0 == sl_strncmp((*env), _("MYSQL_HOME="), 11)) + { + ++(env); + continue; + } +#endif +#ifdef WITH_ORACLE + /* + * Skip the ORACLE_HOME environment variable; Oracle may need it. + */ + if (0 == sl_strncmp((*env), _("ORACLE_HOME="), 12)) + { + ++(env); + continue; + } +#endif + /* + * Skip the TZ environment variable. + */ + if (0 == sl_strncmp((*env), _("TZ="), 3)) + { + ++(env); + continue; + } + ++(env); + if (c != NULL) + { + ++c; + while ((*c) != '\0') { + (*c) = '\0'; + ++c; + } + } + } + + SL_RET0(_("sh_unix_zeroenv")); +} + + +static void sh_unix_resettimer(void) +{ + struct itimerval this_timer; + + SL_ENTER(_("sh_unix_resettimer")); + + this_timer.it_value.tv_sec = 0; + this_timer.it_value.tv_usec = 0; + + this_timer.it_interval.tv_sec = 0; + this_timer.it_interval.tv_usec = 0; + + setitimer(ITIMER_REAL, &this_timer, NULL); +#if !defined(SH_PROFILE) + setitimer(ITIMER_VIRTUAL, &this_timer, NULL); + setitimer(ITIMER_PROF, &this_timer, NULL); +#endif + + SL_RET0(_("sh_unix_resettimer")); +} + +static void sh_unix_resetsignals(void) +{ + int sig_num; +#ifdef NSIG + int max_sig = NSIG; +#else + int max_sig = 255; +#endif + int test; + struct sigaction act, oldact; + int status; + + sigset_t set_proc; + + SL_ENTER(_("sh_unix_resetsignals")); + /* + * Reset the current signal mask (inherited from parent process). + */ + + sigfillset(&set_proc); + + do { + errno = 0; + test = sigprocmask(SIG_UNBLOCK, &set_proc, NULL); + } while (test < 0 && errno == EINTR); + + /* + * Reset signal handling. + */ + + act.sa_handler = SIG_DFL; /* signal action */ + sigemptyset( &act.sa_mask ); /* set an empty mask */ + act.sa_flags = 0; /* init sa_flags */ + + for (sig_num = 1; sig_num <= max_sig; ++sig_num) + { +#if !defined(SH_PROFILE) + test = retry_sigaction(FIL__, __LINE__, sig_num, &act, &oldact); +#else + test = 0; +#endif + if ((test == -1) && (errno != EINVAL)) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_SIG, + sh_error_message (status), sig_num); + } + } + + SL_RET0(_("sh_unix_resetsignals")); +} + +/* Get the local hostname (FQDN) + */ +#include + +/* Required for BSD + */ +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#include + +char * sh_unix_h_name (struct hostent * host_entry) +{ + char ** p; + if (strchr(host_entry->h_name, '.')) { + return host_entry->h_name; + } else { + for (p = host_entry->h_aliases; *p; ++p) { + if (strchr(*p, '.')) + return *p; + } + } + return host_entry->h_name; +} + +/* uname() on FreeBSD is broken, because the 'nodename' buf is too small + * to hold a valid (leftmost) domain label. + */ +#if defined(HAVE_UNAME) && !defined(HOST_IS_FREEBSD) +#include +void sh_unix_localhost() +{ + struct utsname buf; + struct hostent * he1; + int i; + int ddot = 0; + int len; + char * p; + char hostname[256]; + + + SL_ENTER(_("sh_unix_localhost")); + + (void) uname (&buf); + /* flawfinder: ignore */ /* ff bug, ff sees system() */ + sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); + sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); + sl_strlcpy (sh.host.machine, buf.machine, SH_MINIBUF); + + /* Workaround for cases where nodename could be + * a truncated FQDN. + */ + if (strlen(buf.nodename) == (sizeof(buf.nodename)-1)) + { + p = strchr(buf.nodename, '.'); + if (NULL != p) { + *p = '\0'; + sl_strlcpy(hostname, buf.nodename, 256); + } else { +#ifdef HAVE_GETHOSTNAME + if (0 != gethostname(hostname, 256)) + { + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("nodename returned by uname may be truncated"), + _("sh_unix_localhost")); + sl_strlcpy (hostname, buf.nodename, 256); + } + else + { + hostname[255] = '\0'; + } +#else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("nodename returned by uname may be truncated"), + _("sh_unix_localhost")); + sl_strlcpy(hostname, buf.nodename, 256); +#endif + } + } + else + { + sl_strlcpy(hostname, buf.nodename, 256); + } + + he1 = sh_gethostbyname(hostname); + + if (he1 == NULL) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN. For more information, see the entry about self-resolving under 'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname); + sl_strlcpy (sh.host.name, hostname, SH_PATHBUF); + } + else + { + sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); + } + + + /* check whether it looks like a FQDN + */ + len = sl_strlen(sh.host.name); + for (i = 0; i < len; ++i) + if (sh.host.name[i] == '.') ++ddot; + + if (ddot == 0 && he1 != NULL) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + sl_strlcpy (sh.host.name, + inet_ntoa (*(struct in_addr *) he1->h_addr), + SH_PATHBUF); + SL_RET0(_("sh_unix_localhost")); + } + + if (is_numeric(sh.host.name)) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + } + + SL_RET0(_("sh_unix_localhost")); +} +#else +void sh_unix_localhost() +{ + struct hostent * he1; + int i; + int ddot = 0; + int len; + char hostname[1024]; + + + SL_ENTER(_("sh_unix_localhost")); + + (void) gethostname (hostname, 1024); + hostname[1023] = '\0'; + he1 = sh_gethostbyname(hostname); + + if (he1 != NULL) + { + sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); + } + else + { + dlog(1, FIL__, __LINE__, + _("According to gethostname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname); + sl_strlcpy (sh.host.name, _("localhost"), SH_PATHBUF); + SL_RET0(_("sh_unix_localhost")); + } + + /* check whether it looks like a FQDN + */ + len = sl_strlen(sh.host.name); + for (i = 0; i < len; ++i) + if (sh.host.name[i] == '.') ++ddot; + if (ddot == 0) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + sl_strlcpy (sh.host.name, + inet_ntoa (*(struct in_addr *) he1->h_addr), + SH_PATHBUF); + SL_RET0(_("sh_unix_localhost")); + } + + if (is_numeric(sh.host.name)) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + } + + SL_RET0(_("sh_unix_localhost")); +} +#endif + + +void sh_unix_memlock() +{ + SL_ENTER(_("sh_unix_memlock")); + + /* do this before dropping privileges + */ +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + if (skey->mlock_failed == SL_FALSE) + { + if ( (-1) == sh_unix_mlock( FIL__, __LINE__, + (char *) skey, sizeof (sh_key_t)) ) + { + skey->mlock_failed = SL_TRUE; + } + } +#else + if (skey->mlock_failed == SL_FALSE) + { + skey->mlock_failed = SL_TRUE; + } +#endif + + SL_RET0(_("sh_unix_memlock")); +} + +#ifdef SH_WITH_SERVER +char * chroot_dir = NULL; + +int sh_unix_set_chroot(const char * str) +{ + size_t len; + static int block = 0; + + if (block == 1) + return 0; + + if (str && *str == '/') + { + len = strlen(str) + 1; + chroot_dir = malloc(strlen(str) + 1); /* only once */ + if (!chroot_dir) + { + fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); + return 1; + } + sl_strlcpy(chroot_dir, str, len); + block = 1; + return 0; + } + return 1; +} + +int sh_unix_chroot() +{ + int status; + + if (chroot_dir != NULL) + { + status = retry_aud_chdir(FIL__, __LINE__, chroot_dir); + if ( (-1) == status ) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR, + sh_error_message (status), chroot_dir); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + /* flawfinder: ignore */ + return (chroot(chroot_dir)); + } + return 0; +} +/* #ifdef SH_WITH_SERVER */ +#else +int sh_unix_chroot() { return 0; } +#endif + +/* daemon mode + */ +static int block_setdeamon = 0; + +int sh_unix_setdeamon(const char * dummy) +{ + int res = 0; + + SL_ENTER(_("sh_unix_setdeamon")); + + if (block_setdeamon != 0) + SL_RETURN((0),_("sh_unix_setdeamon")); + + if (dummy == NULL) + sh.flag.isdaemon = ON; + else + res = sh_util_flagval (dummy, &sh.flag.isdaemon); + + if (sh.flag.opts == S_TRUE) + block_setdeamon = 1; + + SL_RETURN(res, _("sh_unix_setdeamon")); +} +#if defined(HAVE_LIBPRELUDE) +#include "sh_prelude.h" +#endif + +int sh_unix_setnodeamon(const char * dummy) +{ + int res = 0; + + SL_ENTER(_("sh_unix_setnodeamon")); + + if (block_setdeamon != 0) + SL_RETURN((0),_("sh_unix_setmodeamon")); + + if (dummy == NULL) + sh.flag.isdaemon = OFF; + else + res = sh_util_flagval (dummy, &sh.flag.isdaemon); + + if (sh.flag.opts == S_TRUE) + block_setdeamon = 1; + + SL_RETURN(res, _("sh_unix_setnodeamon")); +} + +int sh_unix_init(int goDaemon) +{ + int status; + uid_t uid; + pid_t oldpid = getpid(); +#if defined(SH_WITH_SERVER) + extern int sh_socket_open_int (); +#endif + + SL_ENTER(_("sh_unix_init")); + + /* fork twice, exit the parent process + */ + if (goDaemon == 1) { + + switch (aud_fork(FIL__, __LINE__)) { + case 0: break; /* child process continues */ + case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */ + default: aud__exit(FIL__, __LINE__, 0); /* parent process exits */ + } + + /* Child processes do not inherit page locks across a fork. + * Error in next fork would return in this (?) thread of execution. + */ + sh_unix_memlock(); + + setsid(); /* should not fail */ + + switch (aud_fork(FIL__, __LINE__)) { + case 0: break; /* child process continues */ + case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */ + default: aud__exit(FIL__, __LINE__, 0); /* parent process exits */ + } + + /* Child processes do not inherit page locks across a fork. + */ + sh_unix_memlock(); + + } else { + setsid(); /* should not fail */ + } + + /* set working directory + */ +#ifdef SH_PROFILE + status = 0; +#else + status = retry_aud_chdir(FIL__, __LINE__, "/"); +#endif + if ( (-1) == status ) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR, + sh_error_message (status), "/"); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* reset timers + */ + sh_unix_resettimer(); + + /* signal handlers + */ + sh_unix_resetsignals(); +#if defined(SCREW_IT_UP) + sh_sigtrap_prepare(); +#endif + sh_unix_siginstall (goDaemon); + + /* set file creation mask + */ + (void) umask (0); /* should not fail */ + + /* set resource limits to maximum, and + * core dump size to zero + */ + sh_unix_setlimits(); + + /* zero out the environment (like PATH='\0') + */ + sh_unix_zeroenv(); + + + /* close all file descriptors, and + * open first three streams to /dev/null + */ + if (goDaemon == 1) + { + sh_unix_closeall (0, -1); /* if running as daemon */ + aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0); + retry_aud_dup(FIL__, __LINE__, 0); + retry_aud_dup(FIL__, __LINE__, 0); +#if defined(HAVE_LIBPRELUDE) + sh_prelude_reset (); +#endif + + /* --- wait until parent has exited --- + */ + while (1 == 1) + { + errno = 0; + if (0 > aud_kill (FIL__, __LINE__, oldpid, 0) && errno == ESRCH) + { + break; + } + retry_msleep(0, 1); + } + + /* write PID file + */ + status = sh_unix_write_pid_file(); + if (status < 0) + { + sl_get_euid(&uid); + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_PIDFILE, + (long) uid, sh.srvlog.alt); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } +#if defined(SH_WITH_SERVER) + sh_socket_open_int (); +#endif + } + else + { + sh_unix_closeall(3, -1); /* if not daemon */ +#if defined(HAVE_LIBPRELUDE) + sh_prelude_reset (); +#endif +#if defined(SH_WITH_SERVER) + sh_socket_open_int (); +#endif + } + + /* chroot (this is a no-op if no chroot dir is specified + */ + status = sh_unix_chroot(); + if (status < 0) + { + status = errno; + sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + sh_error_message(status), _("chroot")); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* drop capabilities + */ + sl_drop_cap(); + + SL_RETURN((0),_("sh_unix_init")); +} + +/******************************************************** + * + * TIME + * + ********************************************************/ + +/* Figure out the time offset of the current timezone + * in a portable way. + */ +char * t_zone(const time_t * xx) +{ + struct tm aa; + struct tm bb; + struct tm * cc; + int sign = 0; + int diff = 0; + int hh, mm; + static char tz[64]; + + SL_ENTER(_("t_zone")); + + + cc = gmtime (xx); + memcpy (&aa, cc, sizeof(struct tm)); + cc = localtime (xx); + memcpy (&bb, cc, sizeof(struct tm)); + + /* Check for datum wrap-around. + */ + if (aa.tm_year < bb.tm_year) + sign = (-1); + else if (aa.tm_mon < bb.tm_mon) + sign = (-1); + else if (aa.tm_mday < bb.tm_mday) + sign = (-1); + else if (bb.tm_year < aa.tm_year) + sign = ( 1); + else if (bb.tm_mon < aa.tm_mon) + sign = ( 1); + else if (bb.tm_mday < aa.tm_mday) + sign = ( 1); + + diff = aa.tm_hour * 60 + aa.tm_min; + diff = (bb.tm_hour * 60 + bb.tm_min) - diff; + diff = diff - (sign * 24 * 60); /* datum wrap-around correction */ + hh = diff / 60; + mm = diff - (hh * 60); + sprintf (tz, _("%+03d%02d"), hh, mm); /* known to fit */ + + SL_RETURN(tz, _("t_zone")); +} + +unsigned long sh_unix_longtime () +{ + return ((unsigned long)time(NULL)); +} + +#ifdef HAVE_GETTIMEOFDAY +unsigned long sh_unix_notime () +{ + struct timeval tv; + + gettimeofday (&tv, NULL); + + return ((unsigned long)(tv.tv_sec + tv.tv_usec * 10835 + getpid() + getppid())); + +} +#endif + +static int count_dev_time = 0; + +void reset_count_dev_time(void) +{ + count_dev_time = 0; + return; +} + +int sh_unix_settimeserver (const char * address) +{ + + SL_ENTER(_("sh_unix_settimeserver")); + + if (address != NULL && count_dev_time < 2 + && sl_strlen(address) < SH_PATHBUF) + { + if (count_dev_time == 0) + sl_strlcpy (sh.srvtime.name, address, SH_PATHBUF); + else + sl_strlcpy (sh.srvtime.alt, address, SH_PATHBUF); + + ++count_dev_time; + SL_RETURN((0), _("sh_unix_settimeserver")); + } + SL_RETURN((-1), _("sh_unix_settimeserver")); +} + + +#ifdef HAVE_NTIME +#define UNIXEPOCH 2208988800UL /* difference between Unix time and net time + * The UNIX EPOCH starts in 1970. + */ +#include +#include +#include +#include +#include +#endif + +/* Timeserver service. */ +/* define is missing on HP-UX 10.20 */ +#ifndef IPPORT_TIMESERVER +#define IPPORT_TIMESERVER 37 +#endif + +char * sh_unix_time (time_t thetime) +{ + + int status; + + time_t time_now; + struct tm * time_ptr; + static char AsciiTime[81]; /* local time */ + static char RetTime[81]; /* local time */ +#ifdef SH_USE_XML + static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */ +#else + static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */ +#endif + +#ifdef HAVE_NTIME + int fd; /* network file descriptor */ + u_char net_time[4]; /* remote time in network format */ + static int failerr = 0; /* no net time */ + int fail = 0; /* no net time */ + int errflag; + char errmsg[256]; + char error_call[SH_MINIBUF]; + int error_num; +#endif + + SL_ENTER(_("sh_unix_time")); + +#ifdef HAVE_NTIME + if (thetime == 0) + { + if (sh.srvtime.name[0] == '\0') + { + fail = 1; + (void) time (&time_now); + } + else /* have a timeserver address */ + { + fd = connect_port_2 (sh.srvtime.name, sh.srvtime.alt, + IPPORT_TIMESERVER, + error_call, &error_num, errmsg, sizeof(errmsg)); + if (fd >= 0) + { + if (4 != read_port (fd, (char *) net_time, 4, &errflag, 2)) + { + fail = 1; + sh_error_handle ((-1), FIL__, __LINE__, errflag, + MSG_E_NLOST, + _("time"), sh.srvtime.name); + } + close(fd); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, error_num, + MSG_E_NET, errmsg, error_call, + _("time"), sh.srvtime.name); + fail = 1; + } + + if (fail == 0) + { + time_now = ntohl(* (long *) net_time) - UNIXEPOCH; + /* fprintf(stderr, "TIME IS %ld\n", time_now); */ + if (failerr == 1) { + failerr = 0; + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_E_NEST, + _("time"), sh.srvtime.name); + } + } + else + { + (void) time (&time_now); + if (failerr == 0) + { + failerr = 1; + sh_error_handle ((-1), FIL__, __LINE__, errflag, + MSG_SRV_FAIL, + _("time"), sh.srvtime.name); + } + } + } + } + else + { + time_now = thetime; + } + + /* #ifdef HAVE_NTIME */ +#else + + if (thetime == 0) + { + (void) time (&time_now); + } + else + { + time_now = thetime; + } + + /* #ifdef HAVE_NTIME */ +#endif + + if (time_now == (-1) ) + SL_RETURN( _(deftime), _("sh_unix_time")); + else + time_ptr = localtime (&time_now); + + if (time_ptr != NULL) + { + status = strftime (AsciiTime, 80, +#ifdef SH_USE_XML + _("%Y-%m-%dT%H:%M:%S%%s"), +#else + _("[%Y-%m-%dT%H:%M:%S%%s]"), +#endif + time_ptr); + + sl_snprintf(RetTime, 80, AsciiTime, t_zone(&time_now)); + + if ( (status == 0) || (status == 80) ) + SL_RETURN( _(deftime), _("sh_unix_time")); + else + SL_RETURN( &RetTime[0], _("sh_unix_time")); + } + + /* last resort + */ + SL_RETURN( _(deftime), _("sh_unix_time")); +} + +static int sh_unix_use_localtime = S_FALSE; + +/* whether to use localtime for file timesatams in logs + */ +int sh_unix_uselocaltime (const char * c) +{ + int i; + SL_ENTER(_("sh_unix_uselocaltime")); + i = sh_util_flagval(c, &(sh_unix_use_localtime)); + + SL_RETURN(i, _("sh_unix_uselocaltime")); +} + +char * sh_unix_gmttime (time_t thetime) +{ + + int status; + + struct tm * time_ptr; + static char AsciiTime[81]; /* GMT time */ +#ifdef SH_USE_XML + static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */ +#else + static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */ +#endif + + SL_ENTER(_("sh_unix_gmttime")); + + if (sh_unix_use_localtime == S_FALSE) + time_ptr = gmtime (&thetime); + else + time_ptr = localtime (&thetime); + + if (time_ptr != NULL) + { + status = strftime (AsciiTime, 80, +#ifdef SH_USE_XML + _("%Y-%m-%dT%H:%M:%S"), +#else + _("[%Y-%m-%dT%H:%M:%S]"), +#endif + time_ptr); + + if ( (status == 0) || (status == 80) ) + SL_RETURN( _(deftime), _("sh_unix_gmttime")); + else + SL_RETURN( &AsciiTime[0], _("sh_unix_gmttime")); + } + + /* last resort + */ + SL_RETURN( _(deftime), _("sh_unix_gmttime")); +} + + + +char * sh_unix_getUIDdir (int level, uid_t uid) +{ + struct passwd * tempres; + int status = 0; + + SL_ENTER(_("sh_unix_getUIDdir")); + + errno = 0; + tempres = sh_getpwuid(uid); + status = errno; + + if (tempres == NULL) { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status), + _("getpwuid"), (long) uid, _("completely missing")); + SL_RETURN( NULL, _("sh_unix_getUIDdir")); + } + + if (tempres->pw_dir != NULL) { + SL_RETURN( tempres->pw_dir, _("sh_unix_getUIDdir")); + } else { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status), + _("getpwuid"), (long) uid, _("pw_dir")); + SL_RETURN( NULL, _("sh_unix_getUIDdir")); + } +} + +char * sh_unix_getUIDname (int level, uid_t uid) +{ + struct passwd * tempres; + int status = 0; + static uid_t old_uid; + static char name[32] = { '\0' }; + + SL_ENTER(_("sh_unix_getUIDname")); + + if ((uid == old_uid) && (name[0] != '\0')) { + SL_RETURN( name, _("sh_unix_getUIDname")); + } + + errno = 0; + tempres = sh_getpwuid(uid); + status = errno; + + if (tempres == NULL) { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status), + _("getpwuid"), (long) uid, _("completely missing")); + SL_RETURN( NULL, _("sh_unix_getUIDname")); + } + + + if (tempres->pw_name != NULL) { + sl_strlcpy(name, tempres->pw_name, sizeof(name)); + old_uid = uid; + SL_RETURN( name, _("sh_unix_getUIDname")); + } else { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status), + _("getpwuid"), (long) uid, _("pw_user")); + SL_RETURN( NULL, _("sh_unix_getUIDname")); + } +} + +char * sh_unix_getGIDname (int level, gid_t gid) +{ + struct group * tempres; + int status = 0; + static gid_t old_gid; + static char name[32] = { '\0' }; + + SL_ENTER(_("sh_unix_getGIDname")); + + if ((gid == old_gid) && (name[0] != '\0')) { + SL_RETURN( name, _("sh_unix_getUIDname")); + } + + errno = 0; + tempres = sh_getgrgid(gid); + status = errno; + + if (tempres == NULL) { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status), + _("getgrgid"), (long) gid, _("completely missing")); + + SL_RETURN( NULL, _("sh_unix_getGIDname")); + } + + if (tempres->gr_name != NULL) { + sl_strlcpy(name, tempres->gr_name, sizeof(name)); + old_gid = gid; + SL_RETURN( name, _("sh_unix_getGIDname")); + } else { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status), + _("getgrgid"), (long) gid, _("gr_name")); + SL_RETURN( NULL, _("sh_unix_getGIDname")); + } +} + +int sh_unix_getUser () +{ + char * p; + uid_t seuid, sruid; + + SL_ENTER(_("sh_unix_getUser")); + + seuid = geteuid(); + + sh.effective.uid = seuid; + + p = sh_unix_getUIDdir (SH_ERR_ERR, seuid); + + if (p == NULL) + SL_RETURN((-1), _("sh_unix_getUser")); + else + { + if (sl_strlen(p) >= SH_PATHBUF) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, + _("getpwuid"), (long) seuid, _("pw_home")); + SL_RETURN((-1), _("sh_unix_getUser")); + } else { + sl_strlcpy ( sh.effective.home, p, SH_PATHBUF); + } + } + + sruid = getuid(); + + sh.real.uid = sruid; + + p = sh_unix_getUIDname (SH_ERR_ERR, sruid); + if (p == NULL) + SL_RETURN((-1), _("sh_unix_getUser")); + else + { + if (sl_strlen(p) >= USER_MAX) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, + _("getpwuid"), (long) sruid, _("pw_user")); + SL_RETURN((-1), _("sh_unix_getUser")); + } else { + sl_strlcpy ( sh.real.user, p, USER_MAX); + } + } + + p = sh_unix_getUIDdir (SH_ERR_ERR, sruid); + + if (p == NULL) + SL_RETURN((-1), _("sh_unix_getUser")); + else + { + if (sl_strlen(p) >= SH_PATHBUF) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, + _("getpwuid"), (long) sruid, _("pw_home")); + SL_RETURN((-1), _("sh_unix_getUser")); + } else { + sl_strlcpy ( sh.real.home, p, SH_PATHBUF); + } + } + + SL_RETURN((0), _("sh_unix_getUser")); + + /* notreached */ +} + + +int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline) +{ + register int count; + register int n = 0; + char c; + + SL_ENTER(_("sh_unix_getline")); + + if (sizeofline < 2) { + line[0] = '\0'; + SL_RETURN((0), _("sh_unix_getline")); + } + + --sizeofline; + + while (n < sizeofline) { + + count = sl_read (fd, &c, 1); + + /* end of file + */ + if (count < 1) { + line[n] = '\0'; + n = -1; + break; + } + + if (/* c != '\0' && */ c != '\n') { + line[n] = c; + ++n; + } else if (c == '\n') { + if (n > 0) { + line[n] = '\0'; + break; + } else { + line[n] = '\n'; /* get newline only if only char on line */ + ++n; + line[n] = '\0'; + break; + } + } else { + line[n] = '\0'; + break; + } + + } + + + line[sizeofline] = '\0'; /* make sure line is terminated */ + SL_RETURN((n), _("sh_unix_getline")); +} + + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +/************************************************************** + * + * --- FILE INFO --- + * + **************************************************************/ + +#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS) + +#if defined(__linux__) + +/* --- Determine ext2fs file attributes. --- + */ +#include +#if defined(HAVE_EXT2FS_EXT2_FS_H) +#include +#else +#include +#endif + +/* __linux__ includes */ +#endif + +static +int sh_unix_getinfo_attr (char * name, + unsigned long * flags, + char * c_attr, + int fd, struct stat * buf) +{ + +/* TAKEN FROM: + * + * lsattr.c - List file attributes on an ext2 file system + * + * Copyright (C) 1993, 1994 Remy Card + * Laboratoire MASI, Institut Blaise Pascal + * Universite Pierre et Marie Curie (Paris VI) + * + * This file can be redistributed under the terms of the GNU General + * Public License + */ + +#ifdef HAVE_STAT_FLAGS + + SL_ENTER(_("sh_unix_getinfo_attr")); + + *flags = 0; + + /* cast to void to avoid compiler warning about unused parameters */ + (void) fd; + (void) name; + +#ifdef UF_NODUMP + if (buf->st_flags & UF_NODUMP) { + *flags |= UF_NODUMP; + c_attr[0] = 'd'; + } +#endif +#ifdef UF_IMMUTABLE + if (buf->st_flags & UF_IMMUTABLE) { + *flags |= UF_IMMUTABLE; + c_attr[1] = 'i'; + } +#endif +#ifdef UF_APPEND + if (buf->st_flags & UF_APPEND) { + *flags |= UF_APPEND; + c_attr[2] = 'a'; + } +#endif +#ifdef UF_NOUNLINK + if (buf->st_flags & UF_NOUNLINK) { + *flags |= UF_NOUNLINK; + c_attr[3] = 'u'; + } +#endif +#ifdef UF_OPAQUE + if (buf->st_flags & UF_OPAQUE) { + *flags |= UF_OPAQUE; + c_attr[4] = 'o'; + } +#endif +#ifdef SF_ARCHIVED + if (buf->st_flags & SF_ARCHIVED) { + *flags |= SF_ARCHIVED; + c_attr[5] = 'R'; + } + +#endif +#ifdef SF_IMMUTABLE + if (buf->st_flags & SF_IMMUTABLE) { + *flags |= SF_IMMUTABLE; + c_attr[6] = 'I'; + } +#endif +#ifdef SF_APPEND + if (buf->st_flags & SF_APPEND) { + *flags |= SF_APPEND; + c_attr[7] = 'A'; + } +#endif +#ifdef SF_NOUNLINK + if (buf->st_flags & SF_NOUNLINK) { + *flags |= SF_NOUNLINK; + c_attr[8] = 'U'; + } +#endif + + /* ! HAVE_STAT_FLAGS */ +#else + +#ifdef HAVE_EXT2_IOCTLS + int /* fd, */ r, f; + + SL_ENTER(_("sh_unix_getinfo_attr")); + + *flags = 0; + (void) buf; + + /* open() -> aud_open() R.Wichmann + fd = aud_open (FIL__, __LINE__, SL_YESPRIV, name, O_RDONLY|O_NONBLOCK, 0); + */ + + if (fd == -1 || name == NULL) + SL_RETURN(-1, _("sh_unix_getinfo_attr")); + + + r = ioctl (fd, EXT2_IOC_GETFLAGS, &f); + /* close (fd); */ + + if (r == -1) + SL_RETURN(-1, _("sh_unix_getinfo_attr")); + + if (f == 0) + SL_RETURN(0, _("sh_unix_getinfo_attr")); + + *flags = f; + +/* ! HAVE_EXT2_IOCTLS */ +#else + + SL_ENTER(_("sh_unix_getinfo_attr")); + + *flags = 0; /* modified by R.Wichmann */ + +/* ! HAVE_EXT2_IOCTLS */ +#endif +/* + * END + * + * lsattr.c - List file attributes on an ext2 file system + */ + + if (*flags == 0) + goto theend; + +#ifdef EXT2_SECRM_FL + if ( (*flags & EXT2_SECRM_FL) != 0 ) c_attr[0] = 's'; +#endif +#ifdef EXT2_UNRM_FL + if ( (*flags & EXT2_UNRM_FL) != 0 ) c_attr[1] = 'u'; +#endif +#ifdef EXT2_SYNC_FL + if ( (*flags & EXT2_SYNC_FL) != 0 ) c_attr[2] = 'S'; +#endif +#ifdef EXT2_IMMUTABLE_FL + if ( (*flags & EXT2_IMMUTABLE_FL) != 0) c_attr[3] = 'i'; +#endif +#ifdef EXT2_APPEND_FL + if ( (*flags & EXT2_APPEND_FL) != 0 ) c_attr[4] = 'a'; +#endif +#ifdef EXT2_NODUMP_FL + if ( (*flags & EXT2_NODUMP_FL) != 0 ) c_attr[5] = 'd'; +#endif +#ifdef EXT2_NOATIME_FL + if ( (*flags & EXT2_NOATIME_FL) != 0) c_attr[6] = 'A'; +#endif +#ifdef EXT2_COMPR_FL + if ( (*flags & EXT2_COMPR_FL) != 0 ) c_attr[7] = 'c'; +#endif + +#ifdef EXT2_TOPDIR_FL + if ( (*flags & EXT2_TOPDIR_FL) != 0 ) c_attr[8] = 'T'; +#endif +#ifdef EXT2_DIRSYNC_FL + if ( (*flags & EXT2_DIRSYNC_FL) != 0 ) c_attr[9] = 'D'; +#endif +#ifdef EXT2_NOTAIL_FL + if ( (*flags & EXT2_NOTAIL_FL) != 0 ) c_attr[10] = 't'; +#endif +#ifdef EXT2_JOURNAL_DATA_FL + if ( (*flags & EXT2_JOURNAL_DATA_FL) != 0) c_attr[11] = 'j'; +#endif + + theend: + /* ext2 */ +#endif + + c_attr[12] = '\0'; + + SL_RETURN(0, _("sh_unix_getinfo_attr")); +} +#else +static +int sh_unix_getinfo_attr (char * name, + unsigned long * flags, + char * c_attr, + int fd, struct stat * buf) +{ + return 0; +} + +/* defined(__linux__) || defined(HAVE_STAT_FLAGS) */ +#endif + +/* determine file type + */ +static +int sh_unix_getinfo_type (struct stat * buf, + ShFileType * type, + char * c_mode) +{ + SL_ENTER(_("sh_unix_getinfo_type")); + + if ( S_ISREG(buf->st_mode) ) { + (*type) = SH_FILE_REGULAR; + c_mode[0] = '-'; + } + else if ( S_ISLNK(buf->st_mode) ) { + (*type) = SH_FILE_SYMLINK; + c_mode[0] = 'l'; + } + else if ( S_ISDIR(buf->st_mode) ) { + (*type) = SH_FILE_DIRECTORY; + c_mode[0] = 'd'; + } + else if ( S_ISCHR(buf->st_mode) ) { + (*type) = SH_FILE_CDEV; + c_mode[0] = 'c'; + } + else if ( S_ISBLK(buf->st_mode) ) { + (*type) = SH_FILE_BDEV; + c_mode[0] = 'b'; + } + else if ( S_ISFIFO(buf->st_mode) ) { + (*type) = SH_FILE_FIFO; + c_mode[0] = '|'; + } + else if ( S_ISSOCK(buf->st_mode) ) { + (*type) = SH_FILE_SOCKET; + c_mode[0] = 's'; + } + else if ( S_ISDOOR(buf->st_mode) ) { + (*type) = SH_FILE_DOOR; + c_mode[0] = 'D'; + } + else if ( S_ISPORT(buf->st_mode) ) { + (*type) = SH_FILE_PORT; + c_mode[0] = 'P'; + } + else { + (*type) = SH_FILE_UNKNOWN; + c_mode[0] = '?'; + } + + SL_RETURN(0, _("sh_unix_getinfo_type")); +} + +int sh_unix_get_ftype(char * fullpath) +{ + char c_mode[16]; + struct stat buf; + ShFileType type; + int res; + + SL_ENTER(_("sh_unix_get_ftype")); + + res = retry_lstat(FIL__, __LINE__, fullpath, &buf); + + if (res < 0) + SL_RETURN(SH_FILE_UNKNOWN, _("sh_unix_getinfo_type")); + + sh_unix_getinfo_type (&buf, &type, c_mode); + + SL_RETURN(type, _("sh_unix_get_ftype")); +} + + +static +int sh_unix_getinfo_mode (struct stat *buf, + unsigned int * mode, + char * c_mode) +{ + + SL_ENTER(_("sh_unix_getinfo_mode")); + + (*mode) = buf->st_mode; + + /* make 'ls'-like string */ + + if ( (buf->st_mode & S_IRUSR) != 0 ) c_mode[1] = 'r'; + if ( (buf->st_mode & S_IWUSR) != 0 ) c_mode[2] = 'w'; + if ( (buf->st_mode & S_IXUSR) != 0 ) { + if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 's'; + else c_mode[3] = 'x'; + } else { + if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 'S'; + } + + if ( (buf->st_mode & S_IRGRP) != 0 ) c_mode[4] = 'r'; + if ( (buf->st_mode & S_IWGRP) != 0 ) c_mode[5] = 'w'; + if ( (buf->st_mode & S_IXGRP) != 0 ) { + if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 's'; + else c_mode[6] = 'x'; + } else { + if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 'S'; + } + + if ( (buf->st_mode & S_IROTH) != 0 ) c_mode[7] = 'r'; + if ( (buf->st_mode & S_IWOTH) != 0 ) c_mode[8] = 'w'; +#ifdef S_ISVTX /* not POSIX */ + if ( (buf->st_mode & S_IXOTH) != 0 ) { + if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 't'; + else c_mode[9] = 'x'; + } else { + if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 'T'; + } +#else + if ( (buf->st_mode & S_IXOTH) != 0 ) c_mode[9] = 'x'; +#endif + + SL_RETURN(0, _("sh_unix_getinfo_mode")); +} + + +long IO_Limit = 0; + +void sh_unix_io_pause () +{ + long runtime; + float someval; + unsigned long sometime; + + if (IO_Limit == 0) + { + return; + } + else + { + runtime = (long) (time(NULL) - sh.statistics.time_start); + + if (runtime > 0 && (long)(sh.statistics.bytes_hashed/runtime) > IO_Limit) + { + someval = sh.statistics.bytes_hashed - (IO_Limit * runtime); + someval /= (float) IO_Limit; + if (someval < 1.0) + { + someval *= 1000; /* milliseconds in a second */ + sometime = (unsigned long) someval; + /* fprintf(stderr, "FIXME PAUSE %ld\n", sometime); */ + retry_msleep(0, sometime); + } + else + { + sometime = (unsigned long) someval; + /* fprintf(stderr, "FIXME PAUSE %ld sec\n", sometime); */ + retry_msleep (sometime, 0); + } + } + } + return; +} + +int sh_unix_set_io_limit (const char * c) +{ + long val; + + SL_ENTER(_("sh_unix_set_io_limit")); + + val = strtol (c, (char **)NULL, 10); + if (val < 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("set I/O limit"), c); + + val = (val < 0 ? 0 : val); + + IO_Limit = val * 1024; + SL_RETURN( 0, _("sh_unix_set_io_limit")); +} + +/* obtain file info + */ +extern int flag_err_debug; + +#include "sh_ignore.h" + +int sh_unix_checksum_size (char * filename, struct stat * fbuf, + char * fileHash, int alert_timeout) +{ + file_type tmpFile; + int status; + + SL_ENTER(_("sh_unix_checksum_size")); + + if (sh.flag.checkSum != SH_CHECK_INIT) + { + /* lookup file in database */ + status = sh_hash_get_it (filename, &tmpFile); + if (status != 0) { + goto out; + } + } + else + { + tmpFile.size = fbuf->st_size; + } + + /* if last < current get checksum */ + if (tmpFile.size < fbuf->st_size) + { + sl_strlcpy(fileHash, + sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, + alert_timeout), + KEY_LEN+1); + + /* return */ + SL_RETURN( 0, _("sh_unix_checksum_size")); + } + + out: + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); + SL_RETURN( -1, _("sh_unix_checksum_size")); +} + +int sh_unix_getinfo (int level, char * filename, file_type * theFile, + char * fileHash, int policy) +{ + char timestr[81]; + long runtim; + struct stat buf; + struct stat lbuf; + struct stat fbuf; + int stat_return; + + ShFileType type; + unsigned int mode; + char * name; + char * tmp; + char * tmp2; + + char * linknamebuf; + int linksize; + + extern int get_the_fd (SL_TICKET ticket); + + SL_TICKET rval_open; + int fd; + int fstat_return; + + time_t tend; + time_t tstart; + + + char * path = NULL; + + int alert_timeout = 120; + + path = theFile->fullpath; + + SL_ENTER(_("sh_unix_getinfo")); + + /* --- Stat the file, and get checksum. --- + */ + tstart = time(NULL); + + stat_return = retry_lstat (FIL__, __LINE__, + path /* theFile->fullpath */, &buf); + + fd = -1; + fstat_return = -1; + rval_open = -1; + + if (stat_return == 0 && S_ISREG(buf.st_mode)) + { + rval_open = sl_open_fastread (path /* theFile->fullpath */, SL_YESPRIV); + + alert_timeout = 120; /* this is per 8K block now ! */ + + if (path[1] == 'p' && path[5] == '/' && path[2] == 'r' && + path[3] == 'o' && path[4] == 'c' && path[0] == '/') + { + /* seven is magic */ + alert_timeout = 7; + } + + fd = get_the_fd(rval_open); + } + + tend = time(NULL); + + /* An unprivileged user may slow lstat/open to a crawl + * with clever path/symlink setup + */ + if ((tend - tstart) > (time_t) /* 60 */ 6) + { + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_TOOLATE, + (long)(tend - tstart), tmp2); + SH_FREE(tmp2); + } + + if (fd >= 0) + fstat_return = retry_fstat (FIL__, __LINE__, fd, &fbuf); + else + fd = -1; + + + /* --- case 1: lstat failed --- + */ + if (stat_return != 0) + { + stat_return = errno; + if (!SL_ISERROR(rval_open)) + sl_close(rval_open); + if (sh.flag.checkSum == SH_CHECK_INIT || + (sh_hash_have_it (theFile->fullpath) >= 0 && + theFile->reported == S_FALSE)) + { + if (S_FALSE == sh_ignore_chk_del(theFile->fullpath)) { + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle (level, FIL__, __LINE__, stat_return, MSG_FI_LSTAT, + sh_error_message (stat_return), tmp2); + SH_FREE(tmp2); + } + } + SL_RETURN((-1),_("sh_unix_getinfo")); + } + + /* --- case 2: not a regular file --- + */ + else if (! S_ISREG(buf.st_mode)) + { + if (fileHash != NULL) + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); + } + + /* --- case 3a: a regular file, fstat ok --- + */ + else if (fstat_return == 0 && + buf.st_mode == fbuf.st_mode && + buf.st_ino == fbuf.st_ino && + buf.st_uid == fbuf.st_uid && + buf.st_gid == fbuf.st_gid && + buf.st_dev == fbuf.st_dev ) + { + if (fileHash != NULL) + { + if ((theFile->check_mask & MODI_CHK) == 0) + { + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); + } + else if ((theFile->check_mask & MODI_PREL) != 0 && + S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, + alert_timeout)) + { + if (0 != sh_prelink_run (theFile->fullpath, + fileHash, alert_timeout)) + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); + } + else + { + tiger_fd = rval_open; + sl_strlcpy(fileHash, + sh_tiger_generic_hash (theFile->fullpath, + TIGER_FD, 0, + alert_timeout), + KEY_LEN+1); + if ((theFile->check_mask & MODI_SGROW) != 0) + { + sl_rewind(rval_open); + tiger_fd = rval_open; + sh_unix_checksum_size (theFile->fullpath, &fbuf, + &fileHash[KEY_LEN + 1], + alert_timeout); + } + } + } + } + + /* --- case 3b: a regular file, fstat ok, but different --- + */ + else if (fstat_return == 0 && S_ISREG(fbuf.st_mode)) + { + memcpy (&buf, &fbuf, sizeof( struct stat )); + + if (fileHash != NULL) + { + if ((theFile->check_mask & MODI_CHK) == 0) + { + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); + } + else if (policy == SH_LEVEL_PRELINK && + S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, + alert_timeout)) + { + if (0 != sh_prelink_run (theFile->fullpath, + fileHash, alert_timeout)) + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); + } + else + { + tiger_fd = rval_open; + sl_strlcpy(fileHash, + sh_tiger_generic_hash (theFile->fullpath, TIGER_FD, 0, + alert_timeout), + KEY_LEN + 1); + if ((theFile->check_mask & MODI_SGROW) != 0) + { + sl_rewind(rval_open); + tiger_fd = rval_open; + sh_unix_checksum_size (theFile->fullpath, &fbuf, + &fileHash[KEY_LEN + 1], + alert_timeout); + } + } + } + } + + /* --- case 4: a regular file, fstat failed --- + */ + + else /* fstat_return != 0 or !S_ISREG(fbuf->st_mode) */ + { + fstat_return = errno; + if (fileHash != NULL) + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN + 1); + + if ((theFile->check_mask & MODI_CHK) != 0) + { + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle (level, FIL__, __LINE__, fstat_return, MSG_E_READ, + tmp2); + SH_FREE(tmp2); + } + } + + + /* --- Determine file type. --- + */ + memset (theFile->c_mode, '-', 10); + theFile->c_mode[10] = '\0'; + + memset (theFile->link_c_mode, '-', 10); + theFile->link_c_mode[10] = '\0'; + + sh_unix_getinfo_type (&buf, &type, theFile->c_mode); + theFile->type = type; + +#if defined(__linux__) || defined(HAVE_STAT_FLAGS) + + /* --- Determine file attributes. --- + */ + memset (theFile->c_attributes, '-', 12); + theFile->c_attributes[12] = '\0'; + theFile->attributes = 0; + + if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' && + theFile->c_mode[0] != 'l' ) + sh_unix_getinfo_attr(theFile->fullpath, + &theFile->attributes, theFile->c_attributes, + fd, &buf); +#endif + + if (!SL_ISERROR(rval_open)) + sl_close(rval_open); + + + /* --- I/O limit. --- + */ + if (IO_Limit > 0) + { + runtim = (long) (time(NULL) - sh.statistics.time_start); + + if (runtim > 0 && (long)(sh.statistics.bytes_hashed/runtim) > IO_Limit) + retry_msleep(1, 0); + } + + /* --- Determine permissions. --- + */ + sh_unix_getinfo_mode (&buf, &mode, theFile->c_mode); + + /* --- Trivia. --- + */ + theFile->dev = buf.st_dev; + theFile->ino = buf.st_ino; + theFile->mode = buf.st_mode; + theFile->hardlinks = buf.st_nlink; + theFile->owner = buf.st_uid; + theFile->group = buf.st_gid; + theFile->rdev = buf.st_rdev; + theFile->size = buf.st_size; + theFile->blksize = (unsigned long) buf.st_blksize; + theFile->blocks = (unsigned long) buf.st_blocks; + theFile->atime = buf.st_atime; + theFile->mtime = buf.st_mtime; + theFile->ctime = buf.st_ctime; + + + /* --- Owner and group. --- + */ + + if ( (name = sh_unix_getGIDname(SH_ERR_ALL, + buf.st_gid)) != NULL) { + sl_strlcpy (theFile->c_group, name, GROUP_MAX+1); + } else { + + tmp2 = sh_util_safe_name (theFile->fullpath); + + if (policy == SH_LEVEL_ALLIGNORE) + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT, + MSG_FI_NOGRP, + (long) buf.st_gid, tmp2); + } + else + { + sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT, + MSG_FI_NOGRP, + (long) buf.st_gid, tmp2); + } + SH_FREE(tmp2); + sl_snprintf(theFile->c_group, GROUP_MAX+1, "%d", (long) buf.st_gid); + } + + + if ( (name = sh_unix_getUIDname(SH_ERR_ALL, + buf.st_uid)) != NULL) { + sl_strlcpy (theFile->c_owner, name, USER_MAX+1); + } else { + + tmp2 = sh_util_safe_name (theFile->fullpath); + + if (policy == SH_LEVEL_ALLIGNORE) + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT, + MSG_FI_NOUSR, + (long) buf.st_uid, tmp2); + } + else + { + sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT, + MSG_FI_NOUSR, + (long) buf.st_uid, tmp2); + } + SH_FREE(tmp2); + sl_snprintf(theFile->c_owner, USER_MAX+1, "%d", (long) buf.st_uid); + } + + /* --- Output the file. --- + */ + if (flag_err_debug == SL_TRUE) + { + tmp2 = sh_util_safe_name ((filename == NULL) ? + theFile->fullpath : filename); + sl_strlcpy(timestr, sh_unix_time(theFile->mtime), 81); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LIST, + theFile->c_mode, + theFile->hardlinks, + theFile->c_owner, + theFile->c_group, + (unsigned long) theFile->size, + timestr, + tmp2); + SH_FREE(tmp2); + } + + /* --- Check for links. --- + */ + if (theFile->c_mode[0] == 'l') + { + + linknamebuf = SH_ALLOC(PATH_MAX); + + /* flawfinder: ignore */ + linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); + + if (linksize < (PATH_MAX-1) && linksize >= 0) + linknamebuf[linksize] = '\0'; + else + linknamebuf[PATH_MAX-1] = '\0'; + + if (linksize < 0) + { + linksize = errno; + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle (level, FIL__, __LINE__, linksize, MSG_FI_RDLNK, + sh_error_message (linksize), tmp2); + SH_FREE(tmp2); + SH_FREE(linknamebuf); + theFile->linkpath[0] = '-'; + theFile->linkpath[1] = '\0'; + SL_RETURN((-1),_("sh_unix_getinfo")); + } + + if (linknamebuf[0] == '/') + { + sl_strlcpy (theFile->linkpath, linknamebuf, PATH_MAX); + } + else + { + tmp = sh_util_dirname(theFile->fullpath); + sl_strlcpy (theFile->linkpath, + tmp, + PATH_MAX); + SH_FREE(tmp); + sl_strlcat (theFile->linkpath, + "/", PATH_MAX); + sl_strlcat (theFile->linkpath, + linknamebuf, + PATH_MAX); + } + + /* stat the link + */ + stat_return = retry_lstat (FIL__, __LINE__, theFile->linkpath, &lbuf); + + /* check for error + */ + if (stat_return != 0) + { + stat_return = errno; + tmp = sh_util_safe_name (theFile->fullpath); + tmp2 = sh_util_safe_name (theFile->linkpath); + if (stat_return != ENOENT) + { + sh_error_handle (level, FIL__, __LINE__, stat_return, + MSG_FI_LSTAT, + sh_error_message (stat_return), tmp2); + } + else + { + /* a dangling link -- everybody seems to have plenty of them + */ + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_DLNK, + tmp, tmp2); + } + theFile->linkisok = BAD; + SH_FREE(tmp); + SH_FREE(tmp2); + SH_FREE(linknamebuf); + /* + * changed Tue Feb 10 16:16:13 CET 2004: + * add dangling symlinks into database + * SL_RETURN((-1),_("sh_unix_getinfo")); + */ + theFile->linkmode = 0; + SL_RETURN((0),_("sh_unix_getinfo")); + } + + theFile->linkisok = GOOD; + + + /* --- Determine file type. --- + */ + sh_unix_getinfo_type (&lbuf, &type, theFile->link_c_mode); + theFile->type = type; + + /* --- Determine permissions. --- + */ + sh_unix_getinfo_mode (&lbuf, &mode, theFile->link_c_mode); + theFile->linkmode = lbuf.st_mode; + + /* --- Output the link. --- + */ + if (theFile->linkisok == GOOD) + { + tmp2 = sh_util_safe_name (linknamebuf); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LLNK, + theFile->link_c_mode, tmp2); + SH_FREE(tmp2); + } + SH_FREE(linknamebuf); + } + SL_RETURN((0),_("sh_unix_getinfo")); +} + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +int sh_unix_unlock (char * lockfile, char * flag); +int sh_unix_lock (char * lockfile, char * flag); + +/* check whether file is locked + */ +int sh_unix_test_and_lock (char * filename, char * lockfile) +{ + static struct stat buf; + int status = 0; + + + SL_TICKET fd; + char line_in[128]; + + SL_ENTER(_("sh_unix_test_and_lock")); + + if (filename != NULL) + { + status = retry_lstat (FIL__, __LINE__, filename, &buf); + + /* no logfile to lock + */ + if (status < 0) + SL_RETURN((-1),_("sh_unix_test_and_lock")); + } + + status = retry_lstat (FIL__, __LINE__, lockfile, &buf); + + /* --- No lock file found, try to lock. --- + */ + + if (status < 0 && errno == ENOENT) + { + if (0 == sh_unix_lock (lockfile, filename)) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + } + else if (status == 0 && buf.st_size == 0) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + sh_unix_unlock (lockfile, filename); + if (filename != NULL) + sh.flag.islocked = BAD; + if (0 == sh_unix_lock (lockfile, filename)) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), + _("sh_unix_test_and_lock")); + SL_RETURN((-1),_("sh_unix_test_and_lock")); + } + } + + /* --- Check on lock. --- + */ + + if (status >= 0) + { + fd = sl_open_read (lockfile, SL_YESPRIV); + if (SL_ISERROR(fd)) + sh_error_handle ((-1), FIL__, __LINE__, fd, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot open PID file for read") : _("Cannot open lock file for read"), + _("sh_unix_test_and_lock")); + } + else + fd = -1; + + if (!SL_ISERROR(fd)) + { + /* read the PID in the lock file + */ + status = sh_unix_getline (fd, line_in, sizeof(line_in)); + + /* convert to numeric + */ + if (status > 0) + { + errno = 0; + status = strtol(line_in, (char **)NULL, 10); + if (errno == ERANGE || status <= 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Bad PID in PID file") : _("Bad PID in lock file"), + _("sh_unix_test_and_lock")); + + status = -1; + } + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot read PID file") : _("Cannot read lock file"), + _("sh_unix_test_and_lock")); + } + sl_close(fd); + + if (status == (int) getpid()) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + + + /* --- Check whether the process exists. --- + */ + if (status > 0) + { + errno = 0; + status = aud_kill (FIL__, __LINE__, status, 0); + + /* Does not exist, so remove the stale lock + * and create a new one. + */ + if (status < 0 && errno == ESRCH) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + if (0 != sh_unix_unlock(lockfile, filename) && (filename !