Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-developers-unsubscribe-archive-cygwin-developers=delorie DOT com AT sourceware DOT cygnus DOT com>
List-Subscribe: <mailto:cygwin-developers-subscribe AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-developers-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-developers-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin-developers AT sourceware DOT cygnus DOT com
Message-ID: <37F9D0BC.54E0E8C9@vinschen.de>
Date: Tue, 05 Oct 1999 12:19:40 +0200
From: Corinna Vinschen <corinna AT vinschen DOT de>
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: de,en
MIME-Version: 1.0
To: Chris Faylor <cgf AT cygnus DOT com>
CC: cygdev <cygwin-developers AT sourceware DOT cygnus DOT com>
Subject: ntsec-patch 14
Content-Type: multipart/mixed;
 boundary="------------C2F7C05F0366963F23093E66"

This is a multi-part message in MIME format.
--------------C2F7C05F0366963F23093E66
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

I have patched ntsec so, that SIDs are used, that were previously
saved in /etc/passwd and /etc/group. This has following advantages:

- Correct working ntsec in domain environments.

- Non-login accounts (users _and_ groups) may get another name in
  /etc/passwd and /etc/group files than their NT account name.
  The new name is transparently used by applications (so chown,
  chgrp, ls -l, etc. use them now),
  e.g.:
	root::500:513:...
  instead of
	administrator::500:513:...

  No problem if running in console window,
  BUT: If you need the account to login via telnet, ssh or similar
  the login name _must_ be the NT user name.

- Cygwin UIDs and GIDs are now not necessarily the RID part of the
  NT SID:
  e.g.:
	root::0:513:...
  instead of
	administrator::500:513:...
	
- As with U*X systems, UIDs and GIDs numbering scheme now don't
  influence each other, so it's possible to have same Id's for a
  user and a group,
  e.g.:
	/etc/passwd:
	root::0:0:...		# former 'administrator::500:544:...'

	/etc/group:
	root::0:		# former 'administrators::544:'

Disadvantages, if you like to use the new features:
- /etc/passwd: The pw_gecos field has to contain a SID as the last
  element of the comma separated list.
- /etc/group: The gr_passwd (former unused) has to contain a SID.

If no SIDs are found in /etc/passwd and /etc/group, ntsec acts like
the previous version.

The SIDs are saved in standard WinNT notation (S-1-5-32-...)
the utilities mkpasswd and mkgroup are patched, to support the new
format:

- mkpasswd and mkgroup generate SIDs by default. This behaviour may
  be switched off by the new commandline option `-s' or `--no-sids'.

Moreover, mkpasswd generates the home dir path with the function
cygwin_conv_to_posix_path(), so mount points are used now. This
behaviour may be changed to `/cygdrive/<Driveletter>' by using the
commandline option `-m' or `--no-mount'.

Another new feature:

uinfo.cc(getlogin) now uses a function uinfo.cc(internal_getlogin)
that asks for the users domain and logon server by using the
netapi32 function `NetWkstaUserGetInfo()'. These infos are saved in
the pinfo structure `myself'. Later calls to security.cc(lookup_name)
use them to get correct account information.
Moreover, the users SID is retrieved and saved in myself, so many
calls to lookup_name while process creation are avoidable:
ntsec should be objectively faster than before.
Unfortunately, the used netapi32 functions are not implemented under
Win9X, so netapi32.dll is dynamically loaded only under NT and W2K.

Hint:
The calls to get_admin_sid(), get_world_sid() and get_system_sid()
are deleted from dcrt0.cc(dll_crt0_1). These functions don't fragment
the heap anymore. The new method of SID creation don't allocate
heap space dynamically.

IMPORTANT:
This patch needs the lm-header-patch, send at Oct 2, 1999.

