diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2005-06-05 15:40:50 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2005-06-05 15:40:50 +0000 |
| commit | 5e8dbd04ef7b2df5ba3f8dc859ad6e472ce1c534 (patch) | |
| tree | 7767975616a98948a7ef791c43b28a21711a22c7 /crypto | |
| parent | d74d50a84bda49cca847afc2f65bf790d6af7361 (diff) | |
| download | src-5e8dbd04ef7b2df5ba3f8dc859ad6e472ce1c534.tar.gz src-5e8dbd04ef7b2df5ba3f8dc859ad6e472ce1c534.zip | |
Vendor import of OpenSSH 4.0p1.
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=146998
Diffstat (limited to 'crypto')
129 files changed, 5426 insertions, 1723 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 2292ffb006ca..046e32e8a9dc 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,670 @@ +20050309 + - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 + so that regress tests behave. From Chris Adams. + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/07 23:41:54 + [ssh.1 ssh_config.5] + more macro simplification; + - djm@cvs.openbsd.org 2005/03/08 23:49:48 + [version.h] + OpenSSH 4.0 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update spec file versions + - (djm) [log.c] Fix dumb syntax error; ok dtucker@ + - (djm) Release OpenSSH 4.0p1 + +20050307 + - (dtucker) [configure.ac] Disable gettext search when configuring with + BSM audit support for the time being. ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - fgsch@cvs.openbsd.org 2004/12/10 01:31:30 + [Makefile sftp-glob.sh] + some globbing regress; prompted and ok djm@ + - david@cvs.openbsd.org 2005/01/14 04:21:18 + [Makefile test-exec.sh] + pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@ + - dtucker@cvs.openbsd.org 2005/02/27 11:33:30 + [multiplex.sh test-exec.sh sshd-log-wrapper.sh] + Add optional capability to log output from regress commands; ok markus@ + Use with: make TEST_SSH_LOGFILE=/tmp/regress.log + - djm@cvs.openbsd.org 2005/02/27 23:13:36 + [login-timeout.sh] + avoid nameservice lookups in regress test; ok dtucker@ + - djm@cvs.openbsd.org 2005/03/04 08:48:46 + [Makefile envpass.sh] + regress test for SendEnv config parsing bug; ok dtucker@ + - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. + - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. + +20050306 + - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor + when attempting to audit disconnect events. Reported by Phil Dibowitz. + - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit + events earlier, prevents mm_request_send errors reported by Matt Goebel. + +20050305 + - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch + from vinschen at redhat.com + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/02 11:45:01 + [ssh.1] + missing word; + - djm@cvs.openbsd.org 2005/03/04 08:48:06 + [readconf.c] + fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@ + +20050302 + - (djm) OpenBSD CVS sync: + - jmc@cvs.openbsd.org 2005/03/01 14:47:58 + [ssh.1] + remove some unneccesary macros; + do not mark up punctuation; + - jmc@cvs.openbsd.org 2005/03/01 14:55:23 + [ssh_config.5] + do not mark up punctuation; + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 14:59:49 + [sshd.8] + new sentence, new line; + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:05:00 + [ssh-keygen.1] + whitespace; + - jmc@cvs.openbsd.org 2005/03/01 15:47:14 + [ssh-keyscan.1 ssh-keyscan.c] + sort options and sync usage(); + - jmc@cvs.openbsd.org 2005/03/01 17:19:35 + [scp.1 sftp.1] + add HashKnownHosts to -o list; + ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:22:06 + [ssh.c] + sync usage() w/ man SYNOPSIS; + ok markus@ + - jmc@cvs.openbsd.org 2005/03/01 17:32:19 + [ssh-add.1] + sort options; + - jmc@cvs.openbsd.org 2005/03/01 18:15:56 + [ssh-keygen.1] + sort options (no attempt made at synopsis clean up though); + spelling (occurance -> occurrence); + use prompt before examples; + grammar; + - djm@cvs.openbsd.org 2005/03/02 01:00:06 + [sshconnect.c] + fix addition of new hashed hostnames when CheckHostIP=yes; + found and ok dtucker@ + - djm@cvs.openbsd.org 2005/03/02 01:27:41 + [ssh-keygen.c] + ignore hostnames with metachars when hashing; ok deraadt@ + - djm@cvs.openbsd.org 2005/03/02 02:21:07 + [ssh.1] + bz#987: mention ForwardX11Trusted in ssh.1, + reported by andrew.benham AT thus.net; ok deraadt@ + - (tim) [regress/agent-ptrace.sh] add another possible gdb error. + +20050301 + - (djm) OpenBSD CVS sync: + - otto@cvs.openbsd.org 2005/02/16 09:56:44 + [ssh.c] + Better diagnostic if an identity file is not accesible. ok markus@ djm@ + - djm@cvs.openbsd.org 2005/02/18 03:05:53 + [canohost.c] + better error messages for getnameinfo failures; ok dtucker@ + - djm@cvs.openbsd.org 2005/02/20 22:59:06 + [sftp.c] + turn on ssh batch mode when in sftp batch mode, patch from + jdmossh AT nand.net; + ok markus@ + - jmc@cvs.openbsd.org 2005/02/25 10:55:13 + [sshd.8] + add /etc/motd and $HOME/.hushlogin to FILES; + from michael knudsen; + - djm@cvs.openbsd.org 2005/02/28 00:54:10 + [ssh_config.5] + bz#849: document timeout on untrusted x11 forwarding sessions. Reported by + orion AT cora.nwra.com; ok markus@ + - djm@cvs.openbsd.org 2005/03/01 10:09:52 + [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] + [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] + [sshd_config.5] + bz#413: allow optional specification of bind address for port forwardings. + Patch originally by Dan Astorian, but worked on by several people + Adds GatewayPorts=clientspecified option on server to allow remote + forwards to bind to client-specified ports. + - djm@cvs.openbsd.org 2005/03/01 10:40:27 + [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5] + [sshconnect.c sshd.8] + add support for hashing host names and addresses added to known_hosts + files, to improve privacy of which hosts user have been visiting; ok + markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:41:28 + [ssh-keyscan.1 ssh-keyscan.c] + option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@ + - djm@cvs.openbsd.org 2005/03/01 10:42:49 + [ssh-keygen.1 ssh-keygen.c ssh_config.5] + add tools for managing known_hosts files with hashed hostnames, including + hashing existing files and deleting hosts by name; ok markus@ deraadt@ + +20050226 + - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] + Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] + Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any + more. Patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the + binaries without the config files. Primarily useful for packaging. + Patch from phil at usc.edu. ok djm@ + +20050224 + - (djm) [configure.ac] in_addr_t test needs sys/types.h too + +20050222 + - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from + vinschen at redhat.com. + +20050220 + - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac + defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure + --with-audit=bsm to enable. Patch originally from Sun Microsystems, + parts by John R. Jackson. ok djm@ + - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes + unrelated platforms to be configured incorrectly. + +20050216 + - (djm) write seed to temporary file and atomically rename into place; + ok dtucker@ + - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called + via mkstemp in some configurations. ok djm@ + - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined + by the system headers. + - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant + Unix; prevents problems relating to the location of -lresolv in the + link order. + - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic + authentication early enough to be available to PAM session modules when + privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam + Hartman and similar to Debian's ssh-krb5 package. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more + compiler warnings on AIX. + +20050215 + - (dtucker) [config.sh.in] Collect oslevel -r too. + - (dtucker) [README.platform auth.c configure.ac loginrec.c + openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 + on AIX where possible (see README.platform for details) and work around + a misfeature of AIX's getnameinfo. ok djm@ + - (dtucker) [loginrec.c] Add missing #include. + +20050211 + - (dtucker) [configure.ac] Tidy up configure --help output. + - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. + +20050210 + - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the + --disable-etc-default-login configure option. + +20050209 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 + [ssh_config] + Make it clear that the example entries in ssh_config are only some of the + commonly-used options and refer the user to ssh_config(5) for more + details; ok djm@ + - jmc@cvs.openbsd.org 2005/01/28 15:05:43 + [ssh_config.5] + grammar; + - jmc@cvs.openbsd.org 2005/01/28 18:14:09 + [ssh_config.5] + wording; + ok markus@ + - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 + [monitor.c] + Make code match intent; ok djm@ + - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 + [sshd.c] + Provide reason in error message if getnameinfo fails; ok markus@ + - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call + disable_forwarding() from compat library. Prevent linker errrors trying + to resolve it for binaries other than sshd. ok djm@ + - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir + paths. ok djm@ + - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require + the username to be passed to the passwd command when changing expired + passwords. ok djm@ + +20050208 + - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the + regress tests so newer versions of GNU head(1) behave themselves. Patch + by djm, so ok me. + - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. + - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c + monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit + defines and enums with SSH_ to prevent namespace collisions on some + platforms (eg AIX). + +20050204 + - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. + - (dtucker) [auth.c] Fix parens in audit log check. + +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ + - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child + the process. Since we also unset KRB5CCNAME at startup, if it's set after + authentication it must have been set by the platform's native auth system. + This was already done for AIX; this enables it for the general case. + - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] + Bug #974: Teach sshd to write failed login records to btmp for failed auth + attempts (currently only for password, kbdint and C/R, only on Linux and + HP-UX), based on code from login.c from util-linux. With ashok_kovai at + hotmail.com, ok djm@ + - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c + monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: + (first stage) Add audit instrumentation to sshd, currently disabled by + default. with suggestions from and ok djm@ + +20050201 + - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some + platforms syslog will revert to its default values. This may result in + messages from external libraries (eg libwrap) being sent to a different + facility. + - (dtucker) [sshd_config.5] Bug #701: remove warning about + keyboard-interactive since this is no longer the case. + +20050124 + - (dtucker) OpenBSD CVS Sync + - otto@cvs.openbsd.org 2005/01/21 08:32:02 + [auth-passwd.c sshd.c] + Warn in advance for password and account expiry; initialize loginmsg + buffer earlier and clear it after privsep fork. ok and help dtucker@ + markus@ + - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 + [auth.c] + Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and + DenyGroups. bz #909, ok djm@ + - djm@cvs.openbsd.org 2005/01/23 10:18:12 + [cipher.c] + config option "Ciphers" should be case-sensitive; ok dtucker@ + - dtucker@cvs.openbsd.org 2005/01/24 10:22:06 + [scp.c sftp.c] + Have scp and sftp wait for the spawned ssh to exit before they exit + themselves. This prevents ssh from being unable to restore terminal + modes (not normally a problem on OpenBSD but common with -Portable + on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); + ok djm@ markus@ + - dtucker@cvs.openbsd.org 2005/01/24 10:29:06 + [moduli] + Import new moduli; requested by deraadt@ a week ago + - dtucker@cvs.openbsd.org 2005/01/24 11:47:13 + [auth-passwd.c] + #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@ + +20050120 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/23 17:35:48 + [session.c] + check for NULL; from mpech + - markus@cvs.openbsd.org 2004/12/23 17:38:07 + [ssh-keygen.c] + leak; from mpech + - djm@cvs.openbsd.org 2004/12/23 23:11:00 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + bz #898: support AddressFamily in sshd_config. from + peak@argo.troja.mff.cuni.cz; ok deraadt@ + - markus@cvs.openbsd.org 2005/01/05 08:51:32 + [sshconnect.c] + remove dead code, log connect() failures with level error, ok djm@ + - jmc@cvs.openbsd.org 2005/01/08 00:41:19 + [sshd_config.5] + `login'(n) -> `log in'(v); + - dtucker@cvs.openbsd.org 2005/01/17 03:25:46 + [moduli.c] + Correct spelling: SCHNOOR->SCHNORR; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 + [sshd.c] + Make debugging output continue after reexec; ok djm@ + - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 + [auth-bsdauth.c auth2-chall.c] + Have keyboard-interactive code call the drivers even for responses for + invalid logins. This allows the drivers themselves to decide how to + handle them and prevent leaking information where possible. Existing + behaviour for bsdauth is maintained by checking authctxt->valid in the + bsdauth driver. Note that any third-party kbdint drivers will now need + to be able to handle responses for invalid logins. ok markus@ + - djm@cvs.openbsd.org 2004/12/22 02:13:19 + [cipher-ctr.c cipher.c] + remove fallback AES support for old OpenSSL, as OpenBSD has had it for + many years now; ok deraadt@ + (Id sync only: Portable will continue to support older OpenSSLs) + - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user + existence via keyboard-interactive/pam, in conjunction with previous + auth2-chall.c change; with Colin Watson and djm. + - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 + bytes to prevent errors from login_init_entry() when the username is + exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ + - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from + the list of available kbdint devices if UsePAM=no. ok djm@ + +20050118 + - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement + "make survey" and "make send-survey". This will provide data on the + configure parameters, platform and platform features to the development + team, which will allow (among other things) better targetting of testing. + It's entirely voluntary and is off be default. ok djm@ + - (dtucker) [survey.sh.in] Remove any blank lines from the output of + ccver-v and ccver-V. + +20041220 + - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading + from prngd is enabled at compile time but fails at run time, eg because + prngd is not running. Note that if you have prngd running when OpenSSH is + built, OpenSSL will consider itself internally seeded and rand-helper won't + be built at all unless explicitly enabled via --with-rand-helper. ok djm@ + - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since + on some wacky platforms (eg old AIXes), dd will refuse to create an output + file if it doesn't exist. + +20041213 + - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from + amarendra.godbole at ge com. + +20041211 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/12/06 16:00:43 + [bufaux.c] + use 0x00 not \0 since buf[] is a bignum + - fgsch@cvs.openbsd.org 2004/12/10 03:10:42 + [sftp.c] + - fix globbed ls for paths the same lenght as the globbed path when + we have a unique matching. + - fix globbed ls in case of a directory when we have a unique matching. + - as a side effect, if the path does not exist error (used to silently + ignore). + - don't do extra do_lstat() if we only have one matching file. + djm@ ok + - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] + Fix debug call in error path of authorized_keys processing and fix related + warnings; ok djm@ + +20041208 + - (tim) [configure.ac] Comment some non obvious platforms in the + target-specific case statement. Suggested and OK by dtucker@ + +20041207 + - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. + +20041206 + - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/11/25 22:22:14 + [sftp-client.c sftp.c] + leak; from mpech + - jmc@cvs.openbsd.org 2004/11/29 00:05:17 + [sftp.1] + missing full stop; + - djm@cvs.openbsd.org 2004/11/29 07:41:24 + [sftp-client.h sftp.c] + Some small fixes from moritz@jodeit.org. ok deraadt@ + - jaredy@cvs.openbsd.org 2004/12/05 23:55:07 + [sftp.1] + - explain that patterns can be used as arguments in get/put/ls/etc + commands (prodded by Michael Knudsen) + - describe ls flags as a list + - other minor improvements + ok jmc, djm + - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] + Discard over-length authorized_keys entries rather than complaining when + they don't decode. bz #884, with & ok djm@ + - (dtucker) OpenBSD CVS Sync (regress/) + - djm@cvs.openbsd.org 2004/06/26 06:16:07 + [reexec.sh] + don't change the name of the copied sshd for the reexec fallback test, + makes life simpler for portable + - dtucker@cvs.openbsd.org 2004/07/08 12:59:35 + [scp.sh] + Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@ + - david@cvs.openbsd.org 2004/07/09 19:45:43 + [Makefile] + add a missing CLEANFILES used in the re-exec test + - djm@cvs.openbsd.org 2004/10/08 02:01:50 + [reexec.sh] + shrink and tidy; ok dtucker@ + - djm@cvs.openbsd.org 2004/10/29 23:59:22 + [Makefile added brokenkeys.sh] + regression test for handling of corrupt keys in authorized_keys file + - djm@cvs.openbsd.org 2004/11/07 00:32:41 + [multiplex.sh] + regression tests for new multiplex commands + - dtucker@cvs.openbsd.org 2004/11/25 09:39:27 + [test-exec.sh] + Remove obsolete RhostsAuthentication from test config; ok markus@ + - dtucker@cvs.openbsd.org 2004/12/06 10:49:56 + [test-exec.sh] + Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@ + +20041203 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2004/11/07 17:42:36 + [ssh.1] + options sort, and whitespace; + - jmc@cvs.openbsd.org 2004/11/07 17:57:30 + [ssh.c] + usage(): + - add -O + - sync -S w/ manpage + - remove -h + - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is + subsequently denied by the PAM auth stack, send the PAM message to the + user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). + ok djm@ + +20041107 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/11/05 12:19:56 + [sftp.c] + command editing and history support via libedit; ok markus@ + thanks to hshoexer@ and many testers on tech@ too + - djm@cvs.openbsd.org 2004/11/07 00:01:46 + [clientloop.c clientloop.h ssh.1 ssh.c] + add basic control of a running multiplex master connection; including the + ability to check its status and request it to exit; ok markus@ + - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure + option and supporting makefile bits and documentation. + +20041105 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/08/30 09:18:08 + [LICENCE] + s/keygen/keyscan/ + - jmc@cvs.openbsd.org 2004/08/30 21:22:49 + [ssh-add.1 ssh.1] + .Xsession -> .xsession; + originally from a pr from f at obiit dot org, but missed by myself; + ok markus@ matthieu@ + - djm@cvs.openbsd.org 2004/09/07 23:41:30 + [clientloop.c ssh.c] + cleanup multiplex control socket on SIGHUP too, spotted by sturm@ + ok markus@ deraadt@ + - deraadt@cvs.openbsd.org 2004/09/15 00:46:01 + [ssh.c] + /* fallthrough */ is something a programmer understands. But + /* FALLTHROUGH */ is also understood by lint, so that is better. + - jaredy@cvs.openbsd.org 2004/09/15 03:25:41 + [sshd_config.5] + mention PrintLastLog only prints last login time for interactive + sessions, like PrintMotd mentions. + From Michael Knudsen, with wording changed slightly to match the + PrintMotd description. + ok djm + - mickey@cvs.openbsd.org 2004/09/15 18:42:27 + [sshd.c] + use less doubles in daemons; markus@ ok + - deraadt@cvs.openbsd.org 2004/09/15 18:46:04 + [scp.c] + scratch that do { } while (0) wrapper in this case + - djm@cvs.openbsd.org 2004/09/23 13:00:04 + [ssh.c] + correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@ + - djm@cvs.openbsd.org 2004/09/25 03:45:14 + [sshd.c] + these printf args are no longer double; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2004/10/07 10:10:24 + [scp.1 sftp.1 ssh.1 ssh_config.5] + document KbdInteractiveDevices; ok markus@ + - djm@cvs.openbsd.org 2004/10/07 10:12:36 + [ssh-agent.c] + don't unlink agent socket when bind() fails, spotted by rich AT + rich-paul.net, ok markus@ + - markus@cvs.openbsd.org 2004/10/20 11:48:53 + [packet.c ssh1.h] + disconnect for invalid (out of range) message types. + - djm@cvs.openbsd.org 2004/10/29 21:47:15 + [channels.c channels.h clientloop.c] + fix some window size change bugs for multiplexed connections: windows sizes + were not being updated if they had changed after ~^Z suspends and SIGWINCH + was not being processed unless the first connection had requested a tty; + ok markus + - djm@cvs.openbsd.org 2004/10/29 22:53:56 + [clientloop.c misc.h readpass.c ssh-agent.c] + factor out common permission-asking code to separate function; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:56:17 + [bufaux.c bufaux.h buffer.c buffer.h] + introduce a new buffer API that returns an error rather than fatal()ing + when presented with bad data; ok markus@ + - djm@cvs.openbsd.org 2004/10/29 23:57:05 + [key.c] + use new buffer API to avoid fatal errors on corrupt keys in authorized_keys + files; ok markus@ + +20041102 + - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX + 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ + only if a conflict is detected. + +20041019 + - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or + on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ + +20041016 + - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations; + ok dtucker@ + +20041006 + - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode + and other PAM platforms. + - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants + to void * to appease picky compilers (eg Tru64's "cc -std1"). + +20040930 + - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ + +20040923 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, + which could have caused the justification to be wrong. ok djm@ + +20040921 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. + ok djm@ + - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin + install process. Patch from vinschen at redhat.com. + +20040912 + - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. + No change in resultant binary + - (djm) [loginrec.c] __func__ifiy + - (djm) [loginrec.c] xmalloc + - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol + banner. Suggested by deraadt@, ok mouring@, dtucker@ + - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. + Partly by & ok djm@. + +20040911 + - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ + - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from + failing PAM session modules to user then exit, similar to the way + /etc/nologin is handled. ok djm@ + - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. + - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c] + Make cygwin code more consistent with that which surrounds it + - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] + Bug #892: Send messages from failing PAM account modules to the client via + SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with + SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ + - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ + - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. + Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ + - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert + at anl.gov, ok djm@ + +20040830 + - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only + copy required environment variables on Cygwin. Patch from vinschen at + redhat.com, ok djm@ + - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from + vinschen at redhat.com. + - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability + of shell constructs. Patch from cjwatson at debian.org. + +20040829 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from + failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. + From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/08/23 11:48:09 + [authfile.c] + fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus + - djm@cvs.openbsd.org 2004/08/23 11:48:47 + [channels.c] + typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus + - dtucker@cvs.openbsd.org 2004/08/23 14:26:38 + [ssh-keysign.c ssh.c] + Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches + change in Portable; ok markus@ (CVS ID sync only) + - dtucker@cvs.openbsd.org 2004/08/23 14:29:23 + [ssh-keysign.c] + Remove duplicate getuid(), suggested by & ok markus@ + - markus@cvs.openbsd.org 2004/08/26 16:00:55 + [ssh.1 sshd.8] + get rid of references to rhosts authentication; with jmc@ + - djm@cvs.openbsd.org 2004/08/28 01:01:48 + [sshd.c] + don't erroneously close stdin for !reexec case, from Dave Johnson; + ok markus@ + - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, + fixes configure warning on Solaris reported by wknox at mitre.org. + - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not + support FD passing since multiplex requires it. Noted by tim@ + - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn + down, needed on some platforms, should be harmless on others. Patch from + jason at devrandom.org. + - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like + files ending in .exe that aren't binaries; patch from vinschen at redhat.com. + - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree + builds too, from vinschen at redhat.com. + - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 + too; patch from cmadams at hiwaay.net. + - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. + - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for + accounts with authentication configs that sshd can't support (ie + SYSTEM=NONE and AUTH1=something). + +20040828 + - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from + vinschen at redhat.com. + +20040823 + - (djm) [ssh-rand-helper.c] Typo. Found by + Martin.Kraemer AT Fujitsu-Siemens.com + - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by + Martin.Kraemer AT Fujitsu-Siemens.com + 20040817 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. - (djm) OpenBSD CVS Sync @@ -1654,4 +2321,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $ +$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index dae1bb159cb3..4fc3744f383a 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -52,6 +52,14 @@ http://www.lothar.com/tech/crypto/ S/Key Libraries: http://www.sparc.spb.su/solaris/skey/ +LibEdit: + +sftp now supports command-line editing via NetBSD's libedit. If your +platform has it available natively you can use that, alternatively +you might try these multi-platform ports: +http://www.thrysoee.dk/editline/ +http://sourceforge.net/projects/libedit/ + If you wish to use --with-skey then you will need the above library installed. No other current S/Key library is currently known to be supported. @@ -192,7 +200,20 @@ running and has collected some Entropy. For more information on configuration, please refer to the manual pages for sshd, ssh and ssh-agent. -4. Problems? +4. (Optional) Send survey +------------------------- + +$ make survey +[check the contents and make sure there's no sensitive information] +$ make send-survey + +This will send configuration information for the currently configured +host to a survey address. This will help determine which configurations +are actually in use, and what valid combinations of configure options +exist. The raw data is available only to the OpenSSH developers, however +summary data may be published. + +5. Problems? ------------ If you experience problems compiling, installing or running OpenSSH. @@ -200,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $ +$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ diff --git a/crypto/openssh/LICENCE b/crypto/openssh/LICENCE index d8c157304dc5..ae03eb3a7d49 100644 --- a/crypto/openssh/LICENCE +++ b/crypto/openssh/LICENCE @@ -97,7 +97,7 @@ OpenSSH contains no GPL code. * <http://www.core-sdi.com> 3) - ssh-keygen was contributed by David Mazieres under a BSD-style + ssh-keyscan was contributed by David Mazieres under a BSD-style license. * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. @@ -203,6 +203,7 @@ OpenSSH contains no GPL code. Wayne Schroeder William Jones Darren Tucker + Sun Microsystems * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -329,4 +330,4 @@ OpenSSH contains no GPL code. ------ -$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $ +$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in index a603609ae237..bca425d36c32 100644 --- a/crypto/openssh/Makefile.in +++ b/crypto/openssh/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.263 2004/08/15 11:01:37 dtucker Exp $ +# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ AR=@AR@ @@ -84,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + audit.o audit-bsm.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 @@ -158,7 +160,7 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -194,13 +196,13 @@ moduli: clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.out core survey (cd openbsd-compat && $(MAKE) clean) distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~ + rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) (cd scard && $(MAKE) distclean) @@ -228,8 +230,9 @@ distprep: catman-do -rm -rf autom4te.cache (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf +install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -279,6 +282,8 @@ install-files: scard-install ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 + +install-sysconf: if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ fi @@ -292,7 +297,7 @@ install-files: scard-install else \ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ fi - @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ else \ @@ -376,7 +381,7 @@ tests: $(TARGETS) BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ - ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \ + ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ TEST_SHELL="@TEST_SHELL@"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ @@ -406,10 +411,19 @@ tests: $(TARGETS) $@ regressclean: - if [ -f regress/Makefile -a -r regress/Makefile ]; then \ + if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ fi +survey: survey.sh ssh + @$(SHELL) ./survey.sh > survey + @echo 'The survey results have been placed in the file "survey" in the' + @echo 'current directory. Please review the file then send with' + @echo '"make send-survey".' + +send-survey: survey + mail portable-survey@mindrot.org <survey + package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ sh buildpkg.sh; \ diff --git a/crypto/openssh/README b/crypto/openssh/README index 8724d8b5a89e..0c5335ff5b03 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-3.8.1 for the release notes. +See http://www.openssh.com/txt/release-4.0 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -61,4 +61,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.56 2004/08/14 00:26:30 djm Exp $ +$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $ diff --git a/crypto/openssh/README.platform b/crypto/openssh/README.platform index 880b83c63cd5..af551de481e5 100644 --- a/crypto/openssh/README.platform +++ b/crypto/openssh/README.platform @@ -13,6 +13,15 @@ Accounts in this state must have their passwords reset manually by the administrator. As a precaution, it is recommended that the administrative passwords be reset before upgrading from OpenSSH <3.8. +As of OpenSSH 4.0, configure will attempt to detect if your version +and maintenance level of AIX has a working getaddrinfo, and will use it +if found. This will enable IPv6 support. If for some reason configure +gets it wrong, or if you want to build binaries to work on earlier MLs +than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS +to force the previous IPv4-only behaviour. + +IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5 +IPv6 known broken: 4.3.3ML11 5.1ML4 Cygwin ------ @@ -23,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel. Solaris ------- -Currently, sshd does not support BSM auditting. This can show up as errors -when editting cron entries via crontab. See. -http://bugzilla.mindrot.org/show_bug.cgi?id=125 +If you enable BSM auditing on Solaris, you need to update audit_event(4) +for praudit(1m) to give sensible output. The following line needs to be +added to /etc/security/audit_event: + + 32800:AUE_openssh:OpenSSH login:lo + +The BSM audit event range available for third party TCB applications is +32768 - 65535. Event number 32800 has been choosen for AUE_openssh. +There is no official registry of 3rd party event numbers, so if this +number is already in use on your system, you may change it at build time +by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. + -$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $ +$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep index 32403770d2bf..ecb9d6914a92 100644 --- a/crypto/openssh/README.privsep +++ b/crypto/openssh/README.privsep @@ -38,9 +38,8 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing. Compression will be disabled on systems without a working mmap MAP_ANON. -PAM-enabled OpenSSH is known to function with privsep on Linux. -It does not function on HP-UX with a trusted system -configuration. +PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX +(including Trusted Mode), Linux and Solaris. On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication part of privsep is supported. Post-authentication privsep is disabled @@ -61,4 +60,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.14 2004/06/28 03:50:36 tim Exp $ +$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $ diff --git a/crypto/openssh/TODO b/crypto/openssh/TODO index 1b1d03c430b5..e8aaa4b96a02 100644 --- a/crypto/openssh/TODO +++ b/crypto/openssh/TODO @@ -30,13 +30,8 @@ Programming: - More platforms for for setproctitle() emulation (testing needed) -- Improve PAM support (a pam_lastlog module will cause sshd to exit) - and maybe support alternate forms of authentications like OPIE via - pam? - - Improve PAM ChallengeResponseAuthentication - Informational messages - - chauthtok - Use different PAM service name for kbdint vs regular auth (suggest from Solar Designer) - Ability to select which ChallengeResponseAuthentications may be used @@ -59,8 +54,6 @@ Clean up configure/makefiles: information in wtmpx or utmpx or any of that stuff if it's not detected from the start -- Fails to compile when cross compile. (vinschen@redhat.com) - - Replace the whole u_intXX_t evilness in acconfig.h with something better??? - Do it in configure.ac @@ -72,10 +65,6 @@ Clean up configure/makefiles: entropy related stuff into another. Packaging: -- Solaris: Update packaging scripts and build new sysv startup scripts - Ideally the package metadata should be generated by autoconf. - (gilbert.r.loomis@saic.com) - - HP-UX: Provide DEPOT package scripts. (gilbert.r.loomis@saic.com) @@ -94,4 +83,4 @@ PrivSep Issues: - Cygwin + Privsep for Pre-auth only (no fd passing) -$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $ +$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $ diff --git a/crypto/openssh/WARNING.RNG b/crypto/openssh/WARNING.RNG index 5d4ea87530e3..687891a730e0 100644 --- a/crypto/openssh/WARNING.RNG +++ b/crypto/openssh/WARNING.RNG @@ -55,11 +55,10 @@ Executing each program in the list can take a large amount of time, especially on slower machines. Additionally some program can take a disproportionate time to execute. -Tuning the default entropy collection code is difficult at this point. -It requires doing 'times ./ssh-rand-helper' and modifying the -($etcdir)/ssh_prng_cmds until you have found the issue. In the next -release we will be looking at support '-v' for verbose output to allow -easier debugging. +Tuning the random helper can be done by running ./ssh-random-helper in +very verbose mode ("-vvv") and identifying the commands that are taking +accessive amounts of time or hanging altogher. Any problem commands can +be modified or removed from ssh_prng_cmds. The default entropy collector will timeout programs which take too long to execute, the actual timeout used can be adjusted with the @@ -93,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading prngd/egd and configure OpenSSH using --with-prngd-port=xx or --with-prngd-socket=xx (refer to INSTALL for more information). -$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $ +$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $ diff --git a/crypto/openssh/acconfig.h b/crypto/openssh/acconfig.h index 014413505095..5721f65fbd74 100644 --- a/crypto/openssh/acconfig.h +++ b/crypto/openssh/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.180 2004/08/16 13:12:06 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -52,9 +52,6 @@ #undef SPT_TYPE #undef SPT_PADCHAR -/* setgroups() NOOP allowed */ -#undef SETGROUPS_NOOP - /* SCO workaround */ #undef BROKEN_SYS_TERMIO_H diff --git a/crypto/openssh/audit-bsm.c b/crypto/openssh/audit-bsm.c new file mode 100644 index 000000000000..c2679d3dae2c --- /dev/null +++ b/crypto/openssh/audit-bsm.c @@ -0,0 +1,329 @@ +/* $Id: audit-bsm.c,v 1.1 2005/02/20 10:08:00 dtucker Exp $ */ + +/* + * TODO + * + * - deal with overlap between this and sys_auth_allowed_user + * sys_auth_record_login and record_failed_login. + */ + +/* + * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ + +#include "includes.h" +#if defined(USE_BSM_AUDIT) + +#include "ssh.h" +#include "log.h" +#include "auth.h" +#include "xmalloc.h" + +#ifndef AUE_openssh +# define AUE_openssh 32800 +#endif +#include <bsm/audit.h> +#include <bsm/libbsm.h> +#include <bsm/audit_uevents.h> +#include <bsm/audit_record.h> +#include <locale.h> + +#if defined(HAVE_GETAUDIT_ADDR) +#define AuditInfoStruct auditinfo_addr +#define AuditInfoTermID au_tid_addr_t +#define GetAuditFunc(a,b) getaudit_addr((a),(b)) +#define GetAuditFuncText "getaudit_addr" +#define SetAuditFunc(a,b) setaudit_addr((a),(b)) +#define SetAuditFuncText "setaudit_addr" +#define AUToSubjectFunc au_to_subject_ex +#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b)) +#else +#define AuditInfoStruct auditinfo +#define AuditInfoTermID au_tid_t +#define GetAuditFunc(a,b) getaudit(a) +#define GetAuditFuncText "getaudit" +#define SetAuditFunc(a,b) setaudit(a) +#define SetAuditFuncText "setaudit" +#define AUToSubjectFunc au_to_subject +#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) +#endif + +extern int cannot_audit(int); +extern void aug_init(void); +extern dev_t aug_get_port(void); +extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); +extern void aug_save_auid(au_id_t); +extern void aug_save_uid(uid_t); +extern void aug_save_euid(uid_t); +extern void aug_save_gid(gid_t); +extern void aug_save_egid(gid_t); +extern void aug_save_pid(pid_t); +extern void aug_save_asid(au_asid_t); +extern void aug_save_tid(dev_t, unsigned int); +extern void aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t); +extern int aug_save_me(void); +extern int aug_save_namask(void); +extern void aug_save_event(au_event_t); +extern void aug_save_sorf(int); +extern void aug_save_text(char *); +extern void aug_save_text1(char *); +extern void aug_save_text2(char *); +extern void aug_save_na(int); +extern void aug_save_user(char *); +extern void aug_save_path(char *); +extern int aug_save_policy(void); +extern void aug_save_afunc(int (*)(int)); +extern int aug_audit(void); +extern int aug_na_selected(void); +extern int aug_selected(void); +extern int aug_daemon_session(void); + +#ifndef HAVE_GETTEXT +# define gettext(a) (a) +#endif + +extern Authctxt *the_authctxt; +static AuditInfoTermID ssh_bsm_tid; + +/* Below is the low-level BSM interface code */ + +/* + * Check if the specified event is selected (enabled) for auditing. + * Returns 1 if the event is selected, 0 if not and -1 on failure. + */ +static int +selected(char *username, uid_t uid, au_event_t event, int sf) +{ + int rc, sorf; + char naflags[512]; + struct au_mask mask; + + mask.am_success = mask.am_failure = 0; + if (uid < 0) { + /* get flags for non-attributable (to a real user) events */ + rc = getacna(naflags, sizeof(naflags)); + if (rc == 0) + (void) getauditflagsbin(naflags, &mask); + } else + rc = au_user_mask(username, &mask); + + sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; + return(au_preselect(event, &mask, sorf, AU_PRS_REREAD)); +} + +static void +bsm_audit_record(int typ, char *string, au_event_t event_no) +{ + int ad, rc, sel; + uid_t uid = -1; + gid_t gid = -1; + pid_t pid = getpid(); + AuditInfoTermID tid = ssh_bsm_tid; + + if (the_authctxt != NULL && the_authctxt->valid) { + uid = the_authctxt->pw->pw_uid; + gid = the_authctxt->pw->pw_gid; + } + + rc = (typ == 0) ? 