=NULL)) + sh.flag.islocked = BAD; + else + { + if (0 == sh_unix_lock (lockfile, filename)) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), + _("sh_unix_test_and_lock")); + } + if (filename != NULL) + sh.flag.islocked = BAD; + } + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot remove stale PID file, PID may be a running process") : _("Cannot remove stale lock file, PID may be a running process"), + _("sh_unix_test_and_lock")); + if (filename != NULL) + sh.flag.islocked = BAD; + } + } + } + SL_RETURN((-1),_("sh_unix_testlock")); +} + +/* write the PID file + */ +int sh_unix_write_pid_file() +{ + return sh_unix_test_and_lock(NULL, sh.srvlog.alt); +} + +/* write lock for filename + */ +int sh_unix_write_lock_file(char * filename) +{ + size_t len; + int res; + char * lockfile; + + if (filename == NULL) + return (-1); + + len = sl_strlen(filename); + if (sl_ok_adds(len, 6)) + len += 6; + lockfile = SH_ALLOC(len); + sl_strlcpy(lockfile, filename, len); + sl_strlcat(lockfile, _(".lock"), len); + res = sh_unix_test_and_lock(filename, lockfile); + SH_FREE(lockfile); + return res; +} + +int sh_unix_unlock(char * lockfile, char * flag) +{ + int error = 0; + + SL_ENTER(_("sh_unix_unlock")); + + /* --- Logfile is not locked to us. --- + */ + if (sh.flag.islocked == BAD && flag != NULL) + SL_RETURN((-1),_("sh_unix_unlock")); + + /* --- Check whether the directory is secure. --- + */ + if (0 != tf_trust_check (lockfile, SL_YESPRIV)) + SL_RETURN((-1),_("sh_unix_unlock")); + + /* --- Delete the lock file. --- + */ + error = retry_aud_unlink (FIL__, __LINE__, lockfile); + + if (error == 0) + { + if (flag != NULL) + sh.flag.islocked = BAD; /* not locked anymore */ + } + else if (flag != NULL) + { + error = errno; + sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_UNLNK, + sh_error_message(error), lockfile); + SL_RETURN((-1),_("sh_unix_unlock")); + } + SL_RETURN((0),_("sh_unix_unlock")); +} + +/* rm lock for filename + */ +int sh_unix_rm_lock_file(char * filename) +{ + size_t len; + int res; + char * lockfile; + + if (filename == NULL) + return (-1); + + len = sl_strlen(filename); + if (sl_ok_adds(len, 6)) + len += 6; + lockfile = SH_ALLOC(len); + sl_strlcpy(lockfile, filename, len); + sl_strlcat(lockfile, _(".lock"), len); + + res = sh_unix_unlock(lockfile, filename); + SH_FREE(lockfile); + return res; +} + +/* rm lock for filename + */ +int sh_unix_rm_pid_file() +{ + return sh_unix_unlock(sh.srvlog.alt, NULL); +} + +int sh_unix_lock (char * lockfile, char * flag) +{ + struct stat buf; + int status; + int filed; + int errnum; + char myPid[64]; + SL_TICKET fd; + extern int get_the_fd (SL_TICKET ticket); + + + status = retry_lstat (FIL__, __LINE__, lockfile, &buf); + + SL_ENTER(_("sh_unix_lock")); + + if (0 == status) + { + if (flag != NULL) + sh.flag.islocked = BAD; + SL_RETURN((-1),_("sh_unix_lock")); + } + + sprintf (myPid, "%ld\n", (long) getpid()); /* known to fit */ + + fd = sl_open_write (lockfile, SL_YESPRIV); + + if (!SL_ISERROR(fd)) + { + errnum = sl_write (fd, myPid, sl_strlen(myPid)); + filed = get_the_fd(fd); + fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + sl_close (fd); + + if (!SL_ISERROR(errnum)) + { + if (flag != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_lock")); + } + } + + TPT((0, FIL__, __LINE__, _("msg=\n"))); + if (flag != NULL) + sh.flag.islocked = BAD; + SL_RETURN((-1),_("sh_unix_lock")); + + /* notreached */ +} + +/* Test whether file exists + */ +int sh_unix_file_stat(char * path) +{ + struct stat buf; + + SL_ENTER(_("sh_unix_file_stat")); + + if (-1 == retry_stat(FIL__, __LINE__, path, &buf)) + SL_RETURN( (0), _("sh_unix_file_stat")); + else + SL_RETURN( (-1), _("sh_unix_file_stat")); +} + + +/* Test whether file exists, is a character device, allows read + * access, and is not world writeable. + */ +int sh_unix_file_exists(int fd) +{ + struct stat buf; + + SL_ENTER(_("sh_unix_file_exists")); + + if (retry_fstat(FIL__, __LINE__, fd, &buf) == -1) + SL_RETURN( (-1), _("sh_unix_file_exists")); + else if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) + /* + * #if !defined(__CYGWIN32__) && !defined(__CYGWIN__) + * && 0 == (S_IWOTH & buf.st_mode) + * #endif + */ + ) + SL_RETURN( (0), _("sh_unix_file_exists")); + else + SL_RETURN( (-1), _("sh_unix_file_exists")); +} + +static char preq[16]; + +/* return true if database is remote + */ +int file_is_remote () +{ + static int init = 0; + struct stat buf; + + SL_ENTER(_("file_is_remote")); + + if (init == 0) + { + sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16); + ++init; + } + if (0 == sl_strncmp (sh.data.path, preq, 15)) + { + if (sh.data.path[15] != '\0') /* should be start of path */ + { + if (0 == stat(&(sh.data.path[15]), &buf)) + { + SL_RETURN( S_FALSE, _("file_is_remote")); + } + } + SL_RETURN( S_TRUE, _("file_is_remote")); + } + SL_RETURN( S_FALSE, _("file_is_remote")); +} + +/* Return the path to the configuration/database file. + */ +char * file_path(char what, char flag) +{ + static int init = 0; + + SL_ENTER(_("file_path")); + + if (init == 0) + { + sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16); + ++init; + } + + switch (what) + { + + case 'C': + if (0 == sl_strncmp (sh.conf.path, preq, 15)) + { +#if defined(SH_WITH_SERVER) + if (sh.flag.isserver == S_TRUE && sl_strlen(sh.conf.path) == 15) + SL_RETURN( NULL, _("file_path")); + if (sh.flag.isserver == S_TRUE) + SL_RETURN( &(sh.conf.path[15]), _("file_path")); +#endif + if (flag == 'R') + SL_RETURN( preq, _("file_path")); + if (flag == 'I') + { + if (sl_strlen(sh.conf.path) == 15) + SL_RETURN( NULL, _("file_path")); + else + SL_RETURN( &(sh.conf.path[15]), _("file_path")); + } + SL_RETURN ( preq, _("file_path")); + } + else + SL_RETURN( sh.conf.path, _("file_path")); + /* break; *//* unreachable */ + + case 'D': + if (0 == sl_strncmp (sh.data.path, preq, 15)) + { + if (flag == 'R') + SL_RETURN( preq, _("file_path")); + if (flag == 'W' && sl_strlen(sh.data.path) == 15) + SL_RETURN (NULL, _("file_path")); + if (flag == 'W') + SL_RETURN( &(sh.data.path[15]), _("file_path")); + } + else + SL_RETURN( sh.data.path, _("file_path")); + break; + + default: + SL_RETURN( NULL, _("file_path")); + } + + return NULL; /* notreached */ +} +/************************************************/ +/**** Mlock Utilities ****/ +/************************************************/ + +#include + +int sh_unix_pagesize() +{ + int pagesize = 4096; +#if defined(_SC_PAGESIZE) + pagesize = sysconf(_SC_PAGESIZE); +#elif defined(_SC_PAGE_SIZE) + pagesize = sysconf(_SC_PAGE_SIZE); +#elif defined(HAVE_GETPAGESIZE) + pagesize = getpagesize(); +#elif defined(PAGESIZE) + pagesize = PAGESIZE; +#endif + + return ((pagesize > 0) ? pagesize : 4096); +} + +typedef struct sh_page_lt { + unsigned long page_start; + int page_refcount; + char file[64]; + int line; + struct sh_page_lt * next; +} sh_page_l; + +sh_page_l * sh_page_locked = NULL; +volatile int page_locking = 0; + +unsigned long sh_unix_lookup_page (void * in_addr, size_t len, int * num_pages) +{ + int pagesize = sh_unix_pagesize(); + unsigned long addr = (unsigned long) in_addr; + + unsigned long pagebase; + unsigned long pagediff; + unsigned long pagenum = addr / pagesize; + + SL_ENTER(_("sh_unix_lookup_page")); +#if 0 + fprintf(stderr, "mlock: --> base %ld, pagenum: %ld\n", + addr, pagenum); +#endif + + /* address of first page + */ + pagebase = pagenum * pagesize; + + /* number of pages + */ + pagediff = (addr + len) - pagebase; + pagenum = pagediff / pagesize; + if (pagenum * pagesize < pagediff) + ++pagenum; + +#if 0 + fprintf(stderr, "mlock: --> pagebase %ld, pagediff %ld, (addr + len) %ld\n", + pagebase, pagediff, (addr + len)); +#endif + + *num_pages = pagenum; + SL_RETURN((pagebase), _("sh_unix_lookup_page")); +} + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +int sh_unix_mlock (char * file, int line, void * in_addr, size_t len) +{ + int num_pages; + int status = 0; + int pagesize; + sh_page_l * page_list = sh_page_locked; + unsigned long addr; +#ifdef TEST_MLOCK + int i = 0; +#endif + + SL_ENTER(_("sh_unix_mlock")); + + if (0 != page_locking) + { + SL_RETURN((-1), _("sh_unix_mlock")); + } + page_locking = 1; + + pagesize = sh_unix_pagesize(); + addr = sh_unix_lookup_page (in_addr, len, &num_pages); + +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: addr %ld, base %ld, pages: %d, length %d\n", + (unsigned long) in_addr, addr, num_pages, len); +#endif + + /* increase refcount of locked pages + * addr is first page; num_pages is #(consecutive pages) to lock + */ + while ((page_list != NULL) && (num_pages > 0)) + { +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: check page %d: %ld [%d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + if (page_list->page_start == addr) + { + page_list->page_refcount += 1; + num_pages -= 1; + addr += pagesize; +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: found page %d: %ld [%d], next page %ld\n", + i, page_list->page_start, page_list->page_refcount, addr); +#endif + } +#ifdef TEST_MLOCK + ++i; +#endif + page_list = page_list->next; + } + + /* mlock some more pages, if needed + */ + while (num_pages > 0) + { +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: lock page %d: mlock %ld [num_pages %d]\n", + i, addr, num_pages); + ++i; +#endif + page_list = SH_ALLOC(sizeof(sh_page_l)); + page_list->page_start = addr; + page_list->page_refcount = 1; + sl_strlcpy(page_list->file, file, 64); + page_list->line = line; + status = mlock( (void *) addr, pagesize); + if (status != 0) + { +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: error: %s\n", sh_error_message(errno)); +#endif + SH_FREE(page_list); + page_locking = 0; + SL_RETURN((status), _("sh_unix_mlock")); + } + page_list->next = sh_page_locked; + sh_page_locked = page_list; + num_pages -= 1; + addr += pagesize; + } + + page_locking = 0; + SL_RETURN((status), _("sh_unix_mlock")); +} +#else +int sh_unix_mlock (char * file, int line, void * in_addr, size_t len) +{ + (void) file; (void) line; + (void) in_addr; (void) len; + return -1; +} +#endif + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +int sh_unix_munlock (void * in_addr, size_t len) +{ + int num_pages; + int unlocked = 0; + int status = 0; + int pagesize; + sh_page_l * page_list = sh_page_locked; + sh_page_l * page_last; + unsigned long addr; + + int test_count; + int test_status; + int test_pages; + +#ifdef TEST_MLOCK + int i = 0; +#endif + + SL_ENTER(_("sh_unix_munlock")); + + if (0 != page_locking) + { + SL_RETURN((-1), _("sh_unix_munlock")); + } + page_locking = 1; + + pagesize = sh_unix_pagesize(); + addr = sh_unix_lookup_page (in_addr, len, &num_pages); + +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: in_addr %ld, addr %ld, pages: %d, length %d\n", + (unsigned long) in_addr, addr, num_pages, len); +#endif + + test_pages = num_pages; + + /* reduce refcount of locked pages + * addr is first page; num_pages is #(consecutive pages) to lock + */ + while ((page_list != NULL) && (num_pages > 0)) + { +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: page %d: %ld [%d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + + test_status = 0; + for (test_count = 0; test_count < test_pages; ++test_count) + { + if (page_list->page_start == (addr + (test_count * pagesize))) + { + test_status = 1; + break; + } + } + + if (test_status == 1) + { + page_list->page_refcount -= 1; + if (page_list->page_refcount == 0) + { + status = munlock ( (void *) addr, pagesize); + ++unlocked; + } + num_pages -= 1; +#ifdef TEST_MLOCK + fprintf(stderr, + "munlock: page %d: %ld [refcount %d], refcount reduced\n", + i, page_list->page_start, page_list->page_refcount); +#endif + } +#ifdef TEST_MLOCK + ++i; +#endif + page_list = page_list->next; + } + +#ifdef TEST_MLOCK + i = 0; +#endif + + if (unlocked > 0) + { + page_list = sh_page_locked; + page_last = sh_page_locked; + + while ((page_list != NULL) && (unlocked > 0)) + { + if (page_list->page_refcount == 0) + { +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: remove page %d: %ld [refcount %d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + if (page_last != page_list) + { + page_last->next = page_list->next; + SH_FREE(page_list); + page_list = page_last->next; + } + else + { + page_last = page_list->next; + if (page_list == sh_page_locked) + sh_page_locked = page_list->next; + SH_FREE(page_list); + page_list = page_last; + } + --unlocked; + } + else + { +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: skip page %d: %ld [refcount %d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + + page_last = page_list; + page_list = page_list->next; + } +#ifdef TEST_MLOCK + ++i; +#endif + } + } + + page_locking = 0; + SL_RETURN((status), _("sh_unix_munlock")); +} +#else +int sh_unix_munlock (void * in_addr, size_t len) +{ + (void) in_addr; (void) len; + return -1; +} +#endif + +int sh_unix_count_mlock() +{ + int i = 0; + char str[128]; + sh_page_l * page_list = sh_page_locked; + + SL_ENTER(_("sh_unix_count_mlock")); + while (page_list != NULL) + { +#ifdef WITH_TPT + sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"), + page_list->file, page_list->line, i+1); + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, + str, _("sh_unix_count_mlock")); +#endif + page_list = page_list->next; + ++i; + } + sl_snprintf(str, sizeof(str), _("%d pages locked"), i); + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, + str, _("sh_unix_count_mlock")); + SL_RETURN((i), _("sh_unix_count_mlock")); +} + +/************************************************/ +/************************************************/ +/**** Stealth Utilities ****/ +/************************************************/ +/************************************************/ +#ifdef SH_STEALTH + +void sh_unix_xor_code (char * str, int len) +{ + register int i; + + for (i = 0; i < len; ++i) str[i] ^= (char) XOR_CODE; + return; +} + +#if !defined(SH_STEALTH_MICRO) + + +int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len); +unsigned long first_hex_block(SL_TICKET fd, unsigned long * max); + +/* + * --- Get hidden data from a block of hex data. --- + */ +int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) +{ + int add_off, llen; + static unsigned long off_data = 0; + static unsigned long max_data = 0; + static int stealth_init = BAD; + + SL_ENTER(_("sh_unix_getline_stealth")); + + + /* --- Initialize. --- + */ + if (stealth_init == BAD) + { + off_data = first_hex_block(fd, &max_data); + if (off_data == 0) + { + dlog(1, FIL__, __LINE__, + _("The stealth config file does not contain any steganographically\nhidden data. This file must be an image file in _uncompressed_\npostscript format.\nTo hide data in it, use:\n samhain_stealth -s postscript_file orig_config_file\n mv postscript_file /path/to/config/file\n")); + sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA, + _("Stealth config file.")); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + stealth_init = GOOD; + max_data += off_data; + } + + /* --- Seek to proper position. --- + */ + if (off_data >= max_data) + { + dlog(1, FIL__, __LINE__, + _("The capacity of the container image file for the stealth config file seems to be too small. Your config file is likely truncated.\n")); + sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA, + _("Stealth config file.")); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + sl_seek(fd, off_data); + + /* --- Read one line. --- + */ + add_off = hideout_hex_block(fd, (unsigned char *) str, len); + off_data += add_off; + + llen = sl_strlen(str); + SL_RETURN(llen, _("sh_unix_getline_stealth")); +} + +int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len) +{ + + register int i, j, k; + unsigned char c, e; + register int num; + unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + unsigned long here = 0; + unsigned long retval = 0; + + SL_ENTER(_("hideout_hex_block")); + + ASSERT_RET((len > 1), _("len > 1"), (0)); + + --len; + + i = 0; + while (i < len) + { + for (j = 0; j < 8; ++j) + { + + /* --- Get a low byte, modify, read back. --- + */ + for (k = 0; k < 2; ++k) + { + /* -- Skip whitespace. --- + */ + c = ' '; + do { + do { + num = sl_read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num == 0) + SL_RETURN((0), _("hideout_hex_block")); + ++here; + } while (c == '\n' || c == '\t' || c == '\r' || + c == ' '); + } + + + /* --- e is the value of the low byte. --- + */ + e = (unsigned char) sh_util_hexchar( c ); + if ((e & mask[7]) != 0) /* bit is set */ + str[i] |= mask[j]; + else /* bit is not set */ + str[i] &= ~mask[j]; + + } + if (str[i] == '\n') break; + ++i; + } + + if (i != 0) + str[i] = '\0'; + else + str[i+1] = '\0'; /* keep newline and terminate */ + retval += here; + + SL_RETURN(retval, _("hideout_hex_block")); +} + +/* --- Get offset of first data block. --- + */ +unsigned long first_hex_block(SL_TICKET fd, unsigned long * max) +{ + unsigned int i; + long num = 1; + unsigned long lnum; + char c; + int nothex = 0; + unsigned long retval = 0; + unsigned int this_line = 0; + char theline[SH_BUFSIZE]; + + SL_ENTER(_("first_hex_block")); + + *max = 0; + + while (1) + { + theline[0] = '\0'; + this_line = 0; + c = '\0'; + while (c != '\n' && num > 0 && this_line < (sizeof(theline)-1)) + { + do { + num = sl_read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num > 0) + theline[this_line] = c; + else + SL_RETURN((0), _("first_hex_block")); + ++this_line; + } + theline[this_line] = '\0'; + + /* not only 'newline' */ + if (this_line > 60) + { + nothex = 0; + i = 0; + while (nothex == 0 && i < (this_line-1)) + { + if (! isxdigit((int)theline[i])) nothex = 1; + ++i; + } + if (nothex == 1) retval += this_line; + } + else + { + nothex = 1; + retval += this_line; + } + + if (nothex == 0) + { + *max = 0; + do { + do { + num = sl_read (fd, theline, SH_BUFSIZE); + } while (num == 0 && errno == EINTR); + if (num > 0) + { + lnum = (unsigned long) num; + for (i = 0; i < lnum; ++i) + { + c = theline[i]; + if (c == '\n' || c == '\t' || c == '\r' || c == ' ') + ; + else if (!isxdigit((int)c)) + break; + else + *max += 1; + } + } + } while (num > 0); + + *max /= 16; + SL_RETURN((retval), _("first_hex_block")); + } + + } + /* SL_RETURN((0), _("first_hex_block")); *//* unreachable */ +} + + /* if !defined(SH_STEALTH_MICRO) */ +#endif + + /* ifdef SH_STEALTH */ +#endif + +/* + * anti-debugger code + */ +#if defined(SCREW_IT_UP) +volatile int sh_not_traced = 0; + +#ifdef HAVE_GETTIMEOFDAY +struct timeval save_tv; +#endif + +void sh_sigtrap_handler (int signum) +{ +#ifdef HAVE_GETTIMEOFDAY + struct timeval tv; + long difftv; + + gettimeofday(&tv, NULL); + difftv = (tv.tv_sec - save_tv.tv_sec) * 1000000 + + (tv.tv_usec - save_tv.tv_usec); + if (difftv > 500000) + _exit(6); +#endif + sh_not_traced += signum; + return; +} +#endif Index: branches/samhain-2_2-branch/src/sh_userfiles.c =================================================================== --- branches/samhain-2_2-branch/src/sh_userfiles.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_userfiles.c (revision 66) @@ -0,0 +1,435 @@ +/* + * File: sh_userfiles.c + * Desc: A module for Samhain; adds files in user directories to the check list + * Auth: Jerry Connolly + */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include + + +#include "samhain.h" +#include "sh_modules.h" +#include "sh_userfiles.h" +#include "sh_utils.h" +#include "sh_schedule.h" +#include "sh_error.h" +#include "sh_hash.h" +#include "sh_files.h" + +#ifdef SH_USE_USERFILES + +#define FIL__ _("sh_userfiles.c") + +/* We won't want to build this into yule */ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +static int ShUserfilesActive = S_TRUE; + +struct userfileslist { + char filename[PATH_MAX]; + int level; + + struct userfileslist *next; +}; + +struct userhomeslist { + char *pw_dir; + + struct userhomeslist *next; +}; + +struct useruidlist { + unsigned long lower; + unsigned long upper; + struct useruidlist *next; +}; + +static struct userfileslist *userFiles = NULL; +static struct userhomeslist *userHomes = NULL; +static struct useruidlist *userUids = NULL; + +static void sh_userfiles_free_fileslist(struct userfileslist *head); +static void sh_userfiles_free_homeslist(struct userhomeslist *head); +static void sh_userfiles_free_uidslist (struct useruidlist *head); + +sh_rconf sh_userfiles_table[] = { + { + N_("userfilesname"), + sh_userfiles_add_file, + }, + { + N_("userfilesactive"), + sh_userfiles_set_active, + }, + { + N_("userfilescheckuids"), + sh_userfiles_set_uid, + }, + { + NULL, + NULL + } +}; + +static int sh_userfiles_check_uid (unsigned long uid) +{ + struct useruidlist * uids = userUids; + + /* default is to include all + */ + if (userUids == NULL) + return 1; + + while (uids) + { + if ((uids->upper != 0) && (uid >= uids->lower) && (uid <= uids->upper)) + return 1; + if ((uids->upper == 0) && (uid == uids->lower)) + return 1; + uids = uids->next; + } + return 0; +} + +int sh_userfiles_set_uid (char * str) +{ + char * end; + char * p = str; + unsigned long lower; + unsigned long upper = 0; + struct useruidlist * uids; + + while ((p != NULL) && (*p != '\0')) + { + lower = strtoul(p, &end, 10); + if ( (lower == ULONG_MAX) || (end == p)) + return -1; + p = end; + if (*p == '-') + { + ++p; + if (*p == '\0') + { + upper = ULONG_MAX; + p = NULL; + } + else + { + upper = strtoul(p, &end, 10); + if ( (upper == ULONG_MAX) || (end == p)) + return -1; + p = end; + if ( (*p != ',') && (*p != '\0')) + return -1; + if (*p != '\0') + ++p; + } + } + else if (*p == '\0') + { + upper = 0; + p = NULL; + } + else if ((*p == ',') || (*p == ' ') || (*p == '\t')) + { + upper = 0; + ++p; + } + else + { + upper = strtoul(p, &end, 10); + if ( (upper == ULONG_MAX) || (end == p)) + return -1; + p = end; + if ( (*p != ',') && (*p != ' ') && (*p != '\t') && (*p != '\0') ) + return -1; + if (*p != '\0') + ++p; + } + uids = SH_ALLOC(sizeof(struct useruidlist)); + uids->lower = lower; + uids->upper = upper; + uids->next = userUids; + userUids = uids; + /* fprintf(stderr, "range %lu %lu\n", lower, upper); */ + } + return 0; +} + +/* Add 'c' to the list of files (userFiles) relative to any given HOME + * directory that should be checked. */ + +int sh_userfiles_add_file(char *c) { + struct userfileslist *new; + char *s, *orig; + char *user_filename; + + int default_level = SH_LEVEL_NOIGNORE; + char *separator = " "; + + SL_ENTER(_("sh_userfiles_add_file")); + + if( c == NULL ) + SL_RETURN(-1, _("sh_userfiles_add_file") ); + + s = sh_util_strdup(c); /* Maybe c is needed elsewhere */ + orig = s; + + user_filename = sh_util_strsep(&s, separator); + + if( user_filename == NULL || strlen(user_filename) > PATH_MAX ) + SL_RETURN(-1, _("sh_userfiles_add_file") ); + + new = SH_ALLOC(sizeof(struct userfileslist)); + + (void) sl_strlcpy(new->filename, user_filename, PATH_MAX); + new->next = userFiles; + userFiles = new; + + /* order is important here, since 'log' would match on 'glog' + * So, compare longest strings first */ + if( s == NULL ) /* The default */ new->level = default_level; + else if ( strstr(s, "attributes")!= NULL ) new->level = SH_LEVEL_ATTRIBUTES; + else if ( strstr(s, "allignore") != NULL ) new->level = SH_LEVEL_ALLIGNORE; + else if ( strstr(s, "noignore") != NULL ) new->level = SH_LEVEL_NOIGNORE; + else if ( strstr(s, "logfiles") != NULL ) new->level = SH_LEVEL_LOGFILES; + else if ( strstr(s, "readonly") != NULL ) new->level = SH_LEVEL_READONLY; + else if ( strstr(s, "loggrow") != NULL ) new->level = SH_LEVEL_LOGGROW; + else if ( strstr(s, "user0") != NULL ) new->level = SH_LEVEL_USER0; + else if ( strstr(s, "user1") != NULL ) new->level = SH_LEVEL_USER1; + else if ( strstr(s, "user2") != NULL ) new->level = SH_LEVEL_USER2; + else if ( strstr(s, "user3") != NULL ) new->level = SH_LEVEL_USER3; + else if ( strstr(s, "user4") != NULL ) new->level = SH_LEVEL_USER4; + else if ( strstr(s, "prelink") != NULL ) new->level = SH_LEVEL_PRELINK; + else /* The default */ new->level = default_level; + + SH_FREE(orig); + + SL_RETURN(0, _("sh_userfiles_add_file") ); +} + +/* Decide if we're active. 1 means yes, all else means no */ + +int sh_userfiles_set_active(char *c) { + int value; + + SL_ENTER(_("sh_userfiles_set_active")); + + value = sh_util_flagval(c, &ShUserfilesActive); + + /* + if( value == 1 ) { + ShUserfilesActive = S_TRUE; + } else { + ShUserfilesActive = S_FALSE; + } + */ + + SL_RETURN((value), _("sh_userfiles_set_active")); +} + +/* Build the list of users, then use this to construct the filenames to + * be checked. */ +int sh_userfiles_init(void) { + struct passwd *cur_user; + struct userhomeslist *end; + struct userhomeslist *new; + struct userhomeslist *homes; + + SL_ENTER(_("sh_userfiles_init")); + + /* We need to free anything allocated by the configuration functions if + * we find that the module is to be left inactive - otherwise _reconf() + * won't quite work. */ + if( ShUserfilesActive == S_FALSE ) { + sh_userfiles_free_homeslist(userHomes); + sh_userfiles_free_fileslist(userFiles); + userHomes = NULL; + userFiles = NULL; + SL_RETURN(-1, _("sh_userfiles_init")); + } + + /* We build a list in here because the samhain internals want to use + * getpwent() too */ + /*@-unrecog@*/ + setpwent(); + /*@+unrecog@*/ + while( ( cur_user = /*@-unrecog@*/getpwent()/*@+unrecog@*/ ) != NULL ) { + int found = 0; + + if (0 == sh_userfiles_check_uid( (unsigned long) cur_user->pw_uid)) + continue; + + for( end = userHomes; end != NULL; end = end->next ) { + if( sl_strcmp( end->pw_dir, cur_user->pw_dir) == 0 ) { + found = 1; /* Found a match, so flag it and stop searching */ + break; + } + } + + if( found == 0 ) { + /* Didn't find it, so add to the front of the list */ + new = SH_ALLOC(sizeof(struct userhomeslist) ); + new->next = userHomes; + new->pw_dir = sh_util_strdup(cur_user->pw_dir); + + userHomes = new; + } + } + + for (homes = userHomes; homes != NULL; homes = homes->next ) { + struct userfileslist *file_ptr; + char filepath[PATH_MAX]; + + for (file_ptr = userFiles; file_ptr != NULL; file_ptr = file_ptr->next) { + (void) sl_strncpy(filepath, homes->pw_dir, PATH_MAX); + (void) sl_strncat(filepath, "/", PATH_MAX); + (void) sl_strncat(filepath, file_ptr->filename, PATH_MAX); + + switch(file_ptr->level) { + case SH_LEVEL_READONLY: + (void) sh_files_pushfile_ro(filepath); + break; + case SH_LEVEL_LOGFILES: + (void) sh_files_pushfile_log(filepath); + break; + case SH_LEVEL_LOGGROW: + (void) sh_files_pushfile_glog(filepath); + break; + case SH_LEVEL_NOIGNORE: + (void) sh_files_pushfile_noig(filepath); + break; + case SH_LEVEL_ALLIGNORE: + (void) sh_files_pushfile_allig(filepath); + break; + case SH_LEVEL_ATTRIBUTES: + (void) sh_files_pushfile_attr(filepath); + break; + case SH_LEVEL_USER0: + (void) sh_files_pushfile_user0(filepath); + break; + case SH_LEVEL_USER1: + (void) sh_files_pushfile_user1(filepath); + break; + case SH_LEVEL_USER2: + (void) sh_files_pushfile_user2(filepath); + break; + case SH_LEVEL_USER3: + (void) sh_files_pushfile_user3(filepath); + break; + case SH_LEVEL_USER4: + (void) sh_files_pushfile_user4(filepath); + break; + case SH_LEVEL_PRELINK: + (void) sh_files_pushfile_prelink(filepath); + break; + default: /* Should not reach here */ + break; + } + } + } + + SL_RETURN(0, _("sh_userfiles_init")); +} + +/* This is pretty much NULL; we don't do anything in our checking routine, + * so we never need to run it. Just use tcurrent to avoid compiler warnings. */ +int sh_userfiles_timer(time_t tcurrent) { + SL_ENTER(_("sh_userfiles_timer")); + tcurrent = 0; + SL_RETURN((int)tcurrent, _("sh_userfiles_timer")); +} + +int sh_userfiles_check(void) { + SL_ENTER(_("sh_userfiles_check")); + SL_RETURN(0, _("sh_userfiles_check")); +} + +/* Free our lists and the associated memory */ + +int sh_userfiles_cleanup(void) { + SL_ENTER(_("sh_userfiles_cleanup")); + + sh_userfiles_free_homeslist(userHomes); + sh_userfiles_free_fileslist(userFiles); + sh_userfiles_free_uidslist (userUids); + + SL_RETURN(0, _("sh_userfiles_cleanup")); +} + +/* As with sh_userfiles_cleanup, but in preparation for re-reading the + * configuration files */ + +int sh_userfiles_reconf(void) { + SL_ENTER(_("sh_userfiles_reconf")); + + sh_userfiles_free_homeslist(userHomes); + sh_userfiles_free_fileslist(userFiles); + sh_userfiles_free_uidslist (userUids); + + userHomes = NULL; + userFiles = NULL; + + SL_RETURN(0, _("sh_userfiles_reconf")); +} + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start, making sure to free any strdupped strings + */ + +static void sh_userfiles_free_homeslist(struct userhomeslist *head) { + if( head != NULL ) { + sh_userfiles_free_homeslist(head->next); + SH_FREE(head->pw_dir); + SH_FREE(head); + } +} + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start */ + +static void sh_userfiles_free_fileslist(struct userfileslist *head) { + if( head != NULL ) { + sh_userfiles_free_fileslist(head->next); + SH_FREE(head); + } +} + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start */ + +static void sh_userfiles_free_uidslist(struct useruidlist *head) { + if( head != NULL ) { + sh_userfiles_free_uidslist(head->next); + SH_FREE(head); + } +} + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +/* #ifdef SH_USE_USERFILES */ +#endif Index: branches/samhain-2_2-branch/src/sh_utils.c =================================================================== --- branches/samhain-2_2-branch/src/sh_utils.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_utils.c (revision 66) @@ -0,0 +1,1763 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + + +#include "samhain.h" +#include "sh_error.h" +#include "sh_utils.h" +#include "sh_unix.h" +#include "sh_tiger.h" +#include "sh_entropy.h" + +#undef FIL__ +#define FIL__ _("sh_utils.c") + +UINT32 ErrFlag[2]; + +int sh_util_flagval(const char * c, int * fval) +{ + SL_ENTER(_("sh_util_flagval")); + if (c == NULL) + SL_RETURN( (-1), _("sh_util_flagval")); + if ( c[0] == '1' || c[0] == 'y' || c[0] == 'Y' || + c[0] == 't' || c[0] == 'T') + { + *fval = S_TRUE; + SL_RETURN( (0), _("sh_util_flagval")); + } + if ( c[0] == '0' || c[0] == 'n' || c[0] == 'N' || + c[0] == 'f' || c[0] == 'F') + { + *fval = S_FALSE; + SL_RETURN( (0), _("sh_util_flagval")); + } + SL_RETURN( (-1), _("sh_util_flagval")); +} + +int sh_util_timeout_check (SH_TIMEOUT * sh_timer) +{ + UINT64 now = (UINT64) time(NULL); + UINT64 dif; + + if (sh_timer->flag_ok == S_FALSE) + { + /* first time + */ + if (sh_timer->time_last == 0) + { + sh_timer->time_last = now; + return S_TRUE; + } + /* later on + */ + dif = now - sh_timer->time_last; + if (dif < sh_timer->time_dist) + { + return S_FALSE; + } + sh_timer->time_last = now; + return S_TRUE; + } + sh_timer->time_last = now; + return S_FALSE; +} + +static int sh_ask_update = S_FALSE; + +int sh_util_set_interactive(const char * str) +{ + (void) str; + + sh_ask_update = S_TRUE; + + sh_unix_setnodeamon(NULL); + + return 0; +} + +#if !defined(STDIN_FILENO) +#define STDIN_FILENO 0 +#endif +#if !defined(STDERR_FILENO) +#define STDERR_FILENO 0 +#endif + +int sh_util_ask_update(char * path) +{ + int inchar, c; + int i = S_TRUE; + char * tmp = NULL; + + SL_ENTER(_("sh_util_ask_update")); + + if (sh_ask_update != S_TRUE) + { + SL_RETURN(i, _("sh_util_ask_update")); + } + +#ifdef HAVE_TTYNAME + if (!ttyname(STDIN_FILENO)) + { + if (NULL != ttyname(STDERR_FILENO)) + { + if (NULL == freopen(ttyname(STDERR_FILENO), "r", stdin)) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_E_SUBGEN, + _("Cannot continue: stdin is not a terminal"), + _("sh_util_ask_update")); + exit(EXIT_FAILURE); + } + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_E_SUBGEN, + _("Cannot continue: stdin is not a terminal"), + _("sh_util_ask_update")); + exit(EXIT_FAILURE); + } + } +#endif + + if (sh_ask_update == S_TRUE) + { + tmp = sh_util_safe_name (path); + fprintf (stderr, _("Update %s [Y/n] ? "), tmp); + SH_FREE(tmp); + while (1 == 1) + { + c = fgetc(stdin); inchar = c; + /*@+charintliteral@*/ + while (c != '\n' && c != EOF) + c = fgetc(stdin); + /* fprintf(stderr, "CHAR (1): %c\n", inchar); */ + if (inchar == 'Y' || inchar == 'y' || inchar == '\n') + { + break; + } + else if (inchar == 'n' || inchar == 'N') + { + i = S_FALSE; + break; + } + else + { + fprintf(stderr, _("Please answer y(es) or n(o)\n")); + } + /*@-charintliteral@*/ + } + } + + SL_RETURN(i, _("sh_util_ask_update")); +} + +int sh_util_hidesetup(const char * c) +{ + int i; + SL_ENTER(_("sh_util_hidesetup")); + i = sh_util_flagval(c, &(sh.flag.hidefile)); + + SL_RETURN(i, _("sh_util_hidesetup")); +} + +char * sh_util_strdup (const char * str) +{ + char * p = NULL; + size_t len; + + SL_ENTER(_("sh_util_strdup")); + + SH_VALIDATE_NE(str, NULL); + + len = sl_strlen(str); + p = SH_ALLOC (len + 1); + (void) sl_strlcpy (p, str, len+1); + + SL_RETURN( p, _("sh_util_strdup")); +} + +/* by the eircom.net computer incident + * response team + */ +char * sh_util_strsep (char **str, const char *delim) +{ + char *ret, *c, *d; + + SL_ENTER(_("sh_util_strsep")); + ret = *str; + + SH_VALIDATE_NE(ret, NULL); + + for (c = *str; *c != '\0'; c++) { + for (d = (char *) delim; *d != '\0'; d++) { + if (*c == *d) { + *c = '\0'; + *str = c + 1; + SL_RETURN(ret, _("sh_util_strsep")); + } + } + } + + /* If we get to here, there's no delimiters in the string */ + *str = NULL; + SL_RETURN(ret, _("sh_util_strsep")); +} + + +/* returned string must be free'd by caller. + */ +char * sh_util_formatted (const char * formatt, st_format * ftab) +{ + struct tm * time_ptr; + size_t size; + size_t isiz; + char * fmt = NULL; + char * p; + char * q; + char * outstr; + int i; + int j; + time_t inpp; + + char * clist[16] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + int nn = 0; + + SL_ENTER(_("sh_util_formatted")); + + if (formatt == NULL || ftab == NULL || *formatt == '\0') + SL_RETURN(NULL, _("sh_util_formatted")); + + /* -- save the format (we overwrite it !!) -- + */ + size = sl_strlen(formatt); + + if (!sl_ok_adds(size, 1)) + SL_RETURN(NULL, _("sh_util_formatted")); + + ++size; + fmt = SH_ALLOC(size); + (void) sl_strlcpy(fmt, formatt, size); + + p = fmt; + + j = 0; + while (ftab[j].fchar != '\0') { + if (ftab[j].type != S_FMT_STRING) + ftab[j].data_str = NULL; + ++j; + } + + while (p != NULL && *p != '\0' && NULL != (q = strchr(p, '%'))) + { + ++q; + + /* fprintf(stderr, "p == %s q == %s\n", p, q); */ + + /* -- end of string is a '%' -- + */ + if (*q == '\0') + { + --q; + *q = '\0'; + break; + } + + i = 0; + j = 0; + + /* -- search the format char in input table -- + * put (nn < 16) here -> all remaining %foo will be + * converted to %% + */ + while (ftab[j].fchar != '\0' && nn < 16) + { + if (ftab[j].fchar == *q) + { + /* -- Convert it to a string format (%s). -- + */ + *q = 's' +; + i = 1; + + switch(ftab[j].type) { + + case S_FMT_STRING: + { + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + case S_FMT_ULONG: + { + ftab[j].data_str = (char *) SH_ALLOC(64); + /*@-bufferoverflowhigh@*/ + sprintf (ftab[j].data_str, "%lu", /* known to fit */ + ftab[j].data_ulong); + /*@+bufferoverflowhigh@*/ + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + case S_FMT_LONG: + { + ftab[j].data_str = (char *) SH_ALLOC(64); + /*@-bufferoverflowhigh@*/ + sprintf (ftab[j].data_str, "%ld", /* known to fit */ + ftab[j].data_long); + /*@+bufferoverflowhigh@*/ + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + case S_FMT_TIME: + { + ftab[j].data_str = (char *) SH_ALLOC(64); + inpp = (time_t)ftab[j].data_ulong; + if (inpp != 0) + { + time_ptr = localtime (&(inpp)); + if (time_ptr != NULL) + (void) strftime(ftab[j].data_str, 64, + _("%d-%m-%Y %H:%M:%S"), time_ptr); + else + (void) sl_strlcpy(ftab[j].data_str, + _("00-00-0000 00:00:00"), 64); + } + else + { + (void) sl_strlcpy(ftab[j].data_str, + _("(None)"), 64); + } + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + default: + /* do nothing */; + } + + } + ++j; + } + + endsrch: + + p = q; + + /* -- not found -- */ + if (i == 0) + { + *q = '%'; + ++p; + } + + } + + /* -- Format string evaluated. + clist[] List of strings + size Total size of format