Regards,
Corinna


ChangeLog:
==========

Thu Oct 5 11:45:00 1999  Corinna Vinschen  <corinna AT vinschen DOT de>

	* dcrt0.cc (dll_crt0_1): Calls to get_WHOEVER_sid deleted.
	Call to uinfo_init() moved to the end of the function.
	* fhandler.cc (get_file_owner): Call to get_id_from_sid()
	substituted by call to get_uid_from_sid().
	(get_file_group): Call to get_id_from_sid() substituted by
	call to get_gid_from_sid().
	* fork.cc (fork): Copy new pinfo members to child.
	* grp.cc (parse_grp): Rewritten. Saves gr_passwd and all
	user names in gr_mem.
	(read_etc_group): Variable `group_sem' avoids endless loop.
	* passwd.cc (read_etc_passwd): Variable `passwd_sem' avoids
	endless loop.
	* security.cc (get_sid): New function to generate SID from
	int values.
	(get_ssid): New function to generate SID from string.
	(get_pw_sid): New function to generate SID from pw_gecos
	entry.
	(get_gr_sid): New function to generate SID from gr_passwd
	entry.
	(get_admin_sid): Rewritten to avoid using heap space.
	(get_system_sid): Ditto.
	(get_creator_owner_sid): Ditto.
	(get_world_sid): Ditto.
	(get_id_from_sid): Tries to read SIDs from /etc/passwd or
	/etc/group files before using RID or Lookup... function.
	(legal_sid_type): New function.
	(lookup_name): Rewritten to use the logon server info,
	if any.
	(alloc_sd): Tries to use SID from /etc/passwd and /etc/group
	files before call to lookup_name().
	(alloc_sd): New parameter for logon server.
	(set_nt_attribute): Ditto.
	(set_file_attribute): Ditto.
	* shared.cc (sec_user): If SID is saved in myself, use it
	instead of calling lookup_name().
	* shared.h: struct pinfo got extended user information.
	* spawn.cc (spawn_guts): method for forcing reread /etc
	files changed.
	(_spawnve): Copy new pinfo members to child.
	* syscalls.cc (chown): Changed call to set_file_attribute().
	(chmod): Ditto.
	* uinfo.cc (internal_getlogin): New function.
	(uinfo_init): Calls internal_getlogin() now.
	(getlogin): Uses myself->username now.
	* winsup.h: extern HANDLE netapi32_handle;
	Changed prototypes for set_file_attribute(), lookup_name(),
	get_id_from_sid().
	New inline functions get_uid_from_sid() and get_gid_from_sid().
	* utils/mkgroup.c: Adapted to the new ntsec features.
	* utils/mkpasswd.c: Ditto.
--------------C2F7C05F0366963F23093E66
Content-Type: application/x-gzip;
 name="ntsec-patch14.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="ntsec-patch14.gz"