0 : -1; + sel = selected(the_authctxt->user, uid, event_no, rc); + debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string); + if (!sel) + return; /* audit event does not match mask, do not write */ + + debug3("BSM audit: writing audit new record"); + ad = au_open(); + + (void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid, + pid, pid, &tid)); + (void) au_write(ad, au_to_text(string)); + (void) au_write(ad, AUToReturnFunc(typ, rc)); + + rc = au_close(ad, AU_TO_WRITE, event_no); + if (rc < 0) + error("BSM audit: %s failed to write \"%s\" record: %s", + __func__, string, strerror(errno)); +} + +static void +bsm_audit_session_setup(void) +{ + int rc; + struct AuditInfoStruct info; + au_mask_t mask; + + if (the_authctxt == NULL) { + error("BSM audit: session setup internal error (NULL ctxt)"); + return; + } + + if (the_authctxt->valid) + info.ai_auid = the_authctxt->pw->pw_uid; + else + info.ai_auid = -1; + info.ai_asid = getpid(); + mask.am_success = 0; + mask.am_failure = 0; + + (void) au_user_mask(the_authctxt->user, &mask); + + info.ai_mask.am_success = mask.am_success; + info.ai_mask.am_failure = mask.am_failure; + + info.ai_termid = ssh_bsm_tid; + + rc = SetAuditFunc(&info, sizeof(info)); + if (rc < 0) + error("BSM audit: %s: %s failed: %s", __func__, + SetAuditFuncText, strerror(errno)); +} + +static void +bsm_audit_bad_login(const char *what) +{ + char textbuf[BSM_TEXTBUFSZ]; + + if (the_authctxt->valid) { + (void) snprintf(textbuf, sizeof (textbuf), + gettext("invalid %s for user %s"), + what, the_authctxt->user); + bsm_audit_record(4, textbuf, AUE_openssh); + } else { + (void) snprintf(textbuf, sizeof (textbuf), + gettext("invalid user name \"%s\""), + the_authctxt->user); + bsm_audit_record(3, textbuf, AUE_openssh); + } +} + +/* Below is the sshd audit API code */ + +void +audit_connection_from(const char *host, int port) +{ + AuditInfoTermID *tid = &ssh_bsm_tid; + char buf[1024]; + + if (cannot_audit(0)) + return; + debug3("BSM audit: connection from %.100s port %d", host, port); + + /* populate our terminal id structure */ +#if defined(HAVE_GETAUDIT_ADDR) + tid->at_port = (dev_t)port; + aug_get_machine((char *)host, &(tid->at_addr[0]), &(tid->at_type)); + snprintf(buf, sizeof(buf), "%08x %08x %08x %08x", tid->at_addr[0], + tid->at_addr[1], tid->at_addr[2], tid->at_addr[3]); + debug3("BSM audit: iptype %d machine ID %s", (int)tid->at_type, buf); +#else + /* this is used on IPv4-only machines */ + tid->port = (dev_t)port; + tid->machine = inet_addr(host); + snprintf(buf, sizeof(buf), "%08x", tid->machine); + debug3("BSM audit: machine ID %s", buf); +#endif +} + +void +audit_run_command(const char *command) +{ + /* not implemented */ +} + +void +audit_session_open(const char *ttyn) +{ + /* not implemented */ +} + +void +audit_session_close(const char *ttyn) +{ + /* not implemented */ +} + +void +audit_event(ssh_audit_event_t event) +{ + char textbuf[BSM_TEXTBUFSZ]; + static int logged_in = 0; + const char *user = the_authctxt ? the_authctxt->user : "(unknown user)"; + + if (cannot_audit(0)) + return; + + switch(event) { + case SSH_AUTH_SUCCESS: + logged_in = 1; + bsm_audit_session_setup(); + snprintf(textbuf, sizeof(textbuf), + gettext("successful login %s"), user); + bsm_audit_record(0, textbuf, AUE_openssh); + break; + + case SSH_CONNECTION_CLOSE: + /* + * We can also get a close event if the user attempted auth + * but never succeeded. + */ + if (logged_in) { + snprintf(textbuf, sizeof(textbuf), + gettext("sshd logout %s"), the_authctxt->user); + bsm_audit_record(0, textbuf, AUE_logout); + } else { + debug("%s: connection closed without authentication", + __func__); + } + break; + + case SSH_NOLOGIN: + bsm_audit_record(1, + gettext("logins disabled by /etc/nologin"), AUE_openssh); + break; + + case SSH_LOGIN_EXCEED_MAXTRIES: + snprintf(textbuf, sizeof(textbuf), + gettext("too many tries for user %s"), the_authctxt->user); + bsm_audit_record(1, textbuf, AUE_openssh); + break; + + case SSH_LOGIN_ROOT_DENIED: + bsm_audit_record(2, gettext("not_console"), AUE_openssh); + break; + + case SSH_AUTH_FAIL_PASSWD: + bsm_audit_bad_login("password"); + break; + + case SSH_AUTH_FAIL_KBDINT: + bsm_audit_bad_login("interactive password entry"); + break; + + default: + debug("%s: unhandled event %d", __func__, event); + } +} +#endif /* BSM */ diff --git a/crypto/openssh/audit.c b/crypto/openssh/audit.c new file mode 100644 index 000000000000..18fc41047272 --- /dev/null +++ b/crypto/openssh/audit.c @@ -0,0 +1,181 @@ +/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifdef SSH_AUDIT_EVENTS + +#include "audit.h" +#include "log.h" +#include "auth.h" + +/* + * Care must be taken when using this since it WILL NOT be initialized when + * audit_connection_from() is called and MAY NOT be initialized when + * audit_event(CONNECTION_ABANDON) is called. Test for NULL before using. + */ +extern Authctxt *the_authctxt; + +/* Maybe add the audit class to struct Authmethod? */ +ssh_audit_event_t +audit_classify_auth(const char *method) +{ + if (strcmp(method, "none") == 0) + return SSH_AUTH_FAIL_NONE; + else if (strcmp(method, "password") == 0) + return SSH_AUTH_FAIL_PASSWD; + else if (strcmp(method, "publickey") == 0 || + strcmp(method, "rsa") == 0) + return SSH_AUTH_FAIL_PUBKEY; + else if (strncmp(method, "keyboard-interactive", 20) == 0 || + strcmp(method, "challenge-response") == 0) + return SSH_AUTH_FAIL_KBDINT; + else if (strcmp(method, "hostbased") == 0 || + strcmp(method, "rhosts-rsa") == 0) + return SSH_AUTH_FAIL_HOSTBASED; + else if (strcmp(method, "gssapi-with-mic") == 0) + return SSH_AUTH_FAIL_GSSAPI; + else + return SSH_AUDIT_UNKNOWN; +} + +/* helper to return supplied username */ +const char * +audit_username(void) +{ + static const char unknownuser[] = "(unknown user)"; + static const char invaliduser[] = "(invalid user)"; + + if (the_authctxt == NULL || the_authctxt->user == NULL) + return (unknownuser); + if (!the_authctxt->valid) + return (invaliduser); + return (the_authctxt->user); +} + +const char * +audit_event_lookup(ssh_audit_event_t ev) +{ + int i; + static struct event_lookup_struct { + ssh_audit_event_t event; + const char *name; + } event_lookup[] = { + {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, + {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, + {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"}, + {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, + {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, + {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, + {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, + {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, + {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, + {SSH_INVALID_USER, "INVALID_USER"}, + {SSH_NOLOGIN, "NOLOGIN"}, + {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"}, + {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"}, + {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} + }; + + for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++) + if (event_lookup[i].event == ev) + break; + return(event_lookup[i].name); +} + +# ifndef CUSTOM_SSH_AUDIT_EVENTS +/* + * Null implementations of audit functions. + * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled. + */ + +/* + * Called after a connection has been accepted but before any authentication + * has been attempted. + */ +void +audit_connection_from(const char *host, int port) +{ + debug("audit connection from %s port %d euid %d", host, port, + (int)geteuid()); +} + +/* + * Called when various events occur (see audit.h for a list of possible + * events and what they mean). + */ +void +audit_event(ssh_audit_event_t event) +{ + debug("audit event euid %d user %s event %d (%s)", geteuid(), + audit_username(), event, audit_event_lookup(event)); +} + +/* + * Called when a user session is started. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * + * Note that this may be called multiple times if multiple sessions are used + * within a single connection. + */ +void +audit_session_open(const char *ttyn) +{ + const char *t = ttyn ? ttyn : "(no tty)"; + + debug("audit session open euid %d user %s tty name %s", geteuid(), + audit_username(), t); +} + +/* + * Called when a user session is closed. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * + * Note that this may be called multiple times if multiple sessions are used + * within a single connection. + */ +void +audit_session_close(const char *ttyn) +{ + const char *t = ttyn ? ttyn : "(no tty)"; + + debug("audit session close euid %d user %s tty name %s", geteuid(), + audit_username(), t); +} + +/* + * This will be called when a user runs a non-interactive command. Note that + * it may be called multiple times for a single connection since SSH2 allows + * multiple sessions within a single connection. + */ +void +audit_run_command(const char *command) +{ + debug("audit run command euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); +} +# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */ diff --git a/crypto/openssh/audit.h b/crypto/openssh/audit.h new file mode 100644 index 000000000000..78e58966fdc3 --- /dev/null +++ b/crypto/openssh/audit.h @@ -0,0 +1,56 @@ +/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ + +/* + * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "auth.h" + +#ifndef _SSH_AUDIT_H +# define _SSH_AUDIT_H +enum ssh_audit_event_type { + SSH_LOGIN_EXCEED_MAXTRIES, + SSH_LOGIN_ROOT_DENIED, + SSH_AUTH_SUCCESS, + SSH_AUTH_FAIL_NONE, + SSH_AUTH_FAIL_PASSWD, + SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ + SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ + SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ + SSH_AUTH_FAIL_GSSAPI, + SSH_INVALID_USER, + SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ + SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ + SSH_CONNECTION_ABANDON, /* closed without completing auth */ + SSH_AUDIT_UNKNOWN +}; +typedef enum ssh_audit_event_type ssh_audit_event_t; + +void audit_connection_from(const char *, int); +void audit_event(ssh_audit_event_t); +void audit_session_open(const char *); +void audit_session_close(const char *); +void audit_run_command(const char *); +ssh_audit_event_t audit_classify_auth(const char *); + +#endif /* _SSH_AUDIT_H */ diff --git a/crypto/openssh/auth-bsdauth.c b/crypto/openssh/auth-bsdauth.c index 2ac27a7a20e7..920c977d85a6 100644 --- a/crypto/openssh/auth-bsdauth.c +++ b/crypto/openssh/auth-bsdauth.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $"); +RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" @@ -83,6 +83,9 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses) Authctxt *authctxt = ctx; int authok; + if (!authctxt->valid) + return -1; + if (authctxt->as == 0) error("bsdauth_respond: no bsd auth session"); diff --git a/crypto/openssh/auth-chall.c b/crypto/openssh/auth-chall.c index a9d314dd2a65..e4f783096cdf 100644 --- a/crypto/openssh/auth-chall.c +++ b/crypto/openssh/auth-chall.c @@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); #include "auth.h" #include "log.h" #include "xmalloc.h" +#include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ extern KbdintDevice *devices[]; static KbdintDevice *device; +extern ServerOptions options; char * get_challenge(Authctxt *authctxt) @@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt) u_int i, numprompts; u_int *echo_on; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + device = devices[0]; /* we always use the 1st device for protocol 1 */ if (device == NULL) return NULL; diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index 5cf47f501779..1c5b8e6890e7 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -187,6 +187,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) snprintf(authctxt->krb5_ccname, len, "FILE:%s", authctxt->krb5_ticket_file); +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname); +#endif + out: restore_uid(); diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c index 0e146ab15864..04d12d66e48c 100644 --- a/crypto/openssh/auth-options.c +++ b/crypto/openssh/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.28 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $"); #include "xmalloc.h" #include "match.h" @@ -217,7 +217,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) } cp = "permitopen=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - char host[256], sport[6]; + char *host, *p; u_short port; char *patterns = xmalloc(strlen(opts) + 1); @@ -236,25 +236,29 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); + auth_debug_add("%.100s, line %lu: missing " + "end quote", file, linenum); xfree(patterns); goto bad_option; } patterns[i] = 0; opts++; - if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 && - sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { - debug("%.100s, line %lu: Bad permitopen specification " - "<%.100s>", file, linenum, patterns); + p = patterns; + host = hpdelim(&p); + if (host == NULL || strlen(host) >= NI_MAXHOST) { + debug("%.100s, line %lu: Bad permitopen " + "specification <%.100s>", file, linenum, + patterns); auth_debug_add("%.100s, line %lu: " - "Bad permitopen specification", file, linenum); + "Bad permitopen specification", file, + linenum); xfree(patterns); goto bad_option; } - if ((port = a2port(sport)) == 0) { - debug("%.100s, line %lu: Bad permitopen port <%.100s>", - file, linenum, sport); + host = cleanhostname(host); + if (p == NULL || (port = a2port(p)) == 0) { + debug("%.100s, line %lu: Bad permitopen port " + "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " "Bad permitopen port", file, linenum); xfree(patterns); diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index c12384b41356..5cdf76aaec1e 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD$ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.114 2004/08/16 13:12:06 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -186,6 +186,7 @@ static int sshpam_account_status = -1; static char **sshpam_env = NULL; static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; +static char badpw[] = "\b\n\r\177INCORRECT"; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -490,6 +491,51 @@ sshpam_null_conv(int n, struct pam_message **msg, static struct pam_conv null_conv = { sshpam_null_conv, NULL }; +static int +sshpam_store_conv(int n, struct pam_message **msg, + struct pam_response **resp, void *data) +{ + struct pam_response *reply; + int i; + size_t len; + + debug3("PAM: %s called with %d messages", __func__, n); + *resp = NULL; + + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + + if ((reply = malloc(n * sizeof(*reply))) == NULL) + return (PAM_CONV_ERR); + memset(reply, 0, n * sizeof(*reply)); + + for (i = 0; i < n; ++i) { + switch (PAM_MSG_MEMBER(msg, i, msg_style)) { + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + len = strlen(PAM_MSG_MEMBER(msg, i, msg)); + buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); + buffer_append(&loginmsg, "\n", 1 ); + reply[i].resp_retcode = PAM_SUCCESS; + break; + default: + goto fail; + } + } + *resp = reply; + return (PAM_SUCCESS); + + fail: + for(i = 0; i < n; i++) { + if (reply[i].resp != NULL) + xfree(reply[i].resp); + } + xfree(reply); + return (PAM_CONV_ERR); +} + +static struct pam_conv store_conv = { sshpam_store_conv, NULL }; + void sshpam_cleanup(void) { @@ -527,7 +573,7 @@ sshpam_init(Authctxt *authctxt) } debug("PAM: initializing for \"%s\"", user); sshpam_err = - pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle); sshpam_authctxt = authctxt; if (sshpam_err != PAM_SUCCESS) { @@ -609,7 +655,7 @@ sshpam_query(void *ctx, char **name, char **info, size_t plen; u_char type; char *msg; - size_t len; + size_t len, mlen; debug3("PAM: %s entering", __func__); buffer_init(&buffer); @@ -622,22 +668,27 @@ sshpam_query(void *ctx, char **name, char **info, while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { type = buffer_get_char(&buffer); msg = buffer_get_string(&buffer, NULL); + mlen = strlen(msg); switch (type) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: *num = 1; - len = plen + strlen(msg) + 1; + len = plen + mlen + 1; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); xfree(msg); return (0); case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* accumulate messages */ - len = plen + strlen(msg) + 2; + len = plen + mlen + 2; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s\n", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; + strlcat(**prompts + plen, "\n", len - plen); + plen++; xfree(msg); break; case PAM_SUCCESS: @@ -651,6 +702,12 @@ sshpam_query(void *ctx, char **name, char **info, **prompts = NULL; } if (type == PAM_SUCCESS) { + if (!sshpam_authctxt->valid || + (sshpam_authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) + fatal("Internal error: PAM auth " + "succeeded when it should have " + "failed"); import_environments(&buffer); *num = 0; **echo_on = 0; @@ -696,7 +753,12 @@ sshpam_respond(void *ctx, u_int num, char **resp) return (-1); } buffer_init(&buffer); - buffer_put_cstring(&buffer, *resp); + if (sshpam_authctxt->valid && + (sshpam_authctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) + buffer_put_cstring(&buffer, *resp); + else + buffer_put_cstring(&buffer, badpw); if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { buffer_free(&buffer); return (-1); @@ -759,11 +821,13 @@ finish_pam(void) u_int do_pam_account(void) { + debug("%s: called", __func__); if (sshpam_account_status != -1) return (sshpam_account_status); sshpam_err = pam_acct_mgmt(sshpam_handle, 0); - debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err); + debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, + pam_strerror(sshpam_handle, sshpam_err)); if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { sshpam_account_status = 0; @@ -793,7 +857,7 @@ void do_pam_setcred(int init) { sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); + (const void *)&store_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); @@ -894,51 +958,6 @@ do_pam_chauthtok(void) pam_strerror(sshpam_handle, sshpam_err)); } -static int -sshpam_store_conv(int n, struct pam_message **msg, - struct pam_response **resp, void *data) -{ - struct pam_response *reply; - int i; - size_t len; - - debug3("PAM: %s called with %d messages", __func__, n); - *resp = NULL; - - if (n <= 0 || n > PAM_MAX_NUM_MSG) - return (PAM_CONV_ERR); - - if ((reply = malloc(n * sizeof(*reply))) == NULL) - return (PAM_CONV_ERR); - memset(reply, 0, n * sizeof(*reply)); - - for (i = 0; i < n; ++i) { - switch (PAM_MSG_MEMBER(msg, i, msg_style)) { - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - len = strlen(PAM_MSG_MEMBER(msg, i, msg)); - buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); - buffer_append(&loginmsg, "\n", 1 ); - reply[i].resp_retcode = PAM_SUCCESS; - break; - default: - goto fail; - } - } - *resp = reply; - return (PAM_SUCCESS); - - fail: - for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); - } - xfree(reply); - return (PAM_CONV_ERR); -} - -static struct pam_conv store_conv = { sshpam_store_conv, NULL }; - void do_pam_session(void) { @@ -949,10 +968,21 @@ do_pam_session(void) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", + if (sshpam_err == PAM_SUCCESS) + sshpam_session_open = 1; + else { + sshpam_session_open = 0; + disable_forwarding(); + error("PAM: pam_open_session(): %s", pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; + } + +} + +int +is_pam_session_open(void) +{ + return sshpam_session_open; } /* @@ -1075,7 +1105,6 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) { int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); - static char badpw[] = "\b\n\r\177INCORRECT"; if (!options.use_pam || sshpam_handle == NULL) fatal("PAM: %s called when PAM disabled or failed to " diff --git a/crypto/openssh/auth-pam.h b/crypto/openssh/auth-pam.h index f479413d7788..a1a2b52d8804 100644 --- a/crypto/openssh/auth-pam.h +++ b/crypto/openssh/auth-pam.h @@ -1,4 +1,4 @@ -/* $Id: auth-pam.h,v 1.26 2004/05/30 10:43:59 dtucker Exp $ */ +/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */ /* * Copyright (c) 2000 Damien Miller. All rights reserved. @@ -45,5 +45,6 @@ void free_pam_environment(char **); void sshpam_thread_cleanup(void); void sshpam_cleanup(void); int sshpam_auth_passwd(Authctxt *, const char *); +int is_pam_session_open(void); #endif /* USE_PAM */ diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 7a68e0562861..27ece3f72b27 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -36,17 +36,27 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $"); #include "packet.h" +#include "buffer.h" #include "log.h" #include "servconf.h" #include "auth.h" #include "auth-options.h" +extern Buffer loginmsg; extern ServerOptions options; int sys_auth_passwd(Authctxt *, const char *); +#ifdef HAVE_LOGIN_CAP +extern login_cap_t *lc; +#endif + + +#define DAY (24L * 60 * 60) /* 1 day in seconds */ +#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ + void disable_forwarding(void) { @@ -63,7 +73,7 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; - int ok = authctxt->valid; + int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; #endif @@ -100,22 +110,57 @@ auth_password(Authctxt *authctxt, const char *password) #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) if (!expire_checked) { expire_checked = 1; - if (auth_shadow_pwexpired(authctxt)) { - disable_forwarding(); + if (auth_shadow_pwexpired(authctxt)) authctxt->force_pwchange = 1; - } } #endif - - return (sys_auth_passwd(authctxt, password) && ok); + result = sys_auth_passwd(authctxt, password); + if (authctxt->force_pwchange) + disable_forwarding(); + return (result && ok); } #ifdef BSD_AUTH +static void +warn_expiry(Authctxt *authctxt, auth_session_t *as) +{ + char buf[256]; + quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; + + pwwarntime = acwarntime = TWO_WEEKS; + + pwtimeleft = auth_check_change(as); + actimeleft = auth_check_expire(as); +#ifdef HAVE_LOGIN_CAP + if (authctxt->valid) { + pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS, + TWO_WEEKS); + acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS, + TWO_WEEKS); + } +#endif + if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { + daysleft = pwtimeleft / DAY + 1; + snprintf(buf, sizeof(buf), + "Your password will expire in %lld day%s.\n", + daysleft, daysleft == 1 ? "" : "s"); + buffer_append(&loginmsg, buf, strlen(buf)); + } + if (actimeleft != 0 && actimeleft < acwarntime) { + daysleft = actimeleft / DAY + 1; + snprintf(buf, sizeof(buf), + "Your account will expire in %lld day%s.\n", + daysleft, daysleft == 1 ? "" : "s"); + buffer_append(&loginmsg, buf, strlen(buf)); + } +} + int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; auth_session_t *as; + static int expire_checked = 0; as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", (char *)password); @@ -125,6 +170,10 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) authctxt->force_pwchange = 1; return (1); } else { + if (!expire_checked) { + expire_checked = 1; + warn_expiry(authctxt, as); + } return (auth_close(as)); } } diff --git a/crypto/openssh/auth-rsa.c b/crypto/openssh/auth-rsa.c index 16369d47c80d..4378008d3616 100644 --- a/crypto/openssh/auth-rsa.c +++ b/crypto/openssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); #include "hostfile.h" #include "monitor_wrap.h" #include "ssh.h" +#include "misc.h" /* import */ extern ServerOptions options; @@ -49,7 +50,7 @@ extern u_char session_id[16]; * options bits e n comment * where bits, e and n are decimal numbers, * and comment is any string of characters up to newline. The maximum - * length of a line is 8000 characters. See the documentation for a + * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a * description of the options. */ @@ -152,7 +153,7 @@ auth_rsa_challenge_dialog(Key *key) int auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { - char line[8192], *file; + char line[SSH_MAX_PUBKEY_BYTES], *file; int allowed = 0; u_int bits; FILE *f; @@ -201,12 +202,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; diff --git a/crypto/openssh/auth-shadow.c b/crypto/openssh/auth-shadow.c index a85442d72b5d..f6004f68f651 100644 --- a/crypto/openssh/auth-shadow.c +++ b/crypto/openssh/auth-shadow.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $"); +RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $"); #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #include <shadow.h> @@ -32,6 +32,9 @@ RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $"); #include "buffer.h" #include "log.h" +#ifdef DAY +# undef DAY +#endif #define DAY (24L * 60 * 60) /* 1 day in seconds */ extern Buffer loginmsg; diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index 0956b0b19ca3..256807683376 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> @@ -50,6 +50,8 @@ RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); #include "misc.h" #include "bufaux.h" #include "packet.h" +#include "loginrec.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -153,8 +155,9 @@ allowed_user(struct passwd * pw) for (i = 0; i < options.num_deny_users; i++) if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) { - logit("User %.100s not allowed because listed in DenyUsers", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because listed in DenyUsers", + pw->pw_name, hostname); return 0; } } @@ -166,16 +169,16 @@ allowed_user(struct passwd * pw) break; /* i < options.num_allow_users iff we break for loop */ if (i >= options.num_allow_users) { - logit("User %.100s not allowed because not listed in AllowUsers", - pw->pw_name); + logit("User %.100s from %.100s not allowed because " + "not listed in AllowUsers", pw->pw_name, hostname); return 0; } } if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ if (ga_init(pw->pw_name, pw->pw_gid) == 0) { - logit("User %.100s not allowed because not in any group", - pw->pw_name); + logit("User %.100s from %.100s not allowed because " + "not in any group", pw->pw_name, hostname); return 0; } @@ -184,8 +187,9 @@ allowed_user(struct passwd * pw) if (ga_match(options.deny_groups, options.num_deny_groups)) { ga_free(); - logit("User %.100s not allowed because a group is listed in DenyGroups", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because a group is listed in DenyGroups", + pw->pw_name, hostname); return 0; } /* @@ -196,15 +200,16 @@ allowed_user(struct passwd * pw) if (!ga_match(options.allow_groups, options.num_allow_groups)) { ga_free(); - logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because none of user's groups are listed " + "in AllowGroups", pw->pw_name, hostname); return 0; } ga_free(); } #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER - if (!sys_auth_allowed_user(pw)) + if (!sys_auth_allowed_user(pw, &loginmsg)) return 0; #endif @@ -240,8 +245,50 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) info); #ifdef CUSTOM_FAILED_LOGIN - if (authenticated == 0 && strcmp(method, "password") == 0) - record_failed_login(authctxt->user, "ssh"); + if (authenticated == 0 && !authctxt->postponed && + (strcmp(method, "password") == 0 || + strncmp(method, "keyboard-interactive", 20) == 0 || + strcmp(method, "challenge-response") == 0)) + record_failed_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh"); +#endif +#ifdef SSH_AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) { + ssh_audit_event_t event; + + debug3("audit failed auth attempt, method %s euid %d", + method, (int)geteuid()); + /* + * Because the auth loop is used in both monitor and slave, + * we must be careful to send each event only once and with + * enough privs to write the event. + */ + event = audit_classify_auth(method); + switch(event) { + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: + case SSH_AUTH_FAIL_KBDINT: + if (geteuid() == 0) + audit_event(event); + break; + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + /* + * This is required to handle the case where privsep + * is enabled but it's root logging in, since + * use_privsep won't be cleared until after a + * successful login. + */ + if (geteuid() == 0) + audit_event(event); + else + PRIVSEP(audit_event(event)); + break; + default: + error("unknown authentication audit event %d", event); + } + } #endif } @@ -465,8 +512,12 @@ getpwnamallow(const char *user) logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, "ssh"); + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_INVALID_USER); +#endif /* SSH_AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) diff --git a/crypto/openssh/auth.h b/crypto/openssh/auth.h index 2f094403d631..8d1f934033ab 100644 --- a/crypto/openssh/auth.h +++ b/crypto/openssh/auth.h @@ -130,6 +130,9 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +#include "audit.h" +void remove_kbdint_device(const char *); + void disable_forwarding(void); void do_authentication(Authctxt *); @@ -137,6 +140,7 @@ void do_authentication2(Authctxt *); void auth_log(Authctxt *, int, char *, char *); void userauth_finish(Authctxt *, int, char *); +void userauth_send_banner(const char *); int auth_root_allowed(char *); char *auth2_read_banner(void); diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index 3f93b9869f1e..d08928455c52 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -25,9 +25,11 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); #include "session.h" #include "uidswap.h" #include "monitor_wrap.h" +#include "buffer.h" /* import */ extern ServerOptions options; +extern Buffer loginmsg; /* * convert ssh auth msg type into description @@ -245,14 +247,33 @@ do_authloop(Authctxt *authctxt) #else /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(get_authname(type))) + !auth_root_allowed(get_authname(type))) { authenticated = 0; +# ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); +# endif + } #endif #ifdef USE_PAM if (options.use_pam && authenticated && - !PRIVSEP(do_pam_account())) - authenticated = 0; + !PRIVSEP(do_pam_account())) { + char *msg; + size_t len; + + error("Access denied for user %s by PAM account " + "configuration", authctxt->user); + len = buffer_len(&loginmsg); + buffer_append(&loginmsg, "\0", 1); + msg = buffer_ptr(&loginmsg); + /* strip trailing newlines */ + if (len > 0) + while (len > 0 && msg[--len] == '\n') + msg[len] = '\0'; + else + msg = "Access denied."; + packet_disconnect(msg); + } #endif /* Log before sending the reply */ @@ -266,8 +287,12 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } packet_start(SSH_SMSG_FAILURE); packet_send(); diff --git a/crypto/openssh/auth2-chall.c b/crypto/openssh/auth2-chall.c index 486baaaa332e..384a543ee4e4 100644 --- a/crypto/openssh/auth2-chall.c +++ b/crypto/openssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); #include "ssh2.h" #include "auth.h" @@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.21 2004/06/01 14:20:45 dtucker Exp $"); #include "xmalloc.h" #include "dispatch.h" #include "log.h" +#include "servconf.h" + +/* import */ +extern ServerOptions options; static int auth2_challenge_start(Authctxt *); static int send_userauth_info_request(Authctxt *); @@ -71,6 +75,21 @@ struct KbdintAuthctxt u_int nreq; }; +#ifdef USE_PAM +void +remove_kbdint_device(const char *devname) +{ + int i, j; + + for (i = 0; devices[i] != NULL; i++) + if (strcmp(devices[i]->name, devname) == 0) { + for (j = i; devices[j] != NULL; j++) + devices[j] = devices[j+1]; + i--; + } +} +#endif + static KbdintAuthctxt * kbdint_alloc(const char *devs) { @@ -78,6 +97,11 @@ kbdint_alloc(const char *devs) Buffer b; int i; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); @@ -274,12 +298,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - if (authctxt->valid) { - res = kbdintctxt->device->respond(kbdintctxt->ctxt, - nresp, response); - } else { - res = -1; - } + res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); for (i = 0; i < nresp; i++) { memset(response[i], 'r', strlen(response[i])); @@ -291,7 +310,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) switch (res) { case 0: /* Success! */ - authenticated = 1; + authenticated = authctxt->valid ? 1 : 0; break; case 1: /* Authentication needs further interaction */ diff --git a/crypto/openssh/auth2-kbdint.c b/crypto/openssh/auth2-kbdint.c index 1696ef4d3b55..fa83649755a3 100644 --- a/crypto/openssh/auth2-kbdint.c +++ b/crypto/openssh/auth2-kbdint.c @@ -53,7 +53,7 @@ userauth_kbdint(Authctxt *authctxt) xfree(lang); #ifdef HAVE_CYGWIN if (check_nt_auth(0, authctxt->pw) == 0) - return(0); + authenticated = 0; #endif return authenticated; } diff --git a/crypto/openssh/auth2-none.c b/crypto/openssh/auth2-none.c index 2bf5b5c80c93..1c30a3203e1f 100644 --- a/crypto/openssh/auth2-none.c +++ b/crypto/openssh/auth2-none.c @@ -74,6 +74,19 @@ auth2_read_banner(void) return (banner); } +void +userauth_send_banner(const char *msg) +{ + if (datafellows & SSH_BUG_BANNER) + return; + + packet_start(SSH2_MSG_USERAUTH_BANNER); + packet_put_cstring(msg); + packet_put_cstring(""); /* language, unused */ + packet_send(); + debug("%s: sent", __func__); +} + static void userauth_banner(void) { @@ -84,12 +97,8 @@ userauth_banner(void) if ((banner = PRIVSEP(auth2_read_banner())) == NULL) goto done; + userauth_send_banner(banner); - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(banner); - packet_put_cstring(""); /* language, unused */ - packet_send(); - debug("userauth_banner: sent"); done: if (banner) xfree(banner); @@ -103,7 +112,7 @@ userauth_none(Authctxt *authctxt) userauth_banner(); #ifdef HAVE_CYGWIN if (check_nt_auth(1, authctxt->pw) == 0) - return(0); + return (0); #endif if (options.password_authentication) return (PRIVSEP(auth_password(authctxt, ""))); diff --git a/crypto/openssh/auth2-passwd.c b/crypto/openssh/auth2-passwd.c index a4f482d2e287..2321ef47be38 100644 --- a/crypto/openssh/auth2-passwd.c +++ b/crypto/openssh/auth2-passwd.c @@ -55,12 +55,12 @@ userauth_passwd(Authctxt *authctxt) if (change) logit("password change not supported"); - else if (PRIVSEP(auth_password(authctxt, password)) == 1 + else if (PRIVSEP(auth_password(authctxt, password)) == 1) + authenticated = 1; #ifdef HAVE_CYGWIN - && check_nt_auth(1, authctxt->pw) + if (check_nt_auth(1, authctxt->pw) == 0) + authenticated = 0; #endif - ) - authenticated = 1; memset(password, 0, len); xfree(password); return authenticated; diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 9898d4a63b8c..a97d0f430b93 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -23,8 +23,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $"); +#include "ssh.h" #include "ssh2.h" #include "xmalloc.h" #include "packet.h" @@ -40,6 +41,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $"); #include "auth-options.h" #include "canohost.h" #include "monitor_wrap.h" +#include "misc.h" /* import */ extern ServerOptions options; @@ -158,7 +160,7 @@ done: xfree(pkblob); #ifdef HAVE_CYGWIN if (check_nt_auth(0, authctxt->pw) == 0) - return(0); + authenticated = 0; #endif return authenticated; } @@ -167,7 +169,7 @@ done: static int user_key_allowed2(struct passwd *pw, Key *key, char *file) { - char line[8192]; + char line[SSH_MAX_PUBKEY_BYTES]; int found_key = 0; FILE *f; u_long linenum = 0; @@ -204,9 +206,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) found_key = 0; found = key_new(key->type); - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp, *key_options = NULL; - linenum++; + /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index b98309576518..2265d311ecf5 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -35,6 +35,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "dispatch.h" #include "pathnames.h" #include "monitor_wrap.h" +#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -44,6 +45,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +extern Buffer loginmsg; /* methods */ @@ -165,6 +167,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_INVALID_USER)); +#endif } setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); @@ -212,12 +217,26 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(method)) + !auth_root_allowed(method)) { authenticated = 0; +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); +#endif + } #ifdef USE_PAM - if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) - authenticated = 0; + if (options.use_pam && authenticated) { + if (!PRIVSEP(do_pam_account())) { + /* if PAM returned a message, send it to the user */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + userauth_send_banner(buffer_ptr(&loginmsg)); + packet_write_wait(); + } + fatal("Access denied for user %s by PAM account " + "configuration", authctxt->user); + } + } #endif #ifdef _UNICOS @@ -243,8 +262,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* now we can break out */ authctxt->success = 1; } else { - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index 76a60d020f7a..6a04cd7a95a2 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.57 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); #include <openssl/err.h> #include <openssl/evp.h> @@ -51,6 +51,7 @@ RCSID("$OpenBSD: authfile.c,v 1.57 2004/06/21 17:36:31 avsm Exp $"); #include "log.h" #include "authfile.h" #include "rsa.h" +#include "misc.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -243,8 +244,10 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) filename, strerror(errno)); return NULL; } - if (st.st_size > 1*1024*1024) - close(fd); + if (st.st_size > 1*1024*1024) { + error("key file %.200s too large", filename); + return NULL; + } len = (size_t)st.st_size; /* truncated */ buffer_init(&buffer); @@ -335,6 +338,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, return NULL; } if (st.st_size > 1*1024*1024) { + error("key file %.200s too large", filename); close(fd); return (NULL); } @@ -598,13 +602,14 @@ static int key_try_load_public(Key *k, const char *filename, char **commentp) { FILE *f; - char line[4096]; + char line[SSH_MAX_PUBKEY_BYTES]; char *cp; + u_long linenum = 0; f = fopen(filename, "r"); if (f != NULL) { - while (fgets(line, sizeof(line), f)) { - line[sizeof(line)-1] = '\0'; + while (read_keyfile_line(f, filename, line, sizeof(line), + &linenum) != -1) { cp = line; switch (*cp) { case '#': diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c index bf148316d10b..4ea6af1b658a 100644 --- a/crypto/openssh/bufaux.c +++ b/crypto/openssh/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $"); #include <openssl/bn.h> #include "bufaux.h" @@ -49,8 +49,8 @@ RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $"); * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed * by (bits+7)/8 bytes of binary data, msb first. */ -void -buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +int +buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) { int bits = BN_num_bits(value); int bin_size = (bits + 7) / 8; @@ -60,9 +60,11 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value) /* Get the value of in binary */ oi = BN_bn2bin(value, buf); - if (oi != bin_size) - fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", + if (oi != bin_size) { + error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", oi, bin_size); + return (-1); + } /* Store the number of bits in the buffer in two bytes, msb first. */ PUT_16BIT(msg, bits); @@ -72,36 +74,63 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value) memset(buf, 0, bin_size); xfree(buf); + + return (0); +} + +void +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum_ret(buffer, value) == -1) + fatal("buffer_put_bignum: buffer error"); } /* * Retrieves an BIGNUM from the buffer. */ -void -buffer_get_bignum(Buffer *buffer, BIGNUM *value) +int +buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) { u_int bits, bytes; u_char buf[2], *bin; /* Get the number for bits. */ - buffer_get(buffer, (char *) buf, 2); + if (buffer_get_ret(buffer, (char *) buf, 2) == -1) { + error("buffer_get_bignum_ret: invalid length"); + return (-1); + } bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; - if (bytes > 8 * 1024) - fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); - if (buffer_len(buffer) < bytes) - fatal("buffer_get_bignum: input buffer too small"); + if (bytes > 8 * 1024) { + error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes); + return (-1); + } + if (buffer_len(buffer) < bytes) { + error("buffer_get_bignum_ret: input buffer too small"); + return (-1); + } bin = buffer_ptr(buffer); BN_bin2bn(bin, bytes, value); - buffer_consume(buffer, bytes); + if (buffer_consume_ret(buffer, bytes) == -1) { + error("buffer_get_bignum_ret: buffer_consume failed"); + return (-1); + } + return (0); +} + +void +buffer_get_bignum(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum_ret(buffer, value) == -1) + fatal("buffer_get_bignum: buffer error"); } /* * Stores an BIGNUM in the buffer in SSH2 format. */ -void -buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +int +buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) { u_int bytes; u_char *buf; @@ -110,69 +139,140 @@ buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) if (BN_is_zero(value)) { buffer_put_int(buffer, 0); - return; + return 0; + } + if (value->neg) { + error("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); } - if (value->neg) - fatal("buffer_put_bignum2: negative numbers not supported"); bytes = BN_num_bytes(value) + 1; /* extra padding byte */ - if (bytes < 2) - fatal("buffer_put_bignum2: BN too small"); + if (bytes < 2) { + error("buffer_put_bignum2_ret: BN too small"); + return (-1); + } buf = xmalloc(bytes); - buf[0] = '\0'; + buf[0] = 0x00; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); - if (oi != bytes-1) - fatal("buffer_put_bignum2: BN_bn2bin() failed: " + if (oi != bytes-1) { + error("buffer_put_bignum2_ret: BN_bn2bin() failed: " "oi %d != bin_size %d", oi, bytes); + xfree(buf); + return (-1); + } hasnohigh = (buf[1] & 0x80) ? 