string + clist[] strings + -- */ + + /* -- closing '\0' -- + */ + if (sl_ok_adds(size, 1)) + size++; + outstr = (char *) SH_ALLOC(size); + + /* -- print it -- + */ + (void) sl_snprintf( outstr, size, fmt, + clist[0], clist[1], clist[2], clist[3], + clist[4], clist[5], clist[6], clist[7], + clist[8], clist[9], clist[10], clist[11], + clist[12], clist[13], clist[14], clist[15]); + outstr[size-1] = '\0'; + + /* -- cleanup -- + */ + j = 0; + while (ftab[j].fchar != '\0') { + if (ftab[j].type != S_FMT_STRING && ftab[j].data_str != NULL) + SH_FREE(ftab[j].data_str); + ++j; + } + SH_FREE(fmt); + + SL_RETURN(outstr, _("sh_util_formatted")); +} + +/* can't inline (AIX) + */ +int sh_util_hexchar( const char c ) +{ + /*@+charint@*/ + if ( c >= '0' && c <= '9' ) + return c - '0'; + else if ( c >= 'a' && c <= 'f' ) + return c - 'a' + 10; + else if ( c >= 'A' && c <= 'F' ) + return c - 'A' + 10; + else return -1; + /*@-charint@*/ +} + +/* read a hexadecimal key, convert to binary + */ +int sh_util_hextobinary (char * binary, const char * hex, int bytes) +{ + int i = 0, j, k, l = 0; + char c; + +#define SH_HEXCHAR(x, y) \ + c = (x); \ + if ( c >= '0' && c <= '9' ) \ + y = c - '0'; \ + else if ( c >= 'a' && c <= 'f' ) \ + y = c - 'a' + 10; \ + else if ( c >= 'A' && c <= 'F' ) \ + y = c - 'A' + 10; \ + else \ + SL_RETURN((-1), _("sh_util_hextobinary")) + + + SL_ENTER(_("sh_util_hextobinary")); + + if (bytes < 2) + SL_RETURN((-1), _("sh_util_hextobinary")); + + while (i < (bytes-1)) + { + SH_HEXCHAR(hex[i], k); + SH_HEXCHAR(hex[i+1], j); + + binary[l] = (char)(k * 16 + j); + ++l; i+= 2; + } + + SL_RETURN((0), _("sh_util_hextobinary")); +} + +static void copy_four (unsigned char * dest, UINT32 in) +{ + UINT32 i, j; + int count; + + SL_ENTER(_("copy_four")); + for (count = 0; count < 4; ++count) + { + i = in / 256; + j = in - (i*256); + dest[count] = (unsigned char) j; + in = i; + } + SL_RET0(_("copy_four")); +} + +/* compute HMAC-TIGER + */ +static char * sh_util_hmac_tiger (char * hexkey, + char * text, size_t textlen) +{ + static char opad[KEY_BLOCK] = { + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C + }; + static char ipad[KEY_BLOCK] = { + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36 + }; + static char zap[KEY_BLOCK] = { + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00 + }; + char K[KEY_BLOCK]; + char outer[KEY_BLOCK]; + char * inner; + UINT32 * h1; + UINT32 * h2; + UINT32 cc[KEY_LEN/4]; + char * res; + + size_t i; + + SL_ENTER(_("sh_util_hmac_tiger")); + ASSERT((KEY_BLOCK <= (KEY_LEN/2)), _("KEY_BLOCK <= (KEY_LEN/2)")) + + if (KEY_BLOCK > (KEY_LEN/2)) + { + res = sh_tiger_hash (NULL, TIGER_DATA, 0); + SL_RETURN(res, _("sh_util_hmac_tiger")); + } + + memcpy (K, zap, KEY_BLOCK); + + if (sh_util_hextobinary (K, hexkey, KEY_LEN) < 0) + { + res = sh_tiger_hash (NULL, TIGER_DATA, 0); + SL_RETURN(res, _("sh_util_hmac_tiger")); + } + + if (sl_ok_adds(textlen, KEY_BLOCK)) + { + inner = (char *) SH_ALLOC (textlen + KEY_BLOCK); + + for (i = 0; i < KEY_BLOCK; ++i) + { + outer[i] = K[i] ^ opad[i]; + inner[i] = K[i] ^ ipad[i]; + } + for (i = KEY_BLOCK; i < (KEY_BLOCK+textlen); ++i) + { + inner[i] = text[i - KEY_BLOCK]; + } + } + else + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("integer overflow"), + _("sh_util_hmac_tiger")); + res = sh_tiger_hash (NULL, TIGER_DATA, 0); + SL_RETURN(res, _("sh_util_hmac_tiger")); + } + + /* now compute the hash + */ + h1 = sh_tiger_hash_uint32 ( outer, + TIGER_DATA, + KEY_BLOCK); + for (i = 0; i < (KEY_LEN/8); ++i) + { + /* cc[i] = h1[i]; */ + copy_four ( (unsigned char *) &(cc[i]), h1[i]); + } + + h2 = sh_tiger_hash_uint32 ( inner, + TIGER_DATA, + (unsigned long) KEY_BLOCK+textlen); + for (i = KEY_LEN/8; i < (KEY_LEN/4); ++i) + { + copy_four ( (unsigned char *) &(cc[i]), h2[i - (KEY_LEN/8)]); + /* cc[i] = h2[i - (KEY_LEN/8)]; */ + } + SH_FREE(inner); + + res = sh_tiger_hash ((char *) &cc[0], + TIGER_DATA, + (unsigned long) (KEY_LEN/4 * sizeof(UINT32))); + + SL_RETURN(res, _("sh_util_hmac_tiger")); +} + +static char * sh_util_hash_tiger ( char * hexkey, + char * text, size_t textlen) +{ + char * res; + char h2[2*KEY_LEN+1]; + SL_ENTER(_("sh_util_hash_tiger")); + + (void) sl_strlcpy(h2, hexkey, KEY_LEN+1); + (void) sl_strlcat(h2, sh_tiger_hash(text, TIGER_DATA, + (unsigned long) textlen), 2*KEY_LEN+1); + + res = sh_tiger_hash(h2, TIGER_DATA, 2*KEY_LEN); + + SL_RETURN(res, _("sh_util_hash_tiger")); +} + +/* --- compute signature on data --- + */ +#define TYPE_HMAC 0 +#define TYPE_HASH 1 + +static int sigtype = TYPE_HMAC; + +int sh_util_sigtype (const char * c) +{ + SL_ENTER(_("sh_util_sigtype")); + if (c == NULL) + SL_RETURN( -1, _("sh_util_sigtype")); + + if (0 == strcmp(_("HMAC-TIGER"), c)) + sigtype = TYPE_HMAC; + else if (0 == strcmp(_("HASH-TIGER"), c)) + sigtype = TYPE_HASH; + else + SL_RETURN( -1, _("sh_util_sigtype")); + + SL_RETURN( 0, _("sh_util_sigtype")); +} + +char * sh_util_siggen (char * hexkey, + char * text, size_t textlen) +{ + char * p; + + SL_ENTER(_("sh_util_siggen")); + if (sigtype == TYPE_HMAC) + p = sh_util_hmac_tiger (hexkey, + text, textlen); + else + p = sh_util_hash_tiger (hexkey, + text, textlen); + SL_RETURN(p, _("sh_util_siggen")); +} + + +/* a simple compressor + */ +long sh_util_compress (char * dest, char * src, size_t dest_size) +{ + char * add; + char * get; + size_t count = 0; + size_t dest_end; + + SL_ENTER(_("sh_util_compress")); + + if (dest_size == 0) + SL_RETURN((0), _("sh_util_compress")); + + if ((dest == NULL) || (src == NULL)) + SL_RETURN((0), _("sh_util_compress")); + + dest_end = sl_strlen(dest); + + if (dest_end > dest_size) + SL_RETURN((0), _("sh_util_compress")); + + add = &dest[dest_end]; + get = src; + + while (count < (dest_size-dest_end)) + { + if (isalnum((int) *get)) + { + *add = *get; + ++add; + ++count; + } + ++get; + if (*get == '\0' && (count < (dest_size-dest_end))) + /* end of src reached */ + { + *add = *get; /* copy the '\0' */ + break; /* and stop copying */ + } + } + + dest[dest_size-1] = '\0'; /* paranoia */ + SL_RETURN(((long)count), _("sh_util_compress")); /* no of chars copied */ +} + + +/* copy the four least significant bytes + */ +void sh_util_cpylong (char * dest, const char * src, int len ) +{ + int i, j; + union + { + long l; + char c[sizeof(long)]; + } u; + + SL_ENTER(_("sh_util_cpylong")); + + u.l = 1; + + /* MSB is first + */ + if (sizeof(long)>4 &&/*@+charint@*/(u.c[sizeof(long)-1] == 1)/*@-charint@*/) + { + j = (int) (sizeof(long)-4); + for (i = 0; i < j; ++i) ++src; + } + + i = 0; + + while (i < 4) + { + *dest = (*src); + ++dest; ++src; + if (i == (len-1)) break; + ++i; + } + SL_RET0(_("sh_util_cpylong")); +} + +/* This is a maximally equidistributed combined Tausworthe + * generator. The sequence is, + * + * x_n = (s1_n ^ s2_n ^ s3_n) + * + * s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19)) + * s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25)) + * s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11)) + * + * computed modulo 2^32. In the three formulas above '^' means + * exclusive-or (C-notation), not exponentiation. Note that the + * algorithm relies on the properties of 32-bit unsigned integers (it + * is formally defined on bit-vectors of length 32). + * + * Stolen from GSL (GNU scientific library) and modified somewhat. + * I am using UINT32, which is guaranteed to be 32 bits. Also made + * sure that the initialization vector is valid. + */ + + +/* interval [0, 4294967296] + */ +static UINT32 taus_get_long (void *vstate) +{ + UINT32 * state = (UINT32 *) vstate; + + if (skey->rngI == BAD) + (void)taus_seed(); + +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + /*@+ignorequals@*/ + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + /*@-ignorequals@*/ + return (state[0] ^ state[1] ^ state[2]); +} + +/* Hide the internal state of the PRNG by using its output as + * input for a one-way hash function. + */ +UINT32 taus_svec[6]; + +UINT32 taus_get (void *state1, void *state2, void *state3) +{ + UINT32 retval; + UINT32 * res; + static UINT32 res_vec[6]; + static int res_num = 0; + register int i; + + if (res_num > 0) + { + retval = res_vec[res_num]; + res_num = (res_num == 5) ? 0 : (res_num + 1); + return retval; + } + + taus_svec[0] = taus_get_long (state1); + taus_svec[1] = taus_get_long (state2); + taus_svec[2] = taus_get_long (state3); + taus_svec[3] = taus_get_long (state1); + taus_svec[4] = taus_get_long (state2); + taus_svec[5] = taus_get_long (state3); + + res = sh_tiger_hash_uint32 ( (char *) &taus_svec[0], + TIGER_DATA, + (unsigned long)(6 * sizeof(UINT32))); + + for (i = 1; i < 6; ++i) + { + res_vec[i] = res[i]; + } + retval = taus_svec[0]; + res_num = 1; + + taus_svec[0] = 0; taus_svec[1] = 0; taus_svec[2] = 0; + taus_svec[3] = 0; taus_svec[4] = 0; taus_svec[5] = 0; + + return retval; +} + +/* interval [0,1) + */ +double taus_get_double (void *vstate) +{ + return taus_get_long (vstate) / (4294967296.0 + 1.0) ; +} + +#define LCG(n) ((69069 * n) & 0xffffffffUL) + +/* TAKE CARE: state[0], state[1], state[2] must be > 2,8,16, respectively + */ +static void taus_set_from_ulong (void *vstate, unsigned long int s) +{ + UINT32 *state = (UINT32 *) vstate; + + if (s == 0) + s = 1; /* default seed is 1 */ + + state[0] = (UINT32)(LCG (s) | (UINT32) 0x03); + state[1] = (UINT32)(LCG (state[0]) | (UINT32) 0x09); + state[2] = (UINT32)(LCG (state[1]) | (UINT32) 0x17); + + /* 'warm up' + */ + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + + return; +} + +static void taus_set_from_state (void *vstate, void *init_state) +{ + UINT32 *state = (UINT32 *) vstate; + UINT32 *state0 = (UINT32 *) init_state; + + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + return; +} + + +int taus_seed () +{ + char bufx[9 * sizeof(UINT32) + 1]; + int status; + static unsigned long seed_time = 0; + + SL_ENTER(_("taus_seed")); + + if (skey->rngI == GOOD) + { + if ( (sh_unix_longtime () - seed_time) < 3600) + SL_RETURN( (0), _("taus_seed")); + } + + seed_time = sh_unix_longtime (); + + status = sh_entropy (24, bufx); + + if (!SL_ISERROR(status)) + { + skey->rngI = GOOD; + memcpy (&skey->rng0[0], &bufx[0], 2*sizeof(UINT32)); + memcpy (&skey->rng1[0], &bufx[2*sizeof(UINT32)], 2*sizeof(UINT32)); + memcpy (&skey->rng2[0], &bufx[4*sizeof(UINT32)], 2*sizeof(UINT32)); + memset (bufx, 0, 9 * sizeof(UINT32) + 1); + + skey->rng0[2] = 0; + skey->rng1[2] = 0; + skey->rng2[2] = 0; + + taus_set_from_state( &(skey->rng0[0]), &(skey->rng0[0])); + taus_set_from_state( &(skey->rng1[0]), &(skey->rng1[0])); + taus_set_from_state( &(skey->rng2[0]), &(skey->rng2[0])); + + SL_RETURN( (0), _("taus_seed")); + } + + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_ES_ENT, + _("sh_entropy")); + + /* emergency backup - unsafe ! + */ + skey->rngI = GOOD; +#ifdef HAVE_GETTIMEOFDAY + taus_set_from_ulong ( &(skey->rng0[0]), LCG (sh_unix_notime()) ); +#else + taus_set_from_ulong ( &(skey->rng0[0]), LCG (seed_time) ); +#endif + taus_set_from_ulong ( &(skey->rng1[0]), LCG (skey->rng0[0]) ); + taus_set_from_ulong ( &(skey->rng2[0]), LCG (skey->rng1[0]) ); + skey->rngI = BAD; + + SL_RETURN( (-1), _("taus_seed")); +} + +/*@+charint@*/ +static unsigned char new_key[] = { 0xA7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xA7 }; +/*@-charint@*/ +static void copy_four (unsigned char * dest, UINT32 in); + +int sh_util_set_newkey (const char * new_in) +{ + size_t i, j = 0; + size_t len; + SL_TICKET fp; + SL_TICKET fout; + char * key; + char * path; + char * outpath = NULL; + unsigned char * image = NULL; + long s = 0; + long ilen = 0; + long ii, k = 0; + UINT32 * h1; + char * new = NULL; + + if (0 != sl_is_suid()) + { + fprintf(stderr, _("ERROR: insufficient privilege\n")); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; /* braindead MAC OSX compiler needs this */ + } + + if (new_in == NULL || new_in[0] == '\0') + { + fprintf(stderr, + _("ERROR: no key given\n Argument must be 'key@path'\n")); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + + if (NULL == (new = malloc(strlen(new_in) + 1))) + goto bail_mem; + sl_strncpy(new, new_in, strlen(new_in) + 1); + + key = new; + len = strlen(new); + for (i = 1; i < (len-2); ++i) + { + if (new[i] == '@' && new[i+1] == '/') + { + j = i+1; new[i] = '\0'; break; + } + } + if (j == 0) + { + fprintf(stderr, + _("ERROR: no path to executable given\n Argument must be 'key@path'\n")); + free(new); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + else + path = &new[j]; + + len = strlen(path) + 1 + 4; + /*@-usedef@*/ + if (NULL == (outpath = malloc(len))) + goto bail_mem; + /*@-usedef@*/ + sl_snprintf (outpath, len, _("%s.out"), path); + + fp = sl_open_read(path, SL_NOPRIV); + if (SL_ISERROR(fp)) + { + fprintf(stderr, + _("ERROR: cannot open %s for read (errnum = %ld)\n"), path, fp); + free(new); free (outpath); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + + fout = sl_open_write(outpath, SL_NOPRIV); + if (SL_ISERROR(fout)) + { + fprintf(stderr, + _("ERROR: cannot open %s (errnum = %ld)\n"), outpath, fout); + free(new); free (outpath); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + + + image = malloc (4096); + if (!image) + goto bail_mem; + while (0 < (ii = sl_read (fp, &image[s], 4096))) + { + ilen += ii; + s += 4096; + image = realloc (image, (size_t) (4096 + s)); + if (!image) + goto bail_mem; + } + + printf(_("%ld bytes read\n"), ilen); + + + for (k = 0; k < (ilen - 8); ++k) + { + if (image[k] == new_key[0] && + image[k+1] == new_key[1] && + image[k+2] == new_key[2] && + image[k+3] == new_key[3] && + image[k+4] == new_key[4] && + image[k+5] == new_key[5] && + image[k+6] == new_key[6] && + image[k+7] == new_key[7]) + { + printf(_("old key found\n")); + h1 = sh_tiger_hash_uint32 (key, TIGER_DATA, + (unsigned long)strlen(key)); + copy_four( (unsigned char *) &(image[k]), h1[0]); + copy_four( (unsigned char *) &(image[k+4]), h1[1]); + (void) sl_write (fout, image, ilen); + (void) sl_close (fout); + printf(_("new file %s written\n"), outpath); + free(new); free (outpath); free(image); + _exit (EXIT_SUCCESS); + /*@notreached@*/ + return 0; + } + } + + fprintf(stderr, + _("ERROR: old key not found\n")); + free(new); free (outpath); free(image); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + + + bail_mem: + fprintf(stderr, + _("ERROR: out of memory\n")); + if (new) free(new); + if (outpath) free (outpath); + if (image) free (image); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; +} + + + + +/* A simple en-/decoder, based on Vernam cipher. We use the + * message as salt to hide the key by obtaining a different one-time + * pad each time. + * Should be safe against a listener on the network, but not against someone + * with read access to the binary. + */ +void sh_util_encode (char * data, char * salt, int mode, char fill) +{ + static char cc1[17] = N_("0123456789ABCDEF"); + char cc[17] = "\0"; + register int i, j, j1 = 0, j2 = 0, j3; + char * dez; + + SL_ENTER(_("sh_util_encode")); + + /* init + */ + (void) sl_strlcpy( cc, _(cc1), sizeof(cc)); + + /* max 128 bits keyspace + */ + memset (skey->vernam, (int)fill, KEY_LEN+1); + + dez = (char *) &(skey->ErrFlag[0]); + sh_util_cpylong (skey->vernam, dez, 4); + dez = (char *) &(skey->ErrFlag[1]); + sh_util_cpylong (&skey->vernam[4], dez, 4); + + skey->vernam[KEY_LEN] = '\0'; + + (void) sl_strlcpy(skey->vernam, + sh_tiger_hash(skey->vernam, TIGER_DATA, KEY_LEN), + KEY_LEN+1); + + (void) sl_strlcpy(skey->vernam, + sh_util_hmac_tiger (skey->vernam, salt, strlen(salt)), + KEY_LEN+1); + + (void) sl_strlcpy(skey->vernam, + sh_util_hmac_tiger (skey->vernam, (char*) new_key, 8), + KEY_LEN+1); + + /* The following routine adds/subtracts data[j] and vernam[j] mod 16. + */ + j = 0; + while (j < KEY_LEN) + { + for (i = 0; i < 16; ++i) + { + if (cc[i] == data[j]) j1 = i; + if (cc[i] == skey->vernam[j]) j2 = i; + } + if (mode == 0) + { + j3 = j1 + j2; + if (j3 > 15) j3 -= 16; + data[j] = cc[j3]; + } + else + { + j3 = j1 - j2; + if (j3 < 0) j3 += 16; + data[j] = cc[j3]; + } + ++j; + } + SL_RET0(_("sh_util_encode")); +} + +/* server mode + */ +int sh_util_setserver (const char * dummy) +{ + SL_ENTER(_("sh_util_setserver")); + + (void) dummy; + sh.flag.isserver = GOOD; + SL_RETURN((0),_("sh_util_setserver")); +} + + +int sh_util_setlooptime (const char * str) +{ + int i = atoi (str); + + SL_ENTER(_("sh_util_setlooptime")); + + if (i >= 0 && i < INT_MAX) { + sh.looptime = i; + SL_RETURN((0),_("sh_util_setlooptime")); + } else { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("loop time"), str); + SL_RETURN((-1),_("sh_util_setlooptime")); + } +} + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +int sh_util_setchecksum (const char * str) +{ + static int reject = 0; + + SL_ENTER(_("sh_util_setchecksum")); + + if (reject == 1) + SL_RETURN((0), _("sh_util_setchecksum")); + reject = 1; + + if (sl_strncmp (str, _("init"), sizeof("init")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_INIT; + } + else if (sl_strncmp (str, _("update"), sizeof("update")-1) == 0) + { + if (S_TRUE == file_is_remote()) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("checksum testing"), str); + SL_RETURN((-1), _("sh_util_setchecksum")); + } + else + { + sh.flag.checkSum = SH_CHECK_CHECK; + sh.flag.update = S_TRUE; + } + } + else if (sl_strncmp (str, _("check"), sizeof("check")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_CHECK; + } + /* + else if (sl_strncmp (str, _("update"), sizeof("update")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_INIT; + sh.flag.update = S_TRUE; + } + */ + else if (sl_strncmp (str, _("none"), sizeof("none")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_NONE; + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("checksum testing"), str); + SL_RETURN((-1), _("sh_util_setchecksum")); + } + SL_RETURN((0), _("sh_util_setchecksum")); +} +#endif + +/*@+charint@*/ +unsigned char TcpFlag[8][PW_LEN+1] = { +#if (POS_TF == 1) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 2) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 3) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 4) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 5) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 6) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 7) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 8) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif +}; +/*@-charint@*/ + +/* initialize a key to a random value + * rev 0.8 + */ +int sh_util_keyinit (char * buf, long size) +{ + UINT32 bufy[6]; + int i; + int status = 0; + char * p; + + SL_ENTER(_("sh_util_keyinit")); + + ASSERT((size <= KEY_LEN+1), _("size <= KEY_LEN+1")) + + if (size > KEY_LEN+1) + size = KEY_LEN+1; + + /* seed / re-seed the PRNG if required + */ + status = taus_seed (); + + if (status == -1) + sh_error_handle ((-1), FIL__, __LINE__, -1, MSG_ES_KEY1, + _("taus_seed")); + + for (i = 0; i < 6; ++i) + bufy[i] = taus_get(&(skey->rng0[0]), &(skey->rng1[0]), &(skey->rng2[0])); + + p = sh_tiger_hash ((char *) bufy, TIGER_DATA, + (unsigned long)(6*sizeof(UINT32))); + p[size-1] = '\0'; + + i = sl_strlcpy(buf, p, (size_t)size); + + memset (bufy, 0, 6*sizeof(UINT32)); + + if ((status == 0) && (!SL_ISERROR(i)) ) + SL_RETURN((0),_("sh_util_keyinit")); + + if (SL_ISERROR(i)) + sh_error_handle ((-1), FIL__, __LINE__, i, MSG_ES_KEY2, + _("sl_strlcpy")); + + SL_RETURN((-1),_("sh_util_keyinit")); +} + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + +static unsigned char sh_obscure_index[256]; + +int sh_util_obscure_ok (const char * str) +{ + unsigned long i; + char * endptr = NULL; + + SL_ENTER(_("sh_util_obscure_ok")); + + if (0 == sl_strncmp("all", str, 3)) + { + for (i = 0; i < 255; ++i) + { + sh_obscure_index[i] = (unsigned char)1; + } + SL_RETURN(0, _("sh_util_obscure_ok")); + } + + for (i = 0; i < 255; ++i) + { + sh_obscure_index[i] = (unsigned char)0; + } + + i = strtoul (str, &endptr, 0); + if (i > 255) + { + SL_RETURN(-1, _("sh_util_obscure_ok")); + } + sh_obscure_index[i] = (unsigned char)1; + if (*endptr == ',') + ++endptr; + + while (*endptr != '\0') + { + i = strtoul (endptr, &endptr, 0); + if (i > 255) + { + SL_RETURN(-1, _("sh_util_obscure_ok")); + } + sh_obscure_index[i] = (unsigned char)1; + if (*endptr == ',') + ++endptr; + } + SL_RETURN(0, _("sh_util_obscure_ok")); +} + +int sh_util_obscurename (ShErrLevel level, char * name_orig, int flag) +{ + unsigned char * name = (unsigned char *) name_orig; + char * safe; + unsigned int i; + + SL_ENTER(_("sh_util_obscurename")); + + ASSERT_RET((name != NULL), _("name != NULL"), (0)) + + /* -- Check name. -- + */ + while (*name != '\0') + { + if ( (*name) > 0x7F || (*name) == '"' || (*name) == '\t' || + (*name) == '\b' || (*name) == '\f' || + (*name) == '\n' || (*name) == '\r' || + (*name) == '\v' || iscntrl((int) *name) || + ((*name) != ' ' && !isgraph ((int) *name)) ) + { + i = (unsigned char) *name; + if (sh_obscure_index[i] != (unsigned char)1) + { + if (flag == S_TRUE) + { + safe = sh_util_safe_name (name_orig); + sh_error_handle (level, FIL__, __LINE__, 0, MSG_FI_OBSC, + safe); + SH_FREE(safe); + } + SL_RETURN((-1),_("sh_util_obscurename")); + } + } + name++; + } + + SL_RETURN((0),_("sh_util_obscurename")); +} +#endif + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_dirname(const char * fullpath) +{ + char * retval; + size_t len; + + SL_ENTER(_("sh_util_dirname")); + + ASSERT_RET ((fullpath != NULL), _("fullpath != NULL"), (NULL)) + + len = sl_strlen (fullpath); /* fullpath[i] is terminating '\0' */ + + if (len > 1 && fullpath[len-1] == '/') /* skip trailing '/' */ + --len; + + while (len > 0) { + --len; + if (fullpath[len] == '/') + { + if (len == 0) ++len; /* copy the '/' to output */ + break; + } + } + + /* -- Not an absolute path. -- + */ + if ((len == 0) && (fullpath[len] != '/')) + { + SL_RETURN(NULL, _("sh_util_dirname")); + } + + retval = SH_ALLOC(len + 1); + (void) sl_strlcpy (retval, fullpath, len+1); + + SL_RETURN(retval, _("sh_util_dirname")); +} + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_basename(const char * fullpath) +{ + char * retval = NULL; + char * tmp; + char * c; + size_t len; + + SL_ENTER(_("sh_util_basename")); + + ASSERT_RET ((fullpath != NULL), _("fullpath != NULL"), (NULL)) + + c = strrchr(fullpath, '/'); + len = sl_strlen (c); + + if (c == fullpath) + { + if (len <= 1) + retval = sh_util_strdup(c); + else + retval = sh_util_strdup(++c); + } + else + { + if (len > 1) + { + retval = sh_util_strdup(++c); + } + else + { + /* input ends in '/' */ + tmp = sh_util_strdup(fullpath); + tmp[strlen(tmp)-1] = '\0'; + retval = sh_util_basename(tmp); + SH_FREE(tmp); + } + } + + SL_RETURN(retval, _("sh_util_basename")); +} + + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_safe_name (const char * name) +{ + register int i = 0; + const char * p; + char * retval; + char oct[32]; + char format[16]; + size_t len; + + SL_ENTER(_("sh_util_safe_name")); + + if (name == NULL) + { + /* return an allocated array + */ + retval = SH_ALLOC(7); + (void) sl_strlcpy(retval, _("(null)"), 7); + SL_RETURN(retval, _("sh_util_safe_name")); + } + + /* + ASSERT_RET ((name != NULL), _("name != NULL"), _("NULL")) + */ + + len = sl_strlen(name); + p = name; + +#ifdef SH_USE_XML + if (sl_ok_muls (6, len) && sl_ok_adds ((6*len), 2)) + { retval = SH_ALLOC(6 * len + 2); } + else + { + /* return an allocated array + */ + retval = SH_ALLOC(11); + (void) sl_strlcpy(retval, _("(overflow)"), 11); + SL_RETURN(retval, _("sh_util_safe_name")); + } +#else + if (sl_ok_muls (4, len) && sl_ok_adds ((4*len), 2)) + { retval = SH_ALLOC(4 * len + 2); } + else + { + /* return an allocated array + */ + retval = SH_ALLOC(11); + (void) sl_strlcpy(retval, _("(overflow)"), 11); + SL_RETURN(retval, _("sh_util_safe_name")); + } +#endif + + (void) sl_strncpy(format, _("%c%03o"), 16); + + while (*p != '\0') { + /* Most frequent cases first + */ + if ( ((*p) >= 'a' && (*p) <= 'z') || ((*p) == '/') || ((*p) == '.') || + ((*p) >= '0' && (*p) <= '9') || + ((*p) >= 'A' && (*p) <= 'Z')) { + retval[i] = *p; + } else if ( (*p) == '\\') { /* backslash */ + retval[i] = '\\'; ++i; + retval[i] = '\\'; + } else if ( (*p) == '\n') { /* newline */ + retval[i] = '\\'; ++i; + retval[i] = 'n'; + } else if ( (*p) == '\b') { /* backspace */ + retval[i] = '\\'; ++i; + retval[i] = 'b'; + } else if ( (*p) == '\r') { /* carriage return */ + retval[i] = '\\'; ++i; + retval[i] = 'r'; + } else if ( (*p) == '\t') { /* horizontal tab */ + retval[i] = '\\'; ++i; + retval[i] = 't'; + } else if ( (*p) == '\v') { /* vertical tab */ + retval[i] = '\\'; ++i; + retval[i] = 'v'; + } else if ( (*p) == '\f') { /* form-feed */ + retval[i] = '\\'; ++i; + retval[i] = 'f'; +#ifdef WITH_DATABASE + } else if ( (*p) == '\'') { /* single quote */ + retval[i] = '\\'; ++i; + retval[i] = '\''; +#endif + } else if ( (*p) == ' ') { /* space */ + retval[i] = '\\'; ++i; + retval[i] = ' '; +#ifdef SH_USE_XML + } else if ( (*p) == '"') { /* double quote */ + retval[i] = '&'; ++i; + retval[i] = 'q'; ++i; + retval[i] = 'u'; ++i; + retval[i] = 'o'; ++i; + retval[i] = 't'; ++i; + retval[i] = ';'; + } else if ( (*p) == '&') { /* ampersand */ + retval[i] = '&'; ++i; + retval[i] = 'a'; ++i; + retval[i] = 'm'; ++i; + retval[i] = 'p'; ++i; + retval[i] = ';'; + } else if ( (*p) == '<') { /* left angle */ + retval[i] = '&'; ++i; + retval[i] = 'l'; ++i; + retval[i] = 't'; ++i; + retval[i] = ';'; + } else if ( (*p) == '>') { /* right angle */ + retval[i] = '&'; ++i; + retval[i] = 'g'; ++i; + retval[i] = 't'; ++i; + retval[i] = ';'; +#else + } else if ( (*p) == '"') { /* double quote */ + retval[i] = '\\'; ++i; + retval[i] = '\"'; +#endif + } else if (!isgraph ((int) *p)) { /* not printable */ + /*@-bufferoverflowhigh -formatconst@*/ + /* flawfinder: ignore */ + sprintf(oct, format, '\\', /* known to fit */ + (unsigned char) *p); + /*@+bufferoverflowhigh +formatconst@*/ + retval[i] = oct[0]; ++i; + retval[i] = oct[1]; ++i; + retval[i] = oct[2]; ++i; + retval[i] = oct[3]; + } else { + retval[i] = *p; + } + ++p; + ++i; + } + retval[i] = '\0'; + SL_RETURN(retval, _("sh_util_safe_name")); +} + +int sh_util_isnum (char *str) +{ + char *p = str; + + SL_ENTER(_("sh_util_isnum")); + + ASSERT_RET ((str != NULL), _("str != NULL"), (-1)) + + while (p) { + if (!isdigit((int) *p) ) + SL_RETURN((-1), _("sh_util_isnum")); + ++p; + } + SL_RETURN((0), _("sh_util_isnum")); +} + +char * sh_util_strconcat (const char * arg1, ...) +{ + size_t length, l2; + char * s; + char * strnew; + va_list vl; + + SL_ENTER(_("sh_util_strconcat")); + + ASSERT_RET ((arg1 != NULL), _("arg1 != NULL"), (NULL)) + + length = sl_strlen (arg1) + 1; + + va_start (vl, arg1); + s = va_arg (vl, char * ); + while (s != NULL) + { + l2 = sl_strlen (s); + if (sl_ok_adds(length, l2)) + length += l2; + else + SL_RETURN(NULL, _("sh_util_strconcat")); + s = va_arg (vl, char * ); + } + va_end (vl); + + if (sl_ok_adds(length, 2)) + strnew = SH_ALLOC( length + 2 ); + else + SL_RETURN(NULL, _("sh_util_strconcat")); + + strnew[0] = '\0'; + + (void) sl_strlcpy (strnew, arg1, length + 2); + + va_start (vl, arg1); + s = va_arg (vl, char * ); + while (s) + { + (void) sl_strlcat (strnew, s, length + 2); + s = va_arg (vl, char * ); + } + va_end (vl); + + SL_RETURN(strnew, _("sh_util_strconcat")); +} + + +#ifdef HAVE_REGEX_H + +#include + +int sh_util_regcmp (char * regex_str, char * in_str) +{ +#if defined(REG_ESPACE) + int status = REG_ESPACE; +#else + int status = -1; +#endif + regex_t preg; + char * errbuf; + + SL_ENTER(_("sh_util_regcmp")); + + status = regcomp(&preg, regex_str, REG_NOSUB|REG_EXTENDED); + + if (status == 0) + { + if ((status = regexec(&preg, in_str, 0, NULL, 0)) == 0) + { + regfree (&preg); + SL_RETURN((0), _("sh_util_regcmp")); + } + } + + if (status != 0 && status != REG_NOMATCH) + { + errbuf = SH_ALLOC(BUFSIZ); + (void) regerror(status, &preg, errbuf, BUFSIZ); + errbuf[BUFSIZ-1] = '\0'; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_REGEX, + errbuf, regex_str); + SH_FREE(errbuf); + } + + regfree (&preg); + SL_RETURN((-1), _("sh_util_regcmp")); +} + +#endif + + + + + + + + Index: branches/samhain-2_2-branch/src/sh_utmp.c =================================================================== --- branches/samhain-2_2-branch/src/sh_utmp.c (revision 66) +++ branches/samhain-2_2-branch/src/sh_utmp.c (revision 66) @@ -0,0 +1,1105 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_UTADDR +#include +#include +#ifndef S_SPLINT_S +#include +#else +#define AF_INET 2 +#endif +#endif + +#ifdef SH_USE_UTMP + +#ifdef HAVE_UTMPX_H + +#ifdef S_SPLINT_S +typedef pid_t __pid_t; +#endif + +#include +#define SH_UTMP_S utmpx +#undef ut_name +#define ut_name ut_user +#ifdef HAVE_UTXTIME +#undef ut_time +#define ut_time ut_xtime +#else +#undef ut_time +#define ut_time ut_tv.tv_sec +#endif + +#else +#include +#define SH_UTMP_S utmp +#endif + + +#ifdef HAVE_PATHS_H +#include +#endif + +#undef FIL__ +#define FIL__ _("sh_utmp.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_utmp.h" + + +#ifdef TM_IN_SYS_TIME +#include +#else +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_DIRENT_H +#include +#define NAMLEN(dirent) sl_strlen((dirent)->d_name) +#else +#define dirent direct +#define NAMLEN(dirent) (dirent)->d_namlen +#ifdef HAVE_SYS_NDIR_H +#include +#endif +#ifdef HAVE_SYS_DIR_H +#include +#endif +#ifdef HAVE_NDIR_H +#include +#endif +#endif + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +#ifndef UT_LINESIZE +#ifndef __UT_LINESIZE +#define UT_LINESIZE 12 +#else +#define UT_LINESIZE __UT_LINESIZE +#endif +#endif + +#ifndef UT_NAMESIZE +#ifndef __UT_NAMESIZE +#define UT_NAMESIZE 8 +#else +#define UT_NAMESIZE __UT_NAMESIZE +#endif +#endif + +#ifndef UT_HOSTSIZE +#ifndef __UT_HOSTSIZE +#define UT_HOSTSIZE 16 +#else +#define UT_HOSTSIZE __UT_HOSTSIZE +#endif +#endif + +#ifdef HAVE_UTMPX_H + +#ifndef _PATH_UTMP +#ifdef UTMPX_FILE +#define _PATH_UTMP UTMPX_FILE +#else +#error You must define UTMPX_FILE in the file config.h +#endif +#endif +#ifndef _PATH_WTMP +#ifdef WTMPX_FILE +#define _PATH_WTMP WTMPX_FILE +#else +#error You must define WTMPX_FILE in the file config.h +#endif +#endif + +#else + +#ifndef _PATH_UTMP +#ifdef UTMP_FILE +#define _PATH_UTMP UTMP_FILE +#else +#error You must define UTMP_FILE in the file config.h +#endif +#endif +#ifndef _PATH_WTMP +#ifdef WTMP_FILE +#define _PATH_WTMP WTMP_FILE +#else +#error You must define WTMP_FILE in the file config.h +#endif +#endif + +#endif + +typedef struct log_user { + char ut_tty[UT_LINESIZE+1]; + char name[UT_NAMESIZE+1]; + char ut_host[UT_HOSTSIZE+1]; + char ut_ship[16]; /* IP address */ + time_t time; + struct log_user * next; +} blah_utmp; + +#ifdef HAVE_UTTYPE +static char terminated_line[UT_HOSTSIZE]; +#endif + +static struct SH_UTMP_S save_utmp; + +static void sh_utmp_logout_morechecks(struct log_user * user); +static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut); +static void sh_utmp_addlogin (struct SH_UTMP_S * ut); +static void sh_utmp_check_internal(int mode); + +static int ShUtmpLoginSolo = SH_ERR_INFO; +static int ShUtmpLoginMulti = SH_ERR_WARN; +static int ShUtmpLogout = SH_ERR_INFO; +static int ShUtmpActive = S_TRUE; +static time_t ShUtmpInterval = 300; + +sh_rconf sh_utmp_table[] = { + { + N_("severityloginmulti"), + sh_utmp_set_login_multi + }, + { + N_("severitylogin"), + sh_utmp_set_login_solo + }, + { + N_("severitylogout"), + sh_utmp_set_logout_good + }, + { + N_("logincheckactive"), + sh_utmp_set_login_activate + }, + { + N_("logincheckinterval"), + sh_utmp_set_login_timer + }, + { + NULL, + NULL + }, +}; + +int sh_utmp_null() +{ + return 0; +} + + + + +#if defined (HAVE_SETUTENT) && defined (USE_SETUTENT) + +#ifdef HAVE_UTMPX_H + +#define sh_utmp_utmpname utmpxname +#define sh_utmp_setutent setutxent +#define sh_utmp_endutent endutxent +#define sh_utmp_getutent getutxent +#define sh_utmp_getutid getutxid +#define sh_utmp_getutline getutxline + +#else + +#define sh_utmp_utmpname utmpname +#define sh_utmp_setutent setutent +#define sh_utmp_endutent endutent +#define sh_utmp_getutent getutent +#define sh_utmp_getutid getutid +#define sh_utmp_getutline getutline + +#endif + +#else + +/* BSD lacks getutent() etc. + * utmpname(), setutent(), and endutent() return void, + * so we do not perform much error handling. + * Errors must be recognized by getutent() returning NULL. + * Apparently, the application cannot check whether wtmp is empty, + * or whether there was an fopen() error. + */ + +static FILE * sh_utmpfile = NULL; +static char sh_utmppath[80] = _PATH_UTMP; + +/* sh_utmp_feed_forward is for optimizing + * (fseek instead of getutent loop) + */ +static long sh_utmp_feed_forward = 0; + +static void sh_utmp_utmpname(const char * str) +{ + SL_ENTER(_("sh_utmp_utmpname")); + if (sh_utmpfile != NULL) + { + (void) fclose (sh_utmpfile); + sh_utmpfile = NULL; + } + + (void) sl_strlcpy (sh_utmppath, str, 80); + SL_RET0(_("sh_utmp_utmpname")); +} + +static void sh_utmp_setutent(void) +{ + int error; + int fd; + + SL_ENTER(_("sh_utmp_setutent")); + + ASSERT((sh_utmppath != NULL), _("sh_utmppath != NULL")); + + if (sh_utmppath == NULL) + SL_RET0(_("sh_utmp_setutent")); + + if (sh_utmpfile == NULL) + { + fd = (int) aud_open (FIL__, __LINE__, SL_NOPRIV, + sh_utmppath, O_RDONLY, 0); + if (fd >= 0) + { + sh_utmpfile = fdopen(fd, "r"); + } + + /* -- If (sh_utmpfile == NULL) then either the open() or the fdopen() + * has failed. + */ + if (sh_utmpfile == NULL) + { + error = errno; + sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_ACCESS, + (long) sh.real.uid, sh_utmppath); + SL_RET0(_("sh_utmp_setutent")); + } + } + (void) fseek (sh_utmpfile, 0L, SEEK_SET); + if (-1 == fseek (sh_utmpfile, sh_utmp_feed_forward, SEEK_CUR)) + { + sh_utmp_feed_forward = 0; /* modified Apr 4, 2004 */ + (void) fseek (sh_utmpfile, 0L, SEEK_SET); + } + clearerr (sh_utmpfile); + SL_RET0(_("sh_utmp_setutent")); +} + +static void sh_utmp_endutent(void) +{ + SL_ENTER(_("sh_utmp_endutent")); + if (NULL != sh_utmpfile) + (void) fclose(sh_utmpfile); + sh_utmpfile = NULL; + SL_RET0(_("sh_utmp_endutent")); +} + +static struct SH_UTMP_S * sh_utmp_getutent(void) +{ + size_t in; + static struct SH_UTMP_S out; + + SL_ENTER(_("sh_utmp_getutent")); + + ASSERT_RET((sh_utmpfile != NULL), _("sh_utmpfile != NULL"), (NULL)) + + in = fread (&out, sizeof(struct SH_UTMP_S), 1, sh_utmpfile); + + if (in != 1) + { + if (ferror (sh_utmpfile) != 0) + { + clearerr (sh_utmpfile); + SL_RETURN(NULL, _("sh_utmp_getutent")); + } + else + { + SL_RETURN(NULL, _("sh_utmp_getutent")); + } + } + SL_RETURN(&out, _("sh_utmp_getutent")); +} + +#ifdef USE_UNUSED + +static struct SH_UTMP_S * sh_utmp_getutline(struct SH_UTMP_S * ut) +{ + struct SH_UTMP_S * out; + + while (1) { + if ((out = sh_utmp_getutent()) == NULL) { + return NULL; + } +#ifdef HAVE_UTTYPE + if (out->ut_type == USER_PROCESS || out->ut_type == LOGIN_PROCESS) + if (sl_strcmp(ut->ut_line, out->ut_line) == 0) + return out; +#else + if ( 0 != sl_strncmp (out->ut_name, "reboot", 6) && + 0 != sl_strncmp (out->ut_name, "shutdown", 8) && + 0 != sl_strncmp (out->ut_name, "date", 4) ) + return out; +#endif + } + return NULL; +} + +static struct SH_UTMP_S * sh_utmp_getutid(struct SH_UTMP_S * ut) +{ +#ifdef HAVE_UTTYPE + struct SH_UTMP_S * out; + + if (ut->ut_type == RUN_LVL || ut->ut_type == BOOT_TIME || + ut->ut_type == NEW_TIME || ut->ut_type == OLD_TIME) + { + while (1) { + if ((out = sh_utmp_getutent()) == NULL) { + return NULL; + } + if (out->ut_type == ut->ut_type) + return out; + } + } + else if (ut->ut_type == INIT_PROCESS || ut->ut_type == LOGIN_PROCESS || + ut->ut_type == USER_PROCESS || ut->ut_type == DEAD_PROCESS ) + { + while (1) { + if ((out = sh_utmp_getutent()) == NULL) { + return NULL; + } + if (sl_strcmp(ut->ut_id, out->ut_id) == 0) + return out; + } + } +#endif + return NULL; +} +/* #ifdef USE_UNUSED */ +#endif + +/* #ifdef HAVE_SETUTENT */ +#endif + +#ifdef HAVE_UTADDR +#ifdef HAVE_INET_ATON +static char * my_inet_ntoa(struct in_addr in) +{ + return /*@-unrecog@*/inet_ntoa(in)/*@+unrecog@*/; +} +#else +static char * my_inet_ntoa(struct in_addr in) +{ + unsigned char a, b, c, d; + static char foo[16]; + char bar[4]; + memcpy (bar, &(in.s_addr), 4); /* memory alignment (?) */ + memcpy (&a, &bar[0], 1); + memcpy (&b, &bar[1], 1); + memcpy (&c, &bar[2], 1); + memcpy (&d, &bar[3], 1); + sprintf(foo, _("%d.%d.%d.%d"), /* known to fit */ + (int) a, (int) b, (int) c, (int) d); + return foo; +} +#endif +/* #ifdef HAVE_UTADDR */ +#endif + +#if defined(__linux__) && !defined(ut_addr) +#define ut_addr ut_addr_v6[0] +#endif + + +static struct log_user * userlist = NULL; +static time_t lastcheck; + +/************* + * + * module init + * + *************/ +int sh_utmp_init () +{ + static int done = 0; + + SL_ENTER(_("sh_utmp_init")); + if (ShUtmpActive == BAD) + SL_RETURN( (-1), _("sh_utmp_init")); + + /* do not re-initialize after a re-configuration + */ + if (done == 1) { + SL_RETURN( (0), _("sh_utmp_init")); + } + lastcheck = time (NULL); + userlist = NULL; + memset (&save_utmp, 0, sizeof(struct SH_UTMP_S)); + sh_utmp_check_internal (2); /* current logins */ + sh_utmp_check_internal (0); + done = 1; + SL_RETURN( (0), _("sh_utmp_init")); +} + +/************* + * + * module cleanup + * + *************/ +#ifdef HAVE_UTTYPE +static int sh_utmp_login_clean(); +#endif + +int sh_utmp_end () +{ + struct log_user * user = userlist; + struct log_user * userold; + + SL_ENTER(_("sh_utmp_end")); + while (user) + { + userold = user; + user = user->next; + SH_FREE(userold); + } + userlist = NULL; +#ifdef HAVE_UTTYPE + (void) sh_utmp_login_clean(); +#endif + SL_RETURN( (0), _("sh_utmp_end")); +} + + +/************* + * + * module timer + * + *************/ +int sh_utmp_timer (time_t tcurrent) +{ + if ((time_t) (tcurrent - lastcheck) >= ShUtmpInterval) + { + lastcheck = tcurrent; + return (-1); + } + return 0; +} + +/************* + * + * module check + * + *************/ +int sh_utmp_check () +{ + SL_ENTER(_("sh_utmp_check")); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_UT_CHECK); + sh_utmp_check_internal (1); + + SL_RETURN(0, _("sh_utmp_check")); +} + +/************* + * + * module setup + * + *************/ + +int sh_utmp_set_login_solo (char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_utmp_set_login_solo")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + retval = sh_error_set_level (tmp, &ShUtmpLoginSolo); + SL_RETURN(retval, _("sh_utmp_set_login_solo")); +} + +int sh_utmp_set_login_multi (char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_utmp_set_login_multi")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + retval = sh_error_set_level (tmp, &ShUtmpLoginMulti); + SL_RETURN(retval, _("sh_utmp_set_login_multi")); +} + +int sh_utmp_set_logout_good (char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_utmp_set_logout_good")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + retval = sh_error_set_level (tmp, &ShUtmpLogout); + SL_RETURN(retval, _("sh_utmp_set_logout_good")); +} + +int sh_utmp_set_login_timer (char * c) +{ + int retval = 0; + long val; + + SL_ENTER(_("sh_utmp_set_login_timer")); + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("utmp timer"), c); + retval = -1; + } + + val = (val <= 0 ? 