H4sICJvI+TcAA250c2VjLXBhdGNoMTQAxDxrd9u2kp/tX4G4J45kSraoh22pTXpVW0l0qshZ
S26a9c3hoUVa4loiuSRlxU29v31n8CJAUQ873SzjViQwAwxmBoPB4NH1HfdrizijKKkcjka7
r7//2b08G5Bbb+q2yFEcjY5G93EUBMnRwvPjeVhuNitN8/hI1Fi6343cJPLce88fkwh+Yi/w
iXlY3XW821tSnpNySMoRJKRUlstl+bFjNpvNo0rzqFYhZr1lVlq10x1ENwwjA2RWjioNUjlt
NY4Bbvdf/yLl42qzZFaJgb/HBFKc6dRCJMskheIu2SWEFO4DzymSgZt0oiiIPgSOSwqDzgfr
bbvbO7vsDrtn7V7n8vLiclD8GVDKhBwdkDN7OiXJxItJ4I9ccuPeBpFLJq4dEs/3Es+een9B
k0skCYiNNbC828gez1w/sRNkw8ERluZ+TdzIJx8H3XMydhPLdmaeb8WAUiiWaEr8ECfuTEta
BNHU4Sk/YylZTJmoIcvUDD4yAlrVFaS70DbWnEOkEnLx3cKmUQRC2XtiVkunxDipHJfMSg57
aZnAWDIPSZzYvmNHDrl1YmARVSHiuPEo8sIkiEhi30xdWZnn3wZqbcZP3i2pLFM59xzgh+cI
xLmOaPzk+qBnTNDAiBFIzQojz09uSWGvHYZTb8REcfb53adun9y7ESpoi7x0Dl9C0Xbo8fe9
0i7Z2YEaYjeyHDuxy2+wtTP7v4KotJTq+ZDKeFQ/AdUzTuq1UnOFBkKT3k7n8YTE3ti3pzEB
ThEXulOEYrATng7vkWs7BHQO+Ikw0dz3QclE4wHMiqHBpNC/6vVKxLIG3Xdve1eD98iKXWMt
84wl5lHagO0FpXEz2/OpYFFtES6TRwp2NB4B36LxfYkcKLmufx8mURHK7TKjdDuBJkzd6Ifa
JaXSlaapljVNNY1WtE7Kd2p7qmh76ietSm0HC0EDlQtXR0NWrbWqDaogJnSiE2KwH0jA3ont
sIKF70akAMqK6mX5SewCZ0eBHydkNLGZFJiEXrxzk4E7mkde8nAu+9QFKyCMQcz7YYzS3r+h
iefurT2fJq5TBGHuABvmYICg4jm3B9TK4cOzEJn8SknzHOs2Crg9wfQiaamoxirE+SZMivfI
1E4jCTMpp2qnlFP0R+XUOAqgR2zBqRWMesfwdUbRxFWMGv8fMmr8PEYJkkT3CqK7H9u1WIVP
GfEFjbRLsffl8b5uyvFeg+HDfbNVq8MfVZC6WUNbiz+miRqCCHwkwmc08aZO+c0oCB/AVsaF
2UPsTm8FR2V+GAUjN44tGLISl/z9mnzsnlvdPngC7V73P7v9d+RvHAt2GBIvJYu2T7GuBp3h
8HMq7Zk7G4UPpMBrQvvo2zO3REQhacqH9p+Ifmn12x86aQmCRlSO1xINP1dVAlk389u0CvFd
r6ykaxqM4+g+RRHf1cbxShwnwAEgxRHf2I6ziw8fr4adS2yK1ev03w3fG2bK9xi0npZizWbg
ZcA4wUsVoxBho+TZxB3docFDuboumc2hg0fuNIBR0ZkGoeu7+DKND0UvGEfhD+0ErL6VfYD+
y/YD+k9Qil2BvcqeYJ6QykmrBn84sLAisDeoYHxcabTQ/W3SztColKo1YsBPg/aF0I5iNJVg
6OIkmo8SwszmPiQpxjISo77vLqae716Xy1PX/0Jevyav/u2/4n1JZLIsyKm84sYQqRpHFuow
ZEBNSXAnCyuRvdYe0yCsihw4IQMaTSIF6FXrlbCtSIlSZJHZ22/C7LJSwGCizqTVMf9H1kWH
SCcsMs3lJrOiWG8EYIVABTtQ+o4o+gBrtaPIfoDiCzytSNCRDEakUC2B1/WXG9yKPHRwEJvT
PKa91E4CT1bA8mWx1xVkoNLEbL6J+dggrWDofJAsoVgeb5mJX4+sbY/YZmAz6IsQk5EVEuc7
9bNlXmjH8QKJd0KKoklKgxHy4oyWfP4mDMVS9dJtgfJAgzLlFYsCZpkYxgeeLX5zeA1ESDCN
cidUyBV0SJI1skXugWFoAEtAFBB8Dw/qqfyczWF6MQq5C64+YMZAb0LGZP4mCB0hoaVXxSJ5
wZtNDGOUpQMfw/BWVLpBeT1ikFwFzrYNrYEoKYeAJWZQpFxmbGq1s9xqKj4AMoiZU/fK+vE5
oGVrapd90n7mGcaXVN2Xn8e85G3RFbgvWTVeWYX26U5jV8/WLMFSiaktMDLlPSp+IxrBRz6b
b9ZLJgwYZrVaMmmwZF1gAvAwqrFLcEpquclIOOEwQFB5cGTsFzQHZqYzOuBTNUN7A04IuSbV