0 : 1; buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); memset(buf, 0, bytes); xfree(buf); + return (0); } void -buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) +{ + if (buffer_put_bignum2_ret(buffer, value) == -1) + fatal("buffer_put_bignum2: buffer error"); +} + +int +buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) { u_int len; - u_char *bin = buffer_get_string(buffer, &len); + u_char *bin; + + if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { + error("buffer_get_bignum2_ret: invalid bignum"); + return (-1); + } - if (len > 0 && (bin[0] & 0x80)) - fatal("buffer_get_bignum2: negative numbers not supported"); - if (len > 8 * 1024) - fatal("buffer_get_bignum2: cannot handle BN of size %d", len); + if (len > 0 && (bin[0] & 0x80)) { + error("buffer_get_bignum2_ret: negative numbers not supported"); + return (-1); + } + if (len > 8 * 1024) { + error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); + return (-1); + } BN_bin2bn(bin, len, value); xfree(bin); + return (0); +} + +void +buffer_get_bignum2(Buffer *buffer, BIGNUM *value) +{ + if (buffer_get_bignum2_ret(buffer, value) == -1) + fatal("buffer_get_bignum2: buffer error"); } /* * Returns integers from the buffer (msb first). */ +int +buffer_get_short_ret(u_short *ret, Buffer *buffer) +{ + u_char buf[2]; + + if (buffer_get_ret(buffer, (char *) buf, 2) == -1) + return (-1); + *ret = GET_16BIT(buf); + return (0); +} + u_short buffer_get_short(Buffer *buffer) { - u_char buf[2]; + u_short ret; + + if (buffer_get_short_ret(&ret, buffer) == -1) + fatal("buffer_get_short: buffer error"); - buffer_get(buffer, (char *) buf, 2); - return GET_16BIT(buf); + return (ret); +} + +int +buffer_get_int_ret(u_int *ret, Buffer *buffer) +{ + u_char buf[4]; + + if (buffer_get_ret(buffer, (char *) buf, 4) == -1) + return (-1); + *ret = GET_32BIT(buf); + return (0); } u_int buffer_get_int(Buffer *buffer) { - u_char buf[4]; + u_int ret; + + if (buffer_get_int_ret(&ret, buffer) == -1) + fatal("buffer_get_int: buffer error"); + + return (ret); +} - buffer_get(buffer, (char *) buf, 4); - return GET_32BIT(buf); +int +buffer_get_int64_ret(u_int64_t *ret, Buffer *buffer) +{ + u_char buf[8]; + + if (buffer_get_ret(buffer, (char *) buf, 8) == -1) + return (-1); + *ret = GET_64BIT(buf); + return (0); } u_int64_t buffer_get_int64(Buffer *buffer) { - u_char buf[8]; + u_int64_t ret; - buffer_get(buffer, (char *) buf, 8); - return GET_64BIT(buf); + if (buffer_get_int64_ret(&ret, buffer) == -1) + fatal("buffer_get_int: buffer error"); + + return (ret); } /* @@ -214,25 +314,41 @@ buffer_put_int64(Buffer *buffer, u_int64_t value) * to the returned string, and is not counted in length. */ void * -buffer_get_string(Buffer *buffer, u_int *length_ptr) +buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) { u_char *value; u_int len; /* Get the length. */ len = buffer_get_int(buffer); - if (len > 256 * 1024) - fatal("buffer_get_string: bad string length %u", len); + if (len > 256 * 1024) { + error("buffer_get_string_ret: bad string length %u", len); + return (NULL); + } /* Allocate space for the string. Add one byte for a null character. */ value = xmalloc(len + 1); /* Get the string. */ - buffer_get(buffer, value, len); + if (buffer_get_ret(buffer, value, len) == -1) { + error("buffer_get_string_ret: buffer_get failed"); + xfree(value); + return (NULL); + } /* Append a null character to make processing easier. */ value[len] = 0; /* Optionally return the length of the string. */ if (length_ptr) *length_ptr = len; - return value; + return (value); +} + +void * +buffer_get_string(Buffer *buffer, u_int *length_ptr) +{ + void *ret; + + if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) + fatal("buffer_get_string: buffer error"); + return (ret); } /* @@ -256,11 +372,22 @@ buffer_put_cstring(Buffer *buffer, const char *s) * Returns a character from the buffer (0 - 255). */ int +buffer_get_char_ret(char *ret, Buffer *buffer) +{ + if (buffer_get_ret(buffer, ret, 1) == -1) { + error("buffer_get_char_ret: buffer_get_ret failed"); + return (-1); + } + return (0); +} + +int buffer_get_char(Buffer *buffer) { char ch; - buffer_get(buffer, &ch, 1); + if (buffer_get_char_ret(&ch, buffer) == -1) + fatal("buffer_get_char: buffer error"); return (u_char) ch; } diff --git a/crypto/openssh/bufaux.h b/crypto/openssh/bufaux.h index 61c72e353793..e30911ddc176 100644 --- a/crypto/openssh/bufaux.h +++ b/crypto/openssh/bufaux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -42,4 +42,14 @@ void buffer_put_cstring(Buffer *, const char *); #define buffer_skip_string(b) \ do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0) +int buffer_put_bignum_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum_ret(Buffer *, BIGNUM *); +int buffer_put_bignum2_ret(Buffer *, const BIGNUM *); +int buffer_get_bignum2_ret(Buffer *, BIGNUM *); +int buffer_get_short_ret(u_short *, Buffer *); +int buffer_get_int_ret(u_int *, Buffer *); +int buffer_get_int64_ret(u_int64_t *, Buffer *); +void *buffer_get_string_ret(Buffer *, u_int *); +int buffer_get_char_ret(char *, Buffer *); + #endif /* BUFAUX_H */ diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c index 9217cb2695cf..1a25004ba2b2 100644 --- a/crypto/openssh/buffer.c +++ b/crypto/openssh/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -126,34 +126,62 @@ buffer_len(Buffer *buffer) /* Gets data from the beginning of the buffer. */ -void -buffer_get(Buffer *buffer, void *buf, u_int len) +int +buffer_get_ret(Buffer *buffer, void *buf, u_int len) { - if (len > buffer->end - buffer->offset) - fatal("buffer_get: trying to get more bytes %d than in buffer %d", + if (len > buffer->end - buffer->offset) { + error("buffer_get_ret: trying to get more bytes %d than in buffer %d", len, buffer->end - buffer->offset); + return (-1); + } memcpy(buf, buffer->buf + buffer->offset, len); buffer->offset += len; + return (0); +} + +void +buffer_get(Buffer *buffer, void *buf, u_int len) +{ + if (buffer_get_ret(buffer, buf, len) == -1) + fatal("buffer_get: buffer error"); } /* Consumes the given number of bytes from the beginning of the buffer. */ +int +buffer_consume_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) { + error("buffer_consume_ret: trying to get more bytes than in buffer"); + return (-1); + } + buffer->offset += bytes; + return (0); +} + void buffer_consume(Buffer *buffer, u_int bytes) { - if (bytes > buffer->end - buffer->offset) - fatal("buffer_consume: trying to get more bytes than in buffer"); - buffer->offset += bytes; + if (buffer_consume_ret(buffer, bytes) == -1) + fatal("buffer_consume: buffer error"); } /* Consumes the given number of bytes from the end of the buffer. */ +int +buffer_consume_end_ret(Buffer *buffer, u_int bytes) +{ + if (bytes > buffer->end - buffer->offset) + return (-1); + buffer->end -= bytes; + return (0); +} + void buffer_consume_end(Buffer *buffer, u_int bytes) { - if (bytes > buffer->end - buffer->offset) + if (buffer_consume_end_ret(buffer, bytes) == -1) fatal("buffer_consume_end: trying to get more bytes than in buffer"); - buffer->end -= bytes; } /* Returns a pointer to the first used byte in the buffer. */ diff --git a/crypto/openssh/buffer.h b/crypto/openssh/buffer.h index 5e4c41244230..9c09d4f43f75 100644 --- a/crypto/openssh/buffer.h +++ b/crypto/openssh/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -40,4 +40,8 @@ void buffer_consume_end(Buffer *, u_int); void buffer_dump(Buffer *); +int buffer_get_ret(Buffer *, void *, u_int); +int buffer_consume_ret(Buffer *, u_int); +int buffer_consume_end_ret(Buffer *, u_int); + #endif /* BUFFER_H */ diff --git a/crypto/openssh/canohost.c b/crypto/openssh/canohost.c index 8ad684d6c383..1c22d4770ca6 100644 --- a/crypto/openssh/canohost.c +++ b/crypto/openssh/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $"); #include "packet.h" #include "xmalloc.h" @@ -20,7 +20,6 @@ RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); #include "canohost.h" static void check_ip_options(int, char *); -static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); /* * Return the canonical name of the host at the other end of the socket. The @@ -166,7 +165,7 @@ check_ip_options(int sock, char *ipaddr) #endif /* IP_OPTIONS */ } -static void +void ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr; @@ -232,6 +231,7 @@ get_socket_address(int sock, int remote, int flags) struct sockaddr_storage addr; socklen_t addrlen; char ntop[NI_MAXHOST]; + int r; /* Get IP address of client. */ addrlen = sizeof(addr); @@ -252,9 +252,10 @@ get_socket_address(int sock, int remote, int flags) addrlen = sizeof(struct sockaddr_in6); /* Get the address in ascii. */ - if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), - NULL, 0, flags) != 0) { - error("get_socket_address: getnameinfo %d failed", flags); + if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, + sizeof(ntop), NULL, 0, flags)) != 0) { + error("get_socket_address: getnameinfo %d failed: %s", flags, + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); return NULL; } return xstrdup(ntop); @@ -330,6 +331,7 @@ get_sock_port(int sock, int local) struct sockaddr_storage from; socklen_t fromlen; char strport[NI_MAXSERV]; + int r; /* Get IP address of client. */ fromlen = sizeof(from); @@ -351,9 +353,10 @@ get_sock_port(int sock, int local) fromlen = sizeof(struct sockaddr_in6); /* Return port number. */ - if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, - strport, sizeof(strport), NI_NUMERICSERV) != 0) - fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed"); + if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, + strport, sizeof(strport), NI_NUMERICSERV)) != 0) + fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s", + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); return atoi(strport); } diff --git a/crypto/openssh/canohost.h b/crypto/openssh/canohost.h index 4347b488a145..df1f125e5e34 100644 --- a/crypto/openssh/canohost.h +++ b/crypto/openssh/canohost.h @@ -23,3 +23,5 @@ char *get_local_name(int); int get_remote_port(void); int get_local_port(void); + +void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 1f6984aa7662..1be213bce21a 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.209 2004/08/11 21:43:04 avsm Exp $"); +RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2179,14 +2179,14 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por const char *host_to_connect, u_short port_to_connect, int gateway_ports) { Channel *c; - int success, sock, on = 1; + int sock, r, success = 0, on = 1, wildcard = 0, is_client; struct addrinfo hints, *ai, *aitop; - const char *host; + const char *host, *addr; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - success = 0; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? listen_addr : host_to_connect; + is_client = (type == SSH_CHANNEL_PORT_LISTENER); if (host == NULL) { error("No forward host name."); @@ -2198,16 +2198,60 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por } /* + * Determine whether or not a port forward listens to loopback, + * specified address or wildcard. On the client, a specified bind + * address will always override gateway_ports. On the server, a + * gateway_ports of 1 (``yes'') will override the client's + * specification and force a wildcard bind, whereas a value of 2 + * (``clientspecified'') will bind to whatever address the client + * asked for. + * + * Special-case listen_addrs are: + * + * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR + * "" (empty string), "*" -> wildcard v4/v6 + * "localhost" -> loopback v4/v6 + */ + addr = NULL; + if (listen_addr == NULL) { + /* No address specified: default to gateway_ports setting */ + if (gateway_ports) + wildcard = 1; + } else if (gateway_ports || is_client) { + if (((datafellows & SSH_OLD_FORWARD_ADDR) && + strcmp(listen_addr, "0.0.0.0") == 0) || + *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || + (!is_client && gateway_ports == 1)) + wildcard = 1; + else if (strcmp(listen_addr, "localhost") != 0) + addr = listen_addr; + } + + debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", + type, wildcard, (addr == NULL) ? "NULL" : addr); + + /* * getaddrinfo returns a loopback address if the hostname is * set to NULL and hints.ai_flags is not AI_PASSIVE */ memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; - hints.ai_flags = gateway_ports ? AI_PASSIVE : 0; + hints.ai_flags = wildcard ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", listen_port); - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) - packet_disconnect("getaddrinfo: fatal error"); + if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { + if (addr == NULL) { + /* This really shouldn't happen */ + packet_disconnect("getaddrinfo: fatal error: %s", + gai_strerror(r)); + } else { + verbose("channel_setup_fwd_listener: " + "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); + packet_send_debug("channel_setup_fwd_listener: " + "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); + } + aitop = NULL; + } for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) @@ -2279,7 +2323,7 @@ channel_cancel_rport_listener(const char *host, u_short port) if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && strncmp(c->path, host, sizeof(c->path)) == 0 && c->listening_port == port) { - debug2("%s: close clannel %d", __func__, i); + debug2("%s: close channel %d", __func__, i); channel_free(c); found = 1; } @@ -2290,11 +2334,12 @@ channel_cancel_rport_listener(const char *host, u_short port) /* protocol local port fwd, used by ssh (and sshd in v1) */ int -channel_setup_local_fwd_listener(u_short listen_port, +channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, - NULL, listen_port, host_to_connect, port_to_connect, gateway_ports); + listen_host, listen_port, host_to_connect, port_to_connect, + gateway_ports); } /* protocol v2 remote port fwd, used by sshd */ @@ -2312,7 +2357,7 @@ channel_setup_remote_fwd_listener(const char *listen_address, */ void -channel_request_remote_forwarding(u_short listen_port, +channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { int type, success = 0; @@ -2323,7 +2368,14 @@ channel_request_remote_forwarding(u_short listen_port, /* Send the forward request to the remote side. */ if (compat20) { - const char *address_to_bind = "0.0.0.0"; + const char *address_to_bind; + if (listen_host == NULL) + address_to_bind = "localhost"; + else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) + address_to_bind = ""; + else + address_to_bind = listen_host; + packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); packet_put_char(1); /* boolean: want reply */ @@ -2369,10 +2421,9 @@ channel_request_remote_forwarding(u_short listen_port, * local side. */ void -channel_request_rforward_cancel(u_short port) +channel_request_rforward_cancel(const char *host, u_short port) { int i; - const char *address_to_bind = "0.0.0.0"; if (!compat20) return; @@ -2389,7 +2440,7 @@ channel_request_rforward_cancel(u_short port) packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("cancel-tcpip-forward"); packet_put_char(0); - packet_put_cstring(address_to_bind); + packet_put_cstring(host == NULL ? "" : host); packet_put_int(port); packet_send(); @@ -2430,7 +2481,8 @@ channel_input_port_forward_request(int is_root, int gateway_ports) #endif /* Initiate forwarding */ - channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); + channel_setup_local_fwd_listener(NULL, port, hostname, + host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); @@ -2577,7 +2629,7 @@ channel_send_window_changes(void) struct winsize ws; for (i = 0; i < channels_alloc; i++) { - if (channels[i] == NULL || + if (channels[i] == NULL || !channels[i]->client_tty || channels[i]->type != SSH_CHANNEL_OPEN) continue; if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index f8dc8249c2a2..fc20fb2c331e 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.74 2004/08/11 21:43:04 avsm Exp $ */ +/* $OpenBSD: channels.h,v 1.76 2005/03/01 10:09:52 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -79,6 +79,7 @@ struct Channel { int ctl_fd; /* control fd (client sharing) */ int isatty; /* rfd is a tty */ int wfd_isatty; /* wfd is a tty */ + int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ int delayed; /* fdset hack */ Buffer input; /* data read from socket, to be sent over @@ -202,9 +203,11 @@ void channel_clear_permitted_opens(void); void channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); -void channel_request_remote_forwarding(u_short, const char *, u_short); -void channel_request_rforward_cancel(u_short port); -int channel_setup_local_fwd_listener(u_short, const char *, u_short, int); +void channel_request_remote_forwarding(const char *, u_short, + const char *, u_short); +int channel_setup_local_fwd_listener(const char *, u_short, + const char *, u_short, int); +void channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int); int channel_cancel_rport_listener(const char *, u_short); diff --git a/crypto/openssh/cipher-ctr.c b/crypto/openssh/cipher-ctr.c index 395dabedd554..43f1ede571cb 100644 --- a/crypto/openssh/cipher-ctr.c +++ b/crypto/openssh/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $"); #include <openssl/evp.h> diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index 075a4c5fceb0..beba4618dc82 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -146,7 +146,7 @@ cipher_by_name(const char *name) { Cipher *c; for (c = ciphers; c->name != NULL; c++) - if (strcasecmp(c->name, name) == 0) + if (strcmp(c->name, name) == 0) return c; return NULL; } @@ -199,8 +199,10 @@ cipher_number(const char *name) Cipher *c; if (name == NULL) return -1; - c = cipher_by_name(name); - return (c==NULL) ? -1 : c->number; + for (c = ciphers; c->name != NULL; c++) + if (strcasecmp(c->name, name) == 0) + return c->number; + return -1; } char * diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 0b9a0fb29c82..1e250883f182 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.130 2004/08/11 21:43:04 avsm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -432,8 +432,6 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, static void client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) { - struct winsize oldws, newws; - /* Flush stdout and stderr buffers. */ if (buffer_len(bout) > 0) atomicio(vwrite, fileno(stdout), buffer_ptr(bout), buffer_len(bout)); @@ -450,19 +448,11 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) buffer_free(bout); buffer_free(berr); - /* Save old window size. */ - ioctl(fileno(stdin), TIOCGWINSZ, &oldws); - /* Send the suspend signal to the program itself. */ kill(getpid(), SIGTSTP); - /* Check if the window size has changed. */ - if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 && - (oldws.ws_row != newws.ws_row || - oldws.ws_col != newws.ws_col || - oldws.ws_xpixel != newws.ws_xpixel || - oldws.ws_ypixel != newws.ws_ypixel)) - received_window_change_signal = 1; + /* Reset window sizes in case they have changed */ + received_window_change_signal = 1; /* OK, we have been continued by the user. Reinitialize buffers. */ buffer_init(bin); @@ -571,7 +561,7 @@ client_process_control(fd_set * readset) struct sockaddr_storage addr; struct confirm_ctx *cctx; char *cmd; - u_int len, env_len; + u_int len, env_len, command, flags; uid_t euid; gid_t egid; @@ -601,39 +591,74 @@ client_process_control(fd_set * readset) return; } - allowed = 1; - if (options.control_master == 2) { - char *p, prompt[1024]; - - allowed = 0; - snprintf(prompt, sizeof(prompt), - "Allow shared connection to %s? ", host); - p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); - if (p != NULL) { - /* - * Accept empty responses and responses consisting - * of the word "yes" as affirmative. - */ - if (*p == '\0' || *p == '\n' || - strcasecmp(p, "yes") == 0) - allowed = 1; - xfree(p); - } - } - unset_nonblock(client_fd); + /* Read command */ buffer_init(&m); + if (ssh_msg_recv(client_fd, &m) == -1) { + error("%s: client msg_recv failed", __func__); + close(client_fd); + buffer_free(&m); + return; + } + if ((ver = buffer_get_char(&m)) != 1) { + error("%s: wrong client version %d", __func__, ver); + buffer_free(&m); + close(client_fd); + return; + } + + allowed = 1; + command = buffer_get_int(&m); + flags = buffer_get_int(&m); + + buffer_clear(&m); + switch (command) { + case SSHMUX_COMMAND_OPEN: + if (options.control_master == 2) + allowed = ask_permission("Allow shared connection " + "to %s? ", host); + /* continue below */ + break; + case SSHMUX_COMMAND_TERMINATE: + if (options.control_master == 2) + allowed = ask_permission("Terminate shared connection " + "to %s? ", host); + if (allowed) + quit_pending = 1; + /* FALLTHROUGH */ + case SSHMUX_COMMAND_ALIVE_CHECK: + /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ + buffer_clear(&m); + buffer_put_int(&m, allowed); + buffer_put_int(&m, getpid()); + if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { + error("%s: client msg_send failed", __func__); + close(client_fd); + buffer_free(&m); + return; + } + buffer_free(&m); + close(client_fd); + return; + default: + error("Unsupported command %d", command); + buffer_free(&m); + close(client_fd); + return; + } + + /* Reply for SSHMUX_COMMAND_OPEN */ + buffer_clear(&m); buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); - if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { + if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); buffer_free(&m); return; } - buffer_clear(&m); if (!allowed) { error("Refused control connection"); @@ -642,14 +667,14 @@ client_process_control(fd_set * readset) return; } + buffer_clear(&m); if (ssh_msg_recv(client_fd, &m) == -1) { error("%s: client msg_recv failed", __func__); close(client_fd); buffer_free(&m); return; } - - if ((ver = buffer_get_char(&m)) != 0) { + if ((ver = buffer_get_char(&m)) != 1) { error("%s: wrong client version %d", __func__, ver); buffer_free(&m); close(client_fd); @@ -658,9 +683,8 @@ client_process_control(fd_set * readset) cctx = xmalloc(sizeof(*cctx)); memset(cctx, 0, sizeof(*cctx)); - - cctx->want_tty = buffer_get_int(&m); - cctx->want_subsys = buffer_get_int(&m); + cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; + cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; cctx->term = buffer_get_string(&m, &len); cmd = buffer_get_string(&m, &len); @@ -692,14 +716,21 @@ client_process_control(fd_set * readset) if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1) error("%s: tcgetattr: %s", __func__, strerror(errno)); + /* This roundtrip is just for synchronisation of ttymodes */ buffer_clear(&m); - if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { + if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); close(new_fd[0]); close(new_fd[1]); close(new_fd[2]); buffer_free(&m); + xfree(cctx->term); + if (env_len != 0) { + for (i = 0; i < env_len; i++) + xfree(cctx->env[i]); + xfree(cctx->env); + } return; } buffer_free(&m); @@ -732,11 +763,11 @@ static void process_cmdline(void) { void (*handler)(int); - char *s, *cmd; - u_short fwd_port, fwd_host_port; - char buf[1024], sfwd_port[6], sfwd_host_port[6]; + char *s, *cmd, *cancel_host; int delete = 0; int local = 0; + u_short cancel_port; + Forward fwd; leave_raw_mode(); handler = signal(SIGINT, SIG_IGN); @@ -782,37 +813,38 @@ process_cmdline(void) s++; if (delete) { - if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) { - logit("Bad forwarding specification."); - goto out; + cancel_port = 0; + cancel_host = hpdelim(&s); /* may be NULL */ + if (s != NULL) { + cancel_port = a2port(s); + cancel_host = cleanhostname(cancel_host); + } else { + cancel_port = a2port(cancel_host); + cancel_host = NULL; } - if ((fwd_host_port = a2port(sfwd_host_port)) == 0) { - logit("Bad forwarding port(s)."); + if (cancel_port == 0) { + logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(fwd_host_port); + channel_request_rforward_cancel(cancel_host, cancel_port); } else { - if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", - sfwd_port, buf, sfwd_host_port) != 3 && - sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", - sfwd_port, buf, sfwd_host_port) != 3) { + if (!parse_forward(&fwd, s)) { logit("Bad forwarding specification."); goto out; } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { - logit("Bad forwarding port(s)."); - goto out; - } if (local) { - if (channel_setup_local_fwd_listener(fwd_port, buf, - fwd_host_port, options.gateway_ports) < 0) { + if (channel_setup_local_fwd_listener(fwd.listen_host, + fwd.listen_port, fwd.connect_host, + fwd.connect_port, options.gateway_ports) < 0) { logit("Port forwarding failed."); goto out; } - } else - channel_request_remote_forwarding(fwd_port, buf, - fwd_host_port); + } else { + channel_request_remote_forwarding(fwd.listen_host, + fwd.listen_port, fwd.connect_host, + fwd.connect_port); + } + logit("Forwarding port."); } @@ -1196,14 +1228,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) * Set signal handlers, (e.g. to restore non-blocking mode) * but don't overwrite SIG_IGN, matches behaviour from rsh(1) */ + if (signal(SIGHUP, SIG_IGN) != SIG_IGN) + signal(SIGHUP, signal_handler); if (signal(SIGINT, SIG_IGN) != SIG_IGN) signal(SIGINT, signal_handler); if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) signal(SIGQUIT, signal_handler); if (signal(SIGTERM, SIG_IGN) != SIG_IGN) signal(SIGTERM, signal_handler); - if (have_pty) - signal(SIGWINCH, window_change_handler); + signal(SIGWINCH, window_change_handler); if (have_pty) enter_raw_mode(); @@ -1311,8 +1344,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Terminate the session. */ /* Stop watching for window change. */ - if (have_pty) - signal(SIGWINCH, SIG_DFL); + signal(SIGWINCH, SIG_DFL); channel_free_all(); @@ -1679,9 +1711,13 @@ client_session2_setup(int id, int want_tty, int want_subsystem, dispatch_fn *subsys_repl) { int len; + Channel *c = NULL; debug2("%s: id %d", __func__, id); + if ((c = channel_lookup(id)) == NULL) + fatal("client_session2_setup: channel %d: unknown channel", id); + if (want_tty) { struct winsize ws; struct termios tio; @@ -1700,6 +1736,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, tty_make_modes(-1, tiop != NULL ? tiop : &tio); packet_send(); /* XXX wait for reply */ + c->client_tty = 1; } /* Transfer any environment variables from client to server */ diff --git a/crypto/openssh/clientloop.h b/crypto/openssh/clientloop.h index 9992d5938b08..b23c111cbd6c 100644 --- a/crypto/openssh/clientloop.h +++ b/crypto/openssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -40,3 +40,11 @@ int client_loop(int, int, int); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **, dispatch_fn *); + +/* Multiplexing control protocol flags */ +#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ +#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ +#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ + +#define SSHMUX_FLAG_TTY (1) /* Request tty on open */ +#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c index 2fdebe7fa21d..4086e853ed6e 100644 --- a/crypto/openssh/compat.c +++ b/crypto/openssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $"); #include "buffer.h" #include "packet.h" @@ -62,24 +62,28 @@ compat_datafellows(const char *version) "OpenSSH_2.1*," "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.5.0p1*," "OpenSSH_2.5.1p1*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.5.0*," "OpenSSH_2.5.1*," "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, - { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.*," "OpenSSH_3.0*," - "OpenSSH_3.1*", SSH_BUG_EXTEOF}, + "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH*", 0 }, { "*MindTerm*", 0 }, diff --git a/crypto/openssh/compat.h b/crypto/openssh/compat.h index 5efb5c29e395..cf92dbdeefcc 100644 --- a/crypto/openssh/compat.h +++ b/crypto/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: compat.h,v 1.39 2005/03/01 10:09:52 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -55,6 +55,7 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 +#define SSH_OLD_FORWARD_ADDR 0x01000000 void enable_compat13(void); void enable_compat20(void); diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index 36c457728248..e48028b7b1d6 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $ +# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -14,7 +14,7 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -AC_INIT +AC_INIT(OpenSSH, Portable) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -121,8 +121,11 @@ case "$host" in LIBS="$LIBS -ls" ]) ]) + dnl Check for various auth function declarations in headers. + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, + passwdexpired], , , [#include <usersec.h>]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECL(loginfailed, + AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) AC_TRY_COMPILE( [#include <usersec.h>], @@ -135,7 +138,7 @@ case "$host" in [#include <usersec.h>] ) AC_CHECK_FUNCS(setauthdb) - AC_DEFINE(BROKEN_GETADDRINFO) + check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -155,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -219,7 +221,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -255,6 +259,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) + AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) @@ -335,6 +341,8 @@ mips-sony-bsd|mips-sony-newsos4) *-sni-sysv*) # /usr/ucblib MUST NOT be searched on ReliantUNIX AC_CHECK_LIB(dl, dlsym, ,) + # -lresolv needs to be at then end of LIBS or DNS lookups break + AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -347,12 +355,14 @@ mips-sony-bsd|mips-sony-newsos4) # Attention: always take care to bind libsocket and libnsl before libc, # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) ;; +# UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -361,25 +371,11 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-sysv*) ;; +# SCO UNIX and OEM versions of SCO UNIX *-*-sco3.2v4*) - CPPFLAGS="$CPPFLAGS -Dftruncate=chsize" - LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm" - RANLIB=true - no_dev_ptmx=1 - AC_DEFINE(BROKEN_SYS_TERMIO_H) - AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SECUREWARE) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(BROKEN_SAVED_UIDS) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_CHECK_FUNCS(getluid setluid) - MANTYPE=man - do_sco3_extra_lib_check=yes - TEST_SHELL=ksh + AC_MSG_ERROR("This Platform is no longer supported.") ;; +# SCO OpenServer 5.x *-*-sco3.2v5*) if test -z "$GCC"; then CFLAGS="$CFLAGS -belf" @@ -395,6 +391,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(BROKEN_UPDWTMPX) + AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man TEST_SHELL=ksh @@ -506,15 +503,17 @@ AC_ARG_WITH(libs, ) AC_MSG_CHECKING(compiler and flags for sanity) -AC_TRY_RUN([ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([ #include <stdio.h> int main(){exit(0);} - ], + ])], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ] + ], + [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] ) # Checks for header files. @@ -525,21 +524,21 @@ AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \ - sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \ + sys/pstat.h sys/select.h sys/stat.h sys/stream.h \ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include <sys/stream.h> +#endif +]) + # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -dnl SCO OS3 needs this for libwrap -if test "x$with_tcp_wrappers" != "xno" ; then - if test "x$do_sco3_extra_lib_check" = "xyes" ; then - AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc) - fi -fi - dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ @@ -640,7 +639,7 @@ AC_ARG_WITH(zlib-version-check, ) AC_MSG_CHECKING(for zlib 1.1.4 or greater) -AC_TRY_RUN([ +AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <zlib.h> int main() { @@ -652,7 +651,7 @@ int main() exit(0); exit(2); } - ], + ]])], AC_MSG_RESULT(yes), [ AC_MSG_RESULT(no) if test -z "$zlib_check_nonfatal" ; then @@ -665,7 +664,8 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) else AC_MSG_WARN([zlib version may have security problems]) fi - ] + ], + [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] ) dnl UnixWare 2.x @@ -719,16 +719,20 @@ AC_EGREP_CPP(FOUNDIT, ) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <sys/types.h> #include <dirent.h> int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) + ], + [ + AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) + AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) ] ) @@ -743,8 +747,7 @@ fi # Check whether user wants S/Key support SKEY_MSG="no" AC_ARG_WITH(skey, - [ --with-skey[[=PATH]] Enable S/Key support - (optionally in PATH)], + [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], [ if test "x$withval" != "xno" ; then @@ -785,8 +788,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } # Check whether user wants TCP wrappers support TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" @@ -839,12 +841,59 @@ AC_ARG_WITH(tcp-wrappers, ] ) +# Check whether user wants libedit support +LIBEDIT_MSG="no" +AC_ARG_WITH(libedit, + [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ if test "x$withval" != "xno" ; then + AC_CHECK_LIB(edit, el_init, + [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) + LIBEDIT="-ledit -lcurses" + LIBEDIT_MSG="yes" + AC_SUBST(LIBEDIT) + ], + [], [-lcurses] + ) + fi ] +) + +AUDIT_MODULE=none +AC_ARG_WITH(audit, + [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ + AC_MSG_CHECKING(for supported audit module) + case "$withval" in + bsm) + AC_MSG_RESULT(bsm) + AUDIT_MODULE=bsm + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(bsm/audit.h, [], + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + AC_CHECK_LIB(bsm, getaudit, [], + [AC_MSG_ERROR(BSM enabled and required library not found)]) + AC_CHECK_FUNCS(getaudit, [], + [AC_MSG_ERROR(BSM enabled and required function not found)]) + # These are optional + AC_CHECK_FUNCS(getaudit_addr) + AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) + ;; + debug) + AUDIT_MODULE=debug + AC_MSG_RESULT(debug) + AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) + ;; + *) + AC_MSG_ERROR([Unknown audit module $withval]) + ;; + esac ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ - bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \ - futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \ - getpeereid _getpty getrlimit getttyent glob inet_aton \ + bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ + freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ + getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ @@ -888,28 +937,32 @@ AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>]) AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <stdlib.h> #include <errno.h> int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESUID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) AC_CHECK_FUNCS(setresgid, [ dnl Some platorms have setresgid that isn't implemented, test for this AC_MSG_CHECKING(if setresgid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <stdlib.h> #include <errno.h> int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESGID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) @@ -935,17 +988,18 @@ AC_CHECK_FUNC(getpagesize, # Check for broken snprintf if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <stdio.h> int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ] + ], + [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] ) fi @@ -1104,6 +1158,82 @@ main(void) ) fi +if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING(if getaddrinfo seems to work) + AC_TRY_RUN( + [ +#include <stdio.h> +#include <sys/socket.h> +#include <netdb.h> +#include <errno.h> +#include <netinet/in.h> + +#define TEST_PORT "2222" + +int +main(void) +{ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(AIX_GETNAMEINFO_HACK, [], +[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_GETADDRINFO) + ] + ) +fi + +if test "x$check_for_conflicting_getspnam" = "x1"; then + AC_MSG_CHECKING(for conflicting getspnam in shadow.h) + AC_COMPILE_IFELSE( + [ +#include <shadow.h> +int main(void) {exit(0);} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, + [Conflicting defs for getspnam]) + ] + ) +fi + AC_FUNC_GETPGRP # Check for PAM libs @@ -1165,6 +1295,10 @@ AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac if test -d "$withval/lib"; then if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" @@ -1206,8 +1340,8 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <stdio.h> #include <string.h> #include <openssl/opensslv.h> @@ -1225,7 +1359,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_header_ver=`cat conftest.sslincver` AC_MSG_RESULT($ssl_header_ver) @@ -1233,13 +1367,16 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL version header not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <stdio.h> #include <string.h> #include <openssl/opensslv.h> @@ -1258,7 +1395,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_library_ver=`cat conftest.ssllibver` AC_MSG_RESULT($ssl_library_ver) @@ -1266,17 +1403,20 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL library not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <string.h> #include <openssl/opensslv.h> int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } - ], + ]])], [ AC_MSG_RESULT(yes) ], @@ -1285,6 +1425,9 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } AC_MSG_ERROR([Your OpenSSL headers do not match your library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches.]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) @@ -1305,12 +1448,12 @@ fi # Check wheter OpenSSL seeds itself AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <string.h> #include <openssl/rand.h> int main(void) { exit(RAND_status() == 1 ? 0 : 1); } - ], + ]])], [ OPENSSL_SEEDS_ITSELF=yes AC_MSG_RESULT(yes) @@ -1320,6 +1463,12 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } # Default to use of the rand helper if OpenSSL doesn't # seed itself USE_RAND_HELPER=yes + ], + [ + AC_MSG_WARN([cross compiling: assuming yes]) + # This is safe, since all recent OpenSSL versions will + # complain at runtime if not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes ] ) @@ -1704,6 +1853,10 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>]) +AC_CHECK_TYPES(in_addr_t,,, +[#include <sys/types.h> +#include <netinet/in.h>]) + AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( [ @@ -1886,8 +2039,8 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \ exit 1; else dnl test snprintf (broken on SCO w/gcc) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include <stdio.h> #include <string.h> #ifdef HAVE_SNPRINTF @@ -1910,7 +2063,8 @@ main() #else main() { exit(0); } #endif - ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] + ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], + AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ) fi @@ -2015,13 +2169,14 @@ fi dnl make sure we're using the real structure members and not defines AC_CACHE_CHECK([for msg_accrights field in struct msghdr], ac_cv_have_accrights_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include <sys/types.h> #include <sys/socket.h> #include <sys/uio.h> int main() { #ifdef msg_accrights +#error "msg_accrights is a macro" exit(1); #endif struct msghdr m; @@ -2039,13 +2194,14 @@ fi AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include <sys/types.h> #include <sys/socket.h> #include <sys/uio.h> int main() { #ifdef msg_control +#error "msg_control is a macro" exit(1); #endif struct msghdr m; @@ -2379,6 +2535,10 @@ if test ! -z "$MAIL" ; then AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") fi +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then + AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) + disable_ptmx_check=yes +fi if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then AC_CHECK_FILE("/dev/ptmx", @@ -2389,12 +2549,17 @@ if test -z "$no_dev_ptmx" ; then ) fi fi -AC_CHECK_FILE("/dev/ptc", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) - have_dev_ptc=1 - ] -) + +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then + AC_CHECK_FILE("/dev/ptc", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) + have_dev_ptc=1 + ] + ) +else + AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) +fi # Options from here on. Some of these are preset by platform above AC_ARG_WITH(mantype, @@ -2490,14 +2655,26 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],, -[ -AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ if test "x$enableval" = "xno"; then + AC_MSG_NOTICE([/etc/default/login handling disabled]) + etc_default_login=no + else + etc_default_login=yes + fi ], + [ etc_default_login=yes ] +) -if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) +if test "x$etc_default_login" != "xno"; then + AC_CHECK_FILE("/etc/default/login", + [ external_path_file=/etc/default/login ]) + if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then + AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) + elif test "x$external_path_file" = "x/etc/default/login"; then + AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) + fi fi -]) dnl BSD systems use /etc/login.conf so --with-default-path= has no effect if test $ac_cv_func_login_getcapbool = "yes" -a \ @@ -2931,7 +3108,8 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then fi AC_EXEEXT -AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) +AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ + scard/Makefile ssh_prng_cmds survey.sh]) AC_OUTPUT # Print summary of options @@ -2977,6 +3155,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " libedit support: $LIBEDIT_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" @@ -2997,7 +3176,8 @@ echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" echo "" if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"\n" + echo "SVR4 style packages are supported with \"make package\"" + echo "" fi if test "x$PAM_MSG" = "xyes" ; then @@ -3026,3 +3206,7 @@ if test ! -z "$NO_PEERCHECK" ; then echo "" fi +if test "$AUDIT_MODULE" = "bsm" ; then + echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." + echo "See the Solaris section in README.platform for details." +fi diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index 8c1d9c409976..7758bc37a5bb 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.117 2004/06/22 03:27:16 dtucker Exp $ */ +/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ /* Constants */ @@ -288,6 +288,10 @@ struct sockaddr_un { }; #endif /* HAVE_SYS_UN_H */ +#ifndef HAVE_IN_ADDR_T +typedef u_int32_t in_addr_t; +#endif + #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) #define _STRUCT_WINSIZE struct winsize { @@ -530,6 +534,11 @@ struct winsize { # define getpgrp() getpgrp(0) #endif +#ifdef USE_BSM_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) # define OPENSSL_free(x) Free(x) @@ -644,6 +653,15 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +/* HP-UX 11.11 */ +#ifdef BTMP_FILE +# define _PATH_BTMP BTMP_FILE +#endif + +#if defined(USE_BTMP) && defined(_PATH_BTMP) +# define CUSTOM_FAILED_LOGIN +#endif + /** end of login recorder definitions */ #endif /* _DEFINES_H */ diff --git a/crypto/openssh/hostfile.c b/crypto/openssh/hostfile.c index 88c054912782..2e1c8bcd0c4c 100644 --- a/crypto/openssh/hostfile.c +++ b/crypto/openssh/hostfile.c @@ -36,13 +36,102 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $"); + +#include <resolv.h> +#include <openssl/hmac.h> +#include <openssl/sha.h> #include "packet.h" #include "match.h" #include "key.h" #include "hostfile.h" #include "log.h" +#include "xmalloc.h" + +static int +extract_salt(const char *s, u_int l, char *salt, size_t salt_len) +{ + char *p, *b64salt; + u_int b64len; + int ret; + + if (l < sizeof(HASH_MAGIC) - 1) { + debug2("extract_salt: string too short"); + return (-1); + } + if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) { + debug2("extract_salt: invalid magic identifier"); + return (-1); + } + s += sizeof(HASH_MAGIC) - 1; + l -= sizeof(HASH_MAGIC) - 1; + if ((p = memchr(s, HASH_DELIM, l)) == NULL) { + debug2("extract_salt: missing salt termination character"); + return (-1); + } + + b64len = p - s; + /* Sanity check */ + if (b64len == 0 || b64len > 1024) { + debug2("extract_salt: bad encoded salt length %u", b64len); + return (-1); + } + b64salt = xmalloc(1 + b64len); + memcpy(b64salt, s, b64len); + b64salt[b64len] = '\0'; + + ret = __b64_pton(b64salt, salt, salt_len); + xfree(b64salt); + if (ret == -1) { + debug2("extract_salt: salt decode error"); + return (-1); + } + if (ret != SHA_DIGEST_LENGTH) { + debug2("extract_salt: expected salt len %u, got %u", + salt_len, ret); + return (-1); + } + + return (0); +} + +char * +host_hash(const char *host, const char *name_from_hostfile, u_int src_len) +{ + const EVP_MD *md = EVP_sha1(); + HMAC_CTX mac_ctx; + char salt[256], result[256], uu_salt[512], uu_result[512]; + static char encoded[1024]; + u_int i, len; + + len = EVP_MD_size(md); + + if (name_from_hostfile == NULL) { + /* Create new salt */ + for (i = 0; i < len; i++) + salt[i] = arc4random(); + } else { + /* Extract salt from known host entry */ + if (extract_salt(name_from_hostfile, src_len, salt, + sizeof(salt)) == -1) + return (NULL); + } + + HMAC_Init(&mac_ctx, salt, len, md); + HMAC_Update(&mac_ctx, host, strlen(host)); + HMAC_Final(&mac_ctx, result, NULL); + HMAC_cleanup(&mac_ctx); + + if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || + __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) + fatal("host_hash: __b64_ntop failed"); + + snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, + HASH_DELIM, uu_result); + + return (encoded); +} /* * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the @@ -104,7 +193,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename, char line[8192]; int linenum = 0; u_int kbits; - char *cp, *cp2; + char *cp, *cp2, *hashed_host; HostStatus end_return; debug3("check_host_in_hostfile: filename %s", filename); @@ -137,8 +226,18 @@ check_host_in_hostfile_by_key_or_type(const char *filename, ; /* Check if the host name matches. */ - if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) - continue; + if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) { + if (*cp != HASH_DELIM) + continue; + hashed_host = host_hash(host, cp, (u_int) (cp2 - cp)); + if (hashed_host == NULL) { + debug("Invalid hashed host line %d of %s", + linenum, filename); + continue; + } + if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0) + continue; + } /* Got a match. Skip host name. */ cp = cp2; @@ -211,16 +310,28 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host, */ int -add_host_to_hostfile(const char *filename, const char *host, const Key *key) +add_host_to_hostfile(const char *filename, const