60 : val); + + ShUtmpInterval = (time_t) val; + SL_RETURN(0, _("sh_utmp_set_login_timer")); +} + +int sh_utmp_set_login_activate (char * c) +{ + int i; + SL_ENTER(_("sh_utmp_set_login_activate")); + i = sh_util_flagval(c, &ShUtmpActive); + SL_RETURN(i, _("sh_utmp_set_login_activate")); +} + +#ifdef HAVE_UTTYPE +struct login_ct { + char name[UT_NAMESIZE+1]; + int nlogin; + struct login_ct * next; +}; + +static struct login_ct * login_ct_list = NULL; + +static int sh_utmp_login_clean() +{ + struct login_ct * list = login_ct_list; + struct login_ct * old; + + login_ct_list = NULL; + + while (list) + { + old = list; + list = list->next; + SH_FREE(old); + } + return 0; +} + +/* add a username to the list of logged-in users + */ +static int sh_utmp_login_a(char * str) +{ + struct login_ct * list = login_ct_list; + + while (list) + { + if (0 == sl_strcmp(list->name, str)) + { + ++(list->nlogin); + return list->nlogin; + } + list = list->next; + } + list = SH_ALLOC(sizeof(struct login_ct)); + (void) sl_strlcpy(list->name, str, UT_NAMESIZE+1); + list->nlogin = 1; + list->next = login_ct_list; + login_ct_list = list; + return 1; +} + +static int sh_utmp_login_r(char * str) +{ + struct login_ct * list = login_ct_list; + struct login_ct * old = login_ct_list; + + while (list) + { + if (0 == sl_strcmp(list->name, str)) + { + list->nlogin -= 1; + if (list->nlogin > 0) + { + return list->nlogin; + } + if (login_ct_list == list) /* modified Apr 4, 2004 */ + { + login_ct_list = list->next; + SH_FREE(list); + } + else + { + old->next = list->next; + SH_FREE(list); + } + return 0; + } + old = list; + list = list->next; + } + return 0; +} + +#endif + + +/* for each login: + * - allocate a log record + * - link device.ut_record -> log_record + * - link user.ut_record -> log_record + */ +#ifdef HAVE_UTTYPE +static int sh_utmp_is_virtual (char * in_utline, char * in_uthost) +{ + if (in_utline != NULL) + { + if (0 == sl_strncmp(in_utline, _("ttyp"), 4)) + { return 0; } + else if (0 == sl_strncmp(in_utline, _("ttyq"), 4)) + { return 0; } + } + if (in_uthost != NULL && + in_uthost[0] == ':' && + in_uthost[1] == '0' && + in_uthost[2] == '\0') + { + /* return 0; */ + return 1; /* actually does not seem portable, not even among linuxes */ + } + return 1; +} +#endif + +static void sh_utmp_addlogin (struct SH_UTMP_S * ut) +{ + struct log_user * user = userlist; + struct log_user * userold = userlist; +#ifdef HAVE_UTTYPE + struct log_user * username = userlist; +#endif + + char ttt[TIM_MAX]; +#ifdef HAVE_UTTYPE + int status; +#endif + + SL_ENTER(_("sh_utmp_addlogin")); + + if (ut->ut_line[0] == '\0') + SL_RET0(_("sh_utmp_addlogin")); + + /* for some stupid reason, AIX repeats the wtmp entry for logouts + * with ssh + */ + if (memcmp (&save_utmp, ut, sizeof(struct SH_UTMP_S)) == 0) + { + memset(&save_utmp, (int) '\0', sizeof(struct SH_UTMP_S)); + SL_RET0(_("sh_utmp_addlogin")); + } + memcpy (&save_utmp, ut, sizeof(struct SH_UTMP_S)); + + + /* ------- find user -------- + */ + while (user != NULL) + { + if (0 == sl_strncmp(user->ut_tty, ut->ut_line, UT_LINESIZE) ) + break; + userold = user; + user = user->next; + } + +#ifdef HAVE_UTTYPE + while (username != NULL) + { + if (0 == sl_strncmp(username->name, ut->ut_name, UT_NAMESIZE) ) + break; + username = username->next; + } +#endif + +#ifdef HAVE_UTTYPE + /* ---------- LOGIN -------------- */ + if (ut->ut_type == USER_PROCESS) + { + if (user == NULL) + { + user = SH_ALLOC(sizeof(struct log_user)); + user->next = userlist; + userlist = user; + } + (void) sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); + (void) sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); +#ifdef HAVE_UTHOST + (void) sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); +#else + user->ut_host[0] = '\0'; +#endif +#ifdef HAVE_UTADDR + /*@-type@*//* ut_addr does exist !!! */ + (void) sl_strlcpy(user->ut_ship, + my_inet_ntoa(*(struct in_addr*)&(ut->ut_addr)), 16); + /*@+type@*/ +#endif + user->time = ut->ut_time; + + if (username == NULL /* not yet logged in */ + || 0 == sl_strncmp(ut->ut_line, _("ttyp"), 4) /* in virt. console */ + || 0 == sl_strncmp(ut->ut_line, _("ttyq"), 4) /* in virt. console */ + ) { + status = sh_utmp_login_a(user->name); + (void) sl_strlcpy(ttt, sh_unix_time (user->time), TIM_MAX); + sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG1X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG1A, +#else + MSG_UT_LG1B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + status + ); + } else + if (0 != sh_utmp_is_virtual(ut->ut_line, user->ut_host)) + { + status = sh_utmp_login_a(user->name); + (void) sl_strlcpy(ttt, sh_unix_time (user->time), TIM_MAX); + sh_error_handle( ShUtmpLoginMulti, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG2X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG2A, +#else + MSG_UT_LG2B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + status + ); + } + + sh_utmp_login_morechecks(ut); + SL_RET0(_("sh_utmp_addlogin")); + } + + + /* --------- LOGOUT ---------------- */ + else if (ut->ut_name[0] == '\0' + || ut->ut_type == DEAD_PROCESS /* solaris does not clear ut_name */ + ) + { + if (user != NULL) + { + status = sh_utmp_login_r(user->name); + /* sl_strlcpy(ttt, sh_unix_time (user->time), TIM_MAX); */ + (void) sl_strlcpy(ttt, sh_unix_time (ut->ut_time), TIM_MAX); + sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG3X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG3A, +#else + MSG_UT_LG3B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + status + ); + userold->next = user->next; + if (user == userlist) + userlist = user->next; + sh_utmp_logout_morechecks(user); + SH_FREE(user); + user = NULL; + } + else + { + (void) sl_strlcpy(terminated_line, ut->ut_line, UT_HOSTSIZE); + (void) sl_strlcpy(ttt, sh_unix_time (ut->ut_time), TIM_MAX); + sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, + MSG_UT_LG3C, + terminated_line, + ttt, 0 + ); + } + SL_RET0(_("sh_utmp_addlogin")); + } + + /* default */ + SL_RET0(_("sh_utmp_addlogin")); + + /* #ifdef HAVE_UTTYPE */ +#else + + if (user == NULL) /* probably a login */ + { + user = SH_ALLOC(sizeof(struct log_user)); + sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); + sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); +#ifdef HAVE_UTHOST + sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); +#endif +#ifdef HAVE_UTADDR + sl_strlcpy(user->ut_ship,my_inet_ntoa((struct in_addr)ut->ut_addr),16); +#endif + user->time = ut->ut_time; + user->next = userlist; + userlist = user; + + sl_strlcpy(ttt, sh_unix_time (user->time), TIM_MAX); + + + sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG1X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG1A, +#else + MSG_UT_LG1B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + 1 + ); + sh_utmp_login_morechecks(ut); + } + else /* probably a logout */ + { + sl_strlcpy(ttt, sh_unix_time (ut->ut_time), TIM_MAX); + /* sl_strlcpy(ttt, sh_unix_time (user->time), TIM_MAX); */ + + sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG2X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG2A, +#else + MSG_UT_LG2B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + 1 + ); + sh_utmp_logout_morechecks(user); + userold->next = user->next; + if (user == userlist) /* inserted Apr 4, 2004 */ + userlist = user->next; + SH_FREE(user); + user = NULL; + } + + SL_RET0(_("sh_utmp_addlogin")); +#endif +} + +static time_t lastmod = 0; +static off_t lastsize = 0; +static unsigned long lastread = 0; + +static char * mode_path[] = { _PATH_WTMP, _PATH_WTMP, _PATH_UTMP }; + +static void sh_utmp_check_internal (int mode) +{ + struct stat buf; + int error; + struct SH_UTMP_S * ut; + unsigned long this_read = 0; + + SL_ENTER(_("sh_utmp_check_internal")); + + /* error if no access + */ + if (0 != retry_lstat(FIL__, __LINE__, mode_path[mode], &buf)) + { + error = errno; + sh_error_handle((-1), FIL__, __LINE__, error, MSG_E_ACCESS, + (long) sh.real.uid, mode_path[mode]); + SL_RET0(_("sh_utmp_check_internal")); + } + + /* modification time + */ + if (mode < 2) + { + if (/*@-usedef@*/buf.st_mtime <= lastmod/*@+usedef@*/) + { + SL_RET0(_("sh_utmp_check_internal")); + } + else + lastmod = buf.st_mtime; + } + + /* file size + */ + if (/*@-usedef@*/buf.st_size < lastsize/*@+usedef@*/ && mode < 2) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_UT_ROT, + mode_path[mode]); + lastread = 0; +#ifndef USE_SETUTENT + sh_utmp_feed_forward = 0L; +#endif + } + + if (mode < 2) + lastsize = buf.st_size; + + if (buf.st_size == 0) + SL_RET0(_("sh_utmp_check_internal")); + + sh_utmp_utmpname(mode_path[mode]); + sh_utmp_setutent(); + + /* + * feed forward if initializing + * we need to do this here + */ + if (mode < 2) + { + while (this_read < lastread) { + ut = sh_utmp_getutent(); + ++this_read; + } + } + + /* start reading + */ + this_read = 0; + while (1 == 1) { + ut = sh_utmp_getutent(); + if (ut == NULL) + break; + /* modified: ut_user --> ut_name */ + if (mode == 1 || (mode == 2 && ut->ut_name[0] != '\0' +#ifdef HAVE_UTTYPE + && ut->ut_type != DEAD_PROCESS +#endif + )) + sh_utmp_addlogin (ut); + ++this_read; + } + + sh_utmp_endutent(); + + if (mode < 2) + { + lastread += this_read; +#ifndef USE_SETUTENT + sh_utmp_feed_forward += (long) (this_read * sizeof(struct SH_UTMP_S)); + lastread = 0; +#endif + } + + SL_RET0(_("sh_utmp_check_internal")); +} + + +static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut) +{ + if (ut) + return; + return; +} + +static void sh_utmp_logout_morechecks(struct log_user * user) +{ + if (user) + return; + return; +} + +#endif + + +/* #ifdef SH_USE_UTMP */ +#endif + + + Index: branches/samhain-2_2-branch/src/slib.c =================================================================== --- branches/samhain-2_2-branch/src/slib.c (revision 66) +++ branches/samhain-2_2-branch/src/slib.c (revision 66) @@ -0,0 +1,2582 @@ +#include "config_xor.h" + + +#include +#include +#include +#include +#include +#ifdef HAVE_STDINT_H +/* for SIZE_MAX */ +#include +#endif + +#include +#include +#include +#include +#include + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_MEMORY_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifndef FD_SET +#define NFDBITS 32 +#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) +#endif /* !FD_SET */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 32 +#endif +#ifndef FD_ZERO +#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#endif + +#include "slib.h" +#include "sh_calls.h" +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" + +#undef FIL__ +#define FIL__ _("slib.c") + +const uid_t sh_uid_neg = ((uid_t) -1); +const gid_t sh_gid_neg = ((gid_t) -1); + +#undef BREAKEXIT +#if defined(SCREW_IT_UP) && defined(__linux__) && defined(__i386__) + +#ifdef SH_DEBUG +#define BREAKEXIT(expr) \ + do { \ + int ixi; \ + for (ixi = 0; ixi < 8; ++ixi) { \ + if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ + { dlog(0, FIL__, __LINE__, _("BREAKEXIT")); _exit(EXIT_FAILURE); } \ + } \ + } \ + while (1 == 0) +#else +#define BREAKEXIT(expr) \ + do { \ + int ixi; \ + for (ixi = 0; ixi < 8; ++ixi) { \ + if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ + _exit(EXIT_FAILURE); \ + } \ + } \ + while (1 == 0) +#endif + +#else +#define BREAKEXIT(expr) +#endif + +/**************************************************************** + * + * The debug/trace subsystem + * + ****************************************************************/ + +int slib_do_trace = 0; +int slib_trace_fd = -1; + +static char trace_log[256] = { '\0' }; +static int trace_level = 0; +static FILE * trace_fp = NULL; + +int sl_trace_use (const char * dummy) +{ + if (dummy) + slib_do_trace = 1; + else + slib_do_trace = 1; + return 0; +} + +int sl_trace_file (const char * str) +{ + if (!str) + return -1; + if (str[0] != '/') + return -1; + sl_strlcpy(trace_log, str, 256); + return 0; +} + +FILE * sl_tracefile_open(char * file, char * mode) +{ + FILE * xp = NULL; + slib_trace_fd = open(file, O_WRONLY|O_CREAT|O_APPEND, 0600); + if (slib_trace_fd >= 0) + xp = fdopen(slib_trace_fd, mode); + return xp; +} + +void sl_trace_in(char * str, char * file, int line) +{ + int i; + if (trace_log[0] == '\0') + { + fprintf(stderr, "++ "); + for (i = 0; i < trace_level; ++i) + fprintf(stderr, ". "); + fprintf(stderr, "[%2d] %s \t - File %c%s%c at line %d\n", + trace_level, str, 0x22, file, 0x22, line); + } + else if (!sl_is_suid()) + { + if (!trace_fp) + trace_fp = sl_tracefile_open(trace_log, "a"); + if (trace_fp) + { + fprintf(trace_fp, "++ "); + for (i = 0; i < trace_level; ++i) + fprintf(trace_fp, ". "); + fprintf(trace_fp, "[%2d] %s \t - File %c%s%c at line %d\n", + trace_level, str, 0x22, file, 0x22, line); + } + else + { + perror(_("sl_trace_in: fopen")); + _exit(1); + } + } + ++trace_level; +} + +void sl_trace_out(char * str, char * file, int line) +{ + int i; + + --trace_level; if (trace_level < 0) trace_level = 0; + + if (trace_log[0] == '\0') + { + fprintf(stderr, "-- "); + for (i = 0; i < trace_level; ++i) + fprintf(stderr, ". "); + fprintf(stderr, _("[%2d] %s \t - File %c%s%c at line %d\n"), + trace_level, str, 0x22, file, 0x22, line); + } + else if (!sl_is_suid()) + { + if (!trace_fp) + trace_fp = sl_tracefile_open(trace_log, "a"); + if (trace_fp) + { + fprintf(trace_fp, "-- "); + for (i = 0; i < trace_level; ++i) + fprintf(trace_fp, ". "); + fprintf(trace_fp, _("[%2d] %s \t - File %c%s%c at line %d\n"), + trace_level, str, 0x22, file, 0x22, line); + } + else + { + perror(_("sl_trace_out: fopen")); + _exit(1); + } + } +} + +extern int sh_log_console (char * msg); + +static int dlogActive = 0; + +/* this is called from sh_error_setprint() + */ +void dlog_set_active(int flag) +{ + dlogActive = flag; +} + +/* flag = 0 debug messages + * = 1 descriptive error messages + * = 3 backtrace + */ +int dlog (int flag, char * file, int line, const char *fmt, ...) +{ + va_list ap; + char val[81]; + char msg[512]; + char tmp[512]; + int retval = 0; + int i; + +#ifdef SH_STEALTH + /* + * do not even print descriptive failure messages in stealth mode + */ + if (dlogActive == 0) + return 0; + if (dlogActive == 1 && flag == 0) /* debug requires debug level */ + return 0; +#else + if (dlogActive <= 1 && flag == 0) /* debug requires debug level */ + return 0; +#endif + + if (flag == 1) + { + sl_snprintf (val, 81, _("\n--------- %10s "), file); + sl_strlcpy (msg, val, 80); + sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); + sl_strlcat (msg, val, 80); + sh_log_console (msg); + } + + va_start (ap, fmt); + if (flag == 1) + sl_strlcpy(tmp, fmt, 512); + else + sl_strlcpy(tmp, fmt, 256); + retval = sl_strlen(tmp); + if (retval > 0 && tmp[retval-1] == '\n') + tmp[retval-1] = '\0'; + retval = 0; + if (flag == 1) + { + sl_vsnprintf (msg, 511, tmp, ap); + } + else + { + sl_strlcpy (msg, "## ", 256); + for (i = 0; i < trace_level; ++i) + sl_strlcat (msg, ". ", 256); + sprintf (val, _("[%2d] "), trace_level); + sl_strlcat (msg, val, 256); + sl_vsnprintf (&msg[sl_strlen(msg)], 255, tmp, ap); + sl_snprintf (tmp, 255, _(" \t - File %c%s%c at line %d"), + 0x22, file, 0x22, line); + sl_strlcat (msg, tmp, 512); + } + va_end (ap); + if (flag != 0 || sl_is_suid()) + retval = sh_log_console (msg); + else + { + if (trace_log[0] == '\0') + { + /* sh_log_console (msg); */ + fprintf(stderr, "%s\n", msg); + } + else + { + if (!trace_fp) + trace_fp = sl_tracefile_open(trace_log, "a"); + if (trace_fp) + { + fprintf(trace_fp, "%s\n", msg); + } + else + { + perror(_("dlog: fopen")); + _exit(1); + } + } + } + if (flag == 1) + sh_log_console (_("\n----------------------------------------------\n")); + return retval; +} + +extern char aud_err_message[64]; +static char alt_err_message[64]; +char * sl_get_errmsg() +{ + if (aud_err_message[0] == '\0') + { + sl_strlcpy(alt_err_message, sl_error_string(sl_errno), 64); + return &alt_err_message[0]; + } + return &aud_err_message[0]; +} + + +#if defined(SL_DEBUG) +#define SL_MAX_MYSTACK 128 + +static char sl_mystack[SL_MAX_MYSTACK][32]; +static int sl_mystack_count = 0; + +void sl_stack_push(char * c, char * file, int line ) +{ + if (slib_do_trace) + sl_trace_in(c, file, line); + if (c && sl_mystack_count < SL_MAX_MYSTACK) + { + strncpy(sl_mystack[sl_mystack_count], c, 31); + sl_mystack[sl_mystack_count][31] = '\0'; + ++sl_mystack_count; + /* + fprintf(stderr, "#%03d %s\n", sl_mystack_count, + sl_mystack[sl_mystack_count-1]); + */ + } + return; +} + +void sl_stack_pop(char * c, char * file, int line) +{ + if (slib_do_trace) + sl_trace_out(c, file, line); + if (sl_mystack_count > 0) + { + /* + fprintf(stderr, " <- #%03d %s\n", sl_mystack_count, + sl_mystack[sl_mystack_count-1]); + */ + --sl_mystack_count; + } + return; +} + +void sl_stack_print() +{ + int i; + /* FILE * dfile; */ + + if (sl_mystack_count > 0) + { + sh_log_console(_("\nBacktrace:\n")); + /* dlog(3, FIL__, __LINE__, _("\nBacktrace:\n")); */ + for (i = 0; i < sl_mystack_count; ++i) + sh_log_console(sl_mystack[i]); + /* dlog(3, FIL__, __LINE__, _("#%03d %s\n"), i, sl_mystack[i]); */ + } + return; +} + +#endif + + +/* + * The global errno. + * On error, this is set to the return value of the function. + */ +long int sl_errno; + + +/* ---------------------------------------------------------------- + * + * Capability routines + * + * ---------------------------------------------------------------- */ + +int sl_useCaps = 0; + +#ifdef FANCY_LIBCAP +#include + +/* + * While these routines are tested and work, we don't use POSIX + * capabilities, as they don't seem to be useful (root can write + * to root-owned files anyway). Things would be more interesting + * if we could switch to a non-root UID with just a few capabilities + * enabled. + */ +int sl_drop_cap () +{ + int error; + cap_t caps; + cap_flag_t capflag; + cap_flag_value_t capfval = CAP_CLEAR; + cap_value_t capvals_e[] = + { + CAP_CHOWN, CAP_FOWNER, CAP_FSETID, + CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN, + CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, + CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, + CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, + CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, + CAP_SETGID, CAP_SETUID, CAP_KILL, + CAP_DAC_OVERRIDE, +#if !defined(WITH_MESSAGE_QUEUE) + CAP_IPC_OWNER, +#endif + CAP_SYS_MODULE, CAP_LEASE + }; + cap_value_t capvals_p[] = + { + CAP_CHOWN, CAP_LEASE, CAP_FSETID, + CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN, + CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, + CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, + CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, + CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, +#if !defined(WITH_EXTERNAL) && !defined(HAVE_UNIX_RANDOM) + CAP_SETGID, CAP_SETUID, CAP_KILL, +#endif +#if !defined(SH_USE_SUIDCHK) + CAP_DAC_OVERRIDE, CAP_FOWNER, +#endif +#if !defined(WITH_MESSAGE_QUEUE) + CAP_IPC_OWNER, +#endif + CAP_SYS_MODULE + }; + + if (0 == sl_useCaps) /* 0 = S_FALSE */ + { + return 0; + } + + if(NULL == (caps = cap_get_proc())) + { + return errno; + } + + capflag = CAP_EFFECTIVE; + if (0 != cap_set_flag(caps, capflag, sizeof(capvals_e)/sizeof(cap_value_t), + capvals_e, capfval)) + { + error = errno; + cap_free(caps); + return error; + } + if (0 != cap_set_proc(caps)) + { + error = errno; + cap_free(caps); + return error; + } + + capflag = CAP_PERMITTED; + if (0 != cap_set_flag(caps, capflag, sizeof(capvals_p)/sizeof(cap_value_t), + capvals_p, capfval)) + { + error = errno; + cap_free(caps); + return error; + } + if (0 != cap_set_proc(caps)) + { + error = errno; + cap_free(caps); + return error; + } + cap_free(caps); + return 0; +} + +int sl_drop_cap_int(int what) +{ +#if defined(SL_DEBUG) + char * captext; +#endif + cap_flag_t capflag = CAP_EFFECTIVE; + cap_flag_value_t capfval = CAP_CLEAR; + cap_value_t capvals_a[] = { CAP_SETGID, CAP_SETUID, CAP_KILL }; + cap_value_t capvals_b[] = { CAP_DAC_OVERRIDE, CAP_FOWNER }; + cap_value_t * capvals; + int nvals; + int error = 0; + cap_t caps = cap_get_proc(); + + if (0 == sl_useCaps) /* 0 = S_FALSE */ + { + return 0; + } + + if (caps == NULL) + { + return errno; + } + + switch (what) { + case 1: + capvals = capvals_a; + nvals = 3; + capfval = CAP_CLEAR; + break; + case 2: + capvals = capvals_a; + nvals = 3; + capfval = CAP_SET; + break; + case 3: + capvals = capvals_b; + nvals = 2; + capfval = CAP_CLEAR; + break; + case 4: + capvals = capvals_b; + nvals = 2; + capfval = CAP_SET; + break; + default: + return (0); + } + + if (0 != cap_set_flag(caps, capflag, nvals, capvals, capfval)) + { + error = errno; + cap_free(caps); + return error; + } + if (0 != cap_set_proc(caps)) + { + error = errno; + cap_free(caps); + return error; + } +#if defined(SL_DEBUG) + captext = cap_to_text(caps, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), what, captext)); + cap_free(captext); +#endif + cap_free(caps); + return 0; +} + +int sl_drop_cap_sub() { return sl_drop_cap_int(1); } +int sl_get_cap_sub() { return sl_drop_cap_int(2); } +int sl_drop_cap_qdel() { return sl_drop_cap_int(3); } +int sl_get_cap_qdel() { return sl_drop_cap_int(4); } + +#else +int sl_drop_cap () { return 0; } +int sl_drop_cap_sub() { return 0; } +int sl_get_cap_sub() { return 0; } +int sl_drop_cap_qdel() { return 0; } +int sl_get_cap_qdel() { return 0; } +#endif + +/* ---------------------------------------------------------------- + * + * String handling routines + * + * ---------------------------------------------------------------- */ + +/* + * A memset that does not get optimized away + */ +void *sl_memset(void *s, int c, size_t n) +{ + volatile char *p = (char *) s; + + if (s != NULL) + { + while (n--) + *p++ = c; + } + return s; +} + +#if !defined(HOST_IS_I86SOLARIS) +#if !defined (_GNU_SOURCE) && !defined(__linux__) +/* flawfinder: ignore */ +extern int vsnprintf ( char *str, size_t n, + const char *format, va_list ap ); +#endif +#endif + +#if !defined (VA_COPY) +#if defined (__GNUC__) && defined (__PPC__) && (defined (_CALL_SYSV) || defined (_WIN32)) +#define VA_COPY(ap1, ap2) (*(ap1) = *(ap2)) +#elif defined (VA_COPY_AS_ARRAY) +#define VA_COPY(ap1, ap2) memmove ((ap1), (ap2), sizeof (va_list)) +#else /* va_list is a pointer */ +#define VA_COPY(ap1, ap2) ((ap1) = (ap2)) +#endif +#endif + +#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) +static +size_t sl_printf_count (const char * fmt, va_list vl) +{ + size_t length = 1; + int fini = 0; + int islong = 0; + int islonglong = 0; + int islongdouble = 0; + char * string_arg; + + SL_ENTER(_("sl_printf_count")); + + if (fmt == NULL) + SL_IRETURN(SL_ENULL, _("sl_printf_count")); + + while (*fmt) { + + if ( (*fmt) == '%' ) { /* a format specifier */ + + fmt++; /* point to first char after '%' */ + + fini = 0; + islong = 0; + islongdouble = 0; + + while (*fmt && (fini == 0) ) { + + switch (*fmt) { + + case '*': /* field width supplied by an integer */ + length = length + va_arg (vl, int); + ++fmt; + break; + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + length = length + strtol (fmt, (char**) &fmt, 10); + /* strtol makes FastForward to first invalid char */ + break; + + case 'l': /* 'long' modifier */ + if (islong == 0) + islong = 1; + else + { + islonglong = 1; + islong = 0; + } + ++fmt; + break; + + case 'L': /* 'long double' modifier */ +#ifdef HAVE_LONG_DOUBLE + islongdouble = 1; +#else + islong = 1; +#endif + ++fmt; + break; + + case 'd': + case 'i': + case 'o': + case 'u': + case 'x': + case 'X': + if (islonglong == 1) +#ifdef HAVE_LONG_LONG + (void) va_arg (vl, long long); +#else + (void) va_arg (vl, long); +#endif + else if (islong == 1) + (void) va_arg (vl, long); + else + (void) va_arg (vl, int); + islong = 0; + islonglong = 0; + length = length + 24; + ++fmt; + fini = 1; + break; + + case 'D': + case 'O': + case 'U': + (void) va_arg (vl, long); + length = length + 24; + fmt++; + fini = 1; + break; + + case 'e': + case 'E': + case 'f': + case 'g': +#ifdef HAVE_LONG_DOUBLE + if (islongdouble == 1) { + (void) va_arg (vl, long double); + islongdouble = 0; + length = length + 20; + } + else +#endif + (void) va_arg (vl, double); + length = length + 20; + fini = 1; + ++fmt; + break; + + case 's': + string_arg = va_arg (vl, char *); + if (string_arg != NULL) + length = length + sl_strlen (string_arg); + else + length = length + 16; + fini = 1; + ++fmt; + break; + + case 'c': + (void) va_arg (vl, int); + length = length + 1; + fini = 1; + ++fmt; + break; + + case 'p': + case 'n': + (void) va_arg (vl, void * ); + length = length + 32; + fini = 1; + ++fmt; + break; + + case '%': /* %% will print '%' */ + length = length + 1; + fini = 1; + ++fmt; + break; + + default: + length = length + 1; + ++fmt; + break; + + } /* end switch */ + } + /* end parsing a single format specifier */ + } else { + length = length + 1; + fmt++; + } + } + SL_IRETURN(length, _("sl_printf_count")); +} +#endif /* #ifndef HAVE_VSNPRINTF */ + +/* + * An implementation of vsnprintf. va_start/va_end are in the caller + * function. + * Returns C99 (#bytes that would heve been written) on success. + */ +int sl_vsnprintf(char *str, size_t n, + const char *format, va_list vl ) +{ + int len = 0; +#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) + size_t total; + va_list vl2; +#endif + + SL_ENTER(_("sl_vsnprintf")); + if (str == NULL || format == NULL) + SL_IRETURN(0, _("sl_vsnprintf")); + +#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) + len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */ + str[n-1] = '\0'; +#else + VA_COPY (vl2, vl); /* save the argument list */ + total = sl_printf_count (format, vl); + len = (int) total; + if (total < n) + { + /* flawfinder: ignore */ + vsprintf (str, format, vl2); /* program has checked that it fits */ + str[n-1] = '\0'; + } + else + { + sl_strlcpy (str, format, n); + va_end(vl2); + SL_IRETURN(len, _("sl_vsnprintf")); + } + va_end(vl2); +#endif + SL_IRETURN(len, _("sl_vsnprintf")); +} + +/* + * An implementation of snprintf. + * Returns SL_ENONE on success. + * ENULL: src || format == NULL + * ERANGE: n out of range + * ETRUNC: truncated (unimplemented) + */ +int sl_snprintf(char *str, size_t n, + const char *format, ... ) +{ + va_list vl; +#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) + size_t total = 0; + va_list vl2; +#endif + + SL_ENTER(_("sl_snprintf")); + if (str == NULL || format == NULL) + SL_IRETURN(SL_ENULL, _("sl_snprintf")); + + va_start (vl, format); +#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) + /* flawfinder: ignore */ + vsnprintf (str, n, format, vl); + str[n-1] = '\0'; +#else + VA_COPY (vl2, vl); /* save the argument list */ + total = sl_printf_count (format, vl); + if (total < n) + { + /* flawfinder: ignore */ + vsprintf (str, format, vl2); /* program has checked that it fits */ + str[n-1] = '\0'; + } + else + { + sl_strlcpy (str, format, n); + va_end(vl2); + va_end(vl); + SL_IRETURN(SL_ETRUNC, _("sl_snprintf")); + } + va_end(vl2); +#endif + va_end(vl); + SL_IRETURN(SL_ENONE, _("sl_snprintf")); +} + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns SL_NONE on success, errcode on failure. + * + * ENULL: dst == NULL + * ERANGE: siz out of range + * ETRUNC: src truncated + */ +int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz) +{ + register size_t dst_end; + register size_t dst_free; + + register char * p; + register const char * q; + + if (dst == NULL) + return SL_ENONE; + if (src == NULL || *src == '\0') + return SL_ENONE; + + if (siz > 0) { + + /* How much free space do we have ? + */ + dst_end = strlen(dst); + dst_free = siz - dst_end - 1; + + p = &dst[dst_end]; + q = src; + + while (dst_free > 0 && *q != '\0') + { + *p++ = *q++; + --dst_free; + } + + /* NULL terminate dst. + */ + *p = '\0'; + + if (*q != '\0') + return SL_ETRUNC; + } + + return SL_ENONE; +} + +/* + * An alternative implementation of the OpenBSD strlcpy() function. + * + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns SL_NONE on success, errcode on failure. + * + * ENULL: dst == NULL + * ERANGE: siz out of range + * ETRUNC: src truncated + */ +int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz) +{ + /* SL_ENTER(_("sl_strlcpy")); */ + + if (dst == NULL) + return SL_ENULL; + if (src == NULL) + { + if (siz > 0) + dst[0] = '\0'; + return SL_ENONE; + } + + + if (siz > 0) { + /* copy siz-1 characters + */ + (void) strncpy(dst, src, siz-1); + + /* NULL terminate + */ + dst[siz-1] = '\0'; + } + return SL_ENONE; +} + +/* + * A robust drop-in replacement of strncpy. strlcpy is preferable. + */ +char * sl_strncpy(char *dst, const char *src, size_t size) +{ + +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE(dst != NULL, _("dst != NULL")); + SL_REQUIRE(src != NULL, _("src != NULL")); + SL_REQUIRE(size > 0, _("size > 0")); +#endif + + if (dst == NULL) + { + sl_errno = SL_ENULL; + return (NULL); + } + if (size < 1) + { + sl_errno = SL_ERANGE; + return (dst); + } + if (!src) + { + sl_errno = SL_ENULL; + dst[0] = '\0'; + } + else if (src[0] == '\0') + dst[0] = '\0'; + else + strncpy(dst, src, size); + + if (sl_strlen(src) >= size) + { + errno = ENOSPC; + dst[size-1] = '\0'; + } + return (dst); +} + +/* + * A robust drop-in replacement of strncat. strlcat is preferable. + */ +char * sl_strncat(char *dst, const char *src, size_t n) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE(dst != NULL, _("dst != NULL")); + SL_REQUIRE(src != NULL, _("src != NULL")); + SL_REQUIRE(n > 0, _("n > 0")); +#endif + + if (dst == NULL) + { + sl_errno = SL_ENULL; + return (NULL); + } + if (n < 1) + { + sl_errno = SL_ERANGE; + return (dst); + } + if (!src) + { + sl_errno = SL_ENULL; + return (dst); + } + else if (src[0] == '\0') + dst[0] = '\0'; + else + strncat(dst, src, n); + + return (dst); +} + + +int sl_strcmp(const char * a, const char * b) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE (a != NULL, _("a != NULL")); + SL_REQUIRE (b != NULL, _("b != NULL")); +#endif + + if (a != NULL && b != NULL) + return (strcmp(a, b)); + else if (a == NULL && b != NULL) + return (-1); + else if (a != NULL && b == NULL) + return (1); + else + return (-7); /* arbitrary */ +} + +int sl_strncmp(const char * a, const char * b, size_t n) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE (a != NULL, _("a != NULL")); + SL_REQUIRE (b != NULL, _("b != NULL")); + SL_REQUIRE (n > 0, _("n > 0")); +#endif + + if (a != NULL && b != NULL) + return (strncmp(a, b, n)); + else if (a == NULL && b != NULL) + return (-1); + else if (a != NULL && b == NULL) + return (1); + else + return (-7); /* arbitrary */ +} + +/* string searching + */ + +char * sl_strstr (const char * haystack, const char * needle) +{ +#ifndef HAVE_STRSTR + int i; + size_t needle_len; + size_t haystack_len; +#endif + + if (haystack == NULL || needle == NULL) + return NULL; + if (*needle == '\0' || *haystack == '\0') + return NULL; + +#if defined(HAVE_STRSTR) + return (strstr(haystack, needle)); +#else + needle_len = strlen(needle); + haystack_len = strlen(haystack); + + for (i = 0; i <= (haystack_len-needle_len); ++i) + if (0 == sl_strncmp(&haystack[i], needle, needle_len)) + return (needle); + return NULL; +#endif +} + + +/* ---------------------------------------------------------------- + * + * Privilege handling routines + * + * ---------------------------------------------------------------- */ + + + +static uid_t euid; +static uid_t ruid; +static uid_t ruid_orig; +static gid_t egid; +static gid_t rgid; +static gid_t rgid_orig; + +static int uids_are_stored = SL_FALSE; +static int suid_is_set = SL_TRUE; + +#ifdef HAVE_SETRESUID +extern int setresuid (uid_t truid, uid_t teuid, uid_t tsuid); +extern int setresgid (gid_t trgid, gid_t tegid, gid_t tsgid); +#endif + + +/* + * This function returns true if the program is SUID. + * It calls abort() if the uid's are not saved already. + */ +int sl_is_suid() +{ + if (uids_are_stored == SL_FALSE) + { + if (getuid() == geteuid() && getgid() == getegid()) + return (0); /* FALSE */ + else + return (1); /* TRUE */ + } + else + { + if (euid == ruid && egid == rgid) + return (0); /* FALSE */ + else + return (1); /* TRUE */ + } +} + +/* + * This function returns the saved euid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_euid(uid_t * ret) +{ + SL_ENTER(_("sl_get_euid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = euid; + else + *ret = geteuid(); + SL_IRETURN (SL_ENONE, _("sl_get_euid")); +} + +uid_t sl_ret_euid() +{ + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + return (euid); + else + return (geteuid()); +} + +/* + * This function returns the saved egid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_egid(gid_t * ret) +{ + SL_ENTER(_("sl_get_egid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = egid; + else + *ret = getegid(); + SL_IRETURN (SL_ENONE, _("sl_get_egid")); +} + +/* + * This function returns the saved ruid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_ruid(uid_t * ret) +{ + SL_ENTER(_("sl_get_ruid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = ruid; + else + *ret = getuid(); + SL_IRETURN (SL_ENONE, _("sl_get_ruid")); +} + +/* + * This function returns the saved rgid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_rgid(gid_t * ret) +{ + SL_ENTER(_("sl_get_rgid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = rgid; + else + *ret = getgid(); + SL_IRETURN (SL_ENONE, _("sl_get_rgid")); +} + +/* + * This function returns the saved original ruid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_ruid_orig(uid_t * ret) +{ + SL_ENTER(_("sl_get_ruid_orig")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = ruid_orig; + else + *ret = getuid(); + SL_IRETURN (SL_ENONE, _("sl_get_ruid_orig")); +} + +/* + * This function returns the saved original rgid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_rgid_orig(gid_t * ret) +{ + SL_ENTER(_("sl_get_rgid_orig")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = rgid_orig; + else + *ret = getgid(); + SL_IRETURN (SL_ENONE, _("sl_get_rgid_orig")); +} + +static int suid_warn_flag = 1; +static void suid_warn(int a) +{ + fprintf(stderr, _("ERROR: open set/unset suid !!! %d\n"), a); + return; +} + +/* + * This function sets the effective uid + * to the saved effective uid. + * It will abort on failure. + */ +int sl_set_suid () +{ + int retval; + + SL_ENTER(_("sl_set_suid")); + + if (uids_are_stored == SL_FALSE) + { + SL_IRETURN(SL_ENONE, _("sl_set_suid")); + } + + SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); + + if (ruid == euid && rgid == egid) + { + suid_is_set = SL_TRUE; + SL_IRETURN(SL_ENONE, _("sl_set_suid")); + } + SL_REQUIRE(suid_is_set == SL_FALSE, _("suid_is_set == SL_FALSE")); + +#if defined(HAVE_SETRESUID) + retval = setresuid (sh_uid_neg, euid, sh_uid_neg); + if (retval == 0) + retval = setresgid (sh_gid_neg, egid, sh_gid_neg); + +#elif defined(HAVE_SETEUID) + retval = seteuid (egid); + if (retval == 0) + retval = setegid (euid); + + /* on AIX, setreuid does not behave well for non-root users. + */ +#elif defined(HAVE_SETREUID) + retval = setreuid (ruid, euid); + if (retval == 0) + retval = setregid (rgid, egid); + +#else + retval = setuid (euid); + if (retval == 0) + retval = setgid (egid); +#endif + if (suid_warn_flag == 1) + suid_warn(1); + suid_warn_flag = 1; + + SL_REQUIRE(retval == 0, _("retval == 0")); + suid_is_set = SL_TRUE; + SL_IRETURN(SL_ENONE, _("sl_set_suid")); +} + +/* + * This function sets the effective uid to the real uid. + * It will abort on failure. + */ +int sl_unset_suid () +{ + register int retval; + + SL_ENTER(_("sl_unset_suid")); + + if (uids_are_stored == SL_FALSE) + { + SL_IRETURN(SL_ENONE, _("sl_unset_suid")); + } + + SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); + + if (ruid == euid && rgid == egid) + { + suid_is_set = SL_FALSE; + SL_IRETURN(SL_ENONE, _("sl_unset_suid")); + } + SL_REQUIRE(suid_is_set == SL_TRUE, _("suid_is_set == SL_TRUE")); + +#if defined(HAVE_SETRESUID) + retval = setresgid (sh_gid_neg, rgid, sh_gid_neg); + if (retval == 0) + retval = setresuid (sh_uid_neg, ruid, sh_uid_neg); + +#elif defined(HAVE_SETEUID) + retval = setegid (rgid); + if (retval == 0) + retval = seteuid (ruid); + +#elif defined(HAVE_SETREUID) + retval = setregid (egid, rgid); + if (retval == 0) + retval = setreuid (euid, ruid); + +#else + retval = setgid (rgid); + if (retval == 0) + retval = setuid (ruid); +#endif + + if (suid_warn_flag == 0) + suid_warn(0); + suid_warn_flag = 0; + + SL_REQUIRE(retval == 0, _("retval == 0")); + suid_is_set = SL_FALSE; + SL_IRETURN(SL_ENONE, _("sl_unset_suid")); +} + + +/* + * This function saves the uid's. + */ +int sl_save_uids() +{ + SL_ENTER(_("sl_save_uids")); + if (uids_are_stored == SL_TRUE) + SL_IRETURN(SL_EREPEAT, _("sl_save_uids")); + + ruid_orig = getuid(); + rgid_orig = getgid(); + egid = getegid(); + euid = geteuid(); + ruid = ruid_orig; + rgid = rgid_orig; + uids_are_stored = SL_TRUE; + + SL_IRETURN(SL_ENONE, _("sl_save_uids")); +} + +/* + * This function drops SUID privileges irrevocably. + * It set the effective uid to the original real uid. + */ +extern int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid); +int sl_drop_privileges() +{ + SL_ENTER(_("sl_drop_privileges")); + SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); + + SL_REQUIRE(setgid(rgid_orig) == 0, _("setgid(rgid_orig) == 0")); + SL_REQUIRE(sh_unix_initgroups2(ruid_orig, rgid_orig) == 0, _("sh_unix_initgroups2(ruid_orig,rgid_orig) == 0")); + SL_REQUIRE(setuid(ruid_orig) == 0, _("setuid(ruid_orig) == 0")); + + /* make sure that setuid(0) fails + */ + SL_REQUIRE(setuid(0) < 0, _("setuid(0) < 0")); + + euid = ruid_orig; + egid = rgid_orig; + ruid = ruid_orig; + rgid = rgid_orig; + + SL_IRETURN(SL_ENONE, _("sl_drop_privileges")); +} + +/* + * Define a policy: Stay root. + * Do nothing if not SUID. + */ +int sl_policy_get_root() +{ + SL_ENTER(_("sl_policy_get_root")); + SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); + + SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); + + if (euid != ruid || egid != rgid) + { + SL_REQUIRE(setgid(egid) == 0, _("setgid(egid) == 0")); + SL_REQUIRE(setuid(euid) == 0, _("setuid(euid) == 0")); + SL_REQUIRE(ruid == getuid() && rgid == getgid(), + _("ruid == getuid() && rgid == getgid()")); + ruid = euid; + rgid = egid; + } + suid_is_set = SL_TRUE; + if (euid == 0) + { + SL_REQUIRE(sh_unix_initgroups2(euid, egid) == 0, _("sh_unix_initgroups2(euid,egid) == 0")); + } + SL_IRETURN(SL_ENONE, _("sl_policy_get_root")); +} + +#include + +/* + * Define a policy: Get real (irrevocably). + * This function drops SUID privileges irrevocably. + * Do nothing if not SUID (? not true - drops if root). + */ + +int sl_policy_get_real(char * user) +{ + struct passwd * tempres; + + SL_ENTER(_("sl_policy_get_real")); + SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); + SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); + + if (euid == 0 || ruid == 0) + { + tempres = sh_getpwnam(user); + + SL_REQUIRE (NULL != tempres, _("tempres != NULL")); + + rgid_orig = tempres->pw_gid; + ruid_orig = tempres->pw_uid; + } + else + { + rgid_orig = rgid; + ruid_orig = ruid; + } + + SL_REQUIRE (sl_drop_privileges() == SL_ENONE, + _("sl_drop_privileges() == SL_ENONE")); + + suid_is_set = SL_TRUE; + SL_IRETURN(SL_ENONE, _("sl_policy_get_real")); +} + + +/* + * Define a policy: Get user. + * Drops privileges. + * Do nothing if not SUID. + */ +int sl_policy_get_user(char * user) +{ + struct passwd * tempres; + + SL_ENTER(_("sl_policy_get_user")); + + SL_REQUIRE(user != NULL, _("user != NULL")); + SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); + SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); + + if (euid != ruid || egid != rgid) + { + tempres = sh_getpwnam(user); + + SL_REQUIRE (NULL != tempres, _("tempres != NULL")); + +#if 0 + rgid = tempres->pw_gid; + ruid = tempres->pw_uid; + SL_REQUIRE(sl_unset_suid() == SL_ENONE, + _("sl_unset_suid() == SL_ENONE")); +#endif + SL_REQUIRE (sl_drop_privileges() == SL_ENONE, + _("sl_drop_privileges() == SL_ENONE")); + } + SL_IRETURN(SL_ENONE, _("sl_policy_get_user")); +} + + + +/* ---------------------------------------------------------------- + * + * File access routines + * + * ---------------------------------------------------------------- */ + +#define TOFFSET 0x1234 + +/* this would prevent opening files if the first 16 fds are open :( */ +/* #define MAXFD FOPEN_MAX */ + +#define MAXFD 1024 + +typedef struct openfiles { + SL_TICKET ticket; /* The unique ID. */ + int fd; /* The file descriptor. */ + char * path; /* The file path. */ +} SL_OFILE; + +static SL_OFILE * ofiles[MAXFD]; + + +static unsigned int