SoV8STMYLDVM17oLxKHOP11cnitgFhqQ1zoo9xpAqXzqoaTQMCi0sRUe5IGliOK9VP9TqGKR
20LD0Gl/2+11yMEt1HeL3gYpyIZDwREfbcplFUkMp7d85PwmXBNm036odyKrfI6DktKLPor8
ynFT6pqbkoFMPZVmy6yxeV2lgWEk/GFuu+3AULlwLNQSYZfwHViIzrU3yuoeHx+k8mnqxzKl
DHUNvDYr1foX3kkMYwl2SeJ7R1Ah5+SeInWUu4bN8FXRK8KP+Rz0h4pfqfQpszSVVhS98p0N
fjRa1XS2lgtXJ1UTPNRWgwVoq7XSSZMY8GNWWXjMTWwPHHga0uJC/O3iokdwzFrA1N61gbda
CtQD4nnb7g1oxzcGOFs77/SH3bddMAjtq+H7i8vu8DN0dMey58nkGk2wMmh8G3TOrhDCQitq
Ib5EeizlwYEN6p1vA9i7OGtvVeLZZac9vLjcBrR/0beu+t3/uOpshBwqELvGI7og1JzvlrP2
fNegsWJ8p/aeRUGYsY3Fy8hPxOtBRPtamYge2b+AWd7Hz2y0kCVbaOSV0Ykhe4pz/0KDzfr3
G2WJksxvb+r5s+DK33+TmLwhDXyBhpBfiCle35BTfW7A6JXTgzb6SzCpb/tOGj4dIK/2BR0w
Ny6B1w2PpOa3q25v2O1b5xcf2vBz2T3nEDyh3eu2B5hstc8/dPsDnlspEf2PJe/rfKKt04gp
8MCV1PL4Swlbx0Cp08V8MnDNfsEMdCg93m4xlxdOIGOZQcAsy/GRyq5IDogHtUTgyJQyWawm
JaAF34+Ci3Q+wvO0pgAQVUmmgFkNTOel5AARYpyiGd/kDJIXcl1tHH9R5pWJom0oYeGLcoXO
fEODouvTL9xDZzrDK6Nqg37EDOfNLA2s/qBslsH614t5ekNLQY8WOcoJLIkCRSieCgQJE73E
IPUS95q5fp6S/X0Ow+e10P32ynvAaJLwXlVShEhnsThRr0hHORbI8ynFZiimjPyoXmV0DdUy
L3YViiJfaS6YnOISsw60fY8IiTaaCTVcKIaFQbMABB+2D8KFJtODmE8J2JwgXJTfQBFjdxTE
bHagCirOTOv5OJAhlNZPqzYMwJCziyVawaHOp5W5twdjqX75xY+j8pt0JpvWw+K1qe3VVuVY
1Zo5Xm1bU8yscc1AU15qXe26XvmSB6nbbFlkaqP1OouS+RJHOrf/kN3GRyWIyqO4ZDgYYCoC
mc+7aKNcq5Yb9br00R4VyUlg1UxtaezNrLHnA/3nwbDzQTH1S8Y8tecZnupmUNeOb6ukq5ex
VrxKkal8jSX5ZmM3GhqXgl5rjhhSACkH83QvXblIR4KcopZytM5DaxmB4w+TN7ZCtrnHSLBt
OowGvJajae3LHUYrJe0vMnnr/iKamttv8p1GXM7frMvZgnN0WhR/8akPNKFSZ3R4Wan1dkvV
UFnFlUiDzNEhmc9VqFau5GrQcjnZjGX9UTc/rNEbCbaN3mjAa/UmrX1Zb7RSUr2RyVvrTVrQ
ktbkTV620xm90ByNYUVvpSl6S6UCqMzhmqJB5miKzOeaYq7QlOVyshlcUww9asCdRS2SxdN2
McDABnRt0VY6sHxoz88ssXls7Nrg6ODKDFVG7si96MZ/AOudgVwElrJnMZM6LnWajXqpUReL
4ato4BND3tyyqSwhs00hb70IvOwkesDtSlAS6hXBooSLFvDIHHF9hGL7RZBMZRKeHTqEf672
B3yEa6UMKBQoDcljLB2zkVIZNOduucKs1SF7RXhvFG9YY4MenNZDP1qkfslZ1RAXE9zIVAAv
FZdx3CRcAIvArkjfb+PKAYYeFS+ZKgZ4xOj8d/57bk8HipftaasjK8uk5SIHue88V1aH1ecG
BoG7pwaifUe0UcPUw18ZgQAxb16vkoRGnKxLD3gviTjtiltLWAnL5glYevi58h1HTL7j6Jny
FTMLPk34Z+TLpxvjf1a+oo0Z+ar809v3ZPE+sn1v1A6B+en++aHTIl3iBP6rhNz5wQKL9XBx
HwzMA1roO7pr0PYfyMiO3RK5mSd0Icvzx7yUXhDczcP2aBTM/QQDIkW6Sa7vJl+/fn3nJl3/
NoC0iR3jNr8HEgZg1UI3gpn4zPZHLrOrjWapfkKMauOkdHyyhWFVGskMKh/y2ZRy6o7tKR1z
kocQ95XCqEs3QVwNOgSTMrNJCgUzeCB/CK9XsUsjEJlkujUpR94AySHaUw+amX5/cqfT34Gt
PkXl015GY3lK+cbWXApqvIUtmNDmRmy2D9RugFZTxK4RvQQ2xC0NDmTdwEBk5MZzpq6fBnqc
YIY7Zq5rNPxD0tRrs1JRF4wgiSIS5jNJGdijERUNd8Ic92Y+TneIYpta5CWuEtEG/8p+WmQP