char *host, const Key *key, + int store_hash) { FILE *f; int success = 0; + char *hashed_host; + if (key == NULL) return 1; /* XXX ? */ f = fopen(filename, "a"); if (!f) return 0; - fprintf(f, "%s ", host); + + if (store_hash) { + if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + error("add_host_to_hostfile: host_hash failed"); + fclose(f); + return 0; + } + } + fprintf(f, "%s ", store_hash ? hashed_host : host); + if (key_write(key, f)) { success = 1; } else { diff --git a/crypto/openssh/hostfile.h b/crypto/openssh/hostfile.h index efcddc9f9c0e..d6330752ee63 100644 --- a/crypto/openssh/hostfile.h +++ b/crypto/openssh/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -21,8 +21,13 @@ typedef enum { int hostfile_read_key(char **, u_int *, Key *); HostStatus check_host_in_hostfile(const char *, const char *, const Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, const Key *); +int add_host_to_hostfile(const char *, const char *, const Key *, int); int lookup_key_in_hostfile_by_type(const char *, const char *, int, Key *, int *); +#define HASH_MAGIC "|1|" +#define HASH_DELIM '|' + +char *host_hash(const char *, const char *, u_int); + #endif diff --git a/crypto/openssh/includes.h b/crypto/openssh/includes.h index 3a6b4c32bbac..3d3aa3b21c34 100644 --- a/crypto/openssh/includes.h +++ b/crypto/openssh/includes.h @@ -185,7 +185,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. */ -#ifdef __hpux +#ifdef GETSPNAM_CONFLICTING_DEFS # ifdef _INCLUDE__STDC__ # undef _INCLUDE__STDC__ # endif diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 21b0869df09a..e419304641b1 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $"); #include <openssl/evp.h> @@ -681,8 +681,8 @@ Key * key_from_blob(const u_char *blob, u_int blen) { Buffer b; - char *ktype; int rlen, type; + char *ktype = NULL; Key *key = NULL; #ifdef DEBUG_PK @@ -690,24 +690,38 @@ key_from_blob(const u_char *blob, u_int blen) #endif buffer_init(&b); buffer_append(&b, blob, blen); - ktype = buffer_get_string(&b, NULL); + if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) { + error("key_from_blob: can't read key type"); + goto out; + } + type = key_type_from_name(ktype); switch (type) { case KEY_RSA: key = key_new(type); - buffer_get_bignum2(&b, key->rsa->e); - buffer_get_bignum2(&b, key->rsa->n); + if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + error("key_from_blob: can't read rsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif break; case KEY_DSA: key = key_new(type); - buffer_get_bignum2(&b, key->dsa->p); - buffer_get_bignum2(&b, key->dsa->q); - buffer_get_bignum2(&b, key->dsa->g); - buffer_get_bignum2(&b, key->dsa->pub_key); + if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { + error("key_from_blob: can't read dsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif @@ -717,12 +731,14 @@ key_from_blob(const u_char *blob, u_int blen) break; default: error("key_from_blob: cannot handle type %s", ktype); - break; + goto out; } rlen = buffer_len(&b); if (key != NULL && rlen != 0) error("key_from_blob: remaining bytes in key blob %d", rlen); - xfree(ktype); + out: + if (ktype != NULL) + xfree(ktype); buffer_free(&b); return key; } diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c index 5d8625d15a11..e55a54f167a7 100644 --- a/crypto/openssh/log.c +++ b/crypto/openssh/log.c @@ -193,6 +193,9 @@ debug3(const char *fmt,...) void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif argv0 = av0; switch (level) { @@ -261,6 +264,19 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) (int) facility); exit(1); } + + /* + * If an external library (eg libwrap) attempts to use syslog + * immediately after reexec, syslog may be pointing to the wrong + * facility, so we force an open/close of syslog here. + */ +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); + closelog_r(&sdata); +#else + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); + closelog(); +#endif } #define MSGBUFSIZ 1024 diff --git a/crypto/openssh/loginrec.c b/crypto/openssh/loginrec.c index f07f65fce108..361ac4cb7fd8 100644 --- a/crypto/openssh/loginrec.c +++ b/crypto/openssh/loginrec.c @@ -25,130 +25,125 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * The btmp logging code is derived from login.c from util-linux and is under + * the the following license: + * + * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + + /** ** loginrec.c: platform-independent login recording and lastlog retrieval **/ /* - The new login code explained - ============================ - - This code attempts to provide a common interface to login recording - (utmp and friends) and last login time retrieval. - - Its primary means of achieving this is to use 'struct logininfo', a - union of all the useful fields in the various different types of - system login record structures one finds on UNIX variants. - - We depend on autoconf to define which recording methods are to be - used, and which fields are contained in the relevant data structures - on the local system. Many C preprocessor symbols affect which code - gets compiled here. - - The code is designed to make it easy to modify a particular - recording method, without affecting other methods nor requiring so - many nested conditional compilation blocks as were commonplace in - the old code. - - For login recording, we try to use the local system's libraries as - these are clearly most likely to work correctly. For utmp systems - this usually means login() and logout() or setutent() etc., probably - in libutil, along with logwtmp() etc. On these systems, we fall back - to writing the files directly if we have to, though this method - requires very thorough testing so we do not corrupt local auditing - information. These files and their access methods are very system - specific indeed. - - For utmpx systems, the corresponding library functions are - setutxent() etc. To the author's knowledge, all utmpx systems have - these library functions and so no direct write is attempted. If such - a system exists and needs support, direct analogues of the [uw]tmp - code should suffice. - - Retrieving the time of last login ('lastlog') is in some ways even - more problemmatic than login recording. Some systems provide a - simple table of all users which we seek based on uid and retrieve a - relatively standard structure. Others record the same information in - a directory with a separate file, and others don't record the - information separately at all. For systems in the latter category, - we look backwards in the wtmp or wtmpx file for the last login entry - for our user. Naturally this is slower and on busy systems could - incur a significant performance penalty. - - Calling the new code - -------------------- - - In OpenSSH all login recording and retrieval is performed in - login.c. Here you'll find working examples. Also, in the logintest.c - program there are more examples. - - Internal handler calling method - ------------------------------- - - When a call is made to login_login() or login_logout(), both - routines set a struct logininfo flag defining which action (log in, - or log out) is to be taken. They both then call login_write(), which - calls whichever of the many structure-specific handlers autoconf - selects for the local system. - - The handlers themselves handle system data structure specifics. Both - struct utmp and struct utmpx have utility functions (see - construct_utmp*()) to try to make it simpler to add extra systems - that introduce new features to either structure. - - While it may seem terribly wasteful to replicate so much similar - code for each method, experience has shown that maintaining code to - write both struct utmp and utmpx in one function, whilst maintaining - support for all systems whether they have library support or not, is - a difficult and time-consuming task. - - Lastlog support proceeds similarly. Functions login_get_lastlog() - (and its OpenSSH-tuned friend login_get_lastlog_time()) call - getlast_entry(), which tries one of three methods to find the last - login time. It uses local system lastlog support if it can, - otherwise it tries wtmp or wtmpx before giving up and returning 0, - meaning "tilt". - - Maintenance - ----------- - - In many cases it's possible to tweak autoconf to select the correct - methods for a particular platform, either by improving the detection - code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE - symbols for the platform. - - Use logintest to check which symbols are defined before modifying - configure.ac and loginrec.c. (You have to build logintest yourself - with 'make logintest' as it's not built by default.) - - Otherwise, patches to the specific method(s) are very helpful! - -*/ - -/** - ** TODO: - ** homegrown ttyslot() - ** test, test, test - ** - ** Platform status: - ** ---------------- - ** - ** Known good: - ** Linux (Redhat 6.2, Debian) - ** Solaris - ** HP-UX 10.20 (gcc only) - ** IRIX - ** NeXT - M68k/HPPA/Sparc (4.2/3.3) - ** - ** Testing required: Please send reports! - ** NetBSD - ** HP-UX 11 - ** AIX - ** - ** Platforms with known problems: - ** Some variants of Slackware Linux - ** - **/ + * The new login code explained + * ============================ + * + * This code attempts to provide a common interface to login recording + * (utmp and friends) and last login time retrieval. + * + * Its primary means of achieving this is to use 'struct logininfo', a + * union of all the useful fields in the various different types of + * system login record structures one finds on UNIX variants. + * + * We depend on autoconf to define which recording methods are to be + * used, and which fields are contained in the relevant data structures + * on the local system. Many C preprocessor symbols affect which code + * gets compiled here. + * + * The code is designed to make it easy to modify a particular + * recording method, without affecting other methods nor requiring so + * many nested conditional compilation blocks as were commonplace in + * the old code. + * + * For login recording, we try to use the local system's libraries as + * these are clearly most likely to work correctly. For utmp systems + * this usually means login() and logout() or setutent() etc., probably + * in libutil, along with logwtmp() etc. On these systems, we fall back + * to writing the files directly if we have to, though this method + * requires very thorough testing so we do not corrupt local auditing + * information. These files and their access methods are very system + * specific indeed. + * + * For utmpx systems, the corresponding library functions are + * setutxent() etc. To the author's knowledge, all utmpx systems have + * these library functions and so no direct write is attempted. If such + * a system exists and needs support, direct analogues of the [uw]tmp + * code should suffice. + * + * Retrieving the time of last login ('lastlog') is in some ways even + * more problemmatic than login recording. Some systems provide a + * simple table of all users which we seek based on uid and retrieve a + * relatively standard structure. Others record the same information in + * a directory with a separate file, and others don't record the + * information separately at all. For systems in the latter category, + * we look backwards in the wtmp or wtmpx file for the last login entry + * for our user. Naturally this is slower and on busy systems could + * incur a significant performance penalty. + * + * Calling the new code + * -------------------- + * + * In OpenSSH all login recording and retrieval is performed in + * login.c. Here you'll find working examples. Also, in the logintest.c + * program there are more examples. + * + * Internal handler calling method + * ------------------------------- + * + * When a call is made to login_login() or login_logout(), both + * routines set a struct logininfo flag defining which action (log in, + * or log out) is to be taken. They both then call login_write(), which + * calls whichever of the many structure-specific handlers autoconf + * selects for the local system. + * + * The handlers themselves handle system data structure specifics. Both + * struct utmp and struct utmpx have utility functions (see + * construct_utmp*()) to try to make it simpler to add extra systems + * that introduce new features to either structure. + * + * While it may seem terribly wasteful to replicate so much similar + * code for each method, experience has shown that maintaining code to + * write both struct utmp and utmpx in one function, whilst maintaining + * support for all systems whether they have library support or not, is + * a difficult and time-consuming task. + * + * Lastlog support proceeds similarly. Functions login_get_lastlog() + * (and its OpenSSH-tuned friend login_get_lastlog_time()) call + * getlast_entry(), which tries one of three methods to find the last + * login time. It uses local system lastlog support if it can, + * otherwise it tries wtmp or wtmpx before giving up and returning 0, + * meaning "tilt". + * + * Maintenance + * ----------- + * + * In many cases it's possible to tweak autoconf to select the correct + * methods for a particular platform, either by improving the detection + * code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE + * symbols for the platform. + * + * Use logintest to check which symbols are defined before modifying + * configure.ac and loginrec.c. (You have to build logintest yourself + * with 'make logintest' as it's not built by default.) + * + * Otherwise, patches to the specific method(s) are very helpful! + */ #include "includes.h" @@ -157,17 +152,21 @@ #include "loginrec.h" #include "log.h" #include "atomicio.h" - -RCSID("$Id: loginrec.c,v 1.58 2004/08/15 09:12:52 djm Exp $"); +#include "packet.h" +#include "canohost.h" +#include "auth.h" +#include "buffer.h" #ifdef HAVE_UTIL_H -# include <util.h> +# include <util.h> #endif #ifdef HAVE_LIBUTIL_H -# include <libutil.h> +# include <libutil.h> #endif +RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $"); + /** ** prototypes for helper functions in this file **/ @@ -194,14 +193,17 @@ int lastlog_get_entry(struct logininfo *li); int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); +extern Buffer loginmsg; + /* pick the shortest string */ -#define MIN_SIZEOF(s1,s2) ( sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2) ) +#define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) /** ** platform-independent login functions **/ -/* login_login(struct logininfo *) -Record a login +/* + * login_login(struct logininfo *) - Record a login * * Call with a pointer to a struct logininfo initialised with * login_init_entry() or login_alloc_entry() @@ -211,14 +213,15 @@ int wtmpx_get_entry(struct logininfo *li); * 0 on failure (will use OpenSSH's logging facilities for diagnostics) */ int -login_login (struct logininfo *li) +login_login(struct logininfo *li) { li->type = LTYPE_LOGIN; - return login_write(li); + return (login_write(li)); } -/* login_logout(struct logininfo *) - Record a logout +/* + * login_logout(struct logininfo *) - Record a logout * * Call as with login_login() * @@ -230,10 +233,11 @@ int login_logout(struct logininfo *li) { li->type = LTYPE_LOGOUT; - return login_write(li); + return (login_write(li)); } -/* login_get_lastlog_time(int) - Retrieve the last login time +/* + * login_get_lastlog_time(int) - Retrieve the last login time * * Retrieve the last login time for the given uid. Will try to use the * system lastlog facilities if they are available, but will fall back @@ -256,12 +260,13 @@ login_get_lastlog_time(const int uid) struct logininfo li; if (login_get_lastlog(&li, uid)) - return li.tv_sec; + return (li.tv_sec); else - return 0; + return (0); } -/* login_get_lastlog(struct logininfo *, int) - Retrieve a lastlog entry +/* + * login_get_lastlog(struct logininfo *, int) - Retrieve a lastlog entry * * Retrieve a logininfo structure populated (only partially) with * information from the system lastlog data, or from wtmp/wtmpx if no @@ -272,7 +277,6 @@ login_get_lastlog_time(const int uid) * Returns: * >0: A pointer to your struct logininfo if successful * 0 on failure (will use OpenSSH's logging facilities for diagnostics) - * */ struct logininfo * login_get_lastlog(struct logininfo *li, const int uid) @@ -289,20 +293,21 @@ login_get_lastlog(struct logininfo *li, const int uid) */ pw = getpwuid(uid); if (pw == NULL) - fatal("login_get_lastlog: Cannot find account for uid %i", uid); + fatal("%s: Cannot find account for uid %i", __func__, uid); /* No MIN_SIZEOF here - we absolutely *must not* truncate the - * username */ + * username (XXX - so check for trunc!) */ strlcpy(li->username, pw->pw_name, sizeof(li->username)); if (getlast_entry(li)) - return li; + return (li); else - return NULL; + return (NULL); } -/* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise +/* + * login_alloc_entry(int, char*, char*, char*) - Allocate and initialise * a logininfo structure * * This function creates a new struct logininfo, a data structure @@ -313,13 +318,13 @@ login_get_lastlog(struct logininfo *li, const int uid) */ struct logininfo *login_alloc_entry(int pid, const char *username, - const char *hostname, const char *line) + const char *hostname, const char *line) { struct logininfo *newli; - newli = (struct logininfo *) xmalloc (sizeof(*newli)); - (void)login_init_entry(newli, pid, username, hostname, line); - return newli; + newli = xmalloc(sizeof(*newli)); + login_init_entry(newli, pid, username, hostname, line); + return (newli); } @@ -341,7 +346,7 @@ login_free_entry(struct logininfo *li) */ int login_init_entry(struct logininfo *li, int pid, const char *username, - const char *hostname, const char *line) + const char *hostname, const char *line) { struct passwd *pw; @@ -356,18 +361,21 @@ login_init_entry(struct logininfo *li, int pid, const char *username, if (username) { strlcpy(li->username, username, sizeof(li->username)); pw = getpwnam(li->username); - if (pw == NULL) - fatal("login_init_entry: Cannot find user \"%s\"", li->username); + if (pw == NULL) { + fatal("%s: Cannot find user \"%s\"", __func__, + li->username); + } li->uid = pw->pw_uid; } if (hostname) strlcpy(li->hostname, hostname, sizeof(li->hostname)); - return 1; + return (1); } -/* login_set_current_time(struct logininfo *) - set the current time +/* + * login_set_current_time(struct logininfo *) - set the current time * * Set the current time in a logininfo structure. This function is * meant to eliminate the need to deal with system dependencies for @@ -387,7 +395,7 @@ login_set_current_time(struct logininfo *li) /* copy a sockaddr_* into our logininfo */ void login_set_addr(struct logininfo *li, const struct sockaddr *sa, - const unsigned int sa_size) + const unsigned int sa_size) { unsigned int bufsize = sa_size; @@ -395,7 +403,7 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa, if (sizeof(li->hostaddr) < sa_size) bufsize = sizeof(li->hostaddr); - memcpy((void *)&(li->hostaddr.sa), (const void *)sa, bufsize); + memcpy(&li->hostaddr.sa, sa, bufsize); } @@ -404,12 +412,12 @@ login_set_addr(struct logininfo *li, const struct sockaddr *sa, ** results **/ int -login_write (struct logininfo *li) +login_write(struct logininfo *li) { #ifndef HAVE_CYGWIN - if ((int)geteuid() != 0) { - logit("Attempt to write login records by non-root user (aborting)"); - return 1; + if (geteuid() != 0) { + logit("Attempt to write login records by non-root user (aborting)"); + return (1); } #endif @@ -419,9 +427,8 @@ login_write (struct logininfo *li) syslogin_write_entry(li); #endif #ifdef USE_LASTLOG - if (li->type == LTYPE_LOGIN) { + if (li->type == LTYPE_LOGIN) lastlog_write_entry(li); - } #endif #ifdef USE_UTMP utmp_write_entry(li); @@ -437,10 +444,16 @@ login_write (struct logininfo *li) #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && - !sys_auth_record_login(li->username,li->hostname,li->line)) + !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) logit("Writing login record failed for %s", li->username); #endif - return 0; +#ifdef SSH_AUDIT_EVENTS + if (li->type == LTYPE_LOGIN) + audit_session_open(li->line); + else if (li->type == LTYPE_LOGOUT) + audit_session_close(li->line); +#endif + return (0); } #ifdef LOGIN_NEEDS_UTMPX @@ -461,7 +474,7 @@ login_utmp_only(struct logininfo *li) # ifdef USE_WTMPX wtmpx_write_entry(li); # endif - return 0; + return (0); } #endif @@ -478,25 +491,21 @@ getlast_entry(struct logininfo *li) return(lastlog_get_entry(li)); #else /* !USE_LASTLOG */ -#ifdef DISABLE_LASTLOG +#if defined(DISABLE_LASTLOG) /* On some systems we shouldn't even try to obtain last login * time, e.g. AIX */ - return 0; -# else /* DISABLE_LASTLOG */ - /* Try to retrieve the last login time from wtmp */ -# if defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) + return (0); +# elif defined(USE_WTMP) && \ + (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) /* retrieve last login time from utmp */ return (wtmp_get_entry(li)); -# else /* defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) */ +# elif defined(USE_WTMPX) && \ + (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX)) /* If wtmp isn't available, try wtmpx */ -# if defined(USE_WTMPX) && (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX)) - /* retrieve last login time from utmpx */ return (wtmpx_get_entry(li)); -# else +# else /* Give up: No means of retrieving last login time */ - return 0; -# endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */ -# endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */ + return (0); # endif /* DISABLE_LASTLOG */ #endif /* USE_LASTLOG */ } @@ -520,19 +529,21 @@ getlast_entry(struct logininfo *li) */ -/* line_fullname(): add the leading '/dev/' if it doesn't exist make - * sure dst has enough space, if not just copy src (ugh) */ +/* + * line_fullname(): add the leading '/dev/' if it doesn't exist make + * sure dst has enough space, if not just copy src (ugh) + */ char * line_fullname(char *dst, const char *src, int dstsize) { memset(dst, '\0', dstsize); - if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) { + if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) strlcpy(dst, src, dstsize); - } else { + else { strlcpy(dst, "/dev/", dstsize); strlcat(dst, src, dstsize); } - return dst; + return (dst); } /* line_stripname(): strip the leading '/dev' if it exists, return dst */ @@ -544,15 +555,17 @@ line_stripname(char *dst, const char *src, int dstsize) strlcpy(dst, src + 5, dstsize); else strlcpy(dst, src, dstsize); - return dst; + return (dst); } -/* line_abbrevname(): Return the abbreviated (usually four-character) +/* + * line_abbrevname(): Return the abbreviated (usually four-character) * form of the line (Just use the last <dstsize> characters of the * full name.) * * NOTE: use strncpy because we do NOT necessarily want zero - * termination */ + * termination + */ char * line_abbrevname(char *dst, const char *src, int dstsize) { @@ -579,7 +592,7 @@ line_abbrevname(char *dst, const char *src, int dstsize) strncpy(dst, src, (size_t)dstsize); } - return dst; + return (dst); } /** @@ -595,13 +608,11 @@ line_abbrevname(char *dst, const char *src, int dstsize) void set_utmp_time(struct logininfo *li, struct utmp *ut) { -# ifdef HAVE_TV_IN_UTMP +# if defined(HAVE_TV_IN_UTMP) ut->ut_tv.tv_sec = li->tv_sec; ut->ut_tv.tv_usec = li->tv_usec; -# else -# ifdef HAVE_TIME_IN_UTMP +# elif defined(HAVE_TIME_IN_UTMP) ut->ut_time = li->tv_sec; -# endif # endif } @@ -611,7 +622,8 @@ construct_utmp(struct logininfo *li, { # ifdef HAVE_ADDR_V6_IN_UTMP struct sockaddr_in6 *sa6; -# endif +# endif + memset(ut, '\0', sizeof(*ut)); /* First fill out fields used for both logins and logouts */ @@ -647,7 +659,7 @@ construct_utmp(struct logininfo *li, /* If we're logging out, leave all other fields blank */ if (li->type == LTYPE_LOGOUT) - return; + return; /* * These fields are only used when logging in, and are blank @@ -655,9 +667,11 @@ construct_utmp(struct logininfo *li, */ /* Use strncpy because we don't necessarily want null termination */ - strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username)); + strncpy(ut->ut_name, li->username, + MIN_SIZEOF(ut->ut_name, li->username)); # ifdef HAVE_HOST_IN_UTMP - strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname)); + strncpy(ut->ut_host, li->hostname, + MIN_SIZEOF(ut->ut_host, li->hostname)); # endif # ifdef HAVE_ADDR_IN_UTMP /* this is just a 32-bit IP address */ @@ -692,14 +706,12 @@ construct_utmp(struct logininfo *li, void set_utmpx_time(struct logininfo *li, struct utmpx *utx) { -# ifdef HAVE_TV_IN_UTMPX +# if defined(HAVE_TV_IN_UTMPX) utx->ut_tv.tv_sec = li->tv_sec; utx->ut_tv.tv_usec = li->tv_usec; -# else /* HAVE_TV_IN_UTMPX */ -# ifdef HAVE_TIME_IN_UTMPX +# elif defined(HAVE_TIME_IN_UTMPX) utx->ut_time = li->tv_sec; -# endif /* HAVE_TIME_IN_UTMPX */ -# endif /* HAVE_TV_IN_UTMPX */ +# endif } void @@ -709,6 +721,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) struct sockaddr_in6 *sa6; # endif memset(utx, '\0', sizeof(*utx)); + # ifdef HAVE_ID_IN_UTMPX line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id)); # endif @@ -725,8 +738,10 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line)); set_utmpx_time(li, utx); utx->ut_pid = li->pid; + /* strncpy(): Don't necessarily want null termination */ - strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username)); + strncpy(utx->ut_name, li->username, + MIN_SIZEOF(utx->ut_name, li->username)); if (li->type == LTYPE_LOGOUT) return; @@ -737,7 +752,8 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) */ # ifdef HAVE_HOST_IN_UTMPX - strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname)); + strncpy(utx->ut_host, li->hostname, + MIN_SIZEOF(utx->ut_host, li->hostname)); # endif # ifdef HAVE_ADDR_IN_UTMPX /* this is just a 32-bit IP address */ @@ -785,16 +801,17 @@ utmp_write_library(struct logininfo *li, struct utmp *ut) { setutent(); pututline(ut); - # ifdef HAVE_ENDUTENT endutent(); # endif - return 1; + return (1); } # else /* UTMP_USE_LIBRARY */ -/* write a utmp entry direct to the file */ -/* This is a slightly modification of code in OpenBSD's login.c */ +/* + * Write a utmp entry direct to the file + * This is a slightly modification of code in OpenBSD's login.c + */ static int utmp_write_direct(struct logininfo *li, struct utmp *ut) { @@ -805,19 +822,18 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) /* FIXME: (ATL) ttyslot() needs local implementation */ #if defined(HAVE_GETTTYENT) - register struct ttyent *ty; + struct ttyent *ty; tty=0; - setttyent(); - while ((struct ttyent *)0 != (ty = getttyent())) { + while (NULL != (ty = getttyent())) { tty++; if (!strncmp(ty->ty_name, ut->ut_line, sizeof(ut->ut_line))) break; } endttyent(); - if((struct ttyent *)0 == ty) { + if (NULL == ty) { logit("%s: tty not found", __func__); return (0); } @@ -832,12 +848,12 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) pos = (off_t)tty * sizeof(struct utmp); if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { - logit("%s: llseek: %s", strerror(errno)); + logit("%s: lseek: %s", __func__, strerror(errno)); return (0); } if (ret != pos) { - logit("%s: Couldn't seek to tty %s slot in %s", tty, - UTMP_FILE); + logit("%s: Couldn't seek to tty %d slot in %s", + __func__, tty, UTMP_FILE); return (0); } /* @@ -846,29 +862,29 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) * and ut_line and ut_name match, preserve the old ut_line. */ if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) && - (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && - (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && - (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) { - (void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host)); - } + (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && + (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && + (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) + memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host)); if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { - logit("%s: llseek: %s", __func__, strerror(errno)); + logit("%s: lseek: %s", __func__, strerror(errno)); return (0); } if (ret != pos) { - logit("%s: Couldn't seek to tty %s slot in %s", + logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); return (0); } - if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) + if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { logit("%s: error writing %s: %s", __func__, UTMP_FILE, strerror(errno)); + } - (void)close(fd); - return 1; + close(fd); + return (1); } else { - return 0; + return (0); } } # endif /* UTMP_USE_LIBRARY */ @@ -881,16 +897,16 @@ utmp_perform_login(struct logininfo *li) construct_utmp(li, &ut); # ifdef UTMP_USE_LIBRARY if (!utmp_write_library(li, &ut)) { - logit("utmp_perform_login: utmp_write_library() failed"); - return 0; + logit("%s: utmp_write_library() failed", __func__); + return (0); } # else if (!utmp_write_direct(li, &ut)) { - logit("utmp_perform_login: utmp_write_direct() failed"); - return 0; + logit("%s: utmp_write_direct() failed", __func__); + return (0); } # endif - return 1; + return (1); } @@ -902,16 +918,16 @@ utmp_perform_logout(struct logininfo *li) construct_utmp(li, &ut); # ifdef UTMP_USE_LIBRARY if (!utmp_write_library(li, &ut)) { - logit("utmp_perform_logout: utmp_write_library() failed"); - return 0; + logit("%s: utmp_write_library() failed", __func__); + return (0); } # else if (!utmp_write_direct(li, &ut)) { - logit("utmp_perform_logout: utmp_write_direct() failed"); - return 0; + logit("%s: utmp_write_direct() failed", __func__); + return (0); } # endif - return 1; + return (1); } @@ -920,14 +936,14 @@ utmp_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return utmp_perform_login(li); + return (utmp_perform_login(li)); case LTYPE_LOGOUT: - return utmp_perform_logout(li); + return (utmp_perform_logout(li)); default: - logit("utmp_write_entry: invalid type field"); - return 0; + logit("%s: invalid type field", __func__); + return (0); } } #endif /* USE_UTMP */ @@ -958,7 +974,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx) # ifdef HAVE_ENDUTXENT endutxent(); # endif - return 1; + return (1); } # else /* UTMPX_USE_LIBRARY */ @@ -967,8 +983,8 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx) static int utmpx_write_direct(struct logininfo *li, struct utmpx *utx) { - logit("utmpx_write_direct: not implemented!"); - return 0; + logit("%s: not implemented!", __func__); + return (0); } # endif /* UTMPX_USE_LIBRARY */ @@ -980,16 +996,16 @@ utmpx_perform_login(struct logininfo *li) construct_utmpx(li, &utx); # ifdef UTMPX_USE_LIBRARY if (!utmpx_write_library(li, &utx)) { - logit("utmpx_perform_login: utmp_write_library() failed"); - return 0; + logit("%s: utmp_write_library() failed", __func__); + return (0); } # else if (!utmpx_write_direct(li, &ut)) { - logit("utmpx_perform_login: utmp_write_direct() failed"); - return 0; + logit("%s: utmp_write_direct() failed", __func__); + return (0); } # endif - return 1; + return (1); } @@ -1011,7 +1027,7 @@ utmpx_perform_logout(struct logininfo *li) # else utmpx_write_direct(li, &utx); # endif - return 1; + return (1); } int @@ -1019,12 +1035,12 @@ utmpx_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return utmpx_perform_login(li); + return (utmpx_perform_login(li)); case LTYPE_LOGOUT: - return utmpx_perform_logout(li); + return (utmpx_perform_logout(li)); default: - logit("utmpx_write_entry: invalid type field"); - return 0; + logit("%s: invalid type field", __func__); + return (0); } } #endif /* USE_UTMPX */ @@ -1036,8 +1052,10 @@ utmpx_write_entry(struct logininfo *li) #ifdef USE_WTMP -/* write a wtmp entry direct to the end of the file */ -/* This is a slight modification of code in OpenBSD's logwtmp.c */ +/* + * Write a wtmp entry direct to the end of the file + * This is a slight modification of code in OpenBSD's logwtmp.c + */ static int wtmp_write(struct logininfo *li, struct utmp *ut) { @@ -1045,19 +1063,19 @@ wtmp_write(struct logininfo *li, struct utmp *ut) int fd, ret = 1; if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) { - logit("wtmp_write: problem writing %s: %s", + logit("%s: problem writing %s: %s", __func__, WTMP_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &buf) == 0) if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { ftruncate(fd, buf.st_size); - logit("wtmp_write: problem writing %s: %s", + logit("%s: problem writing %s: %s", __func__, WTMP_FILE, strerror(errno)); ret = 0; } - (void)close(fd); - return ret; + close(fd); + return (ret); } static int @@ -1066,7 +1084,7 @@ wtmp_perform_login(struct logininfo *li) struct utmp ut; construct_utmp(li, &ut); - return wtmp_write(li, &ut); + return (wtmp_write(li, &ut)); } @@ -1076,7 +1094,7 @@ wtmp_perform_logout(struct logininfo *li) struct utmp ut; construct_utmp(li, &ut); - return wtmp_write(li, &ut); + return (wtmp_write(li, &ut)); } @@ -1085,17 +1103,18 @@ wtmp_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return wtmp_perform_login(li); + return (wtmp_perform_login(li)); case LTYPE_LOGOUT: - return wtmp_perform_logout(li); + return (wtmp_perform_logout(li)); default: - logit("wtmp_write_entry: invalid type field"); - return 0; + logit("%s: invalid type field", __func__); + return (0); } } -/* Notes on fetching login data from wtmp/wtmpx +/* + * Notes on fetching login data from wtmp/wtmpx * * Logouts are usually recorded with (amongst other things) a blank * username on a given tty line. However, some systems (HP-UX is one) @@ -1116,15 +1135,15 @@ static int wtmp_islogin(struct logininfo *li, struct utmp *ut) { if (strncmp(li->username, ut->ut_name, - MIN_SIZEOF(li->username, ut->ut_name)) == 0) { + MIN_SIZEOF(li->username, ut->ut_name)) == 0) { # ifdef HAVE_TYPE_IN_UTMP if (ut->ut_type & USER_PROCESS) - return 1; + return (1); # else - return 1; + return (1); # endif } - return 0; + return (0); } int @@ -1132,41 +1151,43 @@ wtmp_get_entry(struct logininfo *li) { struct stat st; struct utmp ut; - int fd, found=0; + int fd, found = 0; /* Clear the time entries in our logininfo */ li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) { - logit("wtmp_get_entry: problem opening %s: %s", + logit("%s: problem opening %s: %s", __func__, WTMP_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &st) != 0) { - logit("wtmp_get_entry: couldn't stat %s: %s", + logit("%s: couldn't stat %s: %s", __func__, WTMP_FILE, strerror(errno)); close(fd); - return 0; + return (0); } /* Seek to the start of the last struct utmp */ if (lseek(fd, -(off_t)sizeof(struct utmp), SEEK_END) == -1) { /* Looks like we've got a fresh wtmp file */ close(fd); - return 0; + return (0); } while (!found) { if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) { - logit("wtmp_get_entry: read of %s failed: %s", + logit("%s: read of %s failed: %s", __func__, WTMP_FILE, strerror(errno)); close (fd); - return 0; + return (0); } if ( wtmp_islogin(li, &ut) ) { found = 1; - /* We've already checked for a time in struct - * utmp, in login_getlast(). */ + /* + * We've already checked for a time in struct + * utmp, in login_getlast() + */ # ifdef HAVE_TIME_IN_UTMP li->tv_sec = ut.ut_time; # else @@ -1175,24 +1196,24 @@ wtmp_get_entry(struct logininfo *li) # endif # endif line_fullname(li->line, ut.ut_line, - MIN_SIZEOF(li->line, ut.ut_line)); + MIN_SIZEOF(li->line, ut.ut_line)); # ifdef HAVE_HOST_IN_UTMP strlcpy(li->hostname, ut.ut_host, - MIN_SIZEOF(li->hostname, ut.ut_host)); + MIN_SIZEOF(li->hostname, ut.ut_host)); # endif continue; } /* Seek back 2 x struct utmp */ if (lseek(fd, -(off_t)(2 * sizeof(struct utmp)), SEEK_CUR) == -1) { /* We've found the start of the file, so quit */ - close (fd); - return 0; + close(fd); + return (0); } } /* We found an entry. Tidy up and return */ close(fd); - return 1; + return (1); } # endif /* USE_WTMP */ @@ -1202,8 +1223,10 @@ wtmp_get_entry(struct logininfo *li) **/ #ifdef USE_WTMPX -/* write a wtmpx entry direct to the end of the file */ -/* This is a slight modification of code in OpenBSD's logwtmp.c */ +/* + * Write a wtmpx entry direct to the end of the file + * This is a slight modification of code in OpenBSD's logwtmp.c + */ static int wtmpx_write(struct logininfo *li, struct utmpx *utx) { @@ -1212,24 +1235,24 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) int fd, ret = 1; if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) { - logit("wtmpx_write: problem opening %s: %s", + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &buf) == 0) if (atomicio(vwrite, fd, utx, sizeof(*utx)) != sizeof(*utx)) { ftruncate(fd, buf.st_size); - logit("wtmpx_write: problem writing %s: %s", + logit("%s: problem writing %s: %s", __func__, WTMPX_FILE, strerror(errno)); ret = 0; } - (void)close(fd); + close(fd); - return ret; + return (ret); #else updwtmpx(WTMPX_FILE, utx); - return 1; + return (1); #endif } @@ -1240,7 +1263,7 @@ wtmpx_perform_login(struct logininfo *li) struct utmpx utx; construct_utmpx(li, &utx); - return wtmpx_write(li, &utx); + return (wtmpx_write(li, &utx)); } @@ -1250,7 +1273,7 @@ wtmpx_perform_logout(struct logininfo *li) struct utmpx utx; construct_utmpx(li, &utx); - return wtmpx_write(li, &utx); + return (wtmpx_write(li, &utx)); } @@ -1259,12 +1282,12 @@ wtmpx_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return wtmpx_perform_login(li); + return (wtmpx_perform_login(li)); case LTYPE_LOGOUT: - return wtmpx_perform_logout(li); + return (wtmpx_perform_logout(li)); default: - logit("wtmpx_write_entry: invalid type field"); - return 0; + logit("%s: invalid type field", __func__); + return (0); } } @@ -1275,16 +1298,16 @@ wtmpx_write_entry(struct logininfo *li) static int wtmpx_islogin(struct logininfo *li, struct utmpx *utx) { - if ( strncmp(li->username, utx->ut_name, - MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) { + if (strncmp(li->username, utx->ut_name, + MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) { # ifdef HAVE_TYPE_IN_UTMPX if (utx->ut_type == USER_PROCESS) - return 1; + return (1); # else - return 1; + return (1); # endif } - return 0; + return (0); } @@ -1299,57 +1322,57 @@ wtmpx_get_entry(struct logininfo *li) li->tv_sec = li->tv_usec = 0; if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) { - logit("wtmpx_get_entry: problem opening %s: %s", + logit("%s: problem opening %s: %s", __func__, WTMPX_FILE, strerror(errno)); - return 0; + return (0); } if (fstat(fd, &st) != 0) { - logit("wtmpx_get_entry: couldn't stat %s: %s", + logit("%s: couldn't stat %s: %s", __func__, WTMPX_FILE, strerror(errno)); close(fd); - return 0; + return (0); } /* Seek to the start of the last struct utmpx */ if (lseek(fd, -(off_t)sizeof(struct utmpx), SEEK_END) == -1 ) { /* probably a newly rotated wtmpx file */ close(fd); - return 0; + return (0); } while (!found) { if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) { - logit("wtmpx_get_entry: read of %s failed: %s", + logit("%s: read of %s failed: %s", __func__, WTMPX_FILE, strerror(errno)); close (fd); - return 0; + return (0); } - /* Logouts are recorded as a blank username on a particular line. - * So, we just need to find the username in struct utmpx */ - if ( wtmpx_islogin(li, &utx) ) { + /* + * Logouts are recorded as a blank username on a particular + * line. So, we just need to find the username in struct utmpx + */ + if (wtmpx_islogin(li, &utx)) { found = 1; -# ifdef HAVE_TV_IN_UTMPX +# if defined(HAVE_TV_IN_UTMPX) li->tv_sec = utx.ut_tv.tv_sec; -# else -# ifdef HAVE_TIME_IN_UTMPX +# elif defined(HAVE_TIME_IN_UTMPX) li->tv_sec = utx.ut_time; -# endif # endif line_fullname(li->line, utx.ut_line, sizeof(li->line)); -# ifdef HAVE_HOST_IN_UTMPX +# if defined(HAVE_HOST_IN_UTMPX) strlcpy(li->hostname, utx.ut_host, - MIN_SIZEOF(li->hostname, utx.ut_host)); + MIN_SIZEOF(li->hostname, utx.ut_host)); # endif continue; } if (lseek(fd, -(off_t)(2 * sizeof(struct utmpx)), SEEK_CUR) == -1) { - close (fd); - return 0; + close(fd); + return (0); } } close(fd); - return 1; + return (1); } #endif /* USE_WTMPX */ @@ -1363,15 +1386,12 @@ syslogin_perform_login(struct logininfo *li) { struct utmp *ut; - if (! (ut = (struct utmp *)malloc(sizeof(*ut)))) { - logit("syslogin_perform_login: couldn't malloc()"); - return 0; - } + ut = xmalloc(sizeof(*ut)); construct_utmp(li, ut); login(ut); free(ut); - return 1; + return (1); } static int @@ -1382,19 +1402,18 @@ syslogin_perform_logout(struct logininfo *li) (void)line_stripname(line, li->line, sizeof(line)); - if (!logout(line)) { - logit("syslogin_perform_logout: logout() returned an error"); + if (!logout(line)) + logit("%s: logout() returned an error", __func__); # ifdef HAVE_LOGWTMP - } else { + else logwtmp(line, "", ""); # endif - } /* FIXME: (ATL - if the need arises) What to do if we have * login, but no logout? what if logout but no logwtmp? All * routines are in libutil so they should all be there, * but... */ # endif - return 1; + return (1); } int @@ -1402,12 +1421,12 @@ syslogin_write_entry(struct logininfo *li) { switch (li->type) { case LTYPE_LOGIN: - return syslogin_perform_login(li); + return (syslogin_perform_login(li)); case LTYPE_LOGOUT: - return syslogin_perform_logout(li); + return (syslogin_perform_logout(li)); default: - logit("syslogin_write_entry: Invalid type field"); - return 0; + logit("%s: Invalid type field", __func__); + return (0); } } #endif /* USE_LOGIN */ @@ -1429,7 +1448,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last) /* clear the structure */ memset(last, '\0', sizeof(*last)); - (void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line)); + line_stripname(last->ll_line, li->line, sizeof(last->ll_line)); strlcpy(last->ll_host, li->hostname, MIN_SIZEOF(last->ll_host, li->hostname)); last->ll_time = li->tv_sec; @@ -1441,16 +1460,16 @@ lastlog_filetype(char *filename) struct stat st; if (stat(LASTLOG_FILE, &st) != 0) { - logit("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE, - strerror(errno)); - return 0; + logit("%s: Couldn't stat %s: %s", __func__, + LASTLOG_FILE, strerror(errno)); + return (0); } if (S_ISDIR(st.st_mode)) - return LL_DIR; + return (LL_DIR); else if (S_ISREG(st.st_mode)) - return LL_FILE; + return (LL_FILE); else - return LL_OTHER; + return (LL_OTHER); } @@ -1464,38 +1483,39 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) type = lastlog_filetype(LASTLOG_FILE); switch (type) { - case LL_FILE: - strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file)); - break; - case LL_DIR: - snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s", - LASTLOG_FILE, li->username); - break; - default: - logit("lastlog_openseek: %.100s is not a file or directory!", - LASTLOG_FILE); - return 0; + case LL_FILE: + strlcpy(lastlog_file, LASTLOG_FILE, + sizeof(lastlog_file)); + break; + case LL_DIR: + snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s", + LASTLOG_FILE, li->username); + break; + default: + logit("%s: %.100s is not a file or directory!", __func__, + LASTLOG_FILE); + return (0); } *fd = open(lastlog_file, filemode, 0600); - if ( *fd < 0) { - debug("lastlog_openseek: Couldn't open %s: %s", + if (*fd < 0) { + debug("%s: Couldn't open %s: %s", __func__, lastlog_file, strerror(errno)); - return 0; + return (0); } if (type == LL_FILE) { /* find this uid's offset in the lastlog file */ offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); - if ( lseek(*fd, offset, SEEK_SET) != offset ) { - logit("lastlog_openseek: %s->lseek(): %s", - lastlog_file, strerror(errno)); - return 0; + if (lseek(*fd, offset, SEEK_SET) != offset) { + logit("%s: %s->lseek(): %s", __func__, + lastlog_file, strerror(errno)); + return (0); } } - return 1; + return (1); } static int @@ -1508,18 +1528,18 @@ lastlog_perform_login(struct logininfo *li) lastlog_construct(li, &last); if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT)) - return(0); + return (0); /* write the entry */ if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) { close(fd); - logit("lastlog_write_filemode: Error writing to %s: %s", + logit("%s: Error writing to %s: %s", __func__, LASTLOG_FILE, strerror(errno)); - return 0; + return (0); } close(fd); - return 1; + return (1); } int @@ -1527,10 +1547,10 @@ lastlog_write_entry(struct logininfo *li) { switch(li->type) { case LTYPE_LOGIN: - return lastlog_perform_login(li); + return (lastlog_perform_login(li)); default: - logit("lastlog_write_entry: Invalid type field"); - return 0; + logit("%s: Invalid type field", __func__); + return (0); } } @@ -1539,7 +1559,7 @@ lastlog_populate_entry(struct logininfo *li, struct lastlog *last) { line_fullname(li->line, last->ll_line, sizeof(li->line)); strlcpy(li->hostname, last->ll_host, - MIN_SIZEOF(li->hostname, last->ll_host)); + MIN_SIZEOF(li->hostname, last->ll_host)); li->tv_sec = last->ll_time; } @@ -1576,3 +1596,82 @@ lastlog_get_entry(struct logininfo *li) return (0); } #endif /* USE_LASTLOG */ + +#ifdef USE_BTMP + /* + * Logs failed login attempts in _PATH_BTMP if that exists. + * The most common login failure is to give password instead of username. + * So the _PATH_BTMP file checked for the correct permission, so that + * only root can read it. + */ + +void +record_failed_login(const char *username, const char *hostname, + const char *ttyn) +{ + int fd; + struct utmp ut; + struct sockaddr_storage from; + size_t fromlen = sizeof(from); + struct sockaddr_in *a4; + struct sockaddr_in6 *a6; + time_t t; + struct stat fst; + + if (geteuid() != 0) + return; + if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) { + debug("Unable to open the btmp file %s: %s", _PATH_BTMP, + strerror(errno)); + return; + } + if (fstat(fd, &fst) < 0) { + logit("%s: fstat of %s failed: %s", __func__, _PATH_BTMP, + strerror(errno)); + goto out; + } + if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){ + logit("Excess permission or bad ownership on file %s", + _PATH_BTMP); + goto out; + } + + memset(&ut, 0, sizeof(ut)); + /* strncpy because we don't necessarily want nul termination */ + strncpy(ut.ut_user, username, sizeof(ut.ut_user)); + strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line)); + + time(&t); + ut.ut_time = t; /* ut_time is not always a time_t */ + ut.ut_type = LOGIN_PROCESS; + ut.ut_pid = getpid(); + + /* strncpy because we don't necessarily want nul termination */ + strncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); + + if (packet_connection_is_on_socket() && + getpeername(packet_get_connection_in(), + (struct sockaddr *)&from, &fromlen) == 0) { + ipv64_normalise_mapped(&from, &fromlen); + if (from.ss_family == AF_INET) { + a4 = (struct sockaddr_in *)&from; + memcpy(&ut.ut_addr, &(a4->sin_addr), + MIN_SIZEOF(ut.ut_addr, a4->sin_addr)); + } +#ifdef HAVE_ADDR_V6_IN_UTMP + if (from.ss_family == AF_INET6) { + a6 = (struct sockaddr_in6 *)&from; + memcpy(&ut.ut_addr_v6, &(a6->sin6_addr), + MIN_SIZEOF(ut.ut_addr_v6, a6->sin6_addr)); + } +#endif + } + + if (atomicio(vwrite, fd, &ut, sizeof(ut)) != sizeof(ut)) + error("Failed to write to %s: %s", _PATH_BTMP, + strerror(errno)); + +out: + close(fd); +} +#endif /* USE_BTMP */ diff --git a/crypto/openssh/loginrec.h b/crypto/openssh/loginrec.h index 7f932c2966f4..d1a12a853199 100644 --- a/crypto/openssh/loginrec.h +++ b/crypto/openssh/loginrec.h @@ -35,7 +35,7 @@ #include <netinet/in.h> #include <sys/socket.h> -/* RCSID("$Id: loginrec.h,v 1.7 2003/06/03 02:18:50 djm Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -62,7 +62,7 @@ union login_netinfo { /* string lengths - set very long */ #define LINFO_PROGSIZE 64 #define LINFO_LINESIZE 64 -#define LINFO_NAMESIZE 64 +#define LINFO_NAMESIZE 128 #define LINFO_HOSTSIZE 256 struct logininfo { @@ -132,4 +132,6 @@ char *line_fullname(char *dst, const char *src, int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); +void record_failed_login(const char *, const char *, const char *); + #endif /* _HAVE_LOGINREC_H_ */ diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 8cb411ccc92b..2e366f81b270 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $"); #include "misc.h" #include "log.h" @@ -275,6 +275,48 @@ convtime(const char *s) return total; } +/* + * Search for next delimiter between hostnames/addresses and ports. + * Argument may be modified (for termination). + * Returns *cp if parsing succeeds. + * *cp is set to the start of the next delimiter, if one was found. + * If this is the last field, *cp is set to NULL. + */ +char * +hpdelim(char **cp) +{ + char *s, *old; + + if (cp == NULL || *cp == NULL) + return NULL; + + old = s = *cp; + if (*s == '[') { + if ((s = strchr(s, ']')) == NULL) + return NULL; + else + s++; + } else if ((s = strpbrk(s, ":/")) == NULL) + s = *cp + strlen(*cp); /* skip to end (see first case below) */ + + switch (*s) { + case '\0': + *cp = NULL; /* no more fields*/ + break; + + case ':': + case '/': + *s = '\0'; /* terminate */ + *cp = s + 1; + break; + + default: + return NULL; + } + + return old; +} + char * cleanhostname(char *host) { @@ -332,3 +374,26 @@ addargs(arglist *args, char *fmt, ...) args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } + +/* + * Read an entire line from a public key file into a static buffer, discarding + * lines that exceed the buffer size. Returns 0 on success, -1 on failure. + */ +int +read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, + u_long *lineno) +{ + while (fgets(buf, bufsz, f) != NULL) { + (*lineno)++; + if (buf[strlen(buf) - 1] == '\n' || feof(f)) { + return 0; + } else { + debug("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); + /* discard remainder of line */ + while(fgetc(f) != '\n' && !feof(f)) + ; /* nothing */ + } + } + return -1; +} diff --git a/crypto/openssh/misc.h b/crypto/openssh/misc.h index ec47a611d485..8bbc87f0dbda 100644 --- a/crypto/openssh/misc.h +++ b/crypto/openssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.17 2004/08/11 21:43:05 avsm Exp $ */ +/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -20,6 +20,7 @@ int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); +char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); long convtime(const char *); @@ -46,3 +47,5 @@ char *tilde_expand_filename(const char *, uid_t); #define RP_USE_ASKPASS 0x0008 char *read_passphrase(const char *, int); +int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); +int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); diff --git a/crypto/openssh/moduli b/crypto/openssh/moduli index 52639d336c60..a12de21924d0 100644 --- a/crypto/openssh/moduli +++ b/crypto/openssh/moduli @@ -1,186 +1,200 @@ -# $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $ - +# $OpenBSD: moduli,v 1.3 2005/01/24 10:29:06 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB -20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7 -20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97 -20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7 -20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B -20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3 -20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3 -20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB -20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383 -20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F -20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B -20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F -20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B -20031210005548 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB235892F3 -20031210005700 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB236C3F03 -20031210005841 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB238BC713 -20031210010040 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23B466C3 -20031210010119 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23BB1F8B -20031210010313 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E03DDB -20031210010335 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E130AB -20031210010422 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23EA20A3 -20031210010500 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23F1807B -20031210010628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2409DC07 -20031210010759 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2425487F -20031210010906 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24397A3F -20031210010945 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2440ABF7 -20031210011017 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2445C00B -20031210011059 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB244E4EBF -20031210011158 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB245E056B -20031210011340 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24808F43 -20031210011408 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24834C0B -20031210011517 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2495148B -20031210011632 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24A89B27 -20031210014802 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D3B9DD3 -20031210015017 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D463D83 -20031210015524 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D68288B -20031210015701 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D6C64C3 -20031210020258 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D94316B -20031210022106 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E1F8453 -20031210022738 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E4BDAC7 -20031210022948 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E5541E7 -20031210023056 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E56464B -20031210023414 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E695C8B -20031210024039 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E939ABF -20031210024457 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EAE295B -20031210024630 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EB2BDFB -20031210025118 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772ED059DB -20031210025540 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EECB4D3 -20031210025956 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F043973 -20031210030256 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F134903 -20031210030415 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F15B5EB -20031210030717 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F25BF3B -20031210030826 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F2670D7 -20031210031055 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F31E5F3 -20031210031311 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F3BFE2B -20031210032243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F83082B -20031210032437 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F898187 -20031210032703 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F95718B -20031210032953 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA3F5CB -20031210033059 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA48FEB -20031210033247 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FAA6267 -20031210033633 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FC1BE7B -20031210034313 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF18FA7 -20031210034507 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF84977 -20031210035121 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730233FBF -20031210035813 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773054E8F3 -20031210035955 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730597847 -20031210040259 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77306A1B57 -20031210040704 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308258FB -20031210040913 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308A63F7 -20031210042047 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DEEF8F -20031210042156 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DFE787 -20031210042511 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730F1D3CB -20031210042907 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773107039B -20031210043815 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731492E37 -20031210045243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731AB1953 -20031210054833 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C0B0F8B -20031210055609 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C1CF773 -20031210065401 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1CDD973F -20031210071146 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D11D9FB -20031210071754 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D1ED47B -20031210072552 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D32CE4F -20031210073644 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D4EC983 -20031210074309 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D5D4F07 -20031210075517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D7DE133 -20031210081718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1DC395C3 -20031210084322 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E1A5567 -20031210085218 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E3127AB -20031210090542 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E586AD7 -20031210093920 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1EC6C9D3 -20031210100616 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F19C713 -20031210103627 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F7B82B3 -20031210104559 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F95C2EF -20031210104836 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F969EAF -20031210110201 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FBEA0DF -20031210111610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE4C70B -20031210111837 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE50DBB -20031210112215 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE964FF -20031210124102 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F20F33023 -20031210125610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21208AFB -20031210130630 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F213CBA8B -20031210132517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21754843 -20031210132855 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2179D39B -20031210140211 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21E6E73B -20031210141340 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22068817 -20031210143133 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F223D6017 -20031210143812 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F224A70F3 -20031210150410 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22A24CFB -20031210153131 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22FAA253 -20031210153718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F23071C7B -20031210154203 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F230FFC0B -20031210161808 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2383B65B -20031210185714 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061924F36F3 -20031210204537 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C04AB3 -20031210205604 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C3734B -20031210210523 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C58A0B -20031210233701 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193680D03 -20031211013125 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193E1DD73 -20031211052015 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306194DA94E3 -20031211064439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619531A017 -20031211074935 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195731BAB -20031211081053 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195830BAB -20031211123240 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306196A4C097 -20031211160831 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061978B740B -20031211195847 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619889E1B3 -20031211201456 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619892ED83 -20031211221441 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619910A74B -20031211223303 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061991D35CB -20031211235558 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199712CCB -20031212005818 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199AE96DB -20031212033251 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619A50DDD3 -20031212053332 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619AB31B57 -20031212084926 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619B8949F7 -20031212130319 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619C84A1A3 -20031212192346 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E1B24BB -20031212210042 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E7F37FB -20031213002102 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619F59BABB -20031213061439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A0D9208F -20031213071620 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A115D66F -20031213072644 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1186097 -20031213090613 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A17DACC7 -20031213110037 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1F577E7 -20031213113226 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2113AC3 -20031213120232 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A22A232B -20031213121926 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A23443D3 -20031213130353 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A25D51E7 -20031213143149 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2B63CBB -20031213153322 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2F05FC7 -20031213180906 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A39439A3 -20031213183520 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3A7705F -20031213192228 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3D2DEA7 -20031213125532 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8050C3B -20031213125653 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8EB2F2B -20031213125813 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAB66F4B -20031213125934 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAFE508B -20031213130055 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EB96812B -20031213130217 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBB738CB -20031213130337 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBDB337F -20031213130458 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECA8B62B -20031213130619 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECBCE443 -20031213130740 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED1637DB -20031213130901 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED3EA08F -20031213131021 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EDC96C6B -20031213131142 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EEB92FCF -20031213131303 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F2D2CCF3 -20031213131424 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F6C89BBB -20031213131545 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F7962EDB -20031213131706 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F85A4767 -20031213131827 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F8A196C7 -20031213131947 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F94500EF -20031213132108 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FAF467BF -20031213132229 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB5A7803 -20031213132350 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB7D5467 -20031213132511 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FC4A16D7 -20031213132632 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FEEDC36F -20031213132752 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FFA077EF -20031213132913 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400725B7B -20031213133034 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400728FFB -20031213133155 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924011CFA13 -20031213133316 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240165703F -20031213133436 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240166BA7B -20031213133557 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924018E41B7 -20031213133718 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992402C07A93 +20040225025212 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7AFFE86A7 +20040225025304 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B01F83CB +20040225025357 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B03F2B73 +20040225025411 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B041C8C7 +20040225025444 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0546E93 +20040225025458 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0573767 +20040225025522 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0629E73 +20040225025545 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B06CD95B +20040225025616 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B07C93A3 +20040225025655 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B093C72B +20040225025710 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B096450B +20040225025750 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0AF2C83 +20040225025830 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0C7F1FF +20040225025845 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CB565B +20040225025858 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CD8557 +20040225025915 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D20473 +20040225025934 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D924F7 +20040225025952 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0DFD8BB +20040225030015 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0E8E59F +20040225030039 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0F43B0B +20040225030104 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0FEB103 +20040225030130 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B10AC3DB +20040225030149 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1122527 +20040225030214 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B11E494B +20040225030245 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B12E727B +20040225030319 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1416743 +20040225030347 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1507F2B +20040225030404 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1560FE3 +20040225030418 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1591CF7 +20040225030432 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B15B57FF +20040225030455 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B165D0AF +20040225030511 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B169C97F +20040225030551 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B182715B +20040225030621 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1920737 +20040225030648 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B19FB54B +20040225030718 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1AFAE87 +20040225030736 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1B5A7AF +20040225030753 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1BC3C47 +20040225030815 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1C6AF33 +20040225030831 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1CAD9FB +20040225030902 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1DC6A8F +20040225035226 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800C47CAB +20040225035359 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800D3866B +20040225035635 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800F43DFF +20040225035846 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448010B4D93 +20040225040147 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013094F3 +20040225040301 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013AA0FB +20040225040619 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480163EC83 +20040225040718 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448016AEB8F +20040225041023 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480190871F +20040225041328 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801B5F1B3 +20040225041740 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801ED6FBB +20040225041921 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801FEC44F +20040225042229 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802245FF7 +20040225042513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480246F93B +20040225042547 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802473F4F +20040225042707 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480253B03B +20040225043111 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480287CD9B +20040225043513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802BC32FB +20040225043609 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802C2125B +20040225043847 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E1B733 +20040225043925 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E2E963 +20040225044335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448031AC423 +20040225045303 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803A10E07 +20040225045443 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B0EF43 +20040225045518 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B15033 +20040225045923 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803E58317 +20040225050120 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803F9EB4F +20040225050333 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448041304B3 +20040225050524 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804279B2F +20040225050559 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804281047 +20040225050810 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448043F454F +20040225051113 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804672F1F +20040225051335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804809CB3 +20040225051442 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480489545F +20040225052303 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804FE918B +20040225062215 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9F68B3E7 +20040225063823 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FD47307 +20040225064402 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FF43C0F +20040225065646 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04740DB +20040225065825 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04B01BF +20040225070116 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA056DD47 +20040225074027 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA172E1B3 +20040225080343 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA217422F +20040225081159 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24927DB +20040225081331 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24C058B +20040225082528 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA2993EBF +20040225084537 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3242BE3 +20040225085012 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA33EF643 +20040225085829 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3729D77 +20040225090710 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3AC0143 +20040225091002 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3B8AE6B +20040225092648 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA42B65D7 +20040225093120 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4442793 +20040225093517 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA459441F +20040225094409 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA491BE4B +20040225095209 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4C4E437 +20040225095548 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4D5D7AB +20040225100531 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA51404EB +20040225100644 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5145C87 +20040225101834 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5609CBB +20040225102317 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA57AC86F +20040225103220 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B631A3 +20040225103355 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B98D2F +20040225103756 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5CEBAFB +20040225104020 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5D77CDF +20040225104557 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5F6FD9F +20040225110302 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA66A70DF +20040225110515 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6721A43 +20040225110913 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6879A53 +20040225111338 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA69FE2FB +20040225111911 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6C04F47 +20040225112902 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA7007CD3 +20040225143208 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8968A91B +20040225144922 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8987DF6B +20040225150309 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD899E0F8B +20040225161716 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A3A91CF +20040225163012 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A4CED2B +20040225175457 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B02C5DB +20040225182539 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B3E9D13 +20040225194030 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8BDE269B +20040225201420 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C203553 +20040225203219 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C40B747 +20040225203908 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C46ED83 +20040225210230 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C72586B +20040225212746 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CA15F2F +20040225214624 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CC34833 +20040225223007 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8D1B23AB +20040225234913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DC36C9B +20040226001353 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DF174B3 +20040226004101 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E24518B +20040226010652 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E543397 +20040226015415 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EB6152F +20040226022931 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EFD1773 +20040226025740 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8F3376D7 +20040226053010 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD90786CE3 +20040226054156 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD908AC36B +20040226081600 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91D61A43 +20040226083039 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91ED4AE3 +20040226092910 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9265F7DB +20040226112913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93696533 +20040226115826 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93A210A3 +20040226135326 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD949596D7 +20040226145128 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95096CCF +20040226153142 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95582C7B +20040226164905 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95FACE7B +20040226171921 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9633F443 +20040226182347 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD96BAC3A7 +20040226200555 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97972EFB +20040226202801 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97C0B5C3 +20040226214755 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9868011B +20040226215843 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9876E7FB +20040226220422 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD987B4983 +20040226222346 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD989D61D3 +20040227091438 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5737ECF +20040227101541 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5AE7363 +20040227160657 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7295F4F +20040227180410 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7A46573 +20040227225950 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC8E6D5E3 +20040227233727 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC9079B33 +20040228032633 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCA006227 +20040228060859 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCAAE6E63 +20040228101703 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCBBC54FB +20040228192850 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCE191D13 +20040229084451 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD1804AF3 +20040229164933 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD3887E07 +20040229210220 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD49457B7 +20040229222958 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD4EA3223 +20040301003324 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD566C79B +20040301030228 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD6032D8F +20040301040042 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD63B1113 +20040301073501 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD71C4A67 +20040301133631 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD8A0BBD3 +20040301165652 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD96E4053 +20040301184021 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD9D662FB +20040302045553 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDC5FE8E3 +20040302112648 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDDFE9D13 +20040302120026 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE1A5AD3 +20040302130757 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE5E4073 +20040302142004 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEA4AA9B +20040302145603 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEC2C32B +20040302212946 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE0652EC7 +20040303003544 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE127CF63 +20040303072925 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE2D793F3 +20040305011518 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E4CE974B +20040305043124 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E5050933 +20040305084728 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E54C7783 +20040306205350 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E809C413 +20040309221333 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080ED7F9CFB +20040311222059 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F103209F +20040312160304 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F247861B +20040312210904 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F29D939F +20040316074005 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F8B1F7DB +20040317113309 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FAAE1F73 +20040317195246 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FB3F2B93 +20040319025848 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FD81741B +20040323194658 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C708105AF04AF +20040324041535 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C70810643E737 diff --git a/crypto/openssh/moduli.c b/crypto/openssh/moduli.c index 581b03503d97..8b05248e2340 100644 --- a/crypto/openssh/moduli.c +++ b/crypto/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */ /* * Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> @@ -56,7 +56,7 @@ #define QTYPE_UNKNOWN (0) #define QTYPE_UNSTRUCTURED (1) #define QTYPE_SAFE (2) -#define QTYPE_SCHNOOR (3) +#define QTYPE_SCHNORR (3) #define QTYPE_SOPHIE_GERMAIN (4) #define QTYPE_STRONG (5) @@ -530,7 +530,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) break; case QTYPE_UNSTRUCTURED: case QTYPE_SAFE: - case QTYPE_SCHNOOR: + case QTYPE_SCHNORR: case QTYPE_STRONG: case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index b7463400e688..301e150b3a21 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $"); #include <openssl/dh.h> @@ -143,6 +143,11 @@ int mm_answer_gss_userok(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *); #endif +#ifdef SSH_AUDIT_EVENTS +int mm_answer_audit_event(int, Buffer *); +int mm_answer_audit_command(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -186,6 +191,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, +#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -211,6 +219,10 @@ struct mon_table mon_dispatch_postauth20[] = { {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -239,6 +251,9 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, +#endif {0, 0, NULL} }; @@ -246,6 +261,10 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -609,6 +628,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif +#ifdef SSH_AUDIT_EVENTS + monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1); +#endif return (0); } @@ -810,6 +832,9 @@ mm_answer_pam_account(int sock, Buffer *m) ret = do_pam_account(); buffer_put_int(m, ret); + buffer_append(&loginmsg, "\0", 1); + buffer_put_cstring(m, buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); @@ -1297,7 +1322,7 @@ mm_answer_sesskey(int sock, Buffer *m) int rsafail; /* Turn off permissions */ - monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); if ((p = BN_new()) == NULL) fatal("%s: BN_new", __func__); @@ -1488,6 +1513,50 @@ mm_answer_term(int sock, Buffer *req) exit(res); } +#ifdef SSH_AUDIT_EVENTS +/* Report that an audit event occurred */ +int +mm_answer_audit_event(int socket, Buffer *m) +{ + ssh_audit_event_t event; + + debug3("%s entering", __func__); + + event = buffer_get_int(m); + buffer_free(m); + switch(event) { + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: + case SSH_CONNECTION_CLOSE: + case SSH_INVALID_USER: + audit_event(event); + break; + default: + fatal("Audit event type %d not permitted", event); + } + + return (0); +} + +int +mm_answer_audit_command(int socket, Buffer *m) +{ + u_int len; + char *cmd; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); + /* sanity check command, if so how? */ + audit_run_command(cmd); + xfree(cmd); + buffer_free(m); + return (0); +} +#endif /* SSH_AUDIT_EVENTS */ + void monitor_apply_keystate(struct monitor *pmonitor) { diff --git a/crypto/openssh/monitor.h b/crypto/openssh/monitor.h index 621a4ad18162..13ce3e1ca3e5 100644 --- a/crypto/openssh/monitor.h +++ b/crypto/openssh/monitor.h @@ -59,6 +59,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, MONITOR_REQ_TERM }; diff --git a/crypto/openssh/monitor_mm.c b/crypto/openssh/monitor_mm.c index ff523a5b1e4c..b0ec37cff93a 100644 --- a/crypto/openssh/monitor_mm.c +++ b/crypto/openssh/monitor_mm.c @@ -92,7 +92,7 @@ mm_create(struct mm_master *mmalloc, size_t size) mm->mmalloc = mmalloc; address = xmmap(size); - if (address == MAP_FAILED) + if (address == (void *)MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); mm->address = address; diff --git a/crypto/openssh/monitor_wrap.c b/crypto/openssh/monitor_wrap.c index 0d7a0e3bd928..e1b6512b42ca 100644 --- a/crypto/openssh/monitor_wrap.c +++ b/crypto/openssh/monitor_wrap.c @@ -72,6 +72,7 @@ extern struct monitor *pmonitor; extern Buffer input, output; extern Buffer loginmsg; extern ServerOptions options; +extern Buffer loginmsg; int mm_is_monitor(void) @@ -716,6 +717,7 @@ mm_do_pam_account(void) { Buffer m; u_int ret; + char *msg; debug3("%s entering", __func__); if (!options.use_pam) @@ -727,6 +729,9 @@ mm_do_pam_account(void) mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_ACCOUNT, &m); ret = buffer_get_int(&m); + msg = buffer_get_string(&m, NULL); + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); buffer_free(&m); @@ -1098,6 +1103,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#ifdef SSH_AUDIT_EVENTS +void +mm_audit_event(ssh_audit_event_t event) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, event); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); + buffer_free(&m); +} + +void +mm_audit_run_command(const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); +} +#endif /* SSH_AUDIT_EVENTS */ + #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) diff --git a/crypto/openssh/monitor_wrap.h b/crypto/openssh/monitor_wrap.h index e5cf5718c492..310b425130c3 100644 --- a/crypto/openssh/monitor_wrap.h +++ b/crypto/openssh/monitor_wrap.h @@ -74,6 +74,12 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif +#ifdef SSH_AUDIT_EVENTS +#include "audit.h" +void mm_audit_event(ssh_audit_event_t); +void mm_audit_run_command(const char *); +#endif + struct Session; void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, int); diff --git a/crypto/openssh/openbsd-compat/bsd-arc4random.c b/crypto/openssh/openbsd-compat/bsd-arc4random.c index 5284e1af80b7..1eeb6953bfd6 100644 --- a/crypto/openssh/openbsd-compat/bsd-arc4random.c +++ b/crypto/openssh/openbsd-compat/bsd-arc4random.c @@ -17,7 +17,7 @@ #include "includes.h" #include "log.h" -RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); +RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $"); #ifndef HAVE_ARC4RANDOM @@ -34,7 +34,8 @@ RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); static int rc4_ready = 0; static RC4_KEY rc4; -unsigned int arc4random(void) +unsigned int +arc4random(void) { unsigned int r = 0; static int first_time = 1; @@ -53,7 +54,8 @@ unsigned int arc4random(void) return(r); } -void arc4random_stir(void) +void +arc4random_stir(void) { unsigned char rand_buf[SEED_SIZE]; int i; diff --git a/crypto/openssh/openbsd-compat/bsd-cray.c b/crypto/openssh/openbsd-compat/bsd-cray.c index f630366be772..d1f1c059c4be 100644 --- a/crypto/openssh/openbsd-compat/bsd-cray.c +++ b/crypto/openssh/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $ + * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $ * * bsd-cray.c * @@ -171,7 +171,7 @@ cray_access_denied(char *username) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { cray_login_failure((char *)user, IA_UDBERR); } diff --git a/crypto/openssh/openbsd-compat/bsd-cray.h b/crypto/openssh/openbsd-compat/bsd-cray.h index de6ba1a8d108..774eceb5a200 100644 --- a/crypto/openssh/openbsd-compat/bsd-cray.h +++ b/crypto/openssh/openbsd-compat/bsd-cray.