nonce_counter = TOFFSET; + +static +SL_TICKET sl_create_ticket (unsigned int myindex) +{ + unsigned int high; /* index */ + unsigned int low; /* nonce */ + + SL_ENTER(_("sl_create_ticket")); + + if (myindex >= MAXFD) + SL_IRETURN (SL_EINTERNAL, _("sl_create_ticket")); + + /* mask out the high bit and check that it is not used + * -> verify that it fits into 16 bits as positive + */ + high = (myindex + TOFFSET) & 0x7fff; + + if (high != myindex + TOFFSET) + SL_IRETURN (SL_EINTERNAL, _("sl_create_ticket")); + + low = nonce_counter & 0xffff; + + /* Overflow -> nonce too big. + */ + if ((low != nonce_counter++) || low == 0) + SL_IRETURN (SL_EINTERNAL, _("sl_create_ticket")); + + /* Wrap around the nonce counter. + * This is a dirty trick. + */ + if (nonce_counter > 0x7fff) + nonce_counter = TOFFSET; + + SL_RETURN ((SL_TICKET) ((high << 16) | low), _("sl_create_ticket")); +} + +static +int sl_read_ticket (SL_TICKET fno) +{ + register unsigned myindex; + register SL_OFILE *of; + + myindex = ((fno >> 16) & 0xffff) - TOFFSET; + if (myindex >= MAXFD) + return (SL_ETICKET); + + if (ofiles[myindex] == NULL) + return (SL_ETICKET); + + if (ofiles[myindex]->ticket != fno) + return (SL_ETICKET); + + if ((of = ofiles[myindex])->fd < 0 || of->fd >= MAXFD ) + return (SL_EINTERNAL); + + if (((of->ticket) & 0xffff) == 0) + return (SL_EINTERNAL); + + return (myindex); +} + +SL_TICKET sl_make_ticket (int fd, char * filename) +{ + size_t len; + SL_TICKET ticket; + SL_ENTER(_("sl_make_ticket")); + /* Make entry. + */ + if (fd >= MAXFD || fd < 0) + { + SL_IRETURN(SL_TOOMANY, _("sl_make_ticket")); + } + + if (ofiles[fd] != NULL) + { + SL_IRETURN(SL_EINTERNAL, _("sl_make_ticket")); + } + + if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL) + { + SL_IRETURN(SL_EMEM, _("sl_make_ticket")); + } + + len = sl_strlen(filename)+1; + + if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) + { + free(ofiles[fd]); + ofiles[fd] = NULL; + SL_IRETURN(SL_EMEM, _("sl_make_ticket")); + } + + /* Get a ticket. + */ + ticket = sl_create_ticket((unsigned int)fd); + + if (SL_ISERROR(ticket)) + { + (void) free (ofiles[fd]->path); + (void) free (ofiles[fd]); + SL_IRETURN(ticket, _("sl_make_ticket")); + } + + sl_strlcpy (ofiles[fd]->path, filename, len); + ofiles[fd]->ticket = ticket; + ofiles[fd]->fd = fd; + + SL_IRETURN(ticket, _("sl_make_ticket")); +} + +#define SL_OPEN_MIN 113 +#define SL_OPEN_FOR_READ 113 +#define SL_OPEN_FOR_WRITE 114 +#define SL_OPEN_FOR_RDWR 115 +#define SL_OPEN_FOR_WTRUNC 116 +#define SL_OPEN_FOR_RWTRUNC 117 +#define SL_OPEN_SAFE_RDWR 118 +#define SL_OPEN_FOR_FASTREAD 119 +#define SL_OPEN_MAX 119 + +#if !defined(O_NOATIME) +#if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) +#define O_NOATIME 01000000 +#else + /* + * bitwise 'or' with zero does not modify any bit + */ +#define O_NOATIME 0 +#endif +#endif + +static int o_noatime = O_NOATIME; +static mode_t open_mode = (S_IWUSR|S_IRUSR|S_IRGRP); + + +static +int sl_open_file (const char *filename, int mode, int priv) +{ + struct stat lbuf; + struct stat buf; + int lstat_return; + int stat_return; + int fd; + int sflags; + size_t len; + SL_TICKET ticket; + +#if !defined(O_NONBLOCK) +#if defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#else +#define O_NONBLOCK 0 +#endif +#endif + + SL_ENTER(_("sl_open_file")); + + if (filename == NULL) + SL_IRETURN(SL_ENULL, _("sl_open_file")); + if (mode < SL_OPEN_MIN || mode > SL_OPEN_MAX) + SL_IRETURN(SL_EINTERNAL, _("sl_open_file")); + + /* "This system call always succeeds and the previous value of + * the mask is returned." + */ + (void) umask (0); + + if (mode == SL_OPEN_FOR_FASTREAD) + { + fd = aud_open_noatime (FIL__, __LINE__, priv, filename, + O_RDONLY|O_NONBLOCK, 0, &o_noatime); + /* + if (fd >= 0) { + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK); + } + */ + if (fd < 0) + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + goto createTicket; + } + +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_set_suid(); +#endif + if (mode == SL_OPEN_FOR_READ) + lstat_return = retry_stat (FIL__, __LINE__, filename, &lbuf); + else + lstat_return = retry_lstat(FIL__, __LINE__, filename, &lbuf); +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_unset_suid(); +#endif + + if (lstat_return == -1) + { + lstat_return = ENOENT; + if ( (mode == SL_OPEN_FOR_READ && lstat_return == ENOENT) || + (errno != ENOENT)) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), + filename, errno)); + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + } + } + + if ( (mode != SL_OPEN_FOR_READ) && (lstat_return != ENOENT) && + ( S_ISDIR(lbuf.st_mode) || (S_IWOTH & lbuf.st_mode) ) + ) + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + + + /* O_NOATIME has an effect for read(). But write() ?. + */ + switch (mode) + { + case SL_OPEN_FOR_READ: + fd = aud_open_noatime (FIL__, __LINE__, priv, filename, + O_RDONLY|O_NONBLOCK, 0, &o_noatime); + if (fd >= 0) { + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK); + } + break; + case SL_OPEN_FOR_WRITE: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY, open_mode); + break; + case SL_OPEN_SAFE_RDWR: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_CREAT|O_EXCL, open_mode); + else + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + break; + case SL_OPEN_FOR_RDWR: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR, open_mode); + break; + case SL_OPEN_FOR_WTRUNC: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY|O_TRUNC, open_mode); + break; + case SL_OPEN_FOR_RWTRUNC: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_TRUNC, open_mode); + break; + default: + SL_IRETURN(SL_EINTERNAL, _("sl_open_file")); + } + + if (fd < 0) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), + filename, errno)); + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + } + +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_set_suid(); +#endif + stat_return = retry_fstat(FIL__, __LINE__, fd, &buf); +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_unset_suid(); +#endif + + if (stat_return < 0) + { + close (fd); + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + } + + if (lstat_return != ENOENT && buf.st_ino != lbuf.st_ino) + { + close (fd); + SL_IRETURN(SL_EBOGUS, _("sl_open_file")); + } + + createTicket: + + /* Make entry. + */ + if (fd >= MAXFD) + { + close(fd); + SL_IRETURN(SL_TOOMANY, _("sl_open_file")); + } + + if (ofiles[fd] != NULL) + { + close(fd); + SL_IRETURN(SL_EINTERNAL, _("sl_open_file")); + } + + if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL) + { + close(fd); + SL_IRETURN(SL_EMEM, _("sl_open_file")); + } + + len = sl_strlen(filename)+1; + + if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) + { + free(ofiles[fd]); + ofiles[fd] = NULL; + close(fd); + SL_IRETURN(SL_EMEM, _("sl_open_file")); + } + + /* Get a ticket. + */ + ticket = sl_create_ticket(fd); + + if (SL_ISERROR(ticket)) + { + (void) free (ofiles[fd]->path); + (void) free (ofiles[fd]); + close(fd); + SL_IRETURN(ticket, _("sl_open_file")); + } + + sl_strlcpy (ofiles[fd]->path, filename, len); + ofiles[fd]->ticket = ticket; + ofiles[fd]->fd = fd; + + SL_IRETURN(ticket, _("sl_open_file")); +} + +static +int check_fname_priv (const char * fname, int priv) +{ + SL_ENTER(_("check_fname_priv")); + if (fname == NULL) + SL_IRETURN(SL_ENULL, _("check_fname_priv")); + if (priv != SL_YESPRIV && priv != SL_NOPRIV) + SL_IRETURN(SL_EINTERNAL, _("check_fname_priv")); + SL_IRETURN(SL_ENONE, _("check_fname_priv")); +} + +SL_TICKET sl_open_write (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_write")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_write")); + + status = sl_open_file(fname, SL_OPEN_FOR_WRITE, priv); + SL_IRETURN(status, _("sl_open_write")); +} + +SL_TICKET sl_open_read (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_read")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + { + TPT(( 0, FIL__, __LINE__, + _("msg= status=<%ld>\n"), + status)); + SL_IRETURN(status, _("sl_open_read")); + } + + status = sl_open_file(fname, SL_OPEN_FOR_READ, priv); + SL_IRETURN(status, _("sl_open_read")); +} + +SL_TICKET sl_open_fastread (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_fastread")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_read")); + + status = sl_open_file(fname, SL_OPEN_FOR_FASTREAD, priv); + SL_IRETURN(status, _("sl_open_fastread")); +} + +SL_TICKET sl_open_rdwr (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_rdwr")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_rdwr")); + + status = sl_open_file(fname, SL_OPEN_FOR_RDWR, priv); + SL_IRETURN(status, _("sl_open_rdwr")); +} + +SL_TICKET sl_open_safe_rdwr (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_safe_rdwr")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_safe_rdwr")); + + status = sl_open_file(fname, SL_OPEN_SAFE_RDWR, priv); + SL_IRETURN(status, _("sl_open_safe_rdwr")); +} + +SL_TICKET sl_open_write_trunc (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_write_trunc")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_write_trunc")); + + status = sl_open_file(fname, SL_OPEN_FOR_WTRUNC, priv); + SL_IRETURN(status, _("sl_open_write_trunc")); +} + +SL_TICKET sl_open_rdwr_trunc (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_rdwr_trunc")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_rdwr_trunc")); + + status = sl_open_file(fname, SL_OPEN_FOR_RWTRUNC, priv); + SL_IRETURN(status, _("sl_open_rdwr_trunc")); +} + + +int get_the_fd (SL_TICKET ticket) +{ + int fd; + + if (SL_ISERROR(fd = sl_read_ticket(ticket))) + return (fd); + + if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || fd < 0) + return (SL_EINTERNAL); + return (fd); +} + +int sl_close (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_close")); + + if (SL_ISERROR(fd = get_the_fd (ticket))) + SL_IRETURN(fd, _("sl_close")); + + /* This may fail, but what to do then ? + */ + if (0 != close(fd) && ofiles[fd] != NULL) + { + TPT((0, FIL__, __LINE__, + _("msg=, path=<%s>, fd=<%d>, err=<%s>\n"), + ofiles[fd]->path, fd, strerror(errno))); + } + + if (ofiles[fd] != NULL) + { + (void) free(ofiles[fd]->path); + (void) free(ofiles[fd]); + ofiles[fd] = NULL; + } + + SL_IRETURN(SL_ENONE, _("sl_close")); +} + +int sl_dropall(int fd, int except) +{ + while (fd < MAXFD) + { + if (ofiles[fd] != NULL && fd != except) + { + if (ofiles[fd]->path != NULL) + (void) free(ofiles[fd]->path); + (void) free(ofiles[fd]); + ofiles[fd] = NULL; + } + ++fd; + } + return 0; +} + + +int sl_unlink (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_unlink")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_unlink")); + + if (retry_aud_unlink(FIL__, __LINE__, ofiles[fd]->path) < 0) + SL_IRETURN(SL_EUNLINK, _("sl_unlink")); + + SL_IRETURN(SL_ENONE, _("sl_unlink")); +} + + +int sl_seek (SL_TICKET ticket, off_t off_data) +{ + register int fd; + + SL_ENTER(_("sl_seek")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_seek")); + + if (lseek(fd, off_data, SEEK_SET) == (off_t)-1) + SL_IRETURN(SL_EREWIND, _("sl_seek")); + + SL_IRETURN(SL_ENONE, _("sl_seek")); +} + +int sl_rewind (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_rewind")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_rewind")); + + if (lseek (fd, 0L, SEEK_SET) == (off_t)-1) + SL_IRETURN(SL_EREWIND, _("sl_rewind")); + + SL_IRETURN(SL_ENONE, _("sl_rewind")); +} + +int sl_forward (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_forward")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_forward")); + + if (lseek (fd, 0L, SEEK_END) == (off_t)-1) + SL_IRETURN(SL_EFORWARD, _("sl_forward")); + + SL_IRETURN(SL_ENONE, _("sl_forward")); +} + + +int sl_sync (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_sync")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_sync")); + + if (fsync (fd) == -1) + SL_IRETURN(SL_ESYNC, _("sl_sync")); + + SL_IRETURN(SL_ENONE, _("sl_sync")); +} + +int sl_read_timeout_prep (SL_TICKET ticket) +{ + int fd; + int sflags; + + SL_ENTER(_("sl_read_timeout_prep")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + SL_IRETURN(fd, _("sl_read_timeout_prep")); + } + + /* set to non-blocking mode + */ + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK); + + SL_IRETURN(SL_ENONE, _("sl_read_timeout_prep")); +} + + +int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count, + int timeout) +{ + fd_set readfds; + struct timeval tv; + /* int sflags; */ + int retval; + + int fd; + int byteread = 0; + int bytes = 0; + char * buf; + + time_t tnow; + time_t tstart; + time_t tdiff; + extern volatile int sig_termfast; + + if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket))) + { + if (buf_in == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_ENULL); + } + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + return (fd); + } + } + + buf = (char *) buf_in; + + tstart = time(NULL); + tdiff = 0; + + while (count > 0) + { + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + tv.tv_sec = timeout - tdiff; + tv.tv_usec = 0; + + retval = select (fd+1, &readfds, NULL, NULL, &tv); + + if (retval > 0) + { + byteread = read (fd, buf, count); + + if (byteread > 0) + { + bytes += byteread; count -= byteread; + buf += byteread; + if (count == 0) + break; + } + else if (byteread == 0) + { + break; + } + else + { + if (errno == EINTR || errno == EAGAIN) + { + retry_msleep(1, 0); + tnow = time(NULL); + tdiff = tnow - tstart; + continue; + } + else + { + return (SL_EREAD); + } + } + } + else if ((retval == -1) && (errno == EINTR || errno == EAGAIN)) + { + retry_msleep(1, 0); + tnow = time(NULL); + tdiff = tnow - tstart; + continue; + } + else if (retval == 0) + { + return (SL_TIMEOUT); + } + else + { + return (SL_EREAD); + } + + if (sig_termfast == 1) + { + return (SL_EREAD); + } + + tnow = time(NULL); + tdiff = tnow - tstart; + + if (tdiff > timeout) + { + return (SL_TIMEOUT); + } + } + + return ((int) bytes); +} + + +int sl_read (SL_TICKET ticket, void * buf_in, size_t count) +{ + int fd; + int byteread = 0; + int bytes = 0; + + char * buf; + + if (count < 1) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + return(SL_ERANGE); + } + if (buf_in == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_ENULL); + } + + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + return (fd); + } + + buf = (char *) buf_in; + + do + { + byteread = read (fd, buf, count); + if (byteread > 0) + { + bytes += byteread; count -= byteread; + buf += byteread; + } + } while ( byteread > 0 || + ( byteread == -1 && (errno == EINTR || errno == EAGAIN)) + ); + + + if (byteread == (-1)) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), errno)); + return (SL_EREAD); + } + return (bytes); +} + +int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count) +{ + int fd; + int byteread = 0; + + char * buf; + + if (count < 1) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + return(SL_ERANGE); + } + if (buf_in == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_ENULL); + } + + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + return (fd); + } + + buf = (char *) buf_in; + + do + { + byteread = read (fd, buf, count); + if (byteread >= 0) + { + return (byteread); + } + } while ( byteread == -1 && (errno == EINTR || errno == EAGAIN)); + + + if (byteread == (-1)) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), errno)); + return (SL_EREAD); + } + return (0); +} + + +int sl_write (SL_TICKET ticket, void * msg_in, long nbytes) +{ + long bytewritten; + long bytecount; + int fd; + + char * msg; + + SL_ENTER(_("sl_write")); + + if (nbytes < 1) + SL_IRETURN(SL_ERANGE, _("sl_write")); + if (msg_in == NULL) + SL_IRETURN(SL_ENULL, _("sl_write")); + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_write")); + + msg = (char *) msg_in; + + /* write + */ + bytecount = 0; + bytewritten = 0; + while (bytecount < nbytes) + { + if ((bytewritten = write (fd, msg, nbytes-bytecount)) > 0) + { + bytecount += bytewritten; + msg += bytewritten; /* move buffer pointer forward */ + } + else if (bytewritten <= 0) + { + if ( errno == EINTR || errno == EAGAIN) /* try again */ + continue; + else + SL_IRETURN(SL_EWRITE, _("sl_write")); + } + } + SL_IRETURN(SL_ENONE, _("sl_write")); +} + +int sl_write_line (SL_TICKET ticket, void * msg, long nbytes) +{ + int status; + + SL_ENTER(_("sl_write_line")); + + status = sl_write(ticket, msg, nbytes); + if (!SL_ISERROR(status)) + status = sl_write(ticket, "\n", 1); + + SL_IRETURN(status, _("sl_write_line")); +} + + +/* ---------------------------------------------------------------- + * + * Trustfile interface + * + * ---------------------------------------------------------------- */ + +extern uid_t rootonly[]; +extern int EUIDSLOT; +extern int ORIG_EUIDSLOT; + +extern char tf_path[MAXFILENAME]; /* Error path for trust function. */ +extern uid_t tf_euid; /* Space for EUID of process. */ + + +char * sl_error_string(int errorcode) +{ + switch (errorcode) + { + case SL_EBOGUS: + return _("Bogus file. Modified during access."); + case SL_EWRITE: + return _("Write error."); + case SL_EREAD: + return _("Read error."); + case SL_ESYNC: + return _("Error in fsync()."); + case SL_EFORWARD: + return _("Error in lseek()."); + case SL_EREWIND: + return _("Error in lseek()."); + case SL_EUNLINK: + return _("Error in unlink()."); + case SL_EMEM: + return _("Out of memory."); + case SL_EINTERNAL: + return _("Internal error."); + case SL_ETICKET: + return _("Bad ticket."); + case SL_EREPEAT: + return _("Illegal repeated use of function."); + case SL_ERANGE: + return _("Argument out of range."); + case SL_ENULL: + return _("Dereferenced NULL pointer."); + + case SL_EBADUID: + return _("Owner not trustworthy."); + case SL_EBADGID: + return _("Group writeable and member not trustworthy."); + case SL_EBADOTH: + return _("World writeable."); + case SL_EBADFILE: + return _("File access error."); + case SL_EBADNAME: + return _("Invalid filename (prob. too long or null)."); + + case SL_ETRUNC: + return _("Truncation occured."); + case SL_ESTAT: + return _("stat() failed."); + default: + return _("Unknown error."); + } +} + + + +char * sl_trust_errfile() +{ + return &tf_path[0]; +} + +extern uid_t tf_baduid; +uid_t sl_trust_baduid() +{ + return tf_baduid; +} + +extern gid_t tf_badgid; +gid_t sl_trust_badgid() +{ + return tf_badgid; +} + + +static int trust_count = 0; + +int sl_trust_purge_user () +{ + int i; + + EUIDSLOT = ORIG_EUIDSLOT; + trust_count = 0; + + for (i = EUIDSLOT; i < (EUIDSLOT + 15); ++i) + rootonly[i] = sh_uid_neg; + return 0; +} + +int sl_trust_add_user (uid_t pwid) +{ + SL_ENTER(_("sl_trust_add_user")); + + if (trust_count == 15) + SL_IRETURN(SL_ERANGE, _("sl_trust_add_user")); + + rootonly[EUIDSLOT] = pwid; + ++EUIDSLOT; + ++trust_count; + + SL_IRETURN(SL_ENONE, _("sl_trust_add_user")); +} + +int sl_trustfile_euid(char * filename, uid_t teuid) +{ + long status; + SL_ENTER(_("sl_trustfile_euid")); + + tf_path[0] = '\0'; + if (filename == NULL || filename[0] == '\0') + SL_IRETURN(SL_EBADNAME, _("sl_trustfile_euid")); + + tf_euid = teuid; + status = sl_trustfile(filename, NULL, NULL); + SL_IRETURN(status, _("sl_trustfile_euid")); +} + +/* ---------------------------------------------------------------- + * + * Overflow tests + * + * ---------------------------------------------------------------- */ + +#ifndef SIZE_MAX +#define SIZE_MAX (4294967295U) +#endif + +int sl_ok_muli (int a, int b) /* a*b */ +{ + if ((b == 0) || (a >= (INT_MIN / b) && a <= (INT_MAX / b))) + return SL_TRUE; /* no overflow */ + return SL_FALSE; +} + +int sl_ok_muls (size_t a, size_t b) /* a*b */ +{ + if ((b == 0) || (a <= (SIZE_MAX / b))) + return SL_TRUE; /* no overflow */ + return SL_FALSE; +} + +int sl_ok_divi (int a, int b) /* a/b */ +{ + (void) a; + if (b != 0) + return SL_TRUE; /* no overflow */ + return SL_FALSE; +} + +int sl_ok_addi (int a, int b) /* a+b */ +{ + if (a >= 0 && b >= 0) + { + if (a <= (INT_MAX - b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + else if (a < 0 && b < 0) + { + if (a >= (INT_MIN - b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + return SL_TRUE; +} + +int sl_ok_adds (size_t a, size_t b) /* a+b */ +{ + if (a <= (SIZE_MAX - b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; +} + +int sl_ok_subi (int a, int b) /* a-b */ +{ + if (a >= 0 && b < 0) + { + if (a <= (INT_MAX + b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + else if (a < 0 && b >= 0) + { + if (a >= (INT_MIN + b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + return SL_TRUE; +} Index: branches/samhain-2_2-branch/src/sstrip.c =================================================================== --- branches/samhain-2_2-branch/src/sstrip.c (revision 66) +++ branches/samhain-2_2-branch/src/sstrip.c (revision 66) @@ -0,0 +1,538 @@ +/* sstrip, version 2.0: Copyright (C) 1999-2001 by Brian Raiter, under the + * GNU General Public License. No warranty. See LICENSE for details. + */ + +/* Modified for portability and 64bit/32bit elf executables, Rainer Wichmann */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#if !defined(__ia64) && !defined(__ia64__) && !defined(__itanium__) && \ + !defined(__alpha) && !defined(__alpha__) && \ + (defined(HAVE_ELF_H) || defined(HAVE_LINUX_ELF_H)) && \ + (defined(__linux__) || defined(__FreeBSD__)) && \ + (defined(__i386__) || defined(__i386) || defined(i386)) + +/* || defined(__sun) || defined(__sun__) || defined(sun) */ + + +#if defined(HAVE_ELF_H) +#include +#else +#include +#endif + +#ifndef TRUE +#define TRUE 1 +#define FALSE 0 +#endif + +#ifndef ELFCLASS32 +#define ELFCLASS32 1 /* 32-bit objects */ +#endif +#ifndef ELFCLASS64 +#define ELFCLASS64 2 /* 64-bit objects */ +#endif + + + +/* The name of the program. + */ +static char const *progname; + +/* The name of the current file. + */ +static char const *filename; + + +/* A simple error-handling function. FALSE is always returned for the + * convenience of the caller. + */ +static int err(char const *errmsg) +{ + fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg); + return FALSE; +} + +/* A macro for I/O errors: The given error message is used only when + * errno is not set. + */ +#define ferr(msg) (err(errno ? strerror(errno) : (msg))) + +/* readelfheader() reads the ELF header into our global variable, and + * checks to make sure that this is in fact a file that we should be + * munging. + */ +static int readelfheader_32(int fd, Elf32_Ehdr *ehdr) +{ + errno = 0; + if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return ferr("missing or incomplete ELF header."); + + /* Check the ELF signature. + */ + if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && + ehdr->e_ident[EI_MAG1] == ELFMAG1 && + ehdr->e_ident[EI_MAG2] == ELFMAG2 && + ehdr->e_ident[EI_MAG3] == ELFMAG3)) + return err("missing ELF signature."); + + /* Compare the file's class and endianness with the program's. + */ +#ifdef ELF_DATA + if (ehdr->e_ident[EI_DATA] != ELF_DATA) + return err("ELF file has different endianness."); +#endif + + if (ehdr->e_ident[EI_CLASS] != ELFCLASS32) + return FALSE; + + /* Check the target architecture. + */ +#ifdef ELF_ARCH + if (ehdr->e_machine != ELF_ARCH) + return err("ELF file created for different architecture."); +#endif + + /* Verify the sizes of the ELF header and the program segment + * header table entries. + */ + if (ehdr->e_ehsize != sizeof(Elf32_Ehdr)) + return err("unrecognized ELF header size."); + if (ehdr->e_phentsize != sizeof(Elf32_Phdr)) + return err("unrecognized program segment header size."); + + /* Finally, check the file type. + */ + if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) + return err("not an executable or shared-object library."); + + return TRUE; +} + +static int readelfheader_64(int fd, Elf64_Ehdr *ehdr) +{ + errno = 0; + + if (lseek(fd, 0, SEEK_SET)) + return ferr("could not rewind file"); + + if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return ferr("missing or incomplete ELF header."); + + /* Check the ELF signature. + */ + if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && + ehdr->e_ident[EI_MAG1] == ELFMAG1 && + ehdr->e_ident[EI_MAG2] == ELFMAG2 && + ehdr->e_ident[EI_MAG3] == ELFMAG3)) + return err("missing ELF signature."); + + /* Compare the file's class and endianness with the program's. + */ +#ifdef ELF_DATA + if (ehdr->e_ident[EI_DATA] != ELF_DATA) + return err("ELF file has different endianness."); +#endif + + if (ehdr->e_ident[EI_CLASS] != ELFCLASS64) + return err("ELF file has different word size."); + + /* Check the target architecture. + */ +#ifdef ELF_ARCH + if (ehdr->e_machine != ELF_ARCH) + return err("ELF file created for different architecture."); +#endif + + /* Verify the sizes of the ELF header and the program segment + * header table entries. + */ + if (ehdr->e_ehsize != sizeof(Elf64_Ehdr)) + return err("unrecognized ELF header size."); + if (ehdr->e_phentsize != sizeof(Elf64_Phdr)) + return err("unrecognized program segment header size."); + + /* Finally, check the file type. + */ + if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) + return err("not an executable or shared-object library."); + + return TRUE; +} + +/* readphdrtable() loads the program segment header table into memory. + */ +static int readphdrtable_32(int fd, Elf32_Ehdr const *ehdr, Elf32_Phdr **phdrs) +{ + size_t size; + + if (!ehdr->e_phoff || !ehdr->e_phnum) + return err("ELF file has no program header table."); + + size = ehdr->e_phnum * sizeof **phdrs; + if (!(*phdrs = malloc(size))) + return err("Out of memory!"); + + errno = 0; + if (read(fd, *phdrs, size) != (ssize_t)size) + return ferr("missing or incomplete program segment header table."); + + return TRUE; +} + +static int readphdrtable_64(int fd, Elf64_Ehdr const *ehdr, Elf64_Phdr **phdrs) +{ + size_t size; + + if (!ehdr->e_phoff || !ehdr->e_phnum) + return err("ELF file has no program header table."); + + size = ehdr->e_phnum * sizeof **phdrs; + if (!(*phdrs = malloc(size))) + return err("Out of memory!"); + + errno = 0; + if (read(fd, *phdrs, size) != (ssize_t)size) + return ferr("missing or incomplete program segment header table."); + + return TRUE; +} + +/* getmemorysize() determines the offset of the last byte of the file + * that is referenced by an entry in the program segment header table. + * (Anything in the file after that point is not used when the program + * is executing, and thus can be safely discarded.) + */ +static int getmemorysize_32(Elf32_Ehdr const *ehdr, Elf32_Phdr const *phdrs, + unsigned long *newsize) +{ + Elf32_Phdr const *phdr; + unsigned long size, n; + int i; + + /* Start by setting the size to include the ELF header and the + * complete program segment header table. + */ + size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs; + if (size < sizeof *ehdr) + size = sizeof *ehdr; + + /* Then keep extending the size to include whatever data the + * program segment header table references. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_type != PT_NULL) { + n = phdr->p_offset + phdr->p_filesz; + if (n > size) + size = n; + } + } + + *newsize = size; + return TRUE; +} + +static int getmemorysize_64(Elf64_Ehdr const *ehdr, Elf64_Phdr const *phdrs, + unsigned long *newsize) +{ + Elf64_Phdr const *phdr; + unsigned long size, n; + int i; + + /* Start by setting the size to include the ELF header and the + * complete program segment header table. + */ + size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs; + if (size < sizeof *ehdr) + size = sizeof *ehdr; + + /* Then keep extending the size to include whatever data the + * program segment header table references. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_type != PT_NULL) { + n = phdr->p_offset + phdr->p_filesz; + if (n > size) + size = n; + } + } + + *newsize = size; + return TRUE; +} + +/* truncatezeros() examines the bytes at the end of the file's + * size-to-be, and reduces the size to exclude any trailing zero + * bytes. + */ +static int truncatezeros(int fd, unsigned long *newsize) +{ + unsigned char contents[1024]; + unsigned long size, n; + + size = *newsize; + do { + n = sizeof contents; + if (n > size) + n = size; + if (lseek(fd, size - n, SEEK_SET) == (off_t)-1) + return ferr("cannot seek in file."); + if (read(fd, contents, n) != (ssize_t)n) + return ferr("cannot read file contents"); + while (n && !contents[--n]) + --size; + } while (size && !n); + + /* Sanity check. + */ + if (!size) + return err("ELF file is completely blank!"); + + *newsize = size; + return TRUE; +} + +/* modifyheaders() removes references to the section header table if + * it was stripped, and reduces program header table entries that + * included truncated bytes at the end of the file. + */ +static int modifyheaders_32(Elf32_Ehdr *ehdr, Elf32_Phdr *phdrs, + unsigned long newsize) +{ + Elf32_Phdr *phdr; + int i; + + /* If the section header table is gone, then remove all references + * to it in the ELF header. + */ + if (ehdr->e_shoff >= newsize) { + ehdr->e_shoff = 0; + ehdr->e_shnum = 0; + ehdr->e_shentsize = 0; + ehdr->e_shstrndx = 0; + } + + /* The program adjusts the file size of any segment that was + * truncated. The case of a segment being completely stripped out + * is handled separately. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_offset >= newsize) { + phdr->p_offset = newsize; + phdr->p_filesz = 0; + } else if (phdr->p_offset + phdr->p_filesz > newsize) { + phdr->p_filesz = newsize - phdr->p_offset; + } + } + + return TRUE; +} + +static int modifyheaders_64(Elf64_Ehdr *ehdr, Elf64_Phdr *phdrs, + unsigned long newsize) +{ + Elf64_Phdr *phdr; + int i; + + /* If the section header table is gone, then remove all references + * to it in the ELF header. + */ + if (ehdr->e_shoff >= newsize) { + ehdr->e_shoff = 0; + ehdr->e_shnum = 0; + ehdr->e_shentsize = 0; + ehdr->e_shstrndx = 0; + } + + /* The program adjusts the file size of any segment that was + * truncated. The case of a segment being completely stripped out + * is handled separately. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_offset >= newsize) { + phdr->p_offset = newsize; + phdr->p_filesz = 0; + } else if (phdr->p_offset + phdr->p_filesz > newsize) { + phdr->p_filesz = newsize - phdr->p_offset; + } + } + + return TRUE; +} + +/* commitchanges() writes the new headers back to the original file + * and sets the file to its new size. + */ +static int commitchanges_32(int fd, Elf32_Ehdr const *ehdr, Elf32_Phdr *phdrs, + unsigned long newsize) +{ + size_t n; + + /* Save the changes to the ELF header, if any. + */ + if (lseek(fd, 0, SEEK_SET)) + return ferr("could not rewind file"); + errno = 0; + if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return err("could not modify file"); + + /* Save the changes to the program segment header table, if any. + */ + if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) { + err("could not seek in file."); + goto warning; + } + n = ehdr->e_phnum * sizeof *phdrs; + if (write(fd, phdrs, n) != (ssize_t)n) { + err("could not write to file"); + goto warning; + } + + /* Eleventh-hour sanity check: don't truncate before the end of + * the program segment header table. + */ + if (newsize < ehdr->e_phoff + n) + newsize = ehdr->e_phoff + n; + + /* Chop off the end of the file. + */ + if (ftruncate(fd, newsize)) { + err("could not resize file"); + goto warning; + } + + return TRUE; + + warning: + return err("ELF file may have been corrupted!"); +} + +static int commitchanges_64(int fd, Elf64_Ehdr const *ehdr, Elf64_Phdr *phdrs, + unsigned long newsize) +{ + size_t n; + + /* Save the changes to the ELF header, if any. + */ + if (lseek(fd, 0, SEEK_SET)) + return ferr("could not rewind file"); + errno = 0; + if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return err("could not modify file"); + + /* Save the changes to the program segment header table, if any. + */ + if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) { + err("could not seek in file."); + goto warning; + } + n = ehdr->e_phnum * sizeof *phdrs; + if (write(fd, phdrs, n) != (ssize_t)n) { + err("could not write to file"); + goto warning; + } + + /* Eleventh-hour sanity check: don't truncate before the end of + * the program segment header table. + */ + if (newsize < ehdr->e_phoff + n) + newsize = ehdr->e_phoff + n; + + /* Chop off the end of the file. + */ + if (ftruncate(fd, newsize)) { + err("could not resize file"); + goto warning; + } + + return TRUE; + + warning: + return err("ELF file may have been corrupted!"); +} + +/* main() loops over the cmdline arguments, leaving all the real work + * to the other functions. + */ +int main(int argc, char *argv[]) +{ + int fd; + int is_32bit_elf; + Elf32_Ehdr ehdr32; + Elf32_Phdr *phdrs32 = NULL; + Elf64_Ehdr ehdr64; + Elf64_Phdr *phdrs64 = NULL; + unsigned long newsize; + char **arg; + int failures = 0; + + if (argc < 2 || argv[1][0] == '-') { + printf("Usage: sstrip FILE...\n" + "sstrip discards all nonessential bytes from an executable.\n\n" + "Version 2.0 Copyright (C) 2000,2001 Brian Raiter.\n" + "This program is free software, licensed under the GNU\n" + "General Public License. There is absolutely no warranty.\n"); + return EXIT_SUCCESS; + } + + progname = argv[0]; + + for (arg = argv + 1 ; *arg != NULL ; ++arg) { + filename = *arg; + + fd = open(*arg, O_RDWR); + if (fd < 0) { + ferr("can't open"); + ++failures; + continue; + } + + if (readelfheader_32(fd, &ehdr32)) { + is_32bit_elf = TRUE; + } + else if (readelfheader_64(fd, &ehdr64)) { + is_32bit_elf = FALSE; + } + else { + close(fd); + return EXIT_FAILURE; + } + + if (is_32bit_elf) { + if (!(readphdrtable_32(fd, &ehdr32, &phdrs32) && + getmemorysize_32(&ehdr32, phdrs32, &newsize) && + truncatezeros(fd, &newsize) && + modifyheaders_32(&ehdr32, phdrs32, newsize) && + commitchanges_32(fd, &ehdr32, phdrs32, newsize))) + ++failures; + } + else { + if (!(readphdrtable_64(fd, &ehdr64, &phdrs64) && + getmemorysize_64(&ehdr64, phdrs64, &newsize) && + truncatezeros(fd, &newsize) && + modifyheaders_64(&ehdr64, phdrs64, newsize) && + commitchanges_64(fd, &ehdr64, phdrs64, newsize))) + ++failures; + } + + close(fd); + } + + return failures ? EXIT_FAILURE : EXIT_SUCCESS; +} + +#else + +int main() +{ + return (EXIT_SUCCESS); +} + +#endif Index: branches/samhain-2_2-branch/src/trustfile.c =================================================================== --- branches/samhain-2_2-branch/src/trustfile.c (revision 66) +++ branches/samhain-2_2-branch/src/trustfile.c (revision 66) @@ -0,0 +1,978 @@ +/* debug problems */ +/* #define TRUST_DEBUG */ + +/* switch off full check */ +/* #define TEST_ONLY */ + +/* standalone */ +/* #define TRUST_MAIN */ +/* $(CC) -DTRUST_MAIN -DSL_ALWAYS_TRUSTED=... */ + +/* LINTLIBRARY */ +/* + * This is the file with all the library routines in it + * + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + * + * Compilation notes: + * * this does NOT use malloc(3), but fixed storage. this means we + * do lots of bounds checking, but it still is faster, and smaller, + * than forcing inclusion of malloc. All buffers etc. are of size + * MAXFILENAME (defined in trustfile.h); to get more room, recompile + * with this set larger. + * * if you support the following directory semantics, define STICKY; + * otherwise, undefine it + * "if a directory is both world-writeable AND has the sticky bit + * set, then ONLY the owner of an existing file may delete it" + * On some systems (eg, IRIX), you can delete the file under these + * conditions if the file is world writeable. Foor our purposes, + * this is irrelevant since if the file is world-writeable it is + * untrustworthy; either it can be replaced with another file (the + * IRIX version) or it can be altered (all versions). + * if this is true and STICKY is not set, the sticky bit is ignored + * and the directory will be flagged as untrustworthy, even when only + * a trusted user could delete the file + * * this uses a library call to get the name of the current working + * directory. Define the following to get the various versions: + * GETCWD for Solaris 2.x, SunOS 4.1.x, IRIX 5.x + * char *getcwd(char *buf, int bufsz); + * where buf is a buffer for the path name, and bufsz is + * the size of the buffer; if the size if too small, you + * get an error return (NULL) + * GETWD for Ultrix 4.4 + * char *getwd(char *buf) + * where buf is a buffer for the path name, and it is + * assumed to be at lease as big as MAXPATHLEN. + * *** IMPORTANT NOTE *** + * Ultrix supports getcwd as well, but it uses popen to + * run the command "pwd" (according to the manual). This + * means it's vulnerable to a number of attacks if used + * in a privileged program. YOU DON'T WANT THIS. + * * the debugging flag DEBUG prints out each step of the file name + * checking, as well as info on symbolic links (if S_IFLNK defined), + * file name canonicalization, and user, group, and permission for + * each file or directory; this is useful if you want to be sure + * you're checking the right file + * + * Version information: + * 1.0 December 28, 1995 Matt Bishop + * + * 2.0 March 26, 2000 Rainer Wichmann -- adapted for slib. + */ + +/* --- Why strcpy is safe here: ---- */ + +/* The input path is checked once, and then either shortened [in dirz()], + * or safely expanded (symlinks) with bound checking. + * I.e., the path length can never exceed (MAXFILENAME-1), while the path + * is always copied between buffers of length MAXFILENAME. + */ + +#ifndef TRUST_MAIN +#include "config_xor.h" +#include "sh_calls.h" +#else +#define UID_CAST long +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef TRUST_MAIN +#include "slib.h" +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" + +#else + +#define sh_getgrgid getgrgid +#define sh_getpwent getpwent +#define sh_getpwnam getpwnam +#define sh_getpwuid getpwuid +#define sh_endpwent endpwent + +#define TRUST_DEBUG +#define SL_FALSE 0 +#define SL_TRUE 1 +#define SL_ENTER(string) +#define SL_IRETURN(a, b) return a +#define retry_lstat(a,b,c,d) lstat(c,d) +#define _(string) string +#define N_(string) string +#define MAXFILENAME 4096 +static int sl_errno = 0; +#define SL_ENONE 0 +#define SL_ENULL -1024 /* Invalid use of NULL pointer. */ +#define SL_ERANGE -1025 /* Argument out of range. */ +#define SL_ETRUNC -1026 /* Result truncated. */ +#define SL_EINTERNAL -1028 /* Internal error. */ +#define SL_EBADFILE -1030 /* File access error. Check errno. */ +#define SL_EBADNAME -1040 /* Invalid name. */ +#define SL_ESTAT -1041 /* stat of file failed. Check errno. */ +#define SL_EBADUID -1050 /* Owner not trustworthy. */ +#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/ +#define SL_EBADOTH -1052 /* World writeable. */ + +#endif + + +#if defined(__linux__) || defined(__FreeBSD__) +#define STICKY +#endif + +#undef FIL__ +#define FIL__ _("trustfile.c") + +/* + * the get current working directory function + * every version of UNIX seems to have its own + * idea of how to do this, so we group them by + * arguments ... + * all must return a pointer to the right name + */ + + +#ifndef TRUST_MAIN + +#if defined(HAVE_GETCWD) && !defined(HAVE_BROKEN_GETCWD) +#define CURDIR(buf,nbuf) getcwd((buf), (nbuf)) +#elif defined(HAVE_GETWD) +#define CURDIR(buf,nbuf) getwd((buf)) +#endif + +#else + +#define CURDIR(buf,nbuf) getcwd((buf), (nbuf)) + +#endif + + + +/* + * this checks to see if there are symbolic links + * assumes the link bit in the protection mask is called S_IFLNK + * (seems to be true on all UNIXes with them) + */ +#ifndef S_IFLNK +#define lstat stat +#endif + + +/* + * these are useful global variables + * + * first set: who you gonna trust, by default? + * if the user does not specify a trusted or untrusted set of users, + * all users are considered untrusted EXCEPT: + * UID 0 -- root as root can do anything on most UNIX systems, this + * seems reasonable + * tf_euid -- programmer-selectable UID + * if the caller specifies a specific UID by putting + * it in this variable, it will be