ez6fVebgELIeS64KvSBsV4PaX2QkWziFumb3KedZVIbyXDhuuQ81KwXGNuBrvcIihPBVXI8I
DANExjZABHYCJvvcgLkveFrMRnMznFpqVuFlXCQvO5xvbLMyPhYYncSNIj8QW5iX2ZUGGXHg
YL4Jp0PpOecB28Gas4tEVyWeI6J4PLOEUEUt106U3L1//3tvTbbeqg2yFVhref1dIv4+MWdF
zR1C1ulxcOP9P+sWIlBOo4WxYCq9YrV+mxavR13f3vW4aWtVQGhp1srrXGHPOEDXOoCxJNH2
nqxRUlnFN1UQ23cirkGpxuGT35fwWQqgSnZzPVZ/lzoFV36p5BkPYY3EpaKv5z6l5PmCp6z7
DuHjs58nWHw04crURzHNMlbyQDXjq+t/ZrOf29xlPd9Cx7P6vUG3M1HG79CwtZzdUrf+3w3K
WkPxmONlbB47jaW+biy7GAarqIWamqkBHbEWuX7pfIEyD3DfvOcM5jfteTIJcFm/kPpopd2V
TWRPDvoZEq6UUSRlYhbl0aKaaeJmEKOOJ7joppBPgOUOzjWfE7c8oH8p4k/nncEZc67et/vn
vQ6ZvMXZ22tyhtFOl34UKFK6gfsTYHZYjJP8zb/O22csTkUhcA+INXjfvuxYl532OUApKRRB
Ad6P3ZHlB75r+d5ESb/42OlbnT+7g2G3/y5beHs4vOz+dgU19y8uP7R7ooq3vfY767f22e9X
H61B50O7P+yeDRRkOv9cubeNP9uQv0FP9TatB840dAvantj69SVylkgPm2vAa9Lt/9HugevP
NMOCj6uOFlJrnNLjJXiaTT9eYidJ5MF8080/YiLDy6oWXnY/Di8ud8t0q6UVw7QRz78k8swV
vI7xFQuU5UPbNsHnza8yZZAdkksMiR0L+r/cwRFjzPMvF9PUwGMQWzcuzKqtaO5jjGPh+f1h
kR+nNCmHas3SKd2ntWXj+GY8LcgSinAKPbcC/xNC27xWIOdF2lyUDRTpCov0SHEDyALnwi+I
GmdTFhjCRVEd6nILFsxWK6AI1F47Ads/TZbMKGLjZFBYUjYcUW7WGDcbladzk2+Ll/rLlZ9H
aFTeySTJO0Jy+QfF0VgSm8dLtJQznJcoOslMEdSS4IgZFrMO8tqqBGfVKsmOylZ8qDNFY4L0
VOVJDXl32qwx3iFgi3dEHoChkXk8WeInag9eHj626JjQnmeXlGevNvbiLTokLSiNdFKunDaQ
K01hwbalOQ3IsNWrhlkVEZkcMxLGXL2W84q8BC16UWAImnqXGJNTq0XY4Ttuk4pp712LL3i3
rhyVT3Tpg/LVx9gibqLhbgV3Cxi6wOZcbdYpV80GO8G7PVepOko93GYseaZiPrXo/DF0a/Ul
mSEnR5+FAh8dkfhhNvX8u5jYkYsB3GSCe05x/5OLcVjouS+EqhfSNuyTgdV92+v/XqSzB/5O
BXLKTsw2a41UzbcbqEmm0wjLQpWVqUQVtx4tSVgKJKu4/NzLU3CXlJYtVi4dT3/p8OKybXsZ
lwgeTqf/hUVxMh0JKJF1lKZtR1im3adVemayWT9mNyRsz8xvSnl5WAoGd7nXPvIEJFItPqgG
ro9CZUSxDWT2YGORx+7F5mzQY/fH7syXVT5nZ35KL92eLb5yduY3tJ35GUi+M7+J27jrVbY9
u0JdYvzhpm9koQMD1v+PCwzW22xvo4jcV/mSthrhtzaG+JdGDN1ZcBOQEl4tUFQWyBBQPfzK
PY6zIHyg62k4hY9VTaJAVENkfHhdRdmTr4rDJ1Z8/IkLYwf5VZ8ewZxZfotzKOhlg70cTflh
FbFttn3WK2aUbvLDdW7yHSo3UTVusq3CTbQD3Cct02zVTT7U0uta4KdK5/yjqR3HJMR7Kbj1
ALn5QQKjx9x3DgkZ4g0seMEE0A0icukiIV5dwqpiWfBm850KYrWQkMSOYUgCHzNO8OaWxcRO
cDhC5AeysMHigXhd0M+AeMmrmI5XSEc0oxeG2FNeTjiPwiB28R6Y6cMhv9JFjqQ/7xwdELqK
B3rP8uTQSvPY1QMyM6SZocj9yI6U81lTBirmQAOAQIHJbDTXoyR5oLlngZ9EwZTAt7zmQxKH
DdAJNDQCeb5KpKETySHyCDU0QjmgTqyhEsshMgTjyBA42H/mMxBZuvQnTspfa0e/vvyMZWAe
yIz2a6yGb3PpfE1c6G2+QwFUcR7yoWMIqqMk410rDvTye1Aluh0mofl4KsWeWtJg4LjNC1hM
oIcDok36Q76HUVyvIteNfxYDUkrpQPIjuzBKoeDjFghGHcxHYGaK7YJHhF4wDnBUju5x7jqz