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */ +/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ /* * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>) @@ -42,10 +42,10 @@ void cray_init_job(struct passwd *); void cray_job_termination_handler(int); void cray_login_failure(char *, int ); int cray_access_denied(char *); -#define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); extern char cray_tmpdir[]; +#define CUSTOM_FAILED_LOGIN 1 + #ifndef IA_SSHD # define IA_SSHD IA_LOGIN #endif diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c index 92cdba6e0965..f53abb6e2f92 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); #ifdef HAVE_CYGWIN @@ -38,6 +38,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); #include <sys/utsname.h> #include <sys/vfs.h> #include <windows.h> +#include "xmalloc.h" #define is_winnt (GetVersion() < 0x80000000) #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) @@ -96,7 +97,6 @@ has_capability(int what) */ if (!inited) { struct utsname uts; - char *c; if (!uname(&uts)) { int major_high = 0, major_low = 0, minor = 0; @@ -236,4 +236,54 @@ register_9x_service(void) RegisterServiceProcess(0, 1); } +#define NL(x) x, (sizeof (x) - 1) +#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) + +static struct wenv { + const char *name; + size_t namelen; +} wenv_arr[] = { + { NL("ALLUSERSPROFILE=") }, + { NL("COMMONPROGRAMFILES=") }, + { NL("COMPUTERNAME=") }, + { NL("COMSPEC=") }, + { NL("NUMBER_OF_PROCESSORS=") }, + { NL("OS=") }, + { NL("PATH=") }, + { NL("PATHEXT=") }, + { NL("PROCESSOR_ARCHITECTURE=") }, + { NL("PROCESSOR_IDENTIFIER=") }, + { NL("PROCESSOR_LEVEL=") }, + { NL("PROCESSOR_REVISION=") }, + { NL("PROGRAMFILES=") }, + { NL("SYSTEMDRIVE=") }, + { NL("SYSTEMROOT=") }, + { NL("TMP=") }, + { NL("TEMP=") }, + { NL("WINDIR=") }, +}; + +char ** +fetch_windows_environment(void) +{ + char **e, **p; + int i, idx = 0; + + p = xmalloc(WENV_SIZ * sizeof(char *)); + for (e = environ; *e != NULL; ++e) { + for (i = 0; i < WENV_SIZ; ++i) { + if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) + p[idx++] = *e; + } + } + p[idx] = NULL; + return p; +} + +void +free_windows_environment(char **p) +{ + xfree(p); +} + #endif /* HAVE_CYGWIN */ diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h index 5ccb0fba2744..6719b8a49c2e 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cygwin_util.h,v 1.10 2003/08/07 06:28:16 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */ /* * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> @@ -46,6 +46,8 @@ int binary_pipe(int fd[2]); int check_nt_auth(int, struct passwd *); int check_ntsec(const char *); void register_9x_service(void); +char **fetch_windows_environment(void); +void free_windows_environment(char **); #define open binary_open #define pipe binary_pipe diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 1b276b4f42d5..41f92cce9f16 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $"); +RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -122,17 +122,6 @@ int truncate(const char *path, off_t length) } #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -/* - * Cygwin setgroups should be a noop. - */ -int -setgroups(size_t size, const gid_t *list) -{ - return (0); -} -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) int nanosleep(const struct timespec *req, struct timespec *rem) { diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index 33a1d707fc30..b61ec4244935 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> @@ -67,10 +67,6 @@ int utimes(char *, struct timeval *); int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -int setgroups(size_t, const gid_t *); -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) #ifndef HAVE_STRUCT_TIMESPEC struct timespec { diff --git a/crypto/openssh/openbsd-compat/bsd-openpty.c b/crypto/openssh/openbsd-compat/bsd-openpty.c index daf5f8b811f3..8eb62b7a8b45 100644 --- a/crypto/openssh/openbsd-compat/bsd-openpty.c +++ b/crypto/openssh/openbsd-compat/bsd-openpty.c @@ -102,7 +102,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } -#ifndef HAVE_CYGWIN /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). @@ -112,7 +111,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ -#endif /* HAVE_CYGWIN */ return (0); diff --git a/crypto/openssh/openbsd-compat/bsd-snprintf.c b/crypto/openssh/openbsd-compat/bsd-snprintf.c index e4d8a439a4fe..b5a7ef7a02ab 100644 --- a/crypto/openssh/openbsd-compat/bsd-snprintf.c +++ b/crypto/openssh/openbsd-compat/bsd-snprintf.c @@ -58,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.7 2003/05/18 14:13:39 djm Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, if (value == 0) value = "<NULL>"; - for (strln = 0; value[strln]; ++strln); /* strlen */ + for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; diff --git a/crypto/openssh/openbsd-compat/fake-rfc2553.h b/crypto/openssh/openbsd-compat/fake-rfc2553.h index baea07038001..636792ed71d4 100644 --- a/crypto/openssh/openbsd-compat/fake-rfc2553.h +++ b/crypto/openssh/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.9 2004/03/10 10:06:33 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -117,6 +117,7 @@ struct sockaddr_in6 { # define EAI_NODATA 1 # define EAI_MEMORY 2 # define EAI_NONAME 3 +# define EAI_SYSTEM 4 #endif #ifndef HAVE_STRUCT_ADDRINFO diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c index 660427c1f0f6..4e869c4dfd85 100644 --- a/crypto/openssh/openbsd-compat/getrrsetbyname.c +++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c @@ -277,7 +277,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, /* allocate memory for signatures */ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { + if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } diff --git a/crypto/openssh/openbsd-compat/inet_ntop.c b/crypto/openssh/openbsd-compat/inet_ntop.c index 7031625b4441..47796c37032d 100644 --- a/crypto/openssh/openbsd-compat/inet_ntop.c +++ b/crypto/openssh/openbsd-compat/inet_ntop.c @@ -35,9 +35,7 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> -#ifndef HAVE_CYGWIN #include <arpa/nameser.h> -#endif #include <string.h> #include <errno.h> #include <stdio.h> diff --git a/crypto/openssh/openbsd-compat/mktemp.c b/crypto/openssh/openbsd-compat/mktemp.c index aff8d200560a..969f69580641 100644 --- a/crypto/openssh/openbsd-compat/mktemp.c +++ b/crypto/openssh/openbsd-compat/mktemp.c @@ -40,11 +40,6 @@ static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_CYGWIN -#define open binary_open -extern int binary_open(); -#endif - static int _gettemp(char *, int *, int, int); int diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c index 78f4faea3b3b..fa6a4ff7b45e 100644 --- a/crypto/openssh/openbsd-compat/port-aix.c +++ b/crypto/openssh/openbsd-compat/port-aix.c @@ -1,6 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -27,19 +28,15 @@ #include "auth.h" #include "ssh.h" #include "log.h" -#include "servconf.h" -#include "canohost.h" #include "xmalloc.h" #include "buffer.h" #ifdef _AIX #include <uinfo.h> +#include <sys/socket.h> #include "port-aix.h" -extern ServerOptions options; -extern Buffer loginmsg; - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif @@ -51,6 +48,8 @@ static char old_registry[REGISTRY_SIZE] = ""; * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ + + void aix_usrinfo(struct passwd *pw) { @@ -92,6 +91,59 @@ aix_remove_embedded_newlines(char *p) } /* + * Test specifically for the case where SYSTEM == NONE and AUTH1 contains + * anything other than NONE or SYSTEM, which indicates that the admin has + * configured the account for purely AUTH1-type authentication. + * + * Since authenticate() doesn't check AUTH1, and sshd can't sanely support + * AUTH1 itself, in such a case authenticate() will allow access without + * authentation, which is almost certainly not what the admin intends. + * + * (The native tools, eg login, will process the AUTH1 list in addition to + * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods + * have been deprecated since AIX 4.2.x and would be very difficult for sshd + * to support. + * + * Returns 0 if an unsupportable combination is found, 1 otherwise. + */ +static int +aix_valid_authentications(const char *user) +{ + char *auth1, *sys, *p; + int valid = 1; + + if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { + logit("Can't retrieve attribute SYSTEM for %s: %.100s", + user, strerror(errno)); + return 0; + } + + debug3("AIX SYSTEM attribute %s", sys); + if (strcmp(sys, "NONE") != 0) + return 1; /* not "NONE", so is OK */ + + if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { + logit("Can't retrieve attribute auth1 for %s: %.100s", + user, strerror(errno)); + return 0; + } + + p = auth1; + /* A SEC_LIST is concatenated strings, ending with two NULs. */ + while (p[0] != '\0' && p[1] != '\0') { + debug3("AIX auth1 attribute list member %s", p); + if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { + logit("Account %s has unsupported auth1 value '%s'", + user, p); + valid = 0; + } + p += strlen(p) + 1; + } + + return (valid); +} + +/* * Do authentication via AIX's authenticate routine. We loop until the * reenter parameter is 0, but normally authenticate is called only once. * @@ -99,7 +151,7 @@ aix_remove_embedded_newlines(char *p) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -112,6 +164,9 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) authmsg); } while (reenter); + if (!aix_valid_authentications(name)) + result = -1; + if (result == 0) { authsuccess = 1; @@ -126,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -136,7 +191,6 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) break; case 1: /* expired, password change required */ ctxt->force_pwchange = 1; - disable_forwarding(); break; default: /* user can't change(2) or other error (-1) */ logit("Password can't be changed for user %s: %.100s", @@ -160,7 +214,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw) +sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) { char *msg = NULL; int result, permitted = 0; @@ -187,7 +241,7 @@ sys_auth_allowed_user(struct passwd *pw) if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; else if (msg != NULL) - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -200,17 +254,18 @@ sys_auth_allowed_user(struct passwd *pw) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + Buffer *loginmsg) { char *msg; int success = 0; aix_setauthdb(user); - if (loginsuccess((char *)user, host, ttynm, &msg) == 0) { + if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { success = 1; if (msg != NULL) { - debug("AIX/loginsuccess: msg %s", __func__, msg); - buffer_append(&loginmsg, msg, strlen(msg)); + debug("AIX/loginsuccess: msg %s", msg); + buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); } } @@ -223,18 +278,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { - char *hostname = (char *)get_canonical_hostname(options.use_dns); - if (geteuid() != 0) return; aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG - loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); + loginfailed((char *)user, (char *)hostname, (char *)ttyname, + AUDIT_FAIL_AUTH); # else - loginfailed((char *)user, hostname, (char *)ttyname); + loginfailed((char *)user, (char *)hostname, (char *)ttyname); # endif aix_restoreauthdb(); } @@ -291,4 +345,33 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) +# undef getnameinfo +/* + * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros + * IPv6 address into its textual representation ("::"), so we wrap it + * with a function that will. + */ +int +sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in6 *sa6; + u_int32_t *a6; + + if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && + sa->sa_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)sa; + a6 = sa6->sin6_addr.u6_addr.u6_addr32; + + if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { + strlcpy(host, "::", hostlen); + snprintf(serv, servlen, "%d", sa6->sin6_port); + return 0; + } + } + return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +} +# endif /* AIX_GETNAMEINFO_HACK */ + #endif /* _AIX */ diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h index 29e9751ce137..a05ce97038d5 100644 --- a/crypto/openssh/openbsd-compat/port-aix.h +++ b/crypto/openssh/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ /* * @@ -27,6 +27,13 @@ #ifdef _AIX +#ifdef HAVE_SYS_SOCKET_H +# include <sys/socket.h> +#endif +#ifdef HAVE_UNISTD_H +# include <unistd.h> /* for seteuid() */ +#endif + #ifdef WITH_AIXAUTHENTICATE # include <login.h> # include <userpw.h> @@ -36,6 +43,28 @@ # include <usersec.h> #endif +#include "buffer.h" + +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); +/* these may or may not be in the headers depending on the version */ +#if (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type @@ -64,14 +93,23 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *); +int sys_auth_allowed_user(struct passwd *, Buffer *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *); +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); #endif void aix_setauthdb(const char *); void aix_restoreauthdb(void); void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + #endif /* _AIX */ diff --git a/crypto/openssh/openbsd-compat/realpath.c b/crypto/openssh/openbsd-compat/realpath.c index 218fbecb2beb..7f73bd998fbf 100644 --- a/crypto/openssh/openbsd-compat/realpath.c +++ b/crypto/openssh/openbsd-compat/realpath.c @@ -37,7 +37,7 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $"; +static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -67,17 +67,25 @@ char * realpath(const char *path, char *resolved) { struct stat sb; - int fd, n, needslash, serrno = 0; - char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN]; + int fd, n, needslash, serrno; + char *p, *q, wbuf[MAXPATHLEN]; int symlinks = 0; /* Save the starting point. */ - getcwd(start,MAXPATHLEN); +#ifndef HAVE_FCHDIR + char start[MAXPATHLEN]; + /* this is potentially racy but without fchdir we have no option */ + if (getcwd(start, sizeof(start)) == NULL) { + resolved[0] = '.'; + resolved[1] = '\0'; + return (NULL); + } +#endif if ((fd = open(".", O_RDONLY)) < 0) { - (void)strlcpy(resolved, ".", MAXPATHLEN); + resolved[0] = '.'; + resolved[1] = '\0'; return (NULL); } - close(fd); /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ if (path[0] == '.' && path[1] == '\0') @@ -91,7 +99,10 @@ realpath(const char *path, char *resolved) * if it is a directory, then change to that directory. * get the current directory name and append the basename. */ - strlcpy(resolved, path, MAXPATHLEN); + if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { + serrno = ENAMETOOLONG; + goto err2; + } loop: q = strrchr(resolved, '/'); if (q != NULL) { @@ -114,11 +125,10 @@ loop: if (*p != '\0' && lstat(p, &sb) == 0) { if (S_ISLNK(sb.st_mode)) { if (++symlinks > MAXSYMLINKS) { - serrno = ELOOP; + errno = ELOOP; goto err1; } - n = readlink(p, resolved, MAXPATHLEN-1); - if (n < 0) + if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) goto err1; resolved[n] = '\0'; goto loop; @@ -134,8 +144,11 @@ loop: * Save the last component name and get the full pathname of * the current directory. */ - (void)strlcpy(wbuf, p, sizeof wbuf); - if (getcwd(resolved, MAXPATHLEN) == 0) + if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { + errno = ENAMETOOLONG; + goto err1; + } + if (getcwd(resolved, MAXPATHLEN) == NULL) goto err1; /* @@ -149,23 +162,43 @@ loop: if (*wbuf) { if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { - serrno = ENAMETOOLONG; + errno = ENAMETOOLONG; + goto err1; + } + if (needslash) { + if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; + goto err1; + } + } + if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; goto err1; } - if (needslash) - strlcat(resolved, "/", MAXPATHLEN); - strlcat(resolved, wbuf, MAXPATHLEN); } /* Go back to where we came from. */ +#ifdef HAVE_FCHDIR + if (fchdir(fd) < 0) { +#else if (chdir(start) < 0) { +#endif serrno = errno; goto err2; } + + /* It's okay if the close fails, what's an fd more or less? */ + (void)close(fd); return (resolved); -err1: chdir(start); -err2: errno = serrno; +err1: serrno = errno; +#ifdef HAVE_FCHDIR + (void)fchdir(fd); +#else + chdir(start); +#endif +err2: (void)close(fd); + errno = serrno; return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ diff --git a/crypto/openssh/openbsd-compat/xmmap.c b/crypto/openssh/openbsd-compat/xmmap.c index c8d59dee04b4..74e8a8b13765 100644 --- a/crypto/openssh/openbsd-compat/xmmap.c +++ b/crypto/openssh/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */ #include "includes.h" @@ -47,7 +47,7 @@ void *xmmap(size_t size) # endif #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" - if (address == MAP_FAILED) { + if (address == (void *)MAP_FAILED) { char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; int tmpfd; mode_t old_umask; diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 82a5694045d3..7c150fde73a8 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -981,6 +981,8 @@ packet_read_poll1(void) buffer_len(&compression_buffer)); } type = buffer_get_char(&incoming_packet); + if (type < SSH_MSG_MIN || type > SSH_MSG_MAX) + packet_disconnect("Invalid ssh1 packet type: %d", type); return type; } @@ -1093,6 +1095,8 @@ packet_read_poll2(u_int32_t *seqnr_p) * return length of payload (without type field) */ type = buffer_get_char(&incoming_packet); + if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN) + packet_disconnect("Invalid ssh2 packet type: %d", type); if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_IN); #ifdef PACKET_DEBUG diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index a4fe1fe028c4..7173a8c23288 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -106,7 +106,7 @@ typedef enum { oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oDeprecated, oUnsupported } OpCodes; @@ -197,6 +197,7 @@ static struct { { "sendenv", oSendEnv }, { "controlpath", oControlPath }, { "controlmaster", oControlMaster }, + { "hashknownhosts", oHashKnownHosts }, { NULL, oBadOption } }; @@ -206,21 +207,23 @@ static struct { */ void -add_local_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_local_forward(Options *options, const Forward *newfwd) { Forward *fwd; #ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; - if (port < IPPORT_RESERVED && original_real_uid != 0) + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); #endif if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->local_forwards[options->num_local_forwards++]; - fwd->port = port; - fwd->host = xstrdup(host); - fwd->host_port = host_port; + + fwd->listen_host = (newfwd->listen_host == NULL) ? + NULL : xstrdup(newfwd->listen_host); + fwd->listen_port = newfwd->listen_port; + fwd->connect_host = xstrdup(newfwd->connect_host); + fwd->connect_port = newfwd->connect_port; } /* @@ -229,17 +232,19 @@ add_local_forward(Options *options, u_short port, const char *host, */ void -add_remote_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_remote_forward(Options *options, const Forward *newfwd) { Forward *fwd; if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many remote forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->remote_forwards[options->num_remote_forwards++]; - fwd->port = port; - fwd->host = xstrdup(host); - fwd->host_port = host_port; + + fwd->listen_host = (newfwd->listen_host == NULL) ? + NULL : xstrdup(newfwd->listen_host); + fwd->listen_port = newfwd->listen_port; + fwd->connect_host = xstrdup(newfwd->connect_host); + fwd->connect_port = newfwd->connect_port; } static void @@ -247,11 +252,15 @@ clear_forwardings(Options *options) { int i; - for (i = 0; i < options->num_local_forwards; i++) - xfree(options->local_forwards[i].host); + for (i = 0; i < options->num_local_forwards; i++) { + xfree(options->local_forwards[i].listen_host); + xfree(options->local_forwards[i].connect_host); + } options->num_local_forwards = 0; - for (i = 0; i < options->num_remote_forwards; i++) - xfree(options->remote_forwards[i].host); + for (i = 0; i < options->num_remote_forwards; i++) { + xfree(options->remote_forwards[i].listen_host); + xfree(options->remote_forwards[i].connect_host); + } options->num_remote_forwards = 0; } @@ -284,11 +293,10 @@ process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; + char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; int opcode, *intptr, value; size_t len; - u_short fwd_port, fwd_host_port; - char sfwd_host_port[6]; + Forward fwd; /* Strip trailing whitespace */ for(len = strlen(line) - 1; len > 0; len--) { @@ -645,30 +653,26 @@ parse_int: case oLocalForward: case oRemoteForward: arg = strdelim(&s); - if (!arg || *arg == '\0') + if (arg == NULL || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - if ((fwd_port = a2port(arg)) == 0) - fatal("%.200s line %d: Bad listen port.", + arg2 = strdelim(&s); + if (arg2 == NULL || *arg2 == '\0') + fatal("%.200s line %d: Missing target argument.", filename, linenum); - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing second argument.", - filename, linenum); - if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 && - sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2) + + /* construct a string for parse_forward */ + snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); + + if (parse_forward(&fwd, fwdarg) == 0) fatal("%.200s line %d: Bad forwarding specification.", filename, linenum); - if ((fwd_host_port = a2port(sfwd_host_port)) == 0) - fatal("%.200s line %d: Bad forwarding port.", - filename, linenum); + if (*activep) { if (opcode == oLocalForward) - add_local_forward(options, fwd_port, buf, - fwd_host_port); + add_local_forward(options, &fwd); else if (opcode == oRemoteForward) - add_remote_forward(options, fwd_port, buf, - fwd_host_port); + add_remote_forward(options, &fwd); } break; @@ -677,12 +681,25 @@ parse_int: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - fwd_port = a2port(arg); - if (fwd_port == 0) + memset(&fwd, '\0', sizeof(fwd)); + fwd.connect_host = "socks"; + fwd.listen_host = hpdelim(&arg); + if (fwd.listen_host == NULL || + strlen(fwd.listen_host) >= NI_MAXHOST) + fatal("%.200s line %d: Bad forwarding specification.", + filename, linenum); + if (arg) { + fwd.listen_port = a2port(arg); + fwd.listen_host = cleanhostname(fwd.listen_host); + } else { + fwd.listen_port = a2port(fwd.listen_host); + fwd.listen_host = ""; + } + if (fwd.listen_port == 0) fatal("%.200s line %d: Badly formatted port number.", filename, linenum); if (*activep) - add_local_forward(options, fwd_port, "socks", 0); + add_local_forward(options, &fwd); break; case oClearAllForwardings: @@ -758,6 +775,8 @@ parse_int: if (strchr(arg, '=') != NULL) fatal("%s line %d: Invalid environment name.", filename, linenum); + if (!*activep) + continue; if (options->num_send_env >= MAX_SEND_ENV) fatal("%s line %d: too many send env.", filename, linenum); @@ -774,6 +793,10 @@ parse_int: intptr = &options->control_master; goto parse_yesnoask; + case oHashKnownHosts: + intptr = &options->hash_known_hosts; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -917,6 +940,7 @@ initialize_options(Options * options) options->num_send_env = 0; options->control_path = NULL; options->control_master = -1; + options->hash_known_hosts = -1; } /* @@ -1039,9 +1063,76 @@ fill_default_options(Options * options) options->server_alive_count_max = 3; if (options->control_master == -1) options->control_master = 0; + if (options->hash_known_hosts == -1) + options->hash_known_hosts = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ } + +/* + * parse_forward + * parses a string containing a port forwarding specification of the form: + * [listenhost:]listenport:connecthost:connectport + * returns number of arguments parsed or zero on error + */ +int +parse_forward(Forward *fwd, const char *fwdspec) +{ + int i; + char *p, *cp, *fwdarg[4]; + + memset(fwd, '\0', sizeof(*fwd)); + + cp = p = xstrdup(fwdspec); + + /* skip leading spaces */ + while (*cp && isspace(*cp)) + cp++; + + for (i = 0; i < 4; ++i) + if ((fwdarg[i] = hpdelim(&cp)) == NULL) + break; + + /* Check for trailing garbage in 4-arg case*/ + if (cp != NULL) + i = 0; /* failure */ + + switch (i) { + case 3: + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdarg[0]); + fwd->connect_host = xstrdup(cleanhostname(fwdarg[1])); + fwd->connect_port = a2port(fwdarg[2]); + break; + + case 4: + fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); + fwd->listen_port = a2port(fwdarg[1]); + fwd->connect_host = xstrdup(cleanhostname(fwdarg[2])); + fwd->connect_port = a2port(fwdarg[3]); + break; + default: + i = 0; /* failure */ + } + + xfree(p); + + if (fwd->listen_port == 0 && fwd->connect_port == 0) + goto fail_free; + + if (fwd->connect_host != NULL && + strlen(fwd->connect_host) >= NI_MAXHOST) + goto fail_free; + + return (i); + + fail_free: + if (fwd->connect_host != NULL) + xfree(fwd->connect_host); + if (fwd->listen_host != NULL) + xfree(fwd->listen_host); + return (0); +} diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index ded4225857bf..de4b4cb2787c 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -21,9 +21,10 @@ /* Data structure for representing a forwarding request. */ typedef struct { - u_short port; /* Port to forward. */ - char *host; /* Host to connect. */ - u_short host_port; /* Port to connect on host. */ + char *listen_host; /* Host (address) to listen on. */ + u_short listen_port; /* Port to forward. */ + char *connect_host; /* Host to connect. */ + u_short connect_port; /* Port to connect on connect_host. */ } Forward; /* Data structure for representing option data. */ @@ -111,17 +112,20 @@ typedef struct { char *control_path; int control_master; + + int hash_known_hosts; } Options; void initialize_options(Options *); void fill_default_options(Options *); int read_config_file(const char *, const char *, Options *, int); +int parse_forward(Forward *, const char *); int process_config_line(Options *, const char *, char *, const char *, int, int *); -void add_local_forward(Options *, u_short, const char *, u_short); -void add_remote_forward(Options *, u_short, const char *, u_short); +void add_local_forward(Options *, const Forward *); +void add_remote_forward(Options *, const Forward *); #endif /* READCONF_H */ diff --git a/crypto/openssh/readpass.c b/crypto/openssh/readpass.c index eb4f6fdb6d90..c2bacdcd48ea 100644 --- a/crypto/openssh/readpass.c +++ b/crypto/openssh/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $"); #include "xmalloc.h" #include "misc.h" @@ -141,3 +141,29 @@ read_passphrase(const char *prompt, int flags) memset(buf, 'x', sizeof buf); return ret; } + +int +ask_permission(const char *fmt, ...) +{ + va_list args; + char *p, prompt[1024]; + int allowed = 0; + + va_start(args, fmt); + vsnprintf(prompt, sizeof(prompt), fmt, args); + va_end(args); + + p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); + if (p != NULL) { + /* + * Accept empty responses and responses consisting + * of the word "yes" as affirmative. + */ + if (*p == '\0' || *p == '\n' || + strcasecmp(p, "yes") == 0) + allowed = 1; + xfree(p); + } + + return (allowed); +} diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile index 9e98e5880f16..4f47bc3fdbb5 100644 --- a/crypto/openssh/regress/Makefile +++ b/crypto/openssh/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $ +# $OpenBSD: Makefile,v 1.36 2005/03/04 08:48:46 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -34,20 +34,22 @@ LTESTS= connect \ sftp-cmds \ sftp-badcmds \ sftp-batch \ + sftp-glob \ reconfigure \ dynamic-forward \ forwarding \ multiplex \ - reexec + reexec \ + brokenkeys USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ authorized_keys_${USER} known_hosts pidfile \ - ssh_config ssh_proxy sshd_config sshd_proxy \ + ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.exe \ + scp-ssh-wrapper.scp ssh_proxy_envpass \ remote_pid #LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -90,5 +92,5 @@ t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ - (sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ + (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done diff --git a/crypto/openssh/regress/agent-ptrace.sh b/crypto/openssh/regress/agent-ptrace.sh index bd79d7cb80f5..4de2638e4acc 100644 --- a/crypto/openssh/regress/agent-ptrace.sh +++ b/crypto/openssh/regress/agent-ptrace.sh @@ -5,7 +5,7 @@ tid="disallow agent ptrace attach" if have_prog uname ; then case `uname` in - AIX|CYGWIN*) + AIX|CYGWIN*|OSF1) echo "skipped (not supported on this platform)" exit 0 ;; @@ -41,7 +41,7 @@ EOF if [ $? -ne 0 ]; then fail "gdb failed: exit code $?" fi - egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.' >/dev/null ${OBJ}/gdb.out + egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out r=$? rm -f ${OBJ}/gdb.out if [ $r -ne 0 ]; then diff --git a/crypto/openssh/regress/brokenkeys.sh b/crypto/openssh/regress/brokenkeys.sh new file mode 100644 index 000000000000..3e70c348ac36 --- /dev/null +++ b/crypto/openssh/regress/brokenkeys.sh @@ -0,0 +1,23 @@ +# $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $ +# Placed in the Public Domain. + +tid="broken keys" + +KEYS="$OBJ/authorized_keys_${USER}" + +start_sshd + +mv ${KEYS} ${KEYS}.bak + +# Truncated key +echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS +cat ${KEYS}.bak >> ${KEYS} +cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER + +${SSH} -2 -F $OBJ/ssh_config somehost true +if [ $? -ne 0 ]; then + fail "ssh connect with protocol $p failed" +fi + +mv ${KEYS}.bak ${KEYS} + diff --git a/crypto/openssh/regress/dynamic-forward.sh b/crypto/openssh/regress/dynamic-forward.sh index 392fc1978e22..4674a7bafebe 100644 --- a/crypto/openssh/regress/dynamic-forward.sh +++ b/crypto/openssh/regress/dynamic-forward.sh @@ -1,4 +1,4 @@ -# $OpenBSD: dynamic-forward.sh,v 1.3 2004/02/28 12:16:57 dtucker Exp $ +# $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $ # Placed in the Public Domain. tid="dynamic forwarding" @@ -44,4 +44,7 @@ for p in 1 2; do else fail "no pid file: $OBJ/remote_pid" fi + + # Must allow time for connection tear-down + sleep 2 done diff --git a/crypto/openssh/regress/envpass.sh b/crypto/openssh/regress/envpass.sh index 5a7e178d8107..af7eafe3d16e 100644 --- a/crypto/openssh/regress/envpass.sh +++ b/crypto/openssh/regress/envpass.sh @@ -1,13 +1,20 @@ -# $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $ +# $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $ # Placed in the Public Domain. tid="environment passing" # NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) +# Prepare a custom config to test for a configuration parsing bug fixed in 4.0 +cat << EOF > $OBJ/ssh_proxy_envpass +Host test-sendenv-confparse-bug + SendEnv * +EOF +cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass + trace "pass env, don't accept" verbose "test $tid: pass env, don't accept" -_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \ +_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \ sh << 'EOF' test -z "$_TEST_ENV" EOF @@ -18,7 +25,7 @@ fi trace "don't pass env, accept" verbose "test $tid: don't pass env, accept" -${SSH} -F $OBJ/ssh_proxy otherhost \ +_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \ sh << 'EOF' test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B" EOF @@ -29,8 +36,8 @@ fi trace "pass single env, accept single env" verbose "test $tid: pass single env, accept single env" -_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \ - sh << 'EOF' +_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \ + otherhost sh << 'EOF' test X"$_XXX_TEST" = X"blah" EOF r=$? @@ -41,7 +48,7 @@ fi trace "pass multiple env, accept multiple env" verbose "test $tid: pass multiple env, accept multiple env" _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ - -F $OBJ/ssh_proxy otherhost \ + -F $OBJ/ssh_proxy_envpass otherhost \ sh << 'EOF' test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" EOF @@ -49,3 +56,5 @@ r=$? if [ $r -ne 0 ]; then fail "environment not found" fi + +rm -f $OBJ/ssh_proxy_envpass diff --git a/crypto/openssh/regress/login-timeout.sh b/crypto/openssh/regress/login-timeout.sh index ce6edade524e..15a887f74b1d 100644 --- a/crypto/openssh/regress/login-timeout.sh +++ b/crypto/openssh/regress/login-timeout.sh @@ -1,4 +1,4 @@ -# $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $ +# $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $ # Placed in the Public Domain. tid="connect after login grace timeout" @@ -8,7 +8,7 @@ echo "LoginGraceTime 10s" >> $OBJ/sshd_config echo "MaxStartups 1" >> $OBJ/sshd_config start_sshd -(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 & +(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & sleep 15 ${SSH} -F $OBJ/ssh_config somehost true if [ $? -ne 0 ]; then @@ -21,7 +21,7 @@ trace "test login grace without privsep" echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config start_sshd -(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 & +(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & sleep 15 ${SSH} -F $OBJ/ssh_config somehost true if [ $? -ne 0 ]; then diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh index dbf2025be9af..e8cc1ac53190 100644 --- a/crypto/openssh/regress/multiplex.sh +++ b/crypto/openssh/regress/multiplex.sh @@ -1,17 +1,28 @@ -# $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $ +# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ # Placed in the Public Domain. CTL=$OBJ/ctl-sock tid="connection multiplexing" +if grep "#define.*DISABLE_FD_PASSING" ${BUILDDIR}/config.h >/dev/null 2>&1 +then + echo "skipped (not supported on this platform)" + exit 0 +fi + DATA=/bin/ls${EXEEXT} COPY=$OBJ/ls.copy +LOG=$TEST_SSH_LOGFILE start_sshd trace "start master, fork to background" -${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120 +${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & +MASTER_PID=$! + +# Wait for master to start and authenticate +sleep 5 verbose "test $tid: envpass" trace "env passing over multiplexed connection" @@ -38,13 +49,13 @@ cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" rm -f ${COPY} trace "sftp transfer over multiplexed connection and check result" echo "get ${DATA} ${COPY}" | \ - ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1 + ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >$LOG 2>&1 test -f ${COPY} || fail "sftp: failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" rm -f ${COPY} trace "scp transfer over multiplexed connection and check result" -${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1 +${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >$LOG 2>&1 test -f ${COPY} || fail "scp: failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" @@ -69,6 +80,15 @@ for s in 0 1 4 5 44; do fi done -# kill master, remove control socket. ssh -MS will exit when sleep exits -$SUDO kill `cat $PIDFILE` -rm -f $CTL +trace "test check command" +${SSH} -S $CTL -Ocheck otherhost || fail "check command failed" + +trace "test exit command" +${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed" + +# Wait for master to exit +sleep 2 + +ps -p $MASTER_PID >/dev/null && fail "exit command failed" + +cleanup diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh index 39fffefbc356..d69b8c577985 100644 --- a/crypto/openssh/regress/reexec.sh +++ b/crypto/openssh/regress/reexec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $ +# $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $ # Placed in the Public Domain. tid="reexec tests" @@ -6,36 +6,40 @@ tid="reexec tests" DATA=/bin/ls COPY=${OBJ}/copy SSHD_ORIG=$SSHD -SSHD_COPY=$OBJ/sshd.copy +SSHD_COPY=$OBJ/sshd # Start a sshd and then delete it -start_sshd_copy_zap () +start_sshd_copy () { cp $SSHD_ORIG $SSHD_COPY SSHD=$SSHD_COPY start_sshd - rm -f $SSHD_COPY SSHD=$SSHD_ORIG } +# Do basic copy tests +copy_tests () +{ + rm -f ${COPY} + for p in 1 2; do + verbose "$tid: proto $p" + ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ + cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + rm -f ${COPY} + done +} + verbose "test config passing" -cp $OBJ/sshd_config $OBJ/sshd_config.orig +cp $OBJ/sshd_config $OBJ/sshd_config.orig start_sshd - echo "InvalidXXX=no" >> $OBJ/sshd_config -rm -f ${COPY} -for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} -done +copy_tests $SUDO kill `cat $PIDFILE` rm -f $PIDFILE @@ -44,19 +48,10 @@ cp $OBJ/sshd_config.orig $OBJ/sshd_config verbose "test reexec fallback" -start_sshd_copy_zap - -rm -f ${COPY} -for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} -done +start_sshd_copy +rm -f $SSHD_COPY + +copy_tests $SUDO kill `cat $PIDFILE` rm -f $PIDFILE @@ -66,22 +61,12 @@ verbose "test reexec fallback without privsep" cp $OBJ/sshd_config.orig $OBJ/sshd_config echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config -start_sshd_copy_zap - -rm -f ${COPY} -for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} -done +start_sshd_copy +rm -f $SSHD_COPY + +copy_tests $SUDO kill `cat $PIDFILE` rm -f $PIDFILE -cp $OBJ/sshd_config.orig $OBJ/sshd_config diff --git a/crypto/openssh/regress/rekey.sh b/crypto/openssh/regress/rekey.sh index 6b7e845eccfc..3c5f266fc99c 100644 --- a/crypto/openssh/regress/rekey.sh +++ b/crypto/openssh/regress/rekey.sh @@ -8,6 +8,7 @@ COPY=${OBJ}/copy LOG=${OBJ}/log rm -f ${COPY} ${LOG} ${DATA} +touch ${DATA} dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1 for s in 16 1k 128k 256k; do diff --git a/crypto/openssh/regress/scp.sh b/crypto/openssh/regress/scp.sh index 703cc089317d..c3034b6e7dd5 100644 --- a/crypto/openssh/regress/scp.sh +++ b/crypto/openssh/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $ +# $OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $ # Placed in the Public Domain. tid="scp" @@ -12,16 +12,16 @@ else DIFFOPT="-r" fi -DATA=/bin/ls +DATA=/bin/ls${EXEEXT} COPY=${OBJ}/copy COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 SRC=`dirname ${SCRIPT}` -cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe -chmod 755 ${OBJ}/scp-ssh-wrapper.exe -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe" +cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp +chmod 755 ${OBJ}/scp-ssh-wrapper.scp +scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" scpclean() { rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} @@ -64,6 +64,19 @@ cp ${DATA} ${DIR}/copy $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" +if [ ! -z "$SUDO" ]; then + verbose "$tid: skipped file after scp -p with failed chown+utimes" + scpclean + cp -p ${DATA} ${DIR}/copy + cp -p ${DATA} ${DIR}/copy2 + cp ${DATA} ${DIR2}/copy + chmod 660 ${DIR2}/copy + $SUDO chown root ${DIR2}/copy + $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + $SUDO rm ${DIR2}/copy +fi + for i in 0 1 2 3 4; do verbose "$tid: disallow bad server #$i" SCPTESTMODE=badserver_$i @@ -79,4 +92,4 @@ for i in 0 1 2 3 4; do done scpclean -rm -f ${OBJ}/scp-ssh-wrapper.exe +rm -f ${OBJ}/scp-ssh-wrapper.scp diff --git a/crypto/openssh/regress/sftp-glob.sh b/crypto/openssh/regress/sftp-glob.sh new file mode 100644 index 000000000000..e238356a21fa --- /dev/null +++ b/crypto/openssh/regress/sftp-glob.sh @@ -0,0 +1,28 @@ +# $OpenBSD: sftp-glob.sh,v 1.1 2004/12/10 01:31:30 fgsch Exp $ +# Placed in the Public Domain. + +tid="sftp glob" + +BASE=${OBJ}/glob +DIR=${BASE}/dir +DATA=${DIR}/file + +rm -rf ${BASE} +mkdir -p ${DIR} +touch ${DATA} + +verbose "$tid: ls file" +echo "ls -l ${DIR}/fil*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ + grep ${DATA} >/dev/null 2>&1 +if [ $? -ne 0 ]; then + fail "globbed ls file failed" +fi + +verbose "$tid: ls dir" +echo "ls -l ${BASE}/d*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ + grep file >/dev/null 2>&1 +if [ $? -ne 0 ]; then + fail "globbed ls dir failed" +fi + +rm -rf ${BASE} diff --git a/crypto/openssh/regress/sshd-log-wrapper.sh b/crypto/openssh/regress/sshd-log-wrapper.sh new file mode 100644 index 000000000000..c7a5ef3a6809 --- /dev/null +++ b/crypto/openssh/regress/sshd-log-wrapper.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $ +# Placed in the Public Domain. +# +# simple wrapper for sshd proxy mode to catch stderr output +# sh sshd-log-wrapper.sh /path/to/sshd /path/to/logfile + +sshd=$1 +log=$2 +shift +shift + +exec $sshd $@ -e 2>>$log diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh index 70250acd717b..4e53449bedeb 100644 --- a/crypto/openssh/regress/test-exec.sh +++ b/crypto/openssh/regress/test-exec.sh @@ -1,8 +1,19 @@ -# $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo +# Unbreak GNU head(1) +_POSIX2_VERSION=199209 +export _POSIX2_VERSION + +case `uname -s 2>/dev/null` in +OSF1*) + BIN_SH=xpg4 + export BIN_SH + ;; +esac + if [ ! -z "$TEST_SSH_PORT" ]; then PORT="$TEST_SSH_PORT" else @@ -43,6 +54,8 @@ else fi unset SSH_AUTH_SOCK +SRC=`dirname ${SCRIPT}` + # defaults SSH=ssh SSHD=sshd @@ -83,7 +96,13 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then fi # Path to sshd must be absolute for rexec -SSHD=`which sshd` +if [ ! -x /$SSHD ]; then + SSHD=`which sshd` +fi + +if [ "x$TEST_SSH_LOGFILE" = "x" ]; then + TEST_SSH_LOGFILE=/dev/null +fi # these should be used in tests export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP @@ -134,6 +153,7 @@ cleanup () trace () { + echo "trace: $@" >>$TEST_SSH_LOGFILE if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then echo "$@" fi @@ -141,6 +161,7 @@ trace () verbose () { + echo "verbose: $@" >>$TEST_SSH_LOGFILE if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then echo "$@" fi @@ -149,12 +170,14 @@ verbose () fail () { + echo "FAIL: $@" >>$TEST_SSH_LOGFILE RESULT=1 echo "$@" } fatal () { + echo "FATAL: $@" >>$TEST_SSH_LOGFILE echon "FATAL: " fail "$@" cleanup @@ -174,7 +197,7 @@ cat << EOF > $OBJ/sshd_config #ListenAddress ::1 PidFile $PIDFILE AuthorizedKeysFile $OBJ/authorized_keys_%u - LogLevel QUIET + LogLevel DEBUG AcceptEnv _XXX_TEST_* AcceptEnv _XXX_TEST Subsystem sftp $SFTPSERVER @@ -205,7 +228,6 @@ Host * ChallengeResponseAuthentication no HostbasedAuthentication no PasswordAuthentication no - RhostsRSAAuthentication no BatchMode yes StrictHostKeyChecking yes EOF @@ -246,7 +268,7 @@ chmod 644 $OBJ/authorized_keys_$USER # create a proxy version of the client config ( cat $OBJ/ssh_config - echo proxycommand ${SUDO} ${SSHD} -i -f $OBJ/sshd_proxy + echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy ) > $OBJ/ssh_proxy # check proxy config @@ -256,7 +278,7 @@ start_sshd () { # start sshd $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" - $SUDO ${SSHD} -f $OBJ/sshd_config + $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 trace "wait for sshd" i=0; diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1 index f346b2ae96a0..b5191e318129 100644 --- a/crypto/openssh/scp.1 +++ b/crypto/openssh/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.36 2004/06/13 15:03:02 djm Exp $ +.