trusted; this is + * typically used to trust the effective UID of the + * process (note: NOT the real UID, which will cause all + * sorts of problems!) By default, this is set to -1, + * so if it's not set, root is the only trusted user + */ + +/* modified Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ + + +#ifndef SL_ALWAYS_TRUSTED +#define SL_ALWAYS_TRUSTED 0 +#endif +static uid_t test_rootonly[] = { SL_ALWAYS_TRUSTED }; + +#define tf_uid_neg ((uid_t)-1) + +uid_t rootonly[] = { SL_ALWAYS_TRUSTED, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg }; + +uid_t tf_euid = tf_uid_neg; +int EUIDSLOT = sizeof(test_rootonly)/sizeof(uid_t); +int ORIG_EUIDSLOT = sizeof(test_rootonly)/sizeof(uid_t); + +char tf_path[MAXFILENAME]; /* error path for trust function */ +uid_t tf_baduid; +gid_t tf_badgid; + +static +int dirz(char *path) +{ + register char *p = path;/* points to rest of path to clean up */ + register char *q; /* temp pointer for skipping over stuff */ + + static char swp[MAXFILENAME]; + + SL_ENTER(_("dirz")); + /* + * standard error checking + */ + if (path == NULL) + SL_IRETURN(SL_ENULL, _("dirz")); + if (path[0] == '.') + SL_IRETURN(SL_EINTERNAL, _("dirz")); + + + /* + * loop over the path name until everything is checked + */ + while(*p) + { + /* skip + */ + if (*p != '/') + { + p++; + continue; + } + + /* "/./" or "/." + */ + if (p[1] == '.' && (p[2] == '/' || p[2] == '\0')) + { + /* yes -- delete "/." + */ + (void) strcpy(swp, &p[2]); /* known to fit */ + (void) strcpy(p, swp); /* known to fit */ + + /* special case "/." as full path name + */ + if (p == path && *p == '\0') + { + *p++ = '/'; + *p = '\0'; + } + } + + /* "//" + */ + else if (p[1] == '/') + { + /* yes -- skip + */ + for(q = &p[2]; *q == '/'; q++) + ; + (void) strcpy(swp, q); /* known to fit */ + (void) strcpy(&p[1], swp); /* known to fit */ + } + + /* "/../" or "/.." + */ + else if (p[1] == '.' && p[2] == '.' && (p[3] == '/' || p[3] == '\0')) + { + /* yes -- if it's root, delete .. only + */ + if (p == path) + { + (void) strcpy(swp, &p[3]); /* known to fit */ + (void) strcpy(p, swp); /* known to fit */ + } + else + { + /* back up over previous component + */ + q = p - 1; + while(q != path && *q != '/') + q--; + /* now wipe it out + */ + (void) strcpy(swp, &p[3]); /* known to fit */ + (void) strcpy(q, swp); /* known to fit */ + p = q; + } + } + else + p++; + } + SL_IRETURN(SL_ENONE, _("dirz")); +} + + + +/* not static to circumvent stupid gcc 4 bug */ +int getfname(char *fname, char *rbuf, int rsz) +{ +#ifndef TRUST_MAIN + register int status; +#endif + + SL_ENTER(_("getfname")); + /* + * do the initial checking + * NULL pointer + */ + if (fname == NULL || rbuf == NULL) + SL_IRETURN(SL_ENULL, _("getfname")); + if (rsz <= 0) + SL_IRETURN(SL_ERANGE, _("getfname")); + + + /* already a full path name */ + if (*fname == '/') + rbuf[0] = '\0'; + else + { + if (CURDIR(rbuf, rsz) == NULL) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: getcwd failed\n"); +#endif + SL_IRETURN(SL_EBADNAME, _("getfname")); + } + } + + /* + * append the file name and reduce + */ + if (fname != NULL && *fname != '\0') + { +#ifndef TRUST_MAIN + status = sl_strlcat(rbuf, "/", rsz); + if (status == SL_ENONE) + status = sl_strlcat(rbuf, fname, rsz); + if (status != SL_ENONE) + SL_IRETURN(status, _("getfname")); +#else + strncat(rbuf, "/", rsz-strlen(rbuf)); + strncat(rbuf, fname, rsz-strlen(rbuf)); +#endif + } + SL_IRETURN(dirz(rbuf), _("getfname")); +} + +static +int isin(uid_t n, uid_t *list) +{ + SL_ENTER(_("isin")); + if (list == NULL) + SL_IRETURN(SL_FALSE, _("isin")); + + while(*list != tf_uid_neg && *list != n) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: owner_uid=%ld, trusted uid=%ld, no match\n", + (UID_CAST) n, (UID_CAST) *list); +#endif + list++; + } + + if (*list == tf_uid_neg) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: owner_uid=%ld, no match with any trusted user --> ERROR\n", + (UID_CAST) n); +#endif + SL_IRETURN(SL_FALSE, _("isin")); + } + +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: owner_uid=%ld, trusted_uid=%ld, match found --> OK\n", + (UID_CAST)n, (UID_CAST)*list); +#endif + SL_IRETURN(SL_TRUE, _("isin")); +} + +/* comment added by R. Wichmann + * RETURN TRUE if ANYONE in ulist is group member + */ +/* not static to circumvent stupid gcc 4 bug */ +int isingrp(gid_t grp, uid_t *ulist) +{ + register struct passwd *w; /* info about group member */ + register uid_t *u; /* points to current ulist member */ + register char **p; /* points to current group member */ + register struct group *g; /* pointer to group information */ + + SL_ENTER(_("isingrp")); + + if ((g = sh_getgrgid(grp)) == NULL) + { + SL_IRETURN(SL_FALSE, _("isingrp") ); + } + /* + if(g->gr_mem == NULL || g->gr_mem[0] == NULL ) + SL_IRETURN(SL_FALSE, _("isingrp") ); + */ + + /* this will return at the first match + */ + for(p = g->gr_mem; *p != NULL; p++) + { + for(u = ulist; *u != tf_uid_neg; u++) + { + /* map user name to UID and compare */ +#ifdef TRUST_MAIN + if ((w = getpwnam(*p)) != NULL && *u == (uid_t)(w->pw_uid) ) + SL_IRETURN(SL_TRUE, _("isingrp")); +#else + if ((w = sh_getpwnam(*p)) != NULL && *u == (uid_t)(w->pw_uid) ) + { + SL_IRETURN(SL_TRUE, _("isingrp")); + } +#endif + } + } + /* added by R. Wichmann Fri Mar 30 08:16:14 CEST 2001: + * a user can have a GID but no entry in /etc/group + */ + for(u = ulist; *u != tf_uid_neg; u++) + { +#ifdef TRUST_MAIN + if ((w = getpwuid(*u)) != NULL && grp == (gid_t)(w->pw_gid) ) + SL_IRETURN(SL_TRUE, _("isingrp")); +#else + if ((w = sh_getpwuid(*u)) != NULL && grp == (gid_t)(w->pw_gid) ) + { + SL_IRETURN(SL_TRUE, _("isingrp")); + } +#endif + } + + SL_IRETURN(SL_FALSE, _("isingrp")); +} + +/* added by R. Wichmann Fri Mar 30 08:16:14 CEST 2001 + * RETURN TRUE only if ALL group members are trusted + */ +/* not static to circumvent stupid gcc 4 bug */ +int onlytrustedingrp(gid_t grp, uid_t *ulist) +{ + register struct passwd *w; /* info about group member */ + register uid_t *u; /* points to current ulist member */ + register char **p; /* points to current group member */ + register struct group *g; /* pointer to group information */ + register int flag = -1; /* group member found */ + + SL_ENTER(_("onlytrustedingrp")); + +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: group writeable, group_gid: %ld\n", + (UID_CAST)grp); +#endif + + if ((g = sh_getgrgid(grp)) == NULL) + { +#ifdef TRUST_DEBUG + fprintf(stderr, + "trustfile: group_gid: %ld, no such group --> ERROR\n", + (UID_CAST)grp); +#endif + SL_IRETURN(SL_FALSE, _("onlytrustedingrp") ); + } + + /* empty group -> no problem + + if(g->gr_mem == NULL || g->gr_mem[0] == NULL ) + SL_IRETURN(SL_TRUE, _("onlytrustedingrp") ); + */ + + /* check for untrusted members of the group + */ + for(p = g->gr_mem; *p != NULL; p++) + { + flag = -1; +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: group_member: %s\n", *p); +#endif + /* map user name to UID and compare + */ + w = sh_getpwnam(*p); +#ifndef TRUST_MAIN + if (!w) + w = sh_getpwnam(*p); +#endif + if (w == NULL) /* not a valid user, ignore */ + { + flag = 0; + } + else /* check list of trusted users */ + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, checking whether it is trusted\n", + (UID_CAST)(w->pw_uid)); +#endif + for(u = ulist; *u != tf_uid_neg; u++) + { + if (*u == (w->pw_uid) ) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, match found --> OK\n", + (UID_CAST)(w->pw_uid), (UID_CAST)*u); +#endif + flag = 0; + break; + } + else + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, no match\n", + (UID_CAST)(w->pw_uid), (UID_CAST)*u); +#endif + ; + } + } + } + /* not found + */ + if (flag == -1) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: user=%s (gid %ld), not a trusted user --> ERROR\n", *p, (UID_CAST)grp); +#endif + tf_baduid = w->pw_uid; + SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); + } + } + +#ifndef TEST_ONLY +#ifdef HAVE_GETPWENT + /* now check ALL users for their GID !!! + */ + while (NULL != (w = sh_getpwent())) + { + if (grp == (gid_t)(w->pw_gid)) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: checking group member %s, uid %ld\n", + w->pw_name, (UID_CAST)w->pw_uid); +#endif + /* is it a trusted user ? + */ + flag = -1; + for(u = ulist; *u != tf_uid_neg; u++) + { + if (*u == (uid_t)(w->pw_uid)) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, match found --> OK\n", + (UID_CAST)(w->pw_uid), *u); +#endif + flag = 0; + break; + } + else + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, no match\n", + (UID_CAST)(w->pw_uid), (UID_CAST)*u); +#endif + ; + } + } + /* not found */ + if (flag == -1) + { +#ifdef TRUST_DEBUG + fprintf(stderr,"trustfile: group member %s not found in trusted users --> ERROR\n", w->pw_name); +#endif + tf_baduid = w->pw_uid; + SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); + } + } + } + +#ifdef HAVE_ENDPWENT + sh_endpwent(); +#endif + /* TEST_ONLY */ +#endif + + /* #ifdef HAVE_GETPWENT */ +#endif + +#ifdef TRUST_DEBUG + fprintf(stderr, + "trustfile: group %ld: all members are trusted users --> OK\n", + (UID_CAST)grp); +#endif + /* all found + */ + SL_IRETURN(SL_TRUE, _("onlytrustedingrp")); +} + +int sl_trustfile(char *fname, uid_t *okusers, uid_t *badusers) +{ + char fexp[MAXFILENAME]; /* file name fully expanded */ + register char *p = fexp; /* used to hold name to be checked */ + struct stat stbuf; /* used to check file permissions */ + char c; /* used to hold temp char */ + + SL_ENTER(_("sl_trustfile")); + if (fname == NULL) + SL_IRETURN(SL_EBADFILE, _("sl_trustfile")); + + /* + * next expand to the full file name + * getfname sets sl_errno as appropriate + */ +#ifdef TRUST_MAIN + sl_errno = getfname(fname, fexp, MAXFILENAME); + if (sl_errno != 0) + return sl_errno; +#else + if (SL_ISERROR(getfname(fname, fexp, MAXFILENAME))) + SL_IRETURN(sl_errno, _("sl_trustfile")); +#endif + + if (okusers == NULL && badusers == NULL) + { + okusers = rootonly; + rootonly[EUIDSLOT] = tf_euid; + } + + /* + * now loop through the path a component at a time + * note we have to special-case root + */ + while(*p) + { + /* + * get next component + */ + while(*p && *p != '/') + p++; + + /* save where you are + */ + if (p == fexp) + { + /* keep the / if it's the root dir + */ + c = p[1]; + p[1] = '\0'; + } + else + { + /* clobber the / if it isn't the root dir + */ + c = *p; + *p = '\0'; + } + + /* + * now get the information + */ + if (retry_lstat(FIL__, __LINE__, fexp, &stbuf) < 0) + { + (void) strcpy(tf_path, fexp); /* known to fit */ +#ifdef TRUST_MAIN + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: ESTAT: stat(%s) failed, maybe the file does not exist\n", + fexp); + fprintf(stderr, "---------------------------------------------\n"); +#endif + SL_IRETURN(SL_ESTAT, _("sl_trustfile")); + } + +#ifdef S_IFLNK + /* + * if it's a symbolic link, recurse + */ + if ((stbuf.st_mode & S_IFLNK) == S_IFLNK) + { + /* + * this is tricky + * if the symlink is to an absolute path + * name, just call trustfile on it; but + * if it's a relative path name, it's + * interpreted WRT the current working + * directory AND NOT THE FILE NAME!!!!! + * so, we simply put /../ at the end of + * the file name, then append the symlink + * contents; trustfile will canonicalize + * this, and the /../ we added "undoes" + * the name of the symlink to put us in + * the current working directory, at + * which point the symlink contents (appended + * to the CWD) are interpreted correctly. + * got it? + */ + char csym[MAXFILENAME]; /* contents of symlink file */ + char full[MAXFILENAME]; /* "full" name of symlink */ + register char *b, *t; /* used to copy stuff around */ + register int lsym; /* num chars in symlink ref */ + register int i; /* trustworthy or not? */ + + /* + * get what the symbolic link points to + * + * The original code does not check the return code of readlink(), + * and has an off-by-one error + * (MAXFILENAME instead of MAXFILENAME-1) + * R.W. Tue May 29 22:05:16 CEST 2001 + */ + lsym = readlink(fexp, csym, MAXFILENAME-1); + if (lsym >= 0) + csym[lsym] = '\0'; + else + { +#ifdef TRUST_MAIN + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: EBADNAME: readlink(%s) failed\n", + fexp); + fprintf(stderr, "---------------------------------------------\n"); +#endif + SL_IRETURN(SL_EBADNAME, _("sl_trustfile")); + } + + /* + * relative or absolute referent? + */ + if (csym[0] != '/') + { + /* initialize pointers + */ + b = full; + + /* copy in base path + */ + t = fexp; + while(*t && b < &full[MAXFILENAME]) + *b++ = *t++; + + /* smack on the /../ + */ + t = "/../"; + while(*t && b < &full[MAXFILENAME]) + *b++ = *t++; + + /* append the symlink referent + */ + t = csym; + while(*t && b < &full[MAXFILENAME]) + *b++ = *t++; + + /* see if we're too big + */ + if (*t || b == &full[MAXFILENAME]) + { + /* yes -- error + */ + (void) strcpy(tf_path, fexp); /* known to fit */ +#ifdef TRUST_MAIN + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, + "trustfile: ETRUNC: normalized path too long (%s)\n", + fexp); + fprintf(stderr, "---------------------------------------------\n"); +#endif + SL_IRETURN(SL_ETRUNC, _("sl_trustfile")); + } + *b = '\0'; + } + else + { + /* absolute -- just copy */ + /* overflow can't occur as the arrays */ + /* are the same size */ + (void) strcpy(full, csym); /* known to fit */ + } + /* + * now check out this file and its ancestors + */ + if ((i = sl_trustfile(full, okusers, badusers)) != SL_ENONE) + SL_IRETURN(i, _("sl_trustfile")); + + /* + * okay, this part is valid ... let's check the rest + * put the / back + */ + if (p == fexp) + { + /* special case for root */ + p[1] = c; + p++; + } + else + { + /* ordinary case for everything else */ + *p = c; + if (*p) + p++; + } + continue; + } +#endif + + +#ifdef TRUST_DEBUG + fprintf(stderr, "\ntrustfile: checking path=%s\n", fexp); +#endif + /* + * if the owner is not trusted then -- as the owner can + * change protection modes -- he/she can write to the + * file regardless of permissions, so bomb + */ + if (((okusers != NULL && SL_FALSE == isin((uid_t)stbuf.st_uid,okusers))|| + (badusers != NULL && SL_TRUE == isin((uid_t)stbuf.st_uid,badusers)))) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: EBADUID %s (owner not trusted)\n", + fexp); + fprintf(stderr, "The owner of this file/directory is not in samhains\n"); + fprintf(stderr, "list of trusted users.\n"); + fprintf(stderr, "Please run ./configure again with the option\n"); + fprintf(stderr, " ./configure [more options] --with-trusted=0,...,UID\n"); + fprintf(stderr, "where UID is the UID of the (yet) untrusted user.\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + (void) strcpy(tf_path, fexp); /* known to fit */ + tf_baduid = (uid_t) stbuf.st_uid; + SL_IRETURN(SL_EBADUID, _("sl_trustfile")); + } + + /* + * if a group member can write but the + * member is not trusted, bomb; but if + * sticky bit semantics are honored, it's + * okay + */ + /* Thu Mar 29 21:10:28 CEST 2001 Rainer Wichmann + * replace !isingrp() with onlytrustedingrp(), as isingrp() + * will return at the first trusted user, even if there are additional + * (untrusted) users in the group + */ + if (((stbuf.st_mode & S_IWGRP) == S_IWGRP) && + ((okusers != NULL && !onlytrustedingrp((gid_t)stbuf.st_gid,okusers))|| + (badusers != NULL && isingrp((gid_t)stbuf.st_gid, badusers))) +#ifdef STICKY + && ((stbuf.st_mode&S_IFDIR) != S_IFDIR || + (stbuf.st_mode&S_ISVTX) != S_ISVTX) +#endif + ) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, + "trustfile: EBADGID %ld %s (group member not trusted)\n", + (UID_CAST)stbuf.st_gid, fexp); + fprintf(stderr, "This file/directory is group writeable, and one of the group members\n"); + fprintf(stderr, "is not in samhains list of trusted users.\n"); + fprintf(stderr, "Please run ./configure again with the option\n"); + fprintf(stderr, " ./configure [more options] --with-trusted=0,...,UID\n"); + fprintf(stderr, "where UID is the UID of the (yet) untrusted user.\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + (void) strcpy(tf_path, fexp); /* known to fit */ + tf_badgid = (gid_t) stbuf.st_gid; + SL_IRETURN(SL_EBADGID, _("sl_trustfile")); + } + /* + * if other can write, bomb; but if the sticky + * bit semantics are honored, it's okay + */ + if (((stbuf.st_mode & S_IWOTH) == S_IWOTH) +#ifdef STICKY + && ((stbuf.st_mode&S_IFDIR) != S_IFDIR || + (stbuf.st_mode&S_ISVTX) != S_ISVTX) +#endif + ) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: EBADOTH (world writeable): %s\n", + fexp); + fprintf(stderr, "This file/directory is world writeable.\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + (void) strcpy(tf_path, fexp); /* known to fit */ + SL_IRETURN(SL_EBADOTH, _("sl_trustfile")); + } + /* + * put the / back + */ + if (p == fexp) + { + /* special case for root */ + p[1] = c; + p++; + } + else + { + /* ordinary case for everything else */ + *p = c; + if (*p) + p++; + } + } + /* + * yes, it can be trusted + */ + (void) strcpy(tf_path, fexp); /* known to fit */ + SL_IRETURN(SL_ENONE, _("sl_trustfile")); +} + +#ifdef TRUST_MAIN +int main (int argc, char * argv[]) +{ + int status; +#if defined(SH_WITH_SERVER) + struct passwd * pass; +#endif + + if (argc < 2) { + fprintf(stderr, "%s: Usage: %s \n", argv[0], argv[0]); + return 1; + } + + tf_path[0] = '\0'; +#if defined(SH_WITH_SERVER) + pass = getpwnam(SH_IDENT); + if (pass != NULL) + tf_euid = pass->pw_uid; + else + { + fprintf(stderr, "trustfile: ERROR: getpwnam(%s) failed\n", + SH_IDENT); + return 1; + } +#else + tf_euid = geteuid(); +#endif + + status = sl_trustfile(argv[1], NULL, NULL); + if (status != SL_ENONE) + { + fprintf(stderr, "trustfile: ERROR: not a trusted path: %s\n", + argv[1]); + return 1; + } + return 0; +} +#endif + + + Index: branches/samhain-2_2-branch/src/yulectl.c =================================================================== --- branches/samhain-2_2-branch/src/yulectl.c (revision 66) +++ branches/samhain-2_2-branch/src/yulectl.c (revision 66) @@ -0,0 +1,626 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2003 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +#include +#include + +#if !defined(AF_FILE) +#define AF_FILE AF_UNIX +#endif + +#define SH_MAXMSG 209 + +static int sock = -1; +static char * sockname = NULL; + +static char password[15] = ""; + +static int verbose = 0; + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#ifdef SH_STEALTH +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 32 +#endif +char * globber(const char * str) +{ + register int i, j; + static int count = -1; + static char glob[SH_MAX_GLOBS][128]; + + ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; + j = strlen(str); + if (j > 127) j = 127; + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t') + glob[count][i] = str[i] ^ XOR_CODE; + else + glob[count][i] = str[i]; + } + glob[count][j] = '\0'; + return glob[count]; +} +#endif + +#define CLIENT _("yulectl") + + +int +make_named_socket (char * sockname) +{ + int sock; + +#if 0 + struct sockaddr_un name; + size_t size; +#else + (void) sockname; +#endif + + /* Create the socket. */ + + sock = socket (PF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + perror (_("ERROR: socket")); + return -1; + } + +#if 0 + /* Bind a name to the socket. */ + name.sun_family = AF_FILE; + strcpy (name.sun_path, sockname); + + /* The size of the address is + the offset of the start of the filename, + plus its length, + plus one for the terminating null byte. */ + size = (offsetof (struct sockaddr_un, sun_path) + + strlen (name.sun_path) + 1); + + if (bind (sock, (struct sockaddr *) &name, size) < 0) + { + perror (_("ERROR: bind")); + return -1; + } +#endif + + return sock; +} + +void +termination_handler (int signum) +{ + /* Clean up. */ + if (signum != 0) + { + if (verbose) + fprintf(stdout, _("# Terminated on signal %d\n"), signum); + } +#if 0 + if (sockname != NULL) unlink (sockname); +#endif + if (sock >= 0 ) close (sock); + + return; +} + + +int send_to_server (char * serversock, char * message) +{ + struct sockaddr_un name; + /* size_t size; */ + int size; + int nbytes; + + /* Initialize the server socket address. + */ + name.sun_family = AF_UNIX; + strncpy (name.sun_path, serversock, sizeof(name.sun_path) - 1); + size = (offsetof (struct sockaddr_un, sun_path) + + strlen (name.sun_path) + 1); + + nbytes = connect(sock, (struct sockaddr *) & name, size); + if (nbytes < 0) + { + perror (_("ERROR: connect")); + return -1; + } + + /* Send the datagram. + nbytes = sendto (sock, message, strlen (message) + 1, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (sock, message, strlen (message) + 1, 0); + + if (nbytes < 0) + { + perror (_("ERROR: send")); + return -1; + } + return 0; +} + +static int getline_from_server (int sock, char * buf, int size) +{ + int nbytes = 0; + int status = 0; + char * p = buf; + + do { + status = read (sock, p, 1); + if (status <= 0) + { + buf[nbytes] = '\0'; + return ((status == 0) ? nbytes : status); + } + else if (*p == '\0') + { + return nbytes; + } + ++nbytes; ++p; + } while (nbytes < size); + buf[size-1] = '\0'; + return 0; +} + +int recv_from_server (char * message) +{ + int nbytes = 0; + char recvmsg[SH_MAXMSG]; + int num = 0; + int good = -1; + int islist = 0; + char * p; + + if (password[0] == '\0') + { + if (message[0] == 'L' && message[1] == 'I' && + message[2] == 'S' && message[3] == 'T') + { + islist = 1; + } + if (message[0] == 'P' && message[1] == 'R' && + message[2] == 'O' && message[3] == 'B' && message[4] == 'E' ) + { + islist = 1; + } + } + else + { + p = &message[strlen(password)+1]; + if (p[0] == 'L' && p[1] == 'I' && + p[2] == 'S' && p[3] == 'T') + { + islist = 1; + } + if (p[0] == 'P' && p[1] == 'R' && + p[2] == 'O' && p[3] == 'B' && p[4] == 'E' ) + { + islist = 1; + } + } + + if (islist == 1) + { + do { + /* + nbytes = recvfrom (sock, recvmsg, SH_MAXMSG, 0, NULL, 0); + */ + nbytes = getline_from_server (sock, recvmsg, SH_MAXMSG); + if (nbytes < 0) + { + if (errno == EAGAIN) + { + return 0; + } + else + { + perror (_("ERROR: recv")); + return -1; + } + } + else if (nbytes == 0) + { + return 0; + } + if (recvmsg[0] == 'E' && recvmsg[1] == 'N' && recvmsg[2] == 'D') + { + if (verbose && (num == 0)) + fprintf (stdout, _("# There are no pending commands.\n")); + return 0; + } + ++num; + fprintf (stdout, _("%03d: %s\n"), num, recvmsg); + } while (nbytes >= 0); + } + else + { + /* + nbytes = recvfrom (sock, recvmsg, SH_MAXMSG, 0, NULL, 0); + */ + nbytes = recv (sock, recvmsg, SH_MAXMSG, 0); + if (nbytes < 0) + { + perror (_("ERROR: recv")); + return -1; + } + } + + /* Print a diagnostic message. */ + if (password[0] == '\0') + { + good = strcmp (message, recvmsg); + } + else + { + good = strcmp (&message[strlen(password)+1], recvmsg); + } + + if (0 != good) + { + fprintf (stderr, _("ERROR: Bounced message != original message (possible reason: superfluous password).\n")); + return -1; + } + else + { + if (verbose) + fprintf (stdout, _("# Message received by server.\n")); + } + + return 0; +} + +void usage(char * name) +{ + printf(_("\nUsage : %s [-v][-s server_socket] -c command \n\n"), + name); + + printf(_("Purpose : send commands to the server via a socket,\n")); + printf(_(" in particular commands that the server would\n")); + printf(_(" transfer to the client when\n")); + printf(_(" this client connects to deliver a message.\n\n")); + printf(_(" If password is required, it is read from\n")); + printf(_(" $HOME/.yulectl_cred or taken from the environment\n")); + printf(_(" variable YULECTL_PASSWORD (not recommended).\n\n")); + + printf(_("Commands: RELOAD \n")); + printf(_(" STOP \n")); + printf(_(" CANCEL \n")); + printf(_(" LIST \n")); + printf(_(" LISTALL \n")); + printf(_(" PROBE \n")); + return; +} + +void fixup_message (char * message) +{ + char message2[SH_MAXMSG]; + char home[4096]; + FILE * fp; + struct passwd * pwent; + char * pw; + + pw = getenv(_("YULECTL_PASSWORD")); + if (pw && strlen(pw) < 15) + { + strcpy(password, pw); + strcpy(message2, password); + goto do_msg; + } + + pwent = getpwuid(geteuid()); + if ((pwent == 0) || (pwent->pw_dir == NULL)) + { + if (verbose) + fprintf (stderr, _("WARNING: no home directory for euid %ld\n"), + (long) geteuid()); + if (NULL != getenv(_("HOME"))) + { + strncpy(home, getenv(_("HOME")), 4096); + home[4095] = '\0'; + } + else + { + fprintf (stderr, _("ERROR: no home directory for euid %ld (tried $HOME and password database).\n"), (long) geteuid()); + exit(EXIT_FAILURE); + } + } + else + { + strncpy(home, pwent->pw_dir, 4096); + home[4095] = '\0'; + } + + if ( (strlen(home) + strlen(_("/.yulectl_cred")) + 1) > 4096) + { + fprintf (stderr, _("ERROR: path for $HOME is too long.\n")); + exit(EXIT_FAILURE); + } + strcat(home, _("/.yulectl_cred")); + fp = fopen(home, "r"); + if (fp == NULL) + { + if (verbose && (errno == ENOENT)) + fprintf (stdout, + _("# Password file (%s) missing\n"), + home); + else if (verbose) + fprintf (stdout, + _("# Password file (%s) not accessible for euid %ld uid %ld\n"), + home, (long)geteuid(), (long)getuid()); + return; + } + if (NULL == fgets(message2, sizeof(message2), fp)) + { + fprintf (stderr, + _("ERROR: empty or unreadable password file (%s).\n"), + home); + exit(EXIT_FAILURE); + } + if (strlen(message2) > 14) + { + fprintf (stderr, + _("ERROR: Password too long (max. 14 characters).\n")); + exit(EXIT_FAILURE); + } + + if ( (0 != strlen(message2)) && ('\n' == message2[strlen(message2)-1])) + { + message2[strlen(message2)-1] = '\0'; + } + strcpy(password, message2); + fclose(fp); + do_msg: + strcat(message2, "@"); + + strncat(message2, message, SH_MAXMSG - strlen(message2) -1); + message2[SH_MAXMSG-1] = '\0'; + strcpy(message, message2); + return; +} + + +int +main (int argc, char * argv[]) +{ + + char message[SH_MAXMSG] = ""; + char clientcd[1024]; + char serversock[256]; + int status, size; + int num = 1; + int flag = 0; + +#ifdef HAVE_VSNPRINTF + status = snprintf(serversock, 256, _("%s/%s.sock"), + DEFAULT_PIDDIR, SH_INSTALL_NAME); +#else + if ((strlen(DEFAULT_PIDDIR) + strlen(SH_INSTALL_NAME) + 1 + 6) > 256) + { + status = -1; + } + else + { + status = sprintf (serversock, _("%s/%s.sock"), + DEFAULT_PIDDIR, SH_INSTALL_NAME); + } +#endif + + if ((status < 0) || (status > 255)) + { + fprintf(stderr, _("ERROR: Path too long (maximum 255): %s/%s.sock\n"), + DEFAULT_PIDDIR, SH_INSTALL_NAME); + return (EXIT_FAILURE); + } + + while (argc > 1 && argv[num][0] == '-') + { + switch (argv[num][1]) + { + case 'h': + usage(argv[0]); + return (EXIT_SUCCESS); + + case 'v': + ++verbose; + break; + + case 's': + --argc; ++num; + if (argv[num] == NULL || argv[num][0] == '\0') { + usage(argv[0]); + fprintf(stderr, _("ERROR: -s: argument missing\n")); + return (EXIT_FAILURE); + } else { + if (strlen(argv[num]) > 255) + { + fprintf(stderr, _("ERROR: Path too long: %s\n"), argv[num]); + return (EXIT_FAILURE); + } + strncpy (serversock, argv[num], 256); + serversock[255] = '\0'; + } + break; + + case 'c': + --argc; ++num; + if (argv[num] == NULL || argv[num][0] == '\0') { + usage(argv[0]); + fprintf(stderr, _("ERROR: -c: argument missing\n")); + return (EXIT_FAILURE); + } else { + if (strlen(argv[num]) >= SH_MAXMSG) + { + fprintf(stderr, _("ERROR: Command too long: %s\n"), + argv[num]); + return (EXIT_FAILURE); + } + strncpy (message, argv[num], SH_MAXMSG); + message[SH_MAXMSG-1] = '\0'; + strncat(message, ":", SH_MAXMSG-strlen(message)-1); + message[SH_MAXMSG-1] = '\0'; + flag = 1; + } + break; + + default: + usage(argv[0]); + fprintf(stderr, _("ERROR: unknown option -%c\n"), argv[num][1]); + return (EXIT_FAILURE); + } + --argc; ++num; + } + + if (flag == 0) /* no command given */ + { + usage(argv[0]); + return (EXIT_FAILURE); + } + + if (argc > 1) + { + if (strlen(argv[num]) > (SH_MAXMSG - strlen(message) -1)) + { + fprintf(stderr, _("ERROR: Hostname too long: %s\n"), argv[num]); + return (EXIT_FAILURE); + } + strncat (message, argv[num], SH_MAXMSG -strlen(message) - 1); + message[SH_MAXMSG-1] = '\0'; + } + else + { + if (message[0] == 'P' && message[1] == 'R' && + message[2] == 'O' && message[3] == 'B' && message[4] == 'E' ) + { + strncat (message, _("dummy"), SH_MAXMSG -strlen(message) - 1); + message[SH_MAXMSG-1] = '\0'; + } + else if (message[0] == 'L' && message[1] == 'I' && + message[2] == 'S' && message[3] == 'T') + { + strncat (message, _("dummy"), SH_MAXMSG -strlen(message) - 1); + message[SH_MAXMSG-1] = '\0'; + } + else + { + fprintf(stderr, _("ERROR: this command requires a hostname\n")); + usage(argv[0]); + return (EXIT_FAILURE); + } + } + + fixup_message(message); + + /* OpenBSD wants >= 1024 + */ + if (NULL == getcwd(clientcd, 1024)) + { + perror(_("ERROR: getcwd")); + return (EXIT_FAILURE); + } + size = strlen(clientcd) + 1 + strlen(CLIENT) + 6; + sockname = malloc (size); + if (!sockname) + { + perror(_("ERROR: main: malloc")); + return (EXIT_FAILURE); + } +#ifdef HAVE_VSNPRINTF + snprintf(sockname, size, _("%s/%s.sock"), clientcd, CLIENT); +#else + sprintf(sockname, _("%s/%s.sock"), clientcd, CLIENT); +#endif + + /* Make the socket. + */ + sock = make_named_socket (sockname); + if (sock < 0) + { + return (EXIT_FAILURE); + } + + /* Set up termination handler. + */ + signal (SIGINT, termination_handler); + signal (SIGHUP, termination_handler); + signal (SIGTERM, termination_handler); + signal (SIGQUIT, termination_handler); + + /* Send the datagram. + */ + status = send_to_server (serversock, message); + if (status < 0) + { + fprintf(stderr, _("ERROR: sending command to server failed\n")); + (void) termination_handler(0); + return (EXIT_FAILURE); + } + + /* Wait for a reply. + */ + if (message[0] == 'L' && message[1] == 'I' && + message[2] == 'S' && message[3] == 'T') + { + if (verbose) + fprintf(stdout, _("# Waiting for listing.\n")); + } + else + { + if (verbose) + fprintf(stdout, _("# Waiting for confirmation.\n")); + } + status = recv_from_server (message); + + if (status < 0) + { + fprintf(stderr, _("ERROR: receiving data from server failed.\n")); + (void) termination_handler(0); + return (EXIT_FAILURE); + } + + /* Clean up. */ + (void) termination_handler(0); + return (EXIT_SUCCESS); +} + Index: branches/samhain-2_2-branch/src/zAVLTree.c =================================================================== --- branches/samhain-2_2-branch/src/zAVLTree.c (revision 66) +++ branches/samhain-2_2-branch/src/zAVLTree.c (revision 66) @@ -0,0 +1,495 @@ +/* + * zAVLTree.c: Source code for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.c.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to . + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + +#include +#include +#include "zAVLTree.h" + +/* Wed Nov 23 17:57:42 CET 2005 rw: introduce third argument in + * zAVLCloseSearchNode() to avoid redundant strcmp + */ +static zAVLNode *zAVLCloseSearchNode (zAVLTree const *avltree, zAVLKey key, + int * ok); +static void zAVLRebalanceNode (zAVLTree *avltree, zAVLNode *avlnode); +static void zAVLFreeBranch (zAVLNode *avlnode, void (freeitem)(void *item)); +static void zAVLFillVacancy (zAVLTree *avltree, + zAVLNode *origparent, zAVLNode **superparent, + zAVLNode *left, zAVLNode *right); + +#define MAX(x, y) ((x) > (y) ? (x) : (y)) +#define MIN(x, y) ((x) < (y) ? (x) : (y)) +#define L_DEPTH(n) ((n)->left ? (n)->left->depth : 0) +#define R_DEPTH(n) ((n)->right ? (n)->right->depth : 0) +#define CALC_DEPTH(n) (MAX(L_DEPTH(n), R_DEPTH(n)) + 1) + +#define ZAVL_OK 1 +#define ZAVL_NO 0 + + +/* + * AVLAllocTree: + * Allocate memory for a new AVL tree and set the getkey function for + * that tree. The getkey function should take an item and return an + * AVLKey that is to be used for indexing this object in the AVL tree. + * On success, a pointer to the malloced AVLTree is returned. If there + * was a malloc failure, then NULL is returned. + */ +zAVLTree *zAVLAllocTree (zAVLKey (*getkey)(void const *item)) +{ + zAVLTree *rc; + + rc = malloc(sizeof(zAVLTree)); + if (rc == NULL) + return NULL; + + rc->top = NULL; + rc->count = 0; + rc->getkey = getkey; + return rc; +} + + +/* + * AVLFreeTree: + * Free all memory used by this AVL tree. If freeitem is not NULL, then + * it is assumed to be a destructor for the items reference in the AVL + * tree, and they are deleted as well. + */ +void zAVLFreeTree (zAVLTree *avltree, void (freeitem)(void *item)) +{ + if (NULL == avltree) /* R.W. Mon Nov 19 21:15:44 CET 2001 */ + return; + if (avltree->top) + zAVLFreeBranch(avltree->top, freeitem); + free(avltree); +} + + +/* + * AVLInsert: + * Create a new node and insert an item there. + * + * Returns 0 on success, + * -1 on malloc failure, + * 3 if duplicate key. + */ +int zAVLInsert (zAVLTree *avltree, void *item) +{ + zAVLNode *newnode; + zAVLNode *node; + zAVLNode *balnode; + zAVLNode *nextbalnode; + int ok; + + newnode = malloc(sizeof(zAVLNode)); + if (newnode == NULL) + return -1; + + newnode->key = avltree->getkey(item); + newnode->item = item; + newnode->depth = 1; + newnode->left = NULL; + newnode->right = NULL; + newnode->parent = NULL; + + if (avltree->top != NULL) { + node = zAVLCloseSearchNode(avltree, newnode->key, &ok); + + if (ok == ZAVL_OK) { /* exists already */ + free(newnode); + return 3; + } + + newnode->parent = node; + + if (zAVLKey_cmp(avltree, newnode->key, node->key) < 0) { + node->left = newnode; + node->depth = CALC_DEPTH(node); + } + + else { + node->right = newnode; + node->depth = CALC_DEPTH(node); + } + + for (balnode = node->parent; balnode; balnode = nextbalnode) { + nextbalnode = balnode->parent; + zAVLRebalanceNode(avltree, balnode); + } + } + + else { + avltree->top = newnode; + } + + avltree->count++; + return 0; +} + + +/* + * zAVLSearch: + * Return a pointer to the item with the given key in the AVL tree. If + * no such item is in the tree, then NULL is returned. + */ +void *zAVLSearch (zAVLTree const *avltree, zAVLKey key) +{ + zAVLNode *node; + int ok; + + if (NULL == avltree) /* R.W. Mon Nov 19 21:15:44 CET 2001 */ + return NULL; + + node = zAVLCloseSearchNode(avltree, key, &ok); + + if (node && ok == ZAVL_OK) + return node->item; + + return NULL; +} + + +/* + * zAVLDelete: + * Deletes the node with the given key. Does not delete the item at + * that key. Returns 0 on success and -1 if a node with the given key + * does not exist. + */ +int zAVLDelete (zAVLTree *avltree, zAVLKey key) +{ + zAVLNode *avlnode; + zAVLNode *origparent; + zAVLNode **superparent; + int ok; + + avlnode = zAVLCloseSearchNode(avltree, key, &ok); + if (avlnode == NULL || ok == ZAVL_NO) /* does not exist */ + return -1; + + origparent = avlnode->parent; + + if (origparent) { + if (zAVLKey_cmp(avltree, avlnode->key, avlnode->parent->key) < 0) + superparent = &(avlnode->parent->left); + else + superparent = &(avlnode->parent->right); + } + else + superparent = &(avltree->top); + + zAVLFillVacancy(avltree, origparent, superparent, + avlnode->left, avlnode->right); + free(avlnode); + avltree->count--; + return 0; +} + + +/* + * zAVLFirst: + * Initializes an zAVLCursor object and returns the item with the lowest + * key in the zAVLTree. + */ +void *zAVLFirst (zAVLCursor *avlcursor, zAVLTree const *avltree) +{ + const zAVLNode *avlnode; + + if (NULL == avltree) /* R.W. Mon Nov 19 21:15:44 CET 2001 */ + return NULL; + + avlcursor->avltree = avltree; + + if (avltree->top == NULL) { + avlcursor->curnode = NULL; + return NULL; + } + + for (avlnode = avltree->top; + avlnode->left != NULL; + avlnode = avlnode->left); + avlcursor->curnode = avlnode; + return avlnode->item; +} + + +/* + * zAVLNext: + * Called after an zAVLFirst() call, this returns the item with the least + * key that is greater than the last item returned either by zAVLFirst() + * or a previous invokation of this function. + */ +void *zAVLNext (zAVLCursor *avlcursor) +{ + const zAVLNode *avlnode; + + avlnode = avlcursor->curnode; + + if (avlnode->right != NULL) { + for (avlnode = avlnode->right; + avlnode->left != NULL; + avlnode = avlnode->left); + avlcursor->curnode = avlnode; + return avlnode->item; + } + + while (avlnode->parent && avlnode->parent->left != avlnode) { + avlnode = avlnode->parent; + } + + if (avlnode->parent == NULL) { + avlcursor->curnode = NULL; + return NULL; + } + + avlcursor->curnode = avlnode->parent; + return avlnode->parent->item; +} + + +/* + * zAVLCloseSearchNode: + * Return a pointer to the node closest to the given key. + * Returns NULL if the AVL tree is empty. + */ +static zAVLNode *zAVLCloseSearchNode (zAVLTree const *avltree, zAVLKey key, + int * ok) +{ + zAVLNode *node; + + *ok = ZAVL_NO; + + node = avltree->top; + + if (!node) + return NULL; + + for (;;) { + if (!zAVLKey_cmp(avltree, node->key, key)) + { + *ok = ZAVL_OK; + return node; + } + + if (zAVLKey_cmp(avltree, node->key, key) < 0) { + if (node->right) + node = node->right; + else + return node; + } + + else { + if (node->left) + node = node->left; + else + return node; + } + } +} + + +/* + * zAVLRebalanceNode: + * Rebalances the AVL tree if one side becomes too heavy. This function + * assumes that both subtrees are AVL trees with consistant data. This + * function has the additional side effect of recalculating the depth of + * the tree at this node. It should be noted that at the return of this + * function, if a rebalance takes place, the top of this subtree is no + * longer going to be the same node. + */ +static void zAVLRebalanceNode (zAVLTree *avltree, zAVLNode *avlnode) +{ + long depthdiff; + zAVLNode *child; + zAVLNode *gchild; + zAVLNode *origparent; + zAVLNode **superparent; + + origparent = avlnode->parent; + + if (origparent) { + if (zAVLKey_cmp(avltree, avlnode->key, avlnode->parent->key) < 0) + superparent = &(avlnode->parent->left); + else + superparent = &(avlnode->parent->right); + } + else + superparent = &(avltree->top); + + depthdiff = R_DEPTH(avlnode) - L_DEPTH(avlnode); + + if (depthdiff <= -2) { + child = avlnode->left; + + if (L_DEPTH(child) >= R_DEPTH(child)) { + avlnode->left = child->right; + if (avlnode->left != NULL) + avlnode->left->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->right = avlnode; + if (child->right != NULL) + child->right->parent = child; + child->depth = CALC_DEPTH(child); + *superparent = child; + child->parent = origparent; + } + + else { + gchild = child->right; + avlnode->left = gchild->right; + if (avlnode->left != NULL) + avlnode->left->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->right = gchild->left; + if (child->right != NULL) + child->right->parent = child; + child->depth = CALC_DEPTH(child); + gchild->right = avlnode; + if (gchild->right != NULL) + gchild->right->parent = gchild; + gchild->left = child; + if (gchild->left != NULL) + gchild->left->parent = gchild; + gchild->depth = CALC_DEPTH(gchild); + *superparent = gchild; + gchild->parent = origparent; + } + } + + else if (depthdiff >= 2) { + child = avlnode->right; + + if (R_DEPTH(child) >= L_DEPTH(child)) { + avlnode->right = child->left; + if (avlnode->right != NULL) + avlnode->right->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->left = avlnode; + if (child->left != NULL) + child->left->parent = child; + child->depth = CALC_DEPTH(child); + *superparent = child; + child->parent = origparent; + } + + else { + gchild = child->left; + avlnode->right = gchild->left; + if (avlnode->right != NULL) + avlnode->right->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->left = gchild->right; + if (child->left != NULL) + child->left->parent = child; + child->depth = CALC_DEPTH(child); + gchild->left = avlnode; + if (gchild->left != NULL) + gchild->left->parent = gchild; + gchild->right = child; + if (gchild->right != NULL) + gchild->right->parent = gchild; + gchild->depth = CALC_DEPTH(gchild); + *superparent = gchild; + gchild->parent = origparent; + } + } + + else { + avlnode->depth = CALC_DEPTH(avlnode); + } +} + + +/* + * zAVLFreeBranch: + * Free memory used by this node and its item. If