H8iNS27nuJaOWw68Ww9adN4fpCxKV8Fsz79eeWhfLZ7BErBkyBbKUhQYv9KmH/jlv9wowC7L
r0aAfhVjfwtDqP3mAZjEbrYRF9iwtkM+JMuLLOLQXvg/djDmNT7LMApqqWHkHzmG8Vg3jBpg
erPFSavCBuJGjbq8+EPnu/GdF1p2NLbwVD9Q15JXKfAI+iJO2Ozaie94QFhAeIfT8NyN74DP
MBZxQJkNkgM1G7ELoHx3IWUHpjJy6QVEygk4usOCfvPAzpHw1hR3Dmq5Gry/HFqgVdl7LDZl
i05eUa8ZIAIG1CWZiyN8PFVxMdjuSurl1qiXe1qr82iyRVl+D8O+iBQPgzvXZ9MrNDjSzd0R
t4agQUpv3KA2K82lxknJ5sZK5m+8U0RxXr//kpCtrgl51kUhz7sq5J+5LGQnnt8gH5UrqnbY
JJ4K0xrPk5gUhCBDG7eosouo8PKpEuNJiUqX4qIPSPFxp2HqiLF5WPxjTU5a6VPupVJppQYn
/V5xNJPdS5ULVyPmCb1M55SFJxt1PJWLP+xyt9EkWPh6sIOtXGYCB6IjTuzYAp835rEbcVRz
fx8jWLWqhQI6lECF1EKBK8eCw0tTSgFdUougO7rxkzrudLJ6UCT7DC0tlXr8UDTe8MFqyJu0
5pO2uj62m5ksTbhR959ezRZr0KspMfIp2arQ5fmwyjZsx4vXpIKywzrFkiL2nE7/YvB5oJxw
ZhcDNlBpjBPzBO8UoMoD3U5XHtZBuXNHOyVflEO6yT75n8ziEC5eXfR7nzXq0E9/sp5xhki1
VbWN37q2UdMyipUr5c3qytTn6ZVnEfnlC1sjMnZTjZnTIN/a0rbRoK2UVGgpHWA3l5rRSrqy
BWLV9pwT3svodT7chNOLDH+o/RY1PsdllNSiBRcfOS7jieYy6oCpy3jcqp/w2/JwEm3AT/N4
6WT9T54/ms4dl/wyT2bh4eSNmjT1Zl4SZxLneGeGg4mGTNyz50mAt28dTvaU5F8AcOrd6LC/
LLDXZ9KmM1rLLj2DwDYBx5NgPnVwG/C9F0zRWRLzLRL8b3vX3ty2jcT/Vj4Fo5u0kkUlevl9
uTR10rRzHidjO5e5aTs6SqIdXvTgiFQUTyff/bC7AIgXH5JbN5caTRqbBBYgsAAWu79djP4b
jlPY7Jl4yvqKSagJk1PXpBuggnDOkQYg0AjwMFn41RiH1QpYcvzADlYSzSGuymJ5M4wRJkEr
FjqBGGc/EUwLlRRsUYsEopesrEJUc4cpYdlO37z758Xlc3r609kPr4fAEZm3UWYHiYWfbxBH
w6sgZT3SqFO18QIbBsdVKPbwl3lddZLVLEhPuQUJ7XJnYfruA+sv0ABwiLSAznTZXnr65vt/
X75k2+k3q6hpgnbWY3ZUm43YkhpHUoKzJ/WKvVx/WEXd4RROjcPcjA1GEKNBuUs0MQIQkzmE
9uzdyY/Pz5VwRYbhlZBGHIebtVBxNdLaz+XW8vbzQ/UG7acSpe2nUd7JGpPn4cJY5uLy3OPE
lx91ZhEJybHxZcP6fH7z4kSBRZWvvJUHzeqEjGVk+0y0XMWOpySp+GBLYgsx8PmUzWFYYCeL
1WgaeqNg/CGZBglbD/LIyMHJWlU2HqITsxI6cda3z+Poe1TN/LAMQzWnRsRgTBwN7wKZQmFP
KXqVucJYSDDQxZSS0ztdniCL+L0gk4PXRe5N5+m7aD5ZrBNUQip4e7WVzWPDDUzT22vfo3w7
/RwbPjWWI5HtwSaSus6eBLAlTQBON4OoRKjtuvjpBbSWrbZ2e52DWFCh1i418I0ZQcGInrCj
81qxsxpuY7HDJw+S1E9mxplYeuapGTd1eTM93OIcFzc+Wr5njpmjh+TXolbBYAFyerOByJTc
TlEVfNw+53Dwyc01SIMaBzt5QpS3Vw62vcqKRAAVpbAKBJV8xBZ2qPHMMQm+UcUOI0aJRTdb
XYQx19mr9dUcHLNIskD3IQrCpUUN51ZhkwsV656qF3yoaP4sq56i+tMMbwqtRiwYkGXUDHgG
L6r6r4y7dT2XRC0bVB0iH48brFbCOZRzChNnuW9aRoj1xQqOKquEgrpnWtTFcoJeaaMwnMMZ
h6K8z8nHbR0yUrD2gGALEeGD0WKVGjpXUhGj7azb47barLl4wQGT5XGgPbf7OlxlMMwzqUBZ
jKPfribWygHSWFSrwubRtsKBWtZj4dSjZRFMalDVuNS+D6CsuMl8AhkgVuT6SZ3UBhQx8dCH
gIn7Xb+LWvkxFIOljIexWY5N32uFRTP0CYagOWXHqBenp9DUq9V8DNFwU7YB9XviPCH01Ipc