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -133,6 +133,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms @@ -140,6 +141,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index ef9eaa1a4114..f69fd05fc66f 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.117 2004/08/11 21:44:32 avsm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -108,8 +108,10 @@ pid_t do_cmd_pid = -1; static void killchild(int signo) { - if (do_cmd_pid > 1) + if (do_cmd_pid > 1) { kill(do_cmd_pid, signo); + waitpid(do_cmd_pid, NULL, 0); + } _exit(1); } @@ -726,7 +728,7 @@ sink(int argc, char **argv) #define atime tv[0] #define mtime tv[1] -#define SCREWUP(str) do { why = str; goto screwup; } while (0) +#define SCREWUP(str) { why = str; goto screwup; } setimes = targisdir = 0; mask = umask(0); diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index fae3c658e1d2..2d1a0c3627fe 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "log.h" @@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); -/* AF_UNSPEC or AF_INET or AF_INET6 */ -extern int IPv4or6; /* Use of privilege separation or not */ extern int use_privsep; @@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options) options->num_ports = 0; options->ports_from_cmdline = 0; options->listen_addrs = NULL; + options->address_family = -1; options->num_host_key_files = 0; options->pid_file = NULL; options->server_key_bits = -1; @@ -258,7 +257,8 @@ typedef enum { sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, - sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sTCPKeepAlive, @@ -335,6 +335,7 @@ static struct { { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ { "checkmail", sDeprecated }, { "listenaddress", sListenAddress }, + { "addressfamily", sAddressFamily }, { "printmotd", sPrintMotd }, { "printlastlog", sPrintLastLog }, { "ignorerhosts", sIgnoreRhosts }, @@ -401,6 +402,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port) if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + if (options->address_family == -1) + options->address_family = AF_UNSPEC; if (port == 0) for (i = 0; i < options->num_ports; i++) add_one_listen_addr(options, addr, options->ports[i]); @@ -416,7 +419,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) int gaierr; memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; + hints.ai_family = options->address_family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; snprintf(strport, sizeof strport, "%u", port); @@ -437,6 +440,7 @@ process_server_config_line(ServerOptions *options, char *line, char *cp, **charptr, *arg, *p; int *intptr, value, i, n; ServerOpCodes opcode; + u_short port; cp = line; arg = strdelim(&cp); @@ -509,39 +513,40 @@ parse_time: case sListenAddress: arg = strdelim(&cp); - if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0) - fatal("%s line %d: missing inet addr.", + if (arg == NULL || *arg == '\0') + fatal("%s line %d: missing address", filename, linenum); - if (*arg == '[') { - if ((p = strchr(arg, ']')) == NULL) - fatal("%s line %d: bad ipv6 inet addr usage.", - filename, linenum); - arg++; - memmove(p, p+1, strlen(p+1)+1); - } else if (((p = strchr(arg, ':')) == NULL) || - (strchr(p+1, ':') != NULL)) { - add_listen_addr(options, arg, 0); - break; - } - if (*p == ':') { - u_short port; + p = hpdelim(&arg); + if (p == NULL) + fatal("%s line %d: bad address:port usage", + filename, linenum); + p = cleanhostname(p); + if (arg == NULL) + port = 0; + else if ((port = a2port(arg)) == 0) + fatal("%s line %d: bad port number", filename, linenum); - p++; - if (*p == '\0') - fatal("%s line %d: bad inet addr:port usage.", - filename, linenum); - else { - *(p-1) = '\0'; - if ((port = a2port(p)) == 0) - fatal("%s line %d: bad port number.", - filename, linenum); - add_listen_addr(options, arg, port); - } - } else if (*p == '\0') - add_listen_addr(options, arg, 0); + add_listen_addr(options, p, port); + + break; + + case sAddressFamily: + arg = strdelim(&cp); + intptr = &options->address_family; + if (options->listen_addrs != NULL) + fatal("%s line %d: address family must be specified before " + "ListenAddress.", filename, linenum); + if (strcasecmp(arg, "inet") == 0) + value = AF_INET; + else if (strcasecmp(arg, "inet6") == 0) + value = AF_INET6; + else if (strcasecmp(arg, "any") == 0) + value = AF_UNSPEC; else - fatal("%s line %d: bad inet addr usage.", - filename, linenum); + fatal("%s line %d: unsupported address family \"%s\".", + filename, linenum, arg); + if (*intptr == -1) + *intptr = value; break; case sHostKeyFile: @@ -720,7 +725,23 @@ parse_flag: case sGatewayPorts: intptr = &options->gateway_ports; - goto parse_flag; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing yes/no/clientspecified " + "argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcmp(arg, "clientspecified") == 0) + value = 2; + else if (strcmp(arg, "yes") == 0) + value = 1; + else if (strcmp(arg, "no") == 0) + value = 0; + else + fatal("%s line %d: Bad yes/no/clientspecified " + "argument: %s", filename, linenum, arg); + if (*intptr == -1) + *intptr = value; + break; case sUseDNS: intptr = &options->use_dns; diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index ebd056814733..f7e56d52105e 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -43,6 +43,7 @@ typedef struct { u_short ports[MAX_PORTS]; /* Port number to listen on. */ char *listen_addr; /* Address on which the server listens. */ struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ + int address_family; /* Address family used by the server. */ char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ int num_host_key_files; /* Number of files for host keys. */ char *pid_file; /* Where to put our pid */ diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index ee4008acff67..b32c9e2ca523 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -245,6 +245,10 @@ do_authenticated1(Authctxt *authctxt) u_int proto_len, data_len, dlen, compression_level = 0; s = session_new(); + if (s == NULL) { + error("no more sessions"); + return; + } s->authctxt = authctxt; s->pw = authctxt->pw; @@ -661,11 +665,15 @@ do_exec(Session *s, const char *command) debug("Forced command '%.900s'", command); } -#ifdef GSSAPI - if (options.gss_authentication) { - temporarily_use_uid(s->pw); - ssh_gssapi_storecreds(); - restore_uid(); +#ifdef SSH_AUDIT_EVENTS + if (command != NULL) + PRIVSEP(audit_run_command(command)); + else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; + PRIVSEP(audit_run_command(shell)); } #endif @@ -979,7 +987,13 @@ do_setup_env(Session *s, const char *shell) * The Windows environment contains some setting which are * important for a running system. They must not be dropped. */ - copy_environment(environ, &env, &envsize); + { + char **p; + + p = fetch_windows_environment(); + copy_environment(p, &env, &envsize); + free_windows_environment(p); + } #endif #ifdef GSSAPI @@ -1080,14 +1094,24 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); #endif /* _UNICOS */ + /* + * Since we clear KRB5CCNAME at startup, if it's set now then it + * must have been set by a native authentication method (eg AIX or + * SIA), so copy it to the child. + */ + { + char *cp; + + if ((cp = getenv("KRB5CCNAME")) != NULL) + child_set_env(&env, &envsize, "KRB5CCNAME", cp); + } + #ifdef _AIX { char *cp; if ((cp = getenv("AUTHSTATE")) != NULL) child_set_env(&env, &envsize, "AUTHSTATE", cp); - if ((cp = getenv("KRB5CCNAME")) != NULL) - child_set_env(&env, &envsize, "KRB5CCNAME", cp); read_environment_file(&env, &envsize, "/etc/environment"); } #endif @@ -1247,6 +1271,13 @@ do_setusercontext(struct passwd *pw) # ifdef __bsdi__ setpgid(0, 0); # endif +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM if (options.use_pam) { do_pam_session(); @@ -1277,6 +1308,13 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups. @@ -1314,7 +1352,12 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef PASSWD_NEEDS_USERNAME + execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, + (char *)NULL); +#else execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); +#endif perror("passwd"); } else { fprintf(stderr, @@ -1428,11 +1471,18 @@ do_child(Session *s, const char *command) * generated messages, so if this in an interactive * login then display them too. */ - if (command == NULL) + if (!check_quietlogin(s, command)) display_loginmsg(); #endif /* HAVE_OSF_SIA */ } +#ifdef USE_PAM + if (options.use_pam && !is_pam_session_open()) { + display_loginmsg(); + exit(254); + } +#endif + /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index 0ffacbccc896..d894a11f20ce 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -172,6 +172,7 @@ get_handle(int fd, u_int expected_id, u_int *len) int status = buffer_get_int(&msg); error("Couldn't get handle: %s", fx2txt(status)); + buffer_free(&msg); return(NULL); } else if (type != SSH2_FXP_HANDLE) fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u", @@ -206,6 +207,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet) debug("Couldn't stat remote file: %s", fx2txt(status)); else error("Couldn't stat remote file: %s", fx2txt(status)); + buffer_free(&msg); return(NULL); } else if (type != SSH2_FXP_ATTRS) { fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u", diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h index a0e8e44b3c29..991e05d33240 100644 --- a/crypto/openssh/sftp-client.h +++ b/crypto/openssh/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.12 2004/02/17 05:39:51 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> @@ -30,8 +30,8 @@ struct SFTP_DIRENT { }; /* - * Initialiase a SSH filexfer connection. Returns -1 on error or - * protocol version on success. + * Initialiase a SSH filexfer connection. Returns NULL on error or + * a pointer to a initialized sftp_conn struct on success. */ struct sftp_conn *do_init(int, int, u_int, u_int); diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1 index 3b035b1d407a..c89ffc30fc77 100644 --- a/crypto/openssh/sftp.1 +++ b/crypto/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.57 2004/06/21 22:41:31 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.61 2005/03/01 17:19:35 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -71,7 +71,9 @@ The second usage format will retrieve files automatically if a non-interactive authentication method is used; otherwise it will do so after successful interactive authentication. .Pp -The third usage format allows the sftp client to start in a remote directory. +The third usage format allows +.Nm +to start in a remote directory. .Pp The final usage format allows for automated sessions using the .Fl b @@ -159,6 +161,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms @@ -166,6 +169,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost @@ -192,7 +196,7 @@ For full details of the options listed below, and their possible values, see .It Fl P Ar sftp_server_path Connect directly to a local sftp server (rather than via -.Xr ssh 1 ) +.Xr ssh 1 ) . This option may be useful in debugging the client and server. .It Fl R Ar num_requests Specify how many requests may be outstanding at any one time. @@ -223,9 +227,13 @@ Once in interactive mode, .Nm understands a set of commands similar to those of .Xr ftp 1 . -Commands are case insensitive and pathnames may be enclosed in quotes if they -contain spaces. -.Bl -tag -width "lmdir path" +Commands are case insensitive. +Pathnames that contain spaces must be enclosed in quotes. +Any special characters contained within pathnames that are recognized by +.Xr glob 3 +must be escaped with backslashes +.Pq Sq \e . +.Bl -tag -width Ds .It Ic bye Quit .Nm sftp . @@ -237,6 +245,10 @@ Change group of file .Ar path to .Ar grp . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Ar grp must be a numeric GID. .It Ic chmod Ar mode Ar path @@ -244,18 +256,26 @@ Change permissions of file .Ar path to .Ar mode . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .It Ic chown Ar own Ar path Change owner of file .Ar path to .Ar own . +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Ar own must be a numeric UID. .It Ic exit Quit .Nm sftp . .It Xo Ic get -.Op Ar flags +.Op Fl P .Ar remote-path .Op Ar local-path .Xc @@ -265,9 +285,18 @@ and store it on the local machine. If the local path name is not specified, it is given the same name it has on the remote machine. +.Ar remote-path +may contain +.Xr glob 3 +characters and may match multiple files. +If it does and +.Ar local-path +is specified, then +.Ar local-path +must specify a directory. If the .Fl P -flag is specified, then the file's full permission and access time are +flag is specified, then full file permissions and access times are copied too. .It Ic help Display help text. @@ -280,6 +309,14 @@ Display local directory listing of either or current directory if .Ar path is not specified. +.Ar ls-options +may contain any flags supported by the local system's +.Xr ls 1 +command. +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .It Ic lmkdir Ar path Create local directory specified by .Ar path . @@ -291,36 +328,44 @@ to .It Ic lpwd Print local working directory. .It Xo Ic ls -.Op Ar flags +.Op Fl 1aflnrSt .Op Ar path .Xc -Display remote directory listing of either +Display a remote directory listing of either .Ar path -or current directory if +or the current directory if .Ar path is not specified. -If the -.Fl l -flag is specified, then display additional details including permissions -and ownership information. -The -.Fl n -flag will produce a long listing with user and group information presented -numerically. +.Ar path +may contain +.Xr glob 3 +characters and may match multiple files. .Pp -By default, +The following flags are recognized and alter the behaviour of .Ic ls -listings are sorted in lexicographical order. -This may be changed by specifying the -.Fl S -(sort by file size), -.Fl t -(sort by last modification time), or -.Fl f -(don't sort at all) flags. -Additionally, the sort order may be reversed using the -.Fl r -flag. +accordingly: +.Bl -tag -width Ds +.It Fl 1 +Produce single columnar output. +.It Fl a +List files beginning with a dot +.Pq Sq \&. . +.It Fl f +Do not sort the listing. +The default sort order is lexicographical. +.It Fl l +Display additional details including permissions +and ownership information. +.It Fl n +Produce a long listing with user and group information presented +numerically. +.It Fl r +Reverse the sort order of the listing. +.It Fl S +Sort the listing by file size. +.It Fl t +Sort the listing by last modification time. +.El .It Ic lumask Ar umask Set local umask to .Ar umask . @@ -330,7 +375,7 @@ Create remote directory specified by .It Ic progress Toggle display of progress meter. .It Xo Ic put -.Op Ar flags +.Op Fl P .Ar local-path .Op Ar remote-path .Xc @@ -339,6 +384,15 @@ Upload and store it on the remote machine. If the remote path name is not specified, it is given the same name it has on the local machine. +.Ar local-path +may contain +.Xr glob 3 +characters and may match multiple files. +If it does and +.Ar remote-path +is specified, then +.Ar remote-path +must specify a directory. If the .Fl P flag is specified, then the file's full permission and access time are @@ -379,10 +433,12 @@ Synonym for help. .El .Sh SEE ALSO .Xr ftp 1 , +.Xr ls 1 , .Xr scp 1 , .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-keygen 1 , +.Xr glob 3 , .Xr ssh_config 5 , .Xr sftp-server 8 , .Xr sshd 8 diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index f01c9194c364..f8553ed82104 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -16,7 +16,13 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $"); + +#ifdef USE_LIBEDIT +#include <histedit.h> +#else +typedef void EditLine; +#endif #include "buffer.h" #include "xmalloc.h" @@ -144,8 +150,10 @@ int interactive_loop(int fd_in, int fd_out, char *file1, char *file2); static void killchild(int signo) { - if (sshpid > 1) + if (sshpid > 1) { kill(sshpid, SIGTERM); + waitpid(sshpid, NULL, 0); + } _exit(1); } @@ -154,9 +162,11 @@ static void cmd_interrupt(int signo) { const char msg[] = "\rInterrupt \n"; + int olderrno = errno; write(STDERR_FILENO, msg, sizeof(msg) - 1); interrupted = 1; + errno = olderrno; } static void @@ -256,7 +266,7 @@ path_strip(char *path, char *strip) return (xstrdup(path)); len = strlen(strip); - if (strip != NULL && strncmp(path, strip, len) == 0) { + if (strncmp(path, strip, len) == 0) { if (strip[len - 1] != '/' && path[len] == '/') len++; return (xstrdup(path + len)); @@ -738,12 +748,14 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, { glob_t g; int i, c = 1, colspace = 0, columns = 1; - Attrib *a; + Attrib *a = NULL; memset(&g, 0, sizeof(g)); if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, - NULL, &g)) { + NULL, &g) || (g.gl_pathc && !g.gl_matchc)) { + if (g.gl_pathc) + globfree(&g); error("Can't ls: \"%s\" not found", path); return (-1); } @@ -752,19 +764,21 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, goto out; /* - * If the glob returns a single match, which is the same as the - * input glob, and it is a directory, then just list its contents + * If the glob returns a single match and it is a directory, + * then just list its contents. */ - if (g.gl_pathc == 1 && - strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { - if ((a = do_lstat(conn, path, 1)) == NULL) { + if (g.gl_matchc == 1) { + if ((a = do_lstat(conn, g.gl_pathv[0], 1)) == NULL) { globfree(&g); return (-1); } if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && S_ISDIR(a->perm)) { + int err; + + err = do_ls_dir(conn, g.gl_pathv[0], strip_path, lflag); globfree(&g); - return (do_ls_dir(conn, path, strip_path, lflag)); + return (err); } } @@ -784,7 +798,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, colspace = width / columns; } - for (i = 0; g.gl_pathv[i] && !interrupted; i++) { + for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) { char *fname; fname = path_strip(g.gl_pathv[i], strip_path); @@ -801,7 +815,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, * that the server returns as well as the filenames. */ memset(&sb, 0, sizeof(sb)); - a = do_lstat(conn, g.gl_pathv[i], 1); + if (a == NULL) + a = do_lstat(conn, g.gl_pathv[i], 1); if (a != NULL) attrib_to_stat(a, &sb); lname = ls_file(fname, &sb, 1); @@ -1206,6 +1221,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, return (0); } +#ifdef USE_LIBEDIT +static char * +prompt(EditLine *el) +{ + return ("sftp> "); +} +#endif + int interactive_loop(int fd_in, int fd_out, char *file1, char *file2) { @@ -1214,6 +1237,27 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) char cmd[2048]; struct sftp_conn *conn; int err; + EditLine *el = NULL; +#ifdef USE_LIBEDIT + History *hl = NULL; + HistEvent hev; + extern char *__progname; + + if (!batchmode && isatty(STDIN_FILENO)) { + if ((el = el_init(__progname, stdin, stdout, stderr)) == NULL) + fatal("Couldn't initialise editline"); + if ((hl = history_init()) == NULL) + fatal("Couldn't initialise editline history"); + history(hl, &hev, H_SETSIZE, 100); + el_set(el, EL_HIST, history, hl); + + el_set(el, EL_PROMPT, prompt); + el_set(el, EL_EDITOR, "emacs"); + el_set(el, EL_TERMINAL, NULL); + el_set(el, EL_SIGNAL, 1); + el_source(el, NULL); + } +#endif /* USE_LIBEDIT */ conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests); if (conn == NULL) @@ -1230,8 +1274,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) if (remote_is_dir(conn, dir) && file2 == NULL) { printf("Changing to: %s\n", dir); snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); - if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) + if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) { + xfree(dir); + xfree(pwd); return (-1); + } } else { if (file2 == NULL) snprintf(cmd, sizeof cmd, "get %s", dir); @@ -1261,17 +1308,29 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) signal(SIGINT, SIG_IGN); - printf("sftp> "); + if (el == NULL) { + printf("sftp> "); + if (fgets(cmd, sizeof(cmd), infile) == NULL) { + printf("\n"); + break; + } + if (batchmode) /* Echo command */ + printf("%s", cmd); + } else { +#ifdef USE_LIBEDIT + const char *line; + int count = 0; - /* XXX: use libedit */ - if (fgets(cmd, sizeof(cmd), infile) == NULL) { - printf("\n"); - break; + if ((line = el_gets(el, &count)) == NULL || count <= 0) + break; + history(hl, &hev, H_ENTER, line); + if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) { + fprintf(stderr, "Error: input line too long\n"); + continue; + } +#endif /* USE_LIBEDIT */ } - if (batchmode) /* Echo command */ - printf("%s", cmd); - cp = strrchr(cmd, '\n'); if (cp) *cp = '\0'; @@ -1420,6 +1479,7 @@ main(int argc, char **argv) fatal("%s (%s).", strerror(errno), optarg); showprogress = 0; batchmode = 1; + addargs(&args, "-obatchmode yes"); break; case 'P': sftp_direct = optarg; diff --git a/crypto/openssh/ssh-add.1 b/crypto/openssh/ssh-add.1 index 6348197b332a..1f3df5bec2b8 100644 --- a/crypto/openssh/ssh-add.1 +++ b/crypto/openssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $ +.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -45,7 +45,7 @@ .Nd adds RSA or DSA identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl lLdDxXc +.Op Fl cDdLlXx .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -77,23 +77,6 @@ to work. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl l -Lists fingerprints of all identities currently represented by the agent. -.It Fl L -Lists public key parameters of all identities currently represented by the agent. -.It Fl d -Instead of adding the identity, removes the identity from the agent. -.It Fl D -Deletes all identities from the agent. -.It Fl x -Lock the agent with a password. -.It Fl X -Unlock the agent. -.It Fl t Ar life -Set a maximum lifetime when adding identities to an agent. -The lifetime may be specified in seconds or in a time format -specified in -.Xr sshd_config 5 . .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. @@ -103,12 +86,30 @@ program mentioned below. Successful confirmation is signaled by a zero exit status from the .Ev SSH_ASKPASS program, rather than text entered into the requester. -.It Fl s Ar reader -Add key in smartcard -.Ar reader . +.It Fl D +Deletes all identities from the agent. +.It Fl d +Instead of adding the identity, removes the identity from the agent. .It Fl e Ar reader Remove key in smartcard .Ar reader . +.It Fl L +Lists public key parameters of all identities currently represented +by the agent. +.It Fl l +Lists fingerprints of all identities currently represented by the agent. +.It Fl s Ar reader +Add key in smartcard +.Ar reader . +.It Fl t Ar life +Set a maximum lifetime when adding identities to an agent. +The lifetime may be specified in seconds or in a time format +specified in +.Xr sshd_config 5 . +.It Fl X +Unlock the agent. +.It Fl x +Lock the agent with a password. .El .Sh ENVIRONMENT .Bl -tag -width Ds @@ -129,7 +130,7 @@ and open an X11 window to read the passphrase. This is particularly useful when calling .Nm from a -.Pa .Xsession +.Pa .xsession or related script. (Note that on some machines it may be necessary to redirect the input from diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index bc4d8d33a287..dd7e22ad5ade 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -168,23 +168,15 @@ lookup_identity(Key *key, int version) static int confirm_key(Identity *id) { - char *p, prompt[1024]; + char *p; int ret = -1; p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); - snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n" - "Key fingerprint %s.", id->comment, p); + if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", + id->comment, p)) + ret = 0; xfree(p); - p = read_passphrase(prompt, RP_ALLOW_EOF); - if (p != NULL) { - /* - * Accept empty responses and responses consisting - * of the word "yes" as affirmative. - */ - if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) - ret = 0; - xfree(p); - } + return (ret); } @@ -1010,9 +1002,7 @@ main(int ac, char **av) #ifdef HAVE_SETRLIMIT struct rlimit rlim; #endif -#ifdef HAVE_CYGWIN int prev_mask; -#endif extern int optind; extern char *optarg; pid_t pid; @@ -1124,24 +1114,20 @@ main(int ac, char **av) sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { perror("socket"); + *socket_name = '\0'; /* Don't unlink any existing file */ cleanup_exit(1); } memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); -#ifdef HAVE_CYGWIN prev_mask = umask(0177); -#endif if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { perror("bind"); -#ifdef HAVE_CYGWIN + *socket_name = '\0'; /* Don't unlink any existing file */ umask(prev_mask); -#endif cleanup_exit(1); } -#ifdef HAVE_CYGWIN umask(prev_mask); -#endif if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { perror("listen"); cleanup_exit(1); diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 index c0f24dcd0bee..3987b1e66615 100644 --- a/crypto/openssh/ssh-keygen.1 +++ b/crypto/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -81,6 +81,15 @@ .Nm ssh-keygen .Fl D Ar reader .Nm ssh-keygen +.Fl F Ar hostname +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen +.Fl H +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen +.Fl R Ar hostname +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen .Fl U Ar reader .Op Fl f Ar input_keyfile .Nm ssh-keygen @@ -174,16 +183,23 @@ Specifies the number of primality tests to perform when screening DH-GEX candidates using the .Fl T command. +.It Fl B +Show the bubblebabble digest of specified private or public key file. .It Fl b Ar bits Specifies the number of bits in the key to create. Minimum is 512 bits. Generally, 1024 bits is considered sufficient. The default is 1024 bits. +.It Fl C Ar comment +Provides a new comment. .It Fl c Requests changing the comment in the private and public key files. This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. +.It Fl D Ar reader +Download the RSA public key stored in the smartcard in +.Ar reader . .It Fl e This option will read a private or public OpenSSH key file and print the key in a @@ -191,12 +207,41 @@ print the key in a to stdout. This option allows exporting keys for use by several commercial SSH implementations. +.It Fl F Ar hostname +Search for the specified +.Ar hostname +in a +.Pa known_hosts +file, listing any occurrences found. +This option is useful to find hashed host names or addresses and may also be +used in conjunction with the +.Fl H +option to print found keys in a hashed format. +.It Fl f Ar filename +Specifies the filename of the key file. +.It Fl G Ar output_file +Generate candidate primes for DH-GEX. +These primes must be screened for +safety (using the +.Fl T +option) before use. .It Fl g Use generic DNS format when printing fingerprint resource records using the .Fl r command. -.It Fl f Ar filename -Specifies the filename of the key file. +.It Fl H +Hash a +.Pa known_hosts +file, printing the result to standard output. +This replaces all hostnames and addresses with hashed representations. +These hashes may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +This option will not modify existing hashed hostnames and is therefore safe +to use on files that mix hashed and non-hashed names. .It Fl i This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private @@ -212,6 +257,13 @@ Private RSA1 keys are also supported. For RSA and DSA keys .Nm tries to find the matching public key file and prints its fingerprint. +.It Fl M Ar memory +Specify the amount of memory to use (in megabytes) when generating +candidate moduli for DH-GEX. +.It Fl N Ar new_passphrase +Provides the new passphrase. +.It Fl P Ar passphrase +Provides the (old) passphrase. .It Fl p Requests changing the passphrase of a private key file instead of creating a new private key. @@ -224,11 +276,27 @@ Silence Used by .Pa /etc/rc when creating a new key. -.It Fl y -This option will read a private -OpenSSH format file and print an OpenSSH public key to stdout. +.It Fl R Ar hostname +Removes all keys belonging to +.Ar hostname +from a +.Pa known_hosts +file. +This option is useful to delete hashed hosts (see the +.Fl H +option above). +.It Fl r Ar hostname +Print the SSHFP fingerprint resource record named +.Ar hostname +for the specified public key file. +.It Fl S Ar start +Specify start point (in hex) when generating candidate moduli for DH-GEX. +.It Fl T Ar output_file +Test DH group exchange candidate primes (generated using the +.Fl G +option) for safety. .It Fl t Ar type -Specifies the type of the key to create. +Specifies the type of key to create. The possible values are .Dq rsa1 for protocol version 1 and @@ -236,34 +304,6 @@ for protocol version 1 and or .Dq dsa for protocol version 2. -.It Fl B -Show the bubblebabble digest of specified private or public key file. -.It Fl C Ar comment -Provides the new comment. -.It Fl D Ar reader -Download the RSA public key stored in the smartcard in -.Ar reader . -.It Fl G Ar output_file -Generate candidate primes for DH-GEX. -These primes must be screened for -safety (using the -.Fl T -option) before use. -.It Fl M Ar memory -Specify the amount of memory to use (in megabytes) when generating -candidate moduli for DH-GEX. -.It Fl N Ar new_passphrase -Provides the new passphrase. -.It Fl P Ar passphrase -Provides the (old) passphrase. -.It Fl S Ar start -Specify start point (in hex) when generating candidate moduli for DH-GEX. -.It Fl T Ar output_file -Test DH group exchange candidate primes (generated using the -.Fl G -option) for safety. -.It Fl W Ar generator -Specify desired generator when testing candidate moduli for DH-GEX. .It Fl U Ar reader Upload an existing RSA private key into the smartcard in .Ar reader . @@ -277,10 +317,11 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. -.It Fl r Ar hostname -Print the SSHFP fingerprint resource record named -.Ar hostname -for the specified public key file. +.It Fl W Ar generator +Specify desired generator when testing candidate moduli for DH-GEX. +.It Fl y +This option will read a private +OpenSSH format file and print an OpenSSH public key to stdout. .El .Sh MODULI GENERATION .Nm @@ -299,7 +340,7 @@ The desired length of the primes may be specified by the option. For example: .Pp -.Dl ssh-keygen -G moduli-2048.candidates -b 2048 +.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 .Pp By default, the search for primes begins at a random point in the desired length range. @@ -319,7 +360,7 @@ will read candidates from standard input (or a file specified using the option). For example: .Pp -.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates +.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates .Pp By default, each candidate will be subjected to 100 primality tests. This may be overridden using the @@ -330,7 +371,7 @@ prime under consideration. If a specific generator is desired, it may be requested using the .Fl W option. -Valid generator values are 2, 3 and 5. +Valid generator values are 2, 3, and 5. .Pp Screened DH groups may be installed in .Pa /etc/moduli . diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index d39e7d8811e9..a9931d4d846a 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -27,6 +27,8 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $"); #include "pathnames.h" #include "log.h" #include "misc.h" +#include "match.h" +#include "hostfile.h" #ifdef SMARTCARD #include "scard.h" @@ -50,6 +52,13 @@ int change_comment = 0; int quiet = 0; +/* Flag indicating that we want to hash a known_hosts file */ +int hash_hosts = 0; +/* Flag indicating that we want lookup a host in known_hosts file */ +int find_host = 0; +/* Flag indicating that we want to delete a host from a known_hosts file */ +int delete_host = 0; + /* Flag indicating that we just want to see the key fingerprint */ int print_fingerprint = 0; int print_bubblebabble = 0; @@ -239,6 +248,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } else if (strstr(type, "rsa")) { ktype = KEY_RSA; } else { + buffer_free(&b); xfree(type); return NULL; } @@ -540,6 +550,201 @@ do_fingerprint(struct passwd *pw) exit(0); } +static void +print_host(FILE *f, char *name, Key *public, int hash) +{ + if (hash && (name = host_hash(name, NULL, 0)) == NULL) + fatal("hash_host failed"); + fprintf(f, "%s ", name); + if (!key_write(public, f)) + fatal("key_write failed"); + fprintf(f, "\n"); +} + +static void +do_known_hosts(struct passwd *pw, const char *name) +{ + FILE *in, *out = stdout; + Key *public; + char *cp, *cp2, *kp, *kp2; + char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; + int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; + + if (!have_identity) { + cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); + if (strlcpy(identity_file, cp, sizeof(identity_file)) >= + sizeof(identity_file)) + fatal("Specified known hosts path too long"); + xfree(cp); + have_identity = 1; + } + if ((in = fopen(identity_file, "r")) == NULL) + fatal("fopen: %s", strerror(errno)); + + /* + * Find hosts goes to stdout, hash and deletions happen in-place + * A corner case is ssh-keygen -HF foo, which should go to stdout + */ + if (!find_host && (hash_hosts || delete_host)) { + if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) || + strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) || + strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) || + strlcat(old, ".old", sizeof(old)) >= sizeof(old)) + fatal("known_hosts path too long"); + umask(077); + if ((c = mkstemp(tmp)) == -1) + fatal("mkstemp: %s", strerror(errno)); + if ((out = fdopen(c, "w")) == NULL) { + c = errno; + unlink(tmp); + fatal("fdopen: %s", strerror(c)); + } + inplace = 1; + } + + while (fgets(line, sizeof(line), in)) { + num++; + i = strlen(line) - 1; + if (line[i] != '\n') { + error("line %d too long: %.40s...", num, line); + skip = 1; + invalid = 1; + continue; + } + if (skip) { + skip = 0; + continue; + } + line[i] = '\0'; + + /* Skip leading whitespace, empty and comment lines. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; + if (!*cp || *cp == '\n' || *cp == '#') { + if (inplace) + fprintf(out, "%s\n", cp); + continue; + } + /* Find the end of the host name portion. */ + for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) + ; + if (*kp == '\0' || *(kp + 1) == '\0') { + error("line %d missing key: %.40s...", + num, line); + invalid = 1; + continue; + } + *kp++ = '\0'; + kp2 = kp; + + public = key_new(KEY_RSA1); + if (key_read(public, &kp) != 1) { + kp = kp2; + key_free(public); + public = key_new(KEY_UNSPEC); + if (key_read(public, &kp) != 1) { + error("line %d invalid key: %.40s...", + num, line); + key_free(public); + invalid = 1; + continue; + } + } + + if (*cp == HASH_DELIM) { + if (find_host || delete_host) { + cp2 = host_hash(name, cp, strlen(cp)); + if (cp2 == NULL) { + error("line %d: invalid hashed " + "name: %.64s...", num, line); + invalid = 1; + continue; + } + c = (strcmp(cp2, cp) == 0); + if (find_host && c) { + printf("# Host %s found: " + "line %d type %s\n", name, + num, key_type(public)); + print_host(out, cp, public, 0); + } + if (delete_host && !c) + print_host(out, cp, public, 0); + } else if (hash_hosts) + print_host(out, cp, public, 0); + } else { + if (find_host || delete_host) { + c = (match_hostname(name, cp, + strlen(cp)) == 1); + if (find_host && c) { + printf("# Host %s found: " + "line %d type %s\n", name, + num, key_type(public)); + print_host(out, cp, public, hash_hosts); + } + if (delete_host && !c) + print_host(out, cp, public, 0); + } else if (hash_hosts) { + for(cp2 = strsep(&cp, ","); + cp2 != NULL && *cp2 != '\0'; + cp2 = strsep(&cp, ",")) { + if (strcspn(cp2, "*?!") != strlen(cp2)) + fprintf(stderr, "Warning: " + "ignoring host name with " + "metacharacters: %.64s\n", + cp2); + else + print_host(out, cp2, public, 1); + } + has_unhashed = 1; + } + } + key_free(public); + } + fclose(in); + + if (invalid) { + fprintf(stderr, "%s is not a valid known_host file.\n", + identity_file); + if (inplace) { + fprintf(stderr, "Not replacing existing known_hosts " + "file beacuse of errors"); + fclose(out); + unlink(tmp); + } + exit(1); + } + + if (inplace) { + fclose(out); + + /* Backup existing file */ + if (unlink(old) == -1 && errno != ENOENT) + fatal("unlink %.100s: %s", old, strerror(errno)); + if (link(identity_file, old) == -1) + fatal("link %.100s to %.100s: %s", identity_file, old, + strerror(errno)); + /* Move new one into place */ + if (rename(tmp, identity_file) == -1) { + error("rename\"%s\" to \"%s\": %s", tmp, identity_file, + strerror(errno)); + unlink(tmp); + unlink(old); + exit(1); + } + + fprintf(stderr, "%s updated.\n", identity_file); + fprintf(stderr, "Original contents retained as %s\n", old); + if (has_unhashed) { + fprintf(stderr, "WARNING: %s contains unhashed " + "entries\n", old); + fprintf(stderr, "Delete this file to ensure privacy " + "of hostnames\n"); + } + } + + exit(0); +} + /* * Perform changing a passphrase. The argument is the passwd structure * for the current user. @@ -766,6 +971,8 @@ usage(void) fprintf(stderr, " -y Read private key file and print public key.\n"); fprintf(stderr, " -t type Specify type of key to create.\n"); fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); + fprintf(stderr, " -H Hash names in known_hosts file\n"); + fprintf(stderr, " -F hostname Find hostname in known hosts file\n"); fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); @@ -789,7 +996,7 @@ main(int ac, char **av) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; char out_file[MAXPATHLEN], *reader_id = NULL; - char *resource_record_hostname = NULL; + char *rr_hostname = NULL; Key *private, *public; struct passwd *pw; struct stat st; @@ -823,7 +1030,7 @@ main(int ac, char **av) } while ((opt = getopt(ac, av, - "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { + "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); @@ -832,6 +1039,17 @@ main(int ac, char **av) exit(1); } break; + case 'F': + find_host = 1; + rr_hostname = optarg; + break; + case 'H': + hash_hosts = 1; + break; + case 'R': + delete_host = 1; + rr_hostname = optarg; + break; case 'l': print_fingerprint = 1; break; @@ -863,10 +1081,6 @@ main(int ac, char **av) case 'q': quiet = 1; break; - case 'R': - /* unused */ - exit(0); - break; case 'e': case 'x': /* export key */ @@ -901,7 +1115,7 @@ main(int ac, char **av) } break; case 'r': - resource_record_hostname = optarg; + rr_hostname = optarg; break; case 'W': generator_wanted = atoi(optarg); @@ -944,6 +1158,8 @@ main(int ac, char **av) printf("Can only have one of -p and -c.\n"); usage(); } + if (delete_host || hash_hosts || find_host) + do_known_hosts(pw, rr_hostname); if (print_fingerprint || print_bubblebabble) do_fingerprint(pw); if (change_passphrase) @@ -956,8 +1172,8 @@ main(int ac, char **av) do_convert_from_ssh2(pw); if (print_public) do_print_public(pw); - if (resource_record_hostname != NULL) { - do_print_resource_record(pw, resource_record_hostname); + if (rr_hostname != NULL) { + do_print_resource_record(pw, rr_hostname); } if (reader_id != NULL) { #ifdef SMARTCARD diff --git a/crypto/openssh/ssh-keyscan.1 b/crypto/openssh/ssh-keyscan.1 index 9efcf52137e3..7e846f77c4ae 100644 --- a/crypto/openssh/ssh-keyscan.1 +++ b/crypto/openssh/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.18 2004/07/12 23:34:25 brad Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.20 2005/03/01 15:47:14 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -15,11 +15,11 @@ .Sh SYNOPSIS .Nm ssh-keyscan .Bk -words -.Op Fl v46 +.Op Fl 46Hv +.Op Fl f Ar file .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type -.Op Fl f Ar file .Op Ar host | addrlist namelist .Op Ar ... .Ek @@ -46,6 +46,33 @@ scanning process involve any encryption. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl f Ar file +Read hosts or +.Pa addrlist namelist +pairs from this file, one per line. +If +.Pa - +is supplied instead of a filename, +.Nm +will read hosts or +.Pa addrlist namelist +pairs from the standard input. +.It Fl H +Hash all hostnames and addresses in the output. +Hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. .It Fl p Ar port Port to connect to on the remote host. .It Fl T Ar timeout @@ -68,30 +95,11 @@ for protocol version 2. Multiple values may be specified by separating them with commas. The default is .Dq rsa1 . -.It Fl f Ar filename -Read hosts or -.Pa addrlist namelist -pairs from this file, one per line. -If -.Pa - -is supplied instead of a filename, -.Nm -will read hosts or -.Pa addrlist namelist -pairs from the standard input. .It Fl v Verbose mode. Causes .Nm to print debugging messages about its progress. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. .El .Sh SECURITY If a ssh_known_hosts file is constructed using diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c index 3cb52ac2e9f3..bc2c3b728886 100644 --- a/crypto/openssh/ssh-keyscan.c +++ b/crypto/openssh/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $"); #include "openbsd-compat/sys-queue.h" @@ -28,6 +28,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); #include "log.h" #include "atomicio.h" #include "misc.h" +#include "hostfile.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -41,6 +42,8 @@ int ssh_port = SSH_DEFAULT_PORT; int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */ +int hash_hosts = 0; /* Hash hostname on output */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -366,10 +369,14 @@ keygrab_ssh2(con *c) static void keyprint(con *c, Key *key) { + char *host = c->c_output_name ? c->c_output_name : c->c_name; + if (!key) return; + if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); - fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name); + fprintf(stdout, "%s ", host); key_write(key, stdout); fputs("\n", stdout); } @@ -676,7 +683,7 @@ fatal(const char *fmt,...) static void usage(void) { - fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-t type] [-f file]\n" + fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" "\t\t [host | addrlist namelist] [...]