the freeitem argument + * is not NULL, then that function is called on the items to free their + * memory as well. In other words, the freeitem function is a + * destructor for the items in the tree. + */ +static void zAVLFreeBranch (zAVLNode *avlnode, void (freeitem)(void *item)) +{ + if (avlnode->left) + zAVLFreeBranch(avlnode->left, freeitem); + if (avlnode->right) + zAVLFreeBranch(avlnode->right, freeitem); + if (freeitem) + freeitem(avlnode->item); + free(avlnode); +} + + +/* + * zAVLFillVacancy: + * Given a vacancy in the AVL tree by it's parent, children, and parent + * component pointer, fill that vacancy. + */ +static void zAVLFillVacancy (zAVLTree *avltree, + zAVLNode *origparent, zAVLNode **superparent, + zAVLNode *left, zAVLNode *right) +{ + zAVLNode *avlnode; + zAVLNode *balnode; + zAVLNode *nextbalnode; + + if (left == NULL) { + if (right) + right->parent = origparent; + + *superparent = right; + balnode = origparent; + } + + else { + for (avlnode = left; avlnode->right != NULL; avlnode = avlnode->right); + + if (avlnode == left) { + balnode = avlnode; + } + else { + balnode = avlnode->parent; + balnode->right = avlnode->left; + if (balnode->right != NULL) + balnode->right->parent = balnode; + avlnode->left = left; + left->parent = avlnode; + } + + avlnode->right = right; + if (right != NULL) + right->parent = avlnode; + *superparent = avlnode; + avlnode->parent = origparent; + } + + for (; balnode; balnode = nextbalnode) { + nextbalnode = balnode->parent; + zAVLRebalanceNode(avltree, balnode); + } +} Index: branches/samhain-2_2-branch/test/test.sh =================================================================== --- branches/samhain-2_2-branch/test/test.sh (revision 66) +++ branches/samhain-2_2-branch/test/test.sh (revision 66) @@ -0,0 +1,754 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# ----------------------------------------------------------------------- +# Be Bourne compatible +# ----------------------------------------------------------------------- + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# ----------------------------------------------------------------------- +# Make sure we support functions (from the autoconf manual) +# ----------------------------------------------------------------------- + +TSHELL="${TSHELL-/bin/sh}" +if test x"$1" = "x--re-executed" +then + shift +elif "$TSHELL" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 +then + : +else + for cmd in sh bash ash bsh ksh zsh sh5; do + X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + shell="$dir/$cmd" + if (test -f "$shell" || test -f "$shell.exe") + then + if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 + then + TSHELL="$shell"; export TSHELL + IFS=${OLD_IFS}; export IFS + exec "$shell" "$0" --re-executed ${1+"$@"} + fi + fi + done + IFS=${OLD_IFS}; export IFS + done + echo "-----------------------------------------------------------------" + echo "ERROR: Unable to locate a shell interpreter with function support" >&2 + echo "-----------------------------------------------------------------" + { (exit 1); exit 1; } +fi + +# ----------------------------------------------------------------------- +# Make sure we support 'let' (from the autoconf manual) +# ----------------------------------------------------------------------- + +TSHELL="${TSHELL-/bin/sh}" +if test x"$1" = "x--re-run" +then + shift +elif "$TSHELL" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 +then + : +else + for cmd in sh bash ash bsh ksh zsh sh5; do + X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + shell="$dir/$cmd" + if (test -f "$shell" || test -f "$shell.exe") + then + if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 + then + if "$shell" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 + then + TSHELL="$shell"; export TSHELL + IFS=${OLD_IFS}; export IFS + exec "$shell" "$0" --re-run ${1+"$@"} + fi + fi + fi + done + IFS=${OLD_IFS}; export IFS + done + echo "-----------------------------------------------------------------" + echo "ERROR: Unable to locate a shell interpreter with support for 'let'" >&2 + echo "-----------------------------------------------------------------" + { (exit 1); exit 1; } +fi + + +umask 0022 + +isok=`test -t 1 2>&1 | wc -c` +if [ "$isok" -eq 0 ]; then + test -t 1 + isok=$? +fi + +# The following two are the ANSI sequences for start and end embolden +if [ x"$isok" = x0 ]; then + case $TERM in + vt*|ansi*|con*|xterm*|linux*|screen*|rxvt*) + S='' + R= + G= + B= + E= + ;; + *) + S= + R= + G= + B= + E= + ;; + esac +fi + + +usage() { + echo "test.sh [options] [hostname]" + echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [--no-cleanup]" + echo " [--srcdir=top_srcdir] [--color=always|never|auto]" + echo + echo " ${S}test.sh 1${E} -- Compile with many different options" + echo " ${S}test.sh 2${E} -- Hash function (testrc_1)" + echo " ${S}test.sh 3${E} -- Standalone init/check" + echo " ${S}test.sh 4${E} -- Microstealth init/check" + echo " ${S}test.sh 5${E} -- External program call (testrc_1ext.in)" + echo " ${S}test.sh 6${E} -- Controlling the daemon" + echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" + echo " ${S}test.sh 8${E} -- Suidcheck" + + echo " ${S}test.sh 10${E} -- Test c/s init/check (testrc_2.in)" + echo " ${S}test.sh 11${E} -- Test full c/s init/check (testrc_2.in)" + echo " ${S}test.sh 12${E} -- Test full c/s w/gpg (testrc_2.in)" + echo " ${S}test.sh 13${E} -- Test full c/s w/mysql (testrc_2.in)" + echo " ${S}test.sh 14${E} -- Test full c/s w/postgres (testrc_2.in)" + echo " ${S}test.sh all${E} -- All tests" +} +scripts () { + echo + echo "Scripts used by tests:" + echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" + echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" + echo " (10) testrun_2.sh (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh" + echo " (14) testrun_2d.sh" +} + +# +# Option parsing +# +verbose= +quiet= +stoponerr= +color=auto +cleanup=on +doall= +usevalgrind= + +while [ $# -gt 0 ] +do + case "$1" in + -h|--help) usage; exit 0;; + --scripts) usage; scripts; exit 0;; + -v|--verbose) verbose=on; quiet= ;; + -q|--quiet) quiet=on; verbose= ;; + -s|--stoponerr) stoponerr=on;; + --no-cleanup) cleanup= ;; + --really-all) doall=on;; + --valgrind) usevalgrind=on;; + --srcdir=*) TOP_SRCDIR=`echo $1 | sed s,--srcdir=,,`; export TOP_SRCDIR;; + --color=*) + arg=`echo $1 | sed s,--color=,,` + case $arg in + auto) ;; + never|none|no) + S= + R= + G= + B= + E= + ;; + always|yes) + S='' + R= + G= + G= + E= + ;; + *) echo "Invalid argument $1"; exit 1;; + esac + ;; + -*) echo "Invalid argument $1"; exit 1;; + *) break;; + esac + shift +done + +export verbose +export quiet +export stoponerr +export cleanup +export doall +export S; export R; export G; export B; export E; + +SCRIPTDIR=. + +# +# 'make test' will copy the 'test' subdirectory and replace TEST_SRCDIR +# +TEST_SRCDIR="XXXSRCXXX"; +if test "x${TOP_SRCDIR}" = x; then + # not within source tree, and not called with 'make testN' + if test -f "${TEST_SRCDIR}/src/samhain.c"; then + TOP_SRCDIR="${TEST_SRCDIR}"; export TOP_SRCDIR + if test -f test/testcompile.sh; then + SCRIPTDIR=test + fi + # not within source tree, not called by 'make', and in 'test' subdir + elif test -f "../${TEST_SRCDIR}/src/samhain.c"; then + cd .. + SCRIPTDIR=test + TOP_SRCDIR="${TEST_SRCDIR}"; export TOP_SRCDIR + # within source tree, and not called with 'make testN' + else + if test -f ../src/samhain.c; then + cd .. + SCRIPTDIR=test + TOP_SRCDIR=. + export TOP_SRCDIR + elif test -f ./src/samhain.c; then + SCRIPTDIR=test + TOP_SRCDIR=. + export TOP_SRCDIR + else + echo "Please use --srcdir=DIR, where DIR should be the" + echo "top directory in the samhain source tree." + exit 1 + fi + fi +else + # called by make, or with --srcdir=TOP_SRCDIR + if test -f "${TOP_SRCDIR}/src/samhain.c"; then + SCRIPTDIR="${TOP_SRCDIR}/test" + elif test -f "../${TOP_SRCDIR}/src/samhain.c"; then + cd ..; SCRIPTDIR="${TOP_SRCDIR}/test" + else + echo "Please use --srcdir=DIR, where DIR should be the" + echo "top directory in the samhain source tree." + exit 1 + fi +fi + +export SCRIPTDIR + +PW_DIR=`pwd`; export PW_DIR + +# +# group/world writeable will cause problems +# +chmod go-w . +# +# +# +if test x$UID != x; then + TRUST="--with-trusted=0,2,$UID" +else + TRUST="--with-trusted=0,2,500" +fi +export TRUST +# +# find a good 'make' +# +MAKE=`which gmake` +if test "x$?" = x1 ; then + MAKE="make -s" +else + MAKE=`which gmake | sed -e "s%\([a-z:]\) .*%\1%g"` + if test "x$MAKE" = x; then + MAKE="make -s" + elif test "x$MAKE" = xno; then + MAKE="make -s" + else + if test "x$MAKE" = "xwhich:"; then + MAKE="make -s" + else + MAKE="gmake -s" + gmake -v >/dev/null 2>&1 || MAKE="make -s" + fi + fi +fi +export MAKE + +failcount=0 +okcount=0 +skipcount=0 +global_count=0 +last_count=0 + +# args: #test, #total, status, optional msg +log_msg () +{ + if [ x"$COLUMNS" != x ]; then + TERMWIDTH=$COLUMNS + elif [ x"$COLS" != x ]; then + TERMWIDTH=$COLS + else + TERMWIDTH=80 + fi + cols=66; + # + if [ $1 -eq 0 ]; then + msg=" ${4}" + else + if [ ${1} -eq 1 ]; then + global_count=${last_count} + fi + let "v = $1 + global_count" >/dev/null + last_count=${v} + dd=''; if [ $v -lt 10 ]; then dd=" "; fi + dt=''; if [ $2 -lt 10 ]; then dt=" "; fi + if [ -z "$4" ]; then + msg=" test ${dd}${v}/${dt}${2}" + else + msg=" test ${dd}${v}/${dt}${2} ${4}" + fi + fi + # + if [ x"$3" = xfailure ]; then + ccode=$R + elif [ x"$3" = xsuccess ]; then + ccode=$G + else + ccode=$B + fi + if [ -z "${R}" ]; then + echo " [${3}] ${msg}" + else + # len=${#...} is not bourne shell + # also, need to account for terminal control sequences + len=`echo "$msg" | awk '/1;30m/ { print length()-10; }; !/1;30m/ { print length();}'` + let "cols = cols - len" >/dev/null + moveto='['$cols'C' + echo "${msg}${moveto}${ccode}[${3}]${E}" + fi +} + +log_fail () { + log_msg "$1" "$2" failure "$3"; + let "failcount = failcount + 1" >/dev/null; + test -z "$stoponerr" || exit 1; +} +log_ok () { + log_msg "$1" "$2" success "$3"; + let "okcount = okcount + 1" >/dev/null; +} +log_skip () { + log_msg "$1" "$2" skipped "$3"; + let "skipcount = skipcount + 1" >/dev/null; +} + +log_msg_fail () { log_msg 0 0 failure "$1"; } +log_msg_ok () { log_msg 0 0 success "$1"; } +log_msg_skip () { log_msg 0 0 skipped "$1"; } + +log_start () { + if [ -z "$quiet" ]; then + echo; + echo "${S}__ START TEST ${1} __${E}"; + echo; + fi +} +log_end () { + if [ -n "$verbose" ]; then + echo; + echo "${S}__ END TEST ${1} __${E}"; + echo; + fi +} + +# This looks silly, but with solaris10/i386 on vmware, +# 'sleep' occasionally does not sleep... + +one_sec_sleep () { + onesdate=`date` + onestest=0 + while [ $onestest -eq 0 ]; do + sleep 1 + twosdate=`date` + if [ "x$twosdate" = "x$onesdate" ]; then + onestest=0 + else + onestest=1 + fi + done +} + +five_sec_sleep () { + for f in 1 2 3 4 5; do + one_sec_sleep + done +} + +do_cleanup () { + rm -f testrc_1.dyn + rm -f testrc_2 + rm -f testrc_22 + rm -f ./.samhain_file + rm -f ./.samhain_log* + rm -f ./.samhain_lock* + test -d testrun_testdata && chmod -R 0700 testrun_testdata + test -d .quarantine && rm -rf .quarantine + rm -rf testrun_testdata + rm -f test_log_db + rm -f test_log_prelude + rm -f test_log_valgrind* + rm -f test_log_yulectl + rm -f yule.html + rm -f yule.html2 +} + +print_summary () +{ + let "gcount = okcount + skipcount + failcount" >/dev/null; + [ -z "$quiet" ] && { + echo + echo "__ ${S}Tests: ${gcount} Ok: ${okcount} Skipped: ${skipcount} Failed: ${failcount}${E}" + } + if [ $failcount -eq 0 ]; then + [ -z "$quiet" ] && { echo "__ ${G}All tests passed successfully.${E}"; echo; } + elif [ $failcount -eq 1 ]; then + [ -z "$quiet" ] && { echo "__ ${R}There was 1 failure.${E}"; echo; } + else + [ -z "$quiet" ] && { echo "__ ${R}There were $failcount failures.${E}"; echo; } + fi + [ -z "$cleanup" ] || do_cleanup; +} + +find_path () { ( + save_IFS=$IFS; IFS=: + + for dir in $PATH; do + IFS=$as_save_IFS + test -z "$dir" && dir=. + if test -f "$dir/$1"; then + echo "$dir/$1"; + break; + fi + done + IFS=${save_IFS}; +); } + +find_hostname () { + tmp=`hostname -f 2>/dev/null` + if [ $? -ne 0 ]; then + tmp=`hostname 2>/dev/null` + fi + if [ -z "$tmp" ]; then + tmp="localhost" + fi + # + # first one is hostname, others are aliases + # + tmp2=`cat /etc/hosts | egrep "^ *[0123456789].* $tmp" | awk '{ print $2 }'` + if [ -z "$tmp2" ]; then + echo "$tmp" + else + echo "$tmp2" + fi +} + +rm -f ./test_log + +# first one is hostname, others are aliases +# +hostname=`cat /etc/hosts | egrep "^ *127.0.0.1" | awk '{ print $2 }'` +if [ x"$hostname" = xlocalhost ]; then + hostname="127.0.0.1" +fi + +# Seems that 'valgrind' causes random hangs :-( +# +if [ -z "$usevalgrind" ]; then + VALGRIND= +else + VALGRIND=`find_path valgrind`; +fi +[ -z "$VALGRIND" ] || { + VALGRIND="$VALGRIND --quiet --tool=memcheck --suppressions=.test.supp"; + export VALGRIND; + [ -z "$verbose" ] || log_msg_ok "using valgrind" +cat > ".test.supp" </dev/null + . ${SCRIPTDIR}/testhash.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1a.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testext.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testtimesrv.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1b.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1c.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2a.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2b.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2c.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2d.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + # + # ${SCRIPTDIR}/testtimesrv.sh + # ${SCRIPTDIR}/testrun_1b.sh + # ${SCRIPTDIR}/testrun_2.sh $2 + # ${SCRIPTDIR}/testrun_2a.sh $2 + # + MAXTEST=${TEST_MAX}; export MAXTEST + testcompile + testhash + # + . ${SCRIPTDIR}/testrun_1.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1 + # + . ${SCRIPTDIR}/testrun_1a.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1a + # + testext0 + # + . ${SCRIPTDIR}/testtimesrv.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testtime0 + # + . ${SCRIPTDIR}/testrun_1b.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1b + # + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1c.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1c + # + . ${SCRIPTDIR}/testrun_2.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2 $hostname + # + . ${SCRIPTDIR}/testrun_2a.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2a $hostname + # + . ${SCRIPTDIR}/testrun_2b.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2b $hostname + # + . ${SCRIPTDIR}/testrun_2c.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2c $hostname + # + . ${SCRIPTDIR}/testrun_2d.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2d $hostname + # + print_summary + exit 0 +fi + +usage; + +exit 1; + +# gpg -a --clearsign --not-dash-escaped testrc.gpg +# gpg -a --clearsign --not-dash-escaped .samhain_file +# tar czvf foo.tgz testrc.gpg.asc .samhain_file.asc +# cat foo.tgz >>test/test.sh + +__ARCHIVE_FOLLOWS__ +‹£ÉúDí•ÏoãDÇœ UbN\'€‘8*Û:IӔJ‘pãÔ-›ŠùєBU!o2M +þ‘z&éf/ˆ‚#§šgGâßa%7U$ĉHš‡U{àÚš +ã$M¶Ûª‚.¬4Ù +ϛ™÷Þ×3ž!39•Î€§dœänž2;3ã”.Ÿ—ïÕ]ýzïÕëóq.~Æ7ëqû\³ +môž< +äo'q²˜È&„œ)+:2¯ê‡L| +Ÿ˜aù’p×a!(-‡aDŠÀø²Šp% +R°×–dŒ3ãK‚ +„ +"ÒZ'å +JÍÃOŒ,ÔJAIÏF$H +˜CŠ²‡dGÁPCËiØ1•ûY‚ðØVTäŸF$ ÀÛP74‘¬ªyši§ ¿iG(«š LgeS։ƒzGLÀŠd{ŠžéEgÀˆËi:K9%‰ðˆi‡ú­kIє‚9€“8r&ù-pþ–  +x’ŸŽ™\㊒S«ºš·ž'4nœÈöo +ËiÝ0QØÐÑžýâc]Ö_PUÿžlêCs?$ýT÷Ð(*&ö+ú¶1Ž„e:ý‘`“&³VdE=o¥ãušyhèÇÈcuÄÖë1•‹׏6WœÜ¢Œ4C§ÝhTâä•ÜAÉ/Ö +ù]nÞ1ÆP2kbÅÐCԁêwõŒ!ÃÈô:Íò †2†I³ª*"B„~ºF@Àñƒ³ÚÝ®ü=§Î +®.npÉ +Ö±Áâ]GœhóƒšsM¹§Œð])œ˜)zöÁ{(✾] +NâUi—×òÂKùÔ'|ÄÇp4çÑøûá{Þ¹ð¯GCº›V–}ÑtE4w¬ðáXÄ÷0ê‘Ð +ˆŠ)Xöÿ¶DU÷ †ÅËÒû¯n +ËÚÝú>sþ[:®ÙÿÝ^Þ{ŸÿÏxœ^gÿ÷¹ÙþÿBx1ûÿO¿üÐùœý˜¯œ:žÃ +œ_y>¬‰^ýËïOE§,>/G)ŒÀÑö7žîÑÑÙ³ú.µ>>é>ý£[p.®|Cèðýã³'à.(|u¹œ;ô.§&žý;ýú[?öÓÿî›øXù\9Žýfr +ݧ +nÁ¹žN­Z­•ÊõÃÃfѶËõR§]Žª¥b»Ø²Ú +ë°T¬5:õF±TkÚ­Ž]ÈÙÿíèôìôQÉ79î끚ǭŸ(øhŒ|®šÏÑš(»\Ž¬b«}xPjV«õZµa7êµJŲJ•r»b[Tfë VªÖ+TߏÎN®Ñ$Ñu‡?ì×OšÊߟ³à”’Œp¥&ÚïhjØ +«ÒŽ«õN˲[Z³U/µ*õš]?,µ*öA£ZîXV¥n7;É:=îþùë“cg®žúrR ZþÅS\%c§ž7„{¢äâI`nÝ+ +ž‡©D@ÌMûB‰˜gÝéœEa-’^ú|7¢EgƒædFü8(íFdLOñɄ +ûŸâ +ƒÁ`0 +ƒÁ`0 +ƒÁ`0 +FŸ¿ès(( Index: branches/samhain-2_2-branch/test/test_ext.c.in =================================================================== --- branches/samhain-2_2-branch/test/test_ext.c.in (revision 66) +++ branches/samhain-2_2-branch/test/test_ext.c.in (revision 66) @@ -0,0 +1,33 @@ +#include +#include +#include +#include +#include +#include + +int main () +{ + char line[256]; + int flags; + FILE * foo = fopen ("MYPWDIR", "a"); + + flags = fcntl(STDIN_FILENO, F_GETFL); + fcntl(STDIN_FILENO, F_SETFL, flags|O_NONBLOCK); + + xagain: + errno = 0; + while (NULL != fgets(line, 255, stdin)) + { + fprintf (foo, "RECV: %s", line); + fflush (foo); + } + if (ferror(stdin) && errno == EAGAIN) + { + clearerr(stdin); + goto xagain; + } + fclose(foo); + return 0; +} + + Index: branches/samhain-2_2-branch/test/testcompile.sh =================================================================== --- branches/samhain-2_2-branch/test/testcompile.sh (revision 66) +++ branches/samhain-2_2-branch/test/testcompile.sh (revision 66) @@ -0,0 +1,630 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=61; export MAXTEST + +run_flawfinder () +{ + flawfinder --minlevel=3 --quiet src/s*.c | \ + egrep '^No hits found.' >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; + else + flawfinder --minlevel=3 --quiet src/s*.c >test_log 2>&1 + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; + return 1 + fi +} + +run_smatch () +{ + export CDIR=`pwd`; + + if [ -z "$doall" ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; + return 0 + fi + + if [ "x$3" = "xdebug" ]; then memcheck=debug; else memcheck=simple; fi + if [ -f ../sm_scripts/smatch.pm ]; then + ( + cd ../sm_scripts; + + for i in ${CDIR}/*.c.sm ; do + # echo $i; + cat $i | ./unreached_code.pl; + cat $i | ./ampersand_missing.sh; + cat $i | ./uninitialized.pl; + cat $i | ./eqeq.pl; + cat $i | ./for_bounds.pl; + cat $i | ./unchecked_returns.pl; + cat $i | ./unreached_code.pl; + cat $i | ./uninitialized.pl; + # from http://people.redhat.com/mstefani/wine/smatch/ + if [ -f ./while_for_check.pl ]; then + cat $i | ./while_for_check.pl; + fi + # --> end wine <-- + # samhain specific + if [ $memcheck = xsimple ]; then + if [ -f ./samhain_unfree.pl ]; then + cat $i | ./samhain_unfree.pl | \ + egrep -v 'x_cutest_.*Test_' | \ + egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; + fi + fi + if [ $memcheck = xdebug ]; then + if [ -f ./samhain_unfree_debug.pl ]; then + cat $i | ./samhain_unfree_debug.pl | \ + egrep -v 'x_cutest_.*Test_' | \ + egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; + fi + fi + # --> end samhain specific <-- + #cat $i | ./unfree.pl | \ + # egrep -v 'x_cutest_.*Test_' | \ + # grep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; + touch list_null_funcs_uniq; + cat $i | ./deference_check.pl; + rm -f list_null_funcs_uniq; + rm -f $i + done + ) >test_log_smatch 2>&1 + if [ -f test_log_smatch ]; then + lines=`cat test_log_smatch | wc -l` + if [ $lines -ne 0 ]; then + cat test_log_smatch + rm -f test_log_smatch + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (smatch)"; + return 1 + fi + fi + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (smatch)"; + return 0 + fi + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; + return 0 +} + +testmake () +{ + fail=0 + if test x$1 = x0; then + [ -z "$verbose" ] || log_msg_ok "configure... $TEST"; + $MAKE ${SMATCH} cutest > /dev/null 2>> test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make cutest... $TEST"; + else + [ -z "$quiet" ] && log_msg_fail "make cutest... $TEST"; + fail=1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure... $TEST"; + if [ x"$3" = xskip ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST"; + fi + fail=1 + fi + if [ $fail -eq 1 ]; then + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; + return 1 + fi + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; + return 0 +} + +testcompile () +{ + log_start "COMPILE" + + if [ -f /usr/local/gcc-smatch/bin/gcc ]; then + SAVE_CC="${CC}" + SMATCH="DBGDEF=--smatch"; export SMATCH + CC="/usr/local/gcc-smatch/bin/gcc"; export CC + fi + + num=0 + numfail=0 + + # + # test flawfinder + # + TEST="${S}check w/flawfinder${E}" + # + # + let "num = num + 1" >/dev/null + FLAWFINDER=`find_path flawfinder` + # + if [ -z "$FLAWFINDER" ]; then + log_skip $num $MAXTEST 'check w/flawfinder (not in PATH)' + else + run_flawfinder 0 $num || let "numfail = numfail + 1" >/dev/null + fi + # + + # + # test standalone compilation + # + TEST="${S}standalone w/suidcheck${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/mounts-check w/userfiles${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-mounts-check --enable-userfiles > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + + # + # test standalone compilation + # + TEST="${S}standalone w/timeserver and w/msgqueue${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-message-queue --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation with --with-nocl=PW + # + TEST="${S}standalone w/nocl${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --enable-nocl="owl" --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/ debug + # + TEST="${S}standalone w/debug${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/ gpg + # + TEST="${S}standalone w/gpg${E}" + # + GPG=`find_path gpg` + let "num = num + 1" >/dev/null + # + if [ -z "$GPG" ]; then + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + else + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + fi + + # + # test standalone compilation w/stealth + # + TEST="${S}standalone w/stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/logwatch + # + TEST="${S}standalone w/login-watch${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/mysql + # + TEST="${S}standalone w/mysql${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --with-database=mysql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/mysql and stealth + # + TEST="${S}standalone w/mysql+stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --enable-stealth=128 --with-database=mysql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/postgresql + # + TEST="${S}standalone w/postgresql${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --with-database=postgresql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/postgresql+stealth + # + TEST="${S}standalone w/postgresql+stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --enable-stealth=128 --with-database=postgresql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/o mail${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/o external${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # echo; echo "${S}__ TEST CLIENT/SERVER __${E}"; echo; + + # + # test client/server compilation + # + TEST="${S}client/server application w/timeserver${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test c/s compilation w/ gpg + # + TEST="${S}client/server application w/gpg${E}" + # + GPG=`find_path gpg` + let "num = num + 1" >/dev/null + # + if [ -z "$GPG" ]; then + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + else + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + fi + + + # + # test client/server compilation + # + TEST="${S}client/server application w/o srp${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation w/ debug + # + TEST="${S}client/server application w/debug${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation w/stealth + # + TEST="${S}client/server application w/stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation w/logwatch + # + TEST="${S}client/server application w/login-watch${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation + # + TEST="${S}client/server application w/o mail${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-mail --enable-srp --enable-stealth=128 --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-mail --enable-srp --enable-stealth=128 --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation + # + TEST="${S}client/server application w/o external${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-srp --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-srp --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + + [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; } + + log_end "COMPILE" +} Index: branches/samhain-2_2-branch/test/testext.sh =================================================================== --- branches/samhain-2_2-branch/test/testext.sh (revision 66) +++ branches/samhain-2_2-branch/test/testext.sh (revision 66) @@ -0,0 +1,135 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=1; export MAXTEST + +testext0 () +{ + COMP=`which gcc` + if test "x$?" = x1 ; then + COMP="cc" + else + COMP=`which gcc | sed -e "s%\([a-z:]\) .*%\1%g"` + if test "x$COMP" = x; then + COMP="cc" + elif test "x$COMP" = xno; then + COMP="cc" + else + if test "x$COMP" = "xwhich:"; then + COMP="cc" + else + COMP="gcc" + gcc -v >/dev/null 2>&1 || COMP="gcc" + fi + fi + fi + log_start "EXTERNAL PROGRAM" + [ -z "$verbose" ] || echo MAKE is $MAKE + [ -z "$verbose" ] || { echo COMP is $COMP; echo; } + # + # standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + ${MAKE} distclean >/dev/null + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/testrc_1ext --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + # + # prepare the program + # + cat test/test_ext.c.in | sed -e "s%MYPWDIR%$PW_DIR/test_ext.res%g" > test_ext.c + + ${COMP} -o test_ext test_ext.c + if test "x$?" != x0; then + log_msg_fail "${COMP} -o test_ext test_ext.c" + return 1 + fi + chmod +rx test_ext + if test "x$?" != x0; then + log_msg_fail "chmod +rx test_ext" + return 1 + fi + + # compute checksum and fix config file + # + cp test/testrc_1ext.in testrc_1ext + CHKSUM=`./samhain -H $PW_DIR/test_ext | awk '{ print $2$3$4$5$6$7}'` + echo "OpenCommand=$PW_DIR/test_ext" >> testrc_1ext + echo "SetType=log" >> testrc_1ext + echo "SetChecksum=$CHKSUM" >> testrc_1ext + echo "SetFilterOr=ALERT" >> testrc_1ext + + rm -f $PW_DIR/test_ext.res + rm -f $PW_DIR/pdbg.child + rm -f $PW_DIR/pdbg.main + ./samhain -p none + + # The shell is too fast ... + one_sec_sleep + [ -z "$verbose" ] || { + echo; + echo "${S}Logged by external C program test_ext (filtered: ALERT only):${E}"; + echo; + cat $PW_DIR/test_ext.res + echo + } + + tmp=`cat $PW_DIR/test_ext.res | wc -l` + if [ $tmp -eq 4 ]; then + tmp=`egrep 'RECV: \[EOF\]' $PW_DIR/test_ext.res | wc -l` + if [ $tmp -eq 2 ]; then + tmp=`egrep 'RECV: ALERT' $PW_DIR/test_ext.res | wc -l` + if [ $tmp -eq 2 ]; then + log_ok 1 ${MAXTEST}; + else + log_fail 1 ${MAXTEST}; + fi + else + log_fail 1 ${MAXTEST}; + fi + else + log_fail 1 ${MAXTEST}; + fi + + rm -f $PW_DIR/.samhain_file + rm -f $LOGFILE + rm -f $PW_DIR/.samhain_lock + + log_end "EXTERNAL PROGRAM" +} + Index: branches/samhain-2_2-branch/test/testhash.sh =================================================================== --- branches/samhain-2_2-branch/test/testhash.sh (revision 66) +++ branches/samhain-2_2-branch/test/testhash.sh (revision 66) @@ -0,0 +1,88 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE + +MAXTEST=1; export MAXTEST + +testhash () +{ + log_start "HASH FUNCTION" + # + # test standalone compilation + # + TEST="${S}standalone agent${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug + # + fail=0 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>> test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + fail=1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + fail=1 + fi + # + if [ $fail -eq 1 ]; then + [ -z "$quiet" ] && log_fail 1 ${MAXTEST}; + return 1 + fi + # + echo "Test results of the TIGER hash algorithm" > testhash.tmp + echo >> testhash.tmp + echo "(use samhain -H string to test)" >> testhash.tmp + echo >> testhash.tmp + ./samhain -H "" >> testhash.tmp + ./samhain -H "abc" >> testhash.tmp + ./samhain -H "Tiger" >> testhash.tmp + ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-" >> testhash.tmp + ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789" >> testhash.tmp + ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham" >> testhash.tmp + ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge." >> testhash.tmp + ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996." >> testhash.tmp + ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-" >> testhash.tmp + # + RESU=`diff testhash.tmp ${SCRIPTDIR}/testtiger.txt 2>/dev/null` + if test "x${RESU}" = "x"; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST}; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST}; + return 1 + fi + log_end "HASH FUNCTION" + return 0 +} + + + Index: branches/samhain-2_2-branch/test/testrc_1 =================================================================== --- branches/samhain-2_2-branch/test/testrc_1 (revision 66) +++ branches/samhain-2_2-branch/test/testrc_1 (revision 66) @@ -0,0 +1,273 @@ +##################################################################### +# +# Configuration file template for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#' are ignored +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# +# SETUP for file system checking: +# +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) To each policy, you can assign a severity (further below). +# (iii) To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + + +[Misc] +RedefUser0=-ATM + +[Attributes] +# +# for these files, only changes in permissions and ownership are checked +# +#file=/etc/mtab +#file=/etc/ssh_random_seed +#file=/etc/asound.conf +#file=/etc/resolv.conf +#file=/etc/localtime +#file=/etc/ioctl.save +#file=/etc/passwd.backup +#file=/etc/shadow.backup + + +# +# There are files in /etc that might change (see above), +# thus changing the timestamps on the directory special file. +# Put it here as 'file', and in the ReadOnly section as 'dir'. +# +file=/etc + +[GrowingLogFiles] +# +# for these files, changes in signature, timestamps, and increase in size +# are ignored +# +# Example for shell-style wildcard pattern +# +#file=/var/log/n* + +[IgnoreAll] +#dir=-1/etc + +[IgnoreNone] +#dir=-1/etc + +[Attributes] +# dir=/opt/gnome/bin/ +# file=/usr/bin/ssh + + +[ReadOnly] +# +# for these files, only access time is ignored +# +#dir=/dev +# dir=/usr/bin + +#dir=/usr/bin +#dir=/lib +#dir=/usr/lib + +#dir=/lib +#dir=3/etc +#dir=/tmp +# file=/usr/bin/ssh +# dir=1/home/rainer + +#[SuidCheck] +#SuidCheckActive=T +#SuidCheckExclude=/home + +[EventSeverity] +# +# Here you can assign severities to policy violations. +# If this severity exceeds the treshold of a log facility (see below), +# a policy violation will be logged to that facility. +# +# Severity for verification failures. +# +SeverityUser0=crit +SeverityUser1=crit +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=crit +SeverityIgnoreNone=crit +SeverityAttributes=crit +# +# We have a file in IgnoreAll that might or might not be present. +# Setting the severity to 'info' prevents messages about deleted/new file. +# +SeverityIgnoreAll=warn + +# +# Files : file access problems +# Dirs : directory access problems +# Names : suspect (non-printable) characters in a pathname +# +SeverityFiles=notice +SeverityDirs=info +SeverityNames=warn + +[Log] +# +# Set threshold severity for log facilities +# Values: debug, info, notice, warn, mark, err, crit, alert, none. +# 'mark' is used for timestamps. +# +# By default, everything equal to and above the threshold is logged. +# The specifiers '*', '!', and '=' are interpreted as +# 'all', 'all but', and 'only', respectively (like syslogd(8) does, +# at least on Linux). +# +# MailSeverity=* +# MailSeverity=!warn +# MailSeverity==crit +# +MailSeverity=none +LogSeverity=warn +SyslogSeverity=none +#ExportSeverity=none +PrintSeverity=info +# Restrict to certain classes of messages +# MailClass = RUN +#PreludeSeverity = err + +# Which system calls to log (execve, utime, unlink, dup, chdir, open, kill, +# exit, fork, setuid, setgid, pipe) +# +# LogCalls = open + + +#[Kernel] +# +# Setings this to 1/true/yes will activate the check for loadable +# kernel module rootkits (Linux only) +# +#KernelCheckActive=1 +#KernelCheckInterval = 20 + +#[Utmp] +# +# 0 to switch off, 1 to activate +# +#LoginCheckActive=1 + +# Severity for logins, multiple logins, logouts +# +#SeverityLogin=info +#SeverityLoginMulti=warn +#SeverityLogout=info + +# interval for login/logout checks +# +#LoginCheckInterval=60 + +[Misc] +# +# whether to become a daemon process +Daemon=no + +# Custom format for message header +# +# %S severity +# %T timestamp +# %C class +# +# %F source file +# %L source line +# +# MessageHeader="%S %T - %F - %L " +# MessageHeader="|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + done + for ff in $NDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + done +} + +# +# combine file check schedule with one-shot mode +# +TESTPOLICY_11=" +[ReadOnly] +dir=99${BASE} +" + +mod_testdata_11 () { + one_sec_sleep + echo "foobar" >"${BASE}/c/x"; # bad + chmod 0555 "${BASE}/a/y"; # bad + ORIGINAL='SetFilecheckTime=60' + REPLACEMENT='FileCheckScheduleOne = 6 12 * * *' + ex -s $RCFILE </dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; + return 1 + fi + CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + NDIRS=""; + test_dirs; + return $? +} + +TESTPOLICY_10=" +[ReadOnly] +dir=99${BASE} +[IgnoreAll] +dir=-1${BASE}/b +[Attributes] +dir=1${BASE}/a +" + +mod_testdata_10 () { + one_sec_sleep + echo "foobar" >"${BASE}/b/x"; # ok + echo "foobar" >"${BASE}/c/x"; # bad + echo "foobar" >"${BASE}/a/x"; # ok + chmod 0555 "${BASE}/a/a/x"; # bad + chmod 0555 "${BASE}/a/a/a/x";# ok + chmod 0555 "${BASE}/a/y"; # bad +} + +chk_testdata_10 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 3 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; + return 1 + fi + CDIRS="a a/a a/b a/c c"; + NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + +TESTPOLICY_9=" +[ReadOnly] +dir=0${BASE}/b +[Attributes] +dir=2${BASE}/a/a +" + +mod_testdata_9 () { + echo "foobar" >"${BASE}/b/x"; + echo "foobar" >"${BASE}/a/x"; + echo "foobar" >"${BASE}/x"; +} + +chk_testdata_9 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + CDIRS="b a/a a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + NDIRS="a c a/b a/c"; + test_dirs; + return $? +} + +TESTPOLICY_8=" +[ReadOnly] +dir=1${BASE} +[Attributes] +dir=1${BASE}/a/a +" + +mod_testdata_8 () { + echo "foobar" >"${BASE}/a/x"; + chmod 0555 "${BASE}/a/a/a/b/x"; +} + +chk_testdata_8 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + CDIRS="a b c a/a a/a/a a/a/b a/a/c"; + NDIRS="a/b a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + + +TESTPOLICY_7=" +[ReadOnly] +dir=${BASE} +[Attributes] +dir=${BASE}/a/a +[GrowingLogFiles] +dir=${BASE}/a/a/a +[IgnoreAll] +file=${BASE}/a/a/a/z +dir=${BASE}/b +" + +mod_testdata_7 () { + one_sec_sleep + echo "foobar" >"${BASE}/a/a/a/z" # ok + echo "foobar" >"${BASE}/a/a/a/x" # bad + echo "foobar" >"${BASE}/a/a/x" # ok + echo "foobar" >"${BASE}/a/x" # bad + chmod 0555 "${BASE}/a" # bad + chmod 0555 "${BASE}/b" # ok +} + + +chk_testdata_7 () { + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 3 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; + return 1 + fi +} + + +TESTPOLICY_6=" +[ReadOnly] +dir=${BASE} +[Attributes] +file=${BASE}/a/y +file=${BASE}/b/y +file=${BASE}/c/y +file=${BASE}/a/a/y +file=${BASE}/a/b/y +file=${BASE}/a/c/y +file=${BASE}/a/a/a/y +file=${BASE}/a/a/b/y +file=${BASE}/a/a/c/y +file=${BASE}/a/a/a/a/y +file=${BASE}/a/a/a/b/y +file=${BASE}/a/a/a/c/y +" + +mod_testdata_6 () { + one_sec_sleep + for ff in $TDIRS; do + echo "foobar" >"${BASE}/${ff}/x" + chmod 0555 "${BASE}/${ff}/y" + echo "foobar" >"${BASE}/${ff}/z" + done +} + +chk_testdata_6 () { + count6=0 + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/x"; + return 1 + fi + let "count6 = count6 + 1" >/dev/null + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/z"; + return 1 + fi + let "count6 = count6 + 1" >/dev/null + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/${ff}/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/y"; + return 1 + fi + let "count6 = count6 + 1" >/dev/null + done + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne $count6 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_5=" +[Attributes] +dir=${BASE} +file=${BASE}/a/a/c/x +[ReadOnly] +file=${BASE}/a/a/c/y +[GrowingLogFiles] +dir=${BASE}/a/a/c +dir=${BASE}/a/a/b +dir=${BASE}/a/b +" + +mod_testdata_5 () { + mod_testdata_4 + echo "This is a xxxx file" > "${BASE}/a/a/b/x" # GrowingLogFiles + echo "This is a test file" > "${BASE}/a/a/b/y" # GrowingLogFiles + echo "This is a xxxx file bad" > "${BASE}/a/a/b/z" # GrowingLogFiles +} + +chk_testdata_5 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/x"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 9 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + + +TESTPOLICY_4=" +[Attributes] +dir=${BASE} +file=${BASE}/a/a/c/x +[ReadOnly] +file=${BASE}/a/a/c/y +[LogFiles] +dir=${BASE}/a/a/c +dir=${BASE}/a/b +" + +mod_testdata_4 () { + one_sec_sleep + echo "foobar" >> "${BASE}/a/a/x" # Attributes + echo "foobar" > "${BASE}/a/a/c/foo" # new within LogFiles + echo "foobar" >> "${BASE}/a/a/c/y" # ReadOnly + echo "foobar" >> "${BASE}/a/a/c/x" # Attributes + chmod 0555 "${BASE}/a/a/c/x" # Attributes + chmod 0555 "${BASE}/a/a/c/z" # LogFiles + echo "foobar" >> "${BASE}/a/b/x" # LogFiles + echo "" > "${BASE}/a/b/y" # LogFiles + chmod 0555 "${BASE}/a/b/z" # LogFiles + touch "${BASE}/a/a/" # non-printable character in filename +} + +chk_testdata_4 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 6 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_3=" +[Attributes] +dir=${BASE} +file=${BASE}/a/a/c/x +[ReadOnly] +file=${BASE}/a/a/c/y +[IgnoreAll] +dir=${BASE}/a/a/c +" +mod_testdata_3 () { + one_sec_sleep + echo "foobar" > "${BASE}/a/b/foo" # new within Attributes + chmod 0555 "${BASE}/a/b" + echo "foobar" > "${BASE}/a/a/c/foo" # new within IgnoreAll + echo "foobar" > "${BASE}/a/a/c/y" # ReadOnly + chmod 0555 "${BASE}/a/a/c/x" # Attributes + chmod 0555 "${BASE}/a/a/c/z" # IgnoreAll +} + +chk_testdata_3 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY ADDED.*${BASE}/a/b/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/foo"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 5 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_2=" +[ReadOnly] +dir=${BASE} +file=${BASE}/a/a/c/x +[IgnoreAll] +dir=${BASE}/a/a/c +" +mod_testdata_2 () { + mod_testdata_1; + rm "${BASE}/a/a/c/y" + echo "foobar" > "${BASE}/a/a/c/foo" + chmod 0555 "${BASE}/a/a/c/x" + chmod 0555 "${BASE}/a/a/c/z" +} + +chk_testdata_2 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + if [ x"${ff}/${gg}" = x"a/a/c/y" ]; then :; else + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + return 1 + fi + fi + done + done + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY MISSING.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 8 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_1=" +[ReadOnly] +dir=${BASE} +" + +mod_testdata_1 () { + one_sec_sleep + touch "${BASE}/a/a/x" + chmod 0555 "${BASE}/a/a/y" + mv "${BASE}/a/b/y" "${BASE}/a/b/yy"; echo "This is a test file" > "${BASE}/a/b/y"; rm "${BASE}/a/b/yy" + echo "foobar" > "${BASE}/a/c/y" +} + +chk_testdata_1 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + return 1 + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] ---I----T-.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 5 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + return 0 +} + + +############################################################## +# +# Common subroutines +# + +mkconfig_misc () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + cat >> "${RCFILE}" <> "${RCFILE}" <> "${RCFILE}" <>"${RCFILE}" +} + +prep_init () +{ + rm -f ./.samhain_file + rm -f "${LOGFILE}" + rm -f ./.samhain_lock + + rm -f "${RCFILE}" + mkconfig_sev + mkconfig_log + mkconfig_misc +} + +run_init () +{ + rm -f test_log_valgrind + + ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi +} + +run_check () +{ + ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + return 1 + fi +} + +run_update () +{ + ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "update..."; + else + [ -z "$quiet" ] && log_msg_fail "update..."; + return 1 + fi +} + +run_check_after_update () +{ + rm -rf $LOGFILE + + ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind + + if test x$? = x0; then + # + tmp=`./samhain -j -L $LOGFILE | grep CRIT | wc -l` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "update not successful(?)"; + return 1 + fi + # + # wtmp may not be readable + # + tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "errors during check"; + return 1 + fi + # + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + # + [ -z "$verbose" ] || log_msg_ok "check(2)..."; + else + [ -z "$quiet" ] && log_msg_fail "check(2)..."; + return 1 + fi +} + +prep_testdata () +{ + if test -d "$BASE"; then + if [ -d "${BASE}" ]; then + chmod -R 0700 "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; + return 1; + } + fi + fi + + rm -rf "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}"; + return 1; + } + + mkdir "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}"; + return 1; + } + + for ff in $TDIRS; do + mkdir "${BASE}/${ff}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}"; + return 1; + } + chmod 0755 "${BASE}/${ff}" + for gg in $TFILES; do + echo "This is a test file" > "${BASE}/${ff}/${gg}" + chmod 0644 "${BASE}/${ff}/${gg}" + done + done +} + +check_err () +{ + if [ $1 -ne 0 ]; then + [ -z "$quiet" ] && log_fail ${2} ${MAXTEST}; + return 1 + fi + return 0 +} + +testrun_internal () +{ + [ -z "$verbose" ] || echo Working directory: $PW_DIR + [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } + + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } + + tcount=1 + POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` + + until [ -z "$POLICY" ] + do + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_testpolicy ${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval mod_testdata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_testdata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $testrun1_setup -eq 0 ]; then + if [ $errval -eq 0 ]; then + run_update + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check_after_update + check_err $? ${tcount}; errval=$? + fi + fi + # + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + let "tcount = tcount + 1" >/dev/null + POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` + done + + return 0 +} + +testrun1 () +{ + log_start "RUN STANDALONE" + testrun_internal + log_end "RUN STANDALONE" + return 0 +} + + + Index: branches/samhain-2_2-branch/test/testrun_1a.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_1a.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_1a.sh (revision 66) @@ -0,0 +1,32 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +BUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export BUILDOPTS + +testrun1a () +{ + log_start "RUN STANDALONE W/STEALTH" + testrun_internal + log_end "RUN STANDALONE W/STEALTH" + return 0 +} + Index: branches/samhain-2_2-branch/test/testrun_1b.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_1b.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_1b.sh (revision 66) @@ -0,0 +1,268 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=3; export MAXTEST +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE + +testrun1b_internal () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + # + # + ${TOP_SRCDIR}/configure ${BUILDOPTS} >/dev/null 2>/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh` + + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1 + if [ $? -eq 0 ]; then + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - | tar xf - && \ + mv "./testrc.gpg.asc" "$RCFILE" + else + tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - | tar xf - && \ + mv "./testrc.gpg.asc" "$RCFILE" + fi + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "extract gpg signed files..."; + else + [ -z "$quiet" ] && log_msg_fail "extract gpg signed files..."; + return 1 + fi + + if test "x$2" = "x"; then + : + else + CONVERT="$2" + if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then + [ -z "$verbose" ] || log_msg_ok "convert..." + "${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null + else + [ -z "$quiet" ] && log_msg_fail "cannot find file stealth_template.jpg" + return 1 + fi + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + [ -z "$verbose" ] || log_msg_ok "hide..." + ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + mv -f stealth_template.ps "$RCFILE" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv -f stealth_template.ps $RCFILE"; + return 1 + fi + + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + mv $PW_DIR/.samhain_file.asc $PW_DIR/.samhain_file +} + +do_test_1b () { + + ./samhain -t check -p none -l info + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + return 1 + fi + # + tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 2 ]; then + [ -z "$verbose" ] || log_msg_fail "/etc"; + return 1 + fi + tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 8 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + return 1 + fi + egrep "ADDED" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "init was incomplete"; + return 1 + fi + # + return 0 +} + +do_test_1b_2 () { + + rm -f $PW_DIR/test_log_prelude + + "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & + PID=$! + + five_sec_sleep + + ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + kill $PID + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + kill $PID + return 1 + fi + # + tmp=`egrep 'File original:.*name=etc.*path=/etc' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "/etc"; + fi + tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + fi + tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + fi + # + kill $PID + return 0 +} + +testrun1b () +{ + log_start "RUN STANDALONE W/STEALTH W/GPG" + GPG=`find_path gpg` + if [ -z "$GPG" ]; then + log_skip 1 $MAXTEST 'gpg not found in $PATH' + log_skip 2 $MAXTEST 'gpg not found in $PATH' + else + eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 2 $MAXTEST 'public PGP key 0x0F571F6C not present' + else + # + # ------------- first test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum=no --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 1 $MAXTEST 'gpg signed config/database files' + else + log_fail 1 $MAXTEST 'gpg signed config/database files' + fi + + + # + # ------------- second test ------------- + # + PRECONV=`find_path convert` + "${PRECONV}" --help | grep ImageMagick >/dev/null 2>&1 && \ + CONVERT="${PRECONV}" + + if [ -z "$CONVERT" ]; then + log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH' + else + BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum=no --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" "$CONVERT" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 2 $MAXTEST 'gpg signed config/database files' + else + log_fail 2 $MAXTEST 'gpg signed config/database files' + fi + fi + + + # + # ------------- third test ------------- + # + PM=`find_path prelude-manager` + if [ -z "$PM" ]; then + log_skip 3 $MAXTEST 'prelude-manager not found in $PATH' + elif [ -z "$doall" ]; then + log_skip 3 $MAXTEST 'logging to prelude (or use --really-all)' + else + BUILDOPTS="--quiet $TRUST --enable-debug --with-prelude --with-gpg=${GPG} --with-checksum=no --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" + do_test_1b_2 + if [ $? -eq 0 ]; then + log_ok 3 $MAXTEST 'logging to prelude' + else + log_fail 3 $MAXTEST 'logging to prelude' + fi + fi + fi + fi + log_end "RUN STANDALONE W/STEALTH W/GPG" + return 0 +} + Index: branches/samhain-2_2-branch/test/testrun_1c.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_1c.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_1c.sh (revision 66) @@ -0,0 +1,407 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export BUILDOPTS + +MAXTEST=7; export MAXTEST + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete or truncate the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 0 and 2, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +SUIDPOLICY_7=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckExclude = ${BASE}/a/a +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = no +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_7 () { + one_sec_sleep + chmod 4444 "${BASE}/a/a/y" + chmod 4444 "${BASE}/a/a/a/y" + mkdir "${BASE}/a/abc" + touch "${BASE}/a/abc/y" + chmod 4444 "${BASE}/a/abc/y" +} + +chk_suiddata_7 () { + one_sec_sleep + tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-r-Sr--r--" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)"; + return 1 + fi + tmp=`ls -l "${BASE}/a/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-r-Sr--r--" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y (suid not kept)"; + return 1 + fi + tmp=`ls -l "${BASE}/a/abc/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-r-Sr--r--" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y"; + return 1 + fi + return 0; + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y (suid not kept)"; + return 1 + fi +} + + +SUIDPOLICY_6=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = no +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_6 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_6 () { + one_sec_sleep + tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-rwsr-xr-x" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + return 0; + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)"; + return 1 + fi +} + +SUIDPOLICY_5=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_5 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_5 () { + one_sec_sleep + if [ -f "${BASE}/a/a/y" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not deleted)"; + return 1 + fi + if [ -f .quarantine/y ]; then + if [ -f .quarantine/y.info ]; then + return 0; + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)"; + return 1 + fi +} + +SUIDPOLICY_4=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = no +" + +mod_suiddata_4 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_4 () { + one_sec_sleep + tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)"; + return 1 + fi + if [ -f .quarantine/y ]; then + if [ -f .quarantine/y.info ]; then + return 0; + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)"; + return 1 + fi +} + +SUIDPOLICY_3=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 1 +SuidCheckQuarantineDelete = no +" + +mod_suiddata_3 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_3 () { + one_sec_sleep + tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-rwxr-xr-x" ]; then + return 0; + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not removed)"; + return 1 + fi +} + +SUIDPOLICY_2=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 0 +SuidCheckQuarantineDelete = no +" + +mod_suiddata_2 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_2 () { + one_sec_sleep + tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)"; + return 1 + fi +} + +SUIDPOLICY_1=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 0 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_1 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_1 () { + one_sec_sleep + if [ -f "${BASE}/a/a/y" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not removed)"; + return 1 + fi +} + +prep_suidpolicy () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + eval echo '"$'"SUIDPOLICY_$1"'"' >>"${RCFILE}" +} + +testrun_internal_1c () +{ + [ -z "$verbose" ] || echo Working directory: $PW_DIR + [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } + + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } + + tcount=1 + POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'` + + until [ -z "$POLICY" ] + do + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_suidpolicy ${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval mod_suiddata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_suiddata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $testrun1_setup -eq 0 ]; then + if [ $errval -eq 0 ]; then + run_update + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check_after_update + check_err $? ${tcount}; errval=$? + fi + fi + # + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + let "tcount = tcount + 1" >/dev/null + POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'` + done + + return 0 +} + +testrun1c () +{ + log_start "RUN STANDALONE W/SUIDCHK" + testrun_internal_1c + log_end "RUN STANDALONE W/SUIDCHK" + return 0 +} + Index: branches/samhain-2_2-branch/test/testrun_2.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_2.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_2.sh (revision 66) @@ -0,0 +1,825 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE +HTML="$PW_DIR/yule.html"; export HTML + + +do_test_1 () { + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server${E}: ./yule -l info -p none &"; + echo; + } + + rm -f test_log_valgrind + + ${VALGRIND} ./yule.2 -l info -p none >/dev/null 2>>test_log_valgrind & + PROC_Y2=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; + echo; + } + + ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \ + --server-port=49778 >/dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + kill $PROC_Y2 + return 1 + fi + + kill $PROC_Y + kill $PROC_Y2 + five_sec_sleep + + # cp ${LOGFILE} triple_test + # cp ${LOGFILE}2 triple_test_2 + + egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server #2 start"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server #2 exit"; + return 1 + fi + + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + +do_test_2 () { + + ORIGINAL="UseSeparateLogs=no" + REPLACEMENT="UseSeparateLogs=yes" + ex -s $RCFILE </dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + return 1 + fi + + kill $PROC_Y + five_sec_sleep + + if [ -f ${LOGFILE}.${SH_LOCALHOST} ]; then + remhost=${SH_LOCALHOST} + else + remhost=`echo $SH_LOCALHOST | sed 's,\..*,,'` + fi + if [ -f ${LOGFILE}.${remhost} ]; then + CLIENTLOG="${LOGFILE}.${remhost}" + else + tail -n 1 ${SCRIPTDIR}/test.sh >/dev/null 2>&1 + if [ $? -eq 0 ]; then + CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -n 1` + else + CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -1` + fi + fi + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" ${CLIENTLOG} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" ${CLIENTLOG} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + rm -f ${LOGFILE}.${remhost} + return 0 +} + +do_test_3 () { + + ORIGINAL_1="ExportSeverity=none" + REPLACEMENT_1="ExportSeverity=mark" + ORIGINAL_2="UseSeparateLogs=yes" + REPLACEMENT_2="UseSeparateLogs=no" + ORIGINAL_3="LogSeverity=none" + REPLACEMENT_3="LogSeverity=debug" + ORIGINAL_4="# SetClientTimeLimit=1800" + REPLACEMENT_4="SetClientTimeLimit=20" + # takes too much time if we leave that in + ORIGINAL_5="dir=1" + REPLACEMENT_5="#dir=1" + ex -s $RCFILE </dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind & + if test x$? = x0; then + PROC_S=$! + # echo "PID is ${PROC_S}" + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + five_sec_sleep + # Redirect the shells (un-)helpful job monitoring messages. + # The 'disown' buildin is not portable. + { kill -9 ${PROC_S}; sleep 40; } >/dev/null 2>&1 + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + return 1 + fi + + if [ -t 0 ]; then + # enable monitor mode again if interactive + set -m + fi + + + kill $PROC_Y + five_sec_sleep + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*File check completed.*" ${LOGFILE} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "Time limit exceeded" ${LOGFILE} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client dead detection"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + rm -f ${LOGFILE} + return 0 +} + +do_test_4 () { + + # don't know what is supported on the test platform, so + # prepare for both (password and socket credential) + + # 'id -u' is posix + if test -f /usr/xpg4/bin/id + then + me=`/usr/xpg4/bin/id -u` + else + me=`id -u` + fi + + ORIGINAL_1="SetSocketAllowUid=0" + REPLACEMENT_1="SetSocketAllowUid=$me" + ex -s $RCFILE </dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + $MAKE yulectl >/dev/null + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "make yulectl"; + kill $PROC_Y + return 1 + fi + + + ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 2>/dev/null + + if [ $? -ne 0 ]; then + YULECTL_PASSWORD=samhain; export YULECTL_PASSWORD + ./yulectl -v -c RELOAD foobar1 >test_log_yulectl + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + fi + + ./yulectl -v -c RELOAD foobar2 >test_yulectl_log + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + ./yulectl -v -c RELOAD foobar3 >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + ./yulectl -v -c LISTALL dummy >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + tmp=`cat test_log_yulectl | grep RELOAD | wc -l` + if [ $tmp -ne 3 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "command confirmation"; + return 1 + fi + + ./yulectl -v -c CANCEL foobar3 >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + ./yulectl -v -c LISTALL dummy >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + tmp=`cat test_log_yulectl | grep RELOAD | wc -l` + if [ $tmp -ne 2 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "command confirmation"; + return 1 + fi + + kill ${PROC_Y} + one_sec_sleep + one_sec_sleep + kill -9 ${PROC_Y} >/dev/null 2>&1 + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + +do_test_5 () { + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server${E}: ./yule -l info -p none &"; + echo; + } + +( cat < +test + +Current time: %T
+ + +EOF +) >head.html + +( cat < +
+ + +EOF +) >foot.html + +( cat < + + %H + %S + %T + + +EOF +) >entry.html + + ${VALGRIND} ./yule -l info -p none -e none \ + >/dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + # rm -f head.html; rm -f foot.html; rm -f entry.html; + kill $PROC_Y + [ -z "$verbose" ] || log_msg_fail "head.html (1)"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + rm -f head.html; rm -f foot.html; rm -f entry.html; + kill $PROC_Y + [ -z "$verbose" ] || log_msg_fail "foot.html (1)"; + return 1 + fi + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + kill $PROC_Y + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + return 1 + fi + + kill $PROC_Y + five_sec_sleep + + # rm -f head.html; rm -f foot.html; rm -f entry.html; + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "head.html"; + return 1 + fi + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "end head.html"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "entry.html"; + return 1 + fi + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "end entry.html"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "foot.html"; + return 1 + fi + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "end foot.html"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + + +testrun2_internal () +{ + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; + echo; + } + # + # + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=client --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-encrypt=2 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + # save binary and build server2 + # + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=${RCFILE}2 --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --enable-encrypt=2 --with-port=49778 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + # save binary and build server + # + cp yule yule.2 || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-html-file=$HTML --with-state-dir=$PW_DIR --enable-encrypt=2 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + # Set in server + + ./samhain_setpwd yule new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd yule new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd yule new $SHPW"; + return 1 + fi + + mv yule.new yule || return 1 + + # + + rm -f ./.samhain_log* + rm -f ./.samhain_lock* + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + cp testrc_2 testrc_22 + + do_test_1 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client logging"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client logging"; + fi + + do_test_2 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, separate logfiles"; + else + [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, separate logfiles"; + fi + + do_test_3 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Dead client detection"; + else + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Dead client detection"; + fi + + do_test_4 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Server command socket"; + else + [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Server command socket"; + fi + + do_test_5 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Server status file"; + else + [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Server status file"; + fi + + return $? +} + +MAXTEST=5; export MAXTEST + +testrun2 () +{ + log_start "RUN CLIENT/SERVER" + + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + testrun2_internal + # + log_end "RUN CLIENT/SERVER" + + return 0 +} + Index: branches/samhain-2_2-branch/test/testrun_2a.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_2a.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_2a.sh (revision 66) @@ -0,0 +1,306 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE + +SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --enable-suidcheck"; export CLIENT_BUILDOPTS + +do_test_1_a () { + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server${E}: ./yule -l info -p none &"; + echo; + } + rm -f test_log_valgrind + + ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + return 1 + fi + + kill $PROC_Y + five_sec_sleep + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "Checking.*/etc" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + +testrun2a_internal () +{ + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; + echo; + } + # + # + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure ${CLIENT_BUILDOPTS} + # + # Limit suid check + # + BASE="${PW_DIR}"; export BASE + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + # save binary and build server + # + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + rm -f "./rc.${ALTHOST}" + rm -f "./file.${ALTHOST}" + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + rm -f ./.samhain_log* + rm -f ./.samhain_lock + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + + + cp ./testrc_2 ./rc.${SH_LOCALHOST} + mv ./.samhain_file ./file.${SH_LOCALHOST} + + ALTHOST=`find_hostname` + cp ./testrc_2 "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null +} + +MAXTEST=5; export MAXTEST + +testrun2a () +{ + log_start "RUN FULL CLIENT/SERVER"; + # + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging"; + fi + # + SERVER_BUILDOPTS_ORIG="${SERVER_BUILDOPTS}" + CLIENT_BUILDOPTS_ORIG="${CLIENT_BUILDOPTS}" + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-srp" + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-srp" + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "SRP disabled"; + else + [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "SRP disabled"; + fi + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-encrypt" + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-encrypt" + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Encryption disabled"; + else + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Encryption disabled"; + fi + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --enable-encrypt=1" + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1" + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Encryption (v1)"; + else + [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Encryption (v1)"; + fi + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG}" + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1" + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Encryption backward compat"; + else + [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Encryption backward compat"; + fi + # + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + # + log_end "RUN FULL CLIENT/SERVER" +} + Index: branches/samhain-2_2-branch/test/testrun_2b.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_2b.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_2b.sh (revision 66) @@ -0,0 +1,215 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE +RCFILE_C="$PW_DIR/testrc_1.dyn"; export RCFILE_C + +SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +testrun2b_internal () +{ + GPG="$1" + + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG; + echo; + } + + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean + fi + + ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-checksum=no ${CLIENT_BUILDOPTS} >/dev/null 2>&1 + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh` + + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1 + if [ $? -eq 0 ]; then + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - | tar xf - && \ + mv "./testrc.gpg.asc" "${RCFILE_C}" + else + tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - | tar xf - && \ + mv "./testrc.gpg.asc" "${RCFILE_C}" + fi + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "extract gpg signed files..."; + else + [ -z "$quiet" ] && log_msg_fail "extract gpg signed files..."; + return 1 + fi + + # save binary and build server + + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + rm -f ./.samhain_log* + rm -f ./.samhain_lock + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + + + cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} + mv $PW_DIR/.samhain_file.asc ./file.${SH_LOCALHOST} + + ALTHOST=`find_hostname` + cp "${RCFILE_C}" "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null +} + +MAXTEST=1; export MAXTEST + +testrun2b () +{ + log_start "RUN FULL CLIENT/SERVER W/GPG"; + # + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + GPG=`find_path gpg` + if [ -z "$GPG" ]; then + log_skip 1 $MAXTEST 'gpg not found in $PATH' + else + eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' + else + + SH_LOCALHOST=$1; export SH_LOCALHOST + + testrun2b_internal "$GPG" + + SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND + do_test_1_a + VALGRIND="${SAVE_VALGRIND}"; export VALGRIND + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/gpg"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging w/gpg"; + fi + + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + fi + fi + log_end "RUN FULL CLIENT/SERVER W/GPG" +} + Index: branches/samhain-2_2-branch/test/testrun_2c.sh =================================================================== --- branches/samhain-2_2-branch/test/testrun_2c.sh (revision 66) +++ branches/samhain-2_2-branch/test/testrun_2c.sh (revision 66) @@ -0,0 +1,121 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=mysql"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +check_mysql_log () { + DATE="$1" + + rm -f test_log_db + echo "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '"${DATE}"';" | mysql --password=samhain -u samhain samhain >test_log_db + # + egrep "START.*Yule" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "Checking.*/bin" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + return 0 +} + +MAXTEST=1; export MAXTEST + +testrun2c () +{ + log_start "RUN FULL CLIENT/SERVER W/MYSQL" + # + if [ -z "$doall" ]; then + log_skip 1 $MAXTEST 'Client/server w/mysql (or use --really-all)' + return 0 + fi + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + MYSQL=`find_path mysql` + if [ -z "$MYSQL" ]; then + log_skip 1 $MAXTEST "mysql not found"; + return 1 + else + TEST=`echo "DESCRIBE log;" | mysql --password=samhain -u samhain samhain 2>/dev/null` + if [ $? -ne 0 -o -z "$TEST" ]; then + log_skip 1 $MAXTEST "mysql not default setup" + return 1 + fi + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + DATE=`date '+%Y-%m-%d %T'` + # + testrun2a_internal + # + ORIGINAL="DatabaseSeverity=none" + REPLACEMENT="DatabaseSeverity=info" + ex -s $RCFILE < '${DATE}';" >test_log_db + # + egrep "START.*Yule" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "Checking.*/bin" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + return 0 +} + +MAXTEST=1; export MAXTEST + +testrun2d () +{ + log_start "RUN FULL CLIENT/SERVER W/POSTGRESQL" + # + if [ -z "$doall" ]; then + log_skip 1 $MAXTEST 'Client/server w/postgresql (or use --really-all)' + return 0 + fi + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + PSQL=`find_path psql` + if [ -z "$PSQL" ]; then + log_skip 1 $MAXTEST "psql not found"; + return 1 + else + PGPASSWORD="samhain"; export PGPASSWORD + TEST=`psql -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` + if [ $? -ne 0 -o -z "$TEST" ]; then + log_skip 1 $MAXTEST "psql not default setup" + return 1 + fi + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + DATE=`date '+%Y-%m-%d %T'` + # + testrun2a_internal + # + ORIGINAL="DatabaseSeverity=none" + REPLACEMENT="DatabaseSeverity=info" + ex -s $RCFILE <, hash=<24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A> +string=, hash= +string=, hash=<9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF> +string=, hash=<87FB2A9083851CF7470D2CF810E6DF9EB586445034A5A386> +string=, hash=<467DB80863EBCE488DF1CD1261655DE957896565975F9197> +string=, hash=<0C410A042968868A1671DA5A3FD29A725EC1E457D3CDB303> +string=, hash= +string=, hash=<3D9AEB03D1BD1A6357B2774DFD6D5B24DD68151D503974FC> +string=, hash=<00B83EB4E53440C576AC6AAEE0A7485825FD15E70A59FFE4> Index: branches/samhain-2_2-branch/test/testtimesrv.sh =================================================================== --- branches/samhain-2_2-branch/test/testtimesrv.sh (revision 66) +++ branches/samhain-2_2-branch/test/testtimesrv.sh (revision 66) @@ -0,0 +1,423 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +PIDFILE="$PW_DIR/.samhain_lock"; export PIDFILE + +BASE="${PW_DIR}/testrun_testdata"; export BASE +TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS +TFILES="x y z"; export TFILES + +prep_testdata () +{ + if test -d "$BASE"; then + chmod -R 0700 "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; + return 1; + } + fi + + rm -rf "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}"; + return 1; + } + + mkdir "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}"; + return 1; + } + + for ff in $TDIRS; do + mkdir "${BASE}/${ff}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}"; + return 1; + } + chmod 0755 "${BASE}/${ff}" + for gg in $TFILES; do + echo "This is a test file" > "${BASE}/${ff}/${gg}" + chmod 0644 "${BASE}/${ff}/${gg}" + done + done +} + +mkconfig_misc () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + cat >> "${RCFILE}" <> "${RCFILE}" <> "${RCFILE}" </dev/null + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-debug --enable-xml-log --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PIDFILE --with-data-file=$PW_DIR/.samhain_file + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + prep_init && prep_testdata && echo "$TESTPOLICY" >>$RCFILE + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "prepare..."; + return 1 + fi + + ./samhain -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + chmod 0555 "${BASE}/a/x" + chmod 0555 "${BASE}/b/x" + + ./samhain -t check -p none -l info -D + + count=0 + until [ -f $PIDFILE ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + break; + fi + done + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "start daemon..."; + else + [ -z "$quiet" ] && log_msg_fail "start daemon..."; + return 1 + fi + + return 0 +} + +MAXTEST=14; export MAXTEST + +die () { + test -z "$stoponerr" && return 0; + PID=`cat $PIDFILE` + kill -9 $PID +} + +killdaemon () { + if [ -f $PIDFILE ]; then + PID=`cat $PIDFILE` + kill -9 $PID + fi +} + +check_err () { + if [ ${2} -ne 0 ]; then + die; + [ -z "$quiet" ] && log_fail ${1} ${MAXTEST} "${3}"; + return 1 + else + [ -z "$quiet" ] && log_ok ${1} ${MAXTEST} "${3}"; + fi +} + +daemontest_started () { + PID=`cat $PIDFILE` + + kill -0 $PID + check_err ${1} $? "started" +} + +daemontest_sigterm () { + PID=`cat $PIDFILE` + + kill -15 $PID + count=0 + while [ `kill -0 $PID` ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigterm" + return 1 + fi + done + check_err ${1} 0 "sigterm" +} + +daemontest_sigusr2 () { + PID=`cat $PIDFILE` + + tmp=`grep 'File check completed' $LOGFILE | wc -l` + kill -USR2 $PID + kill -TTOU $PID + + count=0 + tmp2=`grep 'SUSPEND' $LOGFILE | wc -l` + while [ $tmp2 -ne $2 ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigusr2: suspend" + return 1 + fi + tmp2=`grep 'SUSPEND' $LOGFILE | wc -l` + done + + kill -USR2 $PID + + count=0 + tmp2=$tmp + while [ $tmp2 -eq $tmp ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigusr2: wakeup" + return 1 + fi + tmp2=`grep 'File check completed' $LOGFILE | wc -l` + done + check_err ${1} 0 "sigusr2" +} + +daemontest_sigttou () { + PID=`cat $PIDFILE` + + tmp=`grep 'File check completed' $LOGFILE | wc -l` + kill -TTOU $PID + count=0 + tmp2=$tmp + while [ $tmp2 -eq $tmp ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigttou" + return 1 + fi + tmp2=`grep 'File check completed' $LOGFILE | wc -l` + done + check_err ${1} 0 "sigttou" +} + +daemontest_sighup () { + + if [ $2 -eq 1 ]; then + echo "dir=${BASE}/b" >>$RCFILE + tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count (before)"; + return 1 + fi + fi + + PID=`cat $PIDFILE` + kill -HUP $PID + + if [ $2 -eq 1 ]; then + kill -TTOU $PID + count=0 + tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` + while [ $tmp -lt 2 ]; do + one_sec_sleep + if [ $count -gt 12 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count (after)"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` + done + fi + + count=0 + tmp2=0 + while [ $tmp2 -ne $2 ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sighup" + return 1 + fi + tmp2=`grep 'Runtime configuration reloaded' $LOGFILE | wc -l` + done + check_err ${1} 0 "sighup" +} + +daemontest_sigabrt () { + PID=`cat $PIDFILE` + kill -ABRT $PID + + count=0 + while [ -f $LOGFILE.lock ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigabrt" + return 1 + fi + done + + kill -TTOU $PID + + five_sec_sleep + + if [ -f $LOGFILE.lock ]; then + tmp=`grep '' $LOGFILE | wc -l` + tst=$2; let "tst = tst + 2" >/dev/null; + if [ $tmp -eq $tst ]; then + check_err ${1} 0 "sigabrt" + return 0 + fi + fi + check_err ${1} 1 "sigabrt" +} + +testtime0 () { + log_start "DAEMON CONTROL" + + testtime0_int; + + tcount=1 + + trap 'killdaemon' 1 3 15 + + daemontest_started $tcount; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigttou $tcount; + let "tcount = tcount + 1" >/dev/null + daemontest_sigttou $tcount; + let "tcount = tcount + 1" >/dev/null + daemontest_sigttou $tcount; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigusr2 $tcount 1; + let "tcount = tcount + 1" >/dev/null + daemontest_sigusr2 $tcount 2; + let "tcount = tcount + 1" >/dev/null + daemontest_sigusr2 $tcount 3; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigabrt $tcount 1; + let "tcount = tcount + 1" >/dev/null + daemontest_sigabrt $tcount 2; + let "tcount = tcount + 1" >/dev/null + daemontest_sigabrt $tcount 3; + + let "tcount = tcount + 1" >/dev/null + daemontest_sighup $tcount 1; + let "tcount = tcount + 1" >/dev/null + daemontest_sighup $tcount 2; + let "tcount = tcount + 1" >/dev/null + daemontest_sighup $tcount 3; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigterm $tcount; + + log_end "DAEMON CONTROL" +} + + Index: branches/samhain-2_2-branch/yulerc.template =================================================================== --- branches/samhain-2_2-branch/yulerc.template (revision 66) +++ branches/samhain-2_2-branch/yulerc.template (revision 66) @@ -0,0 +1,337 @@ +##################################################################### +# +# Configuration file template for yule. +# +##################################################################### +# +# NOTE: This is a log server-only configuration file TEMPLATE. +# +# NOTE: The log server ('yule') will look for THAT configuration file +# that has been defined at compile time with the configure option +# ./configure --with-config-file=FILE +# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc"). +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none +MailSeverity=crit + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=none + +## Syslog +## +# SyslogSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +SetDBServerTstamp = True + +## Use a persistent connection +# +UsePersistent = True + + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + + +[Misc] +# whether to become a daemon process +Daemon=yes + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Normally, client messages are regarded as data within a +## server message of fixed severity. The following two +## options cause the server to use the original severity/class +## of client messages for logging. +# +# UseClientSeverity = False +# UseClientClass = False + +## The maximum time between client messages (seconds) +## This allows the server to flag clients that have exceeded +## the timeout limits; i.e. might have died for some reason. +# +# SetClientTimeLimit = 86400 + +## Use client address as known to the communication layer (might be +## incorrect if the client is behind NAT). The default is to use +## the client name as claimed by the client, and verify it against +## the former (might be incorrect if the client has several +## interfaces, and its hostname resolves to the wrong interface). +# +# SetClientFromAccept = False + +## If SetClientFromAccept is False (default), severity of a +## failure to resolve the hostname claimed by the client +## to the IP address of the socket peer. +# +# SeverityLookup = crit + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Use separate logfiles for individual clients +# +# UseSeparateLogs = False + +## Enable listening on port 514/udp for logging of remote syslog +## messages (if optionally compiled with support for this) +# +# SetUDPActive = False + + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## If true, open a Unix domain socket to listen for commands that should +## be passed to clients upon next connection. Only works on systems +## that support passing of peer credentials (for authentication) via sockets. +## Use yulectl to access the socket. +# +# SetUseSocket = False + +## The UID of the user that is allowed to pass commands to the server +## via the Unix domain socket. +# +# SetSocketAllowUid = 0 + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + +# The binary. Setting the path will allow +# samhain to check for modifications between +# startup and exit. +# +# SamhainPath=/usr/local/bin/yule + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV + + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +[Clients] +## +## This is a sample registry entry for a client at host 'HOSTNAME'. This entry +## is valid for the default password. +## You are STRONGLY ADVISED to reset te password (see the README) and +## compute your own entries using 'samhain -P ' +## +## Usually, HOSTNAME should be a fully qualified hostname, +## no numerical address. +## -- exception: if the client (samhain) cannot determine the +## fully qualified hostname of its host, +## the numerical address may be required. +## You will know if you get a message like: +## 'Invalid connection attempt: Not in +## client list what.ever.it.is' +## +## First entry is for challenge/response, second one for SRP authentication. +# +# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882 +# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92