3wDHfih4Go2WwfIGvM94qceT6bRurcji7ZDi0rPS702TuJHFceQY4zkLrLAYeFmt8bEHFyV4
bNhPg4Tu0yBVCSwYyhdqX8ef01c7DiS+53j4XbfnewVEVKkXCagPygpri7NvLdffDbTSQutA
GoG7tOCLGjeJ5idbCdoG8Ysj6vqujOOnZ+Iokf2jXueoT5qG/h5ecQH/4MqDx+w1inVDkpfg
GE/L0DGe9V9NFyO46AIXQs6L8toUsrwyyREqXkDAbzCnovJeGKO08IB8Yqwhr+RbPLVXrolG
M6+ill6RMUMwDASriYQCJv+nyyBmS3UcL5bpYy9h23v4aRzGUBco3I/S5c0wXQwxf6Opfgms
Lth5IcwcsBUtU754ZYrTHUVhAQVAaaGS9MR1CX1AU+yycTkQAV011f0VG6Bh+Ckc2268pI8B
IW8WzKN4NZXX1ZCKxA0R02GAZEnDxsIPObAyRxlwStugBK7GHLAoyrduU17PIALdIrkknYiV
s0E14betlxHeXjOcRMtwnC5gITYhl7If2N7Lxukjj5nHa1zNwRAeTtiKCncGcfEJ8nrqcJth
L4+56uw/ynnoW0URBjJICKJEkoJIwRjdchsC4MMOhw8InADpfyLahtHdHsEtaBGG2DBTDmzA
m2gSgEYslhxK9fgBeOIDikKBLCxFqLhBx/v+Jg0TcsJPF1BZwMPNICAAasBGLx+iKRk/eBP/
9GOK5VZWptRLHXtWGxVo8nvUaAu3AOutTleID8g98wWbbmwdAiWF3iC2uvsiGH6S8qk76AGC
uzXod2hF5cpF4EGSUEA4x0d8QT2n5T8ESAUPu6pdrgSrHzJOAv+A1zuY9GFCuxDeOzDD56vp
FOHWYt2maekMhyDmnPMlYQIpC0b0FTlXVlY6+Xm/qcH1rNtQfHJfax5/tiheb0vx8vwtIygB
297Z5TmbMS+fu7Dd6hNYWzhL4e9oLwcCINOKQLVnlwgyvzU1Yd1Io2nyZPYBpf/Hd2nk0Cve
xtaRtRqNHTpB0+ZxcNTR8YPO/PJKpT4gCcn00cPYSHShkmrEyAwTnsMwoWeMFoaxgi16T8Z4
1DcJkAbLtKLMaJbZj2O2G13BYx4BuTvwWr2B3+/BVC+MnAjAch7Oi9GchFfA/Ey+agT+qMnO
A42g+ffGqNl8xn44gh/kyU2xYcQrNdAvYWfVCIOEwuJOIAIXlv7c57/KEL56mFMRFJVOWQkp
RzBg6aMVHQkuoslPk3CeAvhsKf1A0e222f7Hv4LpKvx591deXjgC+15OANs8l1Kip8a2zbyM
lUa1H01Xbr9WHqEnUjSWdmv0SJKJrhGJk08gCohjIJzk6Sd2cFcde6IkmMbvA5AlQMkB2jD2
U5fuWjn61oz1lgiFEyPDvuDJk0fjOiwPUPbY+EaZiTHsBPCLemZ+KGVbfOup15NeYaBYYA/6
Wdw+eiCu6YD269dPcVXgDrh0oxJiH13auP/Rah71ArZNglUATRbrcSL6YjZKmqqHTDhfzYYo
XZBhLsHIl46nGJwNPhKYOBH9ifE3X52/fvuGjGgdXD2ZBKLEgIHYZVGYoHrlqfCZ6na6KCV3
ex2/T9ceuFriEbgCQ4CyvrgG6AIZRbgXG/h8C22GL7MrDt5ejY9mTXQ+W/bhssmn5nn5WOa5
EqPJ1iN2JmAD6vb7vgoiEPTWEVsbHk1A9whmfj7K+CnqFQhjAkCJSpRoWbepdkr1tvLrdagF
eF62CabRfAWntpqmaYVUJZ6Lpsy1FMUC2Yq6LYrvYt3FooQc4MDJbHRtLbIS2oXrnSjyS1k2
o08cJSR/YTCB3sDKofAZxRuwcqAipygkQpUYKzIpYcU541ctWTA/KlLIDbgByRkVzWTdwpoq
sDWexDPmLiBWhd3tUhnnWy+tIG0ezg665si5cdFQ5QZbiGWYBZTmGa3M1yw5OmIfeYRmC+tL
yDu7ZRSAP3lFqgxwtoh7zzwplIj7Dusl3c0Tdxyvfc4wYbZ1hXYCfrbq9rqkKN/rintunAs+
UsQNnfYm8YpvZWTUp+hdreIMJMPbe5ayXfWqbFfyTbpIgyl/bbxahsmKTTKp3+1kIhzsxGCc
xlWwl62CsFxoXwOdmG3d6neoJAQMb7LQ4pLu9tiRtdU93PN392XnFvQdHzRTvFM+nj1otWD/
/A35P7smCD+E4ry1apr/wtB4JWPAWStnTTGKDmkI5JUwtVyb6FAMVkbctXDXcoPNtfBT8NiK
tHnN0a+Pr5dx1BtyFNKENsRsMMx8irO+CC5mTWs+RWUmOZ+zWYQxUxX+LN5O8/aXbFjZhFZZ
hU3nirgTPqllU//cTUre8SnSne9H3Nl3602paEgoGmFx+Yoj8TtvdVvIfJCcA1BF9oO0mfwn
SlSQAZ1Z1Rnryl8qBUIqlwQh/eGzVWnKRmW2n7O8xurzFlLh3IXkZB9IG81hSE650t9+FkO6
7UyGVHmUKs1nSAVzGpLjzkQ79LBDrLS2rAqc8XuIk1tIk/sHoGvs7fMgPqskuA75ldP2MRoI
tid+u81dJ/XGe9dorOROtKobqvQ9pXIE782twZmSOByT22eDjakkOF4tMdgzb1CEvpxLtvYm
21QyXwhCsrrmLwKLkdMdCeuO+aKNAycSxYGmTmESFHp1x+uJxwjidCki6EyI8/ACNnDjNEHX
XG4laZZ8ZvsZa977cBqr1KhhSHIWJjDiv2RjEn4Ce22XkCPIIocdZJGDAWnFsH9QjRUsr6Xx
Zwc81ZBtEC/pEGQ9TzlHkB1OyP7Zc979QvDXDx6wS8j8vIKML1RikYjD14M4fH2v1e/sgZqs
tPk1FUwC2x7cmwXv8L6wentSb2L0KMcrPinqUldmfBHG7mmVVZAUVMDZDGpoKTXwrukIsbyQ
/rMC+sAnWfPFUnDMD+4EvzK0gLNRki7W4wRlg2xDQ6rdX8lbpyH0r/xpAcK2AlW8t00lGHGC
QvnmuVijm6nmYHkkywXG4OoLI2UJY9CeTA1pkMjCDqFs76ZImSIDxdNkz3o5GQA3BnCxmvOU
Q/TtC0mwc/K0F9W2GPcGs8H+4mwVfwdby4Wgp+jYsaMHqFXvD/a+3I4277/6ovrb0bgq3b6P
wW8ARnNQqdtrhX1eK+zwmuxt+emix3e7/azbTFHM6GItbzV5uqSb+bJgdlTts9TcoFA0pufY
b4cHFLq10+HO9uVbRrZn1pSr2DTdkaI0kn2Qk8FXlW26wSrTdOAOymGnLg0gr8TxSieuRMGi
27QNM724//ju7fSi5u0M9bLdqqVePKxsqtcLZLb6PXEDMMgXbJZ1USmrW+vHcFqzDfMFFvzW
XVvwGav+LbpiA37lDYevzt6eDIfwxEWh7abQFtBqNYNsfPtBMSCArq6qeMVXZWxB3sWMfF08
vEcsfFWIBe8vDVnYI7+J/T1uDaoOWvC4ZQhQ/0WGobz3pl1I/Z11AmANRd9n3sH9r8VSBFLC
ABb+XX/vQFqK8vtS2n4gjJV6LBbP3y9mIePhIeNldGB58/zyR9f7db+nvv//NR2tDNPRKllG
fexBaTlyWZgoG2OzWbC8qWBpovw0rKpfTGF2GCReRowXP5+qw4BRndRxU8M8FdKHQrBi+So9
Yf4Si5nyyleryTGTwR+Uop+MovmT5D0K0plvkAysQtga8VkmZadZTU5nTSInWWQ4Xsw/Anw/
XiTRJ4QYFzbdgMYIVUaFj7b8w78gm1+Bs7E7fa0mv9uZCm5rJqg2DPf2vg3tfS7PcCX7vbmv
Qo335r6v0dwnN174r8rm29I2X1dDNI1W3a/nqwu3shnqe+pm0LMOaBS7h11/v4rEax40/gx4
9N4A4dG9/u49PPoeHn0PjzbTPTz6rwGP3kHzFfw9ykdJ50Gls8K4y5UQ+IM3tU03rcMBwRe4
9bEU4eIEuIh2CXxIQEzFNg+EougwlG2gJ/xqAAt/Ukyrfc3aigPR5puZ2lYCWdhwnHSxKAah
tGcEapmhfjdLhGthO75HbzBuH90tAFKFx8SKEsIutIznBsy8Onl9sT1iZnvMjBMyA22Mknga
3CR5wBmbGN7uEC8X18tgxj6RX7KAt8FDjH0ROezs0gm/oQtMeghf6R3uc/hKxr4oWJXYJlGT
bYlm2JfWUxmGz5Mq1jF79vL8/PX58OLtycnLiwvUW+cBfFquV73tsD92ASGtqa+VikwgUA54
SHvMtVoarCjiyl7sR6lAxn2Vq5IJO0Lj0gdjUhXregkq57oAlaNObxNcZPTMnUCMSunPiunj
0mFWkA3Flwtjqopj2gDI1HAimWwok8XhLjzTHt7H2AeDUAXYQlHKB4IUpXyASFESwBHxe6HQ
kgePyoNMFRNVhJlN1UGOJtxZ6eqiVBUCbsgMpWJ4ETtRDyA8T9fvV8B1FaUvm99KLnCjlAvW
umXxu+Fiu9F3TOTP52nPAlfxffV3wlhlxHkgZyPmIrx3rvZ44QNIYhQFTouErB/Cs+DF3jee
jjdTKZjhlKsSkScuCmaY3yj6/7atKSutX+0whhCBmoxKrpaws9sS+Ukwh8B/12HqvXlx4gsN
HVcAMIGX792FJfMKliEBuaY0Fwhovfc1cIVuia0MC+RU1avWzefF9eRDJ+yTtz1QGrTwf5s3
zg7QtQAA

--------------C2F7C05F0366963F23093E66--