\n", __progname); exit(1); @@ -700,8 +707,11 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { switch (opt) { + case 'H': + hash_hosts = 1; + break; case 'p': ssh_port = a2port(optarg); if (ssh_port == 0) { diff --git a/crypto/openssh/ssh-keysign.c b/crypto/openssh/ssh-keysign.c index 517655790c9b..04597a91d4d4 100644 --- a/crypto/openssh/ssh-keysign.c +++ b/crypto/openssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); #include <openssl/evp.h> #include <openssl/rand.h> @@ -151,7 +151,8 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - if ((pw = getpwuid(getuid())) == NULL) + original_real_uid = getuid(); /* XXX readconf.c needs this */ + if ((pw = getpwuid(original_real_uid)) == NULL) fatal("getpwuid failed"); pw = pwcopy(pw); @@ -166,7 +167,6 @@ main(int argc, char **argv) #endif /* verify that ssh-keysign is enabled by the admin */ - original_real_uid = getuid(); /* XXX readconf.c needs this */ initialize_options(&options); (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); fill_default_options(&options); diff --git a/crypto/openssh/ssh-rand-helper.c b/crypto/openssh/ssh-rand-helper.c index 86af3893d0c8..d7d8d0f3b268 100644 --- a/crypto/openssh/ssh-rand-helper.c +++ b/crypto/openssh/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -209,6 +209,22 @@ done: return rval; } +static int +seed_from_prngd(unsigned char *buf, size_t bytes) +{ +#ifdef PRNGD_PORT + debug("trying egd/prngd port %d", PRNGD_PORT); + if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) + return 0; +#endif +#ifdef PRNGD_SOCKET + debug("trying egd/prngd socket %s", PRNGD_SOCKET); + if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) + return 0; +#endif + return -1; +} + double stir_gettimeofday(double entropy_estimate) { @@ -534,10 +550,11 @@ prng_check_seedfile(char *filename) void prng_write_seedfile(void) { - int fd; + int fd, save_errno; unsigned char seed[SEED_FILE_SIZE]; - char filename[MAXPATHLEN]; + char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; struct passwd *pw; + mode_t old_umask; pw = getpwuid(getuid()); if (pw == NULL) @@ -552,7 +569,10 @@ prng_write_seedfile(void) snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); - debug("writing PRNG seed to file %.100s", filename); + strlcpy(tmpseed, filename, sizeof(tmpseed)); + if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= + sizeof(tmpseed)) + fatal("PRNG seed filename too long"); if (RAND_bytes(seed, sizeof(seed)) <= 0) fatal("PRNG seed extraction failed"); @@ -560,15 +580,31 @@ prng_write_seedfile(void) /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); - if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { - debug("WARNING: couldn't access PRNG seedfile %.100s " - "(%.100s)", filename, strerror(errno)); + old_umask = umask(0177); + + if ((fd = mkstemp(tmpseed)) == -1) { + debug("WARNING: couldn't make temporary PRNG seedfile %.100s " + "(%.100s)", tmpseed, strerror(errno)); } else { - if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) + debug("writing PRNG seed to file %.100s", tmpseed); + if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { + save_errno = errno; + close(fd); + unlink(tmpseed); fatal("problem writing PRNG seedfile %.100s " - "(%.100s)", filename, strerror(errno)); + "(%.100s)", filename, strerror(save_errno)); + } close(fd); + debug("moving temporary PRNG seed to file %.100s", filename); + if (rename(tmpseed, filename) == -1) { + save_errno = errno; + unlink(tmpseed); + fatal("problem renaming PRNG seedfile from %.100s " + "to %.100s (%.100s)", tmpseed, filename, + strerror(save_errno)); + } } + umask(old_umask); } void @@ -747,7 +783,7 @@ usage(void) fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); fprintf(stderr, " Multiple -v increases verbosity.\n"); - fprintf(stderr, " -x Force output in hexidecimal (for debugging)\n"); + fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n"); fprintf(stderr, " -X Force output in binary\n"); fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", OUTPUT_SEED_SIZE); @@ -815,21 +851,16 @@ main(int argc, char **argv) debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); -#ifdef PRNGD_PORT - if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1) - fatal("Entropy collection failed"); - RAND_add(buf, bytes, bytes); -#elif defined(PRNGD_SOCKET) - if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1) - fatal("Entropy collection failed"); - RAND_add(buf, bytes, bytes); -#else - /* Read in collection commands */ - if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) - fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", - (int)stir_from_programs()); -#endif + /* try prngd, fall back to commands if prngd fails or not configured */ + if (seed_from_prngd(buf, bytes) == 0) { + RAND_add(buf, bytes, bytes); + } else { + /* Read in collection commands */ + if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) + fatal("PRNG initialisation failed -- exiting."); + debug("Seeded RNG with %i bytes from programs", + (int)stir_from_programs()); + } #ifdef USE_SEED_FILES prng_write_seedfile(); @@ -857,3 +888,15 @@ main(int argc, char **argv) return ret == bytes ? 0 : 1; } + +/* + * We may attempt to re-seed during mkstemp if we are using the one in the + * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we + * need our own seed_rng(). We must also check that we have enough entropy. + */ +void +seed_rng(void) +{ + if (!RAND_status()) + fatal("Not enough entropy in RNG"); +} diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 0ff77ea296f7..e6f4b4a54fff 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $ +.\" $OpenBSD: ssh.1,v 1.205 2005/03/07 23:41:54 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,40 +43,35 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh +.Bk -words .Op Fl 1246AaCfgkMNnqsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec -.Bk -words .Op Fl D Ar port .Op Fl e Ar escape_char .Op Fl F Ar configfile .Op Fl i Ar identity_file -.Oo Fl L Xo +.Oo Fl L\ \& .Sm off -.Ar port : -.Ar host : -.Ar hostport +.Oo Ar bind_address : Oc +.Ar port : host : hostport .Sm on -.Xc .Oc -.Ek .Op Fl l Ar login_name .Op Fl m Ar mac_spec +.Op Fl O Ar ctl_cmd .Op Fl o Ar option -.Bk -words .Op Fl p Ar port -.Ek -.Oo Fl R Xo +.Oo Fl R\ \& .Sm off -.Ar port : -.Ar host : -.Ar hostport +.Oo Ar bind_address : Oc +.Ar port : host : hostport .Sm on -.Xc .Oc -.Op Fl S Ar ctl +.Op Fl S Ar ctl_path .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -103,35 +98,25 @@ is specified, .Ar command is executed on the remote host instead of a login shell. .Ss SSH protocol version 1 -First, if the machine the user logs in from is listed in +The first authentication method is the +.Em rhosts +or +.Em hosts.equiv +method combined with RSA-based host authentication. +If the machine the user logs in from is listed in .Pa /etc/hosts.equiv or .Pa /etc/shosts.equiv on the remote machine, and the user names are -the same on both sides, the user is immediately permitted to log in. -Second, if -.Pa .rhosts +the same on both sides, or if the files +.Pa $HOME/.rhosts or -.Pa .shosts -exists in the user's home directory on the -remote machine and contains a line containing the name of the client +.Pa $HOME/.shosts +exist in the user's home directory on the +remote machine and contain a line containing the name of the client machine and the name of the user on that machine, the user is -permitted to log in. -This form of authentication alone is normally not -allowed by the server because it is not secure. -.Pp -The second authentication method is the -.Em rhosts -or -.Em hosts.equiv -method combined with RSA-based host authentication. -It means that if the login would be permitted by -.Pa $HOME/.rhosts , -.Pa $HOME/.shosts , -.Pa /etc/hosts.equiv , -or -.Pa /etc/shosts.equiv , -and if additionally the server can verify the client's +considered for log in. +Additionally, if the server can verify the client's host key (see .Pa /etc/ssh/ssh_known_hosts and @@ -147,7 +132,7 @@ spoofing, DNS spoofing and routing spoofing. and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.] .Pp -As a third authentication method, +As a second authentication method, .Nm supports RSA based authentication. The scheme is based on public-key cryptography: there are cryptosystems @@ -195,9 +180,6 @@ file corresponds to the conventional file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password. -RSA authentication is much more secure than -.Em rhosts -authentication. .Pp The most convenient way to use RSA authentication may be with an authentication agent. @@ -582,6 +564,7 @@ configuration files). Disables forwarding (delegation) of GSSAPI credentials to the server. .It Fl L Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Xc @@ -589,7 +572,9 @@ Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to .Ar port -on the local side, and whenever a connection is made to this port, the +on the local side, optionally bound to the specified +.Ar bind_address . +Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to .Ar host @@ -597,14 +582,30 @@ port .Ar hostport from the remote machine. Port forwardings can also be specified in the configuration file. -Only root can forward privileged ports. IPv6 addresses can be specified with an alternative syntax: .Sm off .Xo +.Op Ar bind_address No / .Ar port No / Ar host No / -.Ar hostport . +.Ar hostport .Xc .Sm on +or by enclosing the address in square brackets. +Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * +indicates that the port should be available from all interfaces. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. @@ -650,6 +651,18 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl O Ar ctl_cmd +Control an active connection multiplexing master process. +When the +.Fl O +option is specified, the +.Ar ctl_cmd +argument is interpreted and passed to the master process. +Valid commands are: +.Dq check +(check that the master process is running) and +.Dq exit +(request the master to exit). .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate @@ -681,6 +694,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms @@ -688,6 +702,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LocalForward .It LogLevel .It MACs @@ -723,6 +738,7 @@ Quiet mode. Causes all warning and diagnostic messages to be suppressed. .It Fl R Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Xc @@ -737,17 +753,36 @@ made to port .Ar hostport from the local machine. +.Pp Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. -IPv6 addresses can be specified with an alternative syntax: +IPv6 addresses can be specified by enclosing the address in square braces or +using an alternative syntax: .Sm off .Xo -.Ar port No / Ar host No / -.Ar hostport . -.Xc +.Op Ar bind_address No / +.Ar host No / Ar port No / +.Ar hostport +.Xc . .Sm on -.It Fl S Ar ctl +.Pp +By default, the listening socket on the server will be bound to the loopback +interface only. +This may be overriden by specifying a +.Ar bind_address . +An empty +.Ar bind_address , +or the address +.Ql * , +indicates that the remote socket should listen on all interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ) . +.It Fl S Ar ctl_path Specifies the location of a control socket for connection sharing. Refer to the description of .Cm ControlPath @@ -796,10 +831,23 @@ Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. +.Pp +For this reason, X11 forwarding is subjected to X11 SECURITY extension +restrictions by default. +Please refer to the +.Nm +.Fl Y +option and the +.Cm ForwardX11Trusted +directive in +.Xr ssh_config 5 +for more information. .It Fl x Disables X11 forwarding. .It Fl Y Enables trusted X11 forwarding. +Trusted X11 forwardings are not subjected to the X11 SECURITY extension +controls. .El .Sh CONFIGURATION FILES .Nm @@ -859,7 +907,7 @@ and open an X11 window to read the passphrase. This is particularly useful when calling .Nm from a -.Pa .Xsession +.Pa .xsession or related script. (Note that on some machines it may be necessary to redirect the input from @@ -1012,7 +1060,9 @@ By default is not setuid root. .It Pa $HOME/.rhosts This file is used in -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication to list the host/user pairs that are permitted to log in. (Note that this file is @@ -1031,12 +1081,10 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -Note that by default +Note that .Xr sshd 8 -will be installed so that it requires successful RSA host -authentication before permitting -.Em rhosts -authentication. +allows authentication only in combination with client host key +authentication before permitting log in. If the server machine does not have the client's host key in .Pa /etc/ssh/ssh_known_hosts , it can be stored in @@ -1049,15 +1097,19 @@ will automatically add the host key to This file is used exactly the same way as .Pa .rhosts . The purpose for -having this file is to be able to use rhosts authentication with -.Nm -without permitting login with +having this file is to be able to use +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +authentication without permitting login with .Xr rlogin or .Xr rsh 1 . .It Pa /etc/hosts.equiv This file is used during -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication. It contains canonical hosts names, one per line (the full format is described in the @@ -1066,8 +1118,7 @@ manual page). If the client host is found in this file, login is automatically permitted provided client and server user names are the same. -Additionally, successful RSA host authentication is normally -required. +Additionally, successful client host key authentication is required. This file should only be writable by root. .It Pa /etc/shosts.equiv This file is processed exactly as diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 1419f98749aa..9acec30828d6 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -144,6 +144,9 @@ pid_t proxy_command_pid = 0; /* fd to control socket */ int control_fd = -1; +/* Multiplexing control command */ +static u_int mux_command = SSHMUX_COMMAND_OPEN; + /* Only used in control client mode */ volatile sig_atomic_t control_client_terminate = 0; u_int control_server_pid = 0; @@ -154,10 +157,12 @@ static void usage(void) { fprintf(stderr, -"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n" -" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n" -" [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n" +"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +" [-D port] [-e escape_char] [-F configfile]\n" +" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" +" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" +" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" +" [user@]hostname [command]\n" ); exit(1); } @@ -174,14 +179,13 @@ int main(int ac, char **av) { int i, opt, exit_status; - u_short fwd_port, fwd_host_port; - char sfwd_port[6], sfwd_host_port[6]; char *p, *cp, *line, buf[256]; struct stat st; struct passwd *pw; int dummy; extern int optind, optreset; extern char *optarg; + Forward fwd; __progname = ssh_get_progname(av[0]); init_rng(); @@ -236,7 +240,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -270,6 +274,14 @@ again: case 'g': options.gateway_ports = 1; break; + case 'O': + if (strcmp(optarg, "check") == 0) + mux_command = SSHMUX_COMMAND_ALIVE_CHECK; + else if (strcmp(optarg, "exit") == 0) + mux_command = SSHMUX_COMMAND_TERMINATE; + else + fatal("Invalid multiplex command."); + break; case 'P': /* deprecated */ options.use_privileged_port = 0; break; @@ -285,7 +297,8 @@ again: case 'i': if (stat(optarg, &st) < 0) { fprintf(stderr, "Warning: Identity file %s " - "does not exist.\n", optarg); + "not accessible: %s.\n", optarg, + strerror(errno)); break; } if (options.num_identity_files >= @@ -316,10 +329,10 @@ again: options.log_level++; break; } - /* fallthrough */ + /* FALLTHROUGH */ case 'V': fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); break; @@ -388,39 +401,51 @@ again: break; case 'L': - case 'R': - if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]", - sfwd_port, buf, sfwd_host_port) != 3 && - sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]", - sfwd_port, buf, sfwd_host_port) != 3) { + if (parse_forward(&fwd, optarg)) + add_local_forward(&options, &fwd); + else { fprintf(stderr, - "Bad forwarding specification '%s'\n", + "Bad local forwarding specification '%s'\n", optarg); - usage(); - /* NOTREACHED */ + exit(1); } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { + break; + + case 'R': + if (parse_forward(&fwd, optarg)) { + add_remote_forward(&options, &fwd); + } else { fprintf(stderr, - "Bad forwarding port(s) '%s'\n", optarg); + "Bad remote forwarding specification " + "'%s'\n", optarg); exit(1); } - if (opt == 'L') - add_local_forward(&options, fwd_port, buf, - fwd_host_port); - else if (opt == 'R') - add_remote_forward(&options, fwd_port, buf, - fwd_host_port); break; case 'D': - fwd_port = a2port(optarg); - if (fwd_port == 0) { + cp = p = xstrdup(optarg); + memset(&fwd, '\0', sizeof(fwd)); + fwd.connect_host = "socks"; + if ((fwd.listen_host = hpdelim(&cp)) == NULL) { + fprintf(stderr, "Bad dynamic forwarding " + "specification '%.100s'\n", optarg); + exit(1); + } + if (cp != NULL) { + fwd.listen_port = a2port(cp); + fwd.listen_host = cleanhostname(fwd.listen_host); + } else { + fwd.listen_port = a2port(fwd.listen_host); + fwd.listen_host = ""; + } + + if (fwd.listen_port == 0) { fprintf(stderr, "Bad dynamic port '%s'\n", optarg); exit(1); } - add_local_forward(&options, fwd_port, "socks", 0); + add_local_forward(&options, &fwd); + xfree(p); break; case 'C': @@ -829,14 +854,19 @@ ssh_init_forwarding(void) /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { - debug("Connections to local port %d forwarded to remote address %.200s:%d", - options.local_forwards[i].port, - options.local_forwards[i].host, - options.local_forwards[i].host_port); + debug("Local connections to %.200s:%d forwarded to remote " + "address %.200s:%d", + (options.local_forwards[i].listen_host == NULL) ? + (options.gateway_ports ? "*" : "LOCALHOST") : + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port); success += channel_setup_local_fwd_listener( - options.local_forwards[i].port, - options.local_forwards[i].host, - options.local_forwards[i].host_port, + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port, options.gateway_ports); } if (i > 0 && success == 0) @@ -844,14 +874,17 @@ ssh_init_forwarding(void) /* Initiate remote TCP/IP port forwardings. */ for (i = 0; i < options.num_remote_forwards; i++) { - debug("Connections to remote port %d forwarded to local address %.200s:%d", - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + debug("Remote connections from %.200s:%d forwarded to " + "local address %.200s:%d", + options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); channel_request_remote_forwarding( - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); } } @@ -1027,12 +1060,12 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) return; debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); if (type == SSH2_MSG_REQUEST_FAILURE) - logit("Warning: remote port forwarding failed for listen port %d", - options.remote_forwards[i].port); + logit("Warning: remote port forwarding failed for listen " + "port %d", options.remote_forwards[i].listen_port); } static void @@ -1249,10 +1282,20 @@ static void control_client(const char *path) { struct sockaddr_un addr; - int i, r, sock, exitval, num_env, addr_len; + int i, r, fd, sock, exitval, num_env, addr_len; Buffer m; - char *cp; + char *term; extern char **environ; + u_int flags; + + if (stdin_null_flag) { + if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) + fatal("open(/dev/null): %s", strerror(errno)); + if (dup2(fd, STDIN_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (fd > STDERR_FILENO) + close(fd); + } memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; @@ -1269,26 +1312,52 @@ control_client(const char *path) if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) fatal("Couldn't connect to %s: %s", path, strerror(errno)); - if ((cp = getenv("TERM")) == NULL) - cp = ""; + if ((term = getenv("TERM")) == NULL) + term = ""; + + flags = 0; + if (tty_flag) + flags |= SSHMUX_FLAG_TTY; + if (subsystem_flag) + flags |= SSHMUX_FLAG_SUBSYS; buffer_init(&m); - /* Get PID of controlee */ + /* Send our command to server */ + buffer_put_int(&m, mux_command); + buffer_put_int(&m, flags); + if (ssh_msg_send(sock, /* version */1, &m) == -1) + fatal("%s: msg_send", __func__); + buffer_clear(&m); + + /* Get authorisation status and PID of controlee */ if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 0) + if (buffer_get_char(&m) != 1) fatal("%s: wrong version", __func__); - /* Connection allowed? */ if (buffer_get_int(&m) != 1) fatal("Connection to master denied"); control_server_pid = buffer_get_int(&m); buffer_clear(&m); - buffer_put_int(&m, tty_flag); - buffer_put_int(&m, subsystem_flag); - buffer_put_cstring(&m, cp); + switch (mux_command) { + case SSHMUX_COMMAND_ALIVE_CHECK: + fprintf(stderr, "Master running (pid=%d)\r\n", + control_server_pid); + exit(0); + case SSHMUX_COMMAND_TERMINATE: + fprintf(stderr, "Exit request sent.\r\n"); + exit(0); + case SSHMUX_COMMAND_OPEN: + /* continue below */ + break; + default: + fatal("silly mux_command %d", mux_command); + } + + /* SSHMUX_COMMAND_OPEN */ + buffer_put_cstring(&m, term); buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); @@ -1310,7 +1379,7 @@ control_client(const char *path) } } - if (ssh_msg_send(sock, /* version */0, &m) == -1) + if (ssh_msg_send(sock, /* version */1, &m) == -1) fatal("%s: msg_send", __func__); mm_send_fd(sock, STDIN_FILENO); @@ -1321,10 +1390,11 @@ control_client(const char *path) buffer_clear(&m); if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 0) - fatal("%s: master returned error", __func__); + if (buffer_get_char(&m) != 1) + fatal("%s: wrong version", __func__); buffer_free(&m); + signal(SIGHUP, control_client_sighandler); signal(SIGINT, control_client_sighandler); signal(SIGTERM, control_client_sighandler); signal(SIGWINCH, control_client_sigrelay); diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h index a3b2ebbb5620..07592415b157 100644 --- a/crypto/openssh/ssh.h +++ b/crypto/openssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */ +/* $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -40,6 +40,13 @@ #define SSH_MAX_IDENTITY_FILES 100 /* + * Maximum length of lines in authorized_keys file. + * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with + * some room for options and comments. + */ +#define SSH_MAX_PUBKEY_BYTES 8192 + +/* * Major protocol version. Different version indicates major incompatibility * that prevents communication. * diff --git a/crypto/openssh/ssh1.h b/crypto/openssh/ssh1.h index cc7fbc8b0065..1741c229a09b 100644 --- a/crypto/openssh/ssh1.h +++ b/crypto/openssh/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -18,6 +18,9 @@ * for compatibility. The maximum value is 254; value 255 is reserved for * future extension. */ +/* Ranges */ +#define SSH_MSG_MIN 1 +#define SSH_MSG_MAX 254 /* Message name */ /* msg code */ /* arguments */ #define SSH_MSG_NONE 0 /* no message */ #define SSH_MSG_DISCONNECT 1 /* cause (string) */ diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 2692e89137ea..f41bee0a2ed3 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ +# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -13,7 +13,9 @@ # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. -# Site-wide defaults for various options +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. # Host * # ForwardAgent no diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 0e1a031e5da5..06db04c27a7c 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.38 2004/06/26 09:11:14 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -63,7 +63,7 @@ system-wide configuration file .Pp For each parameter, the first obtained value will be used. -The configuration files contain sections bracketed by +The configuration files contain sections separated by .Dq Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. @@ -120,9 +120,9 @@ Specifies which address family to use when connecting. Valid arguments are .Dq any , .Dq inet -(Use IPv4 only) or +(use IPv4 only) or .Dq inet6 -(Use IPv6 only.) +(use IPv6 only). .It Cm BatchMode If set to .Dq yes , @@ -359,11 +359,16 @@ option is also enabled. If this option is set to .Dq yes then remote X11 clients will have full access to the original X11 display. +.Pp If this option is set to .Dq no then remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. +Furthermore, the +.Xr xauth 1 +token used for the session will be set to expire after 20 minutes. +Remote clients will be refused access after this time. .Pp The default is .Dq no . @@ -402,6 +407,22 @@ Forward (delegate) credentials to the server. The default is .Dq no . Note that this option applies to protocol version 2 only. +.It Cm HashKnownHosts +Indicates that +.Nm ssh +should hash host names and addresses when they are added to +.Pa $HOME/.ssh/known_hosts . +These hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +The default is +.Dq no . +Note that hashing of names and addresses will not be retrospectively applied +to existing known hosts files, but these may be manually hashed using +.Xr ssh-keygen 1 . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. @@ -467,16 +488,45 @@ This option is intented for situations where offers many different identities. The default is .Dq no . +.It Cm KbdInteractiveDevices +Specifies the list of methods to use in keyboard-interactive authentication. +Multiple method names must be comma-separated. +The default is to use the server specified list. .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . -Multiple forwardings may be specified, and additional -forwardings can be given on the command line. +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host : port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing addresses in square brackets or +by using an alternative syntax: +.Sm off +.Xo +.Op Ar bind_address No / +.Ar host No / Ar port +.Xc . +.Sm on +Multiple forwardings may be specified, and additional forwardings can be +given on the command line. Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * +indicates that the port should be available from all interfaces. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Nm ssh . @@ -583,12 +633,39 @@ This option applies to protocol version 2 only. Specifies that a TCP/IP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host : port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing any addresses in square brackets +or by using the alternative syntax: +.Sm off +.Xo +.Op Ar bind_address No / +.Ar host No / Ar port +.Xc . +.Sm on Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.Pp +If the +.Ar bind_address +is not specified, the default is to only bind to loopback addresses. +If the +.Ar bind_address +is +.Ql * +or an empty string, then the forwarding is requested to listen on all +interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ) . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 11008e544ff6..49190560df75 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); #include <openssl/bn.h> @@ -297,12 +297,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, * second). If proxy_command is non-NULL, it specifies the command (with %h * and %p substituted for host and port, respectively) to use to contact * the daemon. - * Return values: - * 0 for OK - * ECONNREFUSED if we got a "Connection Refused" by the peer on any address - * ECONNABORTED if we failed without a "Connection refused" - * Suitable error messages for the connection failure will already have been - * printed. */ int ssh_connect(const char *host, struct sockaddr_storage * hostaddr, @@ -315,12 +309,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo hints, *ai, *aitop; struct servent *sp; - /* - * Did we get only other errors than "Connection refused" (which - * should block fallback to rsh and similar), or did we get at least - * one "Connection refused"? - */ - int full_failure = 1; debug2("ssh_connect: needpriv %d", needpriv); @@ -381,8 +369,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); break; } else { - if (errno == ECONNREFUSED) - full_failure = 0; debug("connect to address %s port %s: %s", ntop, strport, strerror(errno)); /* @@ -408,9 +394,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, /* Return failure if we didn't get a successful connection. */ if (attempt >= connection_attempts) { - logit("ssh: connect to host %s port %s: %s", + error("ssh: connect to host %s port %s: %s", host, strport, strerror(errno)); - return full_failure ? ECONNABORTED : ECONNREFUSED; + return (-1); } debug("Connection established."); @@ -568,7 +554,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; - int local = 0, host_ip_differ = 0; + int r, local = 0, host_ip_differ = 0; int salen; char ntop[NI_MAXHOST]; char msg[1024]; @@ -692,7 +678,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "'%.128s' not in list of known hosts.", type, ip); else if (!add_host_to_hostfile(user_hostfile, ip, - host_key)) + host_key, options.hash_known_hosts)) logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.30s).", type, ip, user_hostfile); @@ -748,17 +734,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (!confirm(msg)) goto fail; } - if (options.check_host_ip && ip_status == HOST_NEW) { - snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); - hostp = hostline; - } else - hostp = host; - /* * If not in strict mode, add the key automatically to the * local known_hosts file. */ - if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) + if (options.check_host_ip && ip_status == HOST_NEW) { + snprintf(hostline, sizeof(hostline), "%s,%s", + host, ip); + hostp = hostline; + if (options.hash_known_hosts) { + /* Add hash of host and IP separately */ + r = add_host_to_hostfile(user_hostfile, host, + host_key, options.hash_known_hosts) && + add_host_to_hostfile(user_hostfile, ip, + host_key, options.hash_known_hosts); + } else { + /* Add unhashed "host,ip" */ + r = add_host_to_hostfile(user_hostfile, + hostline, host_key, + options.hash_known_hosts); + } + } else { + r = add_host_to_hostfile(user_hostfile, host, host_key, + options.hash_known_hosts); + hostp = host; + } + + if (!r) logit("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfile); else diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 233b00037622..ac3bf96cfe76 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.201 2004/05/02 11:54:31 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -106,8 +106,6 @@ to use from those offered by the server. Next, the server and the client enter an authentication dialog. The client tries to authenticate itself using .Em .rhosts -authentication, -.Em .rhosts authentication combined with RSA host authentication, RSA challenge-response authentication, or password based authentication. @@ -135,11 +133,6 @@ or .Ql \&*NP\&* ). .Pp -.Em rhosts -authentication is normally disabled -because it is fundamentally insecure, but can be enabled in the server -configuration file if desired. -System security is not improved unless .Nm rshd , .Nm rlogind , and @@ -427,7 +420,9 @@ or .Dq ssh-rsa . .Pp Note that lines in this file are usually several hundred bytes long -(because of the size of the public key encoding). +(because of the size of the public key encoding) up to a limit of +8 kilobytes, which permits DSA keys up to 8 kilobits and RSA +keys up to 16 kilobits. You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub @@ -558,6 +553,14 @@ to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp +Alternately, hostnames may be stored in a hashed form which hides host names +and addresses should the file's contents be disclosed. +Hashed hostnames start with a +.Ql | +character. +Only one hashed hostname may appear on a single line and none of the above +negation or wildcard operators may be applied. +.Pp Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from .Pa /etc/ssh/ssh_host_key.pub . @@ -589,6 +592,11 @@ and adding the host names at the front. closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .Ed +.Bd -literal +# A hashed hostname +|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa +AAAA1234.....= +.Ed .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config @@ -657,6 +665,20 @@ These files should be writable only by root/the owner. should be world-readable, and .Pa $HOME/.ssh/known_hosts can, but need not be, world-readable. +.It Pa /etc/motd +See +.Xr motd 5 . +.It Pa $HOME/.hushlogin +This file is used to suppress printing the last login time and +.Pa /etc/motd , +if +.Cm PrintLastLog +and +.Cm PrintMotd , +respectively, +are enabled. +It does not suppress printing of the banner specified by +.Cm Banner . .It Pa /etc/nologin If this file exists, .Nm @@ -670,7 +692,11 @@ Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in .Xr hosts_access 5 . .It Pa $HOME/.rhosts -This file contains host-username pairs, separated by a space, one per +This file is used during +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +and contains host-username pairs, separated by a space, one per line. The given user on the corresponding host is permitted to log in without a password. @@ -691,7 +717,9 @@ However, this file is not used by rlogin and rshd, so using this permits access using SSH only. .It Pa /etc/hosts.equiv This file is used during -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication. In the simplest form, this file contains host names, one per line. Users on @@ -710,7 +738,7 @@ Negated entries start with If the client host/user is successfully matched in this file, login is automatically permitted provided the client and server user names are the same. -Additionally, successful RSA host authentication is normally required. +Additionally, successful client host key authentication is required. This file must be writable only by root; it is recommended that it be world-readable. .Pp diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 60f63ef7b701..11d618d11163 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.301 2004/08/11 11:50:09 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -112,12 +112,6 @@ ServerOptions options; char *config_file_name = _PATH_SERVER_CONFIG_FILE; /* - * Flag indicating whether IPv4 or IPv6. This can be set on the command line. - * Default value is AF_UNSPEC means both IPv4 and IPv6. - */ -int IPv4or6 = AF_UNSPEC; - -/* * Debug mode flag. This can be set on the command line. If debug * mode is enabled, extra debugging output will be sent to the system * log, the daemon will not go to background, and will exit after processing @@ -750,7 +744,7 @@ get_hostkey_index(Key *key) static int drop_connection(int startups) { - double p, r; + int p, r; if (startups < options.max_startups_begin) return 0; @@ -761,12 +755,11 @@ drop_connection(int startups) p = 100 - options.max_startups_rate; p *= startups - options.max_startups_begin; - p /= (double) (options.max_startups - options.max_startups_begin); + p /= options.max_startups - options.max_startups_begin; p += options.max_startups_rate; - p /= 100.0; - r = arc4random() / (double) UINT_MAX; + r = arc4random() % 100; - debug("drop_connection: p %g, r %g", p, r); + debug("drop_connection: p %d, r %d", p, r); return (r < p) ? 1 : 0; } @@ -774,7 +767,7 @@ static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); fprintf(stderr, "usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n" " [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n" @@ -884,7 +877,7 @@ main(int ac, char **av) char ntop[NI_MAXHOST], strport[NI_MAXSERV]; char *line; int listen_sock, maxfd; - int startup_p[2], config_s[2]; + int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 }; int startups = 0; Key *key; Authctxt *authctxt; @@ -921,10 +914,10 @@ main(int ac, char **av) while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { switch (opt) { case '4': - IPv4or6 = AF_INET; + options.address_family = AF_INET; break; case '6': - IPv4or6 = AF_INET6; + options.address_family = AF_INET6; break; case 'f': config_file_name = optarg; @@ -1025,7 +1018,6 @@ main(int ac, char **av) closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); SSLeay_add_all_algorithms(); - channel_set_af(IPv4or6); /* * Force logging to stderr until we have loaded the private host @@ -1038,13 +1030,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); -#ifdef _AIX /* * Unset KRB5CCNAME, otherwise the user's session may inherit it from * root's environment */ - unsetenv("KRB5CCNAME"); -#endif /* _AIX */ + if (getenv("KRB5CCNAME") != NULL) + unsetenv("KRB5CCNAME"); + #ifdef _UNICOS /* Cray can define user privs drop all privs now! * Not needed on PRIV_SU systems! @@ -1075,13 +1067,16 @@ main(int ac, char **av) /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); + /* set default channel AF */ + channel_set_af(options.address_family); + /* Check that there are no remaining arguments. */ if (optind < ac) { fprintf(stderr, "Extra argument %s.\n", av[optind]); exit(1); } - debug("sshd version %.100s", SSH_VERSION); + debug("sshd version %.100s", SSH_RELEASE); /* load private host keys */ sensitive_data.host_keys = xmalloc(options.num_host_key_files * @@ -1197,7 +1192,7 @@ main(int ac, char **av) } /* Initialize the log (it is reinitialized below in case we forked). */ - if (debug_flag && !inetd_flag) + if (debug_flag && (!inetd_flag || rexeced_flag)) log_stderr = 1; log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -1273,10 +1268,12 @@ main(int ac, char **av) if (num_listen_socks >= MAX_LISTEN_SOCKS) fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS"); - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, + if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("getnameinfo failed"); + NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { + error("getnameinfo failed: %.100s", + (ret != EAI_SYSTEM) ? gai_strerror(ret) : + strerror(errno)); continue; } /* Create socket for listening. */ @@ -1507,7 +1504,8 @@ main(int ac, char **av) sock_in = newsock; sock_out = newsock; log_init(__progname, options.log_level, options.log_facility, log_stderr); - close(config_s[0]); + if (rexec_flag) + close(config_s[0]); break; } } @@ -1632,6 +1630,9 @@ main(int ac, char **av) remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); +#ifdef SSH_AUDIT_EVENTS + audit_connection_from(remote_ip, remote_port); +#endif #ifdef LIBWRAP /* Check whether logins are denied from this host. */ if (packet_connection_is_on_socket()) { @@ -1668,9 +1669,6 @@ main(int ac, char **av) packet_set_nonblocking(); - /* prepare buffers to collect authentication messages */ - buffer_init(&loginmsg); - /* allocate authentication context */ authctxt = xmalloc(sizeof(*authctxt)); memset(authctxt, 0, sizeof(*authctxt)); @@ -1678,13 +1676,13 @@ main(int ac, char **av) /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; + /* prepare buffer to collect messages to display to user after login */ + buffer_init(&loginmsg); + if (use_privsep) if (privsep_preauth(authctxt) == 1) goto authenticated; - /* prepare buffer to collect messages to display to user after login */ - buffer_init(&loginmsg); - /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { @@ -1704,6 +1702,10 @@ main(int ac, char **av) } authenticated: +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_AUTH_SUCCESS); +#endif + /* * In privilege separation, we fork another child and prepare * file descriptor passing. @@ -1726,6 +1728,10 @@ main(int ac, char **av) finish_pam(); #endif /* USE_PAM */ +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); +#endif + packet_close(); if (use_privsep) @@ -2017,5 +2023,10 @@ cleanup_exit(int i) { if (the_authctxt) do_cleanup(the_authctxt); +#ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) + audit_event(SSH_CONNECTION_ABANDON); +#endif _exit(i); } diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 65e6f1c32f26..53ae9942e0cd 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ +# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -12,6 +12,7 @@ #Port 22 #Protocol 2,1 +#AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 09532fb8d656..8d291e61d441 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.35 2004/06/26 09:14:40 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted user environments. For this reason, care should be taken in the use of this directive. The default is not to accept any environment variables. +.It Cm AddressFamily +Specifies which address family should be used by +.Nm sshd . +Valid arguments are +.Dq any , +.Dq inet +(use IPv4 only) or +.Dq inet6 +(use IPv6 only). +The default is +.Dq any . .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -245,12 +256,15 @@ This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm sshd -should bind remote port forwardings to the wildcard address, -thus allowing remote hosts to connect to forwarded ports. -The argument must be +should allow remote port forwardings to bind to non-loopback addresses, thus +allowing other hosts to connect. +The argument may be +.Dq no +to force remote port forwardings to be available to the local host only, .Dq yes -or -.Dq no . +to force remote port forwardings to bind to the wildcard address, or +.Dq clientspecified +to allow the client to select the address to which the forwarding is bound. The default is .Dq no . .It Cm GSSAPIAuthentication @@ -455,7 +469,7 @@ server allows login to accounts with empty password strings. The default is .Dq no . .It Cm PermitRootLogin -Specifies whether root can login using +Specifies whether root can log in using .Xr ssh 1 . The argument must be .Dq yes , @@ -468,9 +482,7 @@ The default is .Pp If this option is set to .Dq without-password -password authentication is disabled for root. Note that other authentication -methods (e.g., keyboard-interactive/PAM) may still allow root to login using -a password. +password authentication is disabled for root. .Pp If this option is set to .Dq forced-commands-only @@ -484,7 +496,7 @@ All other authentication methods are disabled for root. .Pp If this option is set to .Dq no -root is not allowed to login. +root is not allowed to log in. .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment @@ -516,7 +528,8 @@ See also .It Cm PrintLastLog Specifies whether .Nm sshd -should print the date and time when the user last logged in. +should print the date and time of the last user login when a user logs +in interactively. The default is .Dq yes . .It Cm PrintMotd diff --git a/crypto/openssh/survey.sh.in b/crypto/openssh/survey.sh.in new file mode 100644 index 000000000000..d6075a6b3d70 --- /dev/null +++ b/crypto/openssh/survey.sh.in @@ -0,0 +1,69 @@ +#!/bin/sh +# +# Copyright (c) 2004, 2005 Darren Tucker +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +host="@host@" +AWK="@AWK@" +CC="@CC@" +CPP="@CPP@" +CFLAGS="@CFLAGS@" +CPPFLAGS="@CPPFLAGS@" +LDFLAGS="@LDFLAGS@" +LIBS="@LIBS@" + +# Note format: +# identifier: [data] CRCR + +echo "openssh-survey-version: 1" +echo +echo "openssh-version: `./ssh -V 2>&1`" +echo +configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'` +echo "configure-invocation: $configinv" +echo +echo "host: $host" +echo +echo "uname: `uname`" +echo +echo "uname-r: `uname -r`" +echo +echo "uname-m: `uname -m`" +echo +echo "uname-p: `uname -p`" +echo +echo "oslevel: `oslevel 2>/dev/null`" +echo +echo "oslevel-r: `oslevel -r 2>/dev/null`" +echo +echo "cc: $CC" +echo +echo "cflags: $CFLAGS" +echo +echo "cppflags: $CPPFLAGS" +echo +echo "ldflags: $LDFLAGS" +echo +echo "libs: $LIBS" +echo +echo "ccver-v: `$CC -v 2>&1 | sed '/^[ \t]*$/d'`" +echo +echo "ccver-V: `$CC -V 2>&1 | sed '/^[ \t]*$/d'`" +echo +echo "cppdefines:" +${CPP} -dM - </dev/null +echo +echo "config.h:" +egrep '#define|#undef' config.h +echo diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c index 44c4cb626c8a..aab7064eb16d 100644 --- a/crypto/openssh/uidswap.c +++ b/crypto/openssh/uidswap.c @@ -56,10 +56,12 @@ temporarily_use_uid(struct passwd *pw) debug("temporarily_use_uid: %u/%u (e=%u/%u)", (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid, (u_int)saved_egid); +#ifndef HAVE_CYGWIN if (saved_euid != 0) { privileged = 0; return; } +#endif #else if (geteuid() != 0) { privileged = 0; @@ -200,10 +202,12 @@ permanently_set_uid(struct passwd *pw) fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #endif +#ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); +#endif /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index aae2c3b37f7d..1a7f23bba6d9 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,3 +1,6 @@ -/* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ +/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */ -#define SSH_VERSION "OpenSSH_3.9p1" +#define SSH_VERSION "OpenSSH_4.0" + +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |