diff --git a/crypto/external/bsd/openssh/Makefile.inc b/crypto/external/bsd/openssh/Makefile.inc index 4f1eb6f2b..4f8894a41 100644 --- a/crypto/external/bsd/openssh/Makefile.inc +++ b/crypto/external/bsd/openssh/Makefile.inc @@ -13,10 +13,8 @@ CPPFLAGS+=-I${SSHDIST} CPPFLAGS+=-DHAVE_DLOPEN CPPFLAGS+=-DHAVE_HEADER_AD -CPPFLAGS+=-DHAVE_LOGIN_CAP CPPFLAGS+=-DHAVE_STDLIB_H -CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE .if !defined(NOPIC) CPPFLAGS+=-DHAVE_DLOPEN .endif @@ -42,4 +40,12 @@ CPPFLAGS+=-DWITH_LDAP_PUBKEY CPPFLAGS+=-DX11BASE=\"/usr/X11R7\" CPPFLAGS+=-DSUPPORT_UTMP -DSUPPORT_UTMPX +.if defined(__MINIX) +CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -D_OPENBSD_SOURCE +CPPFLAGS+=-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -Wno-error +CPPFLAGS+=-I. -I$(srcdir) $(PATHS) -DHAVE_CONFIG_H +.else +CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE +CPPFLAGS+=-DHAVE_LOGIN_CAP CPPFLAGS+=-DLIBWRAP +.endif diff --git a/crypto/external/bsd/openssh/bin/Makefile b/crypto/external/bsd/openssh/bin/Makefile index ddba16b71..803d82a97 100644 --- a/crypto/external/bsd/openssh/bin/Makefile +++ b/crypto/external/bsd/openssh/bin/Makefile @@ -1,6 +1,7 @@ # $NetBSD: Makefile,v 1.3 2010/11/21 19:19:21 adam Exp $ .include +.include SSHDIST?= ${NETBSDSRCDIR}/crypto/external/bsd/openssh/dist diff --git a/crypto/external/bsd/openssh/bin/sshd/Makefile b/crypto/external/bsd/openssh/bin/sshd/Makefile index d2e89146b..e988ed9d8 100644 --- a/crypto/external/bsd/openssh/bin/sshd/Makefile +++ b/crypto/external/bsd/openssh/bin/sshd/Makefile @@ -7,6 +7,23 @@ MAN= sshd.8 sshd_config.5 moduli.5 BINDIR= /usr/sbin + +.if defined(__MINIX) +SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ + audit.c audit-bsm.c audit-linux.c platform.c \ + sshpty.c sshlogin.c servconf.c serverloop.c \ + auth.c auth1.c auth2.c auth-options.c session.c \ + auth-chall.c auth2-chall.c groupaccess.c \ + auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ + auth2-none.c auth2-passwd.c auth2-pubkey.c \ + monitor_mm.c monitor.c monitor_wrap.c auth-krb5.c \ + auth2-gss.c gss-serv.c gss-serv-krb5.c \ + loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ + sftp-server.c sftp-common.c \ + roaming_common.c roaming_serv.c \ + sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c \ + sandbox-seccomp-filter.c sandbox-capsicum.c +.else SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ sshpty.c sshlogin.c servconf.c serverloop.c \ auth.c auth1.c auth2.c auth-options.c session.c \ @@ -15,7 +32,8 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ auth2-none.c auth2-passwd.c auth2-pubkey.c \ monitor_mm.c monitor.c monitor_wrap.c \ kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \ - roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c + roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c +.endif COPTS.auth-options.c= -Wno-pointer-sign COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix @@ -66,6 +84,10 @@ DPADD+= ${LIBLDAP} ${LIBSSL} ${LIBLBER} LDADD+= -lcrypt -lutil DPADD+= ${LIBCRYPT} ${LIBUTIL} +.if defined(__MINIX) +LDADD+= +DPADD+= +.else LDADD+= -lwrap DPADD+= ${LIBWRAP} @@ -75,3 +97,4 @@ CPPFLAGS+=-DSMALL LDADD+= -lblacklist DPADD+= ${LIBBLACKLIST} .endif +.endif diff --git a/crypto/external/bsd/openssh/dist/LICENCE b/crypto/external/bsd/openssh/dist/LICENCE index c2b4bc1f0..f52387139 100644 --- a/crypto/external/bsd/openssh/dist/LICENCE +++ b/crypto/external/bsd/openssh/dist/LICENCE @@ -182,6 +182,33 @@ OpenSSH contains no GPL code. Nils Nordman Simon Wilkinson + Portable OpenSSH additionally includes code from the following copyright + holders, also under the 2-term BSD license: + + Ben Lindstrom + Tim Rice + Andre Lucas + Chris Adams + Corinna Vinschen + Cray Inc. + Denis Parker + Gert Doering + Jakob Schlyter + Jason Downs + Juha Yrjölä + Michael Stone + Networks Associates Technology, Inc. + Solar Designer + Todd C. Miller + Wayne Schroeder + William Jones + Darren Tucker + Sun Microsystems + The SCO Group + Daniel Walsh + Red Hat, Inc + Simon Vallet / Genoscope + * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -202,6 +229,112 @@ OpenSSH contains no GPL code. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +8) Portable OpenSSH contains the following additional licenses: + + a) md5crypt.c, md5crypt.h + + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet + * some day, and you think this stuff is worth it, you can buy me a + * beer in return. Poul-Henning Kamp + + b) snprintf replacement + + * Copyright Patrick Powell 1995 + * This code is based on code written by Patrick Powell + * (papowell@astart.com) It may be used for any purpose as long as this + * notice remains intact on all source code distributions + + c) Compatibility code (openbsd-compat) + + Apart from the previously mentioned licenses, various pieces of code + in the openbsd-compat/ subdirectory are licensed as follows: + + Some code is licensed under a 3-term BSD license, to the following + copyright holders: + + Todd C. Miller + Theo de Raadt + Damien Miller + Eric P. Allman + The Regents of the University of California + Constantin S. Svintsoff + + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + + Some code is licensed under an ISC-style license, to the following + copyright holders: + + Internet Software Consortium. + Todd C. Miller + Reyk Floeter + Chad Mynhier + + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Some code is licensed under a MIT-style license to the following + copyright holders: + + Free Software Foundation, Inc. + + * Permission is hereby granted, free of charge, to any person obtaining a * + * copy of this software and associated documentation files (the * + * "Software"), to deal in the Software without restriction, including * + * without limitation the rights to use, copy, modify, merge, publish, * + * distribute, distribute with modifications, sublicense, and/or sell * + * copies of the Software, and to permit persons to whom the Software is * + * furnished to do so, subject to the following conditions: * + * * + * The above copyright notice and this permission notice shall be included * + * in all copies or substantial portions of the Software. * + * * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * + * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * + * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * + * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * + * * + * Except as contained in this notice, the name(s) of the above copyright * + * holders shall not be used in advertising or otherwise to promote the * + * sale, use or other dealings in this Software without prior written * + * authorization. * + ****************************************************************************/ + + ------ $OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ -$NetBSD: LICENCE,v 1.4 2015/04/03 23:58:19 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/OVERVIEW b/crypto/external/bsd/openssh/dist/OVERVIEW index 4d2bce523..fde72c8e0 100644 --- a/crypto/external/bsd/openssh/dist/OVERVIEW +++ b/crypto/external/bsd/openssh/dist/OVERVIEW @@ -166,4 +166,3 @@ these programs. xmalloc.c "safe" malloc routines $OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $ -$NetBSD: OVERVIEW,v 1.5 2015/08/13 10:33:21 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL b/crypto/external/bsd/openssh/dist/PROTOCOL index ff9b9e784..131adfefe 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL +++ b/crypto/external/bsd/openssh/dist/PROTOCOL @@ -453,4 +453,3 @@ This extension is advertised in the SSH_FXP_VERSION hello with version "1". $OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $ -$NetBSD: PROTOCOL,v 1.7 2015/08/13 10:33:21 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL.agent b/crypto/external/bsd/openssh/dist/PROTOCOL.agent index 7f879f276..27ec0c1de 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent +++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent @@ -558,4 +558,3 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. SSH_AGENT_CONSTRAIN_CONFIRM 2 $OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $ -$NetBSD: PROTOCOL.agent,v 1.6 2015/07/03 00:59:59 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys index 137718814..c98591093 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys +++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys @@ -263,4 +263,3 @@ permit-user-rc empty Flag indicating that execution of this option is not present. $OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ -$NetBSD: PROTOCOL.certkeys,v 1.5 2015/04/03 23:58:19 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL.mux b/crypto/external/bsd/openssh/dist/PROTOCOL.mux index 67e61f7a9..f042961f1 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL.mux +++ b/crypto/external/bsd/openssh/dist/PROTOCOL.mux @@ -226,4 +226,3 @@ XXX server->client error/warning notifications XXX send signals via mux $OpenBSD: PROTOCOL.mux,v 1.10 2015/07/17 03:04:27 djm Exp $ -$NetBSD: PROTOCOL.mux,v 1.8 2015/08/13 10:33:21 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/README b/crypto/external/bsd/openssh/dist/README index 684400610..9bbd3bac2 100644 --- a/crypto/external/bsd/openssh/dist/README +++ b/crypto/external/bsd/openssh/dist/README @@ -1,28 +1,69 @@ -This release of OpenSSH is for OpenBSD systems only. +See http://www.openssh.com/txt/release-7.1 for the release notes. -Please read - http://www.openssh.com/portable.html -if you want to install OpenSSH on other operating systems. +Please read http://www.openssh.com/report.html for bug reporting +instructions and note that we do not use Github for bug reporting or +patch/pull-request management. -To extract and install this release on your OpenBSD system use: +- A Japanese translation of this document and of the OpenSSH FAQ is +- available at http://www.unixuser.org/~haruyama/security/openssh/index.html +- Thanks to HARUYAMA Seigo - # cd /usr/src/usr.bin - # tar xvfz .../openssh-x.y.tgz - # cd ssh - # make obj - # make cleandir - # make depend - # make - # make install - # cp ssh_config sshd_config /etc/ssh +This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other +Unices. -OpenSSH is a derivative of the original and free ssh 1.2.12 release -by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels -Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer -features and created OpenSSH. Markus Friedl contributed the support -for SSH protocol versions 1.5 and 2.0. +OpenSSH is based on the last free version of Tatu Ylonen's sample +implementation with all patent-encumbered algorithms removed (to +external libraries), all known security bugs fixed, new features +reintroduced and many other clean-ups. OpenSSH has been created by +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, +and Dug Song. It has a homepage at http://www.openssh.com/ -See http://www.openssh.com/ for more information. +This port consists of the re-introduction of autoconf support, PAM +support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library +functions that are (regrettably) absent from other unices. This port +has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, +NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare. -$OpenBSD: README,v 1.7 2006/04/01 05:37:46 djm Exp $ -$NetBSD: README,v 1.4 2015/04/03 23:58:19 christos Exp $ +This version actively tracks changes in the OpenBSD CVS repository. + +The PAM support is now more functional than the popular packages of +commercial ssh-1.2.x. It checks "account" and "session" modules for +all logins, not just when using password authentication. + +OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5]. + +There is now several mailing lists for this port of OpenSSH. Please +refer to http://www.openssh.com/list.html for details on how to join. + +Please send bug reports and patches to the mailing list +openssh-unix-dev@mindrot.org. The list is open to posting by +unsubscribed users.Code contribution are welcomed, but please follow the +OpenBSD style guidelines[6]. + +Please refer to the INSTALL document for information on how to install +OpenSSH on your system. There are a number of differences between this +port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7] +for details and general tips. + +Damien Miller + +Miscellania - + +This version of OpenSSH is based upon code retrieved from the OpenBSD +CVS repository which in turn was based on the last free sample +implementation released by Tatu Ylonen. + +References - + +[0] http://www.openssh.com/faq.html +[1] http://www.lothar.com/tech/crypto/ +[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html +[3] http://www.gzip.org/zlib/ +[4] http://www.openssl.org/ +[5] http://www.openpam.org + http://www.kernel.org/pub/linux/libs/pam/ + (PAM also is standard on Solaris and HP-UX 11) +[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 +[7] http://www.openssh.com/faq.html + +$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $ diff --git a/crypto/external/bsd/openssh/dist/addrmatch.c b/crypto/external/bsd/openssh/dist/addrmatch.c index 5002b7615..70b050e05 100644 --- a/crypto/external/bsd/openssh/dist/addrmatch.c +++ b/crypto/external/bsd/openssh/dist/addrmatch.c @@ -1,4 +1,3 @@ -/* $NetBSD: addrmatch.c,v 1.9 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */ /* @@ -18,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: addrmatch.c,v 1.9 2015/08/13 10:33:21 christos Exp $"); + #include #include #include @@ -81,8 +80,8 @@ masklen_valid(int af, u_int masklen) static int addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa) { - struct sockaddr_in *in4 = (struct sockaddr_in *)(void *)sa; - struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)(void *)sa; + struct sockaddr_in *in4 = (struct sockaddr_in *)sa; + struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa; memset(xa, '\0', sizeof(*xa)); @@ -98,7 +97,9 @@ addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa) return -1; xa->af = AF_INET6; memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6)); +#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID xa->scope_id = in6->sin6_scope_id; +#endif break; default: return -1; @@ -312,7 +313,7 @@ static int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) { struct xaddr tmp; - unsigned int masklen = 999; + long unsigned int masklen = 999; char addrbuf[64], *mp, *cp; /* Don't modify argument */ diff --git a/crypto/external/bsd/openssh/dist/atomicio.c b/crypto/external/bsd/openssh/dist/atomicio.c index 070f5e218..b1ec234f5 100644 --- a/crypto/external/bsd/openssh/dist/atomicio.c +++ b/crypto/external/bsd/openssh/dist/atomicio.c @@ -1,4 +1,3 @@ -/* $NetBSD: atomicio.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: atomicio.c,v 1.27 2015/01/16 06:40:12 deraadt Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. @@ -28,12 +27,18 @@ */ #include "includes.h" -__RCSID("$NetBSD: atomicio.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + #include #include #include +#ifdef HAVE_POLL_H #include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif #include #include #include @@ -52,20 +57,20 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, ssize_t res; struct pollfd pfd; +#ifndef BROKEN_READ_COMPARISON pfd.fd = fd; - /* - * check for vwrite instead of read to avoid read being renamed - * by SSP issues - */ - pfd.events = f == vwrite ? POLLOUT : POLLIN; + pfd.events = f == read ? POLLIN : POLLOUT; +#endif while (n > pos) { res = (f) (fd, s + pos, n - pos); switch (res) { case -1: if (errno == EINTR) continue; - if (errno == EAGAIN) { + if (errno == EAGAIN || errno == EWOULDBLOCK) { +#ifndef BROKEN_READ_COMPARISON (void)poll(&pfd, 1, -1); +#endif continue; } return 0; @@ -109,16 +114,20 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, /* Make a copy of the iov array because we may modify it below */ memcpy(iov, _iov, iovcnt * sizeof(*_iov)); +#ifndef BROKEN_READV_COMPARISON pfd.fd = fd; pfd.events = f == readv ? POLLIN : POLLOUT; +#endif for (; iovcnt > 0 && iov[0].iov_len > 0;) { res = (f) (fd, iov, iovcnt); switch (res) { case -1: if (errno == EINTR) continue; - if (errno == EAGAIN) { + if (errno == EAGAIN || errno == EWOULDBLOCK) { +#ifndef BROKEN_READV_COMPARISON (void)poll(&pfd, 1, -1); +#endif continue; } return 0; diff --git a/crypto/external/bsd/openssh/dist/atomicio.h b/crypto/external/bsd/openssh/dist/atomicio.h index 831a3519c..0d728ac86 100644 --- a/crypto/external/bsd/openssh/dist/atomicio.h +++ b/crypto/external/bsd/openssh/dist/atomicio.h @@ -1,4 +1,3 @@ -/* $NetBSD: atomicio.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/auth-bsdauth.c b/crypto/external/bsd/openssh/dist/auth-bsdauth.c index 75500724c..37ff893e6 100644 --- a/crypto/external/bsd/openssh/dist/auth-bsdauth.c +++ b/crypto/external/bsd/openssh/dist/auth-bsdauth.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-bsdauth.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,11 +24,13 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-bsdauth.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + #include #include #include +#include + #ifdef BSD_AUTH #include "xmalloc.h" #include "key.h" diff --git a/crypto/external/bsd/openssh/dist/auth-chall.c b/crypto/external/bsd/openssh/dist/auth-chall.c index d4f3a91ff..60c9f14ca 100644 --- a/crypto/external/bsd/openssh/dist/auth-chall.c +++ b/crypto/external/bsd/openssh/dist/auth-chall.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + #include #include #include @@ -36,18 +35,14 @@ __RCSID("$NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); #include "hostfile.h" #include "auth.h" #include "log.h" -#ifdef USE_PAM #include "misc.h" -#include "buffer.h" #include "servconf.h" -extern ServerOptions options; -void remove_kbdint_device(const char *); -#endif /* limited protocol v1 interface to kbd-interactive authentication */ extern KbdintDevice *devices[]; static KbdintDevice *device; +extern ServerOptions options; char * get_challenge(Authctxt *authctxt) @@ -87,17 +82,44 @@ get_challenge(Authctxt *authctxt) int verify_response(Authctxt *authctxt, const char *response) { - char *resp[1]; + char *resp[1], *name, *info, **prompts; + u_int i, numprompts, *echo_on; int authenticated = 0; if (device == NULL) return 0; if (authctxt->kbdintctxt == NULL) return 0; - resp[0] = __UNCONST(response); - if (device->respond(authctxt->kbdintctxt, 1, resp) == 0) + resp[0] = (char *)response; + switch (device->respond(authctxt->kbdintctxt, 1, resp)) { + case 0: /* Success */ authenticated = 1; + break; + case 1: /* Postponed - retry with empty query for PAM */ + if ((device->query(authctxt->kbdintctxt, &name, &info, + &numprompts, &prompts, &echo_on)) != 0) + break; + if (numprompts == 0 && + device->respond(authctxt->kbdintctxt, 0, resp) == 0) + authenticated = 1; + + for (i = 0; i < numprompts; i++) + free(prompts[i]); + free(prompts); + free(name); + free(echo_on); + free(info); + break; + } device->free_ctx(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; return authenticated; } +void +abandon_challenge_response(Authctxt *authctxt) +{ + if (authctxt->kbdintctxt != NULL) { + device->free_ctx(authctxt->kbdintctxt); + authctxt->kbdintctxt = NULL; + } +} diff --git a/crypto/external/bsd/openssh/dist/auth-krb5.c b/crypto/external/bsd/openssh/dist/auth-krb5.c index ff533e81c..0089b1844 100644 --- a/crypto/external/bsd/openssh/dist/auth-krb5.c +++ b/crypto/external/bsd/openssh/dist/auth-krb5.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-krb5.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. @@ -30,11 +29,10 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-krb5.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); + #include #include #include -#include #include "xmalloc.h" #include "ssh.h" @@ -50,6 +48,9 @@ __RCSID("$NetBSD: auth-krb5.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); #include "auth.h" #ifdef KRB5 +#include +#include +#include #include extern ServerOptions options; @@ -64,187 +65,45 @@ krb5_init(void *context) problem = krb5_init_context(&authctxt->krb5_ctx); if (problem) return (problem); - krb5_init_ets(authctxt->krb5_ctx); } return (0); } -/* - * Try krb5 authentication. server_user is passed for logging purposes - * only, in auth is received ticket, in client is returned principal - * from the ticket - */ -int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) -{ - krb5_error_code problem; - krb5_principal server; - krb5_ticket *ticket; - int fd, ret; - const char *errtxt; - - ret = 0; - server = NULL; - ticket = NULL; - reply->length = 0; - - problem = krb5_init(authctxt); - if (problem) - goto err; - - problem = krb5_auth_con_init(authctxt->krb5_ctx, - &authctxt->krb5_auth_ctx); - if (problem) - goto err; - - fd = packet_get_connection_in(); - problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx, - authctxt->krb5_auth_ctx, &fd); - if (problem) - goto err; - - problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, - KRB5_NT_SRV_HST, &server); - if (problem) - goto err; - - problem = krb5_rd_req(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx, - auth, server, NULL, NULL, &ticket); - if (problem) - goto err; - - problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client, - &authctxt->krb5_user); - if (problem) - goto err; - - /* if client wants mutual auth */ - problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, - reply); - if (problem) - goto err; - - /* Check .k5login authorization now. */ - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, - authctxt->pw->pw_name)) - goto err; - - if (client) - krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, - client); - - ret = 1; - err: - if (server) - krb5_free_principal(authctxt->krb5_ctx, server); - if (ticket) - krb5_free_ticket(authctxt->krb5_ctx, ticket); - if (!ret && reply->length) { - free(reply->data); - memset(reply, 0, sizeof(*reply)); - } - - if (problem) { - errtxt = NULL; - if (authctxt->krb5_ctx != NULL) - errtxt = krb5_get_error_message(authctxt->krb5_ctx, - problem); - if (errtxt != NULL) { - debug("Kerberos v5 authentication failed: %s", errtxt); - krb5_free_error_message(authctxt->krb5_ctx, errtxt); - } else - debug("Kerberos v5 authentication failed: %d", - problem); - } - - return (ret); -} - -int -auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt) -{ - krb5_error_code problem; - krb5_ccache ccache = NULL; - char *pname; - const char *errtxt; - - if (authctxt->pw == NULL || authctxt->krb5_user == NULL) - return (0); - - temporarily_use_uid(authctxt->pw); - - problem = krb5_cc_new_unique(authctxt->krb5_ctx, "FILE", NULL, &ccache); - if (problem) - goto fail; - - problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache, - authctxt->krb5_user); - if (problem) - goto fail; - - problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, - ccache, tgt); - if (problem) - goto fail; - - authctxt->krb5_fwd_ccache = ccache; - ccache = NULL; - - authctxt->krb5_ticket_file = __UNCONST(krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache)); - - problem = krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, - &pname); - if (problem) - goto fail; - -#ifdef USE_PAM - if (options.use_pam) - do_pam_putenv(__UNCONST("KRB5CCNAME"), authctxt->krb5_ticket_file); -#endif - debug("Kerberos v5 TGT accepted (%s)", pname); - - restore_uid(); - - return (1); - - fail: - if (problem) { - errtxt = krb5_get_error_message(authctxt->krb5_ctx, problem); - if (errtxt != NULL) { - debug("Kerberos v5 TGT passing failed: %s", errtxt); - krb5_free_error_message(authctxt->krb5_ctx, errtxt); - } else - debug("Kerberos v5 TGT passing failed: %d", problem); - } - if (ccache) - krb5_cc_destroy(authctxt->krb5_ctx, ccache); - - restore_uid(); - - return (0); -} - - int auth_krb5_password(Authctxt *authctxt, const char *password) { +#ifndef HEIMDAL + krb5_creds creds; + krb5_principal server; +#endif krb5_error_code problem; krb5_ccache ccache = NULL; + int len; + char *client, *platform_client; const char *errmsg; + /* get platform-specific kerberos client principal name (if it exists) */ + platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); + client = platform_client ? platform_client : authctxt->pw->pw_name; + temporarily_use_uid(authctxt->pw); problem = krb5_init(authctxt); if (problem) goto out; - problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, + problem = krb5_parse_name(authctxt->krb5_ctx, client, &authctxt->krb5_user); if (problem) goto out; +#ifdef HEIMDAL +# ifdef HAVE_KRB5_CC_NEW_UNIQUE problem = krb5_cc_new_unique(authctxt->krb5_ctx, krb5_mcc_ops.prefix, NULL, &ccache); +# else + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); +# endif if (problem) goto out; @@ -263,8 +122,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; +# ifdef HAVE_KRB5_CC_NEW_UNIQUE problem = krb5_cc_new_unique(authctxt->krb5_ctx, krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); +# else + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, + &authctxt->krb5_fwd_ccache); +# endif if (problem) goto out; @@ -275,20 +139,71 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (problem) goto out; - authctxt->krb5_ticket_file = __UNCONST(krb5_cc_get_name( - authctxt->krb5_ctx, authctxt->krb5_fwd_ccache)); +#else + problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds, + authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL); + if (problem) + goto out; + + problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, + KRB5_NT_SRV_HST, &server); + if (problem) + goto out; + + restore_uid(); + problem = krb5_verify_init_creds(authctxt->krb5_ctx, &creds, server, + NULL, NULL, NULL); + krb5_free_principal(authctxt->krb5_ctx, server); + temporarily_use_uid(authctxt->pw); + if (problem) + goto out; + + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->pw->pw_name)) { + problem = -1; + goto out; + } + + problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); + if (problem) + goto out; + + problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, + authctxt->krb5_user); + if (problem) + goto out; + + problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, + &creds); + if (problem) + goto out; +#endif + + authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + + len = strlen(authctxt->krb5_ticket_file) + 6; + authctxt->krb5_ccname = xmalloc(len); + snprintf(authctxt->krb5_ccname, len, "FILE:%s", + authctxt->krb5_ticket_file); + +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname); +#endif out: restore_uid(); + + free(platform_client); if (problem) { if (ccache) krb5_cc_destroy(authctxt->krb5_ctx, ccache); - if (authctxt->krb5_ctx != NULL) { + if (authctxt->krb5_ctx != NULL && problem!=-1) { errmsg = krb5_get_error_message(authctxt->krb5_ctx, problem); - debug("Kerberos password authentication failed: %s", + debug("Kerberos password authentication failed: %s", errmsg); krb5_free_error_message(authctxt->krb5_ctx, errmsg); } else @@ -317,15 +232,42 @@ krb5_cleanup_proc(Authctxt *authctxt) krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user); authctxt->krb5_user = NULL; } - if (authctxt->krb5_auth_ctx) { - krb5_auth_con_free(authctxt->krb5_ctx, - authctxt->krb5_auth_ctx); - authctxt->krb5_auth_ctx = NULL; - } if (authctxt->krb5_ctx) { krb5_free_context(authctxt->krb5_ctx); authctxt->krb5_ctx = NULL; } } +#ifndef HEIMDAL +krb5_error_code +ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { + int tmpfd, ret, oerrno; + char ccname[40]; + mode_t old_umask; + + ret = snprintf(ccname, sizeof(ccname), + "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); + if (ret < 0 || (size_t)ret >= sizeof(ccname)) + return ENOMEM; + + old_umask = umask(0177); + tmpfd = mkstemp(ccname + strlen("FILE:")); + oerrno = errno; + umask(old_umask); + if (tmpfd == -1) { + logit("mkstemp(): %.100s", strerror(oerrno)); + return oerrno; + } + + if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { + oerrno = errno; + logit("fchmod(): %.100s", strerror(oerrno)); + close(tmpfd); + return oerrno; + } + close(tmpfd); + + return (krb5_cc_resolve(ctx, ccname, ccache)); +} +#endif /* !HEIMDAL */ #endif /* KRB5 */ diff --git a/crypto/external/bsd/openssh/dist/auth-options.c b/crypto/external/bsd/openssh/dist/auth-options.c index 104c4917b..e387697d3 100644 --- a/crypto/external/bsd/openssh/dist/auth-options.c +++ b/crypto/external/bsd/openssh/dist/auth-options.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-options.c,v 1.11 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */ /* * Author: Tatu Ylonen @@ -12,16 +11,16 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-options.c,v 1.11 2015/08/13 10:33:21 christos Exp $"); + #include -#include #include #include #include #include #include -#include + +#include "openbsd-compat/sys-queue.h" #include "key.h" /* XXX for typedef */ #include "buffer.h" /* XXX for typedef */ @@ -93,8 +92,7 @@ auth_clear_options(void) * side effect: sets key option flags */ int -auth_parse_options(struct passwd *pw, const char *opts, const char *file, - u_long linenum) +auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) { const char *cp; int i; diff --git a/crypto/external/bsd/openssh/dist/auth-options.h b/crypto/external/bsd/openssh/dist/auth-options.h index aada04fb6..34852e5c0 100644 --- a/crypto/external/bsd/openssh/dist/auth-options.h +++ b/crypto/external/bsd/openssh/dist/auth-options.h @@ -1,4 +1,3 @@ -/* $NetBSD: auth-options.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-options.h,v 1.21 2015/01/14 10:30:34 markus Exp $ */ /* @@ -34,7 +33,7 @@ extern int forced_tun_device; extern int key_is_cert_authority; extern char *authorized_principals; -int auth_parse_options(struct passwd *, const char *, const char *, u_long); +int auth_parse_options(struct passwd *, char *, char *, u_long); void auth_clear_options(void); int auth_cert_options(struct sshkey *, struct passwd *); diff --git a/crypto/external/bsd/openssh/dist/auth-pam.c b/crypto/external/bsd/openssh/dist/auth-pam.c index d1b24933c..d94c8285b 100644 --- a/crypto/external/bsd/openssh/dist/auth-pam.c +++ b/crypto/external/bsd/openssh/dist/auth-pam.c @@ -47,31 +47,16 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -/* - * NetBSD local changes - */ -__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $"); -#undef USE_POSIX_THREADS /* Not yet */ -#define HAVE_SECURITY_PAM_APPL_H -#define HAVE_PAM_GETENVLIST -#define HAVE_PAM_PUTENV -#define sshpam_const const /* LinuxPAM, OpenPAM */ -#define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member) -#define mysig_t sig_t -void sshpam_password_change_required(int); -/* end NetBSD local changes */ #include #include #include -#include #include #include #include #include #include -#include #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -80,7 +65,6 @@ void sshpam_password_change_required(int); #include #endif -#ifndef __NetBSD__ /* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */ #ifdef PAM_SUN_CODEBASE # define sshpam_const /* Solaris, HP-UX, AIX */ @@ -94,7 +78,6 @@ void sshpam_password_change_required(int); #else # define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member) #endif -#endif #include "xmalloc.h" #include "buffer.h" @@ -184,7 +167,7 @@ sshpam_sigchld_handler(int sig) } /* ARGSUSED */ -__dead static void +static void pthread_exit(void *value) { _exit(0); @@ -429,8 +412,7 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - free(reply[i].resp); + free(reply[i].resp); } free(reply); buffer_free(&buffer); @@ -456,8 +438,10 @@ sshpam_thread(void *ctxtp) const char **ptr_pam_user = &pam_user; char *tz = getenv("TZ"); - pam_get_item(sshpam_handle, PAM_USER, + sshpam_err = pam_get_item(sshpam_handle, PAM_USER, (sshpam_const void **)ptr_pam_user); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; environ[0] = NULL; if (tz != NULL) @@ -603,8 +587,7 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - free(reply[i].resp); + free(reply[i].resp); } free(reply); return (PAM_CONV_ERR); @@ -637,6 +620,7 @@ sshpam_cleanup(void) static int sshpam_init(Authctxt *authctxt) { + extern char *__progname; const char *pam_rhost, *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; @@ -1022,8 +1006,7 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - free(reply[i].resp); + free(reply[i].resp); } free(reply); return (PAM_CONV_ERR); @@ -1181,8 +1164,7 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, fail: for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - free(reply[i].resp); + free(reply[i].resp); } free(reply); return (PAM_CONV_ERR); diff --git a/crypto/external/bsd/openssh/dist/auth-pam.h b/crypto/external/bsd/openssh/dist/auth-pam.h index 0d7895ed5..a1a2b52d8 100644 --- a/crypto/external/bsd/openssh/dist/auth-pam.h +++ b/crypto/external/bsd/openssh/dist/auth-pam.h @@ -1,5 +1,4 @@ -/* $NetBSD: auth-pam.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ -/* Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp */ +/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */ /* * Copyright (c) 2000 Damien Miller. All rights reserved. @@ -29,7 +28,7 @@ #ifdef USE_PAM #if !defined(SSHD_PAM_SERVICE) -# define SSHD_PAM_SERVICE "sshd" +# define SSHD_PAM_SERVICE __progname #endif void start_pam(Authctxt *); diff --git a/crypto/external/bsd/openssh/dist/auth-passwd.c b/crypto/external/bsd/openssh/dist/auth-passwd.c index 6d5f057ba..63ccf3cab 100644 --- a/crypto/external/bsd/openssh/dist/auth-passwd.c +++ b/crypto/external/bsd/openssh/dist/auth-passwd.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-passwd.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen @@ -38,15 +37,13 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-passwd.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + #include -#include #include #include #include #include -#include #include "packet.h" #include "buffer.h" @@ -60,16 +57,15 @@ __RCSID("$NetBSD: auth-passwd.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); extern Buffer loginmsg; extern ServerOptions options; -int sys_auth_passwd(Authctxt *, const char *); #ifdef HAVE_LOGIN_CAP extern login_cap_t *lc; #endif + #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ -#if defined(BSD_AUTH) || defined(USE_PAM) void disable_forwarding(void) { @@ -77,7 +73,6 @@ disable_forwarding(void) no_agent_forwarding_flag = 1; no_x11_forwarding_flag = 1; } -#endif /* * Tries to authenticate the user using password. Returns true if @@ -87,16 +82,18 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; - int ok = authctxt->valid; + int result, ok = authctxt->valid; +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) + static int expire_checked = 0; +#endif +#ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; +#endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; -#ifdef USE_PAM - if (options.use_pam) - return (sshpam_auth_passwd(authctxt, password) && ok); -#endif + #ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); @@ -105,7 +102,31 @@ auth_password(Authctxt *authctxt, const char *password) /* Fall back to ordinary passwd authentication. */ } #endif - return (sys_auth_passwd(authctxt, password) && ok); +#ifdef HAVE_CYGWIN + { + HANDLE hToken = cygwin_logon_user(pw, password); + + if (hToken == INVALID_HANDLE_VALUE) + return 0; + cygwin_set_impersonation_token(hToken); + return ok; + } +#endif +#ifdef USE_PAM + if (options.use_pam) + return (sshpam_auth_passwd(authctxt, password) && ok); +#endif +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) + if (!expire_checked) { + expire_checked = 1; + if (auth_shadow_pwexpired(authctxt)) + authctxt->force_pwchange = 1; + } +#endif + result = sys_auth_passwd(authctxt, password); + if (authctxt->force_pwchange) + disable_forwarding(); + return (result && ok); } #ifdef BSD_AUTH @@ -167,26 +188,29 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) return (auth_close(as)); } } -#else +#elif !defined(CUSTOM_SYS_AUTH_PASSWD) int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; char *encrypted_password; + /* Just use the supplied fake password if authctxt is invalid */ + char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; + /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) + if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); /* Encrypt the candidate password using the proper salt. */ - encrypted_password = crypt(password, - (pw->pw_passwd[0] && pw->pw_passwd[1]) ? - pw->pw_passwd : "xx"); + encrypted_password = xcrypt(password, + (pw_password[0] && pw_password[1]) ? pw_password : "xx"); /* * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); + return encrypted_password != NULL && + strcmp(encrypted_password, pw_password) == 0; } #endif diff --git a/crypto/external/bsd/openssh/dist/auth-rh-rsa.c b/crypto/external/bsd/openssh/dist/auth-rh-rsa.c index 096449ab4..2e20396ea 100644 --- a/crypto/external/bsd/openssh/dist/auth-rh-rsa.c +++ b/crypto/external/bsd/openssh/dist/auth-rh-rsa.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-rh-rsa.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-rh-rsa.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen @@ -15,7 +14,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-rh-rsa.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_SSH1 + #include #include @@ -77,7 +78,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) client_host_key->rsa == NULL) return 0; - chost = __UNCONST(get_canonical_hostname(options.use_dns)); + chost = (char *)get_canonical_hostname(options.use_dns); debug("Rhosts RSA authentication: canonical host %.900s", chost); if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) { @@ -103,3 +104,5 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) packet_send_debug("Rhosts with RSA host authentication accepted."); return 1; } + +#endif /* WITH_SSH1 */ diff --git a/crypto/external/bsd/openssh/dist/auth-rhosts.c b/crypto/external/bsd/openssh/dist/auth-rhosts.c index b74bfb9c8..ee9e827af 100644 --- a/crypto/external/bsd/openssh/dist/auth-rhosts.c +++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-rhosts.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,16 +15,18 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-rhosts.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include #include -#include -#include +#ifdef HAVE_NETGROUP_H +# include +#endif #include #include #include #include +#include #include #include "packet.h" @@ -308,8 +309,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam * Check if we have been configured to ignore .rhosts * and .shosts files. */ - if ((pw->pw_uid == 0 && options.ignore_root_rhosts) || - (pw->pw_uid != 0 && options.ignore_rhosts)) { + if (options.ignore_rhosts) { auth_debug_add("Server has been configured to " "ignore %.100s.", rhosts_files[rhosts_file_index]); continue; diff --git a/crypto/external/bsd/openssh/dist/auth-rsa.c b/crypto/external/bsd/openssh/dist/auth-rsa.c index e7378985f..cbd971be1 100644 --- a/crypto/external/bsd/openssh/dist/auth-rsa.c +++ b/crypto/external/bsd/openssh/dist/auth-rsa.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,7 +15,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_SSH1 + #include #include @@ -24,6 +25,7 @@ __RCSID("$NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $"); #include #include +#include #include #include "xmalloc.h" @@ -170,8 +172,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, const BIGNUM *client_n, Key **rkey) { char *fp, line[SSH_MAX_PUBKEY_BYTES]; - int allowed = 0; - u_int bits; + int allowed = 0, bits; FILE *f; u_long linenum = 0; Key *key; @@ -232,7 +233,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, /* check the real bits */ keybits = BN_num_bits(key->rsa->n); - if (keybits < 0 || bits != (u_int)keybits) + if (keybits < 0 || bits != keybits) logit("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits); @@ -284,94 +285,9 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { char *file; u_int i, allowed = 0; - + temporarily_use_uid(pw); -#ifdef WITH_LDAP_PUBKEY - if (options.lpk.on) { - u_int bits; - ldap_key_t *k; - /* here is the job */ - Key *key = key_new(KEY_RSA1); - - debug("[LDAP] trying LDAP first uid=%s", pw->pw_name); - if ( ldap_ismember(&options.lpk, pw->pw_name) > 0) { - if ( (k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) { - for (i = 0 ; i < k->num ; i++) { - char *cp, *xoptions = NULL; - - for (cp = k->keys[i]->bv_val; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') - continue; - - /* - * Check if there are options for this key, and if so, - * save their starting address and skip the option part - * for now. If there are no options, set the starting - * address to NULL. - */ - if (*cp < '0' || *cp > '9') { - int quoted = 0; - xoptions = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - } else - xoptions = NULL; - - /* Parse the key from the line. */ - if (hostfile_read_key(&cp, &bits, key) == 0) { - debug("[LDAP] line %d: non ssh1 key syntax", i); - continue; - } - /* cp now points to the comment part. */ - - /* Check if the we have found the desired key (identified by its modulus). */ - if (BN_cmp(key->rsa->n, client_n) != 0) - continue; - - /* check the real bits */ - if (bits != (unsigned int)BN_num_bits(key->rsa->n)) - logit("[LDAP] Warning: ldap, line %lu: keysize mismatch: " - "actual %d vs. announced %d.", (unsigned long)i, BN_num_bits(key->rsa->n), bits); - - /* We have found the desired key. */ - /* - * If our options do not allow this key to be used, - * do not send challenge. - */ - if (!auth_parse_options(pw, xoptions, "[LDAP]", (unsigned long) i)) - continue; - - /* break out, this key is allowed */ - allowed = 1; - - /* add the return stuff etc... */ - /* Restore the privileged uid. */ - restore_uid(); - - /* return key if allowed */ - if (allowed && rkey != NULL) - *rkey = key; - else - key_free(key); - - ldap_keys_free(k); - return (allowed); - } - } else { - logit("[LDAP] no keys found for '%s'!", pw->pw_name); - } - } else { - logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup); - } - } -#endif - for (i = 0; !allowed && i < options.num_authkeys_files; i++) { if (strcasecmp(options.authorized_keys_files[i], "none") == 0) continue; @@ -429,3 +345,5 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) packet_send_debug("RSA authentication accepted."); return (1); } + +#endif /* WITH_SSH1 */ diff --git a/crypto/external/bsd/openssh/dist/auth-skey.c b/crypto/external/bsd/openssh/dist/auth-skey.c index c0394c31d..3536ec8fa 100644 --- a/crypto/external/bsd/openssh/dist/auth-skey.c +++ b/crypto/external/bsd/openssh/dist/auth-skey.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -23,8 +22,8 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" -__RCSID("$NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #ifdef SKEY @@ -39,12 +38,8 @@ __RCSID("$NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include "key.h" #include "hostfile.h" #include "auth.h" - -#ifdef GSSAPI -#include "buffer.h" #include "ssh-gss.h" -#endif - +#include "log.h" #include "monitor_wrap.h" static void * @@ -61,7 +56,8 @@ skey_query(void *ctx, char **name, char **infotxt, char challenge[1024]; struct skey skey; - if (skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1) + if (_compat_skeychallenge(&skey, authctxt->user, challenge, + sizeof(challenge)) == -1) return -1; *name = xstrdup(""); diff --git a/crypto/external/bsd/openssh/dist/auth.c b/crypto/external/bsd/openssh/dist/auth.c index 24c0e3d45..214c2c708 100644 --- a/crypto/external/bsd/openssh/dist/auth.c +++ b/crypto/external/bsd/openssh/dist/auth.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,16 +24,27 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $"); + #include #include +#include + #include #include -#include -#include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include +#ifdef HAVE_LOGIN_H +#include +#endif +#ifdef USE_SHADOW +#include +#endif +#ifdef HAVE_LIBGEN_H +#include +#endif #include #include #include @@ -55,6 +65,7 @@ __RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $"); #include "canohost.h" #include "uidswap.h" #include "packet.h" +#include "loginrec.h" #ifdef GSSAPI #include "ssh-gss.h" #endif @@ -63,15 +74,12 @@ __RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $"); #include "authfile.h" #include "ssherr.h" #include "compat.h" -#include "pfilter.h" - -#ifdef HAVE_LOGIN_CAP -#include -#endif /* import */ extern ServerOptions options; extern int use_privsep; +extern Buffer loginmsg; +extern struct passwd *privsep_pw; /* Debugging messages */ Buffer auth_debug; @@ -89,132 +97,68 @@ int auth_debug_init; int allowed_user(struct passwd * pw) { -#ifdef HAVE_LOGIN_CAP - extern login_cap_t *lc; - int match_name, match_ip; - char *cap_hlist, *hp; -#endif struct stat st; - const char *hostname = NULL, *ipaddr = NULL; + const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; u_int i; +#ifdef USE_SHADOW + struct spwd *spw = NULL; +#endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw || !pw->pw_name) return 0; -#ifdef HAVE_LOGIN_CAP - hostname = get_canonical_hostname(options.use_dns); - ipaddr = get_remote_ipaddr(); +#ifdef USE_SHADOW + if (!options.use_pam) + spw = getspnam(pw->pw_name); +#ifdef HAS_SHADOW_EXPIRE + if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw)) + return 0; +#endif /* HAS_SHADOW_EXPIRE */ +#endif /* USE_SHADOW */ - lc = login_getclass(pw->pw_class); - - /* - * Check the deny list. - */ - cap_hlist = login_getcapstr(lc, "host.deny", NULL, NULL); - if (cap_hlist != NULL) { - hp = strtok(cap_hlist, ","); - while (hp != NULL) { - match_name = match_hostname(hostname, hp); - match_ip = match_hostname(ipaddr, hp); - /* - * Only a positive match here causes a "deny". - */ - if (match_name > 0 || match_ip > 0) { - free(cap_hlist); - login_close(lc); - return 0; - } - hp = strtok(NULL, ","); - } - free(cap_hlist); - } - - /* - * Check the allow list. If the allow list exists, and the - * remote host is not in it, the user is implicitly denied. - */ - cap_hlist = login_getcapstr(lc, "host.allow", NULL, NULL); - if (cap_hlist != NULL) { - hp = strtok(cap_hlist, ","); - if (hp == NULL) { - /* Just in case there's an empty string... */ - free(cap_hlist); - login_close(lc); - return 0; - } - while (hp != NULL) { - match_name = match_hostname(hostname, hp); - match_ip = match_hostname(ipaddr, hp); - /* - * Negative match causes an immediate "deny". - * Positive match causes us to break out - * of the loop (allowing a fallthrough). - */ - if (match_name < 0 || match_ip < 0) { - free(cap_hlist); - login_close(lc); - return 0; - } - if (match_name > 0 || match_ip > 0) - break; - hp = strtok(NULL, ","); - } - free(cap_hlist); - if (hp == NULL) { - login_close(lc); - return 0; - } - } - - login_close(lc); + /* grab passwd field for locked account check */ + passwd = pw->pw_passwd; +#ifdef USE_SHADOW + if (spw != NULL) +#ifdef USE_LIBIAF + passwd = get_iaf_password(pw); +#else + passwd = spw->sp_pwdp; +#endif /* USE_LIBIAF */ #endif -#ifdef USE_PAM - if (!options.use_pam) { -#endif - /* - * password/account expiration. - */ - if (pw->pw_change || pw->pw_expire) { - struct timeval tv; + /* check for locked account */ + if (!options.use_pam && passwd && *passwd) { + int locked = 0; - (void)gettimeofday(&tv, (struct timezone *)NULL); - if (pw->pw_expire) { - if (tv.tv_sec >= pw->pw_expire) { - logit("User %.100s not allowed because account has expired", - pw->pw_name); - return 0; /* expired */ - } - } -#ifdef _PASSWORD_CHGNOW - if (pw->pw_change == _PASSWORD_CHGNOW) { - logit("User %.100s not allowed because password needs to be changed", +#ifdef LOCKED_PASSWD_STRING + if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0) + locked = 1; +#endif +#ifdef LOCKED_PASSWD_PREFIX + if (strncmp(passwd, LOCKED_PASSWD_PREFIX, + strlen(LOCKED_PASSWD_PREFIX)) == 0) + locked = 1; +#endif +#ifdef LOCKED_PASSWD_SUBSTR + if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) + locked = 1; +#endif +#ifdef USE_LIBIAF + free((void *) passwd); +#endif /* USE_LIBIAF */ + if (locked) { + logit("User %.100s not allowed because account is locked", pw->pw_name); - - return 0; /* can't force password change (yet) */ - } -#endif - if (pw->pw_change) { - if (tv.tv_sec >= pw->pw_change) { - logit("User %.100s not allowed because password has expired", - pw->pw_name); - return 0; /* expired */ - } + return 0; } } -#ifdef USE_PAM - } -#endif /* * Deny if shell does not exist or is not executable unless we * are chrooting. */ - /* - * XXX Should check to see if it is executable by the - * XXX requesting user. --thorpej - */ if (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0) { char *shell = xstrdup((pw->pw_shell[0] == '\0') ? @@ -235,11 +179,6 @@ allowed_user(struct passwd * pw) } free(shell); } - /* - * XXX Consider nuking {Allow,Deny}{Users,Groups}. We have the - * XXX login_cap(3) mechanism which covers all other types of - * XXX logins, too. - */ if (options.num_deny_users > 0 || options.num_allow_users > 0 || options.num_deny_groups > 0 || options.num_allow_groups > 0) { @@ -304,6 +243,12 @@ allowed_user(struct passwd * pw) } ga_free(); } + +#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER + if (!sys_auth_allowed_user(pw, &loginmsg)) + return 0; +#endif + /* We found no reason not to let this user try to log on... */ return 1; } @@ -330,7 +275,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, const char *method, const char *submethod) { void (*authlog) (const char *fmt,...) = verbose; - const char *authmsg; + char *authmsg; if (use_privsep && !mm_is_monitor() && !authctxt->postponed) return; @@ -360,12 +305,29 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, compat20 ? "ssh2" : "ssh1", authctxt->info != NULL ? ": " : "", authctxt->info != NULL ? authctxt->info : ""); - if (!authctxt->postponed) - pfilter_notify(!authenticated); free(authctxt->info); authctxt->info = NULL; + +#ifdef CUSTOM_FAILED_LOGIN + if (authenticated == 0 && !authctxt->postponed && + (strcmp(method, "password") == 0 || + strncmp(method, "keyboard-interactive", 20) == 0 || + strcmp(method, "challenge-response") == 0)) + record_failed_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh"); +# ifdef WITH_AIXAUTHENTICATE + if (authenticated) + sys_auth_record_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh", &loginmsg); +# endif +#endif +#ifdef SSH_AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) + audit_event(audit_classify_auth(method)); +#endif } + void auth_maxtries_exceeded(Authctxt *authctxt) { @@ -525,7 +487,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, snprintf(err, errlen, "%s is not a regular file", buf); return -1; } - if ((stp->st_uid != 0 && stp->st_uid != uid) || + if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || (stp->st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); @@ -541,7 +503,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, strlcpy(buf, cp, sizeof(buf)); if (stat(buf, &st) < 0 || - (st.st_uid != 0 && st.st_uid != uid) || + (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for directory %s", buf); @@ -585,7 +547,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, static FILE * auth_openfile(const char *file, struct passwd *pw, int strict_modes, - int log_missing, const char *file_type) + int log_missing, char *file_type) { char line[1024]; struct stat st; @@ -643,9 +605,9 @@ struct passwd * getpwnamallow(const char *user) { #ifdef HAVE_LOGIN_CAP - extern login_cap_t *lc; + extern login_cap_t *lc; #ifdef BSD_AUTH - auth_session_t *as; + auth_session_t *as; #endif #endif struct passwd *pw; @@ -654,10 +616,38 @@ getpwnamallow(const char *user) ci->user = user; parse_server_match_config(&options, ci); +#if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_setauthdb(user); +#endif + pw = getpwnam(user); + +#if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_restoreauthdb(); +#endif +#ifdef HAVE_CYGWIN + /* + * Windows usernames are case-insensitive. To avoid later problems + * when trying to match the username, the user is only allowed to + * login if the username is given in the same case as stored in the + * user database. + */ + if (pw != NULL && strcmp(user, pw->pw_name) != 0) { + logit("Login name %.100s does not match stored username %.100s", + user, pw->pw_name); + pw = NULL; + } +#endif if (pw == NULL) { logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); +#ifdef CUSTOM_FAILED_LOGIN + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); +#endif +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_INVALID_USER); +#endif /* SSH_AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) @@ -765,19 +755,21 @@ struct passwd * fakepw(void) { static struct passwd fake; - static char nouser[] = "NOUSER"; - static char nonexist[] = "/nonexist"; memset(&fake, 0, sizeof(fake)); - fake.pw_name = nouser; - fake.pw_passwd = __UNCONST( - "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"); - fake.pw_gecos = nouser; - fake.pw_uid = (uid_t)-1; - fake.pw_gid = (gid_t)-1; - fake.pw_class = __UNCONST(""); - fake.pw_dir = nonexist; - fake.pw_shell = nonexist; + fake.pw_name = "NOUSER"; + fake.pw_passwd = + "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS + fake.pw_gecos = "NOUSER"; +#endif + fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; + fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS + fake.pw_class = ""; +#endif + fake.pw_dir = "/nonexist"; + fake.pw_shell = "/nonexist"; return (&fake); } diff --git a/crypto/external/bsd/openssh/dist/auth.h b/crypto/external/bsd/openssh/dist/auth.h index bde1d3090..8b27575b0 100644 --- a/crypto/external/bsd/openssh/dist/auth.h +++ b/crypto/external/bsd/openssh/dist/auth.h @@ -1,4 +1,3 @@ -/* $NetBSD: auth.h,v 1.11 2015/07/03 00:59:59 christos Exp $ */ /* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */ /* @@ -68,18 +67,16 @@ struct Authctxt { #ifdef BSD_AUTH auth_session_t *as; #endif -#ifdef KRB4 - char *krb4_ticket_file; -#endif char **auth_methods; /* modified from server config */ u_int num_auth_methods; #ifdef KRB5 krb5_context krb5_ctx; - krb5_auth_context krb5_auth_ctx; krb5_ccache krb5_fwd_ccache; krb5_principal krb5_user; char *krb5_ticket_file; + char *krb5_ccname; #endif + Buffer *loginmsg; void *methoddata; struct sshkey **prev_userkeys; @@ -92,12 +89,8 @@ struct Authctxt { * the client. */ -#ifdef USE_PAM -#include "auth-pam.h" -#endif - struct Authmethod { - const char *name; + char *name; int (*userauth)(Authctxt *authctxt); int *enabled; }; @@ -119,7 +112,6 @@ struct KbdintDevice void (*free_ctx)(void *ctx); }; -void disable_forwarding(void); int auth_rhosts(struct passwd *, const char *); int auth_rhosts2(struct passwd *, const char *, const char *, const char *); @@ -140,20 +132,6 @@ void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) void auth2_record_userkey(Authctxt *, struct sshkey *); int auth2_userkey_already_used(Authctxt *, struct sshkey *); -#ifdef KRB4 -#include -int auth_krb4(Authctxt *, KTEXT, char **, KTEXT); -int auth_krb4_password(Authctxt *, const char *); -void krb4_cleanup_proc(void *); - -#ifdef AFS -#include -int auth_krb4_tgt(Authctxt *, const char *); -int auth_afs_token(Authctxt *, const char *); -#endif /* AFS */ - -#endif /* KRB4 */ - struct stat; int auth_secure_path(const char *, struct stat *, const char *, uid_t, char *, size_t); @@ -165,6 +143,18 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ +#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) +#include +int auth_shadow_acctexpired(struct spwd *); +int auth_shadow_pwexpired(Authctxt *); +#endif + +#include "auth-pam.h" +#include "audit.h" +void remove_kbdint_device(const char *); + +void disable_forwarding(void); + void do_authentication(Authctxt *); void do_authentication2(Authctxt *); @@ -176,6 +166,8 @@ void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); void userauth_finish(Authctxt *, int, const char *, const char *); int auth_root_allowed(const char *); +void userauth_send_banner(const char *); + char *auth2_read_banner(void); int auth2_methods_valid(const char *, int); int auth2_update_methods_lists(Authctxt *, const char *, const char *); @@ -196,6 +188,7 @@ struct passwd * getpwnamallow(const char *user); char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); +void abandon_challenge_response(Authctxt *); char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); @@ -225,7 +218,7 @@ void auth_debug_reset(void); struct passwd *fakepw(void); -#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" +int sys_auth_passwd(Authctxt *, const char *); #define SKEY_PROMPT "\nS/Key Password: " diff --git a/crypto/external/bsd/openssh/dist/auth1.c b/crypto/external/bsd/openssh/dist/auth1.c index cefd01c7a..5073c49bb 100644 --- a/crypto/external/bsd/openssh/dist/auth1.c +++ b/crypto/external/bsd/openssh/dist/auth1.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */ /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -12,15 +11,18 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $"); -#include -#include +#ifdef WITH_SSH1 + +#include + +#include #include #include #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" @@ -41,7 +43,6 @@ __RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $"); #endif #include "monitor_wrap.h" #include "buffer.h" -#include "pfilter.h" /* import */ extern ServerOptions options; @@ -52,13 +53,12 @@ static int auth1_process_rsa(Authctxt *); static int auth1_process_rhosts_rsa(Authctxt *); static int auth1_process_tis_challenge(Authctxt *); static int auth1_process_tis_response(Authctxt *); -#if defined(KRB4) || defined(KRB5) -static int auth1_process_kerberos(Authctxt *); -#endif + +static char *client_user = NULL; /* Used to fill in remote user for PAM */ struct AuthMethod1 { int type; - const char *name; + char *name; int *enabled; int (*method)(Authctxt *); }; @@ -86,13 +86,6 @@ const struct AuthMethod1 auth1_methods[] = { &options.challenge_response_authentication, auth1_process_tis_response }, -#if defined(KRB4) || defined(KRB5) - { - SSH_CMSG_AUTH_KERBEROS, "kerberos", - &options.kerberos_authentication, - auth1_process_kerberos - }, -#endif /* KRB4 || KRB5 */ { -1, NULL, NULL, NULL} }; @@ -108,7 +101,7 @@ static const struct AuthMethod1 return (NULL); } -static const char * +static char * get_authname(int type) { const struct AuthMethod1 *a; @@ -145,60 +138,23 @@ auth1_process_password(Authctxt *authctxt) return (authenticated); } -#if defined(KRB4) || defined(KRB5) +/*ARGSUSED*/ static int -auth1_process_kerberos(Authctxt *authctxt) +auth1_process_rsa(Authctxt *authctxt) { int authenticated = 0; - u_int dlen; - char *client_user; - char *kdata = packet_get_string(&dlen); + BIGNUM *n; + + /* RSA authentication requested. */ + if ((n = BN_new()) == NULL) + fatal("do_authloop: BN_new failed"); + packet_get_bignum(n); packet_check_eom(); + authenticated = auth_rsa(authctxt, n); + BN_clear_free(n); - if (kdata[0] == 4) { /* KRB_PROT_VERSION */ -#ifdef KRB4 - KTEXT_ST tkt, reply; - tkt.length = dlen; - if (tkt.length < MAX_KTXT_LEN) - memcpy(tkt.dat, kdata, tkt.length); - - if (PRIVSEP(auth_krb4(authctxt, &tkt, &client_user, &reply))) { - authenticated = 1; - - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *) - reply.dat, reply.length); - packet_send(); - packet_write_wait(); - - free(client_user); - } -#endif /* KRB4 */ - } else { -#ifdef KRB5 - krb5_data tkt, reply; - tkt.length = dlen; - tkt.data = kdata; - - if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) { - authenticated = 1; - - /* Send response to client */ - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *)reply.data, reply.length); - packet_send(); - packet_write_wait(); - - if (reply.length) - free(reply.data); - free(client_user); - } -#endif /* KRB5 */ - } - free(kdata); - return authenticated; + return (authenticated); } -#endif /* KRB4 || KRB5 */ /*ARGSUSED*/ static int @@ -206,7 +162,6 @@ auth1_process_rhosts_rsa(Authctxt *authctxt) { int keybits, authenticated = 0; u_int bits; - char *client_user; Key *client_host_key; u_int ulen; @@ -236,25 +191,6 @@ auth1_process_rhosts_rsa(Authctxt *authctxt) key_free(client_host_key); auth_info(authctxt, "ruser %.100s", client_user); - free(client_user); - - return (authenticated); -} - -/*ARGSUSED*/ -static int -auth1_process_rsa(Authctxt *authctxt) -{ - int authenticated = 0; - BIGNUM *n; - - /* RSA authentication requested. */ - if ((n = BN_new()) == NULL) - fatal("do_authloop: BN_new failed"); - packet_get_bignum(n); - packet_check_eom(); - authenticated = auth_rsa(authctxt, n); - BN_clear_free(n); return (authenticated); } @@ -303,7 +239,7 @@ static void do_authloop(Authctxt *authctxt) { int authenticated = 0; - int type = 0; + int prev = 0, type = 0; const struct AuthMethod1 *meth; debug("Attempting authentication for %s%.100s.", @@ -311,19 +247,18 @@ do_authloop(Authctxt *authctxt) /* If the user has no password, accept authentication immediately. */ if (options.permit_empty_passwd && options.password_authentication && -#if defined(KRB4) || defined(KRB5) +#ifdef KRB5 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif - PRIVSEP(auth_password(authctxt, __UNCONST("")))) { + PRIVSEP(auth_password(authctxt, ""))) { #ifdef USE_PAM - if (options.use_pam && PRIVSEP(do_pam_account())) + if (options.use_pam && (PRIVSEP(do_pam_account()))) #endif { auth_log(authctxt, 1, 0, "without authentication", NULL); return; } - return; } /* Indicate that authentication is needed. */ @@ -337,7 +272,20 @@ do_authloop(Authctxt *authctxt) /* Get a packet from the client. */ + prev = type; type = packet_read(); + + /* + * If we started challenge-response authentication but the + * next packet is not a response to our challenge, release + * the resources allocated by get_challenge() (which would + * normally have been released by verify_response() had we + * received such a response) + */ + if (prev == SSH_CMSG_AUTH_TIS && + type != SSH_CMSG_AUTH_TIS_RESPONSE) + abandon_challenge_response(authctxt); + if (authctxt->failures >= options.max_authtries) goto skip; if ((meth = lookup_authmethod1(type)) == NULL) { @@ -365,10 +313,23 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); +#ifdef _UNICOS + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + +#ifndef HAVE_CYGWIN /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(meth->name)) - authenticated = 0; + !auth_root_allowed(meth->name)) { + authenticated = 0; +# ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); +# endif + } +#endif #ifdef USE_PAM if (options.use_pam && authenticated && @@ -380,13 +341,13 @@ do_authloop(Authctxt *authctxt) "configuration", authctxt->user); len = buffer_len(&loginmsg); buffer_append(&loginmsg, "\0", 1); - msg = (char *)buffer_ptr(&loginmsg); + msg = buffer_ptr(&loginmsg); /* strip trailing newlines */ if (len > 0) while (len > 0 && msg[--len] == '\n') msg[len] = '\0'; else - msg = __UNCONST("Access denied."); + msg = "Access denied."; packet_disconnect("%s", msg); } #endif @@ -395,11 +356,18 @@ do_authloop(Authctxt *authctxt) /* Log before sending the reply */ auth_log(authctxt, authenticated, 0, get_authname(type), NULL); + free(client_user); + client_user = NULL; + if (authenticated) return; - if (++authctxt->failures >= options.max_authtries) + if (++authctxt->failures >= options.max_authtries) { +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +#endif auth_maxtries_exceeded(authctxt); + } packet_start(SSH_SMSG_FAILURE); packet_send(); @@ -436,7 +404,6 @@ do_authentication(Authctxt *authctxt) else { debug("do_authentication: invalid user %s", user); authctxt->pw = fakepw(); - pfilter_notify(1); } /* Configuration may have changed as a result of Match */ @@ -456,9 +423,11 @@ do_authentication(Authctxt *authctxt) * If we are not running as root, the user must have the same uid as * the server. */ +#ifndef HAVE_CYGWIN if (!use_privsep && getuid() != 0 && authctxt->pw && authctxt->pw->pw_uid != getuid()) packet_disconnect("Cannot change user when server not running as root."); +#endif /* * Loop until the user has been authenticated or the connection is @@ -471,3 +440,5 @@ do_authentication(Authctxt *authctxt) packet_send(); packet_write_wait(); } + +#endif /* WITH_SSH1 */ diff --git a/crypto/external/bsd/openssh/dist/auth2-chall.c b/crypto/external/bsd/openssh/dist/auth2-chall.c index b313a4bf5..4aff09d80 100644 --- a/crypto/external/bsd/openssh/dist/auth2-chall.c +++ b/crypto/external/bsd/openssh/dist/auth2-chall.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-chall.c,v 1.9 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,9 +25,10 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-chall.c,v 1.9 2015/08/13 10:33:21 christos Exp $"); + #include +#include #include #include @@ -44,7 +44,7 @@ __RCSID("$NetBSD: auth2-chall.c,v 1.9 2015/08/13 10:33:21 christos Exp $"); #include "misc.h" #include "servconf.h" -/* import */ +/* import */ extern ServerOptions options; static int auth2_challenge_start(Authctxt *); @@ -87,14 +87,13 @@ struct KbdintAuthctxt }; #ifdef USE_PAM -void remove_kbdint_device(const char *); void -remove_kbdint_device(const char *xdevname) +remove_kbdint_device(const char *devname) { int i, j; for (i = 0; devices[i] != NULL; i++) - if (strcmp(devices[i]->name, xdevname) == 0) { + if (strcmp(devices[i]->name, devname) == 0) { for (j = i; devices[j] != NULL; j++) devices[j] = devices[j+1]; i--; @@ -124,7 +123,7 @@ kbdint_alloc(const char *devs) strlen(devices[i]->name)); } buffer_append(&b, "\0", 1); - kbdintctxt->devices = xstrdup((const char *)buffer_ptr(&b)); + kbdintctxt->devices = xstrdup(buffer_ptr(&b)); buffer_free(&b); } else { kbdintctxt->devices = xstrdup(devs); @@ -368,14 +367,15 @@ privsep_challenge_enable(void) #ifdef SKEY extern KbdintDevice mm_skey_device; #endif - /* As long as SSHv1 has devices[0] hard coded this is fine */ + #ifdef BSD_AUTH devices[n++] = &mm_bsdauth_device; -#endif +#else #ifdef USE_PAM devices[n++] = &mm_sshpam_device; #endif #ifdef SKEY devices[n++] = &mm_skey_device; #endif +#endif } diff --git a/crypto/external/bsd/openssh/dist/auth2-gss.c b/crypto/external/bsd/openssh/dist/auth2-gss.c index a9029351d..1ca835773 100644 --- a/crypto/external/bsd/openssh/dist/auth2-gss.c +++ b/crypto/external/bsd/openssh/dist/auth2-gss.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-gss.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ /* @@ -26,12 +25,13 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-gss.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); #ifdef GSSAPI #include +#include + #include "xmalloc.h" #include "key.h" #include "hostfile.h" @@ -295,4 +295,5 @@ Authmethod method_gssapi = { userauth_gssapi, &options.gss_authentication }; -#endif + +#endif /* GSSAPI */ diff --git a/crypto/external/bsd/openssh/dist/auth2-hostbased.c b/crypto/external/bsd/openssh/dist/auth2-hostbased.c index e0709c46b..e2327cf77 100644 --- a/crypto/external/bsd/openssh/dist/auth2-hostbased.c +++ b/crypto/external/bsd/openssh/dist/auth2-hostbased.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-hostbased.c,v 1.8 2015/07/03 00:59:59 christos Exp $ */ /* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-hostbased.c,v 1.8 2015/07/03 00:59:59 christos Exp $"); + #include #include @@ -116,7 +115,7 @@ userauth_hostbased(Authctxt *authctxt) goto done; } - service = datafellows & SSH_BUG_HBSERVICE ? __UNCONST("ssh-userauth") : + service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; buffer_init(&b); buffer_put_string(&b, session_id2, session_id2_len); diff --git a/crypto/external/bsd/openssh/dist/auth2-kbdint.c b/crypto/external/bsd/openssh/dist/auth2-kbdint.c index 70acc2409..bf75c6059 100644 --- a/crypto/external/bsd/openssh/dist/auth2-kbdint.c +++ b/crypto/external/bsd/openssh/dist/auth2-kbdint.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-kbdint.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,9 +24,11 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-kbdint.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include +#include + #include "xmalloc.h" #include "packet.h" #include "key.h" diff --git a/crypto/external/bsd/openssh/dist/auth2-none.c b/crypto/external/bsd/openssh/dist/auth2-none.c index c8b9028bf..e71e2219c 100644 --- a/crypto/external/bsd/openssh/dist/auth2-none.c +++ b/crypto/external/bsd/openssh/dist/auth2-none.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-none.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth2-none.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,11 +24,18 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-none.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include +#include +#include + +#include +#include +#include #include #include +#include "atomicio.h" #include "xmalloc.h" #include "key.h" #include "hostfile.h" diff --git a/crypto/external/bsd/openssh/dist/auth2-passwd.c b/crypto/external/bsd/openssh/dist/auth2-passwd.c index 47f8209e9..b638e8715 100644 --- a/crypto/external/bsd/openssh/dist/auth2-passwd.c +++ b/crypto/external/bsd/openssh/dist/auth2-passwd.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-passwd.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-passwd.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include #include diff --git a/crypto/external/bsd/openssh/dist/auth2-pubkey.c b/crypto/external/bsd/openssh/dist/auth2-pubkey.c index 82f0c4112..5aa319ccc 100644 --- a/crypto/external/bsd/openssh/dist/auth2-pubkey.c +++ b/crypto/external/bsd/openssh/dist/auth2-pubkey.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,14 +24,16 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $"); + #include #include #include #include #include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include #include #include @@ -64,12 +65,6 @@ __RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $"); #include "monitor_wrap.h" #include "authfile.h" #include "match.h" -#include "digest.h" - -#ifdef WITH_LDAP_PUBKEY -#include "ldapauth.h" -#endif - #include "ssherr.h" #include "channels.h" /* XXX for session.h */ #include "session.h" /* XXX for child_set_env(); refactor? */ @@ -474,19 +469,16 @@ subprocess(const char *tag, struct passwd *pw, const char *command, error("%s: dup2: %s", tag, strerror(errno)); _exit(1); } - if (closefrom(STDERR_FILENO + 1) == -1) { - error("closefrom: %s", strerror(errno)); - _exit(1); - } + closefrom(STDERR_FILENO + 1); /* Don't use permanently_set_uid() here to avoid fatal() */ - if (setgid(pw->pw_gid) == -1) { - error("setgid %u: %s", (u_int)pw->pw_gid, + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, strerror(errno)); _exit(1); } - if (setuid(pw->pw_uid) == -1) { - error("setuid %u: %s", (u_int)pw->pw_uid, + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { + error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, strerror(errno)); _exit(1); } @@ -730,83 +722,6 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) u_long linenum = 0; Key *found; char *fp; -#ifdef WITH_LDAP_PUBKEY - ldap_key_t * k; - unsigned int i = 0; -#endif - -#ifdef WITH_LDAP_PUBKEY - found_key = 0; - /* allocate a new key type */ - found = key_new(key->type); - - /* first check if the options is enabled, then try.. */ - if (options.lpk.on) { - debug("[LDAP] trying LDAP first uid=%s",pw->pw_name); - if (ldap_ismember(&options.lpk, pw->pw_name) > 0) { - if ((k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) { - /* Skip leading whitespace, empty and comment lines. */ - for (i = 0 ; i < k->num ; i++) { - /* dont forget if multiple keys to reset options */ - char *cp, *xoptions = NULL; - - for (cp = (char *)k->keys[i]->bv_val; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') - continue; - - if (key_read(found, &cp) != 1) { - /* no key? check if there are options for this key */ - int quoted = 0; - debug2("[LDAP] user_key_allowed: check options: '%s'", cp); - xoptions = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - /* Skip remaining whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - if (key_read(found, &cp) != 1) { - debug2("[LDAP] user_key_allowed: advance: '%s'", cp); - /* still no key? advance to next line*/ - continue; - } - } - - if (key_equal(found, key) && - auth_parse_options(pw, xoptions, file, linenum) == 1) { - found_key = 1; - debug("[LDAP] matching key found"); - fp = sshkey_fingerprint(found, SSH_FP_HASH_DEFAULT, SSH_FP_HEX); - verbose("[LDAP] Found matching %s key: %s", key_type(found), fp); - - /* restoring memory */ - ldap_keys_free(k); - free(fp); - restore_uid(); - key_free(found); - return found_key; - break; - } - }/* end of LDAP for() */ - } else { - logit("[LDAP] no keys found for '%s'!", pw->pw_name); - } - } else { - logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup); - } - } -#endif - debug("trying public key file %s", file); - f = auth_openkeyfile(file, pw, options.strict_modes); - - if (!f) { - restore_uid(); - return 0; - } found_key = 0; diff --git a/crypto/external/bsd/openssh/dist/auth2.c b/crypto/external/bsd/openssh/dist/auth2.c index b39c35db0..717796228 100644 --- a/crypto/external/bsd/openssh/dist/auth2.c +++ b/crypto/external/bsd/openssh/dist/auth2.c @@ -1,4 +1,3 @@ -/* $NetBSD: auth2.c,v 1.11 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2.c,v 1.11 2015/04/03 23:58:19 christos Exp $"); + #include #include #include @@ -51,13 +50,10 @@ __RCSID("$NetBSD: auth2.c,v 1.11 2015/04/03 23:58:19 christos Exp $"); #include "dispatch.h" #include "pathnames.h" #include "buffer.h" -#include "canohost.h" -#include "pfilter.h" #ifdef GSSAPI #include "ssh-gss.h" #endif - #include "monitor_wrap.h" /* import */ @@ -73,15 +69,10 @@ extern Authmethod method_pubkey; extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; -#ifdef KRB5 -extern Authmethod method_kerberos; -#endif #ifdef GSSAPI extern Authmethod method_gssapi; #endif -static int log_flag = 0; - Authmethod *authmethods[] = { &method_none, &method_pubkey, @@ -91,9 +82,6 @@ Authmethod *authmethods[] = { &method_passwd, &method_kbdint, &method_hostbased, -#ifdef KRB5 - &method_kerberos, -#endif NULL }; @@ -145,7 +133,7 @@ auth2_read_banner(void) return (banner); } -static void +void userauth_send_banner(const char *msg) { if (datafellows & SSH_BUG_BANNER) @@ -168,8 +156,8 @@ userauth_banner(void) if ((banner = PRIVSEP(auth2_read_banner())) == NULL) goto done; - userauth_send_banner(banner); + done: free(banner); } @@ -236,11 +224,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) service = packet_get_cstring(NULL); method = packet_get_cstring(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); - if (!log_flag) { - logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s", - get_remote_ipaddr(), get_remote_port(), user); - log_flag = 1; - } debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); if ((style = strchr(user, ':')) != NULL) @@ -256,7 +239,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } else { logit("input_userauth_request: invalid user %s", user); authctxt->pw = fakepw(); - pfilter_notify(1); +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_INVALID_USER)); +#endif } #ifdef USE_PAM if (options.use_pam) @@ -325,21 +310,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, #endif } -#ifdef USE_PAM - if (options.use_pam && authenticated) { - if (!PRIVSEP(do_pam_account())) { - /* if PAM returned a message, send it to the user */ - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - userauth_send_banner((const char *)buffer_ptr(&loginmsg)); - packet_write_wait(); - } - fatal("Access denied for user %s by PAM account " - "configuration", authctxt->user); - } - } -#endif - if (authenticated && options.num_auth_methods != 0) { if (!auth2_update_methods_lists(authctxt, method, submethod)) { authenticated = 0; @@ -353,6 +323,28 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, if (authctxt->postponed) return; +#ifdef USE_PAM + if (options.use_pam && authenticated) { + if (!PRIVSEP(do_pam_account())) { + /* if PAM returned a message, send it to the user */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + userauth_send_banner(buffer_ptr(&loginmsg)); + packet_write_wait(); + } + fatal("Access denied for user %s by PAM account " + "configuration", authctxt->user); + } + } +#endif + +#ifdef _UNICOS + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.", authctxt->user); + } +#endif /* _UNICOS */ + if (authenticated == 1) { /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); @@ -362,12 +354,17 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, /* now we can break out */ authctxt->success = 1; } else { + /* Allow initial try of "none" auth without failure penalty */ if (!partial && !authctxt->server_caused_failure && (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; - if (authctxt->failures >= options.max_authtries) + if (authctxt->failures >= options.max_authtries) { +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +#endif auth_maxtries_exceeded(authctxt); + } methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, partial, methods); @@ -428,7 +425,7 @@ authmethods_get(Authctxt *authctxt) strlen(authmethods[i]->name)); } buffer_append(&b, "\0", 1); - list = xstrdup((const char *)buffer_ptr(&b)); + list = xstrdup(buffer_ptr(&b)); buffer_free(&b); return list; } diff --git a/crypto/external/bsd/openssh/dist/authfd.c b/crypto/external/bsd/openssh/dist/authfd.c index 3f0f0ab09..eaa142648 100644 --- a/crypto/external/bsd/openssh/dist/authfd.c +++ b/crypto/external/bsd/openssh/dist/authfd.c @@ -1,4 +1,3 @@ -/* $NetBSD: authfd.c,v 1.10 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: authfd.c,v 1.98 2015/07/03 03:43:18 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: authfd.c,v 1.10 2015/08/13 10:33:21 christos Exp $"); + #include #include #include @@ -45,6 +44,7 @@ __RCSID("$NetBSD: authfd.c,v 1.10 2015/08/13 10:33:21 christos Exp $"); #include #include #include +#include #include #include #include @@ -134,7 +134,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) /* Send the length and then the packet to the agent. */ if (atomicio(vwrite, sock, buf, 4) != 4 || - atomicio(vwrite, sock, __UNCONST(sshbuf_ptr(request)), + atomicio(vwrite, sock, (u_char *)sshbuf_ptr(request), sshbuf_len(request)) != sshbuf_len(request)) return SSH_ERR_AGENT_COMMUNICATION; /* diff --git a/crypto/external/bsd/openssh/dist/authfd.h b/crypto/external/bsd/openssh/dist/authfd.h index 8bb480d05..bea20c26b 100644 --- a/crypto/external/bsd/openssh/dist/authfd.h +++ b/crypto/external/bsd/openssh/dist/authfd.h @@ -1,4 +1,3 @@ -/* $NetBSD: authfd.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/authfile.c b/crypto/external/bsd/openssh/dist/authfile.c index e86860fac..58f589a47 100644 --- a/crypto/external/bsd/openssh/dist/authfile.c +++ b/crypto/external/bsd/openssh/dist/authfile.c @@ -1,4 +1,3 @@ -/* $NetBSD: authfile.c,v 1.12 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: authfile.c,v 1.12 2015/08/13 10:33:21 christos Exp $"); + #include #include #include @@ -33,6 +32,7 @@ __RCSID("$NetBSD: authfile.c,v 1.12 2015/08/13 10:33:21 christos Exp $"); #include #include #include +#include #include #include #include @@ -60,7 +60,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) return SSH_ERR_SYSTEM_ERROR; - if (atomicio(vwrite, fd, __UNCONST(sshbuf_ptr(keybuf)), + if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { oerrno = errno; close(fd); @@ -177,6 +177,9 @@ sshkey_perm_ok(int fd, const char *filename) * permissions of the file. if the key owned by a different user, * then we don't care. */ +#ifdef HAVE_CYGWIN + if (check_ntsec(filename)) +#endif if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); diff --git a/crypto/external/bsd/openssh/dist/authfile.h b/crypto/external/bsd/openssh/dist/authfile.h index c758a081b..624d269f1 100644 --- a/crypto/external/bsd/openssh/dist/authfile.h +++ b/crypto/external/bsd/openssh/dist/authfile.h @@ -1,4 +1,3 @@ -/* $NetBSD: authfile.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c b/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c deleted file mode 100644 index c662742a6..000000000 --- a/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c +++ /dev/null @@ -1,174 +0,0 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */ -/* - * Copyright (c) 2013 Ted Unangst - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" -__RCSID("$NetBSD: bcrypt_pbkdf.c,v 1.2 2015/04/03 23:58:19 christos Exp $"); - -#ifndef HAVE_BCRYPT_PBKDF - -#include -#include - -#ifdef HAVE_STDLIB_H -# include -#endif -#include - -#ifdef HAVE_BLF_H -# include -#endif - -#include "crypto_api.h" -#include -#include -#include "misc.h" -#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES - -/* - * pkcs #5 pbkdf2 implementation using the "bcrypt" hash - * - * The bcrypt hash function is derived from the bcrypt password hashing - * function with the following modifications: - * 1. The input password and salt are preprocessed with SHA512. - * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modifed - * to "OxychromaticBlowfishSwatDynamite" - * 4. The hash function is defined to perform 64 rounds of initial state - * expansion. (More rounds are performed by iterating the hash.) - * - * Note that this implementation pulls the SHA512 operations into the caller - * as a performance optimization. - * - * One modification from official pbkdf2. Instead of outputting key material - * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to - * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an - * attacker can merely run once through the outer loop below, but the user - * always runs it twice. Shuffling output bytes requires computing the - * entirety of the key material to assemble any subkey. This is something a - * wise caller could do; we just do it for you. - */ - -#define BCRYPT_BLOCKS 8 -#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4) - -static void -bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) -{ - blf_ctx state; - u_int8_t ciphertext[BCRYPT_HASHSIZE] = - "OxychromaticBlowfishSwatDynamite"; - uint32_t cdata[BCRYPT_BLOCKS]; - int i; - uint16_t j; - size_t shalen = SHA512_DIGEST_LENGTH; - - /* key expansion */ - Blowfish_initstate(&state); - Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); - for (i = 0; i < 64; i++) { - Blowfish_expand0state(&state, sha2salt, shalen); - Blowfish_expand0state(&state, sha2pass, shalen); - } - - /* encryption */ - j = 0; - for (i = 0; i < BCRYPT_BLOCKS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), - &j); - for (i = 0; i < 64; i++) - blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); - - /* copy out */ - for (i = 0; i < BCRYPT_BLOCKS; i++) { - out[4 * i + 3] = (cdata[i] >> 24) & 0xff; - out[4 * i + 2] = (cdata[i] >> 16) & 0xff; - out[4 * i + 1] = (cdata[i] >> 8) & 0xff; - out[4 * i + 0] = cdata[i] & 0xff; - } - - /* zap */ - memset(ciphertext, 0, sizeof(ciphertext)); - memset(cdata, 0, sizeof(cdata)); - memset(&state, 0, sizeof(state)); -} - -int -bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, - u_int8_t *key, size_t keylen, unsigned int rounds) -{ - u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; - u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; - u_int8_t out[BCRYPT_HASHSIZE]; - u_int8_t tmpout[BCRYPT_HASHSIZE]; - u_int8_t *countsalt; - size_t i, j, amt, stride; - uint32_t count; - - /* nothing crazy */ - if (rounds < 1) - return -1; - if (passlen == 0 || saltlen == 0 || keylen == 0 || - keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) - return -1; - if ((countsalt = calloc(1, saltlen + 4)) == NULL) - return -1; - stride = (keylen + sizeof(out) - 1) / sizeof(out); - amt = (keylen + stride - 1) / stride; - - memcpy(countsalt, salt, saltlen); - - /* collapse password */ - crypto_hash_sha512(sha2pass, (const u_char *)pass, passlen); - - /* generate key, sizeof(out) at a time */ - for (count = 1; keylen > 0; count++) { - countsalt[saltlen + 0] = (count >> 24) & 0xff; - countsalt[saltlen + 1] = (count >> 16) & 0xff; - countsalt[saltlen + 2] = (count >> 8) & 0xff; - countsalt[saltlen + 3] = count & 0xff; - - /* first round, salt is salt */ - crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); - - bcrypt_hash(sha2pass, sha2salt, tmpout); - memcpy(out, tmpout, sizeof(out)); - - for (i = 1; i < rounds; i++) { - /* subsequent rounds, salt is previous output */ - crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout)); - bcrypt_hash(sha2pass, sha2salt, tmpout); - for (j = 0; j < sizeof(out); j++) - out[j] ^= tmpout[j]; - } - - /* - * pbkdf2 deviation: ouput the key material non-linearly. - */ - amt = MIN(amt, keylen); - for (i = 0; i < amt; i++) - key[i * stride + (count - 1)] = out[i]; - keylen -= amt; - } - - /* zap */ - memset(out, 0, sizeof(out)); - memset(countsalt, 0, saltlen + 4); - free(countsalt); - - return 0; -} -#endif /* HAVE_BCRYPT_PBKDF */ diff --git a/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c b/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c new file mode 120000 index 000000000..f5dc91349 --- /dev/null +++ b/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c @@ -0,0 +1 @@ +openbsd-compat/bcrypt_pbkdf.c \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/bitmap.c b/crypto/external/bsd/openssh/dist/bitmap.c index 9c6b1a4db..19cd2e8e3 100644 --- a/crypto/external/bsd/openssh/dist/bitmap.c +++ b/crypto/external/bsd/openssh/dist/bitmap.c @@ -1,4 +1,3 @@ -/* $NetBSD: bitmap.c,v 1.2 2015/04/03 23:58:19 christos Exp $ */ /* * Copyright (c) 2015 Damien Miller * @@ -14,8 +13,8 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: bitmap.c,v 1.2 2015/04/03 23:58:19 christos Exp $"); #include #include @@ -189,7 +188,7 @@ bitmap_from_string(struct bitmap *b, const void *p, size_t l) { int r; size_t i, offset, shift; - const u_char *s = p; + u_char *s = (u_char *)p; if (l > BITMAP_MAX / 8) return -1; diff --git a/crypto/external/bsd/openssh/dist/bitmap.h b/crypto/external/bsd/openssh/dist/bitmap.h index 66a31137e..c1bb1741a 100644 --- a/crypto/external/bsd/openssh/dist/bitmap.h +++ b/crypto/external/bsd/openssh/dist/bitmap.h @@ -1,5 +1,3 @@ -/* $NetBSD: bitmap.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */ - /* * Copyright (c) 2015 Damien Miller * diff --git a/crypto/external/bsd/openssh/dist/blowfish.c b/crypto/external/bsd/openssh/dist/blowfish.c deleted file mode 100644 index 052c6ac62..000000000 --- a/crypto/external/bsd/openssh/dist/blowfish.c +++ /dev/null @@ -1,695 +0,0 @@ -/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */ -/* - * Blowfish block cipher for OpenBSD - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Implementation advice by David Mazieres . - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code is derived from section 14.3 and the given source - * in section V of Applied Cryptography, second edition. - * Blowfish is an unpatented fast block cipher designed by - * Bruce Schneier. - */ - -#include "includes.h" -__RCSID("$NetBSD: blowfish.c,v 1.2 2015/04/03 23:58:19 christos Exp $"); - -#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ - !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) - -#if 0 -#include /* used for debugging */ -#include -#endif - -#include -#include - -#undef inline -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ - -/* Function for Feistel Networks */ - -#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ - + (s)[0x100 + (((x)>>16)&0xFF)]) \ - ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ - + (s)[0x300 + ( (x) &0xFF)]) - -#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) - -void -Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = *xl; - Xr = *xr; - - Xl ^= p[0]; - BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); - BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); - BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); - BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); - BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); - BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); - BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); - BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); - - *xl = Xr ^ p[17]; - *xr = Xl; -} - -void -Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = *xl; - Xr = *xr; - - Xl ^= p[17]; - BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); - BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); - BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); - BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); - BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); - BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); - BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); - BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); - - *xl = Xr ^ p[0]; - *xr = Xl; -} - -void -Blowfish_initstate(blf_ctx *c) -{ - /* P-box and S-box tables initialized with digits of Pi */ - - static const blf_ctx initstate = - { { - { - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, - 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, - 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, - 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, - 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, - 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, - 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, - 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, - 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, - 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, - 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, - 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, - 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, - 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, - 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, - 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, - 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, - 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, - 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, - 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, - 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, - 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, - 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, - 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, - 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, - 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, - 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, - 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, - 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, - 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, - 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, - 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, - 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, - 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, - 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, - 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, - 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, - 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, - 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, - 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, - 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, - 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, - 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, - { - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, - 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, - 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, - 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, - 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, - 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, - 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, - 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, - 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, - 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, - 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, - 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, - 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, - 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, - 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, - 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, - 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, - 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, - 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, - 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, - 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, - 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, - 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, - 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, - 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, - 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, - 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, - 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, - 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, - 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, - 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, - 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, - 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, - 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, - 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, - 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, - 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, - 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, - 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, - 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, - 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, - 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, - 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, - { - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, - 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, - 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, - 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, - 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, - 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, - 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, - 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, - 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, - 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, - 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, - 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, - 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, - 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, - 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, - 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, - 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, - 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, - 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, - 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, - 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, - 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, - 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, - 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, - 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, - 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, - 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, - 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, - 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, - 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, - 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, - 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, - 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, - 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, - 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, - 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, - 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, - 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, - 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, - 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, - 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, - 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, - 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, - { - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, - 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, - 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, - 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, - 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, - 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, - 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, - 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, - 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, - 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, - 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, - 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, - 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, - 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, - 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, - 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, - 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, - 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, - 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, - 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, - 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, - 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, - 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, - 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, - 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, - 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, - 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, - 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, - 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, - 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, - 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, - 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, - 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, - 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, - 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, - 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, - 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, - 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, - 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, - 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, - 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, - 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, - 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} - }, - { - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, - 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, - 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, - 0x9216d5d9, 0x8979fb1b - } }; - - *c = initstate; -} - -u_int32_t -Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, - u_int16_t *current) -{ - u_int8_t i; - u_int16_t j; - u_int32_t temp; - - temp = 0x00000000; - j = *current; - - for (i = 0; i < 4; i++, j++) { - if (j >= databytes) - j = 0; - temp = (temp << 8) | data[j]; - } - - *current = j; - return temp; -} - -void -Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t datal; - u_int32_t datar; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - datal = 0x00000000; - datar = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - Blowfish_encipher(c, &datal, &datar); - - c->P[i] = datal; - c->P[i + 1] = datar; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - Blowfish_encipher(c, &datal, &datar); - - c->S[i][k] = datal; - c->S[i][k + 1] = datar; - } - } -} - - -void -Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, - const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t datal; - u_int32_t datar; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - datal = 0x00000000; - datar = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - datal ^= Blowfish_stream2word(data, databytes, &j); - datar ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, &datal, &datar); - - c->P[i] = datal; - c->P[i + 1] = datar; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - datal ^= Blowfish_stream2word(data, databytes, &j); - datar ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, &datal, &datar); - - c->S[i][k] = datal; - c->S[i][k + 1] = datar; - } - } - -} - -void -blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) -{ - /* Initialize S-boxes and subkeys with Pi */ - Blowfish_initstate(c); - - /* Transform S-boxes and subkeys with key */ - Blowfish_expand0state(c, k, len); -} - -void -blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_encipher(c, d, d + 1); - d += 2; - } -} - -void -blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_decipher(c, d, d + 1); - d += 2; - } -} - -void -blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_encipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_decipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int32_t i, j; - - for (i = 0; i < len; i += 8) { - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_encipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - iv = data; - data += 8; - } -} - -void -blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r; - u_int8_t *iv; - u_int32_t i, j; - - iv = data + len - 16; - data = data + len - 8; - for (i = len - 8; i >= 8; i -= 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_decipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - iv -= 8; - data -= 8; - } - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - Blowfish_decipher(c, &l, &r); - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iva[j]; -} - -#if 0 -void -report(u_int32_t data[], u_int16_t len) -{ - u_int16_t i; - for (i = 0; i < len; i += 2) - printf("Block %0hd: %08lx %08lx.\n", - i / 2, data[i], data[i + 1]); -} -void -main(void) -{ - - blf_ctx c; - char key[] = "AAAAA"; - char key2[] = "abcdefghijklmnopqrstuvwxyz"; - - u_int32_t data[10]; - u_int32_t data2[] = - {0x424c4f57l, 0x46495348l}; - - u_int16_t i; - - /* First test */ - for (i = 0; i < 10; i++) - data[i] = i; - - blf_key(&c, (u_int8_t *) key, 5); - blf_enc(&c, data, 5); - blf_dec(&c, data, 1); - blf_dec(&c, data + 2, 4); - printf("Should read as 0 - 9.\n"); - report(data, 10); - - /* Second test */ - blf_key(&c, (u_int8_t *) key2, strlen(key2)); - blf_enc(&c, data2, 1); - printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); - report(data2, 2); - blf_dec(&c, data2, 1); - report(data2, 2); -} -#endif - -#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ - !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */ - diff --git a/crypto/external/bsd/openssh/dist/blowfish.c b/crypto/external/bsd/openssh/dist/blowfish.c new file mode 120000 index 000000000..d77ff3c5a --- /dev/null +++ b/crypto/external/bsd/openssh/dist/blowfish.c @@ -0,0 +1 @@ +openbsd-compat/blowfish.c \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/bufaux.c b/crypto/external/bsd/openssh/dist/bufaux.c index b98fed20d..3976896a9 100644 --- a/crypto/external/bsd/openssh/dist/bufaux.c +++ b/crypto/external/bsd/openssh/dist/bufaux.c @@ -1,4 +1,3 @@ -/* $NetBSD: bufaux.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller @@ -16,10 +15,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" -__RCSID("$NetBSD: bufaux.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ +#include "includes.h" + #include #include "buffer.h" @@ -41,7 +40,7 @@ buffer_get_short_ret(u_short *v, Buffer *buffer) u_short buffer_get_short(Buffer *buffer) { - u_short ret = 0; /* XXX: GCC */ + u_short ret; if (buffer_get_short_ret(&ret, buffer) == -1) fatal("%s: buffer error", __func__); @@ -64,7 +63,7 @@ buffer_get_int_ret(u_int *v, Buffer *buffer) u_int buffer_get_int(Buffer *buffer) { - u_int ret = 0; /* XXX: GCC */ + u_int ret; if (buffer_get_int_ret(&ret, buffer) == -1) fatal("%s: buffer error", __func__); @@ -87,7 +86,7 @@ buffer_get_int64_ret(u_int64_t *v, Buffer *buffer) u_int64_t buffer_get_int64(Buffer *buffer) { - u_int64_t ret = 0; /* XXX: GCC */ + u_int64_t ret; if (buffer_get_int64_ret(&ret, buffer) == -1) fatal("%s: buffer error", __func__); diff --git a/crypto/external/bsd/openssh/dist/bufbn.c b/crypto/external/bsd/openssh/dist/bufbn.c index 0cbc04580..33ae7f73f 100644 --- a/crypto/external/bsd/openssh/dist/bufbn.c +++ b/crypto/external/bsd/openssh/dist/bufbn.c @@ -1,4 +1,3 @@ -/* $NetBSD: bufbn.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */ /* @@ -17,14 +16,19 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ + #include "includes.h" -__RCSID("$NetBSD: bufbn.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include #include "buffer.h" #include "log.h" #include "ssherr.h" +#ifdef WITH_SSH1 int buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) { @@ -62,6 +66,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) if (buffer_get_bignum_ret(buffer, value) == -1) fatal("%s: buffer error", __func__); } +#endif /* WITH_SSH1 */ int buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) @@ -100,3 +105,5 @@ buffer_get_bignum2(Buffer *buffer, BIGNUM *value) if (buffer_get_bignum2_ret(buffer, value) == -1) fatal("%s: buffer error", __func__); } + +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/bufec.c b/crypto/external/bsd/openssh/dist/bufec.c index 0dff8c265..749ce9d4c 100644 --- a/crypto/external/bsd/openssh/dist/bufec.c +++ b/crypto/external/bsd/openssh/dist/bufec.c @@ -1,4 +1,3 @@ -/* $NetBSD: bufec.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */ /* @@ -16,18 +15,19 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" -__RCSID("$NetBSD: bufec.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); -#include /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ +#include "includes.h" + #include #include "buffer.h" #include "log.h" #include "ssherr.h" +#ifdef OPENSSL_HAS_ECC + int buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, const EC_POINT *point) @@ -70,4 +70,5 @@ buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, fatal("%s: buffer error", __func__); } +#endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/external/bsd/openssh/dist/buffer.c b/crypto/external/bsd/openssh/dist/buffer.c index 69bb1a832..c5f708ab2 100644 --- a/crypto/external/bsd/openssh/dist/buffer.c +++ b/crypto/external/bsd/openssh/dist/buffer.c @@ -1,4 +1,3 @@ -/* $NetBSD: buffer.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */ /* @@ -17,11 +16,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" -__RCSID("$NetBSD: buffer.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); -#include /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ +#include "includes.h" + #include #include "buffer.h" diff --git a/crypto/external/bsd/openssh/dist/buffer.h b/crypto/external/bsd/openssh/dist/buffer.h index 98a7d9b8b..df1aebc02 100644 --- a/crypto/external/bsd/openssh/dist/buffer.h +++ b/crypto/external/bsd/openssh/dist/buffer.h @@ -1,4 +1,3 @@ -/* $NetBSD: buffer.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */ /* @@ -24,9 +23,6 @@ #include "sshbuf.h" -/* move the following to a more appropriate place and name */ -#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */ - typedef struct sshbuf Buffer; #define buffer_init(b) sshbuf_init(b) @@ -51,6 +47,8 @@ int buffer_get_ret(Buffer *, void *, u_int); int buffer_consume_ret(Buffer *, u_int); int buffer_consume_end_ret(Buffer *, u_int); +#include +#include void buffer_put_bignum(Buffer *, const BIGNUM *); void buffer_put_bignum2(Buffer *, const BIGNUM *); void buffer_get_bignum(Buffer *, BIGNUM *); @@ -89,10 +87,13 @@ char *buffer_get_cstring_ret(Buffer *, u_int *); const void *buffer_get_string_ptr_ret(Buffer *, u_int *); int buffer_get_char_ret(char *, Buffer *); +#ifdef OPENSSL_HAS_ECC +#include int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *); void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *); int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *); void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *); +#endif #endif /* BUFFER_H */ diff --git a/crypto/external/bsd/openssh/dist/canohost.c b/crypto/external/bsd/openssh/dist/canohost.c index 7077bfee2..223964ea3 100644 --- a/crypto/external/bsd/openssh/dist/canohost.c +++ b/crypto/external/bsd/openssh/dist/canohost.c @@ -1,4 +1,3 @@ -/* $NetBSD: canohost.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: canohost.c,v 1.72 2015/03/01 15:44:40 millert Exp $ */ /* * Author: Tatu Ylonen @@ -14,12 +13,13 @@ */ #include "includes.h" -__RCSID("$NetBSD: canohost.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); + #include #include #include #include +#include #include #include @@ -27,7 +27,6 @@ __RCSID("$NetBSD: canohost.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); #include #include #include -#include #include #include "xmalloc.h" @@ -61,13 +60,18 @@ get_remote_hostname(int sock, int use_dns) cleanup_exit(255); } + if (from.ss_family == AF_INET) + check_ip_options(sock, ntop); + + ipv64_normalise_mapped(&from, &fromlen); + + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); + if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); - if (from.ss_family == AF_INET) - check_ip_options(sock, ntop); - if (!use_dns) return xstrdup(ntop); @@ -148,6 +152,7 @@ get_remote_hostname(int sock, int use_dns) static void check_ip_options(int sock, char *ipaddr) { +#ifdef IP_OPTIONS u_char options[200]; char text[sizeof(options) * 3 + 1]; socklen_t option_size, i; @@ -168,6 +173,32 @@ check_ip_options(int sock, char *ipaddr) fatal("Connection from %.100s with IP options:%.800s", ipaddr, text); } +#endif /* IP_OPTIONS */ +} + +void +ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) +{ + struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr; + struct sockaddr_in *a4 = (struct sockaddr_in *)addr; + struct in_addr inaddr; + u_int16_t port; + + if (addr->ss_family != AF_INET6 || + !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr)) + return; + + debug3("Normalising mapped IPv4 in IPv6 address"); + + memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr)); + port = a6->sin6_port; + + memset(a4, 0, sizeof(*a4)); + + a4->sin_family = AF_INET; + *len = sizeof(*a4); + memcpy(&a4->sin_addr, &inaddr, sizeof(inaddr)); + a4->sin_port = port; } /* @@ -193,7 +224,7 @@ get_canonical_hostname(int use_dns) if (packet_connection_is_on_socket()) host = get_remote_hostname(packet_get_connection_in(), use_dns); else - host = __UNCONST("UNKNOWN"); + host = "UNKNOWN"; if (use_dns) canonical_host_name = host; @@ -228,6 +259,12 @@ get_socket_address(int sock, int remote, int flags) return NULL; } + /* Work around Linux IPv6 weirdness */ + if (addr.ss_family == AF_INET6) { + addrlen = sizeof(struct sockaddr_in6); + ipv64_normalise_mapped(&addr, &addrlen); + } + switch (addr.ss_family) { case AF_INET: case AF_INET6: @@ -354,6 +391,10 @@ get_sock_port(int sock, int local) } } + /* Work around Linux IPv6 weirdness */ + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); + /* Non-inet sockets don't have a port number. */ if (from.ss_family != AF_INET && from.ss_family != AF_INET6) return 0; diff --git a/crypto/external/bsd/openssh/dist/canohost.h b/crypto/external/bsd/openssh/dist/canohost.h index 1927a42f1..4c8636f42 100644 --- a/crypto/external/bsd/openssh/dist/canohost.h +++ b/crypto/external/bsd/openssh/dist/canohost.h @@ -1,4 +1,3 @@ -/* $NetBSD: canohost.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */ /* @@ -26,3 +25,5 @@ int get_remote_port(void); int get_local_port(void); int get_sock_port(int, int); void clear_cached_addr(void); + +void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/crypto/external/bsd/openssh/dist/chacha.c b/crypto/external/bsd/openssh/dist/chacha.c index d2b772c29..a84c25ea8 100644 --- a/crypto/external/bsd/openssh/dist/chacha.c +++ b/crypto/external/bsd/openssh/dist/chacha.c @@ -5,9 +5,7 @@ Public domain. */ #include "includes.h" -__RCSID("$NetBSD: chacha.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); -#include /* for NULL */ #include "chacha.h" /* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ diff --git a/crypto/external/bsd/openssh/dist/channels.c b/crypto/external/bsd/openssh/dist/channels.c index 048e031d0..a84b487e5 100644 --- a/crypto/external/bsd/openssh/dist/channels.c +++ b/crypto/external/bsd/openssh/dist/channels.c @@ -1,4 +1,3 @@ -/* $NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $ */ /* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */ /* * Author: Tatu Ylonen @@ -41,16 +40,16 @@ */ #include "includes.h" -__RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $"); -#include + #include #include /* MIN MAX */ #include #include #include #include -#include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include @@ -58,7 +57,9 @@ __RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $"); #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include @@ -66,6 +67,7 @@ __RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $"); #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" @@ -81,10 +83,6 @@ __RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $"); #include "authfd.h" #include "pathnames.h" - -static int hpn_disabled = 0; -static int hpn_buffer_size = 2 * 1024 * 1024; - /* -- channel core */ /* @@ -182,7 +180,7 @@ static u_int x11_fake_data_len; static int IPv4or6 = AF_UNSPEC; /* helper */ -static void port_open_helper(Channel *c, const char *rtype); +static void port_open_helper(Channel *c, char *rtype); /* non-blocking connect helpers */ static int connect_next(struct channel_connect *); @@ -263,6 +261,10 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, if ((c->isatty = is_tty) != 0) debug2("channel %d: rfd %d isatty", c->self, c->rfd); +#ifdef _AIX + /* XXX: Later AIX versions can't push as much data to tty */ + c->wfd_isatty = is_tty || isatty(c->wfd); +#endif /* enable nonblocking mode */ if (nonblock) { @@ -280,9 +282,8 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, * remote_name to be freed. */ Channel * -channel_new(const char *ctype, int type, int rfd, int wfd, int efd, - u_int window, u_int maxpack, int extusage, const char *remote_name, - int nonblock) +channel_new(char *ctype, int type, int rfd, int wfd, int efd, + u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) { int found; u_int i; @@ -330,12 +331,11 @@ channel_new(const char *ctype, int type, int rfd, int wfd, int efd, c->notbefore = 0; c->self = found; c->type = type; - c->ctype = __UNCONST(ctype); + c->ctype = ctype; c->local_window = window; c->local_window_max = window; c->local_consumed = 0; c->local_maxpacket = maxpack; - c->dynamic_window = 0; c->remote_id = -1; c->remote_name = xstrdup(remote_name); c->remote_window = 0; @@ -700,7 +700,7 @@ channel_send_open(int id) } void -channel_request_start(int id, const char *service, int wantconfirm) +channel_request_start(int id, char *service, int wantconfirm) { Channel *c = channel_lookup(id); @@ -831,26 +831,6 @@ channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset) FD_SET(c->sock, writeset); } -static -int channel_tcpwinsz(void) -{ - u_int32_t tcpwinsz = 0; - socklen_t optsz = sizeof(tcpwinsz); - int ret = -1; - - /* if we aren't on a socket return 128KB*/ - if(!packet_connection_is_on_socket()) - return(128*1024); - ret = getsockopt(packet_get_connection_in(), - SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - /* return no more than 64MB */ - if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN) - tcpwinsz = BUFFER_MAX_LEN_HPN; - debug2("tcpwinsz: %d for connection: %d", tcpwinsz, - packet_get_connection_in()); - return(tcpwinsz); -} - static void channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset) { @@ -865,12 +845,6 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); - /* check buffer limits */ - if ((!c->tcpwinsz) || (c->dynamic_window > 0)) - c->tcpwinsz = channel_tcpwinsz(); - - limit = MIN(limit, 2 * c->tcpwinsz); - if (c->istate == CHAN_INPUT_OPEN && limit > 0 && buffer_len(&c->input) < limit && @@ -1438,7 +1412,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) } static void -port_open_helper(Channel *c, const char *rtype) +port_open_helper(Channel *c, char *rtype) { char buf[1024]; char *local_ipaddr = get_local_ipaddr(c->sock); @@ -1536,7 +1510,7 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) struct sockaddr_storage addr; int newsock, nextstate; socklen_t addrlen; - const char *rtype; + char *rtype; if (FD_ISSET(c->sock, readset)) { debug("Connection to port %d forwarding " @@ -1694,10 +1668,17 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset) force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED; if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) { + errno = 0; len = read(c->rfd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || (errno == EAGAIN && !force))) + if (len < 0 && (errno == EINTR || + ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) return 1; +#ifndef PTY_ZEROREAD if (len <= 0) { +#else + if ((!c->isatty && len <= 0) || + (c->isatty && (len < 0 || (len == 0 && errno != 0)))) { +#endif debug2("channel %d: read<=0 rfd %d len %d", c->self, c->rfd, len); if (c->type != SSH_CHANNEL_OPEN) { @@ -1761,7 +1742,8 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) /* ignore truncated writes, datagrams might get lost */ len = write(c->wfd, buf, dlen); free(data); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK)) return 1; if (len <= 0) { if (c->type != SSH_CHANNEL_OPEN) @@ -1772,9 +1754,15 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) } goto out; } +#ifdef _AIX + /* XXX: Later AIX versions can't push as much data to tty */ + if (compat20 && c->wfd_isatty) + dlen = MIN(dlen, 8*1024); +#endif len = write(c->wfd, buf, dlen); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { if (c->type != SSH_CHANNEL_OPEN) { @@ -1790,6 +1778,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) } return -1; } +#ifndef BROKEN_TCGETATTR_ICANON if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') { if (tcgetattr(c->wfd, &tio) == 0 && !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { @@ -1803,6 +1792,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) packet_send(); } } +#endif buffer_consume(&c->output, len); } out: @@ -1826,7 +1816,8 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) buffer_len(&c->extended)); debug2("channel %d: written %d to efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK)) return 1; if (len <= 0) { debug2("channel %d: closing write-efd %d", @@ -1839,11 +1830,12 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) } else if (c->efd != -1 && (c->extended_usage == CHAN_EXTENDED_READ || c->extended_usage == CHAN_EXTENDED_IGNORE) && - FD_ISSET(c->efd, readset)) { + (c->detach_close || FD_ISSET(c->efd, readset))) { len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %d from efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + errno == EWOULDBLOCK) && !c->detach_close))) return 1; if (len <= 0) { debug2("channel %d: closing read-efd %d", @@ -1861,7 +1853,6 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset) return 1; } -/* ARGSUSED */ static int channel_check_window(Channel *c) { @@ -1871,21 +1862,14 @@ channel_check_window(Channel *c) c->local_maxpacket*3) || c->local_window < c->local_window_max/2) && c->local_consumed > 0) { - u_int addition = 0; - /* adjust max window size if we are in a dynamic environment */ - if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) { - /* grow the window somewhat aggressively to maintain pressure */ - addition = 1.5*(c->tcpwinsz - c->local_window_max); - c->local_window_max += addition; - } packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); packet_put_int(c->remote_id); - packet_put_int(c->local_consumed + addition); + packet_put_int(c->local_consumed); packet_send(); debug2("channel %d: window %d sent adjust %d", c->self, c->local_window, c->local_consumed); - c->local_window += c->local_consumed + addition; + c->local_window += c->local_consumed; c->local_consumed = 0; } return 1; @@ -2249,12 +2233,11 @@ channel_after_select(fd_set *readset, fd_set *writeset) /* If there is data to send to the connection, enqueue some of it now. */ -int +void channel_output_poll(void) { Channel *c; u_int i, len; - int packet_length = 0; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -2302,7 +2285,7 @@ channel_output_poll(void) packet_start(SSH2_MSG_CHANNEL_DATA); packet_put_int(c->remote_id); packet_put_string(data, dlen); - packet_length = packet_sendx(); + packet_send(); c->remote_window -= dlen; free(data); } @@ -2332,7 +2315,7 @@ channel_output_poll(void) SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA); packet_put_int(c->remote_id); packet_put_string(buffer_ptr(&c->input), len); - packet_length = packet_sendx(); + packet_send(); buffer_consume(&c->input, len); c->remote_window -= len; } @@ -2367,13 +2350,12 @@ channel_output_poll(void) packet_put_int(c->remote_id); packet_put_int(SSH2_EXTENDED_DATA_STDERR); packet_put_string(buffer_ptr(&c->extended), len); - packet_length = packet_sendx(); + packet_send(); buffer_consume(&c->extended, len); c->remote_window -= len; debug2("channel %d: sent ext data %d", c->self, len); } } - return (packet_length); } @@ -2617,7 +2599,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) return 0; } -static const char * +static char * reason2txt(int reason) { switch (reason) { @@ -2767,13 +2749,6 @@ channel_set_af(int af) IPv4or6 = af; } -void -channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size) -{ - hpn_disabled = external_hpn_disabled; - hpn_buffer_size = external_hpn_buffer_size; - debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size); -} /* * Determine whether or not a port forward listens to loopback, the @@ -2929,6 +2904,8 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, } channel_set_reuseaddr(sock); + if (ai->ai_family == AF_INET6) + sock_set_v6only(sock); debug("Local forwarding listening on %s port %s.", ntop, strport); @@ -2936,7 +2913,11 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, /* Bind the socket to the address. */ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { /* address can be in use ipv6 address is already bound */ - verbose("bind: %.100s", strerror(errno)); + if (!ai->ai_next) + error("bind: %.100s", strerror(errno)); + else + verbose("bind: %.100s", strerror(errno)); + close(sock); continue; } @@ -2960,15 +2941,9 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, } /* Allocate a channel number for the socket. */ - /* explicitly test for hpn disabled option. if true use smaller window size */ - if (hpn_disabled) c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); - else - c = channel_new("port listener", type, sock, sock, -1, - hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); c->path = xstrdup(host); c->host_port = fwd->connect_port; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); @@ -3444,7 +3419,7 @@ channel_request_rforward_cancel_streamlocal(const char *path) return 0; } - + /* * Request cancellation of remote forwarding of a connection from local side. */ @@ -3477,6 +3452,7 @@ channel_input_port_forward_request(int is_root, struct ForwardOptions *fwd_opts) fwd.connect_host = packet_get_string(NULL); fwd.connect_port = packet_get_int(); +#ifndef HAVE_CYGWIN /* * Check that an unprivileged user is not trying to forward a * privileged port. @@ -3487,6 +3463,7 @@ channel_input_port_forward_request(int is_root, struct ForwardOptions *fwd_opts) fwd.listen_port); if (fwd.connect_port == 0) packet_disconnect("Dynamic forwarding denied."); +#endif /* Initiate forwarding */ success = channel_setup_local_fwd_listener(&fwd, fwd_opts); @@ -3719,7 +3696,7 @@ channel_connect_ctx_free(struct channel_connect *cctx) /* Return CONNECTING channel to remote host:port or local socket path */ static Channel * -connect_to(const char *name, int port, const char *ctype, const char *rname) +connect_to(const char *name, int port, char *ctype, char *rname) { struct addrinfo hints; int gaierr; @@ -3785,7 +3762,7 @@ connect_to(const char *name, int port, const char *ctype, const char *rname) Channel * channel_connect_by_listen_address(const char *listen_host, - u_short listen_port, const char *ctype, char *rname) + u_short listen_port, char *ctype, char *rname) { int i; @@ -3803,7 +3780,7 @@ channel_connect_by_listen_address(const char *listen_host, } Channel * -channel_connect_by_listen_path(const char *path, const char *ctype, const char *rname) +channel_connect_by_listen_path(const char *path, char *ctype, char *rname) { int i; @@ -3821,7 +3798,7 @@ channel_connect_by_listen_path(const char *path, const char *ctype, const char * /* Check if connecting to that port is permitted and connect. */ Channel * -channel_connect_to_port(const char *host, u_short port, const char *ctype, const char *rname) +channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) { int i, permit, permit_adm = 1; @@ -3853,7 +3830,7 @@ channel_connect_to_port(const char *host, u_short port, const char *ctype, const /* Check if connecting to that path is permitted and connect. */ Channel * -channel_connect_to_path(const char *path, const char *ctype, const char *rname) +channel_connect_to_path(const char *path, char *ctype, char *rname) { int i, permit, permit_adm = 1; @@ -3944,11 +3921,24 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { - error("socket: %.100s", strerror(errno)); - freeaddrinfo(aitop); - return -1; + if ((errno != EINVAL) && (errno != EAFNOSUPPORT) +#ifdef EPFNOSUPPORT + && (errno != EPFNOSUPPORT) +#endif + ) { + error("socket: %.100s", strerror(errno)); + freeaddrinfo(aitop); + return -1; + } else { + debug("x11_create_display_inet: Socket family %d not supported", + ai->ai_family); + continue; + } } - channel_set_reuseaddr(sock); + if (ai->ai_family == AF_INET6) + sock_set_v6only(sock); + if (x11_use_localhost) + channel_set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); @@ -3985,17 +3975,10 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; - /* Is this really necassary? */ - if (hpn_disabled) nc = channel_new("x11 listener", SSH_CHANNEL_X11_LISTENER, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "X11 inet listener", 1); - else - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); nc->single_connection = single_connection; (*chanids)[n] = nc->self; } @@ -4007,7 +3990,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } static int -connect_local_xsocket(u_int dnr) +connect_local_xsocket_path(const char *pathname) { int sock; struct sockaddr_un addr; @@ -4017,7 +4000,7 @@ connect_local_xsocket(u_int dnr) error("socket: %.100s", strerror(errno)); memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr); + strlcpy(addr.sun_path, pathname, sizeof addr.sun_path); if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0) return sock; close(sock); @@ -4025,6 +4008,14 @@ connect_local_xsocket(u_int dnr) return -1; } +static int +connect_local_xsocket(u_int dnr) +{ + char buf[1024]; + snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr); + return connect_local_xsocket_path(buf); +} + int x11_connect_display(void) { @@ -4046,6 +4037,17 @@ x11_connect_display(void) * connection to the real X server. */ + /* Check if the display is from launchd. */ +#ifdef __APPLE__ + if (strncmp(display, "/tmp/launch", 11) == 0) { + sock = connect_local_xsocket_path(display); + if (sock < 0) + return -1; + + /* OK, we now have a connection to the display. */ + return sock; + } +#endif /* * Check if it is a unix domain socket. Unix domain displays are in * one of the following formats: unix:d[.s], :d[.s], ::d[.s] diff --git a/crypto/external/bsd/openssh/dist/channels.h b/crypto/external/bsd/openssh/dist/channels.h index 54be9d0ff..9d76c9d2a 100644 --- a/crypto/external/bsd/openssh/dist/channels.h +++ b/crypto/external/bsd/openssh/dist/channels.h @@ -1,4 +1,3 @@ -/* $NetBSD: channels.h,v 1.11 2015/07/03 00:59:59 christos Exp $ */ /* $OpenBSD: channels.h,v 1.118 2015/07/01 02:26:31 djm Exp $ */ /* @@ -68,7 +67,7 @@ typedef struct Channel Channel; typedef void channel_open_fn(int, int, void *); typedef void channel_callback_fn(int, void *); -typedef int channel_infilter_fn(struct Channel *, const char *, int); +typedef int channel_infilter_fn(struct Channel *, char *, int); typedef void channel_filter_cleanup_fn(int, void *); typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *); @@ -106,6 +105,9 @@ struct Channel { int sock; /* sock fd */ int ctl_chan; /* control channel (multiplexed connections) */ int isatty; /* rfd is a tty */ +#ifdef _AIX + int wfd_isatty; /* wfd is a tty */ +#endif int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ time_t notbefore; /* Pause IO until deadline (time_t) */ @@ -132,10 +134,8 @@ struct Channel { u_int local_window_max; u_int local_consumed; u_int local_maxpacket; - int dynamic_window; int extended_usage; int single_connection; - u_int tcpwinsz; char *ctype; /* type */ @@ -170,11 +170,9 @@ struct Channel { /* default window/packet sizes for tcp/x11-fwd-channel */ #define CHAN_SES_PACKET_DEFAULT (32*1024) -#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT) - +#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) #define CHAN_TCP_PACKET_DEFAULT (32*1024) -#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT) - +#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) @@ -212,15 +210,14 @@ struct Channel { Channel *channel_by_id(int); Channel *channel_lookup(int); -Channel *channel_new(const char *, int, int, int, int, u_int, u_int, int, - const char *, int); +Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); void channel_set_fds(int, int, int, int, int, int, int, u_int); void channel_free(Channel *); void channel_free_all(void); void channel_stop_listening(void); void channel_send_open(int); -void channel_request_start(int, const char *, int); +void channel_request_start(int, char *, int); void channel_register_cleanup(int, channel_callback_fn *, int); void channel_register_open_confirm(int, channel_open_fn *, void *); void channel_register_filter(int, channel_infilter_fn *, @@ -250,7 +247,7 @@ int channel_input_status_confirm(int, u_int32_t, void *); void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, time_t*, int); void channel_after_select(fd_set *, fd_set *); -int channel_output_poll(void); +void channel_output_poll(void); int channel_not_very_much_buffered_data(void); void channel_close_all(void); @@ -271,12 +268,12 @@ void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); int channel_input_port_forward_request(int, struct ForwardOptions *); -Channel *channel_connect_to_port(const char *, u_short, const char *, const char *); -Channel *channel_connect_to_path(const char *, const char *, const char *); +Channel *channel_connect_to_port(const char *, u_short, char *, char *); +Channel *channel_connect_to_path(const char *, char *, char *); Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); Channel *channel_connect_by_listen_address(const char *, u_short, - const char *, char *); -Channel *channel_connect_by_listen_path(const char *, const char *, const char *); + char *, char *); +Channel *channel_connect_by_listen_path(const char *, char *, char *); int channel_request_remote_forwarding(struct Forward *); int channel_setup_local_fwd_listener(struct Forward *, struct ForwardOptions *); int channel_request_rforward_cancel(struct Forward *); @@ -315,7 +312,4 @@ void chan_rcvd_ieof(Channel *); void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); -/* hpn handler */ -void channel_set_hpn(int, int); - #endif diff --git a/crypto/external/bsd/openssh/dist/cipher-3des1.c b/crypto/external/bsd/openssh/dist/cipher-3des1.c index 3b75f8dc0..6a0f1f37b 100644 --- a/crypto/external/bsd/openssh/dist/cipher-3des1.c +++ b/crypto/external/bsd/openssh/dist/cipher-3des1.c @@ -1,4 +1,3 @@ -/* $NetBSD: cipher-3des1.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -20,7 +19,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: cipher-3des1.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); + #include #include #include @@ -65,7 +64,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, return 1; if (enc == -1) enc = ctx->encrypt; - k1 = k2 = k3 = __UNCONST(key); + k1 = k2 = k3 = (u_char *) key; k2 += 8; if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { if (enc) @@ -94,7 +93,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) return 0; - if (EVP_Cipher(&c->k1, dest, __UNCONST(src), len) == 0 || + if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || EVP_Cipher(&c->k2, dest, dest, len) == 0 || EVP_Cipher(&c->k3, dest, dest, len) == 0) return 0; diff --git a/crypto/external/bsd/openssh/dist/cipher-aesctr.c b/crypto/external/bsd/openssh/dist/cipher-aesctr.c index e13615195..eed95c3e6 100644 --- a/crypto/external/bsd/openssh/dist/cipher-aesctr.c +++ b/crypto/external/bsd/openssh/dist/cipher-aesctr.c @@ -15,9 +15,13 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include +#ifndef WITH_OPENSSL + #include "cipher-aesctr.h" /* @@ -25,7 +29,7 @@ * the counter is of size 'len' bytes and stored in network-byte-order. * (LSB at ctr[len-1], MSB at ctr[0]) */ -static __inline__ void +static inline void aesctr_inc(u8 *ctr, u32 len) { ssize_t i; @@ -76,3 +80,4 @@ aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes) n = (n + 1) % AES_BLOCK_SIZE; } } +#endif /* !WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/cipher-bf1.c b/crypto/external/bsd/openssh/dist/cipher-bf1.c index ecb0c8e99..ee72ac085 100644 --- a/crypto/external/bsd/openssh/dist/cipher-bf1.c +++ b/crypto/external/bsd/openssh/dist/cipher-bf1.c @@ -1,4 +1,3 @@ -/* $NetBSD: cipher-bf1.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: cipher-bf1.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -20,11 +19,18 @@ */ #include "includes.h" -__RCSID("$NetBSD: cipher-bf1.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include + +#include #include + #include +#include "openbsd-compat/openssl-compat.h" + /* * SSH1 uses a variation on Blowfish, all bytes must be swapped before * and after encryption/decryption. Thus the swap_bytes stuff (yuk). @@ -51,11 +57,25 @@ swap_bytes(const u_char *src, u_char *dst, int n) } } +#ifdef SSH_OLD_EVP +static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + if (iv != NULL) + memcpy (&(ctx->oiv[0]), iv, 8); + memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8); + if (key != NULL) + BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx), + key); +} +#endif + static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, - const u_char *, size_t) = NULL; + const u_char *, LIBCRYPTO_EVP_INL_TYPE) = NULL; static int -bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, size_t len) +bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, + LIBCRYPTO_EVP_INL_TYPE len) { int ret; @@ -73,7 +93,11 @@ evp_ssh1_bf(void) memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); orig_bf = ssh1_bf.do_cipher; ssh1_bf.nid = NID_undef; +#ifdef SSH_OLD_EVP + ssh1_bf.init = bf_ssh1_init; +#endif ssh1_bf.do_cipher = bf_ssh1_cipher; ssh1_bf.key_len = 32; return (&ssh1_bf); } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/cipher-chachapoly.c b/crypto/external/bsd/openssh/dist/cipher-chachapoly.c index 16b26a240..7f31ff4ce 100644 --- a/crypto/external/bsd/openssh/dist/cipher-chachapoly.c +++ b/crypto/external/bsd/openssh/dist/cipher-chachapoly.c @@ -14,10 +14,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: cipher-chachapoly.c,v 1.6 2014/07/03 12:42:16 jsing Exp $ */ /* $OpenBSD: cipher-chachapoly.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ + #include "includes.h" -__RCSID("$NetBSD: cipher-chachapoly.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include #include /* needed for log.h */ diff --git a/crypto/external/bsd/openssh/dist/cipher.c b/crypto/external/bsd/openssh/dist/cipher.c index aa0accc13..02dae6f9f 100644 --- a/crypto/external/bsd/openssh/dist/cipher.c +++ b/crypto/external/bsd/openssh/dist/cipher.c @@ -1,4 +1,3 @@ -/* $NetBSD: cipher.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: cipher.c,v 1.100 2015/01/14 10:29:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: cipher.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); + #include #include @@ -50,6 +49,8 @@ __RCSID("$NetBSD: cipher.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); #include "ssherr.h" #include "digest.h" +#include "openbsd-compat/openssl-compat.h" + #ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); @@ -57,7 +58,7 @@ extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); #endif struct sshcipher { - const char *name; + char *name; int number; /* for ssh1 only */ u_int block_size; u_int key_len; @@ -81,7 +82,7 @@ static const struct sshcipher ciphers[] = { { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, -#endif +#endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, @@ -97,25 +98,21 @@ static const struct sshcipher ciphers[] = { { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, -#ifdef AES_CTR_MT - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, evp_aes_ctr_mt }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, evp_aes_ctr_mt }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, evp_aes_ctr_mt }, -#else { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, -#endif +# ifdef OPENSSL_HAVE_EVPGCM { "aes128-gcm@openssh.com", SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, { "aes256-gcm@openssh.com", SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, -#else +# endif /* OPENSSL_HAVE_EVPGCM */ +#else /* WITH_OPENSSL */ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, -#endif +#endif /* WITH_OPENSSL */ { "chacha20-poly1305@openssh.com", SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, @@ -247,8 +244,7 @@ ciphers_valid(const char *names) for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); - if (c == NULL || (c->number != SSH_CIPHER_SSH2 && -c->number != SSH_CIPHER_NONE)) { + if (c == NULL || c->number != SSH_CIPHER_SSH2) { free(cipher_list); return 0; } @@ -274,7 +270,7 @@ cipher_number(const char *name) return -1; } -const char * +char * cipher_name(int id) { const struct sshcipher *c = cipher_by_number(id); @@ -331,14 +327,14 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, #else type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); - if (EVP_CipherInit(&cc->evp, type, NULL, __UNCONST(iv), + if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto bad; } if (cipher_authlen(cipher) && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, - -1, __UNCONST(iv))) { + -1, (u_char *)iv)) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto bad; } @@ -349,7 +345,7 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, goto bad; } } - if (EVP_CipherInit(&cc->evp, NULL, __UNCONST(key), NULL, -1) == 0) { + if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto bad; } @@ -421,18 +417,18 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, /* set tag on decyption */ if (!cc->encrypt && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG, - authlen, __UNCONST(src + aadlen + len))) + authlen, (u_char *)src + aadlen + len)) return SSH_ERR_LIBCRYPTO_ERROR; } if (aadlen) { if (authlen && - EVP_Cipher(&cc->evp, NULL, (const u_char *)src, aadlen) < 0) + EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0) return SSH_ERR_LIBCRYPTO_ERROR; memcpy(dest, src, aadlen); } if (len % cc->cipher->block_size) return SSH_ERR_INVALID_ARGUMENT; - if (EVP_Cipher(&cc->evp, dest + aadlen, (const u_char *)src + aadlen, + if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen, len) < 0) return SSH_ERR_LIBCRYPTO_ERROR; if (authlen) { @@ -549,7 +545,6 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) switch (c->number) { #ifdef WITH_OPENSSL - case SSH_CIPHER_NONE: case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -560,6 +555,11 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) return SSH_ERR_LIBCRYPTO_ERROR; if ((u_int)evplen != len) return SSH_ERR_INVALID_ARGUMENT; +#ifndef OPENSSL_HAVE_EVPCTR + if (c->evptype == evp_aes_128_ctr) + ssh_aes_ctr_iv(&cc->evp, 0, iv, len); + else +#endif if (cipher_authlen(c)) { if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) @@ -593,7 +593,6 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) switch (c->number) { #ifdef WITH_OPENSSL - case SSH_CIPHER_NONE: case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -603,7 +602,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) if (cipher_authlen(c)) { /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ if (!EVP_CIPHER_CTX_ctrl(&cc->evp, - EVP_CTRL_GCM_SET_IV_FIXED, -1, __UNCONST(iv))) + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else memcpy(cc->evp.iv, iv, evplen); @@ -611,7 +610,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) #endif #ifdef WITH_SSH1 case SSH_CIPHER_3DES: - return ssh1_3des_iv(&cc->evp, 1, __UNCONST(iv), 24); + return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); #endif default: return SSH_ERR_INVALID_ARGUMENT; diff --git a/crypto/external/bsd/openssh/dist/cipher.h b/crypto/external/bsd/openssh/dist/cipher.h index 8dd99977d..06d4be4d7 100644 --- a/crypto/external/bsd/openssh/dist/cipher.h +++ b/crypto/external/bsd/openssh/dist/cipher.h @@ -1,4 +1,3 @@ -/* $NetBSD: cipher.h,v 1.8 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: cipher.h,v 1.48 2015/07/08 19:09:25 markus Exp $ */ /* @@ -77,7 +76,7 @@ u_int cipher_mask_ssh1(int); const struct sshcipher *cipher_by_name(const char *); const struct sshcipher *cipher_by_number(int); int cipher_number(const char *); -const char *cipher_name(int); +char *cipher_name(int); const char *cipher_warning_message(const struct sshcipher_ctx *); int ciphers_valid(const char *); char *cipher_alg_list(char, int); diff --git a/crypto/external/bsd/openssh/dist/cleanup.c b/crypto/external/bsd/openssh/dist/cleanup.c index 60faea5e9..238f965e6 100644 --- a/crypto/external/bsd/openssh/dist/cleanup.c +++ b/crypto/external/bsd/openssh/dist/cleanup.c @@ -1,4 +1,3 @@ -/* $NetBSD: cleanup.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Markus Friedl @@ -16,6 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include diff --git a/crypto/external/bsd/openssh/dist/clientloop.c b/crypto/external/bsd/openssh/dist/clientloop.c index c6970ccc9..87ceb3dab 100644 --- a/crypto/external/bsd/openssh/dist/clientloop.c +++ b/crypto/external/bsd/openssh/dist/clientloop.c @@ -1,4 +1,3 @@ -/* $NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ /* * Author: Tatu Ylonen @@ -61,20 +60,25 @@ */ #include "includes.h" -__RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $"); #include /* MIN MAX */ #include #include -#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif #include -#include -#include #include #include +#ifdef HAVE_PATHS_H #include +#endif #include +#include #include #include #include @@ -83,6 +87,7 @@ __RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $"); #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" @@ -107,7 +112,6 @@ __RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $"); #include "match.h" #include "msg.h" #include "roaming.h" -#include "getpeereid.h" #include "ssherr.h" #include "hostfile.h" @@ -610,16 +614,13 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, * buffered data to send to the server. */ if (!stdin_eof && packet_not_very_much_data_to_write()) - if ((ret = fileno(stdin)) != -1) - FD_SET(ret, *readsetp); + FD_SET(fileno(stdin), *readsetp); /* Select stdout/stderr if have data in buffer. */ if (buffer_len(&stdout_buffer) > 0) - if ((ret = fileno(stdout)) != -1) - FD_SET(ret, *writesetp); + FD_SET(fileno(stdout), *writesetp); if (buffer_len(&stderr_buffer) > 0) - if ((ret = fileno(stderr)) != -1) - FD_SET(ret, *writesetp); + FD_SET(fileno(stderr), *writesetp); } else { /* channel_prepare_select could have closed the last channel */ if (session_closed && !channel_still_open() && @@ -735,7 +736,7 @@ static void client_process_net_input(fd_set *readset) { int len, cont = 0; - char buf[8192]; + char buf[SSH_IOBUFSZ]; /* * Read input from the server, and add any such data to the buffer of @@ -760,7 +761,8 @@ client_process_net_input(fd_set *readset) * There is a kernel bug on Solaris that causes select to * sometimes wake up even though there is no data available. */ - if (len < 0 && (errno == EAGAIN || errno == EINTR)) + if (len < 0 && + (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) len = 0; if (len < 0) { @@ -949,9 +951,8 @@ process_cmdline(void) goto out; } - s++; - while (isspace((u_char)*s)) - s++; + while (isspace((u_char)*++s)) + ; /* XXX update list of forwards in options */ if (delete) { @@ -1066,7 +1067,7 @@ print_escape_help(Buffer *b, int escape_char, int protocol2, int mux_client, */ static int process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, - const char *buf, int len) + char *buf, int len) { char string[1024]; pid_t pid; @@ -1307,71 +1308,73 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, static void client_process_input(fd_set *readset) { - int len, fd; - char buf[8192]; + int len; + char buf[SSH_IOBUFSZ]; /* Read input from stdin. */ - if ((fd = fileno(stdin)) == -1 || !FD_ISSET(fd, readset)) - return; - /* Read as much as possible. */ - len = read(fd, buf, sizeof(buf)); - if (len < 0 && (errno == EAGAIN || errno == EINTR)) - return; /* we'll try again later */ - if (len <= 0) { - /* - * Received EOF or error. They are treated - * similarly, except that an error message is printed - * if it was an error condition. - */ - if (len < 0) { - snprintf(buf, sizeof buf, "read: %.100s\r\n", - strerror(errno)); - buffer_append(&stderr_buffer, buf, strlen(buf)); + if (FD_ISSET(fileno(stdin), readset)) { + /* Read as much as possible. */ + len = read(fileno(stdin), buf, sizeof(buf)); + if (len < 0 && + (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) + return; /* we'll try again later */ + if (len <= 0) { + /* + * Received EOF or error. They are treated + * similarly, except that an error message is printed + * if it was an error condition. + */ + if (len < 0) { + snprintf(buf, sizeof buf, "read: %.100s\r\n", + strerror(errno)); + buffer_append(&stderr_buffer, buf, strlen(buf)); + } + /* Mark that we have seen EOF. */ + stdin_eof = 1; + /* + * Send an EOF message to the server unless there is + * data in the buffer. If there is data in the + * buffer, no message will be sent now. Code + * elsewhere will send the EOF when the buffer + * becomes empty if stdin_eof is set. + */ + if (buffer_len(&stdin_buffer) == 0) { + packet_start(SSH_CMSG_EOF); + packet_send(); + } + } else if (escape_char1 == SSH_ESCAPECHAR_NONE) { + /* + * Normal successful read, and no escape character. + * Just append the data to buffer. + */ + buffer_append(&stdin_buffer, buf, len); + } else { + /* + * Normal, successful read. But we have an escape + * character and have to process the characters one + * by one. + */ + if (process_escapes(NULL, &stdin_buffer, + &stdout_buffer, &stderr_buffer, buf, len) == -1) + return; } - /* Mark that we have seen EOF. */ - stdin_eof = 1; - /* - * Send an EOF message to the server unless there is - * data in the buffer. If there is data in the - * buffer, no message will be sent now. Code - * elsewhere will send the EOF when the buffer - * becomes empty if stdin_eof is set. - */ - if (buffer_len(&stdin_buffer) == 0) { - packet_start(SSH_CMSG_EOF); - packet_send(); - } - } else if (escape_char1 == SSH_ESCAPECHAR_NONE) { - /* - * Normal successful read, and no escape character. - * Just append the data to buffer. - */ - buffer_append(&stdin_buffer, buf, len); - } else { - /* - * Normal, successful read. But we have an escape - * character and have to process the characters one - * by one. - */ - if (process_escapes(NULL, &stdin_buffer, - &stdout_buffer, &stderr_buffer, buf, len) == -1) - return; } } static void client_process_output(fd_set *writeset) { - int len, fd; + int len; char buf[100]; /* Write buffered output to stdout. */ - if ((fd = fileno(stdout)) != -1 && FD_ISSET(fd, writeset)) { + if (FD_ISSET(fileno(stdout), writeset)) { /* Write as much data as possible. */ - len = write(fd, buffer_ptr(&stdout_buffer), + len = write(fileno(stdout), buffer_ptr(&stdout_buffer), buffer_len(&stdout_buffer)); if (len <= 0) { - if (errno == EINTR || errno == EAGAIN) + if (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK) len = 0; else { /* @@ -1389,12 +1392,13 @@ client_process_output(fd_set *writeset) buffer_consume(&stdout_buffer, len); } /* Write buffered output to stderr. */ - if ((fd = fileno(stderr)) != -1 && FD_ISSET(fd, writeset)) { + if (FD_ISSET(fileno(stderr), writeset)) { /* Write as much data as possible. */ - len = write(fd, buffer_ptr(&stderr_buffer), + len = write(fileno(stderr), buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer)); if (len <= 0) { - if (errno == EINTR || errno == EAGAIN) + if (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK) len = 0; else { /* @@ -1450,7 +1454,7 @@ client_filter_cleanup(int cid, void *ctx) } int -client_simple_escape_filter(Channel *c, const char *buf, int len) +client_simple_escape_filter(Channel *c, char *buf, int len) { if (c->extended_usage != CHAN_EXTENDED_WRITE) return 0; @@ -1608,8 +1612,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) channel_after_select(readset, writeset); if (need_rekeying || packet_need_rekeying()) { debug("need rekeying"); - if (active_state->kex != NULL) - active_state->kex->done = 0; + active_state->kex->done = 0; if ((r = kex_send_kexinit(active_state)) != 0) fatal("%s: kex_send_kexinit: %s", __func__, ssh_err(r)); @@ -1920,15 +1923,9 @@ client_request_x11(const char *request_type, int rchan) sock = x11_connect_display(); if (sock < 0) return NULL; - /* again is this really necessary for X11? */ - if (options.hpn_disabled) c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); - else - c = channel_new("x11", - SSH_CHANNEL_X11_OPEN, sock, sock, -1, - options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); c->force_drain = 1; return c; } @@ -1951,16 +1948,10 @@ client_request_agent(const char *request_type, int rchan) __func__, ssh_err(r)); return NULL; } - if (options.hpn_disabled) c = channel_new("authentication agent connection", SSH_CHANNEL_OPEN, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "authentication agent connection", 1); - else - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - options.hpn_buffer_size, options.hpn_buffer_size, 0, - "authentication agent connection", 1); c->force_drain = 1; return c; } @@ -1987,14 +1978,16 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) return -1; } - if(options.hpn_disabled) c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); - else - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, - options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; +#if defined(SSH_TUN_FILTER) + if (options.tun_open == SSH_TUNMODE_POINTOPOINT) + channel_register_filter(c->self, sys_tun_infilter, + sys_tun_outfilter, NULL, NULL); +#endif + packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring("tun@openssh.com"); packet_put_int(c->self); diff --git a/crypto/external/bsd/openssh/dist/clientloop.h b/crypto/external/bsd/openssh/dist/clientloop.h index 71a8c2d1f..338d45186 100644 --- a/crypto/external/bsd/openssh/dist/clientloop.h +++ b/crypto/external/bsd/openssh/dist/clientloop.h @@ -1,4 +1,3 @@ -/* $NetBSD: clientloop.h,v 1.10 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ /* @@ -51,7 +50,7 @@ void client_stop_mux(void); /* Escape filter for protocol 2 sessions */ void *client_new_escape_filter_ctx(int); void client_filter_cleanup(int, void *); -int client_simple_escape_filter(Channel *, const char *, int); +int client_simple_escape_filter(Channel *, char *, int); /* Global request confirmation callbacks */ typedef void global_confirm_cb(int, u_int32_t seq, void *); diff --git a/crypto/external/bsd/openssh/dist/compat.c b/crypto/external/bsd/openssh/dist/compat.c index b1589d9f4..55838044c 100644 --- a/crypto/external/bsd/openssh/dist/compat.c +++ b/crypto/external/bsd/openssh/dist/compat.c @@ -1,4 +1,3 @@ -/* $NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $"); + #include #include @@ -63,7 +62,7 @@ compat_datafellows(const char *version) { int i; static struct { - const char *pat; + char *pat; int bugs; } check[] = { { "OpenSSH-2.0*," @@ -211,15 +210,6 @@ compat_datafellows(const char *version) debug("match: %s pat %s compat 0x%08x", version, check[i].pat, check[i].bugs); datafellows = check[i].bugs; /* XXX for now */ - /* Check to see if the remote side is OpenSSH and not HPN */ - if(strstr(version,"OpenSSH") != NULL) - { - if (strstr(version,"hpn") == NULL) - { - datafellows |= SSH_BUG_LARGEWINDOW; - debug("Remote is NON-HPN aware"); - } - } return check[i].bugs; } } @@ -265,7 +255,7 @@ proto_spec(const char *spec) * pattern list. */ static char * -filter_proposal(const char *proposal, const char *filter) +filter_proposal(char *proposal, const char *filter) { Buffer b; char *orig_prop, *fix_prop; @@ -289,8 +279,8 @@ filter_proposal(const char *proposal, const char *filter) return fix_prop; } -const char * -compat_cipher_proposal(const char *cipher_prop) +char * +compat_cipher_proposal(char *cipher_prop) { if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; @@ -315,8 +305,8 @@ compat_pkalg_proposal(char *pkalg_prop) return pkalg_prop; } -const char * -compat_kex_proposal(const char *p) +char * +compat_kex_proposal(char *p) { if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) return p; diff --git a/crypto/external/bsd/openssh/dist/compat.h b/crypto/external/bsd/openssh/dist/compat.h index a423a1aa2..2be290a8a 100644 --- a/crypto/external/bsd/openssh/dist/compat.h +++ b/crypto/external/bsd/openssh/dist/compat.h @@ -1,4 +1,3 @@ -/* $NetBSD: compat.h,v 1.7 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */ /* @@ -63,15 +62,14 @@ #define SSH_BUG_CURVE25519PAD 0x10000000 #define SSH_BUG_HOSTKEYS 0x20000000 #define SSH_BUG_DHGEX_LARGE 0x40000000 -#define SSH_BUG_LARGEWINDOW 0x80000000 void enable_compat13(void); void enable_compat20(void); u_int compat_datafellows(const char *); int proto_spec(const char *); -const char *compat_cipher_proposal(const char *); +char *compat_cipher_proposal(char *); char *compat_pkalg_proposal(char *); -const char *compat_kex_proposal(const char *); +char *compat_kex_proposal(char *); extern int compat13; extern int compat20; diff --git a/crypto/external/bsd/openssh/dist/crc32.c b/crypto/external/bsd/openssh/dist/crc32.c index 27765ab6f..c192eb4d6 100644 --- a/crypto/external/bsd/openssh/dist/crc32.c +++ b/crypto/external/bsd/openssh/dist/crc32.c @@ -1,4 +1,3 @@ -/* $NetBSD: crc32.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */ /* @@ -24,10 +23,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include "includes.h" -__RCSID("$NetBSD: crc32.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); -#include #include "crc32.h" static const u_int32_t crc32tab[] = { diff --git a/crypto/external/bsd/openssh/dist/crc32.h b/crypto/external/bsd/openssh/dist/crc32.h index c709a1ffd..5d7131aff 100644 --- a/crypto/external/bsd/openssh/dist/crc32.h +++ b/crypto/external/bsd/openssh/dist/crc32.h @@ -1,4 +1,3 @@ -/* $NetBSD: crc32.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/crypto_api.h b/crypto/external/bsd/openssh/dist/crypto_api.h index 580ba79bd..5820ce8fa 100644 --- a/crypto/external/bsd/openssh/dist/crypto_api.h +++ b/crypto/external/bsd/openssh/dist/crypto_api.h @@ -8,7 +8,9 @@ #ifndef crypto_api_h #define crypto_api_h -#include +#ifdef HAVE_STDINT_H +# include +#endif #include typedef int32_t crypto_int32; diff --git a/crypto/external/bsd/openssh/dist/deattack.c b/crypto/external/bsd/openssh/dist/deattack.c index aaec089c4..e76481a6d 100644 --- a/crypto/external/bsd/openssh/dist/deattack.c +++ b/crypto/external/bsd/openssh/dist/deattack.c @@ -1,4 +1,3 @@ -/* $NetBSD: deattack.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: deattack.c,v 1.32 2015/01/20 23:14:00 deraadt Exp $ */ /* * Cryptographic attack detector for ssh - source code @@ -20,13 +19,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: deattack.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); -#include #include #include -#include -#include #include #include "deattack.h" diff --git a/crypto/external/bsd/openssh/dist/deattack.h b/crypto/external/bsd/openssh/dist/deattack.h index cb1cc5d03..ce67a30ff 100644 --- a/crypto/external/bsd/openssh/dist/deattack.h +++ b/crypto/external/bsd/openssh/dist/deattack.h @@ -1,4 +1,3 @@ -/* $NetBSD: deattack.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/dh.c b/crypto/external/bsd/openssh/dist/dh.c index 81a95cdbb..4c639acc3 100644 --- a/crypto/external/bsd/openssh/dist/dh.c +++ b/crypto/external/bsd/openssh/dist/dh.c @@ -1,4 +1,3 @@ -/* $NetBSD: dh.c,v 1.9 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -25,24 +24,22 @@ */ #include "includes.h" -__RCSID("$NetBSD: dh.c,v 1.9 2015/07/03 01:00:00 christos Exp $"); -#include + #include /* MIN */ #include #include +#include #include #include #include -#include #include #include "dh.h" #include "pathnames.h" #include "log.h" #include "misc.h" -#include "random.h" #include "ssherr.h" static int @@ -311,7 +308,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) DH * dh_new_group1(void) { - static const char *gen = "2", *group1 = + static char *gen = "2", *group1 = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" @@ -325,7 +322,7 @@ dh_new_group1(void) DH * dh_new_group14(void) { - static const char *gen = "2", *group14 = + static char *gen = "2", *group14 = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" @@ -348,7 +345,7 @@ dh_new_group14(void) DH * dh_new_group_fallback(int max) { - static const char *gen = "2", *group16 = + static char *gen = "2", *group16 = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" diff --git a/crypto/external/bsd/openssh/dist/dh.h b/crypto/external/bsd/openssh/dist/dh.h index 676dedc5d..654695315 100644 --- a/crypto/external/bsd/openssh/dist/dh.h +++ b/crypto/external/bsd/openssh/dist/dh.h @@ -1,4 +1,3 @@ -/* $NetBSD: dh.h,v 1.5 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/digest-libc.c b/crypto/external/bsd/openssh/dist/digest-libc.c index fd100d718..40db00274 100644 --- a/crypto/external/bsd/openssh/dist/digest-libc.c +++ b/crypto/external/bsd/openssh/dist/digest-libc.c @@ -15,18 +15,22 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: digest-libc.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); + +#ifndef WITH_OPENSSL #include #include #include #include +#if 0 #include #include #include #include +#endif #include "ssherr.h" #include "sshbuf.h" @@ -89,30 +93,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = { "SHA256", SHA256_BLOCK_LENGTH, SHA256_DIGEST_LENGTH, - sizeof(SHA2_CTX), - (md_init_fn *) SHA256Init, - (md_update_fn *) SHA256Update, - (md_final_fn *) SHA256Final + sizeof(SHA256_CTX), + (md_init_fn *) SHA256_Init, + (md_update_fn *) SHA256_Update, + (md_final_fn *) SHA256_Final }, { SSH_DIGEST_SHA384, "SHA384", SHA384_BLOCK_LENGTH, SHA384_DIGEST_LENGTH, - sizeof(SHA2_CTX), - (md_init_fn *) SHA384Init, - (md_update_fn *) SHA384Update, - (md_final_fn *) SHA384Final + sizeof(SHA384_CTX), + (md_init_fn *) SHA384_Init, + (md_update_fn *) SHA384_Update, + (md_final_fn *) SHA384_Final }, { SSH_DIGEST_SHA512, "SHA512", SHA512_BLOCK_LENGTH, SHA512_DIGEST_LENGTH, - sizeof(SHA2_CTX), - (md_init_fn *) SHA512Init, - (md_update_fn *) SHA512Update, - (md_final_fn *) SHA512Final + sizeof(SHA512_CTX), + (md_init_fn *) SHA512_Init, + (md_update_fn *) SHA512_Update, + (md_final_fn *) SHA512_Final } }; @@ -257,3 +261,4 @@ ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) { return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); } +#endif /* !WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/digest-openssl.c b/crypto/external/bsd/openssh/dist/digest-openssl.c index 06a59c59e..13b63c2f0 100644 --- a/crypto/external/bsd/openssh/dist/digest-openssl.c +++ b/crypto/external/bsd/openssh/dist/digest-openssl.c @@ -14,8 +14,10 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: digest-openssl.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL #include #include @@ -24,10 +26,21 @@ __RCSID("$NetBSD: digest-openssl.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include +#include "openbsd-compat/openssl-compat.h" + #include "sshbuf.h" #include "digest.h" #include "ssherr.h" +#ifndef HAVE_EVP_RIPEMD160 +# define EVP_ripemd160 NULL +#endif /* HAVE_EVP_RIPEMD160 */ +#ifndef HAVE_EVP_SHA256 +# define EVP_sha256 NULL +# define EVP_sha384 NULL +# define EVP_sha512 NULL +#endif /* HAVE_EVP_SHA256 */ + struct ssh_digest_ctx { int alg; EVP_MD_CTX mdctx; @@ -58,6 +71,8 @@ ssh_digest_by_alg(int alg) return NULL; if (digests[alg].id != alg) /* sanity */ return NULL; + if (digests[alg].mdfunc == NULL) + return NULL; return &(digests[alg]); } @@ -187,3 +202,4 @@ ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen) { return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen); } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/dispatch.c b/crypto/external/bsd/openssh/dist/dispatch.c index 06f0ccc0d..aac933e0a 100644 --- a/crypto/external/bsd/openssh/dist/dispatch.c +++ b/crypto/external/bsd/openssh/dist/dispatch.c @@ -1,4 +1,3 @@ -/* $NetBSD: dispatch.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: dispatch.c,v 1.27 2015/05/01 07:10:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: dispatch.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); + #include #include @@ -51,7 +50,7 @@ dispatch_protocol_error(int type, u_int32_t seq, void *ctx) if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || (r = sshpkt_put_u32(ssh, seq)) != 0 || (r = sshpkt_send(ssh)) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) sshpkt_fatal(ssh, __func__, r); return 0; } diff --git a/crypto/external/bsd/openssh/dist/dispatch.h b/crypto/external/bsd/openssh/dist/dispatch.h index ec0883edb..cd51dbc0b 100644 --- a/crypto/external/bsd/openssh/dist/dispatch.h +++ b/crypto/external/bsd/openssh/dist/dispatch.h @@ -1,4 +1,3 @@ -/* $NetBSD: dispatch.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: dispatch.h,v 1.12 2015/01/19 20:07:45 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/dns.c b/crypto/external/bsd/openssh/dist/dns.c index 3c082a17c..e813afeae 100644 --- a/crypto/external/bsd/openssh/dist/dns.c +++ b/crypto/external/bsd/openssh/dist/dns.c @@ -1,4 +1,3 @@ -/* $NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */ /* @@ -27,11 +26,12 @@ */ #include "includes.h" -__RCSID("$NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $"); + #include #include #include +#include #include #include #include @@ -42,7 +42,6 @@ __RCSID("$NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $"); #include "ssherr.h" #include "dns.h" #include "log.h" -#include "getrrsetbyname.h" #include "digest.h" static const char *errset_text[] = { @@ -288,8 +287,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (hostkey_algorithm == dnskey_algorithm && hostkey_digest_type == dnskey_digest_type) { if (hostkey_digest_len == dnskey_digest_len && - consttime_memequal(hostkey_digest, dnskey_digest, - hostkey_digest_len)) + timingsafe_bcmp(hostkey_digest, dnskey_digest, + hostkey_digest_len) == 0) *flags |= DNS_VERIFY_MATCH; } free(dnskey_digest); diff --git a/crypto/external/bsd/openssh/dist/dns.h b/crypto/external/bsd/openssh/dist/dns.h index 34c68af0c..30e2b19b3 100644 --- a/crypto/external/bsd/openssh/dist/dns.h +++ b/crypto/external/bsd/openssh/dist/dns.h @@ -1,4 +1,3 @@ -/* $NetBSD: dns.h,v 1.7 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: dns.h,v 1.15 2015/05/08 06:45:13 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ed25519.c b/crypto/external/bsd/openssh/dist/ed25519.c index c36422f61..767ec24d6 100644 --- a/crypto/external/bsd/openssh/dist/ed25519.c +++ b/crypto/external/bsd/openssh/dist/ed25519.c @@ -5,9 +5,8 @@ * Peter Schwabe, Bo-Yin Yang. * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c */ -#include "includes.h" -__RCSID("$NetBSD: ed25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +#include "includes.h" #include "crypto_api.h" #include "ge25519.h" diff --git a/crypto/external/bsd/openssh/dist/fatal.c b/crypto/external/bsd/openssh/dist/fatal.c index 43d74c255..5e5aa3fe1 100644 --- a/crypto/external/bsd/openssh/dist/fatal.c +++ b/crypto/external/bsd/openssh/dist/fatal.c @@ -1,4 +1,3 @@ -/* $NetBSD: fatal.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: fatal.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + #include #include diff --git a/crypto/external/bsd/openssh/dist/fe25519.c b/crypto/external/bsd/openssh/dist/fe25519.c index f46c812a8..e54fd1547 100644 --- a/crypto/external/bsd/openssh/dist/fe25519.c +++ b/crypto/external/bsd/openssh/dist/fe25519.c @@ -5,8 +5,8 @@ * Peter Schwabe, Bo-Yin Yang. * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c */ + #include "includes.h" -__RCSID("$NetBSD: fe25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #define WINDOWSIZE 1 /* Should be 1,2, or 4 */ #define WINDOWMASK ((1< -#include -#include -#include -#include -#include - -#include "fmt_scaled.h" - -typedef enum { - NONE = 0, KILO = 1, MEGA = 2, GIGA = 3, TERA = 4, PETA = 5, EXA = 6 -} unit_type; - -/* These three arrays MUST be in sync! XXX make a struct */ -static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; -static char scale_chars[] = "BKMGTPE"; -static long long scale_factors[] = { - 1LL, - 1024LL, - 1024LL*1024, - 1024LL*1024*1024, - 1024LL*1024*1024*1024, - 1024LL*1024*1024*1024*1024, - 1024LL*1024*1024*1024*1024*1024, -}; -#define SCALE_LENGTH (sizeof(units)/sizeof(units[0])) - -#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ - -/** Convert the given input string "scaled" into numeric in "result". - * Return 0 on success, -1 and errno set on error. - */ -int -scan_scaled(const char *scaled, long long *result) -{ - const char *p = scaled; - int sign = 0; - unsigned int i, ndigits = 0, fract_digits = 0; - long long scale_fact = 1, whole = 0, fpart = 0; - - /* Skip leading whitespace */ - while (isascii((unsigned char)*p) && isspace((unsigned char)*p)) - ++p; - - /* Then at most one leading + or - */ - while (*p == '-' || *p == '+') { - if (*p == '-') { - if (sign) { - errno = EINVAL; - return -1; - } - sign = -1; - ++p; - } else if (*p == '+') { - if (sign) { - errno = EINVAL; - return -1; - } - sign = +1; - ++p; - } - } - - /* Main loop: Scan digits, find decimal point, if present. - * We don't allow exponentials, so no scientific notation - * (but note that E for Exa might look like e to some!). - * Advance 'p' to end, to get scale factor. - */ - for (; isascii((unsigned char)*p) && (isdigit((unsigned char)*p) || *p=='.'); ++p) { - if (*p == '.') { - if (fract_digits > 0) { /* oops, more than one '.' */ - errno = EINVAL; - return -1; - } - fract_digits = 1; - continue; - } - - i = (*p) - '0'; /* whew! finally a digit we can use */ - if (fract_digits > 0) { - if (fract_digits >= MAX_DIGITS-1) - /* ignore extra fractional digits */ - continue; - fract_digits++; /* for later scaling */ - fpart *= 10; - fpart += i; - } else { /* normal digit */ - if (++ndigits >= MAX_DIGITS) { - errno = ERANGE; - return -1; - } - whole *= 10; - whole += i; - } - } - - if (sign) { - whole *= sign; - fpart *= sign; - } - - /* If no scale factor given, we're done. fraction is discarded. */ - if (!*p) { - *result = whole; - return 0; - } - - /* Validate scale factor, and scale whole and fraction by it. */ - for (i = 0; i < SCALE_LENGTH; i++) { - - /** Are we there yet? */ - if (*p == scale_chars[i] || - *p == tolower((unsigned char)scale_chars[i])) { - - /* If it ends with alphanumerics after the scale char, bad. */ - if (isalnum((unsigned char)*(p+1))) { - errno = EINVAL; - return -1; - } - scale_fact = scale_factors[i]; - - /* scale whole part */ - whole *= scale_fact; - - /* truncate fpart so it does't overflow. - * then scale fractional part. - */ - while (fpart >= LLONG_MAX / scale_fact) { - fpart /= 10; - fract_digits--; - } - fpart *= scale_fact; - if (fract_digits > 0) { - for (i = 0; i < fract_digits -1; i++) - fpart /= 10; - } - whole += fpart; - *result = whole; - return 0; - } - } - errno = ERANGE; - return -1; -} - -/* Format the given "number" into human-readable form in "result". - * Result must point to an allocated buffer of length FMT_SCALED_STRSIZE. - * Return 0 on success, -1 and errno set if error. - */ -int -fmt_scaled(long long number, char *result) -{ - long long abval, fract = 0; - unsigned int i; - unit_type unit = NONE; - - abval = (number < 0LL) ? -number : number; /* no long long_abs yet */ - - /* Not every negative long long has a positive representation. - * Also check for numbers that are just too darned big to format - */ - if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { - errno = ERANGE; - return -1; - } - - /* scale whole part; get unscaled fraction */ - for (i = 0; i < SCALE_LENGTH; i++) { - if (abval/1024 < scale_factors[i]) { - unit = units[i]; - fract = (i == 0) ? 0 : abval % scale_factors[i]; - number /= scale_factors[i]; - if (i > 0) - fract /= scale_factors[i - 1]; - break; - } - } - - fract = (10 * fract + 512) / 1024; - /* if the result would be >= 10, round main number */ - if (fract == 10) { - if (number >= 0) - number++; - else - number--; - fract = 0; - } - - if (number == 0) - strlcpy(result, "0B", FMT_SCALED_STRSIZE); - else if (unit == NONE || number >= 100 || number <= -100) { - if (fract >= 5) { - if (number >= 0) - number++; - else - number--; - } - (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld%c", - number, scale_chars[unit]); - } else - (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", - number, fract, scale_chars[unit]); - - return 0; -} - -#ifdef MAIN -/* - * This is the original version of the program in the man page. - * Copy-and-paste whatever you need from it. - */ -int -main(int argc, char **argv) -{ - char *cinput = "1.5K", buf[FMT_SCALED_STRSIZE]; - long long ninput = 10483892, result; - - if (scan_scaled(cinput, &result) == 0) - printf("\"%s\" -> %lld\n", cinput, result); - else - perror(cinput); - - if (fmt_scaled(ninput, buf) == 0) - printf("%lld -> \"%s\"\n", ninput, buf); - else - fprintf(stderr, "%lld invalid (%s)\n", ninput, strerror(errno)); - - return 0; -} -#endif - -#endif /* HAVE_FMT_SCALED */ diff --git a/crypto/external/bsd/openssh/dist/fmt_scaled.c b/crypto/external/bsd/openssh/dist/fmt_scaled.c new file mode 120000 index 000000000..933c5261b --- /dev/null +++ b/crypto/external/bsd/openssh/dist/fmt_scaled.c @@ -0,0 +1 @@ +openbsd-compat/fmt_scaled.c \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/ge25519.c b/crypto/external/bsd/openssh/dist/ge25519.c index 6ccdb26cb..dfe3849b9 100644 --- a/crypto/external/bsd/openssh/dist/ge25519.c +++ b/crypto/external/bsd/openssh/dist/ge25519.c @@ -5,8 +5,8 @@ * Peter Schwabe, Bo-Yin Yang. * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c */ + #include "includes.h" -__RCSID("$NetBSD: ge25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include "fe25519.h" #include "sc25519.h" @@ -269,13 +269,13 @@ void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, cons /* precomputation s2 s1 */ setneutral(pre); /* 00 00 */ pre[1] = *p1; /* 00 01 */ - dbl_p1p1(&tp1p1,(const ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ pre[4] = *p2; /* 01 00 */ add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ - dbl_p1p1(&tp1p1,(const ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ + dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ diff --git a/crypto/external/bsd/openssh/dist/getrrsetbyname.c b/crypto/external/bsd/openssh/dist/getrrsetbyname.c deleted file mode 100644 index 749c9f96d..000000000 --- a/crypto/external/bsd/openssh/dist/getrrsetbyname.c +++ /dev/null @@ -1,610 +0,0 @@ -/* $NetBSD: getrrsetbyname.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ - -/* - * Copyright (c) 2001 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ - -#include "includes.h" -__RCSID("$NetBSD: getrrsetbyname.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); - -#ifndef HAVE_GETRRSETBYNAME - -#include -#include -#include - -#include "getrrsetbyname.h" - -#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO -extern int h_errno; -#endif - -/* We don't need multithread support here */ -#ifdef _THREAD_PRIVATE -# undef _THREAD_PRIVATE -#endif -#define _THREAD_PRIVATE(a,b,c) (c) -#ifndef __NetBSD__ -struct __res_state _res; -#else -#define HAVE__GETSHORT -#define HAVE__GETLONG -#endif - -/* Necessary functions and macros */ - -/* - * Inline versions of get/put short/long. Pointer is advanced. - * - * These macros demonstrate the property of C whereby it can be - * portable or it can be elegant but rarely both. - */ - -#ifndef INT32SZ -# define INT32SZ 4 -#endif -#ifndef INT16SZ -# define INT16SZ 2 -#endif - -#ifndef GETSHORT -#define GETSHORT(s, cp) { \ - register u_char *t_cp = (u_char *)(cp); \ - (s) = ((u_int16_t)t_cp[0] << 8) \ - | ((u_int16_t)t_cp[1]) \ - ; \ - (cp) += INT16SZ; \ -} -#endif - -#ifndef GETLONG -#define GETLONG(l, cp) { \ - register u_char *t_cp = (u_char *)(cp); \ - (l) = ((u_int32_t)t_cp[0] << 24) \ - | ((u_int32_t)t_cp[1] << 16) \ - | ((u_int32_t)t_cp[2] << 8) \ - | ((u_int32_t)t_cp[3]) \ - ; \ - (cp) += INT32SZ; \ -} -#endif - -/* - * Routines to insert/extract short/long's. - */ - -#ifndef HAVE__GETSHORT -static u_int16_t -_getshort(msgp) - register const u_char *msgp; -{ - register u_int16_t u; - - GETSHORT(u, msgp); - return (u); -} -#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0) -u_int16_t _getshort(register const u_char *); -#endif - -#ifndef HAVE__GETLONG -static u_int32_t -_getlong(msgp) - register const u_char *msgp; -{ - register u_int32_t u; - - GETLONG(u, msgp); - return (u); -} -#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0) -u_int32_t _getlong(register const u_char *); -#endif - -/* ************** */ - -#define ANSWER_BUFFER_SIZE 1024*64 - -struct dns_query { - char *name; - u_int16_t type; - u_int16_t class; - struct dns_query *next; -}; - -struct dns_rr { - char *name; - u_int16_t type; - u_int16_t class; - u_int16_t ttl; - u_int16_t size; - void *rdata; - struct dns_rr *next; -}; - -struct dns_response { - HEADER header; - struct dns_query *query; - struct dns_rr *answer; - struct dns_rr *authority; - struct dns_rr *additional; -}; - -static struct dns_response *parse_dns_response(const u_char *, int); -static struct dns_query *parse_dns_qsection(const u_char *, int, - const u_char **, int); -static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **, - int); - -static void free_dns_query(struct dns_query *); -static void free_dns_rr(struct dns_rr *); -static void free_dns_response(struct dns_response *); - -static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t); - -int -getrrsetbyname(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res) -{ - struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res); - int result; - struct rrsetinfo *rrset = NULL; - struct dns_response *response = NULL; - struct dns_rr *rr; - struct rdatainfo *rdata; - int length; - unsigned int index_ans, index_sig; - u_char answer[ANSWER_BUFFER_SIZE]; - - /* check for invalid class and type */ - if (rdclass > 0xffff || rdtype > 0xffff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow queries of class or type ANY */ - if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow flags yet, unimplemented */ - if (flags) { - result = ERRSET_INVAL; - goto fail; - } - - /* initialize resolver */ - if ((_resp->options & RES_INIT) == 0 && res_init() == -1) { - result = ERRSET_FAIL; - goto fail; - } - -#ifdef DEBUG - _resp->options |= RES_DEBUG; -#endif /* DEBUG */ - -#ifdef RES_USE_DNSSEC - /* turn on DNSSEC if EDNS0 is configured */ - if (_resp->options & RES_USE_EDNS0) - _resp->options |= RES_USE_DNSSEC; -#endif /* RES_USE_DNSEC */ - - /* make query */ - length = res_query(hostname, (signed int) rdclass, (signed int) rdtype, - answer, sizeof(answer)); - if (length < 0) { - switch(h_errno) { - case HOST_NOT_FOUND: - result = ERRSET_NONAME; - goto fail; - case NO_DATA: - result = ERRSET_NODATA; - goto fail; - default: - result = ERRSET_FAIL; - goto fail; - } - } - - /* parse result */ - response = parse_dns_response(answer, length); - if (response == NULL) { - result = ERRSET_FAIL; - goto fail; - } - - if (response->header.qdcount != 1) { - result = ERRSET_FAIL; - goto fail; - } - - /* initialize rrset */ - rrset = calloc(1, sizeof(struct rrsetinfo)); - if (rrset == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - rrset->rri_rdclass = response->query->class; - rrset->rri_rdtype = response->query->type; - rrset->rri_ttl = response->answer->ttl; - rrset->rri_nrdatas = response->header.ancount; - -#ifdef HAVE_HEADER_AD - /* check for authenticated data */ - if (response->header.ad == 1) - rrset->rri_flags |= RRSET_VALIDATED; -#endif - - /* copy name from answer section */ - rrset->rri_name = strdup(response->answer->name); - if (rrset->rri_name == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* count answers */ - rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass, - rrset->rri_rdtype); - rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass, - T_SIG); - - /* allocate memory for answers */ - rrset->rri_rdatas = calloc(rrset->rri_nrdatas, - sizeof(struct rdatainfo)); - if (rrset->rri_rdatas == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* allocate memory for signatures */ - rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* copy answers & signatures */ - for (rr = response->answer, index_ans = 0, index_sig = 0; - rr; rr = rr->next) { - - rdata = NULL; - - if (rr->class == rrset->rri_rdclass && - rr->type == rrset->rri_rdtype) - rdata = &rrset->rri_rdatas[index_ans++]; - - if (rr->class == rrset->rri_rdclass && - rr->type == T_SIG) - rdata = &rrset->rri_sigs[index_sig++]; - - if (rdata) { - rdata->rdi_length = rr->size; - rdata->rdi_data = malloc(rr->size); - - if (rdata->rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rdata->rdi_data, rr->rdata, rr->size); - } - } - free_dns_response(response); - - *res = rrset; - return (ERRSET_SUCCESS); - -fail: - if (rrset != NULL) - freerrset(rrset); - if (response != NULL) - free_dns_response(response); - return (result); -} - -void -freerrset(struct rrsetinfo *rrset) -{ - u_int16_t i; - - if (rrset == NULL) - return; - - if (rrset->rri_rdatas) { - for (i = 0; i < rrset->rri_nrdatas; i++) { - if (rrset->rri_rdatas[i].rdi_data == NULL) - break; - free(rrset->rri_rdatas[i].rdi_data); - } - free(rrset->rri_rdatas); - } - - if (rrset->rri_sigs) { - for (i = 0; i < rrset->rri_nsigs; i++) { - if (rrset->rri_sigs[i].rdi_data == NULL) - break; - free(rrset->rri_sigs[i].rdi_data); - } - free(rrset->rri_sigs); - } - - if (rrset->rri_name) - free(rrset->rri_name); - free(rrset); -} - -/* - * DNS response parsing routines - */ -static struct dns_response * -parse_dns_response(const u_char *answer, int size) -{ - struct dns_response *resp; - const u_char *cp; - - /* allocate memory for the response */ - resp = calloc(1, sizeof(*resp)); - if (resp == NULL) - return (NULL); - - /* initialize current pointer */ - cp = answer; - - /* copy header */ - memcpy(&resp->header, cp, HFIXEDSZ); - cp += HFIXEDSZ; - - /* fix header byte order */ - resp->header.qdcount = ntohs(resp->header.qdcount); - resp->header.ancount = ntohs(resp->header.ancount); - resp->header.nscount = ntohs(resp->header.nscount); - resp->header.arcount = ntohs(resp->header.arcount); - - /* there must be at least one query */ - if (resp->header.qdcount < 1) { - free_dns_response(resp); - return (NULL); - } - - /* parse query section */ - resp->query = parse_dns_qsection(answer, size, &cp, - resp->header.qdcount); - if (resp->header.qdcount && resp->query == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse answer section */ - resp->answer = parse_dns_rrsection(answer, size, &cp, - resp->header.ancount); - if (resp->header.ancount && resp->answer == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse authority section */ - resp->authority = parse_dns_rrsection(answer, size, &cp, - resp->header.nscount); - if (resp->header.nscount && resp->authority == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse additional section */ - resp->additional = parse_dns_rrsection(answer, size, &cp, - resp->header.arcount); - if (resp->header.arcount && resp->additional == NULL) { - free_dns_response(resp); - return (NULL); - } - - return (resp); -} - -static struct dns_query * -parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count) -{ - struct dns_query *head, *curr, *prev; - int i, length; - char name[MAXDNAME]; - - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { - - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_query)); - if (curr == NULL) { - free_dns_query(head); - return (NULL); - } - if (head == NULL) - head = curr; - if (prev != NULL) - prev->next = curr; - - /* name */ - length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); - if (length < 0) { - free_dns_query(head); - return (NULL); - } - curr->name = strdup(name); - if (curr->name == NULL) { - free_dns_query(head); - return (NULL); - } - *cp += length; - - /* type */ - curr->type = _getshort(*cp); - *cp += INT16SZ; - - /* class */ - curr->class = _getshort(*cp); - *cp += INT16SZ; - } - - return (head); -} - -static struct dns_rr * -parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, - int count) -{ - struct dns_rr *head, *curr, *prev; - int i, length; - char name[MAXDNAME]; - - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { - - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_rr)); - if (curr == NULL) { - free_dns_rr(head); - return (NULL); - } - if (head == NULL) - head = curr; - if (prev != NULL) - prev->next = curr; - - /* name */ - length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); - if (length < 0) { - free_dns_rr(head); - return (NULL); - } - curr->name = strdup(name); - if (curr->name == NULL) { - free_dns_rr(head); - return (NULL); - } - *cp += length; - - /* type */ - curr->type = _getshort(*cp); - *cp += INT16SZ; - - /* class */ - curr->class = _getshort(*cp); - *cp += INT16SZ; - - /* ttl */ - curr->ttl = _getlong(*cp); - *cp += INT32SZ; - - /* rdata size */ - curr->size = _getshort(*cp); - *cp += INT16SZ; - - /* rdata itself */ - curr->rdata = malloc(curr->size); - if (curr->rdata == NULL) { - free_dns_rr(head); - return (NULL); - } - memcpy(curr->rdata, *cp, curr->size); - *cp += curr->size; - } - - return (head); -} - -static void -free_dns_query(struct dns_query *p) -{ - if (p == NULL) - return; - - if (p->name) - free(p->name); - free_dns_query(p->next); - free(p); -} - -static void -free_dns_rr(struct dns_rr *p) -{ - if (p == NULL) - return; - - if (p->name) - free(p->name); - if (p->rdata) - free(p->rdata); - free_dns_rr(p->next); - free(p); -} - -static void -free_dns_response(struct dns_response *p) -{ - if (p == NULL) - return; - - free_dns_query(p->query); - free_dns_rr(p->answer); - free_dns_rr(p->authority); - free_dns_rr(p->additional); - free(p); -} - -static int -count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) -{ - int n = 0; - - while(p) { - if (p->class == class && p->type == type) - n++; - p = p->next; - } - - return (n); -} - -#endif /* !defined(HAVE_GETRRSETBYNAME) */ diff --git a/crypto/external/bsd/openssh/dist/getrrsetbyname.c b/crypto/external/bsd/openssh/dist/getrrsetbyname.c new file mode 120000 index 000000000..260332e5b --- /dev/null +++ b/crypto/external/bsd/openssh/dist/getrrsetbyname.c @@ -0,0 +1 @@ +openbsd-compat/getrrsetbyname.c \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/getrrsetbyname.h b/crypto/external/bsd/openssh/dist/getrrsetbyname.h deleted file mode 100644 index b43e9ef0d..000000000 --- a/crypto/external/bsd/openssh/dist/getrrsetbyname.h +++ /dev/null @@ -1,111 +0,0 @@ -/* OPENBSD BASED ON : include/netdb.h */ - -/* $NetBSD: getrrsetbyname.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */ - -/* - * Copyright (c) 2001 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _GETRRSETBYNAME_H -#define _GETRRSETBYNAME_H - -#include "includes.h" - -#ifndef HAVE_GETRRSETBYNAME - -#include -#include -#include -#include -#include - -#ifndef HFIXEDSZ -#define HFIXEDSZ 12 -#endif - -#ifndef T_SIG -#define T_SIG 24 -#endif - -/* - * Flags for getrrsetbyname() - */ -#ifndef RRSET_VALIDATED -# define RRSET_VALIDATED 1 -#endif - -/* - * Return codes for getrrsetbyname() - */ -#ifndef ERRSET_SUCCESS -# define ERRSET_SUCCESS 0 -# define ERRSET_NOMEMORY 1 -# define ERRSET_FAIL 2 -# define ERRSET_INVAL 3 -# define ERRSET_NONAME 4 -# define ERRSET_NODATA 5 -#endif - -struct rdatainfo { - unsigned int rdi_length; /* length of data */ - unsigned char *rdi_data; /* record data */ -}; - -struct rrsetinfo { - unsigned int rri_flags; /* RRSET_VALIDATED ... */ - unsigned int rri_rdclass; /* class number */ - unsigned int rri_rdtype; /* RR type number */ - unsigned int rri_ttl; /* time to live */ - unsigned int rri_nrdatas; /* size of rdatas array */ - unsigned int rri_nsigs; /* size of sigs array */ - char *rri_name; /* canonical name */ - struct rdatainfo *rri_rdatas; /* individual records */ - struct rdatainfo *rri_sigs; /* individual signatures */ -}; - -int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **); -void freerrset(struct rrsetinfo *); - -#endif /* !defined(HAVE_GETRRSETBYNAME) */ - -#endif /* _GETRRSETBYNAME_H */ diff --git a/crypto/external/bsd/openssh/dist/getrrsetbyname.h b/crypto/external/bsd/openssh/dist/getrrsetbyname.h new file mode 120000 index 000000000..7b7069eb6 --- /dev/null +++ b/crypto/external/bsd/openssh/dist/getrrsetbyname.h @@ -0,0 +1 @@ +openbsd-compat/getrrsetbyname.h \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/groupaccess.c b/crypto/external/bsd/openssh/dist/groupaccess.c index 3a2d3e46f..2518c8487 100644 --- a/crypto/external/bsd/openssh/dist/groupaccess.c +++ b/crypto/external/bsd/openssh/dist/groupaccess.c @@ -1,4 +1,3 @@ -/* $NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); + #include #include @@ -41,7 +40,7 @@ __RCSID("$NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); #include "log.h" static int ngroups; -static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ +static char **groups_byname; /* * Initialize group access list for user with primary (base) and @@ -50,19 +49,27 @@ static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ int ga_init(const char *user, gid_t base) { - gid_t groups_bygid[NGROUPS_MAX + 1]; + gid_t *groups_bygid; int i, j; struct group *gr; if (ngroups > 0) ga_free(); - ngroups = sizeof(groups_bygid) / sizeof(gid_t); + ngroups = NGROUPS_MAX; +#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) + ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); +#endif + + groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid)); + groups_byname = xcalloc(ngroups, sizeof(*groups_byname)); + if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) logit("getgrouplist: groups list too small"); for (i = 0, j = 0; i < ngroups; i++) if ((gr = getgrgid(groups_bygid[i])) != NULL) groups_byname[j++] = xstrdup(gr->gr_name); + free(groups_bygid); return (ngroups = j); } @@ -116,5 +123,6 @@ ga_free(void) for (i = 0; i < ngroups; i++) free(groups_byname[i]); ngroups = 0; + free(groups_byname); } } diff --git a/crypto/external/bsd/openssh/dist/groupaccess.h b/crypto/external/bsd/openssh/dist/groupaccess.h index a5ee00a9d..000578e76 100644 --- a/crypto/external/bsd/openssh/dist/groupaccess.h +++ b/crypto/external/bsd/openssh/dist/groupaccess.h @@ -1,4 +1,3 @@ -/* $NetBSD: groupaccess.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: groupaccess.h,v 1.8 2008/07/04 03:44:59 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/gss-genr.c b/crypto/external/bsd/openssh/dist/gss-genr.c index 93fe1cbd8..d617d600a 100644 --- a/crypto/external/bsd/openssh/dist/gss-genr.c +++ b/crypto/external/bsd/openssh/dist/gss-genr.c @@ -1,4 +1,3 @@ -/* $NetBSD: gss-genr.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */ /* @@ -26,16 +25,17 @@ */ #include "includes.h" -__RCSID("$NetBSD"); + #ifdef GSSAPI +#include #include +#include #include #include +#include #include -#include -#include #include "xmalloc.h" #include "buffer.h" @@ -255,7 +255,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; - gss_OID_desc spnego_oid = {6, __UNCONST("\x2B\x06\x01\x05\x05\x02")}; + gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; /* RFC 4462 says we MUST NOT do SPNEGO */ if (oid->length == spnego_oid.length && diff --git a/crypto/external/bsd/openssh/dist/gss-serv-krb5.c b/crypto/external/bsd/openssh/dist/gss-serv-krb5.c index fba43fcdb..795992d9f 100644 --- a/crypto/external/bsd/openssh/dist/gss-serv-krb5.c +++ b/crypto/external/bsd/openssh/dist/gss-serv-krb5.c @@ -1,4 +1,3 @@ -/* $NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ /* @@ -26,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); + #ifdef GSSAPI #ifdef KRB5 @@ -40,16 +39,22 @@ __RCSID("$NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); #include "hostfile.h" #include "auth.h" #include "log.h" - -#include "buffer.h" #include "misc.h" #include "servconf.h" + +#include "buffer.h" #include "ssh-gss.h" extern ServerOptions options; -#include -#include +#ifdef HEIMDAL +# include +#endif +#ifdef HAVE_GSSAPI_KRB5_H +# include +#elif HAVE_GSSAPI_GSSAPI_KRB5_H +# include +#endif static krb5_context krb_context = NULL; @@ -68,9 +73,6 @@ ssh_gssapi_krb5_init(void) logit("Cannot initialize krb5 context"); return 0; } -#ifdef isneeded - krb5_init_ets(krb_context); -#endif return 1; } @@ -119,7 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) krb5_error_code problem; krb5_principal princ; OM_uint32 maj_status, min_status; - size_t len; + int len; const char *errmsg; if (client->creds == NULL) { @@ -130,20 +132,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) if (ssh_gssapi_krb5_init() == 0) return; +#ifdef HEIMDAL +# ifdef HAVE_KRB5_CC_NEW_UNIQUE if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix, NULL, &ccache)) != 0) { errmsg = krb5_get_error_message(krb_context, problem); logit("krb5_cc_new_unique(): %.100s", errmsg); +# else + if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { + logit("krb5_cc_gen_new(): %.100s", + krb5_get_err_text(krb_context, problem)); +# endif krb5_free_error_message(krb_context, errmsg); return; } +#else + if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { + errmsg = krb5_get_error_message(krb_context, problem); + logit("ssh_krb5_cc_gen(): %.100s", errmsg); + krb5_free_error_message(krb_context, errmsg); + return; + } +#endif /* #ifdef HEIMDAL */ if ((problem = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { errmsg = krb5_get_error_message(krb_context, problem); logit("krb5_parse_name(): %.100s", errmsg); krb5_free_error_message(krb_context, errmsg); - krb5_cc_destroy(krb_context, ccache); return; } @@ -166,7 +182,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) } client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); - client->store.envvar = __UNCONST("KRB5CCNAME"); + client->store.envvar = "KRB5CCNAME"; len = strlen(client->store.filename) + 6; client->store.envval = xmalloc(len); snprintf(client->store.envval, len, "FILE:%s", client->store.filename); @@ -184,7 +200,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) ssh_gssapi_mech gssapi_kerberos_mech = { "toWM5Slw5Ew8Mqkay+al2g==", "Kerberos", - {9, __UNCONST("\x2A\x86\x48\x86\xF7\x12\x01\x02\x02")}, + {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}, NULL, &ssh_gssapi_krb5_userok, NULL, diff --git a/crypto/external/bsd/openssh/dist/gss-serv.c b/crypto/external/bsd/openssh/dist/gss-serv.c index f6548e1e1..53993d674 100644 --- a/crypto/external/bsd/openssh/dist/gss-serv.c +++ b/crypto/external/bsd/openssh/dist/gss-serv.c @@ -1,4 +1,3 @@ -/* $NetBSD: gss-serv.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */ /* @@ -26,19 +25,16 @@ */ #include "includes.h" -__RCSID("$NetBSD: gss-serv.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); - -#include -#include -#include #ifdef GSSAPI +#include + +#include #include #include -#include -#include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "buffer.h" #include "key.h" diff --git a/crypto/external/bsd/openssh/dist/hash.c b/crypto/external/bsd/openssh/dist/hash.c index 2679878bc..734c6bee2 100644 --- a/crypto/external/bsd/openssh/dist/hash.c +++ b/crypto/external/bsd/openssh/dist/hash.c @@ -7,8 +7,8 @@ D. J. Bernstein Public domain. */ + #include "includes.h" -__RCSID("$NetBSD: hash.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include "crypto_api.h" diff --git a/crypto/external/bsd/openssh/dist/hmac.c b/crypto/external/bsd/openssh/dist/hmac.c index b41cd7e15..1c879640c 100644 --- a/crypto/external/bsd/openssh/dist/hmac.c +++ b/crypto/external/bsd/openssh/dist/hmac.c @@ -14,8 +14,8 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: hmac.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/hostfile.c b/crypto/external/bsd/openssh/dist/hostfile.c index d0417c267..2850a4793 100644 --- a/crypto/external/bsd/openssh/dist/hostfile.c +++ b/crypto/external/bsd/openssh/dist/hostfile.c @@ -1,4 +1,3 @@ -/* $NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +37,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); + #include #include @@ -46,11 +45,11 @@ __RCSID("$NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); #include #include +#include #include #include #include #include -#include #include #include "xmalloc.h" diff --git a/crypto/external/bsd/openssh/dist/hostfile.h b/crypto/external/bsd/openssh/dist/hostfile.h index c24406520..bd2104373 100644 --- a/crypto/external/bsd/openssh/dist/hostfile.h +++ b/crypto/external/bsd/openssh/dist/hostfile.h @@ -1,4 +1,3 @@ -/* $NetBSD: hostfile.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/includes.h b/crypto/external/bsd/openssh/dist/includes.h index 7891fd641..2893a54cd 100644 --- a/crypto/external/bsd/openssh/dist/includes.h +++ b/crypto/external/bsd/openssh/dist/includes.h @@ -1,9 +1,182 @@ -/* $NetBSD: includes.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ -#include -#ifndef __OpenBSD__ -#define __bounded__(a, b, c) -#define explicit_bzero(a, b) explicit_memset((a), 0, (b)) -#define timingsafe_bcmp(a, b, c) (!consttime_memequal((a), (b), (c))) +/* $OpenBSD: includes.h,v 1.54 2006/07/22 20:48:23 stevesk Exp $ */ + +/* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * This file includes most of the needed system headers. + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef INCLUDES_H +#define INCLUDES_H + +#include "config.h" + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE /* activate extra prototypes for glibc */ #endif -#include "namespace.h" +#include +#include +#include /* For CMSG_* */ + +#ifdef HAVE_LIMITS_H +# include /* For PATH_MAX, _POSIX_HOST_NAME_MAX */ +#endif +#ifdef HAVE_BSTRING_H +# include +#endif +#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ + defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ + defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ + !defined(BROKEN_GLOB) +# include +#endif +#ifdef HAVE_ENDIAN_H +# include +#endif +#ifdef HAVE_TTYENT_H +# include +#endif +#ifdef HAVE_UTIME_H +# include +#endif +#ifdef HAVE_MAILLOCK_H +# include /* For _PATH_MAILDIR */ +#endif +#ifdef HAVE_NEXT +# include +#endif +#ifdef HAVE_PATHS_H +# include +#endif + +/* + *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively + */ +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_LOGIN_H +# include +#endif + +#ifdef HAVE_UTMP_H +# include +#endif +#ifdef HAVE_UTMPX_H +# include +#endif +#ifdef HAVE_LASTLOG_H +# include +#endif + +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#ifdef HAVE_SYS_BSDTTY_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#include +#ifdef HAVE_SYS_BITYPES_H +# include /* For u_intXX_t */ +#endif +#ifdef HAVE_SYS_CDEFS_H +# include /* For __P() */ +#endif +#ifdef HAVE_SYS_STAT_H +# include /* For S_* constants and macros */ +#endif +#ifdef HAVE_SYS_SYSMACROS_H +# include /* For MIN, MAX, etc */ +#endif +#ifdef HAVE_SYS_MMAN_H +#include /* for MAP_ANONYMOUS */ +#endif +#ifdef HAVE_SYS_STRTIO_H +#include /* for TIOCCBRK on HP-UX */ +#endif +#if defined(HAVE_SYS_PTMS_H) && defined(HAVE_DEV_PTMX) +# if defined(HAVE_SYS_STREAM_H) +# include /* reqd for queue_t on Solaris 2.5.1 */ +# endif +#include /* for grantpt() and friends */ +#endif + +#include +#include /* For typedefs */ +#ifdef HAVE_RPC_TYPES_H +# include /* For INADDR_LOOPBACK */ +#endif +#ifdef USE_PAM +#if defined(HAVE_SECURITY_PAM_APPL_H) +# include +#elif defined (HAVE_PAM_PAM_APPL_H) +# include +#endif +#endif +#ifdef HAVE_READPASSPHRASE_H +# include +#endif + +#ifdef HAVE_IA_H +# include +#endif + +#ifdef HAVE_IAF_H +# include +#endif + +#ifdef HAVE_TMPDIR_H +# include +#endif + +#if defined(HAVE_BSD_LIBUTIL_H) +# include +#elif defined(HAVE_LIBUTIL_H) +# include +#endif + +#if defined(KRB5) && defined(USE_AFS) +# include +# include +#endif + +#if defined(HAVE_SYS_SYSLOG_H) +# include +#endif + +#include + +/* + * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations + * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. + */ +#ifdef GETSPNAM_CONFLICTING_DEFS +# ifdef _INCLUDE__STDC__ +# undef _INCLUDE__STDC__ +# endif +#endif + +#ifdef WITH_OPENSSL +#include /* For OPENSSL_VERSION_NUMBER */ +#endif + +#include "defines.h" + +#include "platform.h" +#include "openbsd-compat/openbsd-compat.h" +#include "openbsd-compat/bsd-nextstep.h" + +#include "entropy.h" + +#endif /* INCLUDES_H */ diff --git a/crypto/external/bsd/openssh/dist/kex.c b/crypto/external/bsd/openssh/dist/kex.c index 91b8ba7a5..5100c661d 100644 --- a/crypto/external/bsd/openssh/dist/kex.c +++ b/crypto/external/bsd/openssh/dist/kex.c @@ -1,4 +1,3 @@ -/* $NetBSD: kex.c,v 1.12 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -25,10 +24,11 @@ */ #include "includes.h" -__RCSID("$NetBSD: kex.c,v 1.12 2015/08/13 10:33:21 christos Exp $"); + #include /* MAX roundup */ #include +#include #include #include #include @@ -49,19 +49,26 @@ __RCSID("$NetBSD: kex.c,v 1.12 2015/08/13 10:33:21 christos Exp $"); #include "misc.h" #include "dispatch.h" #include "monitor.h" -#include "canohost.h" #include "roaming.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" +#if OPENSSL_VERSION_NUMBER >= 0x00907000L +# if defined(HAVE_EVP_SHA256) +# define evp_ssh_sha256 EVP_sha256 +# else +extern const EVP_MD *evp_ssh_sha256(void); +# endif +#endif + /* prototype */ static int kex_choose_conf(struct ssh *); static int kex_input_newkeys(int, u_int32_t, void *); struct kexalg { - const char *name; + char *name; u_int type; int ec_nid; int hash_alg; @@ -71,16 +78,24 @@ static const struct kexalg kexalgs[] = { { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, +#ifdef HAVE_EVP_SHA256 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 */ +#ifdef OPENSSL_HAS_ECC { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, SSH_DIGEST_SHA384 }, +# ifdef OPENSSL_HAS_NISTP521 { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, SSH_DIGEST_SHA512 }, -#endif +# endif /* OPENSSL_HAS_NISTP521 */ +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ +#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, - { NULL, (u_int)-1, -1, -1}, +#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ + { NULL, -1, -1, -1}, }; char * @@ -204,7 +219,7 @@ kex_assemble_names(const char *def, char **list) /* put algorithm proposal into buffer */ int -kex_prop2buf(struct sshbuf *b, const char *proposal[PROPOSAL_MAX]) +kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) { u_int i; int r; @@ -417,7 +432,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) } int -kex_new(struct ssh *ssh, const char *proposal[PROPOSAL_MAX], struct kex **kexp) +kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) { struct kex *kex; int r; @@ -481,9 +496,11 @@ kex_free(struct kex *kex) #ifdef WITH_OPENSSL if (kex->dh) DH_free(kex->dh); +#ifdef OPENSSL_HAS_ECC if (kex->ec_client_key) EC_KEY_free(kex->ec_client_key); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ for (mode = 0; mode < MODE_MAX; mode++) { kex_free_newkeys(kex->newkeys[mode]); kex->newkeys[mode] = NULL; @@ -498,7 +515,7 @@ kex_free(struct kex *kex) } int -kex_setup(struct ssh *ssh, const char *proposal[PROPOSAL_MAX]) +kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX]) { int r; @@ -519,7 +536,6 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; - if ((enc->cipher = cipher_by_name(name)) == NULL) return SSH_ERR_INTERNAL_ERROR; enc->name = name; @@ -635,7 +651,6 @@ kex_choose_conf(struct ssh *ssh) char **cprop, **sprop; int nenc, nmac, ncomp; u_int mode, ctos, need, dh_need, authlen; - int log_flag = 0; int r, first_kex_follows; if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 || @@ -694,37 +709,11 @@ kex_choose_conf(struct ssh *ssh) peer[ncomp] = NULL; goto out; } - debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); - if (strcmp(newkeys->enc.name, "none") == 0) { - int auth_flag; - - auth_flag = ssh_packet_authentication_state(); - debug("Requesting NONE. Authflag is %d", auth_flag); - if (auth_flag == 1) { - debug("None requested post authentication."); - } else { - fatal("Pre-authentication none cipher requests are not allowed."); - } - } debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", newkeys->enc.name, authlen == 0 ? newkeys->mac.name : "", newkeys->comp.name); - /* client starts withctos = 0 && log flag = 0 and no log*/ - /* 2nd client pass ctos=1 and flag = 1 so no log*/ - /* server starts with ctos =1 && log_flag = 0 so log */ - /* 2nd sever pass ctos = 1 && log flag = 1 so no log*/ - /* -cjr*/ - if (ctos && !log_flag) { - logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s", - get_remote_ipaddr(), - get_remote_port(), - newkeys->enc.name, - newkeys->mac.name, - newkeys->comp.name); - } - log_flag = 1; } if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS])) != 0) { diff --git a/crypto/external/bsd/openssh/dist/kex.h b/crypto/external/bsd/openssh/dist/kex.h index 0a947770b..d71b53293 100644 --- a/crypto/external/bsd/openssh/dist/kex.h +++ b/crypto/external/bsd/openssh/dist/kex.h @@ -1,4 +1,3 @@ -/* $NetBSD: kex.h,v 1.10 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */ /* @@ -35,6 +34,20 @@ #include "leakmalloc.h" #endif +#ifdef WITH_OPENSSL +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + #define KEX_COOKIE_LEN 16 #define KEX_DH1 "diffie-hellman-group1-sha1" @@ -150,13 +163,13 @@ char *kex_alg_list(char); char *kex_names_cat(const char *, const char *); int kex_assemble_names(const char *, char **); -int kex_new(struct ssh *, const char *[PROPOSAL_MAX], struct kex **); -int kex_setup(struct ssh *, const char *[PROPOSAL_MAX]); +int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); +int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); void kex_free_newkeys(struct newkeys *); void kex_free(struct kex *); int kex_buf2prop(struct sshbuf *, int *, char ***); -int kex_prop2buf(struct sshbuf *, const char *proposal[PROPOSAL_MAX]); +int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); void kex_prop_free(char **); int kex_send_kexinit(struct ssh *); @@ -208,4 +221,10 @@ derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); void dump_digest(char *, u_char *, int); #endif +#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + #endif diff --git a/crypto/external/bsd/openssh/dist/kexc25519.c b/crypto/external/bsd/openssh/dist/kexc25519.c index c78386527..8d8cd4a2b 100644 --- a/crypto/external/bsd/openssh/dist/kexc25519.c +++ b/crypto/external/bsd/openssh/dist/kexc25519.c @@ -24,8 +24,8 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" -__RCSID("$NetBSD: kexc25519.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); #include diff --git a/crypto/external/bsd/openssh/dist/kexc25519c.c b/crypto/external/bsd/openssh/dist/kexc25519c.c index 274ea9851..b7ef65dc3 100644 --- a/crypto/external/bsd/openssh/dist/kexc25519c.c +++ b/crypto/external/bsd/openssh/dist/kexc25519c.c @@ -24,8 +24,8 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" -__RCSID("$NetBSD: kexc25519c.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include @@ -132,8 +132,8 @@ input_kex_c25519_reply(int type, u_int32_t seq, void *ctxt) kex->hash_alg, kex->client_version_string, kex->server_version_string, - (const char *)sshbuf_ptr(kex->my), sshbuf_len(kex->my), - (const char *)sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, kex->c25519_client_pubkey, server_pubkey, diff --git a/crypto/external/bsd/openssh/dist/kexc25519s.c b/crypto/external/bsd/openssh/dist/kexc25519s.c index fabb10b45..240272533 100644 --- a/crypto/external/bsd/openssh/dist/kexc25519s.c +++ b/crypto/external/bsd/openssh/dist/kexc25519s.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexc25519s.c,v 1.4 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: kexc25519s.c,v 1.9 2015/04/27 00:37:53 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -24,8 +23,8 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" -__RCSID("$NetBSD: kexc25519s.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); #include #include @@ -114,8 +113,8 @@ input_kex_c25519_init(int type, u_int32_t seq, void *ctxt) kex->hash_alg, kex->client_version_string, kex->server_version_string, - (const char *)sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - (const char *)sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, client_pubkey, server_pubkey, diff --git a/crypto/external/bsd/openssh/dist/kexdh.c b/crypto/external/bsd/openssh/dist/kexdh.c index c95e5582a..feea6697d 100644 --- a/crypto/external/bsd/openssh/dist/kexdh.c +++ b/crypto/external/bsd/openssh/dist/kexdh.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexdh.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,7 +24,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexdh.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include #include @@ -89,3 +90,4 @@ kex_dh_hash( #endif return 0; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/kexdhc.c b/crypto/external/bsd/openssh/dist/kexdhc.c index 069c4ffa9..af259f16a 100644 --- a/crypto/external/bsd/openssh/dist/kexdhc.c +++ b/crypto/external/bsd/openssh/dist/kexdhc.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexdhc.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,11 +24,14 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexdhc.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include #include +#include #include #include #include @@ -207,3 +209,4 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/kexdhs.c b/crypto/external/bsd/openssh/dist/kexdhs.c index c34304a88..de7c05b17 100644 --- a/crypto/external/bsd/openssh/dist/kexdhs.c +++ b/crypto/external/bsd/openssh/dist/kexdhs.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexdhs.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexdhs.c,v 1.22 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,8 +24,12 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexdhs.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include + +#include #include #include @@ -210,3 +213,4 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/kexecdh.c b/crypto/external/bsd/openssh/dist/kexecdh.c index 5a7de25c5..2a4fec6b1 100644 --- a/crypto/external/bsd/openssh/dist/kexecdh.c +++ b/crypto/external/bsd/openssh/dist/kexecdh.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexecdh.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexecdh.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +25,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexecdh.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + #include #include @@ -96,3 +97,4 @@ kex_ecdh_hash( #endif return 0; } +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ diff --git a/crypto/external/bsd/openssh/dist/kexecdhc.c b/crypto/external/bsd/openssh/dist/kexecdhc.c index 76c3c1827..90220ce82 100644 --- a/crypto/external/bsd/openssh/dist/kexecdhc.c +++ b/crypto/external/bsd/openssh/dist/kexecdhc.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexecdhc.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexecdhc.c,v 1.10 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +25,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexecdhc.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + #include #include @@ -223,3 +224,5 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) free(signature); return r; } +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + diff --git a/crypto/external/bsd/openssh/dist/kexecdhs.c b/crypto/external/bsd/openssh/dist/kexecdhs.c index 62b344fb3..0adb80e6a 100644 --- a/crypto/external/bsd/openssh/dist/kexecdhs.c +++ b/crypto/external/bsd/openssh/dist/kexecdhs.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexecdhs.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +25,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexecdhs.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + #include #include #include @@ -203,3 +204,5 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) free(signature); return r; } +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + diff --git a/crypto/external/bsd/openssh/dist/kexgex.c b/crypto/external/bsd/openssh/dist/kexgex.c index 3b94cc21d..8b0d83332 100644 --- a/crypto/external/bsd/openssh/dist/kexgex.c +++ b/crypto/external/bsd/openssh/dist/kexgex.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexgex.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: kexgex.c,v 1.29 2015/01/19 20:16:15 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -26,7 +25,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexgex.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include #include @@ -98,3 +99,4 @@ kexgex_hash( #endif return 0; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/kexgexc.c b/crypto/external/bsd/openssh/dist/kexgexc.c index f892a0af8..71ff13352 100644 --- a/crypto/external/bsd/openssh/dist/kexgexc.c +++ b/crypto/external/bsd/openssh/dist/kexgexc.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexgexc.c,v 1.7 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -26,13 +25,15 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexgexc.c,v 1.7 2015/07/03 01:00:00 christos Exp $"); + +#ifdef WITH_OPENSSL #include #include #include +#include #include #include #include @@ -268,3 +269,4 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/kexgexs.c b/crypto/external/bsd/openssh/dist/kexgexs.c index 8309f4487..ff6c6879e 100644 --- a/crypto/external/bsd/openssh/dist/kexgexs.c +++ b/crypto/external/bsd/openssh/dist/kexgexs.c @@ -1,4 +1,3 @@ -/* $NetBSD: kexgexs.c,v 1.9 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -26,9 +25,12 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexgexs.c,v 1.9 2015/07/03 01:00:00 christos Exp $"); + +#ifdef WITH_OPENSSL + #include /* MIN MAX */ +#include #include #include #include @@ -249,3 +251,4 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/key.c b/crypto/external/bsd/openssh/dist/key.c index c7675d159..0ba98b6f3 100644 --- a/crypto/external/bsd/openssh/dist/key.c +++ b/crypto/external/bsd/openssh/dist/key.c @@ -1,12 +1,10 @@ -/* $NetBSD: key.c,v 1.17 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: key.c,v 1.128 2015/07/03 03:43:18 djm Exp $ */ /* * placed in the public domain */ #include "includes.h" -__RCSID("$NetBSD: key.c,v 1.17 2015/08/13 10:33:21 christos Exp $"); -#include + #include #include #include @@ -239,7 +237,7 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal, return 0; } -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) int key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) { diff --git a/crypto/external/bsd/openssh/dist/key.h b/crypto/external/bsd/openssh/dist/key.h index 08c7796a8..903bdf673 100644 --- a/crypto/external/bsd/openssh/dist/key.h +++ b/crypto/external/bsd/openssh/dist/key.h @@ -1,4 +1,3 @@ -/* $NetBSD: key.h,v 1.10 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: key.h,v 1.48 2015/07/03 03:43:18 djm Exp $ */ /* @@ -77,10 +76,10 @@ int key_cert_check_authority(const Key *, int, int, const char *, const char **); char *key_alg_list(int, int); -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); int key_ec_validate_private(const EC_KEY *); -#endif /* WITH_OPENSSL */ +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ Key *key_from_blob(const u_char *, u_int); int key_to_blob(const Key *, u_char **, u_int *); diff --git a/crypto/external/bsd/openssh/dist/krl.c b/crypto/external/bsd/openssh/dist/krl.c index 6cbace679..4075df853 100644 --- a/crypto/external/bsd/openssh/dist/krl.c +++ b/crypto/external/bsd/openssh/dist/krl.c @@ -1,4 +1,3 @@ -/* $NetBSD: krl.c,v 1.7 2015/08/13 10:33:21 christos Exp $ */ /* * Copyright (c) 2012 Damien Miller * @@ -15,16 +14,14 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include -__RCSID("$NetBSD: krl.c,v 1.7 2015/08/13 10:33:21 christos Exp $"); - /* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */ #include "includes.h" + #include /* MIN */ #include -#include -#include +#include +#include #include #include @@ -247,7 +244,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) { struct revoked_serial rs, *ers, *crs, *irs; - KRL_DBG(("%s: insert %"PRIu64":%"PRIu64, __func__, lo, hi)); + KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); memset(&rs, 0, sizeof(rs)); rs.lo = lo; rs.hi = hi; @@ -266,7 +263,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) } ers = irs; } else { - KRL_DBG(("%s: overlap found %"PRIu64":%"PRIu64, __func__, + KRL_DBG(("%s: overlap found %llu:%llu", __func__, ers->lo, ers->hi)); /* * The inserted entry overlaps an existing one. Grow the @@ -285,14 +282,13 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) /* Check predecessors */ while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) { - KRL_DBG(("%s: pred %"PRIu64":%"PRIu64, __func__, - crs->lo, crs->hi)); + KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi)); if (ers->lo != 0 && crs->hi < ers->lo - 1) break; /* This entry overlaps. */ if (crs->lo < ers->lo) { ers->lo = crs->lo; - KRL_DBG(("%s: pred extend %"PRIu64":%"PRIu64, __func__, + KRL_DBG(("%s: pred extend %llu:%llu", __func__, ers->lo, ers->hi)); } RB_REMOVE(revoked_serial_tree, rt, crs); @@ -300,21 +296,19 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) } /* Check successors */ while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) { - KRL_DBG(("%s: succ %"PRIu64":%"PRIu64, __func__, crs->lo, - crs->hi)); + KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi)); if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1) break; /* This entry overlaps. */ if (crs->hi > ers->hi) { ers->hi = crs->hi; - KRL_DBG(("%s: succ extend %"PRIu64":%"PRIu64, __func__, + KRL_DBG(("%s: succ extend %llu:%llu", __func__, ers->lo, ers->hi)); } RB_REMOVE(revoked_serial_tree, rt, crs); free(crs); } - KRL_DBG(("%s: done, final %"PRIu64":%"PRIu64, __func__, ers->lo, - ers->hi)); + KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi)); return 0; } diff --git a/crypto/external/bsd/openssh/dist/log.c b/crypto/external/bsd/openssh/dist/log.c index 114404c9e..ad12930e1 100644 --- a/crypto/external/bsd/openssh/dist/log.c +++ b/crypto/external/bsd/openssh/dist/log.c @@ -1,4 +1,3 @@ -/* $NetBSD: log.c,v 1.13 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: log.c,v 1.46 2015/07/08 19:04:21 markus Exp $ */ /* * Author: Tatu Ylonen @@ -36,9 +35,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: log.c,v 1.13 2015/08/13 10:33:21 christos Exp $"); + #include -#include #include #include @@ -48,7 +46,9 @@ __RCSID("$NetBSD: log.c,v 1.13 2015/08/13 10:33:21 christos Exp $"); #include #include #include -#include +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) +# include +#endif #include "log.h" @@ -56,12 +56,15 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; static int log_stderr_fd = STDERR_FILENO; static int log_facility = LOG_AUTH; -static const char *argv0; +static char *argv0; static log_handler_fn *log_handler; static void *log_handler_ctx; extern char *__progname; +#define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) +#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL) + /* textual representation of log-facilities/levels */ static struct { @@ -71,6 +74,9 @@ static struct { { "DAEMON", SYSLOG_FACILITY_DAEMON }, { "USER", SYSLOG_FACILITY_USER }, { "AUTH", SYSLOG_FACILITY_AUTH }, +#ifdef LOG_AUTHPRIV + { "AUTHPRIV", SYSLOG_FACILITY_AUTHPRIV }, +#endif { "LOCAL0", SYSLOG_FACILITY_LOCAL0 }, { "LOCAL1", SYSLOG_FACILITY_LOCAL1 }, { "LOCAL2", SYSLOG_FACILITY_LOCAL2 }, @@ -160,11 +166,13 @@ error(const char *fmt,...) void sigdie(const char *fmt,...) { +#ifdef DO_LOG_SAFE_IN_SIGHAND va_list args; va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); +#endif _exit(1); } @@ -230,9 +238,12 @@ debug3(const char *fmt,...) */ void -log_init(const char *av0, LogLevel level, SyslogFacility facility, - int on_stderr) +log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif + argv0 = av0; switch (level) { @@ -269,6 +280,11 @@ log_init(const char *av0, LogLevel level, SyslogFacility facility, case SYSLOG_FACILITY_AUTH: log_facility = LOG_AUTH; break; +#ifdef LOG_AUTHPRIV + case SYSLOG_FACILITY_AUTHPRIV: + log_facility = LOG_AUTHPRIV; + break; +#endif case SYSLOG_FACILITY_LOCAL0: log_facility = LOG_LOCAL0; break; @@ -299,6 +315,19 @@ log_init(const char *av0, LogLevel level, SyslogFacility facility, (int) facility); exit(1); } + + /* + * If an external library (eg libwrap) attempts to use syslog + * immediately after reexec, syslog may be pointing to the wrong + * facility, so we force an open/close of syslog here. + */ +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); + closelog_r(&sdata); +#else + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); + closelog(); +#endif } void @@ -352,13 +381,12 @@ do_log2(LogLevel level, const char *fmt,...) void do_log(LogLevel level, const char *fmt, va_list args) { -#ifdef SYSLOG_DATA_INIT +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) struct syslog_data sdata = SYSLOG_DATA_INIT; #endif - char msgbuf[MSGBUFSIZ], *msgbufp; - char visbuf[MSGBUFSIZ * 4 + 1]; - size_t len, len2; - const char *txt = NULL; + char msgbuf[MSGBUFSIZ]; + char fmtbuf[MSGBUFSIZ]; + char *txt = NULL; int pri = LOG_INFO; int saved_errno = errno; log_handler_fn *tmp_handler; @@ -400,37 +428,31 @@ do_log(LogLevel level, const char *fmt, va_list args) pri = LOG_ERR; break; } - len = sizeof(msgbuf); - msgbufp = msgbuf; if (txt != NULL && log_handler == NULL) { - len2 = strlen(txt); - if (len2 > len - 2) - len2 = len - 2; - memcpy(msgbufp, txt, len2); - msgbufp += len2; - *msgbufp++ = ':'; - *msgbufp++ = ' '; - len -= len2 + 2; + snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); + vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); + } else { + vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); } - vsnprintf(msgbufp, len, fmt, args); - strnvis(visbuf, sizeof(visbuf), msgbuf, VIS_SAFE|VIS_OCTAL); + strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), + log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); if (log_handler != NULL) { /* Avoid recursion */ tmp_handler = log_handler; log_handler = NULL; - tmp_handler(level, visbuf, log_handler_ctx); + tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; } else if (log_on_stderr) { - snprintf(msgbuf, sizeof msgbuf, "%s\r\n", visbuf); + snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); } else { -#ifdef SYSLOG_DATA_INIT +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); - syslog_r(pri, &sdata, "%.500s", visbuf); + syslog_r(pri, &sdata, "%.500s", fmtbuf); closelog_r(&sdata); #else openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); - syslog(pri, "%.500s", visbuf); + syslog(pri, "%.500s", fmtbuf); closelog(); #endif } diff --git a/crypto/external/bsd/openssh/dist/log.h b/crypto/external/bsd/openssh/dist/log.h index 484f39e6e..ae7df25d3 100644 --- a/crypto/external/bsd/openssh/dist/log.h +++ b/crypto/external/bsd/openssh/dist/log.h @@ -1,4 +1,3 @@ -/* $NetBSD: log.h,v 1.9 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ /* @@ -21,6 +20,9 @@ typedef enum { SYSLOG_FACILITY_DAEMON, SYSLOG_FACILITY_USER, SYSLOG_FACILITY_AUTH, +#ifdef LOG_AUTHPRIV + SYSLOG_FACILITY_AUTHPRIV, +#endif SYSLOG_FACILITY_LOCAL0, SYSLOG_FACILITY_LOCAL1, SYSLOG_FACILITY_LOCAL2, @@ -46,7 +48,7 @@ typedef enum { typedef void (log_handler_fn)(LogLevel, const char *, void *); -void log_init(const char *, LogLevel, SyslogFacility, int); +void log_init(char *, LogLevel, SyslogFacility, int); void log_change_level(LogLevel); int log_is_on_stderr(void); void log_redirect_stderr_to(const char *); @@ -71,7 +73,6 @@ void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); void set_log_handler(log_handler_fn *, void *); void do_log2(LogLevel, const char *, ...) __attribute__((format(printf, 2, 3))); -void do_log(LogLevel, const char *, va_list) - __attribute__((format(printf, 2, 0))); +void do_log(LogLevel, const char *, va_list); void cleanup_exit(int) __attribute__((noreturn)); #endif diff --git a/crypto/external/bsd/openssh/dist/mac.c b/crypto/external/bsd/openssh/dist/mac.c index b48505474..f63fbff09 100644 --- a/crypto/external/bsd/openssh/dist/mac.c +++ b/crypto/external/bsd/openssh/dist/mac.c @@ -1,4 +1,3 @@ -/* $NetBSD: mac.c,v 1.11 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: mac.c,v 1.32 2015/01/15 18:32:54 naddy Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,12 +24,11 @@ */ #include "includes.h" -__RCSID("$NetBSD: mac.c,v 1.11 2015/04/03 23:58:19 christos Exp $"); + #include #include #include -#include #include "digest.h" #include "hmac.h" @@ -40,12 +38,14 @@ __RCSID("$NetBSD: mac.c,v 1.11 2015/04/03 23:58:19 christos Exp $"); #include "ssherr.h" #include "sshbuf.h" +#include "openbsd-compat/openssl-compat.h" + #define SSH_DIGEST 1 /* SSH_DIGEST_XXX */ #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ #define SSH_UMAC128 3 struct macalg { - const char *name; + char *name; int type; int alg; int truncatebits; /* truncate digest if != 0 */ @@ -58,8 +58,10 @@ static const struct macalg macs[] = { /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, +#ifdef HAVE_EVP_SHA256 { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, +#endif { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 }, { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, @@ -70,8 +72,10 @@ static const struct macalg macs[] = { /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, { "hmac-sha1-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 }, +#ifdef HAVE_EVP_SHA256 { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, +#endif { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, diff --git a/crypto/external/bsd/openssh/dist/mac.h b/crypto/external/bsd/openssh/dist/mac.h index 1b5cdcdd5..e5f6b84d9 100644 --- a/crypto/external/bsd/openssh/dist/mac.h +++ b/crypto/external/bsd/openssh/dist/mac.h @@ -1,4 +1,3 @@ -/* $NetBSD: mac.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: mac.h,v 1.9 2015/01/13 19:31:40 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/match.c b/crypto/external/bsd/openssh/dist/match.c index c0b0ae285..913b6bae0 100644 --- a/crypto/external/bsd/openssh/dist/match.c +++ b/crypto/external/bsd/openssh/dist/match.c @@ -1,4 +1,3 @@ -/* $NetBSD: match.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: match.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); + #include #include diff --git a/crypto/external/bsd/openssh/dist/match.h b/crypto/external/bsd/openssh/dist/match.h index 7e301743f..db97ca8f7 100644 --- a/crypto/external/bsd/openssh/dist/match.h +++ b/crypto/external/bsd/openssh/dist/match.h @@ -1,4 +1,3 @@ -/* $NetBSD: match.h,v 1.6 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/md-sha256.c b/crypto/external/bsd/openssh/dist/md-sha256.c index b527c2ea3..8c1b3b92d 100644 --- a/crypto/external/bsd/openssh/dist/md-sha256.c +++ b/crypto/external/bsd/openssh/dist/md-sha256.c @@ -1,4 +1,3 @@ -/* $NetBSD: md-sha256.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2005 Damien Miller @@ -17,15 +16,23 @@ */ /* EVP wrapper for SHA256 */ + #include "includes.h" -__RCSID("$NetBSD: md-sha256.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include +#include -#include +#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) -#include #include +#include +#ifdef HAVE_SHA256_UPDATE +# ifdef HAVE_SHA2_H +# include +# elif defined(HAVE_CRYPTO_SHA2_H) +# include +# endif +#endif const EVP_MD *evp_ssh_sha256(void); @@ -37,7 +44,7 @@ ssh_sha256_init(EVP_MD_CTX *ctxt) } static int -ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, size_t len) +ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len) { SHA256_Update(ctxt->md_data, data, len); return (1); @@ -74,3 +81,6 @@ evp_ssh_sha256(void) return (&ssh_sha256); } + +#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */ + diff --git a/crypto/external/bsd/openssh/dist/misc.c b/crypto/external/bsd/openssh/dist/misc.c index 4ecc09462..ddd2b2db4 100644 --- a/crypto/external/bsd/openssh/dist/misc.c +++ b/crypto/external/bsd/openssh/dist/misc.c @@ -1,4 +1,3 @@ -/* $NetBSD: misc.c,v 1.11 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,15 +25,22 @@ */ #include "includes.h" -__RCSID("$NetBSD: misc.c,v 1.11 2015/07/03 01:00:00 christos Exp $"); + #include #include #include #include -#include -#include +#include +#include +#include +#include +#include +#include +#include + #include +#include #include #include @@ -42,14 +48,13 @@ __RCSID("$NetBSD: misc.c,v 1.11 2015/07/03 01:00:00 christos Exp $"); #include #include #include -#include +#ifdef HAVE_PATHS_H +# include #include -#include -#include -#include -#include -#include -#include +#endif +#ifdef SSH_TUN_OPENBSD +#include +#endif #include "xmalloc.h" #include "misc.h" @@ -203,12 +208,20 @@ pwcopy(struct passwd *pw) copy->pw_name = xstrdup(pw->pw_name); copy->pw_passwd = xstrdup(pw->pw_passwd); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS copy->pw_gecos = xstrdup(pw->pw_gecos); +#endif copy->pw_uid = pw->pw_uid; copy->pw_gid = pw->pw_gid; +#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE copy->pw_expire = pw->pw_expire; +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE copy->pw_change = pw->pw_change; +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS copy->pw_class = xstrdup(pw->pw_class); +#endif copy->pw_dir = xstrdup(pw->pw_dir); copy->pw_shell = xstrdup(pw->pw_shell); return copy; @@ -439,7 +452,7 @@ colon(char *cp) /* function to assist building execv() arguments */ void -addargs(arglist *args, const char *fmt, ...) +addargs(arglist *args, char *fmt, ...) { va_list ap; char *cp; @@ -466,7 +479,7 @@ addargs(arglist *args, const char *fmt, ...) } void -replacearg(arglist *args, u_int which, const char *fmt, ...) +replacearg(arglist *args, u_int which, char *fmt, ...) { va_list ap; char *cp; @@ -507,7 +520,7 @@ char * tilde_expand_filename(const char *filename, uid_t uid) { const char *path, *sep; - char user[128], *ret, *homedir; + char user[128], *ret; struct passwd *pw; u_int len, slash; @@ -524,17 +537,12 @@ tilde_expand_filename(const char *filename, uid_t uid) user[slash] = '\0'; if ((pw = getpwnam(user)) == NULL) fatal("tilde_expand_filename: No such user %s", user); - homedir = pw->pw_dir; - } else { - if ((pw = getpwuid(uid)) == NULL) /* ~/path */ - fatal("tilde_expand_filename: No such uid %ld", - (long)uid); - homedir = pw->pw_dir; - } + } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ + fatal("tilde_expand_filename: No such uid %ld", (long)uid); /* Make sure directory has a trailing '/' */ - len = strlen(homedir); - if (len == 0 || homedir[len - 1] != '/') + len = strlen(pw->pw_dir); + if (len == 0 || pw->pw_dir[len - 1] != '/') sep = "/"; else sep = ""; @@ -543,7 +551,7 @@ tilde_expand_filename(const char *filename, uid_t uid) if (path != NULL) filename = path + 1; - if (xasprintf(&ret, "%s%s%s", homedir, sep, filename) >= PATH_MAX) + if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) fatal("tilde_expand_filename: Path too long"); return (ret); @@ -639,20 +647,21 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, int tun_open(int tun, int mode) { +#if defined(CUSTOM_SYS_TUN_OPEN) + return (sys_tun_open(tun, mode)); +#elif defined(SSH_TUN_OPENBSD) struct ifreq ifr; - int fd = -1, sock, flag; - const char *tunbase = mode == SSH_TUNMODE_ETHERNET ? "tap" : "tun"; + char name[100]; + int fd = -1, sock; /* Open the tunnel device */ if (tun <= SSH_TUNID_MAX) { - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), - "/dev/%s%d", tunbase, tun); - fd = open(ifr.ifr_name, O_RDWR); + snprintf(name, sizeof(name), "/dev/tun%d", tun); + fd = open(name, O_RDWR); } else if (tun == SSH_TUNID_ANY) { for (tun = 100; tun >= 0; tun--) { - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), - "/dev/%s%d", tunbase, tun); - if ((fd = open(ifr.ifr_name, O_RDWR)) >= 0) + snprintf(name, sizeof(name), "/dev/tun%d", tun); + if ((fd = open(name, O_RDWR)) >= 0) break; } } else { @@ -661,32 +670,20 @@ tun_open(int tun, int mode) } if (fd < 0) { - debug("%s: %s open failed: %s", __func__, ifr.ifr_name, - strerror(errno)); + debug("%s: %s open failed: %s", __func__, name, strerror(errno)); return (-1); } + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); - /* Turn on tunnel headers */ - flag = 1; - if (mode != SSH_TUNMODE_ETHERNET && - ioctl(fd, TUNSIFHEAD, &flag) == -1) { - debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, - strerror(errno)); - close(fd); - return -1; - } - - debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); /* Set the tunnel device operation mode */ - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) goto failed; if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) goto failed; -#if 0 /* Set interface mode */ ifr.ifr_flags &= ~IFF_UP; if (mode == SSH_TUNMODE_ETHERNET) @@ -695,7 +692,6 @@ tun_open(int tun, int mode) ifr.ifr_flags &= ~IFF_LINK0; if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) goto failed; -#endif /* Bring interface up */ ifr.ifr_flags |= IFF_UP; @@ -710,9 +706,13 @@ tun_open(int tun, int mode) close(fd); if (sock >= 0) close(sock); - debug("%s: failed to set %s mode %d: %s", __func__, ifr.ifr_name, + debug("%s: failed to set %s mode %d: %s", __func__, name, mode, strerror(errno)); return (-1); +#else + error("Tunnel interfaces are not supported on this platform"); + return (-1); +#endif } void @@ -883,12 +883,26 @@ ms_to_timeval(struct timeval *tv, int ms) time_t monotime(void) { +#if defined(HAVE_CLOCK_GETTIME) && \ + (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) struct timespec ts; + static int gettime_failed = 0; - if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) - fatal("clock_gettime: %s", strerror(errno)); + if (!gettime_failed) { +#if defined(CLOCK_BOOTTIME) + if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) + return (ts.tv_sec); +#endif +#if defined(CLOCK_MONOTONIC) + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + return (ts.tv_sec); +#endif + debug3("clock_gettime: %s", strerror(errno)); + gettime_failed = 1; + } +#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ - return (ts.tv_sec); + return time(NULL); } void @@ -1089,3 +1103,15 @@ unix_listener(const char *path, int backlog, int unlink_first) } return sock; } + +void +sock_set_v6only(int s) +{ +#ifdef IPV6_V6ONLY + int on = 1; + + debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); + if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) + error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); +#endif +} diff --git a/crypto/external/bsd/openssh/dist/misc.h b/crypto/external/bsd/openssh/dist/misc.h index 8826cd3c7..374c33ce1 100644 --- a/crypto/external/bsd/openssh/dist/misc.h +++ b/crypto/external/bsd/openssh/dist/misc.h @@ -1,4 +1,3 @@ -/* $NetBSD: misc.h,v 1.9 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: misc.h,v 1.54 2014/07/15 15:54:14 millert Exp $ */ /* @@ -50,22 +49,16 @@ char *cleanhostname(char *); char *colon(char *); long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); -char *percent_expand(const char *, ...) -#if __GNUC_PREREQ__(4, 0) - __attribute__((__sentinel__)) -#endif - ; +char *percent_expand(const char *, ...) __attribute__((__sentinel__)); char *tohex(const void *, size_t); void sanitise_stdfd(void); -struct timeval; void ms_subtract_diff(struct timeval *, int *); void ms_to_timeval(struct timeval *, int); time_t monotime(void); void lowercase(char *s); int unix_listener(const char *, int, int); -int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t, - u_int8_t *, size_t, unsigned int); +void sock_set_v6only(int); struct passwd *pwcopy(struct passwd *); const char *ssh_gai_strerror(int); @@ -76,9 +69,9 @@ struct arglist { u_int num; u_int nalloc; }; -void addargs(arglist *, const char *, ...) +void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); -void replacearg(arglist *, u_int, const char *, ...) +void replacearg(arglist *, u_int, char *, ...) __attribute__((format(printf, 3, 4))); void freeargs(arglist *); diff --git a/crypto/external/bsd/openssh/dist/moduli b/crypto/external/bsd/openssh/dist/moduli index 1c71a0768..426a58f4f 100644 --- a/crypto/external/bsd/openssh/dist/moduli +++ b/crypto/external/bsd/openssh/dist/moduli @@ -1,187 +1,268 @@ -# $NetBSD: moduli,v 1.4 2015/04/03 23:58:19 christos Exp $ -# $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $ - +# $OpenBSD: moduli,v 1.14 2015/07/22 02:34:59 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB -20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7 -20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97 -20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7 -20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B -20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3 -20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3 -20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB -20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383 -20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F -20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B -20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F -20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B -20031210005548 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB235892F3 -20031210005700 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB236C3F03 -20031210005841 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB238BC713 -20031210010040 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23B466C3 -20031210010119 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23BB1F8B -20031210010313 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E03DDB -20031210010335 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E130AB -20031210010422 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23EA20A3 -20031210010500 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23F1807B -20031210010628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2409DC07 -20031210010759 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2425487F -20031210010906 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24397A3F -20031210010945 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2440ABF7 -20031210011017 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2445C00B -20031210011059 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB244E4EBF -20031210011158 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB245E056B -20031210011340 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24808F43 -20031210011408 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24834C0B -20031210011517 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2495148B -20031210011632 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24A89B27 -20031210014802 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D3B9DD3 -20031210015017 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D463D83 -20031210015524 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D68288B -20031210015701 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D6C64C3 -20031210020258 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D94316B -20031210022106 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E1F8453 -20031210022738 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E4BDAC7 -20031210022948 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E5541E7 -20031210023056 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E56464B -20031210023414 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E695C8B -20031210024039 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E939ABF -20031210024457 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EAE295B -20031210024630 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EB2BDFB -20031210025118 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772ED059DB -20031210025540 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EECB4D3 -20031210025956 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F043973 -20031210030256 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F134903 -20031210030415 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F15B5EB -20031210030717 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F25BF3B -20031210030826 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F2670D7 -20031210031055 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F31E5F3 -20031210031311 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F3BFE2B -20031210032243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F83082B -20031210032437 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F898187 -20031210032703 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F95718B -20031210032953 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA3F5CB -20031210033059 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA48FEB -20031210033247 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FAA6267 -20031210033633 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FC1BE7B -20031210034313 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF18FA7 -20031210034507 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF84977 -20031210035121 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730233FBF -20031210035813 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773054E8F3 -20031210035955 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730597847 -20031210040259 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77306A1B57 -20031210040704 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308258FB -20031210040913 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308A63F7 -20031210042047 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DEEF8F -20031210042156 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DFE787 -20031210042511 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730F1D3CB -20031210042907 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773107039B -20031210043815 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731492E37 -20031210045243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731AB1953 -20031210054833 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C0B0F8B -20031210055609 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C1CF773 -20031210065401 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1CDD973F -20031210071146 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D11D9FB -20031210071754 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D1ED47B -20031210072552 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D32CE4F -20031210073644 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D4EC983 -20031210074309 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D5D4F07 -20031210075517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D7DE133 -20031210081718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1DC395C3 -20031210084322 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E1A5567 -20031210085218 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E3127AB -20031210090542 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E586AD7 -20031210093920 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1EC6C9D3 -20031210100616 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F19C713 -20031210103627 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F7B82B3 -20031210104559 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F95C2EF -20031210104836 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F969EAF -20031210110201 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FBEA0DF -20031210111610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE4C70B -20031210111837 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE50DBB -20031210112215 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE964FF -20031210124102 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F20F33023 -20031210125610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21208AFB -20031210130630 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F213CBA8B -20031210132517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21754843 -20031210132855 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2179D39B -20031210140211 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21E6E73B -20031210141340 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22068817 -20031210143133 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F223D6017 -20031210143812 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F224A70F3 -20031210150410 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22A24CFB -20031210153131 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22FAA253 -20031210153718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F23071C7B -20031210154203 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F230FFC0B -20031210161808 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2383B65B -20031210185714 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061924F36F3 -20031210204537 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C04AB3 -20031210205604 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C3734B -20031210210523 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C58A0B -20031210233701 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193680D03 -20031211013125 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193E1DD73 -20031211052015 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306194DA94E3 -20031211064439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619531A017 -20031211074935 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195731BAB -20031211081053 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195830BAB -20031211123240 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306196A4C097 -20031211160831 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061978B740B -20031211195847 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619889E1B3 -20031211201456 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619892ED83 -20031211221441 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619910A74B -20031211223303 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061991D35CB -20031211235558 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199712CCB -20031212005818 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199AE96DB -20031212033251 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619A50DDD3 -20031212053332 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619AB31B57 -20031212084926 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619B8949F7 -20031212130319 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619C84A1A3 -20031212192346 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E1B24BB -20031212210042 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E7F37FB -20031213002102 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619F59BABB -20031213061439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A0D9208F -20031213071620 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A115D66F -20031213072644 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1186097 -20031213090613 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A17DACC7 -20031213110037 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1F577E7 -20031213113226 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2113AC3 -20031213120232 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A22A232B -20031213121926 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A23443D3 -20031213130353 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A25D51E7 -20031213143149 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2B63CBB -20031213153322 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2F05FC7 -20031213180906 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A39439A3 -20031213183520 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3A7705F -20031213192228 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3D2DEA7 -20031213125532 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8050C3B -20031213125653 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8EB2F2B -20031213125813 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAB66F4B -20031213125934 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAFE508B -20031213130055 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EB96812B -20031213130217 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBB738CB -20031213130337 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBDB337F -20031213130458 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECA8B62B -20031213130619 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECBCE443 -20031213130740 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED1637DB -20031213130901 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED3EA08F -20031213131021 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EDC96C6B -20031213131142 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EEB92FCF -20031213131303 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F2D2CCF3 -20031213131424 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F6C89BBB -20031213131545 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F7962EDB -20031213131706 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F85A4767 -20031213131827 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F8A196C7 -20031213131947 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F94500EF -20031213132108 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FAF467BF -20031213132229 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB5A7803 -20031213132350 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB7D5467 -20031213132511 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FC4A16D7 -20031213132632 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FEEDC36F -20031213132752 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FFA077EF -20031213132913 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400725B7B -20031213133034 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400728FFB -20031213133155 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924011CFA13 -20031213133316 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240165703F -20031213133436 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240166BA7B -20031213133557 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924018E41B7 -20031213133718 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992402C07A93 +20150522025931 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD18DA1F +20150522025936 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD3763B3 +20150522025942 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD702B8B +20150522025943 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD77C283 +20150522025947 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD96C25B +20150522025953 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADD9B3DB +20150522025956 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADE84F07 +20150522025957 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADEC1DB3 +20150522030001 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE0E297F +20150522030004 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE2A1E23 +20150522030005 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE2ADE53 +20150522030008 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE47B9F7 +20150522030009 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE4E1343 +20150522030014 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE715CBB +20150522030016 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE7BC9EF +20150522030018 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE84579B +20150522030019 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE8A564B +20150522030023 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAEAF7AD7 +20150522030025 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAEB9DC53 +20150522030027 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAECD976F +20150522030034 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF07F063 +20150522030034 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF08ACBB +20150522030037 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF192C07 +20150522030039 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF241333 +20150522030040 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF255B3B +20150522030044 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF3DEC37 +20150522030048 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF60F05B +20150522030049 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF6255DF +20150522030055 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF8EE01F +20150522030059 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFAD237B +20150522030104 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFD13587 +20150522030105 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFD2BE6F +20150522030108 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFECF32F +20150522030112 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFFDEED7 +20150522030115 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB01CAA63 +20150522030116 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB01F3647 +20150522030119 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB034B30F +20150522030122 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB04822EF +20150522030124 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0528867 +20150522030131 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB08D3CAB +20150522030136 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0B10C6F +20150522030138 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0C688A7 +20150522030140 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0CCDF9B +20150522030141 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0CFD81B +20150522030145 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0F59763 +20150522030148 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB10339FB +20150522030149 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB10E3ACB +20150522030150 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB11127F3 +20150522030159 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB15B8BDB +20150522030634 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8ADB54257 +20150522030715 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AE6EF847 +20150522030737 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AEC5D76B +20150522030739 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECB604F +20150522030742 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECF538B +20150522030756 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF04851B +20150522030828 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF867683 +20150522030905 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B01F7E27 +20150522030909 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B02AFB8F +20150522030918 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B048739F +20150522030930 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B07661CB +20150522030938 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B091EC43 +20150522030955 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B0D50D0F +20150522031007 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1023673 +20150522031015 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B119500F +20150522031036 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B177EE9F +20150522031056 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1D0030B +20150522031103 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1ECC193 +20150522031125 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B24C9CF7 +20150522031136 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2774773 +20150522031208 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2FC9617 +20150522031220 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B32FE6CF +20150522031228 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B345AC93 +20150522031248 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B392E18F +20150522031256 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3B32FCF +20150522031300 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3BF5B2B +20150522031311 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3E840CB +20150522031316 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3F5F9D7 +20150522031334 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B439F28B +20150522031337 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B44025D3 +20150522031339 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B442AC0B +20150522031353 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4788613 +20150522031356 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B47F8FDB +20150522031401 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B48EAEFB +20150522031407 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4A1CE0B +20150522031420 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4D73D93 +20150522031425 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4E9937F +20150522031428 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4EFD4BF +20150522031436 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B507149B +20150522031452 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B54A3243 +20150522032348 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98368C951B +20150522033023 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9838C4B4F7 +20150522033224 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9839729F67 +20150522033330 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9839CF938B +20150522033506 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983A5AA27B +20150522033539 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983A849987 +20150522033610 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983AAC8A5F +20150522033839 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983B7F9067 +20150522033952 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983BE385D7 +20150522034001 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983BEA4367 +20150522034055 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C305BC3 +20150522034123 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C516EB3 +20150522034146 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C6D1017 +20150522034241 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983CB6A553 +20150522034528 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983DA8F54F +20150522034544 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983DB92AEB +20150522034719 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983E32A87B +20150522034748 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983E589F5B +20150522035227 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983FE4EA2B +20150522035328 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9840340683 +20150522035522 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9840D77183 +20150522035721 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98417632BF +20150522035808 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9841B795AB +20150522035847 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9841E9F357 +20150522040046 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842863803 +20150522040057 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98428F98CF +20150522040128 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842B68EA3 +20150522040136 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842BA209B +20150522040232 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984303E883 +20150522040546 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9844117EF3 +20150522040607 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9844276407 +20150522040733 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984499981B +20150522040850 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984502ECCF +20150522041059 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9845BB3AD7 +20150522041141 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9845F34747 +20150522041538 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98473F522B +20150522041645 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98479B35EB +20150522043157 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379177A90103 +20150522044043 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379178F7604B +20150522044434 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917986809B +20150522044641 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379179D34D9F +20150522045152 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917A93F48B +20150522045648 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917B4FEA03 +20150522051224 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917DA8111B +20150522051844 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917E9226DB +20150522052054 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917EDC16FB +20150522052204 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917F0058A7 +20150522052248 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917F16842F +20150522052650 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917FA2234F +20150522052821 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917FD2EA1B +20150522054416 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791823EE827 +20150522054652 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182978693 +20150522054912 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182E6E57B +20150522054941 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182F0448B +20150522055008 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182FA0E27 +20150522060835 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379185801F93 +20150522062202 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379187943813 +20150522062512 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791880945B7 +20150522063933 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918A32FF83 +20150522064222 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918A910AB3 +20150522064452 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918AE83E73 +20150522065035 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918BBA1623 +20150522065634 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918C920633 +20150522070134 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D471AAB +20150522070306 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D7B1063 +20150522070332 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D838D0B +20150522070807 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918E2B8B67 +20150522071420 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F0C3653 +20150522071508 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F1EFFFB +20150522071555 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F35E697 +20150522071903 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918FA47DEB +20150522074443 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37919363872B +20150522075339 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379194BA4383 +20150522080128 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379195DB3C5F +20150522080506 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791965094C7 +20150522083733 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C514C4F88F +20150522093608 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C517A26827 +20150522094040 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C517D03757 +20150522095314 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C518686A8B +20150522101845 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C519A641F3 +20150522103233 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51A4A87B7 +20150522111208 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51C3A7B9B +20150522120305 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51EB16CF7 +20150522122813 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51FE5C353 +20150522132032 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5226F04CB +20150522141054 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C524EBC207 +20150522153656 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C529553A9F +20150522154114 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5298632F7 +20150522154826 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C529DCC5D7 +20150522163842 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52C78C8C3 +20150522165625 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52D5A1C27 +20150522172408 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52EBD88E3 +20150522173745 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52F69630B +20150522184340 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5327AFF1B +20150522190348 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5336CDC63 +20150522200705 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5366C1207 +20150522201200 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5369D0A6B +20150522202855 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5375B287F +20150522204401 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5380EDB4B +20150522205115 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5385D084B +20150522210056 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C538CEBB3B +20150522212110 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C539B27FE3 +20150522215602 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53B4E825B +20150522222840 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53CD37713 +20150522224719 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53DAAAE07 +20150523005800 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C543D2802B +20150523110456 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C549CAF02F +20150523111755 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C54A5BCB0B +20150523135850 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C551C0E2B7 +20150523140345 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C551F4D6B3 +20150523153045 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5561141EB +20150523170349 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C55A59DCDF +20150523191201 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB470CDA3203 +20150523215157 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4711A72AAB +20150523231527 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47141BE273 +20150523235422 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47153C4A8F +20150524010823 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47174C4663 +20150524013736 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471810100B +20150524040115 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471BEA9823 +20150524051719 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471DEF42C3 +20150524055417 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471EE81B27 +20150524104925 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4726B43323 +20150524105636 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4726DBBBDF +20150524130121 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472A1294AB +20150524163025 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472FBAE453 +20150524163715 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472FE1144B +20150524173410 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47315B458F +20150524181655 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473268D4BB +20150524223625 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473917D17B +20150525001303 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473B95BAC3 +20150525011252 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473D16F0B3 +20150525020522 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473E60DDB7 +20150525061910 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4744D20B9F +20150525092924 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47499CAF77 +20150525124039 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB474E6A2CEB +20150525132602 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB474F854D7B +20150525170642 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4755495933 +20150525201019 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4759D07FB7 +20150525223942 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475D6E1C07 +20150525230547 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475E0B3487 +20150525234905 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475F115D93 +20150526002510 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475FE94D13 +20150526014857 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4761E82A83 +20150526045853 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47667CBC4F +20150605090211 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB476DA5F0B7 +20150605145212 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4776229827 +20150605174343 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB477A770453 +20150605182015 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB477B32F0B3 +20150526114135 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95C238093 +20150526114600 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95C32EEF7 +20150526134901 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95F067BA3 +20150526153127 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE96179B9CB +20150526164245 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE96332D5AF +20150526174513 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9649A719B +20150527035812 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE97262B7F7 +20150527075726 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE977B43343 +20150527112120 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE97C1F6EA7 +20150528010450 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE98E4FBCCB +20150528020450 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE98F884B93 +20150528024708 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE990692277 +20150605205801 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE994DC793F +20150606012116 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE99A681C6B +20150606055158 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A0264EE7 +20150606071549 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A1DB0223 +20150606132241 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A644DC6B +20150606164856 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9AAAAEE73 +20150606183208 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9ACEEACDB +20150607015742 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9B6ADF38F +20150607022317 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9B733A2AB +20150607051100 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9BAB79D47 +20150607064815 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9BCBC8A17 +20150607120629 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C355FA5B +20150607121012 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C3600A83 +20150607123508 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C3DCB093 +20150607144400 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C680E5AB +20150607145646 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C6BC5BC3 +20150607201140 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9CD3C4A03 diff --git a/crypto/external/bsd/openssh/dist/moduli.5 b/crypto/external/bsd/openssh/dist/moduli.5 index 1c97c8bd9..ef0de0850 100644 --- a/crypto/external/bsd/openssh/dist/moduli.5 +++ b/crypto/external/bsd/openssh/dist/moduli.5 @@ -1,166 +1,127 @@ -.\" $NetBSD: moduli.5,v 1.3 2015/04/03 23:58:19 christos Exp $ -.\" $OpenBSD: moduli.5,v 1.7 2003/03/06 20:48:35 jmc Exp $ +.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ .\" -.\" Copyright 1997, 2000 William Allen Simpson -.\" All rights reserved. +.\" Copyright (c) 2008 Damien Miller .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software designed by William Allen Simpson. -.\" 4. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" Manual page, using -mandoc macros -.\" -.Dd February 7, 2005 +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: September 26 2012 $ .Dt MODULI 5 .Os .Sh NAME .Nm moduli -.Nd system moduli file +.Nd Diffie-Hellman moduli .Sh DESCRIPTION The .Pa /etc/moduli -file contains the system-wide Diffie-Hellman prime moduli for +file contains prime numbers and generators for use by +.Xr sshd 8 +in the Diffie-Hellman Group Exchange key exchange method. +.Pp +New moduli may be generated with +.Xr ssh-keygen 1 +using a two-step process. +An initial +.Em candidate generation +pass, using +.Ic ssh-keygen -G , +calculates numbers that are likely to be useful. +A second +.Em primality testing +pass, using +.Ic ssh-keygen -T , +provides a high degree of assurance that the numbers are prime and are +safe for use in Diffie-Hellman operations by .Xr sshd 8 . -.Pp -Each line in this file contains the following fields: -Time, Type, Tests, Tries, Size, Generator, Modulus. -The fields are separated by white space (tab or blank). -.Pp -.Fa Time : yyyymmddhhmmss . -Specifies the system time that the line was appended to the file. -The value 00000000000000 means unknown (historic). -.\"The file is sorted in ascending order. -.Pp -.Fa Type : decimal . -Specifies the internal structure of the prime modulus. -.Pp -.Bl -tag -width indent -offset indent -compact -.It 0 : -unknown; -often learned from peer during protocol operation, -and saved for later analysis. -.It 1 : -unstructured; -a common large number. -.It 2 : -safe (p = 2q + 1); -meets basic structural requirements. -.It 3 : -Schnorr. -.It 4 : -Sophie-Germaine (q = (p-1)/2); -usually generated in the process of testing safe or strong primes. -.It 5 : -strong; -useful for RSA public key generation. -.El -.Pp -.Fa Tests : decimal (bit field) . -Specifies the methods used in checking for primality. -Usually, more than one test is used. -.Pp -.Bl -tag -width indent -offset indent -compact -.It 0 : -not tested; -often learned from peer during protocol operation, -and saved for later analysis. -.It 1 : -composite; -failed one or more tests. -In this case, the highest bit specifies the test that failed. -.It 2 : -sieve; -checked for division by a range of smaller primes. -.It 4 : -Miller-Rabin. -.It 8 : -Jacobi. -.It 16 : -Elliptic Curve. -.El -.Pp -.Fa Tries : decimal . -Depends on the value of the highest valid Test bit, -where the method specified is: -.Pp -.Bl -tag -width indent -offset indent -compact -.It 0 : -not tested -(always zero). -.It 1 : -composite -(irrelevant). -.It 2 : -sieve; -number of primes sieved. -Commonly on the order of 32,000,000. -.It 4 : -Miller-Rabin; -number of M-R iterations. -Commonly on the order of 32 to 64. -.It 8 : -Jacobi; -unknown -(always zero). -.It 16 : -Elliptic Curve; -unused -(always zero). -.El -.Pp -.Fa Size : decimal . -Specifies the number of the most significant bit (0 to M). -.Pp -.Fa Generator : hex string . -Specifies the best generator for a Diffie-Hellman exchange. -0 = unknown or variable, -2, 3, 5, etc. -.Pp -.Fa Modulus : hex string . -The prime modulus. -.Pp -The file should be searched for moduli that meet the appropriate -Time, Size and Generator criteria. -When more than one meet the criteria, -the selection should be weighted toward newer moduli, -without completely disqualifying older moduli. -.Pp -Note that -.Xr sshd 8 -uses only the Size criteria and then selects a modulus at random -if more than one meet the Size criteria. -.Sh FILES -.Bl -tag -width /etc/moduli -compact -.It Pa /etc/moduli -.El -.Sh SEE ALSO -.Xr qsieve 1 , -.Xr sshd 8 -.Sh HISTORY -The +This .Nm -file appeared in -.Ox 2.8 -and -.Nx 1.6 . +format is used as the output from each pass. +.Pp +The file consists of newline-separated records, one per modulus, +containing seven space-separated fields. +These fields are as follows: +.Bl -tag -width Description -offset indent +.It timestamp +The time that the modulus was last processed as YYYYMMDDHHMMSS. +.It type +Decimal number specifying the internal structure of the prime modulus. +Supported types are: +.Pp +.Bl -tag -width 0x00 -compact +.It 0 +Unknown, not tested. +.It 2 +"Safe" prime; (p-1)/2 is also prime. +.It 4 +Sophie Germain; 2p+1 is also prime. +.El +.Pp +Moduli candidates initially produced by +.Xr ssh-keygen 1 +are Sophie Germain primes (type 4). +Further primality testing with +.Xr ssh-keygen 1 +produces safe prime moduli (type 2) that are ready for use in +.Xr sshd 8 . +Other types are not used by OpenSSH. +.It tests +Decimal number indicating the type of primality tests that the number +has been subjected to represented as a bitmask of the following values: +.Pp +.Bl -tag -width 0x00 -compact +.It 0x00 +Not tested. +.It 0x01 +Composite number \(en not prime. +.It 0x02 +Sieve of Eratosthenes. +.It 0x04 +Probabilistic Miller-Rabin primality tests. +.El +.Pp +The +.Xr ssh-keygen 1 +moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). +Subsequent +.Xr ssh-keygen 1 +primality tests are Miller-Rabin tests (flag 0x04). +.It trials +Decimal number indicating the number of primality trials +that have been performed on the modulus. +.It size +Decimal number indicating the size of the prime in bits. +.It generator +The recommended generator for use with this modulus (hexadecimal). +.It modulus +The modulus itself in hexadecimal. +.El +.Pp +When performing Diffie-Hellman Group Exchange, +.Xr sshd 8 +first estimates the size of the modulus required to produce enough +Diffie-Hellman output to sufficiently key the selected symmetric cipher. +.Xr sshd 8 +then randomly selects a modulus from +.Fa /etc/moduli +that best meets the size requirement. +.Sh SEE ALSO +.Xr ssh-keygen 1 , +.Xr sshd 8 +.Sh STANDARDS +.Rs +.%A M. Friedl +.%A N. Provos +.%A W. Simpson +.%D March 2006 +.%R RFC 4419 +.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol +.%D 2006 +.Re diff --git a/crypto/external/bsd/openssh/dist/moduli.c b/crypto/external/bsd/openssh/dist/moduli.c index 2a5ad1fbb..ed1bdc946 100644 --- a/crypto/external/bsd/openssh/dist/moduli.c +++ b/crypto/external/bsd/openssh/dist/moduli.c @@ -1,4 +1,3 @@ -/* $NetBSD: moduli.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: moduli.c,v 1.30 2015/01/20 23:14:00 deraadt Exp $ */ /* * Copyright 1994 Phil Karn @@ -37,8 +36,10 @@ * First step: generate candidate primes (memory intensive) * Second step: test primes' safety (processor intensive) */ + #include "includes.h" -__RCSID("$NetBSD: moduli.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL #include /* MAX */ #include @@ -60,6 +61,8 @@ __RCSID("$NetBSD: moduli.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); #include "log.h" #include "misc.h" +#include "openbsd-compat/openssl-compat.h" + /* * File output defines */ @@ -802,3 +805,5 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, return (res); } + +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/monitor.c b/crypto/external/bsd/openssh/dist/monitor.c index 2a825bcbd..a91420983 100644 --- a/crypto/external/bsd/openssh/dist/monitor.c +++ b/crypto/external/bsd/openssh/dist/monitor.c @@ -1,4 +1,3 @@ -/* $NetBSD: monitor.c,v 1.16 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,33 +26,44 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); -#include -#include -#include -#include -#include -#ifdef WITH_OPENSSL -#include -#endif +#include +#include +#include "openbsd-compat/sys-tree.h" +#include #include #include +#ifdef HAVE_PATHS_H #include -#include +#endif #include #include -#include +#ifdef HAVE_STDINT_H #include -#include +#endif #include #include +#include +#include +#include +#ifdef HAVE_POLL_H +#include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif #ifdef SKEY #include #endif +#ifdef WITH_OPENSSL +#include +#endif + +#include "openbsd-compat/sys-queue.h" #include "atomicio.h" #include "xmalloc.h" #include "ssh.h" @@ -64,7 +74,13 @@ __RCSID("$NetBSD: monitor.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); #include "cipher.h" #include "kex.h" #include "dh.h" -#include +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC +#include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "packet.h" #include "auth-options.h" #include "sshpty.h" @@ -136,13 +152,6 @@ int mm_answer_pam_respond(int, Buffer *); int mm_answer_pam_free_ctx(int, Buffer *); #endif -#ifdef KRB4 -int mm_answer_krb4(int, Buffer *); -#endif -#ifdef KRB5 -int mm_answer_krb5(int, Buffer *); -#endif - #ifdef GSSAPI int mm_answer_gss_setup_ctx(int, Buffer *); int mm_answer_gss_accept_ctx(int, Buffer *); @@ -150,6 +159,11 @@ int mm_answer_gss_userok(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *); #endif +#ifdef SSH_AUDIT_EVENTS +int mm_answer_audit_event(int, Buffer *); +int mm_answer_audit_command(int, Buffer *); +#endif + static int monitor_read_log(struct monitor *); static Authctxt *authctxt; @@ -164,8 +178,8 @@ static u_int key_bloblen = 0; static int key_blobtype = MM_NOKEY; static char *hostbased_cuser = NULL; static char *hostbased_chost = NULL; -static const char *auth_method = "unknown"; -static const char *auth_submethod = NULL; +static char *auth_method = "unknown"; +static char *auth_submethod = NULL; static u_int session_id2_len = 0; static u_char *session_id2 = NULL; static pid_t monitor_child_pid; @@ -202,6 +216,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, +#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, @@ -212,12 +229,6 @@ struct mon_table mon_dispatch_proto20[] = { #endif {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, -#ifdef KRB4 - {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, -#endif -#ifdef KRB5 - {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, -#endif #ifdef GSSAPI {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, @@ -235,6 +246,10 @@ struct mon_table mon_dispatch_postauth20[] = { {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -264,13 +279,10 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif -#ifdef KRB4 - {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, -#endif -#ifdef KRB5 - {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, -#endif +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, #endif +#endif /* WITH_SSH1 */ {0, 0, NULL} }; @@ -279,7 +291,11 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, #endif +#endif /* WITH_SSH1 */ {0, 0, NULL} }; @@ -329,6 +345,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); + authctxt->loginmsg = &loginmsg; + if (compat20) { mon_dispatch = mon_dispatch_proto20; @@ -432,6 +450,9 @@ monitor_child_postauth(struct monitor *pmonitor) signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); signal(SIGINT, &monitor_child_handler); +#ifdef SIGXFSZ + signal(SIGXFSZ, SIG_IGN); +#endif if (compat20) { mon_dispatch = mon_dispatch_postauth20; @@ -673,8 +694,7 @@ mm_answer_sign(int sock, Buffer *m) u_char *p; u_char *signature; size_t datlen, siglen; - uint32_t keyid; - int r, is_proof = 0; + int r, keyid, is_proof = 0; const char proof_req[] = "hostkeys-prove-00@openssh.com"; debug3("%s", __func__); @@ -798,8 +818,12 @@ mm_answer_pwnamallow(int sock, Buffer *m) buffer_put_string(m, pwent, sizeof(struct passwd)); buffer_put_cstring(m, pwent->pw_name); buffer_put_cstring(m, "*"); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS buffer_put_cstring(m, pwent->pw_gecos); +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS buffer_put_cstring(m, pwent->pw_class); +#endif buffer_put_cstring(m, pwent->pw_dir); buffer_put_cstring(m, pwent->pw_shell); @@ -840,7 +864,6 @@ mm_answer_pwnamallow(int sock, Buffer *m) monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); } - #ifdef USE_PAM if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); @@ -982,7 +1005,7 @@ mm_answer_skeyquery(int sock, Buffer *m) char challenge[1024]; u_int success; - success = skeychallenge(&skey, authctxt->user, challenge, + success = _compat_skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) < 0 ? 0 : 1; buffer_clear(m); @@ -1078,8 +1101,8 @@ mm_answer_pam_init_ctx(int sock, Buffer *m) int mm_answer_pam_query(int sock, Buffer *m) { - char *name, *info, **prompts; - u_int i, num, *echo_on; + char *name = NULL, *info = NULL, **prompts = NULL; + u_int i, num = 0, *echo_on = 0; int ret; debug3("%s", __func__); @@ -1101,11 +1124,10 @@ mm_answer_pam_query(int sock, Buffer *m) free(prompts[i]); buffer_put_int(m, echo_on[i]); } - if (prompts != NULL) - free(prompts); - if (echo_on != NULL) - free(echo_on); - auth_method = "keyboard-interactive/pam"; + free(prompts); + free(echo_on); + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); return (0); } @@ -1121,7 +1143,7 @@ mm_answer_pam_respond(int sock, Buffer *m) sshpam_authok = NULL; num = buffer_get_int(m); if (num > 0) { - resp = xmalloc(num * sizeof(char *)); + resp = xcalloc(num, sizeof(char *)); for (i = 0; i < num; ++i) resp[i] = buffer_get_string(m, NULL); ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); @@ -1134,7 +1156,8 @@ mm_answer_pam_respond(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, ret); mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); - auth_method = "keyboard-interactive/pam"; + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; if (ret == 0) sshpam_authok = sshpam_ctxt; return (0); @@ -1150,7 +1173,8 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) sshpam_ctxt = sshpam_authok = NULL; buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); - auth_method = "keyboard-interactive/pam"; + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; return r; } #endif @@ -1228,9 +1252,6 @@ mm_answer_keyallowed(int sock, Buffer *m) break; } } - debug3("%s: key %p is %s", - __func__, key, allowed ? "allowed" : "not allowed"); - if (key != NULL) key_free(key); @@ -1252,6 +1273,9 @@ mm_answer_keyallowed(int sock, Buffer *m) free(chost); } + debug3("%s: key %p is %s", + __func__, key, allowed ? "allowed" : "not allowed"); + buffer_clear(m); buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL); @@ -1276,7 +1300,7 @@ monitor_valid_userblob(u_char *data, u_int datalen) buffer_append(&b, data, datalen); if (datafellows & SSH_OLD_SESSIONID) { - p = (char *)buffer_ptr(&b); + p = buffer_ptr(&b); len = buffer_len(&b); if ((session_id2 == NULL) || (len < session_id2_len) || @@ -1747,91 +1771,6 @@ mm_answer_rsa_response(int sock, Buffer *m) } #endif -#ifdef KRB4 -int -mm_answer_krb4(int socket, Buffer *m) -{ - KTEXT_ST auth, reply; - char *client, *p; - int success; - u_int alen; - - reply.length = auth.length = 0; - - p = buffer_get_string(m, &alen); - if (alen >= MAX_KTXT_LEN) - fatal("%s: auth too large", __func__); - memcpy(auth.dat, p, alen); - auth.length = alen; - memset(p, 0, alen); - free(p); - - success = options.kerberos_authentication && - authctxt->valid && - auth_krb4(authctxt, &auth, &client, &reply); - - memset(auth.dat, 0, alen); - buffer_clear(m); - buffer_put_int(m, success); - - if (success) { - buffer_put_cstring(m, client); - buffer_put_string(m, reply.dat, reply.length); - if (client) - free(client); - if (reply.length) - memset(reply.dat, 0, reply.length); - } - - debug3("%s: sending result %d", __func__, success); - mm_request_send(socket, MONITOR_ANS_KRB4, m); - - auth_method = "kerberos"; - - /* Causes monitor loop to terminate if authenticated */ - return (success); -} -#endif - -#ifdef KRB5 -int -mm_answer_krb5(int xsocket, Buffer *m) -{ - krb5_data tkt, reply; - char *client_user; - u_int len; - int success; - - /* use temporary var to avoid size issues on 64bit arch */ - tkt.data = buffer_get_string(m, &len); - tkt.length = len; - - success = options.kerberos_authentication && - authctxt->valid && - auth_krb5(authctxt, &tkt, &client_user, &reply); - - if (tkt.length) - free(tkt.data); - - buffer_clear(m); - buffer_put_int(m, success); - - if (success) { - buffer_put_cstring(m, client_user); - buffer_put_string(m, reply.data, reply.length); - if (client_user) - free(client_user); - if (reply.length) - free(reply.data); - } - mm_request_send(xsocket, MONITOR_ANS_KRB5, m); - - auth_method = "kerberos"; - - return success; -} -#endif - int mm_answer_term(int sock, Buffer *req) { @@ -1843,6 +1782,11 @@ mm_answer_term(int sock, Buffer *req) /* The child is terminating */ session_destroy_all(&mm_session_close); +#ifdef USE_PAM + if (options.use_pam) + sshpam_cleanup(); +#endif + while (waitpid(pmonitor->m_pid, &status, 0) == -1) if (errno != EINTR) exit(1); @@ -1853,6 +1797,48 @@ mm_answer_term(int sock, Buffer *req) exit(res); } +#ifdef SSH_AUDIT_EVENTS +/* Report that an audit event occurred */ +int +mm_answer_audit_event(int socket, Buffer *m) +{ + ssh_audit_event_t event; + + debug3("%s entering", __func__); + + event = buffer_get_int(m); + switch(event) { + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: + case SSH_CONNECTION_CLOSE: + case SSH_INVALID_USER: + audit_event(event); + break; + default: + fatal("Audit event type %d not permitted", event); + } + + return (0); +} + +int +mm_answer_audit_command(int socket, Buffer *m) +{ + u_int len; + char *cmd; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); + /* sanity check command, if so how? */ + audit_run_command(cmd); + free(cmd); + return (0); +} +#endif /* SSH_AUDIT_EVENTS */ + void monitor_apply_keystate(struct monitor *pmonitor) { @@ -1873,8 +1859,10 @@ monitor_apply_keystate(struct monitor *pmonitor) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_server; -#endif +# endif +#endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; diff --git a/crypto/external/bsd/openssh/dist/monitor.h b/crypto/external/bsd/openssh/dist/monitor.h index 204f5c2df..93b8b66dd 100644 --- a/crypto/external/bsd/openssh/dist/monitor.h +++ b/crypto/external/bsd/openssh/dist/monitor.h @@ -1,4 +1,3 @@ -/* $NetBSD: monitor.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */ /* @@ -57,11 +56,6 @@ enum monitor_reqtype { MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47, MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49, MONITOR_REQ_TERM = 50, - MONITOR_REQ_JPAKE_STEP1 = 52, MONITOR_ANS_JPAKE_STEP1 = 53, - MONITOR_REQ_JPAKE_GET_PWDATA = 54, MONITOR_ANS_JPAKE_GET_PWDATA = 55, - MONITOR_REQ_JPAKE_STEP2 = 56, MONITOR_ANS_JPAKE_STEP2 = 57, - MONITOR_REQ_JPAKE_KEY_CONFIRM = 58, MONITOR_ANS_JPAKE_KEY_CONFIRM = 59, - MONITOR_REQ_JPAKE_CHECK_CONFIRM = 60, MONITOR_ANS_JPAKE_CHECK_CONFIRM = 61, MONITOR_REQ_PAM_START = 100, MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103, @@ -71,9 +65,6 @@ enum monitor_reqtype { MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, - MONITOR_REQ_KRB4 = 200, MONITOR_ANS_KRB4 = 201, - MONITOR_REQ_KRB5 = 202, MONITOR_ANS_KRB5 = 203, - }; struct mm_master; @@ -94,7 +85,7 @@ void monitor_sync(struct monitor *); struct Authctxt; void monitor_child_preauth(struct Authctxt *, struct monitor *); -__dead void monitor_child_postauth(struct monitor *); +void monitor_child_postauth(struct monitor *); struct mon_table; int monitor_read(struct monitor*, struct mon_table *, struct mon_table **); diff --git a/crypto/external/bsd/openssh/dist/monitor_fdpass.c b/crypto/external/bsd/openssh/dist/monitor_fdpass.c index 38925ca6d..2ddd80732 100644 --- a/crypto/external/bsd/openssh/dist/monitor_fdpass.c +++ b/crypto/external/bsd/openssh/dist/monitor_fdpass.c @@ -1,4 +1,3 @@ -/* $NetBSD: monitor_fdpass.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: monitor_fdpass.c,v 1.20 2015/02/25 23:05:47 djm Exp $ */ /* * Copyright 2001 Niels Provos @@ -26,49 +25,60 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_fdpass.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include #include #include +#ifdef HAVE_SYS_UN_H +#include +#endif #include -#include #include #include +#ifdef HAVE_POLL_H +# include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif + #include "log.h" #include "monitor_fdpass.h" int mm_send_fd(int sock, int fd) { +#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) struct msghdr msg; +#ifndef HAVE_ACCRIGHTS_IN_MSGHDR union { struct cmsghdr hdr; - char buf[1024]; + char buf[CMSG_SPACE(sizeof(int))]; } cmsgbuf; struct cmsghdr *cmsg; +#endif struct iovec vec; char ch = '\0'; ssize_t n; struct pollfd pfd; - if (sizeof(cmsgbuf.buf) < CMSG_SPACE(sizeof(int))) { - error("%s: %zu < %zu, recompile", __func__, - sizeof(cmsgbuf.buf), CMSG_SPACE(sizeof(int))); - return -1; - } - memset(&msg, 0, sizeof(msg)); +#ifdef HAVE_ACCRIGHTS_IN_MSGHDR + msg.msg_accrights = (caddr_t)&fd; + msg.msg_accrightslen = sizeof(fd); +#else memset(&cmsgbuf, 0, sizeof(cmsgbuf)); - msg.msg_control = &cmsgbuf.buf; - msg.msg_controllen = CMSG_SPACE(sizeof(int)); + msg.msg_control = (caddr_t)&cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_RIGHTS; *(int *)CMSG_DATA(cmsg) = fd; - msg.msg_controllen = cmsg->cmsg_len; +#endif vec.iov_base = &ch; vec.iov_len = 1; @@ -94,37 +104,43 @@ mm_send_fd(int sock, int fd) return -1; } return 0; +#else + error("%s: file descriptor passing not supported", __func__); + return -1; +#endif } int mm_receive_fd(int sock) { +#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) struct msghdr msg; +#ifndef HAVE_ACCRIGHTS_IN_MSGHDR union { struct cmsghdr hdr; - char buf[1024]; + char buf[CMSG_SPACE(sizeof(int))]; } cmsgbuf; struct cmsghdr *cmsg; +#endif struct iovec vec; ssize_t n; char ch; int fd; struct pollfd pfd; - if (sizeof(cmsgbuf.buf) < CMSG_SPACE(sizeof(int))) { - error("%s: %zu < %zu, recompile", __func__, - sizeof(cmsgbuf.buf), CMSG_SPACE(sizeof(int))); - return -1; - } - memset(&msg, 0, sizeof(msg)); - memset(&cmsgbuf, 0, sizeof(cmsgbuf)); vec.iov_base = &ch; vec.iov_len = 1; msg.msg_iov = &vec; msg.msg_iovlen = 1; +#ifdef HAVE_ACCRIGHTS_IN_MSGHDR + msg.msg_accrights = (caddr_t)&fd; + msg.msg_accrightslen = sizeof(fd); +#else + memset(&cmsgbuf, 0, sizeof(cmsgbuf)); msg.msg_control = &cmsgbuf.buf; - msg.msg_controllen = CMSG_SPACE(sizeof(int)); + msg.msg_controllen = sizeof(cmsgbuf.buf); +#endif pfd.fd = sock; pfd.events = POLLIN; @@ -144,17 +160,30 @@ mm_receive_fd(int sock) return -1; } +#ifdef HAVE_ACCRIGHTS_IN_MSGHDR + if (msg.msg_accrightslen != sizeof(fd)) { + error("%s: no fd", __func__); + return -1; + } +#else cmsg = CMSG_FIRSTHDR(&msg); if (cmsg == NULL) { error("%s: no message header", __func__); return -1; } +#ifndef BROKEN_CMSG_TYPE if (cmsg->cmsg_type != SCM_RIGHTS) { error("%s: expected type %d got %d", __func__, SCM_RIGHTS, cmsg->cmsg_type); return -1; } +#endif fd = (*(int *)CMSG_DATA(cmsg)); +#endif return fd; +#else + error("%s: file descriptor passing not supported", __func__); + return -1; +#endif } diff --git a/crypto/external/bsd/openssh/dist/monitor_fdpass.h b/crypto/external/bsd/openssh/dist/monitor_fdpass.h index 10d7bc59d..a4b1f6358 100644 --- a/crypto/external/bsd/openssh/dist/monitor_fdpass.h +++ b/crypto/external/bsd/openssh/dist/monitor_fdpass.h @@ -1,4 +1,3 @@ -/* $NetBSD: monitor_fdpass.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: monitor_fdpass.h,v 1.4 2007/09/04 03:21:03 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/monitor_mm.c b/crypto/external/bsd/openssh/dist/monitor_mm.c index f2ade523b..aa47b2ed5 100644 --- a/crypto/external/bsd/openssh/dist/monitor_mm.c +++ b/crypto/external/bsd/openssh/dist/monitor_mm.c @@ -1,4 +1,3 @@ -/* $NetBSD: monitor_mm.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: monitor_mm.c,v 1.21 2015/02/06 23:21:59 millert Exp $ */ /* * Copyright 2002 Niels Provos @@ -26,15 +25,19 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_mm.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + #include +#ifdef HAVE_SYS_MMAN_H #include -#include +#endif +#include "openbsd-compat/sys-tree.h" #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include @@ -99,9 +102,8 @@ mm_create(struct mm_master *mmalloc, size_t size) */ mm->mmalloc = mmalloc; - address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, - -1, 0); - if (address == MAP_FAILED) + address = xmmap(size); + if (address == (void *)MAP_FAILED) fatal("mmap(%zu): %s", size, strerror(errno)); mm->address = address; @@ -140,9 +142,14 @@ mm_destroy(struct mm_master *mm) mm_freelist(mm->mmalloc, &mm->rb_free); mm_freelist(mm->mmalloc, &mm->rb_allocated); +#ifdef HAVE_MMAP if (munmap(mm->address, mm->size) == -1) fatal("munmap(%p, %zu): %s", mm->address, mm->size, strerror(errno)); +#else + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", + __func__); +#endif if (mm->mmalloc == NULL) free(mm); else diff --git a/crypto/external/bsd/openssh/dist/monitor_mm.h b/crypto/external/bsd/openssh/dist/monitor_mm.h index 21f47a05c..f1fae7e3b 100644 --- a/crypto/external/bsd/openssh/dist/monitor_mm.h +++ b/crypto/external/bsd/openssh/dist/monitor_mm.h @@ -1,4 +1,3 @@ -/* $NetBSD: monitor_mm.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/monitor_wrap.c b/crypto/external/bsd/openssh/dist/monitor_wrap.c index 7c9851a94..eac421ba1 100644 --- a/crypto/external/bsd/openssh/dist/monitor_wrap.c +++ b/crypto/external/bsd/openssh/dist/monitor_wrap.c @@ -1,4 +1,3 @@ -/* $NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,14 +26,14 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); + #include #include -#include #include #include #include +#include #include #include #include @@ -42,8 +41,10 @@ __RCSID("$NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); #ifdef WITH_OPENSSL #include #include +#include #endif +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #ifdef WITH_OPENSSL @@ -59,7 +60,13 @@ __RCSID("$NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); #include "packet.h" #include "mac.h" #include "log.h" -#include +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC +#include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "monitor.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -67,11 +74,6 @@ __RCSID("$NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); #include "monitor_wrap.h" #include "atomicio.h" #include "monitor_fdpass.h" -#ifdef USE_PAM -#include "misc.h" -#include "servconf.h" -#include -#endif #include "misc.h" #include "uuencode.h" @@ -264,8 +266,12 @@ mm_getpwnamallow(const char *username) fatal("%s: struct passwd size mismatch", __func__); pw->pw_name = buffer_get_string(&m, NULL); pw->pw_passwd = buffer_get_string(&m, NULL); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS pw->pw_gecos = buffer_get_string(&m, NULL); +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS pw->pw_class = buffer_get_string(&m, NULL); +#endif pw->pw_dir = buffer_get_string(&m, NULL); pw->pw_shell = buffer_get_string(&m, NULL); @@ -341,7 +347,7 @@ mm_inform_authserv(char *service, char *style) /* Do the password authentication */ int -mm_auth_password(Authctxt *authctxt, const char *password) +mm_auth_password(Authctxt *authctxt, char *password) { Buffer m; int authenticated = 0; @@ -608,7 +614,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt) debug3("%s", __func__); buffer_init(&m); - buffer_put_cstring(&m, authctxt->user); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); @@ -641,7 +646,7 @@ mm_sshpam_query(void *ctx, char **name, char **info, *info = buffer_get_string(&m, NULL); *num = buffer_get_int(&m); if (*num > PAM_MAX_NUM_MSG) - fatal("%s: received %u PAM messages, expected <= %u", + fatal("%s: recieved %u PAM messages, expected <= %u", __func__, *num, PAM_MAX_NUM_MSG); *prompts = xcalloc((*num + 1), sizeof(char *)); *echo_on = xcalloc((*num + 1), sizeof(u_int)); @@ -722,7 +727,6 @@ mm_ssh1_session_key(BIGNUM *num) } #endif -#if defined(BSD_AUTH) || defined(SKEY) static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) @@ -734,9 +738,7 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, *echo_on = xcalloc(*numprompts, sizeof(u_int)); (*echo_on)[0] = 0; } -#endif -#ifdef BSD_AUTH int mm_bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) @@ -793,7 +795,6 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) return ((authok == 0) ? -1 : 0); } -#endif #ifdef SKEY int @@ -970,6 +971,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) } #endif +#ifdef SSH_AUDIT_EVENTS +void +mm_audit_event(ssh_audit_event_t event) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, event); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); + buffer_free(&m); +} + +void +mm_audit_run_command(const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); +} +#endif /* SSH_AUDIT_EVENTS */ + #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) @@ -1056,73 +1087,3 @@ mm_ssh_gssapi_userok(char *user) } #endif /* GSSAPI */ -#ifdef KRB4 -int -mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) -{ - KTEXT auth, reply; - Buffer m; - u_int rlen; - int success = 0; - char *p; - - debug3("%s entering", __func__); - auth = _auth; - reply = _reply; - - buffer_init(&m); - buffer_put_string(&m, auth->dat, auth->length); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); - - success = buffer_get_int(&m); - if (success) { - *client = buffer_get_string(&m, NULL); - p = buffer_get_string(&m, &rlen); - if (rlen >= MAX_KTXT_LEN) - fatal("%s: reply from monitor too large", __func__); - reply->length = rlen; - memcpy(reply->dat, p, rlen); - memset(p, 0, rlen); - free(p); - } - buffer_free(&m); - return (success); -} -#endif - -#ifdef KRB5 -int -mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) -{ - krb5_data *tkt, *reply; - Buffer m; - int success; - - debug3("%s entering", __func__); - tkt = (krb5_data *) argp; - reply = (krb5_data *) resp; - - buffer_init(&m); - buffer_put_string(&m, tkt->data, tkt->length); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); - - success = buffer_get_int(&m); - if (success) { - u_int len; - - *userp = buffer_get_string(&m, NULL); - reply->data = buffer_get_string(&m, &len); - reply->length = len; - } else { - memset(reply, 0, sizeof(*reply)); - *userp = NULL; - } - - buffer_free(&m); - return (success); -} -#endif diff --git a/crypto/external/bsd/openssh/dist/monitor_wrap.h b/crypto/external/bsd/openssh/dist/monitor_wrap.h index fec03b48c..de4a08f99 100644 --- a/crypto/external/bsd/openssh/dist/monitor_wrap.h +++ b/crypto/external/bsd/openssh/dist/monitor_wrap.h @@ -1,4 +1,3 @@ -/* $NetBSD: monitor_wrap.h,v 1.9 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: monitor_wrap.h,v 1.27 2015/05/01 03:23:51 djm Exp $ */ /* @@ -45,7 +44,7 @@ int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); -int mm_auth_password(struct Authctxt *, const char *); +int mm_auth_password(struct Authctxt *, char *); int mm_key_allowed(enum mm_keytype, char *, char *, Key *, int); int mm_user_key_allowed(struct passwd *, Key *, int); int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); @@ -72,6 +71,12 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif +#ifdef SSH_AUDIT_EVENTS +#include "audit.h" +void mm_audit_event(ssh_audit_event_t); +void mm_audit_run_command(const char *); +#endif + struct Session; void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, size_t); @@ -97,16 +102,6 @@ int mm_bsdauth_respond(void *, u_int, char **); int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); int mm_skey_respond(void *, u_int, char **); -/* auth_krb */ -#ifdef KRB4 -int mm_auth_krb4(struct Authctxt *, void *, char **, void *); -#endif -#ifdef KRB5 -/* auth and reply are really krb5_data objects, but we don't want to - * include all of the krb5 headers here */ -int mm_auth_krb5(void *authctxt, void *auth, char **client, void *reply); -#endif - /* zlib allocation hooks */ void mm_init_compression(struct mm_master *); diff --git a/crypto/external/bsd/openssh/dist/msg.c b/crypto/external/bsd/openssh/dist/msg.c index abeb7660c..5a7b8ca91 100644 --- a/crypto/external/bsd/openssh/dist/msg.c +++ b/crypto/external/bsd/openssh/dist/msg.c @@ -1,4 +1,3 @@ -/* $NetBSD: msg.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: msg.c,v 1.16 2015/01/15 09:40:00 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: msg.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + #include #include @@ -34,7 +33,6 @@ __RCSID("$NetBSD: msg.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); #include #include #include -#include #include "sshbuf.h" #include "ssherr.h" @@ -57,7 +55,7 @@ ssh_msg_send(int fd, u_char type, struct sshbuf *m) error("ssh_msg_send: write"); return (-1); } - if (atomicio(vwrite, fd, __UNCONST(sshbuf_ptr(m)), mlen) != mlen) { + if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(m), mlen) != mlen) { error("ssh_msg_send: write"); return (-1); } diff --git a/crypto/external/bsd/openssh/dist/msg.h b/crypto/external/bsd/openssh/dist/msg.h index 2b556d262..dfb34247c 100644 --- a/crypto/external/bsd/openssh/dist/msg.h +++ b/crypto/external/bsd/openssh/dist/msg.h @@ -1,4 +1,3 @@ -/* $NetBSD: msg.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: msg.h,v 1.5 2015/01/15 09:40:00 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/mux.c b/crypto/external/bsd/openssh/dist/mux.c index 27833cb37..e6136fd28 100644 --- a/crypto/external/bsd/openssh/dist/mux.c +++ b/crypto/external/bsd/openssh/dist/mux.c @@ -1,4 +1,3 @@ -/* $NetBSD: mux.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller @@ -32,16 +31,14 @@ */ #include "includes.h" -__RCSID("$NetBSD: mux.c,v 1.13 2015/08/21 08:20:59 christos Exp $"); + #include -#include #include #include #include #include #include -#include #include #include #include @@ -49,10 +46,23 @@ __RCSID("$NetBSD: mux.c,v 1.13 2015/08/21 08:20:59 christos Exp $"); #include #include #include -#include +#ifdef HAVE_PATHS_H #include +#endif -#include "atomicio.h" +#ifdef HAVE_POLL_H +#include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif + +#ifdef HAVE_UTIL_H +# include +#endif + +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "log.h" #include "ssh.h" @@ -1434,6 +1444,9 @@ mux_client_read(int fd, Buffer *b, u_int need) len = read(fd, p + have, need - have); if (len < 0) { switch (errno) { +#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) + case EWOULDBLOCK: +#endif case EAGAIN: (void)poll(&pfd, 1, -1); /* FALLTHROUGH */ @@ -1478,6 +1491,9 @@ mux_client_write_packet(int fd, Buffer *m) len = write(fd, ptr + have, need - have); if (len < 0) { switch (errno) { +#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) + case EWOULDBLOCK: +#endif case EAGAIN: (void)poll(&pfd, 1, -1); /* FALLTHROUGH */ @@ -1925,7 +1941,7 @@ mux_client_request_session(int fd) leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); if (muxclient_terminate) { - debug2("Exiting on signal %ld", (long)muxclient_terminate); + debug2("Exiting on signal %d", muxclient_terminate); exitval = 255; } else if (!exitval_seen) { debug2("Control master terminated unexpectedly"); @@ -2085,6 +2101,7 @@ void muxclient(const char *path) { struct sockaddr_un addr; + socklen_t sun_len; int sock; u_int pid; @@ -2108,7 +2125,7 @@ muxclient(const char *path) memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; - addr.sun_len = offsetof(struct sockaddr_un, sun_path) + + sun_len = offsetof(struct sockaddr_un, sun_path) + strlen(path) + 1; if (strlcpy(addr.sun_path, path, @@ -2118,7 +2135,7 @@ muxclient(const char *path) if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); - if (connect(sock, (struct sockaddr *)&addr, addr.sun_len) == -1) { + if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) { switch (muxclient_command) { case SSHMUX_COMMAND_OPEN: case SSHMUX_COMMAND_STDIO_FWD: diff --git a/crypto/external/bsd/openssh/dist/myproposal.h b/crypto/external/bsd/openssh/dist/myproposal.h index 3b431d569..46e5b988d 100644 --- a/crypto/external/bsd/openssh/dist/myproposal.h +++ b/crypto/external/bsd/openssh/dist/myproposal.h @@ -1,4 +1,3 @@ -/* $NetBSD: myproposal.h,v 1.12 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */ /* @@ -25,45 +24,98 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef WITH_OPENSSL +#include -#define KEX_COMMON_KEX \ - "curve25519-sha256@libssh.org," \ +/* conditional algorithm support */ + +#ifdef OPENSSL_HAS_ECC +#ifdef OPENSSL_HAS_NISTP521 +# define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ - "ecdh-sha2-nistp521," \ - "diffie-hellman-group-exchange-sha256" + "ecdh-sha2-nistp521," +# define HOSTKEY_ECDSA_CERT_METHODS \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp521-cert-v01@openssh.com," +# define HOSTKEY_ECDSA_METHODS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," \ + "ecdsa-sha2-nistp521," +#else +# define KEX_ECDH_METHODS \ + "ecdh-sha2-nistp256," \ + "ecdh-sha2-nistp384," +# define HOSTKEY_ECDSA_CERT_METHODS \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," +# define HOSTKEY_ECDSA_METHODS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," +#endif +#else +# define KEX_ECDH_METHODS +# define HOSTKEY_ECDSA_CERT_METHODS +# define HOSTKEY_ECDSA_METHODS +#endif -#define KEX_SERVER_KEX KEX_COMMON_KEX "," \ - "diffie-hellman-group14-sha1" +#ifdef OPENSSL_HAVE_EVPGCM +# define AESGCM_CIPHER_MODES \ + ",aes128-gcm@openssh.com,aes256-gcm@openssh.com" +#else +# define AESGCM_CIPHER_MODES +#endif -#define KEX_CLIENT_KEX KEX_COMMON_KEX "," \ +#ifdef HAVE_EVP_SHA256 +# define KEX_SHA256_METHODS \ + "diffie-hellman-group-exchange-sha256," +#define SHA2_HMAC_MODES \ + "hmac-sha2-256," \ + "hmac-sha2-512," +#else +# define KEX_SHA256_METHODS +# define SHA2_HMAC_MODES +#endif + +#ifdef WITH_OPENSSL +# ifdef HAVE_EVP_SHA256 +# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," +# else +# define KEX_CURVE25519_METHODS "" +# endif +#define KEX_COMMON_KEX \ + KEX_CURVE25519_METHODS \ + KEX_ECDH_METHODS \ + KEX_SHA256_METHODS + +#define KEX_SERVER_KEX KEX_COMMON_KEX \ + "diffie-hellman-group14-sha1" \ + +#define KEX_CLIENT_KEX KEX_COMMON_KEX \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1" #define KEX_DEFAULT_PK_ALG \ - "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ - "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ - "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ + HOSTKEY_ECDSA_CERT_METHODS \ "ssh-ed25519-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ - "ecdsa-sha2-nistp256," \ - "ecdsa-sha2-nistp384," \ - "ecdsa-sha2-nistp521," \ + HOSTKEY_ECDSA_METHODS \ "ssh-ed25519," \ - "ssh-rsa" + "ssh-rsa" \ -#define KEX_SERVER_ENCRYPT \ +/* the actual algorithms */ + +#define KEX_SERVER_ENCRYPT \ "chacha20-poly1305@openssh.com," \ - "aes128-ctr,aes192-ctr,aes256-ctr," \ - "aes128-gcm@openssh.com,aes256-gcm@openssh.com" + "aes128-ctr,aes192-ctr,aes256-ctr" \ + AESGCM_CIPHER_MODES #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -#define KEX_SERVER_MAC \ +#define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ "umac-128-etm@openssh.com," \ "hmac-sha2-256-etm@openssh.com," \ @@ -114,19 +166,14 @@ #endif /* WITH_OPENSSL */ -#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \ - ",none" -#define KEX_SERVER_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT \ - ",none" - #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" #define KEX_CLIENT \ KEX_CLIENT_KEX, \ KEX_DEFAULT_PK_ALG, \ - KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \ - KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_ENCRYPT, \ KEX_CLIENT_MAC, \ KEX_CLIENT_MAC, \ KEX_DEFAULT_COMP, \ @@ -137,11 +184,12 @@ #define KEX_SERVER \ KEX_SERVER_KEX, \ KEX_DEFAULT_PK_ALG, \ - KEX_SERVER_ENCRYPT_INCLUDE_NONE, \ - KEX_SERVER_ENCRYPT_INCLUDE_NONE, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_ENCRYPT, \ KEX_SERVER_MAC, \ KEX_SERVER_MAC, \ KEX_DEFAULT_COMP, \ KEX_DEFAULT_COMP, \ KEX_DEFAULT_LANG, \ KEX_DEFAULT_LANG + diff --git a/crypto/external/bsd/openssh/dist/nchan.c b/crypto/external/bsd/openssh/dist/nchan.c index 5c4f3a85f..20f6a2f49 100644 --- a/crypto/external/bsd/openssh/dist/nchan.c +++ b/crypto/external/bsd/openssh/dist/nchan.c @@ -1,4 +1,3 @@ -/* $NetBSD: nchan.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: nchan.c,v 1.63 2010/01/26 01:28:35 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -25,15 +24,15 @@ */ #include "includes.h" -__RCSID("$NetBSD: nchan.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + #include #include -#include #include #include #include +#include "openbsd-compat/sys-queue.h" #include "ssh1.h" #include "ssh2.h" #include "buffer.h" @@ -85,8 +84,8 @@ static void chan_send_eow2(Channel *); static void chan_shutdown_write(Channel *); static void chan_shutdown_read(Channel *); -static const char *ostates[] = { "open", "drain", "wait_ieof", "closed" }; -static const char *istates[] = { "open", "drain", "wait_oclose", "closed" }; +static char *ostates[] = { "open", "drain", "wait_ieof", "closed" }; +static char *istates[] = { "open", "drain", "wait_oclose", "closed" }; static void chan_set_istate(Channel *c, u_int next) @@ -512,7 +511,13 @@ chan_shutdown_read(Channel *c) return; debug2("channel %d: close_read", c->self); if (c->sock != -1) { - if (shutdown(c->sock, SHUT_RD) < 0) + /* + * shutdown(sock, SHUT_READ) may return ENOTCONN if the + * write side has been closed already. (bug on Linux) + * HP-UX may return ENOTCONN also. + */ + if (shutdown(c->sock, SHUT_RD) < 0 + && errno != ENOTCONN) error("channel %d: chan_shutdown_read: " "shutdown() failed for fd %d [i%d o%d]: %.100s", c->self, c->sock, c->istate, c->ostate, diff --git a/crypto/external/bsd/openssh/dist/nchan.ms b/crypto/external/bsd/openssh/dist/nchan.ms index bd03c3e6f..57576017b 100644 --- a/crypto/external/bsd/openssh/dist/nchan.ms +++ b/crypto/external/bsd/openssh/dist/nchan.ms @@ -1,4 +1,3 @@ -.\" $NetBSD: nchan.ms,v 1.4 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $ .\" .\" diff --git a/crypto/external/bsd/openssh/dist/nchan2.ms b/crypto/external/bsd/openssh/dist/nchan2.ms index 3eeb3b810..700150450 100644 --- a/crypto/external/bsd/openssh/dist/nchan2.ms +++ b/crypto/external/bsd/openssh/dist/nchan2.ms @@ -1,4 +1,3 @@ -.\" $NetBSD: nchan2.ms,v 1.4 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: nchan2.ms,v 1.4 2008/05/15 23:52:24 djm Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/opacket.c b/crypto/external/bsd/openssh/dist/opacket.c index 397f07a25..b9160d59d 100644 --- a/crypto/external/bsd/openssh/dist/opacket.c +++ b/crypto/external/bsd/openssh/dist/opacket.c @@ -1,8 +1,6 @@ -/* $NetBSD: opacket.c,v 1.3 2015/07/03 01:00:00 christos Exp $ */ /* Written by Markus Friedl. Placed in the public domain. */ #include "includes.h" -__RCSID("$NetBSD: opacket.c,v 1.3 2015/07/03 01:00:00 christos Exp $"); #include "ssherr.h" #include "packet.h" @@ -97,6 +95,7 @@ ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value) fatal("%s: %s", __func__, ssh_err(r)); } +# ifdef OPENSSL_HAS_ECC void ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve, const EC_POINT *point) @@ -106,27 +105,18 @@ ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve, if ((r = sshpkt_put_ec(ssh, point, curve)) != 0) fatal("%s: %s", __func__, ssh_err(r)); } +# endif #endif /* WITH_OPENSSL */ -int +void ssh_packet_send(struct ssh *ssh) { int r; if ((r = sshpkt_send(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); - return r; } -int -ssh_packet_sendx(struct ssh *ssh) -{ - int r; - - if ((r = sshpkt_sendx(ssh)) < 0) - fatal("%s: %s", __func__, ssh_err(r)); - return r; -} u_int ssh_packet_get_char(struct ssh *ssh) { @@ -181,6 +171,7 @@ ssh_packet_get_bignum2(struct ssh *ssh, BIGNUM * value) fatal("%s: %s", __func__, ssh_err(r)); } +# ifdef OPENSSL_HAS_ECC void ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point) { @@ -189,6 +180,7 @@ ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point) if ((r = sshpkt_get_ec(ssh, point, curve)) != 0) fatal("%s: %s", __func__, ssh_err(r)); } +# endif #endif /* WITH_OPENSSL */ void * @@ -310,18 +302,17 @@ packet_write_wait(void) { int r; - if ((r = ssh_packet_write_wait(active_state)) < 0) + if ((r = ssh_packet_write_wait(active_state)) != 0) sshpkt_fatal(active_state, __func__, r); } -int +void packet_write_poll(void) { int r; - if ((r = ssh_packet_write_poll(active_state)) < 0) + if ((r = ssh_packet_write_poll(active_state)) != 0) sshpkt_fatal(active_state, __func__, r); - return r; } void @@ -332,3 +323,27 @@ packet_read_expect(int expected_type) if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0) sshpkt_fatal(active_state, __func__, r); } + +void +packet_disconnect(const char *fmt, ...) +{ + char buf[1024]; + va_list args; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + ssh_packet_disconnect(active_state, "%s", buf); +} + +void +packet_send_debug(const char *fmt, ...) +{ + char buf[1024]; + va_list args; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + ssh_packet_send_debug(active_state, "%s", buf); +} diff --git a/crypto/external/bsd/openssh/dist/opacket.h b/crypto/external/bsd/openssh/dist/opacket.h index 271dbf28e..a0a60e550 100644 --- a/crypto/external/bsd/openssh/dist/opacket.h +++ b/crypto/external/bsd/openssh/dist/opacket.h @@ -1,4 +1,3 @@ -/* $NetBSD: opacket.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */ #ifndef _OPACKET_H /* Written by Markus Friedl. Placed in the public domain. */ @@ -13,8 +12,7 @@ void ssh_packet_put_ecpoint(struct ssh *, const EC_GROUP *, const EC_POINT * void ssh_packet_put_string(struct ssh *, const void *buf, u_int len); void ssh_packet_put_cstring(struct ssh *, const char *str); void ssh_packet_put_raw(struct ssh *, const void *buf, u_int len); -int ssh_packet_send(struct ssh *); -int ssh_packet_sendx(struct ssh *); +void ssh_packet_send(struct ssh *); u_int ssh_packet_get_char(struct ssh *); u_int ssh_packet_get_int(struct ssh *); @@ -48,7 +46,7 @@ int packet_read_seqnr(u_int32_t *); int packet_read_poll_seqnr(u_int32_t *); void packet_process_incoming(const char *buf, u_int len); void packet_write_wait(void); -int packet_write_poll(void); +void packet_write_poll(void); void packet_read_expect(int expected_type); #define packet_set_timeout(timeout, count) \ ssh_packet_set_timeout(active_state, (timeout), (count)) @@ -88,8 +86,6 @@ void packet_read_expect(int expected_type); ssh_packet_put_bignum2(active_state, (value)) #define packet_send() \ ssh_packet_send(active_state) -#define packet_sendx() \ - ssh_packet_sendx(active_state) #define packet_read() \ ssh_packet_read(active_state) #define packet_get_int64() \ @@ -106,10 +102,11 @@ void packet_read_expect(int expected_type); ssh_packet_get_string_ptr(active_state, (length_ptr)) #define packet_get_cstring(length_ptr) \ ssh_packet_get_cstring(active_state, (length_ptr)) -#define packet_send_debug(fmt, args...) \ - ssh_packet_send_debug(active_state, (fmt), ##args) -#define packet_disconnect(fmt, args...) \ - ssh_packet_disconnect(active_state, (fmt), ##args) +void packet_send_debug(const char *, ...) + __attribute__((format(printf, 1, 2))); +void packet_disconnect(const char *, ...) + __attribute__((format(printf, 1, 2))) + __attribute__((noreturn)); #define packet_have_data_to_write() \ ssh_packet_have_data_to_write(active_state) #define packet_not_very_much_data_to_write() \ diff --git a/crypto/external/bsd/openssh/dist/packet.c b/crypto/external/bsd/openssh/dist/packet.c index 4d9c7cb9b..01d3e2970 100644 --- a/crypto/external/bsd/openssh/dist/packet.c +++ b/crypto/external/bsd/openssh/dist/packet.c @@ -1,4 +1,3 @@ -/* $NetBSD: packet.c,v 1.21 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -39,14 +38,18 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.21 2015/08/21 08:20:59 christos Exp $"); + #include /* MIN roundup */ #include -#include +#include "openbsd-compat/sys-queue.h" #include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif + #include #include +#include #include #include @@ -408,6 +411,11 @@ ssh_packet_connection_af(struct ssh *ssh) if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to, &tolen) < 0) return 0; +#ifdef IPV4_IN_IPV6 + if (to.ss_family == AF_INET6 && + IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr)) + return AF_INET; +#endif return to.ss_family; } @@ -1140,7 +1148,6 @@ ssh_packet_send2_wrapped(struct ssh *ssh) len, padlen, aadlen)); /* compute MAC over seqnr and packet(length fields, payload, padding) */ -debug("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1); if (mac && mac->enabled && !mac->etm) { if ((r = mac_compute(mac, state->p_send.seqnr, sshbuf_ptr(state->outgoing_packet), len, @@ -1190,10 +1197,7 @@ debug("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1); else r = 0; out: - if (r < 0) - return r; - else - return len - 4; + return r; } int @@ -1203,7 +1207,6 @@ ssh_packet_send2(struct ssh *ssh) struct packet *p; u_char type; int r; - int packet_length; type = sshbuf_ptr(state->outgoing_packet)[5]; @@ -1223,7 +1226,7 @@ ssh_packet_send2(struct ssh *ssh) state->outgoing_packet = sshbuf_new(); if (state->outgoing_packet == NULL) return SSH_ERR_ALLOC_FAIL; - return sshbuf_len(state->outgoing_packet); + return 0; } } @@ -1231,11 +1234,9 @@ ssh_packet_send2(struct ssh *ssh) if (type == SSH2_MSG_KEXINIT) state->rekeying = 1; - if ((r = ssh_packet_send2_wrapped(ssh)) < 0) + if ((r = ssh_packet_send2_wrapped(ssh)) != 0) return r; - packet_length = r; - /* after a NEWKEYS message we can send the complete queue */ if (type == SSH2_MSG_NEWKEYS) { state->rekeying = 0; @@ -1247,12 +1248,11 @@ ssh_packet_send2(struct ssh *ssh) state->outgoing_packet = p->payload; TAILQ_REMOVE(&state->outgoing, p, next); free(p); - if ((r = ssh_packet_send2_wrapped(ssh)) < 0) + if ((r = ssh_packet_send2_wrapped(ssh)) != 0) return r; - packet_length += r; } } - return packet_length; + return 0; } /* @@ -1265,7 +1265,7 @@ int ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; - int len, r, ms_remain = 0, cont; + int len, r, ms_remain, cont; fd_set *setp; char buf[8192]; struct timeval timeout, start, *timeoutp = NULL; @@ -1281,7 +1281,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) * Since we are blocking, ensure that all written packets have * been sent. */ - if ((r = ssh_packet_write_wait(ssh)) < 0) + if ((r = ssh_packet_write_wait(ssh)) != 0) goto out; /* Stay in the loop until we have received a complete packet. */ @@ -1321,7 +1321,8 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = select(state->connection_in + 1, setp, NULL, NULL, timeoutp)) >= 0) break; - if (errno != EAGAIN && errno != EINTR) + if (errno != EAGAIN && errno != EINTR && + errno != EWOULDBLOCK) break; if (state->packet_timeout_ms == -1) continue; @@ -1460,7 +1461,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) if (emsg != NULL) { error("%s", emsg); if ((r = sshpkt_disconnect(ssh, "%s", emsg)) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1495,7 +1496,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) error("%s: len %d != sshbuf_len %zd", __func__, len, sshbuf_len(state->incoming_packet)); if ((r = sshpkt_disconnect(ssh, "invalid packet length")) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1505,7 +1506,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) if (checksum != stored_checksum) { error("Corrupted check bytes on input"); if ((r = sshpkt_disconnect(ssh, "connection corrupted")) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1529,7 +1530,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) if (*typep < SSH_MSG_MIN || *typep > SSH_MSG_MAX) { error("Invalid ssh1 packet type: %d", *typep); if ((r = sshpkt_disconnect(ssh, "invalid packet type")) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) return r; return SSH_ERR_PROTOCOL_ERROR; } @@ -1702,7 +1703,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (padlen < 4) { if ((r = sshpkt_disconnect(ssh, "Corrupted padlen %d on input.", padlen)) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1735,7 +1736,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) { if ((r = sshpkt_disconnect(ssh, "Invalid ssh2 packet type: %d", *typep)) != 0 || - (r = ssh_packet_write_wait(ssh)) < 0) + (r = ssh_packet_write_wait(ssh)) != 0) return r; return SSH_ERR_PROTOCOL_ERROR; } @@ -1904,7 +1905,7 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) (r = sshpkt_send(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); } - if ((r = ssh_packet_write_wait(ssh)) < 0) + if ((r = ssh_packet_write_wait(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); } @@ -1986,7 +1987,7 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0) sshpkt_fatal(ssh, __func__, r); - if ((r = ssh_packet_write_wait(ssh)) < 0) + if ((r = ssh_packet_write_wait(ssh)) != 0) sshpkt_fatal(ssh, __func__, r); /* Close the connection. */ @@ -2010,16 +2011,17 @@ ssh_packet_write_poll(struct ssh *ssh) len = roaming_write(state->connection_out, sshbuf_ptr(state->output), len, &cont); if (len == -1) { - if (errno == EINTR || errno == EAGAIN) + if (errno == EINTR || errno == EAGAIN || + errno == EWOULDBLOCK) return 0; return SSH_ERR_SYSTEM_ERROR; } if (len == 0 && !cont) return SSH_ERR_CONN_CLOSED; - if ((r = sshbuf_consume(state->output, len)) < 0) + if ((r = sshbuf_consume(state->output, len)) != 0) return r; } - return len; + return 0; } /* @@ -2032,14 +2034,13 @@ ssh_packet_write_wait(struct ssh *ssh) fd_set *setp; int ret, r, ms_remain = 0; struct timeval start, timeout, *timeoutp = NULL; - u_int bytes_sent = 0; struct session_state *state = ssh->state; setp = calloc(howmany(state->connection_out + 1, NFDBITS), sizeof(fd_mask)); if (setp == NULL) return SSH_ERR_ALLOC_FAIL; - bytes_sent += ssh_packet_write_poll(ssh); + ssh_packet_write_poll(ssh); while (ssh_packet_have_data_to_write(ssh)) { memset(setp, 0, howmany(state->connection_out + 1, NFDBITS) * sizeof(fd_mask)); @@ -2057,7 +2058,8 @@ ssh_packet_write_wait(struct ssh *ssh) if ((ret = select(state->connection_out + 1, NULL, setp, NULL, timeoutp)) >= 0) break; - if (errno != EAGAIN && errno != EINTR) + if (errno != EAGAIN && errno != EINTR && + errno != EWOULDBLOCK) break; if (state->packet_timeout_ms == -1) continue; @@ -2071,14 +2073,13 @@ ssh_packet_write_wait(struct ssh *ssh) free(setp); return SSH_ERR_CONN_TIMEOUT; } - if ((r = ssh_packet_write_poll(ssh)) < 0) { + if ((r = ssh_packet_write_poll(ssh)) != 0) { free(setp); return r; } - bytes_sent += r; } free(setp); - return bytes_sent; + return 0; } /* Returns true if there is buffered data to write to the connection. */ @@ -2103,9 +2104,11 @@ ssh_packet_not_very_much_data_to_write(struct ssh *ssh) void ssh_packet_set_tos(struct ssh *ssh, int tos) { +#ifndef IP_TOS_IS_BROKEN if (!ssh_packet_connection_is_on_socket(ssh)) return; switch (ssh_packet_connection_af(ssh)) { +# ifdef IP_TOS case AF_INET: debug3("%s: set IP_TOS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, @@ -2113,6 +2116,8 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) error("setsockopt IP_TOS %d: %.100s:", tos, strerror(errno)); break; +# endif /* IP_TOS */ +# ifdef IPV6_TCLASS case AF_INET6: debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, @@ -2120,7 +2125,9 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) error("setsockopt IPV6_TCLASS %d: %.100s:", tos, strerror(errno)); break; +# endif /* IPV6_TCLASS */ } +#endif /* IP_TOS_IS_BROKEN */ } /* Informs that the current session is interactive. Sets IP flags for that. */ @@ -2221,13 +2228,6 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) } } -int rekey_requested = 0; -void -ssh_packet_request_rekeying(void) -{ - rekey_requested = 1; -} - #define MAX_PACKETS (1U<<31) int ssh_packet_need_rekeying(struct ssh *ssh) @@ -2236,11 +2236,6 @@ ssh_packet_need_rekeying(struct ssh *ssh) if (ssh->compat & SSH_BUG_NOREKEY) return 0; - if (rekey_requested == 1) - { - rekey_requested = 0; - return 1; - } return (state->p_send.packets > MAX_PACKETS) || (state->p_read.packets > MAX_PACKETS) || @@ -2762,11 +2757,13 @@ sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v) } #ifdef WITH_OPENSSL +#ifdef OPENSSL_HAS_ECC int sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g) { return sshbuf_put_ec(ssh->state->outgoing_packet, v, g); } +#endif /* OPENSSL_HAS_ECC */ #ifdef WITH_SSH1 int @@ -2828,11 +2825,13 @@ sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp) } #ifdef WITH_OPENSSL +#ifdef OPENSSL_HAS_ECC int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g) { return sshbuf_get_ec(ssh->state->incoming_packet, v, g); } +#endif /* OPENSSL_HAS_ECC */ #ifdef WITH_SSH1 int @@ -2884,7 +2883,7 @@ sshpkt_start(struct ssh *ssh, u_char type) /* send it */ int -sshpkt_sendx(struct ssh *ssh) +sshpkt_send(struct ssh *ssh) { if (compat20) return ssh_packet_send2(ssh); @@ -2892,13 +2891,6 @@ sshpkt_sendx(struct ssh *ssh) return ssh_packet_send1(ssh); } -int -sshpkt_send(struct ssh *ssh) -{ - int r = sshpkt_sendx(ssh); - return r < 0 ? r : 0; -} - int sshpkt_disconnect(struct ssh *ssh, const char *fmt,...) { @@ -2933,9 +2925,3 @@ sshpkt_add_padding(struct ssh *ssh, u_char pad) ssh->state->extra_pad = pad; return 0; } - -int -ssh_packet_authentication_state(void) -{ - return active_state->state->after_authentication; -} diff --git a/crypto/external/bsd/openssh/dist/packet.h b/crypto/external/bsd/openssh/dist/packet.h index 39f16880e..7b06544e8 100644 --- a/crypto/external/bsd/openssh/dist/packet.h +++ b/crypto/external/bsd/openssh/dist/packet.h @@ -1,4 +1,3 @@ -/* $NetBSD: packet.h,v 1.11 2015/04/11 21:14:31 joerg Exp $ */ /* $OpenBSD: packet.h,v 1.66 2015/01/30 01:13:33 djm Exp $ */ /* @@ -19,10 +18,24 @@ #include -#include -#include -#include -#include +#ifdef WITH_OPENSSL +# include +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define BIGNUM void +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + +#include +#include "openbsd-compat/sys-queue.h" struct kex; struct sshkey; @@ -85,8 +98,6 @@ void ssh_packet_set_authenticated(struct ssh *); int ssh_packet_send1(struct ssh *); int ssh_packet_send2_wrapped(struct ssh *); int ssh_packet_send2(struct ssh *); -int ssh_packet_authentication_state(void); -void ssh_packet_request_rekeying(void); int ssh_packet_read(struct ssh *); int ssh_packet_read_expect(struct ssh *, u_int type); @@ -147,11 +158,10 @@ void *ssh_packet_get_output(struct ssh *); /* new API */ int sshpkt_start(struct ssh *ssh, u_char type); int sshpkt_send(struct ssh *ssh); -int sshpkt_sendx(struct ssh *ssh); int sshpkt_disconnect(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3))); int sshpkt_add_padding(struct ssh *, u_char); -void sshpkt_fatal(struct ssh *ssh, const char *tag, int r) __dead; +void sshpkt_fatal(struct ssh *ssh, const char *tag, int r); int sshpkt_put(struct ssh *ssh, const void *v, size_t len); int sshpkt_putb(struct ssh *ssh, const struct sshbuf *b); @@ -182,4 +192,15 @@ const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); extern struct ssh *active_state; #include "opacket.h" +#if !defined(WITH_OPENSSL) +# undef BIGNUM +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#elif !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + #endif /* PACKET_H */ diff --git a/crypto/external/bsd/openssh/dist/pathnames.h b/crypto/external/bsd/openssh/dist/pathnames.h index 91da1a7b0..ec89fc666 100644 --- a/crypto/external/bsd/openssh/dist/pathnames.h +++ b/crypto/external/bsd/openssh/dist/pathnames.h @@ -1,4 +1,3 @@ -/* $NetBSD: pathnames.h,v 1.9 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */ /* @@ -14,8 +13,14 @@ */ #define ETCDIR "/etc" + +#ifndef SSHDIR #define SSHDIR ETCDIR "/ssh" +#endif + +#ifndef _PATH_SSH_PIDDIR #define _PATH_SSH_PIDDIR "/var/run" +#endif /* * System-wide file containing host keys of known hosts. This file should be @@ -34,13 +39,15 @@ #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" -#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" -#define _PATH_DH_MODULI ETCDIR "/moduli" +#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" +#define _PATH_DH_MODULI SSHDIR "/moduli" /* Backwards compatibility */ -#define _PATH_DH_PRIMES ETCDIR "/primes" +#define _PATH_DH_PRIMES SSHDIR "/primes" +#ifndef _PATH_SSH_PROGRAM #define _PATH_SSH_PROGRAM "/usr/bin/ssh" +#endif /* * The process id of the daemon listening for connections is saved here to @@ -107,48 +114,70 @@ * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. */ -#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" +#define _PATH_SSH_HOSTS_EQUIV SSHDIR "/shosts.equiv" #define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" -/* - * X11 base directory - */ -#ifndef X11BASE -#define X11BASE "/usr/X11R6" -#endif - /* * Default location of askpass */ -#define _PATH_SSH_ASKPASS_DEFAULT X11BASE "/bin/ssh-askpass" - -/* Location of ssh-keysign for hostbased authentication */ -#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" - -/* Location of ssh-pkcs11-helper to support keys in tokens */ -#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper" - -/* xauth for X11 forwarding */ -#define _PATH_XAUTH X11BASE "/bin/xauth" - -/* UNIX domain socket for X11 server; displaynum will replace %u */ -#define _PATH_UNIX_X "/tmp/.X11-unix/X%u" - -/* for scp */ -#define _PATH_CP "cp" - -/* for sftp */ -#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" -#define _PATH_LS "ls" - -/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ -#ifdef __OpenBSD__ -#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" -#else -#define _PATH_PRIVSEP_CHROOT_DIR "/var/chroot/sshd" +#ifndef _PATH_SSH_ASKPASS_DEFAULT +#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" #endif -#define _PATH_URANDOM "/dev/urandom" +/* Location of ssh-keysign for hostbased authentication */ +#ifndef _PATH_SSH_KEY_SIGN +#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" +#endif + +/* Location of ssh-pkcs11-helper to support keys in tokens */ +#ifndef _PATH_SSH_PKCS11_HELPER +#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper" +#endif + +/* xauth for X11 forwarding */ +#ifndef _PATH_XAUTH +#define _PATH_XAUTH "/usr/X11R6/bin/xauth" +#endif + +/* UNIX domain socket for X11 server; displaynum will replace %u */ +#ifndef _PATH_UNIX_X +#define _PATH_UNIX_X "/tmp/.X11-unix/X%u" +#endif + +/* for scp */ +#ifndef _PATH_CP +#define _PATH_CP "cp" +#endif + +/* for sftp */ +#ifndef _PATH_SFTP_SERVER +#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" +#endif + +/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ +#ifndef _PATH_PRIVSEP_CHROOT_DIR +#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" +#endif /* for passwd change */ -#define _PATH_PASSWD_PROG "/usr/bin/passwd" +#ifndef _PATH_PASSWD_PROG +#define _PATH_PASSWD_PROG "/usr/bin/passwd" +#endif + +#ifndef _PATH_LS +#define _PATH_LS "ls" +#endif + +/* path to login program */ +#ifndef LOGIN_PROGRAM +# ifdef LOGIN_PROGRAM_FALLBACK +# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK +# else +# define LOGIN_PROGRAM "/usr/bin/login" +# endif +#endif /* LOGIN_PROGRAM */ + +/* Askpass program define */ +#ifndef ASKPASS_PROGRAM +#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" +#endif /* ASKPASS_PROGRAM */ diff --git a/crypto/external/bsd/openssh/dist/pkcs11.h b/crypto/external/bsd/openssh/dist/pkcs11.h index d4532893d..b01d58f94 100644 --- a/crypto/external/bsd/openssh/dist/pkcs11.h +++ b/crypto/external/bsd/openssh/dist/pkcs11.h @@ -1,4 +1,3 @@ -/* $NetBSD: pkcs11.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: pkcs11.h,v 1.3 2013/11/26 19:15:09 deraadt Exp $ */ /* pkcs11.h Copyright 2006, 2007 g10 Code GmbH diff --git a/crypto/external/bsd/openssh/dist/poly1305.c b/crypto/external/bsd/openssh/dist/poly1305.c index 5c0be80de..6fd1fc8cd 100644 --- a/crypto/external/bsd/openssh/dist/poly1305.c +++ b/crypto/external/bsd/openssh/dist/poly1305.c @@ -4,11 +4,13 @@ */ /* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */ + #include "includes.h" -__RCSID("$NetBSD: poly1305.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include -#include +#ifdef HAVE_STDINT_H +# include +#endif #include "poly1305.h" diff --git a/crypto/external/bsd/openssh/dist/progressmeter.c b/crypto/external/bsd/openssh/dist/progressmeter.c index a79fb9eb6..319b7470a 100644 --- a/crypto/external/bsd/openssh/dist/progressmeter.c +++ b/crypto/external/bsd/openssh/dist/progressmeter.c @@ -1,4 +1,3 @@ -/* $NetBSD: progressmeter.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: progressmeter.c,v 1.41 2015/01/14 13:54:13 djm Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: progressmeter.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); + #include #include #include @@ -70,8 +69,6 @@ static const char *file; /* name of the file being transferred */ static off_t start_pos; /* initial position of transfer */ static off_t end_pos; /* ending position of transfer */ static off_t cur_pos; /* transfer position as of last refresh */ -static off_t last_pos; -static off_t max_delta_pos = 0; static volatile off_t *counter; /* progress counter */ static long stalled; /* how long we have been stalled */ static int bytes_per_second; /* current speed in bytes per second */ @@ -132,17 +129,12 @@ refresh_progress_meter(void) int hours, minutes, seconds; int i, len; int file_len; - off_t delta_pos; transferred = *counter - (cur_pos ? cur_pos : start_pos); cur_pos = *counter; now = monotime(); bytes_left = end_pos - cur_pos; - delta_pos = cur_pos - last_pos; - if (delta_pos > max_delta_pos) - max_delta_pos = delta_pos; - if (bytes_left > 0) elapsed = now - last_update; else { @@ -167,7 +159,7 @@ refresh_progress_meter(void) /* filename */ buf[0] = '\0'; - file_len = win_size - 45; + file_len = win_size - 35; if (file_len > 0) { len = snprintf(buf, file_len + 1, "\r%s", file); if (len < 0) @@ -184,7 +176,7 @@ refresh_progress_meter(void) percent = ((float)cur_pos / end_pos) * 100; else percent = 100; - snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, + snprintf(buf + strlen(buf), win_size - strlen(buf), " %3d%% ", percent); /* amount transferred */ @@ -197,15 +189,6 @@ refresh_progress_meter(void) (off_t)bytes_per_second); strlcat(buf, "/s ", win_size); - /* instantaneous rate */ - if (bytes_left > 0) - format_rate(buf + strlen(buf), win_size - strlen(buf), - delta_pos); - else - format_rate(buf + strlen(buf), win_size - strlen(buf), - max_delta_pos); - strlcat(buf, "/s ", win_size); - /* ETA */ if (!transferred) stalled += elapsed; @@ -242,7 +225,6 @@ refresh_progress_meter(void) atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); last_update = now; - last_pos = cur_pos; } /*ARGSUSED*/ @@ -298,7 +280,7 @@ stop_progress_meter(void) if (cur_pos != end_pos) refresh_progress_meter(); - atomicio(vwrite, STDOUT_FILENO, __UNCONST("\n"), 1); + atomicio(vwrite, STDOUT_FILENO, "\n", 1); } /*ARGSUSED*/ diff --git a/crypto/external/bsd/openssh/dist/progressmeter.h b/crypto/external/bsd/openssh/dist/progressmeter.h index 303819d89..bf179dca6 100644 --- a/crypto/external/bsd/openssh/dist/progressmeter.h +++ b/crypto/external/bsd/openssh/dist/progressmeter.h @@ -1,4 +1,3 @@ -/* $NetBSD: progressmeter.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ /* * Copyright (c) 2002 Nils Nordman. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/readconf.c b/crypto/external/bsd/openssh/dist/readconf.c index cb0d9963a..1d03bdf72 100644 --- a/crypto/external/bsd/openssh/dist/readconf.c +++ b/crypto/external/bsd/openssh/dist/readconf.c @@ -1,4 +1,3 @@ -/* $NetBSD: readconf.c,v 1.16 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: readconf.c,v 1.239 2015/07/30 00:01:34 djm Exp $ */ /* * Author: Tatu Ylonen @@ -14,7 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readconf.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); + #include #include #include @@ -22,21 +21,30 @@ __RCSID("$NetBSD: readconf.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); #include #include +#include #include +#include #include #include #include +#include #include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include #include +#include #include #include #include -#include +#ifdef HAVE_UTIL_H #include -#include +#endif +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) +# include +#endif #include "xmalloc.h" #include "ssh.h" @@ -50,7 +58,6 @@ __RCSID("$NetBSD: readconf.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); #include "match.h" #include "kex.h" #include "mac.h" -#include "fmt_scaled.h" #include "uidswap.h" #include "myproposal.h" #include "digest.h" @@ -127,15 +134,6 @@ typedef enum { oGatewayPorts, oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, -#if defined(KRB4) || defined(KRB5) - oKerberosAuthentication, -#endif -#if defined(AFS) || defined(KRB5) - oKerberosTgtPassing, -#endif -#ifdef AFS - oAFSTokenPassing, -#endif oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, @@ -160,9 +158,6 @@ typedef enum { oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, oPubkeyAcceptedKeyTypes, - oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled, - oHPNBufferSize, - oSendVersionFirst, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -192,17 +187,9 @@ static struct { { "challengeresponseauthentication", oChallengeResponseAuthentication }, { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ -#if defined(KRB4) || defined(KRB5) - { "kerberosauthentication", oKerberosAuthentication }, -#endif -#if defined(AFS) || defined(KRB5) - { "kerberostgtpassing", oKerberosTgtPassing }, - { "kerberos5tgtpassing", oKerberosTgtPassing }, /* alias */ - { "kerberos4tgtpassing", oKerberosTgtPassing }, /* alias */ -#endif -#ifdef AFS - { "afstokenpassing", oAFSTokenPassing }, -#endif + { "kerberosauthentication", oUnsupported }, + { "kerberostgtpassing", oUnsupported }, + { "afstokenpassing", oUnsupported }, #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, { "gssapidelegatecredentials", oGssDelegateCreds }, @@ -290,14 +277,8 @@ static struct { { "updatehostkeys", oUpdateHostkeys }, { "hostbasedkeytypes", oHostbasedKeyTypes }, { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, - { "noneenabled", oNoneEnabled }, - { "tcprcvbufpoll", oTcpRcvBufPoll }, - { "tcprcvbuf", oTcpRcvBuf }, - { "noneswitch", oNoneSwitch }, - { "hpndisabled", oHPNDisabled }, - { "hpnbuffersize", oHPNBufferSize }, - { "sendversionfirst", oSendVersionFirst }, { "ignoreunknown", oIgnoreUnknown }, + { NULL, oBadOption } }; @@ -310,11 +291,12 @@ void add_local_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; +#ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; - if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); +#endif options->local_forwards = xreallocarray(options->local_forwards, options->num_local_forwards + 1, sizeof(*options->local_forwards)); @@ -434,8 +416,7 @@ default_ssh_port(void) static int execute_in_shell(const char *cmd) { - const char *shell; - char *command_string; + char *shell, *command_string; pid_t pid; int devnull, status; extern uid_t original_real_uid; @@ -469,11 +450,10 @@ execute_in_shell(const char *cmd) fatal("dup2: %s", strerror(errno)); if (devnull > STDERR_FILENO) close(devnull); - if (closefrom(STDERR_FILENO + 1) == -1) - fatal("closefrom: %s", strerror(errno)); + closefrom(STDERR_FILENO + 1); - argv[0] = __UNCONST(shell); - argv[1] = __UNCONST("-c"); + argv[0] = shell; + argv[1] = "-c"; argv[2] = command_string; argv[3] = NULL; @@ -695,7 +675,7 @@ parse_token(const char *cp, const char *filename, int linenum, /* Multistate option parsing */ struct multistate { - const char *key; + char *key; int value; }; static const struct multistate multistate_flag[] = { @@ -910,27 +890,10 @@ parse_time: intptr = &options->challenge_response_authentication; goto parse_flag; -#if defined(KRB4) || defined(KRB5) - case oKerberosAuthentication: - intptr = &options->kerberos_authentication; - goto parse_flag; -#endif -#if defined(AFS) || defined(KRB5) - case oKerberosTgtPassing: - intptr = &options->kerberos_tgt_passing; - goto parse_flag; -#endif - case oGssAuthentication: intptr = &options->gss_authentication; goto parse_flag; -#ifdef AFS - case oAFSTokenPassing: - intptr = &options->afs_token_passing; - goto parse_flag; -#endif - case oGssDelegateCreds: intptr = &options->gss_deleg_creds; goto parse_flag; @@ -943,37 +906,6 @@ parse_time: intptr = &options->check_host_ip; goto parse_flag; - case oNoneEnabled: - intptr = &options->none_enabled; - goto parse_flag; - - /* we check to see if the command comes from the */ - /* command line or not. If it does then enable it */ - /* otherwise fail. NONE should never be a default configuration */ - case oNoneSwitch: - if(strcmp(filename,"command-line")==0) - { - intptr = &options->none_switch; - goto parse_flag; - } else { - error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename); - error("Continuing..."); - debug("NoneSwitch directive found in %.200s.", filename); - return 0; - } - - case oHPNDisabled: - intptr = &options->hpn_disabled; - goto parse_flag; - - case oHPNBufferSize: - intptr = &options->hpn_buffer_size; - goto parse_int; - - case oTcpRcvBufPoll: - intptr = &options->tcp_rcv_buf_poll; - goto parse_flag; - case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; multistate_ptr = multistate_yesnoask; @@ -1137,10 +1069,6 @@ parse_int: intptr = &options->connection_attempts; goto parse_int; - case oTcpRcvBuf: - intptr = &options->tcp_rcv_buf; - goto parse_int; - case oCipher: intptr = &options->cipher; arg = strdelim(&s); @@ -1313,7 +1241,6 @@ parse_keytypes: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - value = 0; /* To avoid compiler warning... */ if (strcmp(arg, "none") == 0) value = SSH_ESCAPECHAR_NONE; else if (arg[1] == '\0') @@ -1460,10 +1387,6 @@ parse_keytypes: multistate_ptr = multistate_requesttty; goto parse_multistate; - case oSendVersionFirst: - intptr = &options->send_version_first; - goto parse_flag; - case oIgnoreUnknown: charptr = &options->ignored_unknown; goto parse_string; @@ -1677,15 +1600,6 @@ initialize_options(Options * options) options->rsa_authentication = -1; options->pubkey_authentication = -1; options->challenge_response_authentication = -1; -#if defined(KRB4) || defined(KRB5) - options->kerberos_authentication = -1; -#endif -#if defined(AFS) || defined(KRB5) - options->kerberos_tgt_passing = -1; -#endif -#ifdef AFS - options->afs_token_passing = -1; -#endif options->gss_authentication = -1; options->gss_deleg_creds = -1; options->password_authentication = -1; @@ -1763,13 +1677,6 @@ initialize_options(Options * options) options->update_hostkeys = -1; options->hostbased_key_types = NULL; options->pubkey_key_types = NULL; - options->none_switch = -1; - options->none_enabled = -1; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; - options->tcp_rcv_buf_poll = -1; - options->tcp_rcv_buf = -1; - options->send_version_first = -1; } /* @@ -1805,7 +1712,7 @@ fill_default_options(Options * options) if (options->exit_on_forward_failure == -1) options->exit_on_forward_failure = 0; if (options->xauth_location == NULL) - options->xauth_location = __UNCONST(_PATH_XAUTH); + options->xauth_location = _PATH_XAUTH; if (options->fwd_opts.gateway_ports == -1) options->fwd_opts.gateway_ports = 0; if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) @@ -1820,18 +1727,6 @@ fill_default_options(Options * options) options->pubkey_authentication = 1; if (options->challenge_response_authentication == -1) options->challenge_response_authentication = 1; -#if defined(KRB4) || defined(KRB5) - if (options->kerberos_authentication == -1) - options->kerberos_authentication = 1; -#endif -#if defined(AFS) || defined(KRB5) - if (options->kerberos_tgt_passing == -1) - options->kerberos_tgt_passing = 1; -#endif -#ifdef AFS - if (options->afs_token_passing == -1) - options->afs_token_passing = 1; -#endif if (options->gss_authentication == -1) options->gss_authentication = 0; if (options->gss_deleg_creds == -1) @@ -1880,8 +1775,10 @@ fill_default_options(Options * options) _PATH_SSH_CLIENT_ID_RSA, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); +#ifdef OPENSSL_HAS_ECC add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); +#endif add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519, 0); } @@ -1920,29 +1817,6 @@ fill_default_options(Options * options) options->server_alive_interval = 0; if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; - if (options->none_switch == -1) - options->none_switch = 0; - if (options->hpn_disabled == -1) - options->hpn_disabled = 0; - if (options->hpn_buffer_size > -1) - { - /* if a user tries to set the size to 0 set it to 1KB */ - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1024; - /*limit the buffer to 64MB*/ - if (options->hpn_buffer_size > 65536) - { - options->hpn_buffer_size = 65536*1024; - debug("User requested buffer larger than 64MB. Request reverted to 64MB"); - } - debug("hpn_buffer_size set to %d", options->hpn_buffer_size); - } - if (options->tcp_rcv_buf == 0) - options->tcp_rcv_buf = 1; - if (options->tcp_rcv_buf > -1) - options->tcp_rcv_buf *=1024; - if (options->tcp_rcv_buf_poll == -1) - options->tcp_rcv_buf_poll = 1; if (options->control_master == -1) options->control_master = 0; if (options->control_persist == -1) { @@ -1990,8 +1864,6 @@ fill_default_options(Options * options) &options->pubkey_key_types) != 0) fatal("%s: kex_assemble_names failed", __func__); - if (options->send_version_first == -1) - options->send_version_first = 1; #define CLEAR_ON_NONE(v) \ do { \ if (option_clear_or_none(v)) { \ diff --git a/crypto/external/bsd/openssh/dist/readconf.h b/crypto/external/bsd/openssh/dist/readconf.h index d20778493..bb2d55283 100644 --- a/crypto/external/bsd/openssh/dist/readconf.h +++ b/crypto/external/bsd/openssh/dist/readconf.h @@ -1,4 +1,3 @@ -/* $NetBSD: readconf.h,v 1.13 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: readconf.h,v 1.110 2015/07/10 06:21:53 markus Exp $ */ /* @@ -44,15 +43,6 @@ typedef struct { int pubkey_authentication; /* Try ssh2 pubkey authentication. */ int hostbased_authentication; /* ssh2's rhosts_rsa */ int challenge_response_authentication; -#if defined(KRB4) || defined(KRB5) - int kerberos_authentication; /* Try Kerberos authentication. */ -#endif -#if defined(AFS) || defined(KRB5) - int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ -#endif -#ifdef AFS - int afs_token_passing; /* Try AFS token passing. */ -#endif /* Try S/Key or TIS, authentication. */ int gss_authentication; /* Try GSS authentication */ int gss_deleg_creds; /* Delegate GSS credentials */ @@ -69,11 +59,6 @@ typedef struct { int tcp_keep_alive; /* Set SO_KEEPALIVE. */ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - int tcp_rcv_buf; /* user switch to set tcp recv buffer */ - int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */ - int hpn_disabled; /* Switch to disable HPN buffer management */ - int hpn_buffer_size; /* User definable size for HPN buffer window */ - LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ @@ -122,8 +107,6 @@ typedef struct { int enable_ssh_keysign; int64_t rekey_limit; int rekey_interval; - int none_switch; /* Use none cipher */ - int none_enabled; /* Allow none to be used */ int no_host_authentication_for_localhost; int identities_only; int server_alive_interval; @@ -150,7 +133,6 @@ typedef struct { int use_roaming; int request_tty; - int send_version_first; int proxy_use_fdpass; diff --git a/crypto/external/bsd/openssh/dist/readpass.c b/crypto/external/bsd/openssh/dist/readpass.c index cd8eefd13..869d86425 100644 --- a/crypto/external/bsd/openssh/dist/readpass.c +++ b/crypto/external/bsd/openssh/dist/readpass.c @@ -1,4 +1,3 @@ -/* $NetBSD: readpass.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,14 +24,15 @@ */ #include "includes.h" -__RCSID("$NetBSD: readpass.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + #include #include #include #include -#include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include #include #include @@ -48,7 +48,7 @@ __RCSID("$NetBSD: readpass.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); #include "uidswap.h" static char * -ssh_askpass(const char *askpass, const char *msg) +ssh_askpass(char *askpass, const char *msg) { pid_t pid, ret; size_t len; @@ -118,8 +118,7 @@ ssh_askpass(const char *askpass, const char *msg) char * read_passphrase(const char *prompt, int flags) { - const char *askpass = NULL; - char *ret, buf[1024]; + char *askpass = NULL, *ret, buf[1024]; int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.c b/crypto/external/bsd/openssh/dist/readpassphrase.c deleted file mode 100644 index 737dd0c74..000000000 --- a/crypto/external/bsd/openssh/dist/readpassphrase.c +++ /dev/null @@ -1,151 +0,0 @@ -/* $NetBSD: readpassphrase.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ -/* - * Copyright (c) 2000 Todd C. Miller - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.7 2001/08/07 19:34:11 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -char * -readpassphrase(prompt, buf, bufsiz, flags) - const char *prompt; - char *buf; - size_t bufsiz; - int flags; -{ -#ifdef GETPASS_ECHO - int gflags = GETPASS_ECHO_NL; - - if (flags & RPP_ECHO_ON) - gflags |= GETPASS_ECHO; - if (flags & RPP_REQUIRE_TTY) - gflags |= GETPASS_NEED_TTY; - if (flags & RPP_FORCELOWER) - gflags |= GETPASS_FORCE_LOWER; - if (flags & RPP_FORCEUPPER) - gflags |= GETPASS_FORCE_UPPER; - if (flags & RPP_SEVENBIT) - gflags |= GETPASS_7BIT; - - return getpassfd(prompt, buf, bufsiz, NULL, gflags, 0); -#else - struct termios term, oterm; - char ch, *p, *end; - int input, output; - sigset_t oset, nset; - - /* I suppose we could alloc on demand in this case (XXX). */ - if (bufsiz == 0) { - errno = EINVAL; - return(NULL); - } - - /* - * Read and write to /dev/tty if available. If not, read from - * stdin and write to stderr unless a tty is required. - */ - if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) { - if (flags & RPP_REQUIRE_TTY) { - errno = ENOTTY; - return(NULL); - } - input = STDIN_FILENO; - output = STDERR_FILENO; - } - - /* - * We block SIGINT and SIGTSTP so the terminal is not left - * in an inconsistent state (ie: no echo). It would probably - * be better to simply catch these though. - */ - sigemptyset(&nset); - sigaddset(&nset, SIGINT); - sigaddset(&nset, SIGTSTP); - (void)sigprocmask(SIG_BLOCK, &nset, &oset); - - /* Turn off echo if possible. */ - if (tcgetattr(input, &oterm) == 0) { - memcpy(&term, &oterm, sizeof(term)); - if (!(flags & RPP_ECHO_ON) && (term.c_lflag & ECHO)) - term.c_lflag &= ~ECHO; - if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) - term.c_cc[VSTATUS] = _POSIX_VDISABLE; - (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } else { - memset(&term, 0, sizeof(term)); - memset(&oterm, 0, sizeof(oterm)); - } - - (void)write(output, prompt, strlen(prompt)); - end = buf + bufsiz - 1; - for (p = buf; read(input, &ch, 1) == 1 && ch != '\n' && ch != '\r';) { - if (p < end) { - if ((flags & RPP_SEVENBIT)) - ch &= 0x7f; - if (isalpha((unsigned char)ch)) { - if ((flags & RPP_FORCELOWER)) - ch = tolower((unsigned char)ch); - if ((flags & RPP_FORCEUPPER)) - ch = toupper((unsigned char)ch); - } - *p++ = ch; - } - } - *p = '\0'; - if (!(term.c_lflag & ECHO)) - (void)write(output, "\n", 1); - - /* Restore old terminal settings and signal mask. */ - if (memcmp(&term, &oterm, sizeof(term)) != 0) - (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm); - (void)sigprocmask(SIG_SETMASK, &oset, NULL); - if (input != STDIN_FILENO) - (void)close(input); - return(buf); -#endif -} - -char * -getpass(prompt) - const char *prompt; -{ - static char buf[_PASSWORD_LEN + 1]; - - return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF)); -} diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.c b/crypto/external/bsd/openssh/dist/readpassphrase.c new file mode 120000 index 000000000..88edf73cc --- /dev/null +++ b/crypto/external/bsd/openssh/dist/readpassphrase.c @@ -0,0 +1 @@ +openbsd-compat/readpassphrase.c \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.h b/crypto/external/bsd/openssh/dist/readpassphrase.h deleted file mode 100644 index a46bfa93e..000000000 --- a/crypto/external/bsd/openssh/dist/readpassphrase.h +++ /dev/null @@ -1,48 +0,0 @@ -/* $NetBSD: readpassphrase.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: readpassphrase.h,v 1.1 2000/11/21 00:48:38 millert Exp $ */ - -/* - * Copyright (c) 2000 Todd C. Miller - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _READPASSPHRASE_H_ -#define _READPASSPHRASE_H_ - -#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ -#define RPP_ECHO_ON 0x01 /* Leave echo on. */ -#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ -#define RPP_FORCELOWER 0x04 /* Force input to lower case. */ -#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ -#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ - -#include - -__BEGIN_DECLS -char * readpassphrase __P((const char *, char *, size_t, int)); -char * getpass __P((const char *)); -__END_DECLS - -#endif /* !_READPASSPHRASE_H_ */ diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.h b/crypto/external/bsd/openssh/dist/readpassphrase.h new file mode 120000 index 000000000..7c9a60d7a --- /dev/null +++ b/crypto/external/bsd/openssh/dist/readpassphrase.h @@ -0,0 +1 @@ +openbsd-compat/readpassphrase.h \ No newline at end of file diff --git a/crypto/external/bsd/openssh/dist/rijndael.c b/crypto/external/bsd/openssh/dist/rijndael.c index 1529274ff..40ab7b1f5 100644 --- a/crypto/external/bsd/openssh/dist/rijndael.c +++ b/crypto/external/bsd/openssh/dist/rijndael.c @@ -26,7 +26,10 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include +#include "includes.h" + +#include +#include #include "rijndael.h" diff --git a/crypto/external/bsd/openssh/dist/rijndael.h b/crypto/external/bsd/openssh/dist/rijndael.h index 8e6258a49..53e74e0a8 100644 --- a/crypto/external/bsd/openssh/dist/rijndael.h +++ b/crypto/external/bsd/openssh/dist/rijndael.h @@ -41,4 +41,16 @@ int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int); void rijndaelEncrypt(const unsigned int [], int, const unsigned char [], unsigned char []); +/* The structure for key information */ +typedef struct { + int decrypt; + int Nr; /* key-length-dependent number of rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u32 dk[4*(AES_MAXROUNDS + 1)]; /* decrypt key schedule */ +} rijndael_ctx; + +void rijndael_set_key(rijndael_ctx *, u_char *, int, int); +void rijndael_decrypt(rijndael_ctx *, u_char *, u_char *); +void rijndael_encrypt(rijndael_ctx *, u_char *, u_char *); + #endif /* _PRIVATE_RIJNDAEL_H */ diff --git a/crypto/external/bsd/openssh/dist/roaming.h b/crypto/external/bsd/openssh/dist/roaming.h index b622eb3ff..da069f878 100644 --- a/crypto/external/bsd/openssh/dist/roaming.h +++ b/crypto/external/bsd/openssh/dist/roaming.h @@ -1,4 +1,3 @@ -/* $NetBSD: roaming.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB diff --git a/crypto/external/bsd/openssh/dist/roaming_client.c b/crypto/external/bsd/openssh/dist/roaming_client.c index 3eb7e489f..cb1328574 100644 --- a/crypto/external/bsd/openssh/dist/roaming_client.c +++ b/crypto/external/bsd/openssh/dist/roaming_client.c @@ -1,4 +1,3 @@ -/* $NetBSD: roaming_client.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB @@ -15,10 +14,10 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" -__RCSID("$NetBSD: roaming_client.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); -#include +#include "includes.h" + +#include "openbsd-compat/sys-queue.h" #include #include diff --git a/crypto/external/bsd/openssh/dist/roaming_common.c b/crypto/external/bsd/openssh/dist/roaming_common.c index 229a25aa8..ea064605c 100644 --- a/crypto/external/bsd/openssh/dist/roaming_common.c +++ b/crypto/external/bsd/openssh/dist/roaming_common.c @@ -1,4 +1,3 @@ -/* $NetBSD: roaming_common.c,v 1.9 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB @@ -15,8 +14,8 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: roaming_common.c,v 1.9 2015/04/03 23:58:19 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/roaming_dummy.c b/crypto/external/bsd/openssh/dist/roaming_dummy.c index bdf41ef5f..837de695d 100644 --- a/crypto/external/bsd/openssh/dist/roaming_dummy.c +++ b/crypto/external/bsd/openssh/dist/roaming_dummy.c @@ -1,4 +1,3 @@ -/* $NetBSD: roaming_dummy.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB @@ -21,6 +20,8 @@ * support roaming. */ +#include "includes.h" + #include #include diff --git a/crypto/external/bsd/openssh/dist/roaming_serv.c b/crypto/external/bsd/openssh/dist/roaming_serv.c index 58b88655b..511ca8461 100644 --- a/crypto/external/bsd/openssh/dist/roaming_serv.c +++ b/crypto/external/bsd/openssh/dist/roaming_serv.c @@ -1,4 +1,3 @@ -/* $NetBSD: roaming_serv.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB @@ -16,6 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include "roaming.h" diff --git a/crypto/external/bsd/openssh/dist/rsa.c b/crypto/external/bsd/openssh/dist/rsa.c index f97aa479b..5ecacef90 100644 --- a/crypto/external/bsd/openssh/dist/rsa.c +++ b/crypto/external/bsd/openssh/dist/rsa.c @@ -1,4 +1,3 @@ -/* $NetBSD: rsa.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen @@ -62,9 +61,10 @@ */ #include "includes.h" -__RCSID("$NetBSD: rsa.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include +#include #include #include "rsa.h" diff --git a/crypto/external/bsd/openssh/dist/rsa.h b/crypto/external/bsd/openssh/dist/rsa.h index d9530918b..c476707d5 100644 --- a/crypto/external/bsd/openssh/dist/rsa.h +++ b/crypto/external/bsd/openssh/dist/rsa.h @@ -1,4 +1,3 @@ -/* $NetBSD: rsa.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sandbox-rlimit.c b/crypto/external/bsd/openssh/dist/sandbox-rlimit.c index d156633d8..bba80778b 100644 --- a/crypto/external/bsd/openssh/dist/sandbox-rlimit.c +++ b/crypto/external/bsd/openssh/dist/sandbox-rlimit.c @@ -16,7 +16,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: sandbox-rlimit.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + +#ifdef SANDBOX_RLIMIT + #include #include #include @@ -40,7 +42,7 @@ struct ssh_sandbox { }; struct ssh_sandbox * -ssh_sandbox_init(void) +ssh_sandbox_init(struct monitor *monitor) { struct ssh_sandbox *box; @@ -62,15 +64,21 @@ ssh_sandbox_child(struct ssh_sandbox *box) rl_zero.rlim_cur = rl_zero.rlim_max = 0; +#ifndef SANDBOX_SKIP_RLIMIT_FSIZE if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif +#ifndef SANDBOX_SKIP_RLIMIT_NOFILE if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif +#ifdef HAVE_RLIMIT_NPROC if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", __func__, strerror(errno)); +#endif } void @@ -84,6 +92,6 @@ void ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) { box->child_pid = child_pid; - /* Nothing to do here */ } +#endif /* SANDBOX_RLIMIT */ diff --git a/crypto/external/bsd/openssh/dist/sandbox-systrace.c b/crypto/external/bsd/openssh/dist/sandbox-systrace.c index e9900802e..3830ed16c 100644 --- a/crypto/external/bsd/openssh/dist/sandbox-systrace.c +++ b/crypto/external/bsd/openssh/dist/sandbox-systrace.c @@ -15,6 +15,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + +#ifdef SANDBOX_SYSTRACE + #include #include #include @@ -49,7 +53,13 @@ static const struct sandbox_policy preauth_policy[] = { { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, { SYS_close, SYSTR_POLICY_PERMIT }, { SYS_exit, SYSTR_POLICY_PERMIT }, +#ifdef SYS_getentropy + /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */ { SYS_getentropy, SYSTR_POLICY_PERMIT }, +#else + /* Previous releases used sysctl(3)'s kern.arnd variable. */ + { SYS___sysctl, SYSTR_POLICY_PERMIT }, +#endif { SYS_getpid, SYSTR_POLICY_PERMIT }, { SYS_getpgid, SYSTR_POLICY_PERMIT }, { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, @@ -65,7 +75,9 @@ static const struct sandbox_policy preauth_policy[] = { { SYS_poll, SYSTR_POLICY_PERMIT }, { SYS_read, SYSTR_POLICY_PERMIT }, { SYS_select, SYSTR_POLICY_PERMIT }, - { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, +#ifdef SYS_sendsyslog + { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, +#endif { SYS_shutdown, SYSTR_POLICY_PERMIT }, { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, { SYS_write, SYSTR_POLICY_PERMIT }, @@ -79,7 +91,7 @@ struct ssh_sandbox { }; struct ssh_sandbox * -ssh_sandbox_init(void) +ssh_sandbox_init(struct monitor *monitor) { struct ssh_sandbox *box; @@ -196,3 +208,5 @@ ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) { ssh_sandbox_parent(box, child_pid, preauth_policy); } + +#endif /* SANDBOX_SYSTRACE */ diff --git a/crypto/external/bsd/openssh/dist/sc25519.c b/crypto/external/bsd/openssh/dist/sc25519.c index 3166f153e..1568d9a58 100644 --- a/crypto/external/bsd/openssh/dist/sc25519.c +++ b/crypto/external/bsd/openssh/dist/sc25519.c @@ -5,8 +5,8 @@ * Peter Schwabe, Bo-Yin Yang. * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c */ + #include "includes.h" -__RCSID("$NetBSD: sc25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include "sc25519.h" diff --git a/crypto/external/bsd/openssh/dist/scp.1 b/crypto/external/bsd/openssh/dist/scp.1 index 353880e0c..279b0d70b 100644 --- a/crypto/external/bsd/openssh/dist/scp.1 +++ b/crypto/external/bsd/openssh/dist/scp.1 @@ -1,5 +1,3 @@ -.\" $NetBSD: scp.1,v 1.10 2015/08/13 10:33:21 christos Exp $ -.\" -*- nroff -*- .\" .\" scp.1 .\" @@ -12,7 +10,7 @@ .\" .\" $OpenBSD: scp.1,v 1.67 2015/07/10 06:21:53 markus Exp $ .\" -.Dd July 10 2015 +.Dd $Mdocdate: July 10 2015 $ .Dt SCP 1 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/scp.c b/crypto/external/bsd/openssh/dist/scp.c index 54b9ca703..593fe89bd 100644 --- a/crypto/external/bsd/openssh/dist/scp.c +++ b/crypto/external/bsd/openssh/dist/scp.c @@ -1,4 +1,3 @@ -/* $NetBSD: scp.c,v 1.12 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: scp.c,v 1.182 2015/04/24 01:36:00 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which @@ -73,19 +72,30 @@ */ #include "includes.h" -__RCSID("$NetBSD: scp.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); -#include /* roundup MAX */ + #include -#include +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_POLL_H +#include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif #include -#include -#include #include #include #include #include #include +#include #include #include #include @@ -94,8 +104,9 @@ __RCSID("$NetBSD: scp.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); #include #include #include -#include +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) #include +#endif #include "xmalloc.h" #include "atomicio.h" @@ -104,14 +115,13 @@ __RCSID("$NetBSD: scp.c,v 1.12 2015/07/03 01:00:00 christos Exp $"); #include "misc.h" #include "progressmeter.h" +extern char *__progname; + #define COPY_BUFLEN 16384 int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); int do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout); -static char dot[] = "."; -static char empty[] = ""; - /* Struct for addargs */ arglist args; arglist remote_remote_args; @@ -136,16 +146,12 @@ int showprogress = 1; int throughlocal = 0; /* This is the program to execute for the secured connection. ("ssh" or -S) */ -#ifdef RESCUEDIR -const char *ssh_program = RESCUEDIR "/ssh"; -#else -const char *ssh_program = _PATH_SSH_PROGRAM; -#endif +char *ssh_program = _PATH_SSH_PROGRAM; /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; -__dead static void +static void killchild(int signo) { if (do_cmd_pid > 1) { @@ -339,9 +345,9 @@ typedef struct { } BUF; BUF *allocbuf(BUF *, int, int); -__dead static void lostconn(int); +void lostconn(int); int okname(char *); -void run_err(const char *,...) __printflike(1, 2); +void run_err(const char *,...); void verifydir(char *); struct passwd *pwd; @@ -356,9 +362,9 @@ int response(void); void rsource(char *, struct stat *); void sink(int, char *[]); void source(int, char *[]); -static void tolocal(int, char *[]); -static void toremote(char *, int, char *[]); -__dead static void usage(void); +void tolocal(int, char *[]); +void toremote(char *, int, char *[]); +void usage(void); int main(int argc, char **argv) @@ -378,6 +384,8 @@ main(int argc, char **argv) newargv[n] = xstrdup(argv[n]); argv = newargv; + __progname = ssh_get_progname(argv[0]); + memset(&args, '\0', sizeof(args)); memset(&remote_remote_args, '\0', sizeof(remote_remote_args)); args.list = remote_remote_args.list = NULL; @@ -460,6 +468,9 @@ main(int argc, char **argv) case 't': /* "to" */ iamremote = 1; tflag = 1; +#ifdef HAVE_CYGWIN + setmode(0, O_BINARY); +#endif break; default: usage(); @@ -571,7 +582,7 @@ toremote(char *targ, int argc, char **argv) *targ++ = 0; if (*targ == 0) - targ = dot; + targ = "."; arg = xstrdup(argv[argc - 1]); if ((thost = strrchr(arg, '@'))) { @@ -595,7 +606,7 @@ toremote(char *targ, int argc, char **argv) if (src && throughlocal) { /* extended remote to remote */ *src++ = 0; if (*src == 0) - src = dot; + src = "."; host = strrchr(argv[i], '@'); if (host) { *host++ = 0; @@ -635,7 +646,7 @@ toremote(char *targ, int argc, char **argv) } *src++ = 0; if (*src == 0) - src = dot; + src = "."; host = strrchr(argv[i], '@'); if (host) { @@ -678,7 +689,7 @@ toremote(char *targ, int argc, char **argv) free(arg); } -static void +void tolocal(int argc, char **argv) { char *bp, *host, *src, *suser; @@ -705,7 +716,7 @@ tolocal(int argc, char **argv) } *src++ = 0; if (*src == 0) - src = dot; + src = "."; if ((host = strrchr(argv[i], '@')) == NULL) { host = argv[i]; suser = NULL; @@ -739,11 +750,10 @@ source(int argc, char **argv) off_t i, statbytes; size_t amt, nr; int fd = -1, haderr, indx; - char *last, *name, buf[16384], encname[PATH_MAX]; + char *last, *name, buf[2048], encname[PATH_MAX]; int len; for (indx = 0; indx < argc; ++indx) { - fd = -1; name = argv[indx]; statbytes = 0; len = strlen(name); @@ -752,7 +762,7 @@ source(int argc, char **argv) if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0) goto syserr; if (strchr(name, '\n') != NULL) { - strvisx(encname, name, len, VIS_NL); + strnvis(encname, name, sizeof(encname), VIS_NL); name = encname; } if (fstat(fd, &stb) < 0) { @@ -837,7 +847,7 @@ next: if (fd != -1) { fd = -1; } if (!haderr) - (void) atomicio(vwrite, remout, empty, 1); + (void) atomicio(vwrite, remout, "", 1); else run_err("%s: %s", name, strerror(haderr)); (void) response(); @@ -889,7 +899,7 @@ rsource(char *name, struct stat *statp) source(1, vect); } (void) closedir(dirp); - (void) atomicio(vwrite, remout, __UNCONST("E\n"), 2); + (void) atomicio(vwrite, remout, "E\n", 2); (void) response(); } @@ -909,8 +919,7 @@ sink(int argc, char **argv) off_t size, statbytes; unsigned long long ull; int setimes, targisdir, wrerrno = 0; - char ch, *cp, *np, *targ, *vect[1], buf[16384]; - const char *why; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; struct timeval tv[2]; #define atime tv[0] @@ -929,7 +938,7 @@ sink(int argc, char **argv) if (targetshouldbedirectory) verifydir(targ); - (void) atomicio(vwrite, remout, empty, 1); + (void) atomicio(vwrite, remout, "", 1); if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) targisdir = 1; for (first = 1;; first = 0) { @@ -957,7 +966,7 @@ sink(int argc, char **argv) continue; } if (buf[0] == 'E') { - (void) atomicio(vwrite, remout, empty, 1); + (void) atomicio(vwrite, remout, "", 1); return; } if (ch == '\n') @@ -993,7 +1002,7 @@ sink(int argc, char **argv) if (!cp || *cp++ != '\0' || atime.tv_usec < 0 || atime.tv_usec > 999999) SCREWUP("atime.usec not delimited"); - (void) atomicio(vwrite, remout, empty, 1); + (void) atomicio(vwrite, remout, "", 1); continue; } if (*cp != 'C' && *cp != 'D') { @@ -1082,7 +1091,7 @@ sink(int argc, char **argv) bad: run_err("%s: %s", np, strerror(errno)); continue; } - (void) atomicio(vwrite, remout, empty, 1); + (void) atomicio(vwrite, remout, "", 1); if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) { (void) close(ofd); continue; @@ -1140,14 +1149,22 @@ bad: run_err("%s: %s", np, strerror(errno)); } if (pflag) { if (exists || omode != mode) +#ifdef HAVE_FCHMOD if (fchmod(ofd, omode)) { +#else /* HAVE_FCHMOD */ + if (chmod(np, omode)) { +#endif /* HAVE_FCHMOD */ run_err("%s: set mode: %s", np, strerror(errno)); wrerr = DISPLAYED; } } else { if (!exists && omode != mode) +#ifdef HAVE_FCHMOD if (fchmod(ofd, omode & ~mask)) { +#else /* HAVE_FCHMOD */ + if (chmod(np, omode & ~mask)) { +#endif /* HAVE_FCHMOD */ run_err("%s: set mode: %s", np, strerror(errno)); wrerr = DISPLAYED; @@ -1171,7 +1188,7 @@ bad: run_err("%s: %s", np, strerror(errno)); run_err("%s: %s", np, strerror(wrerrno)); break; case NO: - (void) atomicio(vwrite, remout, empty, 1); + (void) atomicio(vwrite, remout, "", 1); break; case DISPLAYED: break; @@ -1298,6 +1315,7 @@ BUF * allocbuf(BUF *bp, int fd, int blksize) { size_t size; +#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE struct stat stb; if (fstat(fd, &stb) < 0) { @@ -1307,6 +1325,9 @@ allocbuf(BUF *bp, int fd, int blksize) size = roundup(stb.st_blksize, blksize); if (size == 0) size = blksize; +#else /* HAVE_STRUCT_STAT_ST_BLKSIZE */ + size = blksize; +#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ if (bp->cnt >= size) return (bp); if (bp->buf == NULL) @@ -1318,7 +1339,7 @@ allocbuf(BUF *bp, int fd, int blksize) return (bp); } -static void +void lostconn(int signo) { if (!iamremote) diff --git a/crypto/external/bsd/openssh/dist/servconf.c b/crypto/external/bsd/openssh/dist/servconf.c index 39a45e02c..6c7a91e6b 100644 --- a/crypto/external/bsd/openssh/dist/servconf.c +++ b/crypto/external/bsd/openssh/dist/servconf.c @@ -1,4 +1,3 @@ -/* $NetBSD: servconf.c,v 1.19 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: servconf.c,v 1.280 2015/08/06 14:53:21 deraadt Exp $ */ /* @@ -13,13 +12,12 @@ */ #include "includes.h" -__RCSID("$NetBSD: servconf.c,v 1.19 2015/08/13 10:33:21 christos Exp $"); + #include #include -#include -#include #include +#include #include #include @@ -33,16 +31,11 @@ __RCSID("$NetBSD: servconf.c,v 1.19 2015/08/13 10:33:21 christos Exp $"); #include #include #include +#ifdef HAVE_UTIL_H #include -#include - -#ifdef KRB4 -#include -#ifdef AFS -#include -#endif /* AFS */ -#endif /* KRB4 */ +#endif +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "log.h" @@ -62,11 +55,6 @@ __RCSID("$NetBSD: servconf.c,v 1.19 2015/08/13 10:33:21 christos Exp $"); #include "packet.h" #include "hostfile.h" #include "auth.h" -#include "fmt_scaled.h" - -#ifdef WITH_LDAP_PUBKEY -#include "ldapauth.h" -#endif #include "myproposal.h" #include "digest.h" @@ -103,7 +91,6 @@ initialize_server_options(ServerOptions *options) options->key_regeneration_time = -1; options->permit_root_login = PERMIT_NOT_SET; options->ignore_rhosts = -1; - options->ignore_root_rhosts = -1; options->ignore_user_known_hosts = -1; options->print_motd = -1; options->print_lastlog = -1; @@ -128,12 +115,6 @@ initialize_server_options(ServerOptions *options) options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; -#if defined(AFS) || defined(KRB5) - options->kerberos_tgt_passing = -1; -#endif -#ifdef AFS - options->afs_token_passing = -1; -#endif options->kerberos_get_afs_token = -1; options->gss_authentication=-1; options->gss_cleanup_creds = -1; @@ -155,25 +136,6 @@ initialize_server_options(ServerOptions *options) options->num_allow_groups = 0; options->num_deny_groups = 0; options->ciphers = NULL; -#ifdef WITH_LDAP_PUBKEY - /* XXX dirty */ - options->lpk.ld = NULL; - options->lpk.on = -1; - options->lpk.servers = NULL; - options->lpk.u_basedn = NULL; - options->lpk.g_basedn = NULL; - options->lpk.binddn = NULL; - options->lpk.bindpw = NULL; - options->lpk.sgroup = NULL; - options->lpk.filter = NULL; - options->lpk.fgroup = NULL; - options->lpk.l_conf = NULL; - options->lpk.tls = -1; - options->lpk.b_timeout.tv_sec = -1; - options->lpk.s_timeout.tv_sec = -1; - options->lpk.flags = FLAG_EMPTY; - options->lpk.pub_key_attr = NULL; -#endif options->macs = NULL; options->kex_algorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; @@ -207,10 +169,6 @@ initialize_server_options(ServerOptions *options) options->ip_qos_bulk = -1; options->version_addendum = NULL; options->fingerprint_hash = -1; - options->none_enabled = -1; - options->tcp_rcv_buf_poll = -1; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ @@ -223,34 +181,31 @@ option_clear_or_none(const char *o) void fill_default_server_options(ServerOptions *options) { - /* needed for hpn socket tests */ - int sock; - int socksize; - socklen_t socksizelen = sizeof(int); + int i; /* Portable-specific options */ if (options->use_pam == -1) options->use_pam = 0; /* Standard Options */ - int i; - if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_2; if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ if (options->protocol & SSH_PROTO_1) options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_KEY_FILE); + _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_RSA_KEY_FILE); + _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_DSA_KEY_FILE); + _PATH_HOST_DSA_KEY_FILE; +#ifdef OPENSSL_HAS_ECC options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_ECDSA_KEY_FILE); + _PATH_HOST_ECDSA_KEY_FILE; +#endif options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_ED25519_KEY_FILE); + _PATH_HOST_ED25519_KEY_FILE; } } /* No certificates by default */ @@ -272,8 +227,6 @@ fill_default_server_options(ServerOptions *options) options->permit_root_login = PERMIT_NO_PASSWD; if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; - if (options->ignore_root_rhosts == -1) - options->ignore_root_rhosts = options->ignore_rhosts; if (options->ignore_user_known_hosts == -1) options->ignore_user_known_hosts = 0; if (options->print_motd == -1) @@ -318,14 +271,6 @@ fill_default_server_options(ServerOptions *options) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) options->kerberos_ticket_cleanup = 1; -#if defined(AFS) || defined(KRB5) - if (options->kerberos_tgt_passing == -1) - options->kerberos_tgt_passing = 0; -#endif -#ifdef AFS - if (options->afs_token_passing == -1) - options->afs_token_passing = 0; -#endif if (options->kerberos_get_afs_token == -1) options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) @@ -390,72 +335,6 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); - - if (options->hpn_disabled == -1) - options->hpn_disabled = 0; - - if (options->hpn_buffer_size == -1) { - /* option not explicitly set. Now we have to figure out */ - /* what value to use */ - if (options->hpn_disabled == 1) { - options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - } else { - /* get the current RCV size and set it to that */ - /*create a socket but don't connect it */ - /* we use that the get the rcv socket size */ - sock = socket(AF_INET, SOCK_STREAM, 0); - getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen); - close(sock); - options->hpn_buffer_size = socksize; - debug ("HPN Buffer Size: %d", options->hpn_buffer_size); - - } - } else { - /* we have to do this incase the user sets both values in a contradictory */ - /* manner. hpn_disabled overrrides hpn_buffer_size*/ - if (options->hpn_disabled <= 0) { - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; - /* limit the maximum buffer to 64MB */ - if (options->hpn_buffer_size > 64*1024) { - options->hpn_buffer_size = 64*1024*1024; - } else { - options->hpn_buffer_size *= 1024; - } - } else - options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; - } - -#ifdef WITH_LDAP_PUBKEY - if (options->lpk.on == -1) - options->lpk.on = _DEFAULT_LPK_ON; - if (options->lpk.servers == NULL) - options->lpk.servers = _DEFAULT_LPK_SERVERS; - if (options->lpk.u_basedn == NULL) - options->lpk.u_basedn = _DEFAULT_LPK_UDN; - if (options->lpk.g_basedn == NULL) - options->lpk.g_basedn = _DEFAULT_LPK_GDN; - if (options->lpk.binddn == NULL) - options->lpk.binddn = _DEFAULT_LPK_BINDDN; - if (options->lpk.bindpw == NULL) - options->lpk.bindpw = _DEFAULT_LPK_BINDPW; - if (options->lpk.sgroup == NULL) - options->lpk.sgroup = _DEFAULT_LPK_SGROUP; - if (options->lpk.filter == NULL) - options->lpk.filter = _DEFAULT_LPK_FILTER; - if (options->lpk.tls == -1) - options->lpk.tls = _DEFAULT_LPK_TLS; - if (options->lpk.b_timeout.tv_sec == -1) - options->lpk.b_timeout.tv_sec = _DEFAULT_LPK_BTIMEOUT; - if (options->lpk.s_timeout.tv_sec == -1) - options->lpk.s_timeout.tv_sec = _DEFAULT_LPK_STIMEOUT; - if (options->lpk.l_conf == NULL) - options->lpk.l_conf = _DEFAULT_LPK_LDP; - if (options->lpk.pub_key_attr == NULL) - options->lpk.pub_key_attr = __UNCONST(_DEFAULT_LPK_PUB); -#endif - if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) options->fwd_opts.streamlocal_bind_mask = 0177; if (options->fwd_opts.streamlocal_bind_unlink == -1) @@ -494,6 +373,16 @@ fill_default_server_options(ServerOptions *options) for (i = 0; i < options->num_host_cert_files; i++) CLEAR_ON_NONE(options->host_cert_files[i]); #undef CLEAR_ON_NONE + +#ifndef HAVE_MMAP + if (use_privsep && options->compression == 1) { + error("This platform does not support both privilege " + "separation and compression"); + error("Compression disabled"); + options->compression = 0; + } +#endif + } /* Keyword tokens. */ @@ -501,6 +390,7 @@ typedef enum { sBadOption, /* == unknown option */ /* Portable-specific options */ sUsePAM, + /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, @@ -529,19 +419,11 @@ typedef enum { sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, sKexAlgorithms, sIPQoS, sVersionAddendum, - sIgnoreRootRhosts, - sNoneEnabled, sTcpRcvBufPoll,sHPNDisabled, sHPNBufferSize, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, sAllowStreamLocalForwarding, sFingerprintHash, sDeprecated, sUnsupported -#ifdef WITH_LDAP_PUBKEY - ,sLdapPublickey, sLdapServers, sLdapUserDN - ,sLdapGroupDN, sBindDN, sBindPw, sMyGroup - ,sLdapFilter, sForceTLS, sBindTimeout - ,sSearchTimeout, sLdapConf ,sLpkPubKeyAttr -#endif } ServerOpCodes; #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ @@ -554,11 +436,14 @@ static struct { ServerOpCodes opcode; u_int flags; } keywords[] = { + /* Portable-specific options */ #ifdef USE_PAM { "usepam", sUsePAM, SSHCFG_GLOBAL }, #else { "usepam", sUnsupported, SSHCFG_GLOBAL }, #endif + { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, + /* Standard Options */ { "port", sPort, SSHCFG_GLOBAL }, { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ @@ -584,18 +469,18 @@ static struct { { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, +#ifdef USE_AFS { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, +#else + { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, +#endif #else { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif -#if defined(AFS) || defined(KRB5) - { "kerberostgtpassing", sKerberosTgtPassing, SSHCFG_GLOBAL }, -#else { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, -#endif { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, @@ -616,7 +501,6 @@ static struct { { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, - { "ignorerootrhosts", sIgnoreRootRhosts, SSHCFG_GLOBAL }, { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, @@ -652,21 +536,6 @@ static struct { { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, -#ifdef WITH_LDAP_PUBKEY - { _DEFAULT_LPK_TOKEN, sLdapPublickey, SSHCFG_GLOBAL }, - { _DEFAULT_SRV_TOKEN, sLdapServers, SSHCFG_GLOBAL }, - { _DEFAULT_USR_TOKEN, sLdapUserDN, SSHCFG_GLOBAL }, - { _DEFAULT_GRP_TOKEN, sLdapGroupDN, SSHCFG_GLOBAL }, - { _DEFAULT_BDN_TOKEN, sBindDN, SSHCFG_GLOBAL }, - { _DEFAULT_BPW_TOKEN, sBindPw, SSHCFG_GLOBAL }, - { _DEFAULT_MYG_TOKEN, sMyGroup, SSHCFG_GLOBAL }, - { _DEFAULT_FIL_TOKEN, sLdapFilter, SSHCFG_GLOBAL }, - { _DEFAULT_TLS_TOKEN, sForceTLS, SSHCFG_GLOBAL }, - { _DEFAULT_BTI_TOKEN, sBindTimeout, SSHCFG_GLOBAL }, - { _DEFAULT_STI_TOKEN, sSearchTimeout, SSHCFG_GLOBAL }, - { _DEFAULT_LDP_TOKEN, sLdapConf, SSHCFG_GLOBAL }, - { "LpkPubKeyAttr", sLpkPubKeyAttr, SSHCFG_GLOBAL }, -#endif { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, @@ -687,10 +556,6 @@ static struct { { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, - { "noneenabled", sNoneEnabled, SSHCFG_ALL }, - { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, - { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, - { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, @@ -701,7 +566,7 @@ static struct { static struct { int val; - const char *text; + char *text; } tunmode_desc[] = { { SSH_TUNMODE_NO, "no" }, { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, @@ -722,7 +587,6 @@ parse_token(const char *cp, const char *filename, for (i = 0; keywords[i].name; i++) if (strcasecmp(cp, keywords[i].name) == 0) { - debug ("Config token is %s", keywords[i].name); *flags = keywords[i].flags; return keywords[i].opcode; } @@ -1041,7 +905,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) /* Multistate option parsing */ struct multistate { - const char *key; + char *key; int value; }; static const struct multistate multistate_addressfamily[] = { @@ -1095,10 +959,6 @@ process_server_config_line(ServerOptions *options, char *line, int cmdline = 0, *intptr, value, value2, n, port; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; -#ifdef WITH_LDAP_PUBKEY - unsigned long lvalue; -#endif - time_t *timetptr __unused; ServerOpCodes opcode; u_int i, flags = 0; size_t len; @@ -1114,7 +974,6 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || !*arg || *arg == '#') return 0; intptr = NULL; - timetptr = NULL; charptr = NULL; opcode = parse_token(arg, filename, linenum, &flags); @@ -1306,26 +1165,6 @@ process_server_config_line(ServerOptions *options, char *line, *intptr = value; break; - case sIgnoreRootRhosts: - intptr = &options->ignore_root_rhosts; - goto parse_flag; - - case sNoneEnabled: - intptr = &options->none_enabled; - goto parse_flag; - - case sTcpRcvBufPoll: - intptr = &options->tcp_rcv_buf_poll; - goto parse_flag; - - case sHPNDisabled: - intptr = &options->hpn_disabled; - goto parse_flag; - - case sHPNBufferSize: - intptr = &options->hpn_buffer_size; - goto parse_int; - case sIgnoreUserKnownHosts: intptr = &options->ignore_user_known_hosts; goto parse_flag; @@ -1384,10 +1223,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->kerberos_ticket_cleanup; goto parse_flag; - case sKerberosTgtPassing: - intptr = &options->kerberos_tgt_passing; - goto parse_flag; - case sKerberosGetAFSToken: intptr = &options->kerberos_get_afs_token; goto parse_flag; @@ -2021,125 +1856,6 @@ process_server_config_line(ServerOptions *options, char *line, while (arg) arg = strdelim(&cp); break; -#ifdef WITH_LDAP_PUBKEY - case sLdapPublickey: - intptr = &options->lpk.on; - goto parse_flag; - case sLdapServers: - /* arg = strdelim(&cp); */ - p = line; - while(*p++); - arg = p; - if (!arg || *arg == '\0') - fatal("%s line %d: missing ldap server",filename,linenum); - arg[strlen(arg)] = '\0'; - if ((options->lpk.servers = ldap_parse_servers(arg)) == NULL) - fatal("%s line %d: error in ldap servers", filename, linenum); - memset(arg,0,strlen(arg)); - break; - case sLdapUserDN: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing ldap server",filename,linenum); - arg[strlen(arg)] = '\0'; - options->lpk.u_basedn = xstrdup(arg); - memset(arg,0,strlen(arg)); - break; - case sLdapGroupDN: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing ldap server",filename,linenum); - arg[strlen(arg)] = '\0'; - options->lpk.g_basedn = xstrdup(arg); - memset(arg,0,strlen(arg)); - break; - case sBindDN: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing binddn",filename,linenum); - arg[strlen(arg)] = '\0'; - options->lpk.binddn = xstrdup(arg); - memset(arg,0,strlen(arg)); - break; - case sBindPw: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing bindpw",filename,linenum); - arg[strlen(arg)] = '\0'; - options->lpk.bindpw = xstrdup(arg); - memset(arg,0,strlen(arg)); - break; - case sMyGroup: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing groupname",filename, linenum); - arg[strlen(arg)] = '\0'; - options->lpk.sgroup = xstrdup(arg); - if (options->lpk.sgroup) - options->lpk.fgroup = ldap_parse_groups(options->lpk.sgroup); - memset(arg,0,strlen(arg)); - break; - case sLdapFilter: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing filter",filename, linenum); - arg[strlen(arg)] = '\0'; - options->lpk.filter = xstrdup(arg); - memset(arg,0,strlen(arg)); - break; - case sForceTLS: - intptr = &options->lpk.tls; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing yes/no argument.", - filename, linenum); - value = 0; /* silence compiler */ - if (strcmp(arg, "yes") == 0) - value = 1; - else if (strcmp(arg, "no") == 0) - value = 0; - else if (strcmp(arg, "try") == 0) - value = -1; - else - fatal("%s line %d: Bad yes/no argument: %s", - filename, linenum, arg); - if (*intptr == -1) - *intptr = value; - break; - case sBindTimeout: - timetptr = &options->lpk.b_timeout.tv_sec; -parse_ulong: - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing integer value.", - filename, linenum); - lvalue = atol(arg); - if (*activep && *timetptr == -1) - *timetptr = lvalue; - break; - - case sSearchTimeout: - timetptr = &options->lpk.s_timeout.tv_sec; - goto parse_ulong; - break; - case sLdapConf: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing LpkLdapConf", filename, linenum); - arg[strlen(arg)] = '\0'; - options->lpk.l_conf = xstrdup(arg); - memset(arg, 0, strlen(arg)); - break; - case sLpkPubKeyAttr: - arg = cp; - if (!arg || *arg == '\0') - fatal("%s line %d: missing pubkeyattr",filename,linenum); - arg[strlen(arg)] = '\0'; - options->lpk.pub_key_attr = xstrdup(arg); - memset(arg,0,strlen(arg)); - break; - -#endif default: fatal("%s line %d: Missing handler for opcode %s (%d)", @@ -2323,7 +2039,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); - obuf = cbuf = xstrdup((const char *)buffer_ptr(conf)); + obuf = cbuf = xstrdup(buffer_ptr(conf)); active = connectinfo ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { @@ -2461,8 +2177,7 @@ dump_config(ServerOptions *o) u_int i; int ret; struct addrinfo *ai; - char addr[NI_MAXHOST], port[NI_MAXSERV]; - const char *s = NULL; + char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; char *laddr1 = xstrdup(""), *laddr2 = NULL; /* these are usually at the top of the config */ @@ -2498,6 +2213,9 @@ dump_config(ServerOptions *o) free(laddr1); /* integer arguments */ +#ifdef USE_PAM + dump_cfg_fmtint(sUsePAM, o->use_pam); +#endif dump_cfg_int(sServerKeyBits, o->server_key_bits); dump_cfg_int(sLoginGraceTime, o->login_grace_time); dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); @@ -2522,7 +2240,9 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); +# ifdef USE_AFS dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); +# endif #endif #ifdef GSSAPI dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); diff --git a/crypto/external/bsd/openssh/dist/servconf.h b/crypto/external/bsd/openssh/dist/servconf.h index 51ed9516a..f4137af7d 100644 --- a/crypto/external/bsd/openssh/dist/servconf.h +++ b/crypto/external/bsd/openssh/dist/servconf.h @@ -1,4 +1,3 @@ -/* $NetBSD: servconf.h,v 1.13 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: servconf.h,v 1.120 2015/07/10 06:21:53 markus Exp $ */ /* @@ -17,10 +16,6 @@ #ifndef SERVCONF_H #define SERVCONF_H -#ifdef WITH_LDAP_PUBKEY -#include "ldapauth.h" -#endif - #define MAX_PORTS 256 /* Max # ports. */ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ @@ -80,9 +75,6 @@ typedef struct { int key_regeneration_time; /* Server key lifetime (seconds). */ int permit_root_login; /* PERMIT_*, see above */ int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root; - defaults to ignore_rhosts if not - given. */ int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts * for RhostsRsaAuth */ int print_motd; /* If true, print /etc/motd. */ @@ -123,13 +115,8 @@ typedef struct { * /etc/passwd */ int kerberos_ticket_cleanup; /* If true, destroy ticket * file on logout. */ - int kerberos_tgt_passing; /* If true, permit Kerberos TGT - * passing. */ int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ -#ifdef AFS - int afs_token_passing; /* If true, permit AFS token passing. */ -#endif int gss_authentication; /* If true, permit GSSAPI authentication */ int gss_cleanup_creds; /* If true, destroy cred cache on logout */ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ @@ -182,18 +169,11 @@ typedef struct { u_int num_authkeys_files; /* Files containing public keys */ char *authorized_keys_files[MAX_AUTHKEYS_FILES]; - int use_pam; /* Enable auth via PAM */ - int none_enabled; /* enable NONE cipher switch */ - int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/ - int hpn_disabled; /* disable hpn functionality. false by default */ - int hpn_buffer_size; /* set the hpn buffer size - default 3MB */ - char *adm_forced_command; + int use_pam; /* Enable auth via PAM */ + int permit_tun; -#ifdef WITH_LDAP_PUBKEY - ldap_opt_t lpk; -#endif int num_permitted_opens; diff --git a/crypto/external/bsd/openssh/dist/serverloop.c b/crypto/external/bsd/openssh/dist/serverloop.c index 8e7514409..306ac36be 100644 --- a/crypto/external/bsd/openssh/dist/serverloop.c +++ b/crypto/external/bsd/openssh/dist/serverloop.c @@ -1,4 +1,3 @@ -/* $NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,13 +36,14 @@ */ #include "includes.h" -__RCSID("$NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $"); + #include /* MIN MAX */ #include #include #include -#include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include @@ -56,6 +56,7 @@ __RCSID("$NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $"); #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "packet.h" #include "buffer.h" @@ -93,10 +94,10 @@ static int fdin; /* Descriptor for stdin (for writing) */ static int fdout; /* Descriptor for stdout (for reading); May be same number as fdin. */ static int fderr; /* Descriptor for stderr. May be -1. */ -static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */ -static u_long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ -static u_long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ -static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */ +static long stdin_bytes = 0; /* Number of bytes written to stdin. */ +static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ +static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ +static long fdout_bytes = 0; /* Number of stdout bytes read from program. */ static int stdin_eof = 0; /* EOF message received from client. */ static int fdout_eof = 0; /* EOF encountered reading from fdout. */ static int fderr_eof = 0; /* EOF encountered readung from fderr. */ @@ -120,19 +121,6 @@ static volatile sig_atomic_t received_sigterm = 0; /* prototypes */ static void server_init_dispatch(void); -/* - * Returns current time in seconds from Jan 1, 1970 with the maximum - * available resolution. - */ - -static double -get_current_time(void) -{ - struct timeval tv; - gettimeofday(&tv, NULL); - return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; -} - /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated @@ -184,7 +172,9 @@ sigchld_handler(int sig) { int save_errno = errno; child_terminated = 1; - signal(SIGCHLD, sigchld_handler); +#ifndef _UNICOS + mysignal(SIGCHLD, sigchld_handler); +#endif notify_parent(); errno = save_errno; } @@ -293,6 +283,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int ret; time_t minwait_secs = 0; int client_alive_scheduled = 0; + int program_alive_scheduled = 0; /* Allocate and update select() masks for channel descriptors. */ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, @@ -336,6 +327,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * the client, try to get some more data from the program. */ if (packet_not_very_much_data_to_write()) { + program_alive_scheduled = child_terminated; if (!fdout_eof) FD_SET(fdout, *readsetp); if (!fderr_eof) @@ -381,8 +373,16 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, memset(*writesetp, 0, *nallocp); if (errno != EINTR) error("select: %.100s", strerror(errno)); - } else if (ret == 0 && client_alive_scheduled) - client_alive_check(); + } else { + if (ret == 0 && client_alive_scheduled) + client_alive_check(); + if (!compat20 && program_alive_scheduled && fdin_is_tty) { + if (!fdout_eof) + FD_SET(fdout, *readsetp); + if (!fderr_eof) + FD_SET(fderr, *readsetp); + } + } notify_done(*readsetp); } @@ -411,7 +411,8 @@ process_input(fd_set *readset) return; cleanup_exit(255); } else if (len < 0) { - if (errno != EINTR && errno != EAGAIN) { + if (errno != EINTR && errno != EAGAIN && + errno != EWOULDBLOCK) { verbose("Read error from remote host " "%.100s: %.100s", get_remote_ipaddr(), strerror(errno)); @@ -420,7 +421,6 @@ process_input(fd_set *readset) } else { /* Buffer any received data. */ packet_process_incoming(buf, len); - fdout_bytes += len; } } if (compat20) @@ -428,23 +428,36 @@ process_input(fd_set *readset) /* Read and buffer any available stdout data from the program. */ if (!fdout_eof && FD_ISSET(fdout, readset)) { + errno = 0; len = read(fdout, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + errno == EWOULDBLOCK) && !child_terminated))) { /* do nothing */ +#ifndef PTY_ZEROREAD } else if (len <= 0) { +#else + } else if ((!isatty(fdout) && len <= 0) || + (isatty(fdout) && (len < 0 || (len == 0 && errno != 0)))) { +#endif fdout_eof = 1; } else { buffer_append(&stdout_buffer, buf, len); - debug ("FD out now: %ld", fdout_bytes); fdout_bytes += len; } } /* Read and buffer any available stderr data from the program. */ if (!fderr_eof && FD_ISSET(fderr, readset)) { + errno = 0; len = read(fderr, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + errno == EWOULDBLOCK) && !child_terminated))) { /* do nothing */ +#ifndef PTY_ZEROREAD } else if (len <= 0) { +#else + } else if ((!isatty(fderr) && len <= 0) || + (isatty(fderr) && (len < 0 || (len == 0 && errno != 0)))) { +#endif fderr_eof = 1; } else { buffer_append(&stderr_buffer, buf, len); @@ -468,7 +481,8 @@ process_output(fd_set *writeset) data = buffer_ptr(&stdin_buffer); dlen = buffer_len(&stdin_buffer); len = write(fdin, data, dlen); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { + if (len < 0 && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) { /* do nothing */ } else if (len <= 0) { if (fdin != fdout) @@ -496,7 +510,7 @@ process_output(fd_set *writeset) } /* Send any buffered packet data to the client. */ if (FD_ISSET(connection_out, writeset)) - stdin_bytes += packet_write_poll(); + packet_write_poll(); } /* @@ -559,7 +573,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Initialize the SIGCHLD kludge. */ child_terminated = 0; - signal(SIGCHLD, sigchld_handler); + mysignal(SIGCHLD, sigchld_handler); if (!use_privsep) { signal(SIGTERM, sigterm_handler); @@ -741,7 +755,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) channel_free_all(); /* We no longer want our SIGCHLD handler to be called. */ - signal(SIGCHLD, SIG_DFL); + mysignal(SIGCHLD, SIG_DFL); while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0) if (errno != EINTR) @@ -813,12 +827,10 @@ server_loop2(Authctxt *authctxt) int rekeying = 0, max_fd; u_int nalloc = 0; u_int64_t rekey_timeout_ms = 0; - double start_time, total_time; debug("Entering interactive session for SSH2."); - start_time = get_current_time(); - signal(SIGCHLD, sigchld_handler); + mysignal(SIGCHLD, sigchld_handler); child_terminated = 0; connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); @@ -861,13 +873,9 @@ server_loop2(Authctxt *authctxt) if (!rekeying) { channel_after_select(readset, writeset); if (packet_need_rekeying()) { - int r; debug("need rekeying"); - if (active_state->kex) - active_state->kex->done = 0; - if ((r = kex_send_kexinit(active_state)) != 0) - logit("%s: kex_send_kexinit: %s", - __func__, ssh_err(r)); + active_state->kex->done = 0; + kex_send_kexinit(active_state); } } process_input(readset); @@ -885,11 +893,6 @@ server_loop2(Authctxt *authctxt) /* free remaining sessions, e.g. remove wtmp entries */ session_destroy_all(NULL); - total_time = get_current_time() - start_time; - logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f", - get_remote_ipaddr(), get_remote_port(), - stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time, - fdout_bytes / total_time); } static int @@ -1048,13 +1051,14 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) goto done; - if (options.hpn_disabled) c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); - else - c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1, - options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; +#if defined(SSH_TUN_FILTER) + if (mode == SSH_TUNMODE_POINTOPOINT) + channel_register_filter(c->self, sys_tun_infilter, + sys_tun_outfilter, NULL, NULL); +#endif done: if (c == NULL) @@ -1084,8 +1088,6 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); - if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) - c->dynamic_window = 1; if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); @@ -1247,9 +1249,12 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || - (!want_reply && fwd.listen_port == 0) || - (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && - pw->pw_uid != 0)) { + (!want_reply && fwd.listen_port == 0) +#ifndef NO_IPPORT_RESERVED_CONCEPT + || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && + pw->pw_uid != 0) +#endif + ) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { diff --git a/crypto/external/bsd/openssh/dist/serverloop.h b/crypto/external/bsd/openssh/dist/serverloop.h index 74c664f4b..7311558f9 100644 --- a/crypto/external/bsd/openssh/dist/serverloop.h +++ b/crypto/external/bsd/openssh/dist/serverloop.h @@ -1,4 +1,3 @@ -/* $NetBSD: serverloop.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: serverloop.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/session.c b/crypto/external/bsd/openssh/dist/session.c index 95b411485..5a64715e2 100644 --- a/crypto/external/bsd/openssh/dist/session.c +++ b/crypto/external/bsd/openssh/dist/session.c @@ -1,4 +1,3 @@ -/* $NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $ */ /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,28 +34,35 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $"); + #include -#include -#include -#include +#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include -#include +#include +#include + +#include #include #include #include -#include #include +#ifdef HAVE_PATHS_H #include +#endif #include #include +#include #include #include #include #include #include +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" @@ -70,7 +76,9 @@ __RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $"); #include "channels.h" #include "key.h" #include "cipher.h" -#include "kex.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif #include "hostfile.h" #include "auth.h" #include "auth-options.h" @@ -83,14 +91,16 @@ __RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $"); #include "serverloop.h" #include "canohost.h" #include "session.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif +#include "kex.h" #include "monitor_wrap.h" #include "sftp.h" -#ifdef KRB5 -#include +#if defined(KRB5) && defined(USE_AFS) +#include +#endif + +#ifdef WITH_SELINUX +#include #endif #define IS_INTERNAL_SFTP(c) \ @@ -110,7 +120,10 @@ int do_exec_pty(Session *, const char *); int do_exec_no_pty(Session *, const char *); int do_exec(Session *, const char *); void do_login(Session *, const char *); -__dead void do_child(Session *, const char *); +#ifdef LOGIN_NEEDS_UTMPX +static void do_pre_login(Session *s); +#endif +void do_child(Session *, const char *); void do_motd(void); int check_quietlogin(Session *, const char *); @@ -207,7 +220,6 @@ auth_input_request_forwarding(struct passwd * pw) goto authsock_err; /* Allocate a channel for the authentication agent socket. */ - /* this shouldn't matter if its hpn or not - cjr */ nc = channel_new("auth socket", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, @@ -376,58 +388,6 @@ do_authenticated1(Authctxt *authctxt) success = 1; break; -#if defined(AFS) || defined(KRB5) - case SSH_CMSG_HAVE_KERBEROS_TGT: - if (!options.kerberos_tgt_passing) { - verbose("Kerberos TGT passing disabled."); - } else { - char *kdata = packet_get_string(&dlen); - packet_check_eom(); - - /* XXX - 0x41, see creds_to_radix version */ - if (kdata[0] != 0x41) { -#ifdef KRB5 - krb5_data tgt; - tgt.data = kdata; - tgt.length = dlen; - - if (auth_krb5_tgt(s->authctxt, &tgt)) - success = 1; - else - verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); -#endif /* KRB5 */ - } else { -#ifdef AFS - if (auth_krb4_tgt(s->authctxt, kdata)) - success = 1; - else - verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); -#endif /* AFS */ - } - free(kdata); - } - break; -#endif /* AFS || KRB5 */ - -#ifdef AFS - case SSH_CMSG_HAVE_AFS_TOKEN: - if (!options.afs_token_passing || !k_hasafs()) { - verbose("AFS token passing disabled."); - } else { - /* Accept AFS token. */ - char *token = packet_get_string(&dlen); - packet_check_eom(); - - if (auth_afs_token(s->authctxt, token)) - success = 1; - else - verbose("AFS token refused for %.100s", - s->authctxt->user); - free(token); - } - break; -#endif /* AFS */ - case SSH_CMSG_EXEC_SHELL: case SSH_CMSG_EXEC_CMD: if (type == SSH_CMSG_EXEC_CMD) { @@ -475,6 +435,7 @@ int do_exec_no_pty(Session *s, const char *command) { pid_t pid; + #ifdef USE_PIPES int pin[2], pout[2], perr[2]; @@ -523,13 +484,6 @@ do_exec_no_pty(Session *s, const char *command) session_proctitle(s); -#ifdef notdef -#if defined(USE_PAM) - if (options.use_pam && !use_privsep) - do_pam_setcred(1); -#endif /* USE_PAM */ -#endif - /* Fork the child. */ switch ((pid = fork())) { case -1: @@ -601,6 +555,11 @@ do_exec_no_pty(Session *s, const char *command) close(err[0]); #endif + +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ @@ -608,11 +567,25 @@ do_exec_no_pty(Session *s, const char *command) break; } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ +#ifdef HAVE_CYGWIN + cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); +#endif + s->pid = pid; /* Set interactive/non-interactive mode. */ packet_set_interactive(s->display != NULL, options.ip_qos_interactive, options.ip_qos_bulk); + /* + * Clear loginmsg, since it's the child's responsibility to display + * it to the user, otherwise multiple sessions may accumulate + * multiple copies of the login messages. + */ + buffer_clear(&loginmsg); + #ifdef USE_PIPES /* We are the parent. Close the child sides of the pipes. */ close(pin[0]); @@ -664,14 +637,6 @@ do_exec_pty(Session *s, const char *command) ptyfd = s->ptyfd; ttyfd = s->ttyfd; -#if defined(USE_PAM) - if (options.use_pam) { - do_pam_set_tty(s->tty); - if (!use_privsep) - do_pam_setcred(1); - } -#endif - /* * Create another descriptor of the pty master side for use as the * standard input. We could use the original descriptor, but this @@ -730,9 +695,18 @@ do_exec_pty(Session *s, const char *command) close(ttyfd); /* record login, etc. similar to login(1) */ - if (!(options.use_login && command == NULL)) +#ifndef HAVE_OSF_SIA + if (!(options.use_login && command == NULL)) { +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* _UNICOS */ do_login(s, command); - + } +# ifdef LOGIN_NEEDS_UTMPX + else + do_pre_login(s); +# endif +#endif /* * Do common processing for the child, such as execing * the command. @@ -742,6 +716,14 @@ do_exec_pty(Session *s, const char *command) default: break; } + +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ +#ifdef HAVE_CYGWIN + cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); +#endif + s->pid = pid; /* Parent. Close the slave side of the pseudo tty. */ @@ -760,6 +742,34 @@ do_exec_pty(Session *s, const char *command) return 0; } +#ifdef LOGIN_NEEDS_UTMPX +static void +do_pre_login(Session *s) +{ + socklen_t fromlen; + struct sockaddr_storage from; + pid_t pid = getpid(); + + /* + * Get IP address of client. If the connection is not a socket, let + * the address be 0.0.0.0. + */ + memset(&from, 0, sizeof(from)); + fromlen = sizeof(from); + if (packet_connection_is_on_socket()) { + if (getpeername(packet_get_connection_in(), + (struct sockaddr *)&from, &fromlen) < 0) { + debug("getpeername: %.100s", strerror(errno)); + cleanup_exit(255); + } + } + + record_utmp_only(pid, s->tty, s->pw->pw_name, + get_remote_name_or_ip(utmp_len, options.use_dns), + (struct sockaddr *)&from, fromlen); +} +#endif + /* * This is called to fork and execute a command. If another command is * to be forced, execute that instead. @@ -812,11 +822,15 @@ do_exec(Session *s, const char *command) get_remote_ipaddr(), get_remote_port()); -#ifdef GSSAPI - if (options.gss_authentication) { - temporarily_use_uid(s->pw); - ssh_gssapi_storecreds(); - restore_uid(); +#ifdef SSH_AUDIT_EVENTS + if (command != NULL) + PRIVSEP(audit_run_command(command)); + else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; + PRIVSEP(audit_run_command(shell)); } #endif if (s->ttyfd != -1) @@ -836,7 +850,6 @@ do_exec(Session *s, const char *command) return ret; } - /* administrative, login(1)-like work */ void do_login(Session *s, const char *command) @@ -899,8 +912,8 @@ do_motd(void) if (options.print_motd) { #ifdef HAVE_LOGIN_CAP - f = fopen(login_getcapstr(lc, "welcome", __UNCONST("/etc/motd"), - __UNCONST("/etc/motd")), "r"); + f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", + "/etc/motd"), "r"); #else f = fopen("/etc/motd", "r"); #endif @@ -954,6 +967,16 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, return; } + /* + * If we're passed an uninitialized list, allocate a single null + * entry before continuing. + */ + if (*envp == NULL && *envsizep == 0) { + *envp = xmalloc(sizeof(char *)); + *envp[0] = NULL; + *envsizep = 1; + } + /* * Find the slot where the value should be stored. If the variable * already exists, we reuse the slot; otherwise we append a new slot @@ -986,67 +1009,6 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); } -#ifdef HAVE_LOGIN_CAP -/* - * Sets any environment variables specified in login.conf. - * Taken from: - * NetBSD: login_cap.c,v 1.11 2001/07/22 13:34:01 wiz Exp - * Modified to use child_set_env instead of setenv. - */ -static void -lc_setuserenv(char ***env, u_int *envsize, login_cap_t *lcp) -{ - const char *stop = ", \t"; - int i, count; - char *ptr; - char **res; - char *str = login_getcapstr(lcp, "setenv", NULL, NULL); - - if (str == NULL || *str == '\0') - return; - - /* count the sub-strings */ - for (i = 1, ptr = str; *ptr; i++) { - ptr += strcspn(ptr, stop); - if (*ptr) - ptr++; - } - - /* allocate ptr array and string */ - count = i; - res = malloc(count * sizeof(char *) + strlen(str) + 1); - - if (!res) - return; - - ptr = (char *)res + count * sizeof(char *); - strcpy(ptr, str); - - /* split string */ - for (i = 0; *ptr && i < count; i++) { - res[i] = ptr; - ptr += strcspn(ptr, stop); - if (*ptr) - *ptr++ = '\0'; - } - - res[i] = NULL; - - for (i = 0; i < count && res[i]; i++) { - if (*res[i] != '\0') { - if ((ptr = strchr(res[i], '=')) != NULL) - *ptr++ = '\0'; - else - ptr = __UNCONST(""); - child_set_env(env, envsize, res[i], ptr); - } - } - - free(res); - return; -} -#endif - /* * Reads environment variables from the given file and adds/overrides them * into the environment. If the file does not exist, this does nothing. @@ -1093,9 +1055,63 @@ read_environment_file(char ***env, u_int *envsize, fclose(f); } -#ifdef USE_PAM -void copy_environment(char **, char ***, u_int *); -void copy_environment(char **source, char ***env, u_int *envsize) +#ifdef HAVE_ETC_DEFAULT_LOGIN +/* + * Return named variable from specified environment, or NULL if not present. + */ +static char * +child_get_env(char **env, const char *name) +{ + int i; + size_t len; + + len = strlen(name); + for (i=0; env[i] != NULL; i++) + if (strncmp(name, env[i], len) == 0 && env[i][len] == '=') + return(env[i] + len + 1); + return NULL; +} + +/* + * Read /etc/default/login. + * We pick up the PATH (or SUPATH for root) and UMASK. + */ +static void +read_etc_default_login(char ***env, u_int *envsize, uid_t uid) +{ + char **tmpenv = NULL, *var; + u_int i, tmpenvsize = 0; + u_long mask; + + /* + * We don't want to copy the whole file to the child's environment, + * so we use a temporary environment and copy the variables we're + * interested in. + */ + read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login"); + + if (tmpenv == NULL) + return; + + if (uid == 0) + var = child_get_env(tmpenv, "SUPATH"); + else + var = child_get_env(tmpenv, "PATH"); + if (var != NULL) + child_set_env(env, envsize, "PATH", var); + + if ((var = child_get_env(tmpenv, "UMASK")) != NULL) + if (sscanf(var, "%5lo", &mask) == 1) + umask((mode_t)mask); + + for (i = 0; tmpenv[i] != NULL; i++) + free(tmpenv[i]); + free(tmpenv); +} +#endif /* HAVE_ETC_DEFAULT_LOGIN */ + +void +copy_environment(char **source, char ***env, u_int *envsize) { char *var_name, *var_val; int i; @@ -1103,7 +1119,7 @@ void copy_environment(char **source, char ***env, u_int *envsize) if (source == NULL) return; - for (i = 0; source[i] != NULL; i++) { + for(i = 0; source[i] != NULL; i++) { var_name = xstrdup(source[i]); if ((var_val = strstr(var_name, "=")) == NULL) { free(var_name); @@ -1117,7 +1133,6 @@ void copy_environment(char **source, char ***env, u_int *envsize) free(var_name); } } -#endif static char ** do_setup_env(Session *s, const char *shell) @@ -1126,12 +1141,29 @@ do_setup_env(Session *s, const char *shell) u_int i, envsize; char **env, *laddr; struct passwd *pw = s->pw; +#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) + char *path = NULL; +#endif /* Initialize the environment. */ envsize = 100; env = xcalloc(envsize, sizeof(char *)); env[0] = NULL; +#ifdef HAVE_CYGWIN + /* + * The Windows environment contains some setting which are + * important for a running system. They must not be dropped. + */ + { + char **p; + + p = fetch_windows_environment(); + copy_environment(p, &env, &envsize); + free_windows_environment(p); + } +#endif + #ifdef GSSAPI /* Allow any GSSAPI methods that we've used to alter * the childs environment as they see fit @@ -1140,9 +1172,6 @@ do_setup_env(Session *s, const char *shell) #endif if (!options.use_login) { -#ifdef HAVE_LOGIN_CAP - lc_setuserenv(&env, &envsize, lc); -#endif /* Set basic environment. */ for (i = 0; i < s->num_env; i++) child_set_env(&env, &envsize, s->env[i].name, @@ -1150,15 +1179,34 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); +#ifdef _AIX + child_set_env(&env, &envsize, "LOGIN", pw->pw_name); +#endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); else child_set_env(&env, &envsize, "PATH", getenv("PATH")); -#else - child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); -#endif +#else /* HAVE_LOGIN_CAP */ +# ifndef HAVE_CYGWIN + /* + * There's no standard path on Windows. The path contains + * important components pointing to the system directories, + * needed for loading shared libraries. So the path better + * remains intact here. + */ +# ifdef HAVE_ETC_DEFAULT_LOGIN + read_etc_default_login(&env, &envsize, pw->pw_uid); + path = child_get_env(env, "PATH"); +# endif /* HAVE_ETC_DEFAULT_LOGIN */ + if (path == NULL || *path == '\0') { + child_set_env(&env, &envsize, "PATH", + s->pw->pw_uid == 0 ? + SUPERUSER_PATH : _PATH_STDPATH); + } +# endif /* HAVE_CYGWIN */ +#endif /* HAVE_LOGIN_CAP */ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); @@ -1208,15 +1256,37 @@ do_setup_env(Session *s, const char *shell) if (original_command) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); -#ifdef KRB4 - if (s->authctxt->krb4_ticket_file) - child_set_env(&env, &envsize, "KRBTKFILE", - s->authctxt->krb4_ticket_file); + +#ifdef _UNICOS + if (cray_tmpdir[0] != '\0') + child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); +#endif /* _UNICOS */ + + /* + * Since we clear KRB5CCNAME at startup, if it's set now then it + * must have been set by a native authentication method (eg AIX or + * SIA), so copy it to the child. + */ + { + char *cp; + + if ((cp = getenv("KRB5CCNAME")) != NULL) + child_set_env(&env, &envsize, "KRB5CCNAME", cp); + } + +#ifdef _AIX + { + char *cp; + + if ((cp = getenv("AUTHSTATE")) != NULL) + child_set_env(&env, &envsize, "AUTHSTATE", cp); + read_environment_file(&env, &envsize, "/etc/environment"); + } #endif #ifdef KRB5 - if (s->authctxt->krb5_ticket_file) + if (s->authctxt->krb5_ccname) child_set_env(&env, &envsize, "KRB5CCNAME", - s->authctxt->krb5_ticket_file); + s->authctxt->krb5_ccname); #endif #ifdef USE_PAM /* @@ -1243,7 +1313,7 @@ do_setup_env(Session *s, const char *shell) /* read $HOME/.ssh/environment. */ if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", - pw->pw_dir); + strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } if (debug_flag) { @@ -1332,30 +1402,31 @@ static void do_nologin(struct passwd *pw) { FILE *f = NULL; - char buf[1024], *nl, *def_nl = __UNCONST(_PATH_NOLOGIN); + char buf[1024], *nl, *def_nl = _PATH_NOLOGIN; struct stat sb; #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) return; nl = login_getcapstr(lc, "nologin", def_nl, def_nl); - +#else + if (pw->pw_uid == 0) + return; + nl = def_nl; +#endif if (stat(nl, &sb) == -1) { if (nl != def_nl) free(nl); return; } -#else - if (pw->pw_uid) - nl = def_nl; -#endif + /* /etc/nologin exists. Print its contents if we can and exit. */ logit("User %.100s not allowed because %s exists", pw->pw_name, nl); if ((f = fopen(nl, "r")) != NULL) { - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); - } + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); + } exit(254); } @@ -1419,22 +1490,20 @@ void do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; +#ifdef USE_LIBIAF + int doing_chroot = 0; +#endif - if (getuid() == 0 || geteuid() == 0) { + platform_setusercontext(pw); + + if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP -# ifdef USE_PAM - if (options.use_pam) { - do_pam_setcred(use_privsep); - } -# endif /* USE_PAM */ - /* Prepare groups */ if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { perror("unable to set user context"); exit(1); } #else - if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); if (setgid(pw->pw_gid) < 0) { @@ -1447,17 +1516,10 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); -# ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. - * These will have been wiped by the above initgroups() call. - * Reestablish them here. - */ - if (options.use_pam) { - do_pam_setcred(use_privsep); - } -# endif /* USE_PAM */ #endif + + platform_setusercontext_post_groups(pw); + if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, @@ -1470,15 +1532,34 @@ do_setusercontext(struct passwd *pw) /* Make sure we don't attempt to chroot again */ free(options.chroot_directory); options.chroot_directory = NULL; +#ifdef USE_LIBIAF + doing_chroot = 1; +#endif } #ifdef HAVE_LOGIN_CAP - /* Set UID */ if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { perror("unable to set user context (setuser)"); exit(1); } + /* + * FreeBSD's setusercontext() will not apply the user's + * own umask setting unless running with the user's UID. + */ + (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else +# ifdef USE_LIBIAF +/* In a chroot environment, the set_id() will always fail; typically + * because of the lack of necessary authentication services and runtime + * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd + * We skip it in the internal sftp chroot case. + * We'll lose auditing and ACLs but permanently_set_uid will + * take care of the rest. + */ + if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { + fatal("set_id(%s) Failed", pw->pw_name); + } +# endif /* USE_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif @@ -1491,7 +1572,7 @@ do_setusercontext(struct passwd *pw) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } -__dead static void +static void do_pwchange(Session *s) { fflush(NULL); @@ -1499,7 +1580,15 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef WITH_SELINUX + setexeccon(NULL); +#endif +#ifdef PASSWD_NEEDS_USERNAME + execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, + (char *)NULL); +#else execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); +#endif perror("passwd"); } else { fprintf(stderr, @@ -1508,13 +1597,20 @@ do_pwchange(Session *s) exit(1); } -__dead static void +static void launch_login(struct passwd *pw, const char *hostname) { /* Launch login(1). */ - execl("/usr/bin/login", "login", "-h", hostname, + execl(LOGIN_PROGRAM, "login", "-h", hostname, +#ifdef xxxLOGIN_NEEDS_TERM + (s->term ? s->term : "unknown"), +#endif /* LOGIN_NEEDS_TERM */ +#ifdef LOGIN_NO_ENDOPT + "-p", "-f", pw->pw_name, (char *)NULL); +#else "-p", "-f", "--", pw->pw_name, (char *)NULL); +#endif /* Login couldn't be executed, die. */ @@ -1557,7 +1653,7 @@ child_close_fds(void) * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ - (void)closefrom(STDERR_FILENO + 1); + closefrom(STDERR_FILENO + 1); } /* @@ -1584,18 +1680,30 @@ do_child(Session *s, const char *command) do_setusercontext(pw); child_close_fds(); do_pwchange(s); + exit(1); } /* login(1) is only called if we execute the login shell */ if (options.use_login && command != NULL) options.use_login = 0; +#ifdef _UNICOS + cray_setup(pw->pw_uid, pw->pw_name, command); +#endif /* _UNICOS */ + /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. */ if (!options.use_login) { - do_nologin(pw); +#ifdef HAVE_OSF_SIA + session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); + if (!check_quietlogin(s, command)) + do_motd(); +#else /* HAVE_OSF_SIA */ + /* When PAM is enabled we rely on it to do the nologin check */ + if (!options.use_pam) + do_nologin(pw); do_setusercontext(pw); /* * PAM session modules in do_setusercontext may have @@ -1604,9 +1712,11 @@ do_child(Session *s, const char *command) */ if (!check_quietlogin(s, command)) display_loginmsg(); +#endif /* HAVE_OSF_SIA */ } + #ifdef USE_PAM - if (options.use_pam && !is_pam_session_open()) { + if (options.use_pam && !options.use_login && !is_pam_session_open()) { debug3("PAM session not opened, exiting"); display_loginmsg(); exit(254); @@ -1626,8 +1736,7 @@ do_child(Session *s, const char *command) env = do_setup_env(s, shell); #ifdef HAVE_LOGIN_CAP - shell = login_getcapstr(lc, "shell", __UNCONST(shell), - __UNCONST(shell)); + shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif /* we have to stash the hostname before we close our socket. */ @@ -1649,7 +1758,7 @@ do_child(Session *s, const char *command) */ environ = env; -#ifdef KRB5 +#if defined(KRB5) && defined(USE_AFS) /* * At this point, we check to see if AFS is active and if we have * a valid Kerberos 5 TGT. If so, it seems like a good idea to see @@ -1678,7 +1787,9 @@ do_child(Session *s, const char *command) /* Change current directory to the user's home directory. */ if (chdir(pw->pw_dir) < 0) { /* Suppress missing homedir warning for chroot case */ +#ifdef HAVE_LOGIN_CAP r = login_getcapbool(lc, "requirehome", 0); +#endif if (r || options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0) fprintf(stderr, "Could not chdir to home " @@ -1688,7 +1799,7 @@ do_child(Session *s, const char *command) exit(1); } - (void)closefrom(STDERR_FILENO + 1); + closefrom(STDERR_FILENO + 1); if (!options.use_login) do_rc_files(s, shell); @@ -1713,6 +1824,9 @@ do_child(Session *s, const char *command) argv[i] = NULL; optind = optreset = 1; __progname = argv[0]; +#ifdef WITH_SELINUX + ssh_selinux_change_context("sftpd_t"); +#endif exit(sftp_server_main(i, argv, s->pw)); } @@ -1760,9 +1874,9 @@ do_child(Session *s, const char *command) * Execute the command using the user's shell. This uses the -c * option to execute the command. */ - argv[0] = __UNCONST(shell0); - argv[1] = __UNCONST("-c"); - argv[2] = __UNCONST(command); + argv[0] = (char *) shell0; + argv[1] = "-c"; + argv[2] = (char *) command; argv[3] = NULL; execve(shell, argv, env); perror(shell); @@ -2215,16 +2329,10 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, */ if (s->chanid == -1) fatal("no channel for session %d", s->self); - if(options.hpn_disabled) channel_set_fds(s->chanid, fdout, fdin, fderr, ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, 1, is_tty, CHAN_SES_WINDOW_DEFAULT); - else - channel_set_fds(s->chanid, - fdout, fdin, fderr, - ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, - 1, is_tty, options.hpn_buffer_size); } /* @@ -2245,7 +2353,7 @@ session_pty_cleanup2(Session *s) /* Record that the user has logged out. */ if (s->pid != 0) - record_logout(s->pid, s->tty); + record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ if (getuid() == 0) @@ -2270,7 +2378,7 @@ session_pty_cleanup(Session *s) PRIVSEP(session_pty_cleanup2(s)); } -static const char * +static char * sig2name(int sig) { #define SSH_SIG(x) if (sig == SIG ## x) return #x @@ -2357,7 +2465,11 @@ session_exit_message(Session *s, int status) } else if (WIFSIGNALED(status)) { channel_request_start(s->chanid, "exit-signal", 0); packet_put_cstring(sig2name(WTERMSIG(status))); +#ifdef WCOREDUMP packet_put_char(WCOREDUMP(status)? 1 : 0); +#else /* WCOREDUMP */ + packet_put_char(0); +#endif /* WCOREDUMP */ packet_put_cstring(""); packet_put_cstring(""); packet_send(); @@ -2489,22 +2601,22 @@ session_tty_list(void) { static char buf[1024]; int i; + char *cp; + buf[0] = '\0'; for (i = 0; i < sessions_nalloc; i++) { Session *s = &sessions[i]; if (s->used && s->ttyfd != -1) { - char *p; + + if (strncmp(s->tty, "/dev/", 5) != 0) { + cp = strrchr(s->tty, '/'); + cp = (cp == NULL) ? s->tty : cp + 1; + } else + cp = s->tty + 5; + if (buf[0] != '\0') strlcat(buf, ",", sizeof buf); - if ((p = strstr(s->tty, "/pts/")) != NULL) - p++; - else { - if ((p = strrchr(s->tty, '/')) != NULL) - p++; - else - p = s->tty; - } - strlcat(buf, p, sizeof buf); + strlcat(buf, cp, sizeof buf); } } if (buf[0] == '\0') @@ -2578,8 +2690,23 @@ session_setup_x11fwd(Session *s) s->display = xstrdup(display); s->auth_display = xstrdup(auth_display); } else { +#ifdef IPADDR_IN_DISPLAY + struct hostent *he; + struct in_addr my_addr; + + he = gethostbyname(hostname); + if (he == NULL) { + error("Can't get IP address for X11 DISPLAY."); + packet_send_debug("Can't get IP address for X11 DISPLAY."); + return 0; + } + memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); + snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr), + s->display_number, s->screen); +#else snprintf(display, sizeof display, "%.400s:%u.%u", hostname, s->display_number, s->screen); +#endif s->display = xstrdup(display); s->auth_display = xstrdup(display); } @@ -2609,12 +2736,19 @@ do_cleanup(Authctxt *authctxt) return; called = 1; - if (authctxt == NULL || !authctxt->authenticated) + if (authctxt == NULL) return; -#ifdef KRB4 - if (options.kerberos_ticket_cleanup) - krb4_cleanup_proc(authctxt); + +#ifdef USE_PAM + if (options.use_pam) { + sshpam_cleanup(); + sshpam_thread_cleanup(); + } #endif + + if (!authctxt->authenticated) + return; + #ifdef KRB5 if (options.kerberos_ticket_cleanup && authctxt->krb5_ctx) @@ -2626,13 +2760,6 @@ do_cleanup(Authctxt *authctxt) ssh_gssapi_cleanup_creds(); #endif -#ifdef USE_PAM - if (options.use_pam) { - sshpam_cleanup(); - sshpam_thread_cleanup(); - } -#endif - /* remove agent socket */ auth_sock_cleanup_proc(authctxt->pw); diff --git a/crypto/external/bsd/openssh/dist/session.h b/crypto/external/bsd/openssh/dist/session.h index 14b42c22a..6a2f35e41 100644 --- a/crypto/external/bsd/openssh/dist/session.h +++ b/crypto/external/bsd/openssh/dist/session.h @@ -1,4 +1,3 @@ -/* $NetBSD: session.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: session.h,v 1.31 2013/10/14 21:20:52 djm Exp $ */ /* @@ -27,8 +26,6 @@ #ifndef SESSION_H #define SESSION_H -#include - #define TTYSZ 64 typedef struct Session Session; struct Session { diff --git a/crypto/external/bsd/openssh/dist/sftp-client.c b/crypto/external/bsd/openssh/dist/sftp-client.c index 2fce7ff40..5dbeb47c0 100644 --- a/crypto/external/bsd/openssh/dist/sftp-client.c +++ b/crypto/external/bsd/openssh/dist/sftp-client.c @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-client.c,v 1.14 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: sftp-client.c,v 1.120 2015/05/28 04:50:53 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -22,14 +21,19 @@ /* XXX: copy between two remote sites */ #include "includes.h" -__RCSID("$NetBSD: sftp-client.c,v 1.14 2015/07/03 01:00:00 christos Exp $"); + #include /* MIN MAX */ #include -#include -#include -#include -#include +#ifdef HAVE_SYS_STATVFS_H #include +#endif +#include "openbsd-compat/sys-queue.h" +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include @@ -107,7 +111,7 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) put_u32(mlen, sshbuf_len(m)); iov[0].iov_base = mlen; iov[0].iov_len = sizeof(mlen); - iov[1].iov_base = __UNCONST(sshbuf_ptr(m)); + iov[1].iov_base = (u_char *)sshbuf_ptr(m); iov[1].iov_len = sshbuf_len(m); if (atomiciov6(writev, conn->fd_out, iov, 2, @@ -1161,7 +1165,6 @@ do_download(struct sftp_conn *conn, const char *remote_path, struct request *req; u_char type; - status = -1; TAILQ_INIT(&requests); if (a == NULL && (a = do_stat(conn, remote_path, 0)) == NULL) @@ -1402,7 +1405,11 @@ do_download(struct sftp_conn *conn, const char *remote_path, else status = SSH2_FX_OK; /* Override umask and utimes if asked */ +#ifdef HAVE_FCHMOD if (preserve_flag && fchmod(local_fd, mode) == -1) +#else + if (preserve_flag && chmod(local_path, mode) == -1) +#endif /* HAVE_FCHMOD */ error("Couldn't set mode on \"%s\": %s", local_path, strerror(errno)); if (preserve_flag && @@ -1658,7 +1665,8 @@ do_upload(struct sftp_conn *conn, const char *local_path, len = 0; else do len = read(local_fd, data, conn->transfer_buflen); - while ((len == -1) && (errno == EINTR || errno == EAGAIN)); + while ((len == -1) && + (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)); if (len == -1) fatal("Couldn't read from \"%s\": %s", local_path, diff --git a/crypto/external/bsd/openssh/dist/sftp-client.h b/crypto/external/bsd/openssh/dist/sftp-client.h index 291d9880a..f814b07d6 100644 --- a/crypto/external/bsd/openssh/dist/sftp-client.h +++ b/crypto/external/bsd/openssh/dist/sftp-client.h @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-client.h,v 1.8 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: sftp-client.h,v 1.27 2015/05/08 06:45:13 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sftp-common.c b/crypto/external/bsd/openssh/dist/sftp-common.c index 2d09a113f..9dc1f9831 100644 --- a/crypto/external/bsd/openssh/dist/sftp-common.c +++ b/crypto/external/bsd/openssh/dist/sftp-common.c @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sftp-common.c,v 1.28 2015/01/20 23:14:00 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); + #include /* MAX */ #include #include @@ -34,12 +33,13 @@ __RCSID("$NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); #include #include #include +#include #include #include #include -#include -#include +#ifdef HAVE_UTIL_H #include +#endif #include "xmalloc.h" #include "ssherr.h" @@ -48,7 +48,6 @@ __RCSID("$NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); #include "sftp.h" #include "sftp-common.h" -#include "fmt_scaled.h" /* Clear contents of attributes structure */ void @@ -216,7 +215,7 @@ ls_file(const char *name, const struct stat *st, int remote, int si_units) { int ulen, glen, sz = 0; struct tm *ltime = localtime(&st->st_mtime); - const char *user, *group; + char *user, *group; char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; char sbuf[FMT_SCALED_STRSIZE]; time_t now; diff --git a/crypto/external/bsd/openssh/dist/sftp-common.h b/crypto/external/bsd/openssh/dist/sftp-common.h index 23abb6aea..2e778a9ca 100644 --- a/crypto/external/bsd/openssh/dist/sftp-common.h +++ b/crypto/external/bsd/openssh/dist/sftp-common.h @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-common.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sftp-common.h,v 1.12 2015/01/14 13:54:13 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sftp-glob.c b/crypto/external/bsd/openssh/dist/sftp-glob.c index 8513569f2..43a1bebad 100644 --- a/crypto/external/bsd/openssh/dist/sftp-glob.c +++ b/crypto/external/bsd/openssh/dist/sftp-glob.c @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-glob.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sftp-glob.c,v 1.27 2015/01/14 13:54:13 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -17,12 +16,13 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-glob.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); + #include -#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include -#include #include #include #include @@ -51,7 +51,7 @@ fudge_opendir(const char *path) r = xcalloc(1, sizeof(*r)); - if (do_readdir(cur.conn, __UNCONST(path), &r->dir)) { + if (do_readdir(cur.conn, (char *)path, &r->dir)) { free(r); return(NULL); } @@ -64,16 +64,40 @@ fudge_opendir(const char *path) static struct dirent * fudge_readdir(struct SFTP_OPENDIR *od) { - static struct dirent ret; + /* Solaris needs sizeof(dirent) + path length (see below) */ + static char buf[sizeof(struct dirent) + MAXPATHLEN]; + struct dirent *ret = (struct dirent *)buf; +#ifdef __GNU_LIBRARY__ + static int inum = 1; +#endif /* __GNU_LIBRARY__ */ if (od->dir[od->offset] == NULL) return(NULL); - memset(&ret, 0, sizeof(ret)); - strlcpy(ret.d_name, od->dir[od->offset++]->filename, - sizeof(ret.d_name)); + memset(buf, 0, sizeof(buf)); - return(&ret); + /* + * Solaris defines dirent->d_name as a one byte array and expects + * you to hack around it. + */ +#ifdef BROKEN_ONE_BYTE_DIRENT_D_NAME + strlcpy(ret->d_name, od->dir[od->offset++]->filename, MAXPATHLEN); +#else + strlcpy(ret->d_name, od->dir[od->offset++]->filename, + sizeof(ret->d_name)); +#endif +#ifdef __GNU_LIBRARY__ + /* + * Idiot glibc uses extensions to struct dirent for readdir with + * ALTDIRFUNCs. Not that this is documented anywhere but the + * source... Fake an inode number to appease it. + */ + ret->d_ino = inum++; + if (!inum) + inum = 1; +#endif /* __GNU_LIBRARY__ */ + + return(ret); } static void @@ -88,7 +112,7 @@ fudge_lstat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_lstat(cur.conn, path, 1))) + if (!(a = do_lstat(cur.conn, (char *)path, 1))) return(-1); attrib_to_stat(a, st); @@ -101,7 +125,7 @@ fudge_stat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_stat(cur.conn, path, 1))) + if (!(a = do_stat(cur.conn, (char *)path, 1))) return(-1); attrib_to_stat(a, st); @@ -122,5 +146,5 @@ remote_glob(struct sftp_conn *conn, const char *pattern, int flags, memset(&cur, 0, sizeof(cur)); cur.conn = conn; - return(glob(pattern, flags|GLOB_ALTDIRFUNC|GLOB_LIMIT, errfunc, pglob)); + return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)); } diff --git a/crypto/external/bsd/openssh/dist/sftp-server-main.c b/crypto/external/bsd/openssh/dist/sftp-server-main.c index 2b8b73a7a..7e644ab89 100644 --- a/crypto/external/bsd/openssh/dist/sftp-server-main.c +++ b/crypto/external/bsd/openssh/dist/sftp-server-main.c @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-server-main.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ /* * Copyright (c) 2008 Markus Friedl. All rights reserved. @@ -17,13 +16,12 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-server-main.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + #include #include #include #include #include -#include #include "log.h" #include "sftp.h" diff --git a/crypto/external/bsd/openssh/dist/sftp-server.8 b/crypto/external/bsd/openssh/dist/sftp-server.8 index 0d085996c..c117398e8 100644 --- a/crypto/external/bsd/openssh/dist/sftp-server.8 +++ b/crypto/external/bsd/openssh/dist/sftp-server.8 @@ -1,4 +1,3 @@ -.\" $NetBSD: sftp-server.8,v 1.9 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -23,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 11 2014 +.Dd $Mdocdate: December 11 2014 $ .Dt SFTP-SERVER 8 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/sftp-server.c b/crypto/external/bsd/openssh/dist/sftp-server.c index 37a6ad58e..eac11d7e6 100644 --- a/crypto/external/bsd/openssh/dist/sftp-server.c +++ b/crypto/external/bsd/openssh/dist/sftp-server.c @@ -1,4 +1,3 @@ -/* $NetBSD: sftp-server.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. @@ -17,21 +16,30 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-server.c,v 1.13 2015/08/21 08:20:59 christos Exp $"); + #include /* MIN */ #include #include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_MOUNT_H #include +#endif +#ifdef HAVE_SYS_STATVFS_H #include +#endif +#ifdef HAVE_SYS_PRCTL_H +#include +#endif #include #include #include +#include #include #include #include -#include #include #include #include @@ -432,7 +440,7 @@ handle_close(int handle) } static void -handle_log_close(int handle, const char *emsg) +handle_log_close(int handle, char *emsg) { if (handle_is_ok(handle, HANDLE_FILE)) { logit("%s%sclose \"%s\" bytes read %llu written %llu", @@ -625,7 +633,7 @@ send_statvfs(u_int32_t id, struct statvfs *st) (r = sshbuf_put_u64(msg, st->f_files)) != 0 || (r = sshbuf_put_u64(msg, st->f_ffree)) != 0 || (r = sshbuf_put_u64(msg, st->f_favail)) != 0 || - (r = sshbuf_put_u64(msg, st->f_fsid)) != 0 || + (r = sshbuf_put_u64(msg, FSID_TO_ULONG(st->f_fsid))) != 0 || (r = sshbuf_put_u64(msg, flag)) != 0 || (r = sshbuf_put_u64(msg, st->f_namemax)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -959,7 +967,11 @@ process_fsetstat(u_int32_t id) } if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { logit("set \"%s\" mode %04o", name, a.perm); +#ifdef HAVE_FCHMOD r = fchmod(fd, a.perm & 07777); +#else + r = chmod(name, a.perm & 07777); +#endif if (r == -1) status = errno_to_portable(errno); } @@ -970,14 +982,22 @@ process_fsetstat(u_int32_t id) strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", localtime(&t)); logit("set \"%s\" modtime %s", name, buf); +#ifdef HAVE_FUTIMES r = futimes(fd, attrib_to_tv(&a)); +#else + r = utimes(name, attrib_to_tv(&a)); +#endif if (r == -1) status = errno_to_portable(errno); } if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { logit("set \"%s\" owner %lu group %lu", name, (u_long)a.uid, (u_long)a.gid); +#ifdef HAVE_FCHOWN r = fchown(fd, a.uid, a.gid); +#else + r = chown(name, a.uid, a.gid); +#endif if (r == -1) status = errno_to_portable(errno); } @@ -1172,7 +1192,14 @@ process_rename(u_int32_t id) else if (S_ISREG(sb.st_mode)) { /* Race-free rename of regular files */ if (link(oldpath, newpath) == -1) { - if (errno == EOPNOTSUPP) { + if (errno == EOPNOTSUPP || errno == ENOSYS +#ifdef EXDEV + || errno == EXDEV +#endif +#ifdef LINK_OPNOTSUPP_ERRNO + || errno == LINK_OPNOTSUPP_ERRNO +#endif + ) { struct stat st; /* @@ -1459,7 +1486,7 @@ sftp_server_cleanup_exit(int i) _exit(i); } -__dead static void +static void sftp_server_usage(void) { extern char *__progname; @@ -1486,6 +1513,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) extern char *optarg; extern char *__progname; + __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); pw = pwcopy(user_pw); @@ -1559,6 +1587,17 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) log_init(__progname, log_level, log_facility, log_stderr); +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* + * On Linux, we should try to avoid making /proc/self/{mem,maps} + * available to the user so that sftp access doesn't automatically + * imply arbitrary code execution access that will break + * restricted configurations. + */ + if (prctl(PR_SET_DUMPABLE, 0) != 0) + fatal("unable to make the process undumpable"); +#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + if ((cp = getenv("SSH_CONNECTION")) != NULL) { client_addr = xstrdup(cp); if ((cp = strchr(client_addr, ' ')) == NULL) { @@ -1576,6 +1615,11 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) in = STDIN_FILENO; out = STDOUT_FILENO; +#ifdef HAVE_CYGWIN + setmode(in, O_BINARY); + setmode(out, O_BINARY); +#endif + max = 0; if (in > max) max = in; diff --git a/crypto/external/bsd/openssh/dist/sftp.1 b/crypto/external/bsd/openssh/dist/sftp.1 index c9810107c..214f0118c 100644 --- a/crypto/external/bsd/openssh/dist/sftp.1 +++ b/crypto/external/bsd/openssh/dist/sftp.1 @@ -1,4 +1,3 @@ -.\" $NetBSD: sftp.1,v 1.11 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: sftp.1,v 1.101 2015/01/30 11:43:14 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. @@ -23,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd January 30 2015 +.Dd $Mdocdate: January 30 2015 $ .Dt SFTP 1 .Os .Sh NAME @@ -264,8 +263,7 @@ diagnostic messages from Specify how many requests may be outstanding at any one time. Increasing this may slightly improve file transfer speed but will increase memory usage. -The default is 256 outstanding requests providing for 8MB -of outstanding data with a 32KB buffer. +The default is 64 outstanding requests. .It Fl r Recursively copy entire directories when uploading and downloading. Note that @@ -339,7 +337,10 @@ may contain characters and may match multiple files. .Ar own must be a numeric UID. -.It Ic df Oo Fl hi Oc Oo Ar path Oc +.It Xo Ic df +.Op Fl hi +.Op Ar path +.Xc Display usage information for the filesystem holding the current directory (or .Ar path @@ -363,7 +364,7 @@ Quit .Op Ar local-path .Xc Retrieve the -.Ar remote-file +.Ar remote-path and store it on the local machine. If the local path name is not specified, it is given the same name it has on the @@ -443,7 +444,10 @@ flag is specified the created link is a symbolic link, otherwise it is a hard link. .It Ic lpwd Print local working directory. -.It Ic ls Oo Fl 1afhlnrSt Oc Oo Ar path Oc +.It Xo Ic ls +.Op Fl 1afhlnrSt +.Op Ar path +.Xc Display a remote directory listing of either .Ar path or the current directory if diff --git a/crypto/external/bsd/openssh/dist/sftp.c b/crypto/external/bsd/openssh/dist/sftp.c index 5c023e5e6..788601a8d 100644 --- a/crypto/external/bsd/openssh/dist/sftp.c +++ b/crypto/external/bsd/openssh/dist/sftp.c @@ -1,4 +1,3 @@ -/* $NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -17,31 +16,49 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $"); + #include /* MIN MAX */ #include #include -#include -#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#include #include +#include +#ifdef HAVE_SYS_STATVFS_H #include +#endif #include #include -#include -#include -#include + +#ifdef HAVE_PATHS_H +# include +#endif +#ifdef HAVE_LIBGEN_H #include -#include +#endif +#ifdef HAVE_LOCALE_H +# include +#endif +#ifdef USE_LIBEDIT +#include +#else +typedef void EditLine; +#endif +#include #include #include #include #include #include -#include -#include #include +#ifdef HAVE_UTIL_H +# include +#endif + #include "xmalloc.h" #include "log.h" #include "pathnames.h" @@ -52,10 +69,9 @@ __RCSID("$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $"); #include "sshbuf.h" #include "sftp-common.h" #include "sftp-client.h" -#include "fmt_scaled.h" #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */ -#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */ +#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */ /* File to read commands from */ FILE* infile; @@ -99,6 +115,8 @@ struct complete_ctx { int remote_glob(struct sftp_conn *, const char *, int, int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */ +extern char *__progname; + /* Separators for interactive commands */ #define WHITESPACE " \t\r\n" @@ -197,10 +215,10 @@ static const struct CMD cmds[] = { { NULL, -1, -1 } }; -int interactive_loop(struct sftp_conn *, const char *, const char *); +int interactive_loop(struct sftp_conn *, char *file1, char *file2); /* ARGSUSED */ -__dead static void +static void killchild(int signo) { if (sshpid > 1) { @@ -265,7 +283,7 @@ static void local_do_shell(const char *args) { int status; - const char *shell; + char *shell; pid_t pid; if (!*args) @@ -669,7 +687,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, memset(&g, 0, sizeof(g)); debug3("Looking up %s", src); - if (glob(src, GLOB_NOCHECK | GLOB_LIMIT | GLOB_MARK, NULL, &g)) { + if (glob(src, GLOB_NOCHECK | GLOB_MARK, NULL, &g)) { error("File \"%s\" not found.", src); err = -1; goto out; @@ -732,8 +750,6 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, fflag || global_fflag) == -1) err = -1; } - free(abs_dst); - abs_dst = NULL; } out: @@ -746,8 +762,8 @@ out: static int sdirent_comp(const void *aa, const void *bb) { - const SFTP_DIRENT *a = *(const SFTP_DIRENT * const *)aa; - const SFTP_DIRENT *b = *(const SFTP_DIRENT * const *)bb; + SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; + SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; int rmul = sort_flag & LS_REVERSE_SORT ? -1 : 1; #define NCMP(a,b) (a == b ? 0 : (a < b ? 1 : -1)) @@ -759,8 +775,6 @@ sdirent_comp(const void *aa, const void *bb) return (rmul * NCMP(a->a.size, b->a.size)); fatal("Unknown ls sort type"); - /*NOTREACHED*/ - return 0; } /* sftp ls.1 replacement for directories */ @@ -858,11 +872,6 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int err, r; struct winsize ws; u_int i, c = 1, colspace = 0, columns = 1, m = 0, width = 80; - struct stat *stp; -#ifndef GLOB_KEEPSTAT - struct stat st; -#define GLOB_KEEPSTAT 0 -#endif memset(&g, 0, sizeof(g)); @@ -887,13 +896,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, * If the glob returns a single match and it is a directory, * then just list its contents. */ - if (g.gl_matchc == 1 && -#if GLOB_KEEPSTAT != 0 - (stp = g.gl_statv[0]) != NULL && -#else - lstat(g.gl_pathv[0], stp = &st) != -1 && -#endif - S_ISDIR(stp->st_mode)) { + if (g.gl_matchc == 1 && g.gl_statv[0] != NULL && + S_ISDIR(g.gl_statv[0]->st_mode)) { err = do_ls_dir(conn, g.gl_pathv[0], strip_path, lflag); globfree(&g); return err; @@ -915,17 +919,12 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, for (i = 0; g.gl_pathv[i] && !interrupted; i++) { fname = path_strip(g.gl_pathv[i], strip_path); if (lflag & LS_LONG_VIEW) { -#if GLOB_KEEPSTAT != 0 - stp = g.gl_statv[i]; -#else - if (lstat(g.gl_pathv[i], stp = &st) == -1) - stp = NULL; -#endif - if (stp == NULL) { + if (g.gl_statv[i] == NULL) { error("no stat information for %s", fname); continue; } - lname = ls_file(fname, stp, 1, (lflag & LS_SI_UNITS)); + lname = ls_file(fname, g.gl_statv[i], 1, + (lflag & LS_SI_UNITS)); printf("%s\n", lname); free(lname); } else { @@ -1408,12 +1407,6 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, int err = 0; glob_t g; - pflag = 0; /* XXX gcc */ - lflag = 0; /* XXX gcc */ - iflag = 0; /* XXX gcc */ - hflag = 0; /* XXX gcc */ - n_arg = 0; /* XXX gcc */ - path1 = path2 = NULL; cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag, &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, &path1, &path2); @@ -1652,7 +1645,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, return (0); } -static const char * +#ifdef USE_LIBEDIT +static char * prompt(EditLine *el) { return ("sftp> "); @@ -1664,7 +1658,7 @@ complete_display(char **list, u_int len) { u_int y, m = 0, width = 80, columns = 1, colspace = 0, llen; struct winsize ws; - const char *tmp; + char *tmp; /* Count entries for sort and find longest */ for (y = 0; list[y]; y++) @@ -1845,9 +1839,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, if (remote != LOCAL) { tmp = make_absolute(tmp, remote_path); remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); - glob(tmp, GLOB_LIMIT|GLOB_DOOFFS|GLOB_MARK, NULL, &g); - } - + } else + glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); + /* Determine length of pwd so we can trim completion display */ for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) { /* Terminate counting on first unescaped glob metacharacter */ @@ -1959,7 +1953,7 @@ complete(EditLine *el, int ch) struct complete_ctx *complete_ctx; lf = el_line(el); - if (el_get(el, EL_CLIENTDATA, &complete_ctx) != 0) + if (el_get(el, EL_CLIENTDATA, (void**)&complete_ctx) != 0) fatal("%s: el_get failed", __func__); /* Figure out which argument the cursor points to */ @@ -2011,15 +2005,17 @@ complete(EditLine *el, int ch) free(line); return ret; } +#endif /* USE_LIBEDIT */ int -interactive_loop(struct sftp_conn *conn, const char *file1, const char *file2) +interactive_loop(struct sftp_conn *conn, char *file1, char *file2) { char *remote_path; char *dir = NULL; char cmd[2048]; int err, interactive; EditLine *el = NULL; +#ifdef USE_LIBEDIT History *hl = NULL; HistEvent hev; extern char *__progname; @@ -2054,6 +2050,7 @@ interactive_loop(struct sftp_conn *conn, const char *file1, const char *file2) /* make ^w match ksh behaviour */ el_set(el, EL_BIND, "^w", "ed-delete-prev-word", NULL); } +#endif /* USE_LIBEDIT */ remote_path = do_realpath(conn, "."); if (remote_path == NULL) @@ -2097,8 +2094,6 @@ interactive_loop(struct sftp_conn *conn, const char *file1, const char *file2) err = 0; for (;;) { char *cp; - const char *line; - int count = 0; signal(SIGINT, SIG_IGN); @@ -2117,16 +2112,21 @@ interactive_loop(struct sftp_conn *conn, const char *file1, const char *file2) printf("\n"); } } else { +#ifdef USE_LIBEDIT + const char *line; + int count = 0; + if ((line = el_gets(el, &count)) == NULL || count <= 0) { printf("\n"); - break; + break; } history(hl, &hev, H_ENTER, line); if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) { fprintf(stderr, "Error: input line too long\n"); continue; } +#endif /* USE_LIBEDIT */ } cp = strrchr(cmd, '\n'); @@ -2145,24 +2145,37 @@ interactive_loop(struct sftp_conn *conn, const char *file1, const char *file2) free(remote_path); free(conn); +#ifdef USE_LIBEDIT if (el != NULL) el_end(el); +#endif /* USE_LIBEDIT */ /* err == 1 signifies normal "quit" exit */ return (err >= 0 ? 0 : -1); } static void -connect_to_server(const char *path, char **args, int *in, int *out) +connect_to_server(char *path, char **args, int *in, int *out) { int c_in, c_out; +#ifdef USE_PIPES + int pin[2], pout[2]; + + if ((pipe(pin) == -1) || (pipe(pout) == -1)) + fatal("pipe: %s", strerror(errno)); + *in = pin[0]; + *out = pout[1]; + c_in = pout[0]; + c_out = pin[1]; +#else /* USE_PIPES */ int inout[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) fatal("socketpair: %s", strerror(errno)); *in = *out = inout[0]; c_in = c_out = inout[1]; +#endif /* USE_PIPES */ if ((sshpid = fork()) == -1) fatal("fork: %s", strerror(errno)); @@ -2198,7 +2211,7 @@ connect_to_server(const char *path, char **args, int *in, int *out) close(c_out); } -__dead static void +static void usage(void) { extern char *__progname; @@ -2223,8 +2236,8 @@ main(int argc, char **argv) int in, out, ch, err; char *host = NULL, *userhost, *cp, *file2 = NULL; int debug_level = 0, sshver = 2; - const char *file1 = NULL, *sftp_server = NULL; - const char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL; + char *file1 = NULL, *sftp_server = NULL; + char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL; const char *errstr; LogLevel ll = SYSLOG_LEVEL_INFO; arglist args; @@ -2239,6 +2252,7 @@ main(int argc, char **argv) sanitise_stdfd(); setlocale(LC_CTYPE, ""); + __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); args.list = NULL; addargs(&args, "%s", ssh_program); @@ -2417,6 +2431,11 @@ main(int argc, char **argv) err = interactive_loop(conn, file1, file2); +#if !defined(USE_PIPES) + shutdown(in, SHUT_RDWR); + shutdown(out, SHUT_RDWR); +#endif + close(in); close(out); if (batchmode) diff --git a/crypto/external/bsd/openssh/dist/sftp.h b/crypto/external/bsd/openssh/dist/sftp.h index 9ded14310..2bde8bb7f 100644 --- a/crypto/external/bsd/openssh/dist/sftp.h +++ b/crypto/external/bsd/openssh/dist/sftp.h @@ -1,4 +1,3 @@ -/* $NetBSD: sftp.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sftp.h,v 1.9 2008/06/13 00:12:02 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c b/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c index 297f2fbe8..2e69934d4 100644 --- a/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c +++ b/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c @@ -6,9 +6,6 @@ Public domain. Derived from public domain code by D. J. Bernstein. */ -#include "includes.h" -__RCSID("$NetBSD: smult_curve25519_ref.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); - int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *); static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) diff --git a/crypto/external/bsd/openssh/dist/ssh-add.1 b/crypto/external/bsd/openssh/dist/ssh-add.1 index b1fd75dfb..f02b595d5 100644 --- a/crypto/external/bsd/openssh/dist/ssh-add.1 +++ b/crypto/external/bsd/openssh/dist/ssh-add.1 @@ -1,4 +1,3 @@ -.\" $NetBSD: ssh-add.1,v 1.10 2015/07/03 01:00:00 christos Exp $ .\" $OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $ .\" .\" Author: Tatu Ylonen @@ -36,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd March 30 2015 +.Dd $Mdocdate: March 30 2015 $ .Dt SSH-ADD 1 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/ssh-add.c b/crypto/external/bsd/openssh/dist/ssh-add.c index 325be3fe7..d6271d78e 100644 --- a/crypto/external/bsd/openssh/dist/ssh-add.c +++ b/crypto/external/bsd/openssh/dist/ssh-add.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-add.c,v 1.12 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: ssh-add.c,v 1.123 2015/07/03 03:43:18 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,15 +36,17 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-add.c,v 1.12 2015/08/13 10:33:21 christos Exp $"); + #include #include #include +#include "openbsd-compat/openssl-compat.h" #include #include #include +#include #include #include #include @@ -69,10 +70,14 @@ __RCSID("$NetBSD: ssh-add.c,v 1.12 2015/08/13 10:33:21 christos Exp $"); extern char *__progname; /* Default files to add */ -static const char *default_files[] = { +static char *default_files[] = { +#ifdef WITH_OPENSSL _PATH_SSH_CLIENT_ID_RSA, _PATH_SSH_CLIENT_ID_DSA, +#ifdef OPENSSL_HAS_ECC _PATH_SSH_CLIENT_ID_ECDSA, +#endif +#endif /* WITH_OPENSSL */ _PATH_SSH_CLIENT_ID_ED25519, #ifdef WITH_SSH1 _PATH_SSH_CLIENT_IDENTITY, @@ -483,7 +488,12 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); + seed_rng(); + +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif setvbuf(stdout, NULL, _IOLBF, 0); diff --git a/crypto/external/bsd/openssh/dist/ssh-agent.1 b/crypto/external/bsd/openssh/dist/ssh-agent.1 index 978bec087..d0aa712f1 100644 --- a/crypto/external/bsd/openssh/dist/ssh-agent.1 +++ b/crypto/external/bsd/openssh/dist/ssh-agent.1 @@ -1,4 +1,3 @@ -.\" $NetBSD: ssh-agent.1,v 1.9 2015/07/03 01:00:00 christos Exp $ .\" $OpenBSD: ssh-agent.1,v 1.59 2015/04/24 06:26:49 jmc Exp $ .\" .\" Author: Tatu Ylonen @@ -35,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 24 2015 +.Dd $Mdocdate: April 24 2015 $ .Dt SSH-AGENT 1 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/ssh-agent.c b/crypto/external/bsd/openssh/dist/ssh-agent.c index 7708e9611..a335ea33d 100644 --- a/crypto/external/bsd/openssh/dist/ssh-agent.c +++ b/crypto/external/bsd/openssh/dist/ssh-agent.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-agent.c,v 1.16 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.204 2015/07/08 20:24:02 markus Exp $ */ /* * Author: Tatu Ylonen @@ -36,31 +35,42 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-agent.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); + #include /* MIN MAX */ #include -#include -#include +#include #include -#include #include -#include +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_UN_H +# include +#endif +#include "openbsd-compat/sys-queue.h" #ifdef WITH_OPENSSL #include +#include "openbsd-compat/openssl-compat.h" #endif #include #include -#include -#include -#include -#include -#include #include +#ifdef HAVE_PATHS_H +# include +#endif +#include +#include +#include +#include #include +#include #include -#include +#ifdef HAVE_UTIL_H +# include +#endif #include "xmalloc.h" #include "ssh.h" @@ -71,7 +81,6 @@ __RCSID("$NetBSD: ssh-agent.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); #include "compat.h" #include "log.h" #include "misc.h" -#include "getpeereid.h" #include "digest.h" #include "ssherr.h" @@ -79,6 +88,10 @@ __RCSID("$NetBSD: ssh-agent.c,v 1.16 2015/08/13 10:33:21 christos Exp $"); #include "ssh-pkcs11.h" #endif +#if defined(HAVE_SYS_PRCTL_H) +#include /* For prctl() and PR_SET_DUMPABLE */ +#endif + typedef enum { AUTH_UNUSED, AUTH_SOCKET, @@ -483,7 +496,8 @@ process_remove_all_identities(SocketEntry *e, int version) Identity *id; /* Loop over all identities and clear the keys. */ - while ((id = TAILQ_FIRST(&tab->idlist)) != NULL) { + for (id = TAILQ_FIRST(&tab->idlist); id; + id = TAILQ_FIRST(&tab->idlist)) { TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); } @@ -660,8 +674,8 @@ process_lock_agent(SocketEntry *e, int lock) if (pwlen == 0) { debug("empty password not supported"); } else if (locked && !lock) { - if (bcrypt_pbkdf(passwd, pwlen, (uint8_t *)lock_salt, sizeof(lock_salt), - (uint8_t *)passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) + if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), + passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { debug("agent unlocked"); @@ -683,9 +697,8 @@ process_lock_agent(SocketEntry *e, int lock) debug("agent locked"); locked = 1; arc4random_buf(lock_salt, sizeof(lock_salt)); - if (bcrypt_pbkdf(passwd, pwlen, (uint8_t *)lock_salt, sizeof(lock_salt), - (uint8_t *)lock_passwd, sizeof(lock_passwd), - LOCK_ROUNDS) < 0) + if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), + lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); success = 1; } @@ -1067,6 +1080,7 @@ after_select(fd_set *readset, fd_set *writeset) sshbuf_ptr(sockets[i].output), sshbuf_len(sockets[i].output)); if (len == -1 && (errno == EAGAIN || + errno == EWOULDBLOCK || errno == EINTR)) continue; if (len <= 0) { @@ -1081,6 +1095,7 @@ after_select(fd_set *readset, fd_set *writeset) if (FD_ISSET(sockets[i].fd, readset)) { len = read(sockets[i].fd, buf, sizeof(buf)); if (len == -1 && (errno == EAGAIN || + errno == EWOULDBLOCK || errno == EINTR)) continue; if (len <= 0) { @@ -1120,7 +1135,7 @@ cleanup_exit(int i) } /*ARGSUSED*/ -__dead static void +static void cleanup_handler(int sig) { cleanup_socket(); @@ -1144,7 +1159,7 @@ check_parent_exists(void) } } -__dead static void +static void usage(void) { fprintf(stderr, @@ -1154,38 +1169,17 @@ usage(void) exit(1); } -static void -csh_setenv(const char *name, const char *value) -{ - printf("setenv %s %s;\n", name, value); -} - -static void -csh_unsetenv(const char *name) -{ - printf("unsetenv %s;\n", name); -} - -static void -sh_setenv(const char *name, const char *value) -{ - printf("%s=%s; export %s;\n", name, value, name); -} - -static void -sh_unsetenv(const char *name) -{ - printf("unset %s;\n", name); -} int main(int ac, char **av) { int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; int sock, fd, ch, result, saved_errno; u_int nalloc; - char *shell, *pidstr, *agentsocket = NULL; + char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; +#ifdef HAVE_SETRLIMIT struct rlimit rlim; +#endif extern int optind; extern char *optarg; pid_t pid; @@ -1193,8 +1187,6 @@ main(int ac, char **av) struct timeval *tvp = NULL; size_t len; mode_t prev_mask; - void (*f_setenv)(const char *, const char *); - void (*f_unsetenv)(const char *); /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1203,10 +1195,18 @@ main(int ac, char **av) setegid(getgid()); setgid(getgid()); +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Disable ptrace on Linux without sgid bit */ + prctl(PR_SET_DUMPABLE, 0); +#endif + #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); #endif + __progname = ssh_get_progname(av[0]); + seed_rng(); + while ((ch = getopt(ac, av, "cDdksE:a:t:")) != -1) { switch (ch) { case 'E': @@ -1262,13 +1262,6 @@ main(int ac, char **av) strncmp(shell + len - 3, "csh", 3) == 0) c_flag = 1; } - if (c_flag) { - f_setenv = csh_setenv; - f_unsetenv = csh_unsetenv; - } else { - f_setenv = sh_setenv; - f_unsetenv = sh_unsetenv; - } if (k_flag) { const char *errstr = NULL; @@ -1289,8 +1282,9 @@ main(int ac, char **av) perror("kill"); exit(1); } - (*f_unsetenv)(SSH_AUTHSOCKET_ENV_NAME); - (*f_unsetenv)(SSH_AGENTPID_ENV_NAME); + format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; + printf(format, SSH_AUTHSOCKET_ENV_NAME); + printf(format, SSH_AGENTPID_ENV_NAME); printf("echo Agent pid %ld killed;\n", (long)pid); exit(0); } @@ -1332,13 +1326,9 @@ main(int ac, char **av) log_init(__progname, d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 1); - if (c_flag) - printf("setenv %s %s;\n", - SSH_AUTHSOCKET_ENV_NAME, socket_name); - else - printf("%s=%s; export %s;\n", - SSH_AUTHSOCKET_ENV_NAME, socket_name, - SSH_AUTHSOCKET_ENV_NAME); + format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; + printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, + SSH_AUTHSOCKET_ENV_NAME); printf("echo Agent pid %ld;\n", (long)parent_pid); goto skip; } @@ -1351,8 +1341,11 @@ main(int ac, char **av) close(sock); snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid); if (ac == 0) { - (*f_setenv)(SSH_AUTHSOCKET_ENV_NAME, socket_name); - (*f_setenv)(SSH_AGENTPID_ENV_NAME, pidstrbuf); + format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; + printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, + SSH_AUTHSOCKET_ENV_NAME); + printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, + SSH_AGENTPID_ENV_NAME); printf("echo Agent pid %ld;\n", (long)pid); exit(0); } @@ -1374,59 +1367,23 @@ main(int ac, char **av) } (void)chdir("/"); - - if (sock != STDERR_FILENO + 1) { - if (dup2(sock, STDERR_FILENO + 1) == -1) { - error("dup2: %s", strerror(errno)); - cleanup_exit(1); - } - close(sock); - sock = STDERR_FILENO + 1; - } -#if defined(F_CLOSEM) - if (fcntl(sock + 1, F_CLOSEM, 0) == -1) { - error("fcntl F_CLOSEM: %s", strerror(errno)); - cleanup_exit(1); - } -#else - { - int nfiles; -#if defined(_SC_OPEN_MAX) - nfiles = sysconf(_SC_OPEN_MAX); -#elif defined(RLIMIT_NOFILE) - if (getrlimit(RLIMIT_CORE, &rlim) < 0) { - error("getrlimit RLIMIT_NOFILE: %s", strerror(errno)); - cleanup_exit(1); - } - nfiles = rlim.rlim_cur; -#elif defined(OPEN_MAX) - nfiles = OPEN_MAX; -#elif defined(NOFILE) - nfiles = NOFILE; -#else - nfiles = 1024; -#endif - for (fd = sock + 1; fd < nfiles; fd++) - close(fd); - } -#endif if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { - if (dup2(fd, STDIN_FILENO) == -1 || - dup2(fd, STDOUT_FILENO) == -1 || - dup2(fd, STDERR_FILENO) == -1) { - error("dup2: %s", strerror(errno)); - cleanup_exit(1); - } - if (fd > STDERR_FILENO) + /* XXX might close listen socket */ + (void)dup2(fd, STDIN_FILENO); + (void)dup2(fd, STDOUT_FILENO); + (void)dup2(fd, STDERR_FILENO); + if (fd > 2) close(fd); } +#ifdef HAVE_SETRLIMIT /* deny core dumps, since memory contains unencrypted private keys */ rlim.rlim_cur = rlim.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &rlim) < 0) { error("setrlimit RLIMIT_CORE: %s", strerror(errno)); cleanup_exit(1); } +#endif skip: diff --git a/crypto/external/bsd/openssh/dist/ssh-dss.c b/crypto/external/bsd/openssh/dist/ssh-dss.c index e17a50aeb..8ed19d849 100644 --- a/crypto/external/bsd/openssh/dist/ssh-dss.c +++ b/crypto/external/bsd/openssh/dist/ssh-dss.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-dss.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh-dss.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,12 +24,16 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-dss.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_OPENSSL + #include #include +#include #include +#include #include #include "sshbuf.h" @@ -216,3 +219,4 @@ ssh_dss_verify(const struct sshkey *key, } return ret; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/ssh-ecdsa.c b/crypto/external/bsd/openssh/dist/ssh-ecdsa.c index e07daf496..2c76f8b43 100644 --- a/crypto/external/bsd/openssh/dist/ssh-ecdsa.c +++ b/crypto/external/bsd/openssh/dist/ssh-ecdsa.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-ecdsa.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh-ecdsa.c,v 1.11 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +25,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-ecdsa.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + #include #include @@ -187,3 +188,5 @@ ssh_ecdsa_verify(const struct sshkey *key, free(ktype); return ret; } + +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ diff --git a/crypto/external/bsd/openssh/dist/ssh-ed25519.c b/crypto/external/bsd/openssh/dist/ssh-ed25519.c index 4cad25825..b159ff5ee 100644 --- a/crypto/external/bsd/openssh/dist/ssh-ed25519.c +++ b/crypto/external/bsd/openssh/dist/ssh-ed25519.c @@ -14,9 +14,8 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define SSHKEY_INTERNAL + #include "includes.h" -__RCSID("$NetBSD: ssh-ed25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include #include @@ -28,6 +27,7 @@ __RCSID("$NetBSD: ssh-ed25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include "log.h" #include "sshbuf.h" +#define SSHKEY_INTERNAL #include "sshkey.h" #include "ssherr.h" #include "ssh.h" diff --git a/crypto/external/bsd/openssh/dist/ssh-gss.h b/crypto/external/bsd/openssh/dist/ssh-gss.h index 9362eccdf..a99d7f08b 100644 --- a/crypto/external/bsd/openssh/dist/ssh-gss.h +++ b/crypto/external/bsd/openssh/dist/ssh-gss.h @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-gss.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -29,7 +28,28 @@ #ifdef GSSAPI +#ifdef HAVE_GSSAPI_H #include +#elif defined(HAVE_GSSAPI_GSSAPI_H) +#include +#endif + +#ifdef KRB5 +# ifndef HEIMDAL +# ifdef HAVE_GSSAPI_GENERIC_H +# include +# elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) +# include +# endif + +/* Old MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */ + +# if !HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE +# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name +# endif /* !HAVE_DECL_GSS_C_NT_... */ + +# endif /* !HEIMDAL */ +#endif /* KRB5 */ /* draft-ietf-secsh-gsskeyex-06 */ #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60 @@ -57,8 +77,8 @@ typedef struct { } ssh_gssapi_client; typedef struct ssh_gssapi_mech_struct { - const char *enc_name; - const char *name; + char *enc_name; + char *name; gss_OID_desc oid; int (*dochild) (ssh_gssapi_client *); int (*userok) (ssh_gssapi_client *, char *); diff --git a/crypto/external/bsd/openssh/dist/ssh-keygen.1 b/crypto/external/bsd/openssh/dist/ssh-keygen.1 index 4f19c6276..ed17a08fa 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keygen.1 +++ b/crypto/external/bsd/openssh/dist/ssh-keygen.1 @@ -1,8 +1,5 @@ -.\" $NetBSD: ssh-keygen.1,v 1.15 2015/08/21 08:20:59 christos Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $ .\" -.\" -*- nroff -*- -.\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland .\" All rights reserved @@ -38,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd August 20 2015 +.Dd $Mdocdate: August 20 2015 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -179,7 +176,7 @@ or .Pa ~/.ssh/id_rsa . Additionally, the system administrator may use this to generate host keys, as seen in -.Pa /etc/rc.d/sshd . +.Pa /etc/rc . .Pp Normally this program generates the key and asks for a file in which to store the private key. @@ -495,9 +492,6 @@ Test whether keys have been revoked in a KRL. .It Fl q Silence .Nm ssh-keygen . -Used by -.Pa /etc/rc.d/sshd -when creating a new key. .It Fl R Ar hostname Removes all keys belonging to .Ar hostname diff --git a/crypto/external/bsd/openssh/dist/ssh-keygen.c b/crypto/external/bsd/openssh/dist/ssh-keygen.c index b6e8c10d5..4e0a85554 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keygen.c +++ b/crypto/external/bsd/openssh/dist/ssh-keygen.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-keygen.c,v 1.19 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */ /* * Author: Tatu Ylonen @@ -14,18 +13,25 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keygen.c,v 1.19 2015/08/21 08:20:59 christos Exp $"); + #include #include #include +#ifdef WITH_OPENSSL #include #include +#include "openbsd-compat/openssl-compat.h" +#endif #include #include #include +#ifdef HAVE_PATHS_H +# include +#endif #include +#include #include #include #include @@ -47,14 +53,11 @@ __RCSID("$NetBSD: ssh-keygen.c,v 1.19 2015/08/21 08:20:59 christos Exp $"); #include "ssh.h" #include "ssh2.h" #include "ssherr.h" +#include "ssh-pkcs11.h" #include "atomicio.h" #include "krl.h" #include "digest.h" -#ifdef ENABLE_PKCS11 -#include "ssh-pkcs11.h" -#endif - #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" #else @@ -155,7 +158,7 @@ enum { int print_public = 0; int print_generic = 0; -const char *key_type_name = NULL; +char *key_type_name = NULL; /* Load key from this PKCS#11 provider */ char *pkcs11provider = NULL; @@ -203,8 +206,7 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) *bitsp = sshkey_curve_nid_to_bits(nid); if (*bitsp == 0) *bitsp = DEFAULT_BITS_ECDSA; - } - else + } else #endif *bitsp = DEFAULT_BITS; } @@ -227,7 +229,7 @@ static void ask_filename(struct passwd *pw, const char *prompt) { char buf[1024]; - const char *name = NULL; + char *name = NULL; if (key_type_name == NULL) name = _PATH_SSH_CLIENT_ID_RSA; @@ -240,10 +242,12 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: name = _PATH_SSH_CLIENT_ID_ECDSA; break; +#endif case KEY_RSA_CERT: case KEY_RSA: name = _PATH_SSH_CLIENT_ID_RSA; @@ -297,7 +301,7 @@ load_identity(char *filename) #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb #ifdef WITH_OPENSSL -__dead static void +static void do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) { size_t len; @@ -324,7 +328,7 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) exit(0); } -__dead static void +static void do_convert_to_pkcs8(struct sshkey *k) { switch (sshkey_type_plain(k->type)) { @@ -337,17 +341,19 @@ do_convert_to_pkcs8(struct sshkey *k) if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) fatal("PEM_write_EC_PUBKEY failed"); break; +#endif default: fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); } exit(0); } -__dead static void +static void do_convert_to_pem(struct sshkey *k) { switch (sshkey_type_plain(k->type)) { @@ -369,7 +375,7 @@ do_convert_to_pem(struct sshkey *k) exit(0); } -__dead static void +static void do_convert_to(struct passwd *pw) { struct sshkey *k; @@ -628,6 +634,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) (*k)->type = KEY_DSA; (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); break; +#ifdef OPENSSL_HAS_ECC case EVP_PKEY_EC: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); @@ -635,6 +642,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); (*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa); break; +#endif default: fatal("%s: unsupported pubkey type %d", __func__, EVP_PKEY_type(pubkey->type)); @@ -677,7 +685,7 @@ do_convert_from_pem(struct sshkey **k, int *private) fatal("%s: unrecognised raw private key format", __func__); } -__dead static void +static void do_convert_from(struct passwd *pw) { struct sshkey *k = NULL; @@ -714,10 +722,12 @@ do_convert_from(struct passwd *pw) ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL, NULL, 0, NULL, NULL); break; +#endif case KEY_RSA: ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL); @@ -735,7 +745,7 @@ do_convert_from(struct passwd *pw) } #endif -__dead static void +static void do_print_public(struct passwd *pw) { struct sshkey *prv; @@ -754,7 +764,7 @@ do_print_public(struct passwd *pw) exit(0); } -__dead static void +static void do_download(struct passwd *pw) { #ifdef ENABLE_PKCS11 @@ -798,7 +808,7 @@ do_download(struct passwd *pw) #endif /* ENABLE_PKCS11 */ } -__dead static void +static void do_fingerprint(struct passwd *pw) { FILE *f; @@ -915,9 +925,9 @@ static void do_gen_all_hostkeys(struct passwd *pw) { struct { - const char *key_type; - const char *key_type_display; - const char *path; + char *key_type; + char *key_type_display; + char *path; } key_types[] = { #ifdef WITH_OPENSSL #ifdef WITH_SSH1 @@ -925,7 +935,9 @@ do_gen_all_hostkeys(struct passwd *pw) #endif /* WITH_SSH1 */ { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, +#ifdef OPENSSL_HAS_ECC { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, +#endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, { NULL, NULL, NULL } @@ -1126,7 +1138,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) return 0; } -__dead static void +static void do_known_hosts(struct passwd *pw, const char *name) { char *cp, tmp[PATH_MAX], old[PATH_MAX]; @@ -1223,7 +1235,7 @@ do_known_hosts(struct passwd *pw, const char *name) * Perform changing a passphrase. The argument is the passwd structure * for the current user. */ -__dead static void +static void do_change_passphrase(struct passwd *pw) { char *comment; @@ -1308,8 +1320,7 @@ do_change_passphrase(struct passwd *pw) * Print the SSHFP RR. */ static int -do_print_resource_record(struct passwd *pw, const char *fname, - const char *hname) +do_print_resource_record(struct passwd *pw, char *fname, char *hname) { struct sshkey *public; char *comment = NULL; @@ -1335,7 +1346,7 @@ do_print_resource_record(struct passwd *pw, const char *fname, /* * Change the comment of a private key file. */ -__dead static void +static void do_change_comment(struct passwd *pw) { char new_comment[1024], *comment, *passphrase; @@ -1555,7 +1566,7 @@ load_pkcs11_key(char *path) #endif /* ENABLE_PKCS11 */ } -__dead static void +static void do_ca_sign(struct passwd *pw, int argc, char **argv) { int r, i, fd; @@ -1673,8 +1684,7 @@ parse_absolute_time(const char *s) { struct tm tm; time_t tt; - char buf[32]; - const char *fmt; + char buf[32], *fmt; /* * POSIX strptime says "The application shall ensure that there @@ -1840,7 +1850,7 @@ show_options(struct sshbuf *optbuf, int in_critical) sshbuf_free(options); } -__dead static void +static void do_show_cert(struct passwd *pw) { struct sshkey *key; @@ -1901,7 +1911,6 @@ do_show_cert(struct passwd *pw) exit(0); } -#ifdef WITH_OPENSSL static void load_krl(const char *path, struct ssh_krl **krlp) { @@ -2097,7 +2106,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) fatal("Couldn't generate KRL"); if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) fatal("open %s: %s", identity_file, strerror(errno)); - if (atomicio(vwrite, fd, __UNCONST(sshbuf_ptr(kbuf)), sshbuf_len(kbuf)) != + if (atomicio(vwrite, fd, (void *)sshbuf_ptr(kbuf), sshbuf_len(kbuf)) != sshbuf_len(kbuf)) fatal("write %s: %s", identity_file, strerror(errno)); close(fd); @@ -2107,7 +2116,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) sshkey_free(ca); } -__dead static void +static void do_check_krl(struct passwd *pw, int argc, char **argv) { int i, r, ret = 0; @@ -2134,9 +2143,8 @@ do_check_krl(struct passwd *pw, int argc, char **argv) ssh_krl_free(krl); exit(ret); } -#endif -__dead static void +static void usage(void) { fprintf(stderr, @@ -2203,9 +2211,15 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + __progname = ssh_get_progname(argv[0]); + +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); + seed_rng(); + /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) @@ -2374,46 +2388,39 @@ main(int argc, char **argv) break; #ifdef WITH_OPENSSL /* Moduli generation/screening */ + case 'W': + generator_wanted = (u_int32_t)strtonum(optarg, 1, + UINT_MAX, &errstr); + if (errstr) + fatal("Desired generator has bad value: %s (%s)", + optarg, errstr); + break; + case 'M': + memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) + fatal("Memory limit is %s: %s", errstr, optarg); + break; case 'G': do_gen_candidates = 1; if (strlcpy(out_file, optarg, sizeof(out_file)) >= sizeof(out_file)) fatal("Output filename too long"); break; - case 'J': - lines_to_process = strtoul(optarg, NULL, 10); - break; - case 'j': - start_lineno = strtoul(optarg, NULL, 10); - break; - case 'K': - if (strlen(optarg) >= PATH_MAX) - fatal("Checkpoint filename too long"); - checkpoint = xstrdup(optarg); - break; - case 'M': - memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, - &errstr); - if (errstr) - fatal("Memory limit is %s: %s", errstr, optarg); - break; - case 'S': - /* XXX - also compare length against bits */ - if (BN_hex2bn(&start, optarg) == 0) - fatal("Invalid start point."); - break; case 'T': do_screen_candidates = 1; if (strlcpy(out_file, optarg, sizeof(out_file)) >= sizeof(out_file)) fatal("Output filename too long"); break; - case 'W': - generator_wanted = (u_int32_t)strtonum(optarg, 1, - UINT_MAX, &errstr); - if (errstr != NULL) - fatal("Desired generator invalid: %s (%s)", - optarg, errstr); + case 'K': + if (strlen(optarg) >= PATH_MAX) + fatal("Checkpoint filename too long"); + checkpoint = xstrdup(optarg); + break; + case 'S': + /* XXX - also compare length against bits */ + if (BN_hex2bn(&start, optarg) == 0) + fatal("Invalid start point."); break; #endif /* WITH_OPENSSL */ case '?': @@ -2445,7 +2452,6 @@ main(int argc, char **argv) error("Cannot use -l with -H or -R."); usage(); } -#ifdef WITH_OPENSSL if (gen_krl) { do_gen_krl(pw, update_krl, argc, argv); return (0); @@ -2454,7 +2460,6 @@ main(int argc, char **argv) do_check_krl(pw, argc, argv); return (0); } -#endif if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); diff --git a/crypto/external/bsd/openssh/dist/ssh-keyscan.1 b/crypto/external/bsd/openssh/dist/ssh-keyscan.1 index 08bce60b1..6bbc480cd 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keyscan.1 +++ b/crypto/external/bsd/openssh/dist/ssh-keyscan.1 @@ -1,4 +1,3 @@ -.\" $NetBSD: ssh-keyscan.1,v 1.10 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: ssh-keyscan.1,v 1.36 2014/08/30 15:33:50 sobrado Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . @@ -7,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd August 30 2014 +.Dd $Mdocdate: August 30 2014 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/ssh-keyscan.c b/crypto/external/bsd/openssh/dist/ssh-keyscan.c index eafa4a5d9..57d88429b 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keyscan.c +++ b/crypto/external/bsd/openssh/dist/ssh-keyscan.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-keyscan.c,v 1.14 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.101 2015/04/10 00:08:55 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . @@ -9,19 +8,21 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keyscan.c,v 1.14 2015/07/03 01:00:00 christos Exp $"); - -#include + #include -#include -#include -#include +#include "openbsd-compat/sys-queue.h" #include +#ifdef HAVE_SYS_TIME_H +# include +#endif + +#include +#include #include -#include #include +#include #include #include #include @@ -76,6 +77,8 @@ fd_set *read_wait; size_t read_wait_nfdset; int ncon; +struct ssh *active_state = NULL; /* XXX needed for linking */ + /* * Keep a connection structure for each file descriptor. The state * associated with file descriptor n is held in fdcon[n]. @@ -110,28 +113,38 @@ static void keyprint(con *c, struct sshkey *key); static int fdlim_get(int hard) { +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit rlfd; if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) return (-1); if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY) - return sysconf(_SC_OPEN_MAX); + return SSH_SYSFDMAX; else return hard ? rlfd.rlim_max : rlfd.rlim_cur; +#else + return SSH_SYSFDMAX; +#endif } static int fdlim_set(int lim) { +#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit rlfd; +#endif if (lim <= 0) return (-1); +#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) return (-1); rlfd.rlim_cur = lim; if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0) return (-1); +#elif defined (HAVE_SETDTABLESIZE) + setdtablesize(lim); +#endif return (0); } @@ -163,7 +176,7 @@ xstrsep(char **str, const char *delim) * null token for two adjacent separators, so we may have to loop. */ static char * -strnnsep(char **stringp, const char *delim) +strnnsep(char **stringp, char *delim) { char *tok; @@ -250,7 +263,7 @@ ssh2_capable(int remote_major, int remote_minor) static void keygrab_ssh2(con *c) { - const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; int r; enable_compat20(); @@ -269,7 +282,9 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +# endif #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); @@ -284,7 +299,6 @@ static void keyprint(con *c, struct sshkey *key) { char *host = c->c_output_name ? c->c_output_name : c->c_name; - int r; char *hostport = NULL; if (!key) @@ -294,10 +308,7 @@ keyprint(con *c, struct sshkey *key) hostport = put_host_port(host, ssh_port); fprintf(stdout, "%s ", hostport); - - if ((r = sshkey_write(key, stdout)) != 0) - fprintf(stderr, "key_write failed: %s", ssh_err(r)); - + sshkey_write(key, stdout); fputs("\n", stdout); free(hostport); } @@ -573,7 +584,7 @@ conloop(void) memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask)); while (select(maxfd, r, NULL, e, &seltime) == -1 && - (errno == EAGAIN || errno == EINTR)) + (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) ; for (i = 0; i < maxfd; i++) { @@ -613,7 +624,7 @@ do_host(char *host) } } -__dead void +void fatal(const char *fmt,...) { va_list args; @@ -624,7 +635,7 @@ fatal(const char *fmt,...) exit(255); } -__dead static void +static void usage(void) { fprintf(stderr, @@ -646,6 +657,8 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + __progname = ssh_get_progname(argv[0]); + seed_rng(); TAILQ_INIT(&tq); /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ diff --git a/crypto/external/bsd/openssh/dist/ssh-keysign.8 b/crypto/external/bsd/openssh/dist/ssh-keysign.8 index 1e2e53626..69d082954 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keysign.8 +++ b/crypto/external/bsd/openssh/dist/ssh-keysign.8 @@ -1,4 +1,3 @@ -.\" $NetBSD: ssh-keysign.8,v 1.9 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. @@ -23,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 7 2013 +.Dd $Mdocdate: December 7 2013 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/ssh-keysign.c b/crypto/external/bsd/openssh/dist/ssh-keysign.c index e4143e5d4..1dca3e289 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keysign.c +++ b/crypto/external/bsd/openssh/dist/ssh-keysign.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-keysign.c,v 1.10 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. @@ -25,19 +24,23 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keysign.c,v 1.10 2015/08/13 10:33:21 christos Exp $"); -#include - -#include -#include #include +#ifdef HAVE_PATHS_H #include +#endif #include +#include #include #include #include +#ifdef WITH_OPENSSL +#include +#include +#include +#endif + #include "xmalloc.h" #include "log.h" #include "sshkey.h" @@ -54,9 +57,13 @@ __RCSID("$NetBSD: ssh-keysign.c,v 1.10 2015/08/13 10:33:21 christos Exp $"); #include "sshkey.h" #include "ssherr.h" +struct ssh *active_state = NULL; /* XXX needed for linking */ + /* XXX readconf.c needs these */ uid_t original_real_uid; +extern char *__progname; + static int valid_request(struct passwd *pw, char *host, struct sshkey **ret, u_char *data, size_t datalen) @@ -168,8 +175,9 @@ main(int argc, char **argv) u_char *signature, *data, rver; char *host, *fp; size_t slen, dlen; - - key = NULL; /* XXX gcc */ +#ifdef WITH_OPENSSL + u_int32_t rnd[256]; +#endif /* Ensure that stdin and stdout are connected */ if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) @@ -192,6 +200,8 @@ main(int argc, char **argv) permanently_set_uid(pw); + seed_rng(); + #ifdef DEBUG_SSH_KEYSIGN log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); #endif @@ -211,7 +221,11 @@ main(int argc, char **argv) if (found == 0) fatal("could not open any host key"); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); + arc4random_buf(rnd, sizeof(rnd)); + RAND_seed(rnd, sizeof(rnd)); +#endif found = 0; for (i = 0; i < NUM_KEYTYPES; i++) { diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c b/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c index 6a5940a1c..8c74864aa 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-pkcs11-client.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh-pkcs11-client.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. @@ -15,11 +14,15 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: ssh-pkcs11-client.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + +#ifdef ENABLE_PKCS11 #include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include @@ -235,3 +238,5 @@ pkcs11_del_provider(char *name) buffer_free(&msg); return (ret); } + +#endif /* ENABLE_PKCS11 */ diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 index 5533c173f..3728c4e4e 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 @@ -1,4 +1,3 @@ -.\" $NetBSD: ssh-pkcs11-helper.8,v 1.6 2015/04/03 23:58:19 christos Exp $ .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ .\" .\" Copyright (c) 2010 Markus Friedl. All rights reserved. @@ -15,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd July 16 2013 +.Dd $Mdocdate: July 16 2013 $ .Dt SSH-PKCS11-HELPER 8 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c index 9ec0469e5..f2d586395 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-pkcs11-helper.c,v 1.9 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. @@ -15,13 +14,15 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: ssh-pkcs11-helper.c,v 1.9 2015/08/21 08:20:59 christos Exp $"); #include -#include -#include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif + +#include "openbsd-compat/sys-queue.h" #include #include @@ -36,6 +37,8 @@ __RCSID("$NetBSD: ssh-pkcs11-helper.c,v 1.9 2015/08/21 08:20:59 christos Exp $") #include "authfd.h" #include "ssh-pkcs11.h" +#ifdef ENABLE_PKCS11 + /* borrows code from sftp-server and ssh-agent */ struct pkcs11_keyinfo { @@ -274,11 +277,15 @@ main(int argc, char **argv) SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; LogLevel log_level = SYSLOG_LEVEL_ERROR; char buf[4*4096]; + extern char *__progname; TAILQ_INIT(&pkcs11_keylist); pkcs11_init(0); + seed_rng(); + __progname = ssh_get_progname(argv[0]); + log_init(__progname, log_level, log_facility, log_stderr); in = STDIN_FILENO; @@ -354,3 +361,14 @@ main(int argc, char **argv) process(); } } +#else /* ENABLE_PKCS11 */ +int +main(int argc, char **argv) +{ + extern char *__progname; + + __progname = ssh_get_progname(argv[0]); + log_init(__progname, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTH, 0); + fatal("PKCS#11 support disabled at compile time"); +} +#endif /* ENABLE_PKCS11 */ diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11.c b/crypto/external/bsd/openssh/dist/ssh-pkcs11.c index 6d8bfa4f0..92614a52d 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11.c +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-pkcs11.c,v 1.9 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: ssh-pkcs11.c,v 1.21 2015/07/18 08:02:17 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. @@ -15,18 +14,23 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: ssh-pkcs11.c,v 1.9 2015/08/13 10:33:21 christos Exp $"); + +#ifdef ENABLE_PKCS11 #include -#include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include #include #include #include +#include "openbsd-compat/sys-queue.h" + #include #define CRYPTOKI_COMPAT @@ -104,9 +108,7 @@ pkcs11_provider_finalize(struct pkcs11_provider *p) error("C_Finalize failed: %lu", rv); p->valid = 0; p->function_list = NULL; -#ifdef HAVE_DLOPEN dlclose(p->handle); -#endif } /* @@ -168,7 +170,6 @@ pkcs11_del_provider(char *provider_id) return (-1); } -#ifdef HAVE_DLOPEN /* openssl callback for freeing an RSA key */ static int pkcs11_rsa_finish(RSA *rsa) @@ -226,19 +227,22 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, CK_OBJECT_HANDLE obj; CK_ULONG tlen = 0; CK_RV rv; - CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; + CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; CK_BBOOL true_val = CK_TRUE; CK_MECHANISM mech = { CKM_RSA_PKCS, NULL_PTR, 0 }; CK_ATTRIBUTE key_filter[] = { - {CKA_CLASS, &private_key_class, sizeof(private_key_class) }, + {CKA_CLASS, NULL, sizeof(private_key_class) }, {CKA_ID, NULL, 0}, - {CKA_SIGN, &true_val, sizeof(true_val) } + {CKA_SIGN, NULL, sizeof(true_val) } }; char *pin = NULL, prompt[1024]; int rval = -1; + key_filter[0].pValue = &private_key_class; + key_filter[2].pValue = &true_val; + if ((k11 = RSA_get_app_data(rsa)) == NULL) { error("RSA_get_app_data failed for rsa %p", rsa); return (-1); @@ -288,7 +292,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, } else { /* XXX handle CKR_BUFFER_TOO_SMALL */ tlen = RSA_size(rsa); - rv = f->C_Sign(si->session, __UNCONST(from), flen, to, &tlen); + rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); if (rv == CKR_OK) rval = tlen; else @@ -398,13 +402,13 @@ static int pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, struct sshkey ***keysp, int *nkeys) { - CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; - CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; + CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; + CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; CK_ATTRIBUTE pubkey_filter[] = { - { CKA_CLASS, &pubkey_class, sizeof(pubkey_class) } + { CKA_CLASS, NULL, sizeof(pubkey_class) } }; CK_ATTRIBUTE cert_filter[] = { - { CKA_CLASS, &cert_class, sizeof(cert_class) } + { CKA_CLASS, NULL, sizeof(cert_class) } }; CK_ATTRIBUTE pubkey_attribs[] = { { CKA_ID, NULL, 0 }, @@ -416,6 +420,8 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, { CKA_SUBJECT, NULL, 0 }, { CKA_VALUE, NULL, 0 } }; + pubkey_filter[0].pValue = &pubkey_class; + cert_filter[0].pValue = &cert_class; if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs, keysp, nkeys) < 0 || @@ -669,11 +675,19 @@ fail: dlclose(handle); return (-1); } + #else + int -pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) +pkcs11_init(int interactive) { - error("dlopen() not supported"); - return (-1); + return (0); } -#endif + +void +pkcs11_terminate(void) +{ + return; +} + +#endif /* ENABLE_PKCS11 */ diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11.h b/crypto/external/bsd/openssh/dist/ssh-pkcs11.h index 184a4fcc6..0ced74f29 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11.h +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11.h @@ -1,5 +1,4 @@ -/* $NetBSD: ssh-pkcs11.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11.h,v 1.4 2015/01/15 09:40:00 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * diff --git a/crypto/external/bsd/openssh/dist/ssh-rsa.c b/crypto/external/bsd/openssh/dist/ssh-rsa.c index 3c57730cb..cdc18a416 100644 --- a/crypto/external/bsd/openssh/dist/ssh-rsa.c +++ b/crypto/external/bsd/openssh/dist/ssh-rsa.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh-rsa.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: ssh-rsa.c,v 1.53 2015/06/15 01:32:50 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl @@ -17,12 +16,15 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-rsa.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); + +#ifdef WITH_OPENSSL + #include #include #include +#include #include #include "sshbuf.h" @@ -263,3 +265,4 @@ done: } return ret; } +#endif /* WITH_OPENSSL */ diff --git a/crypto/external/bsd/openssh/dist/ssh-sandbox.h b/crypto/external/bsd/openssh/dist/ssh-sandbox.h old mode 100755 new mode 100644 index dfecd5aa0..bd5fd8372 --- a/crypto/external/bsd/openssh/dist/ssh-sandbox.h +++ b/crypto/external/bsd/openssh/dist/ssh-sandbox.h @@ -15,9 +15,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +struct monitor; struct ssh_sandbox; -struct ssh_sandbox *ssh_sandbox_init(void); +struct ssh_sandbox *ssh_sandbox_init(struct monitor *); void ssh_sandbox_child(struct ssh_sandbox *); void ssh_sandbox_parent_finish(struct ssh_sandbox *); void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); diff --git a/crypto/external/bsd/openssh/dist/ssh.1 b/crypto/external/bsd/openssh/dist/ssh.1 index d8b466db2..2ea0a2058 100644 --- a/crypto/external/bsd/openssh/dist/ssh.1 +++ b/crypto/external/bsd/openssh/dist/ssh.1 @@ -1,5 +1,3 @@ -.\" $NetBSD: ssh.1,v 1.16 2015/08/13 10:33:21 christos Exp $ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,7 +34,7 @@ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $OpenBSD: ssh.1,v 1.361 2015/07/20 18:44:12 millert Exp $ -.Dd July 20 2015 +.Dd $Mdocdate: July 20 2015 $ .Dt SSH 1 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/ssh.c b/crypto/external/bsd/openssh/dist/ssh.c index 9302e2531..59c1f931c 100644 --- a/crypto/external/bsd/openssh/dist/ssh.c +++ b/crypto/external/bsd/openssh/dist/ssh.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh.c,v 1.19 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */ /* * Author: Tatu Ylonen @@ -42,24 +41,26 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh.c,v 1.19 2015/08/13 10:33:21 christos Exp $"); + #include -#include -#include -#include +#ifdef HAVE_SYS_STAT_H +# include +#endif #include +#include #include -#include -#include #include #include #include #include #include +#ifdef HAVE_PATHS_H #include +#endif #include #include +#include #include #include #include @@ -68,11 +69,14 @@ __RCSID("$NetBSD: ssh.c,v 1.19 2015/08/13 10:33:21 christos Exp $"); #include #include +#include #ifdef WITH_OPENSSL #include #include #endif +#include "openbsd-compat/openssl-compat.h" +#include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "ssh.h" @@ -112,6 +116,11 @@ __RCSID("$NetBSD: ssh.c,v 1.19 2015/08/13 10:33:21 christos Exp $"); extern char *__progname; +/* Saves a copy of argv for setproctitle emulation */ +#ifndef HAVE_SETPROCTITLE +static char **saved_av; +#endif + /* Flag indicating whether debug mode is on. May be set on the command line. */ int debug_flag = 0; @@ -188,7 +197,7 @@ extern u_int muxclient_command; /* Prints a help message to the user. This function never returns. */ -__dead static void +static void usage(void) { fprintf(stderr, @@ -512,12 +521,24 @@ main(int ac, char **av) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); + __progname = ssh_get_progname(av[0]); + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + /* Save argv so it isn't clobbered by setproctitle() emulation */ + saved_av = xcalloc(ac + 1, sizeof(*saved_av)); + for (i = 0; i < ac; i++) + saved_av[i] = xstrdup(av[i]); + saved_av[i] = NULL; + compat_init_setproctitle(ac, av); + av = saved_av; +#endif + /* * Discard other fds that are hanging around. These can cause problem * with backgrounded ssh processes started by ControlPersist. */ - if (closefrom(STDERR_FILENO + 1) == -1) - fatal("closefrom failed: %.100s", strerror(errno)); + closefrom(STDERR_FILENO + 1); /* * Save the original real uid. It will be needed later (uid-swapping @@ -535,6 +556,7 @@ main(int ac, char **av) */ PRIV_END; +#ifdef HAVE_SETRLIMIT /* If we are installed setuid root be careful to not drop core. */ if (original_real_uid != original_effective_uid) { struct rlimit rlim; @@ -542,6 +564,7 @@ main(int ac, char **av) if (setrlimit(RLIMIT_CORE, &rlim) < 0) fatal("setrlimit failed: %.100s", strerror(errno)); } +#endif /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { @@ -713,7 +736,7 @@ main(int ac, char **av) break; case 'V': fprintf(stderr, "%s, %s\n", - SSH_VERSION, + SSH_RELEASE, #ifdef WITH_OPENSSL SSLeay_version(SSLEAY_VERSION) #else @@ -861,10 +884,6 @@ main(int ac, char **av) break; case 'T': options.request_tty = REQUEST_TTY_NO; - /* ensure that the user doesn't try to backdoor a */ - /* null cipher switch on an interactive session */ - /* so explicitly disable it no matter what */ - options.none_switch = 0; break; case 'o': line = xstrdup(optarg); @@ -970,7 +989,7 @@ main(int ac, char **av) SYSLOG_FACILITY_USER, !use_syslog); if (debug_flag) - logit("%s, %s", SSH_VERSION, + logit("%s, %s", SSH_RELEASE, #ifdef WITH_OPENSSL SSLeay_version(SSLEAY_VERSION) #else @@ -1065,8 +1084,10 @@ main(int ac, char **av) "disabling"); options.update_hostkeys = 0; } +#ifndef HAVE_CYGWIN if (original_effective_uid != 0) options.use_privileged_port = 0; +#endif /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); @@ -1091,6 +1112,8 @@ main(int ac, char **av) tty_flag = 0; } + seed_rng(); + if (options.user == NULL) options.user = xstrdup(pw->pw_name); @@ -1173,7 +1196,7 @@ main(int ac, char **av) options.address_family, options.connection_attempts, &timeout_ms, options.tcp_keep_alive, options.use_privileged_port) != 0) - exit(255); + exit(255); if (addrs != NULL) freeaddrinfo(addrs); @@ -1200,20 +1223,26 @@ main(int ac, char **av) sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); + for (i = 0; i < sensitive_data.nkeys; i++) + sensitive_data.keys[i] = NULL; PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL); +#endif sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, "", NULL); sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); sensitive_data.keys[4] = key_load_private_cert(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); +#endif sensitive_data.keys[6] = key_load_private_type(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); sensitive_data.keys[7] = key_load_private_type(KEY_RSA, @@ -1228,16 +1257,20 @@ main(int ac, char **av) sensitive_data.keys[6] == NULL && sensitive_data.keys[7] == NULL && sensitive_data.keys[8] == NULL) { +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_cert( _PATH_HOST_ECDSA_KEY_FILE); +#endif sensitive_data.keys[2] = key_load_cert( _PATH_HOST_ED25519_KEY_FILE); sensitive_data.keys[3] = key_load_cert( _PATH_HOST_RSA_KEY_FILE); sensitive_data.keys[4] = key_load_cert( _PATH_HOST_DSA_KEY_FILE); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[5] = key_load_public( _PATH_HOST_ECDSA_KEY_FILE, NULL); +#endif sensitive_data.keys[6] = key_load_public( _PATH_HOST_ED25519_KEY_FILE, NULL); sensitive_data.keys[7] = key_load_public( @@ -1266,12 +1299,18 @@ main(int ac, char **av) if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { +#ifdef WITH_SELINUX + ssh_selinux_setfscreatecon(buf); +#endif if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); +#ifdef WITH_SELINUX + ssh_selinux_setfscreatecon(NULL); +#endif + } } - /* load options.identity_files */ load_public_identity_files(); @@ -1435,7 +1474,7 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) } } -__dead static void +static void client_cleanup_stdio_fwd(int id, void *arg) { debug("stdio forwarding: done"); @@ -1563,6 +1602,7 @@ ssh_session(void) int interactive = 0; int have_tty = 0; struct winsize ws; + char *cp; const char *display; /* Enable compression if requested. */ @@ -1591,7 +1631,6 @@ ssh_session(void) } /* Allocate a pseudo tty if appropriate. */ if (tty_flag) { - const char *dp; debug("Requesting pty."); /* Start the packet. */ @@ -1599,10 +1638,10 @@ ssh_session(void) /* Store TERM in the packet. There is no limit on the length of the string. */ - dp = getenv("TERM"); - if (!dp) - dp = ""; - packet_put_cstring(dp); + cp = getenv("TERM"); + if (!cp) + cp = ""; + packet_put_cstring(cp); /* Store window size in the packet. */ if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) @@ -1775,9 +1814,6 @@ ssh_session2_open(void) { Channel *c; int window, packetmax, in, out, err; - int sock; - int socksize; - socklen_t socksizelen = sizeof(int); if (stdin_null_flag) { in = open(_PATH_DEVNULL, O_RDONLY); @@ -1798,75 +1834,9 @@ ssh_session2_open(void) if (!isatty(err)) set_nonblock(err); - /* we need to check to see if what they want to do about buffer */ - /* sizes here. In a hpn to nonhpn connection we want to limit */ - /* the window size to something reasonable in case the far side */ - /* has the large window bug. In hpn to hpn connection we want to */ - /* use the max window size but allow the user to override it */ - /* lastly if they disabled hpn then use the ssh std window size */ - - /* so why don't we just do a getsockopt() here and set the */ - /* ssh window to that? In the case of a autotuning receive */ - /* window the window would get stuck at the initial buffer */ - /* size generally less than 96k. Therefore we need to set the */ - /* maximum ssh window size to the maximum hpn buffer size */ - /* unless the user has specifically set the tcprcvbufpoll */ - /* to no. In which case we *can* just set the window to the */ - /* minimum of the hpn buffer size and tcp receive buffer size */ - - if (tty_flag) - options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - else - options.hpn_buffer_size = 2*1024*1024; - - if (datafellows & SSH_BUG_LARGEWINDOW) - { - debug("HPN to Non-HPN Connection"); - } - else - { - if (options.tcp_rcv_buf_poll <= 0) - { - sock = socket(AF_INET, SOCK_STREAM, 0); - getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen); - close(sock); - debug("socksize %d", socksize); - options.hpn_buffer_size = socksize; - debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size); - } - else - { - if (options.tcp_rcv_buf > 0) - { - /*create a socket but don't connect it */ - /* we use that the get the rcv socket size */ - sock = socket(AF_INET, SOCK_STREAM, 0); - /* if they are using the tcp_rcv_buf option */ - /* attempt to set the buffer size to that */ - if (options.tcp_rcv_buf) - setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf, - sizeof(options.tcp_rcv_buf)); - getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen); - close(sock); - debug("socksize %d", socksize); - options.hpn_buffer_size = socksize; - debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size); - } - } - - } - - debug("Final hpn_buffer_size = %d", options.hpn_buffer_size); - - window = options.hpn_buffer_size; - - channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); - + window = CHAN_SES_WINDOW_DEFAULT; packetmax = CHAN_SES_PACKET_DEFAULT; if (tty_flag) { - window = 4*CHAN_SES_PACKET_DEFAULT; window >>= 1; packetmax >>= 1; } @@ -1875,10 +1845,6 @@ ssh_session2_open(void) window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) { - c->dynamic_window = 1; - debug ("Enabled Dynamic Window Scaling"); - } debug3("ssh_session2_open: channel_new: %d", c->self); channel_send_open(c->self); diff --git a/crypto/external/bsd/openssh/dist/ssh.h b/crypto/external/bsd/openssh/dist/ssh.h index c8bffcc04..39c7e18af 100644 --- a/crypto/external/bsd/openssh/dist/ssh.h +++ b/crypto/external/bsd/openssh/dist/ssh.h @@ -1,4 +1,3 @@ -/* $NetBSD: ssh.h,v 1.6 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: ssh.h,v 1.81 2015/08/04 05:23:06 djm Exp $ */ /* @@ -84,15 +83,14 @@ /* Used to identify ``EscapeChar none'' */ #define SSH_ESCAPECHAR_NONE -2 -/* Name of Kerberos service for SSH to use. */ -#define KRB4_SERVICE_NAME "rcmd" - /* * unprivileged user when UsePrivilegeSeparation=yes; * sshd will change its privileges to this user and its * primary group. */ +#ifndef SSH_PRIVSEP_USER #define SSH_PRIVSEP_USER "sshd" +#endif /* Minimum modulus size (n) for RSA keys. */ #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 diff --git a/crypto/external/bsd/openssh/dist/ssh1.h b/crypto/external/bsd/openssh/dist/ssh1.h index 5bf37c589..353d93041 100644 --- a/crypto/external/bsd/openssh/dist/ssh1.h +++ b/crypto/external/bsd/openssh/dist/ssh1.h @@ -1,4 +1,3 @@ -/* $NetBSD: ssh1.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh1.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ssh2.h b/crypto/external/bsd/openssh/dist/ssh2.h index 32aabe345..59417e612 100644 --- a/crypto/external/bsd/openssh/dist/ssh2.h +++ b/crypto/external/bsd/openssh/dist/ssh2.h @@ -1,4 +1,3 @@ -/* $NetBSD: ssh2.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh2.h,v 1.15 2014/01/29 06:18:35 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ssh_api.c b/crypto/external/bsd/openssh/dist/ssh_api.c index 66a9cc7da..6c712584f 100644 --- a/crypto/external/bsd/openssh/dist/ssh_api.c +++ b/crypto/external/bsd/openssh/dist/ssh_api.c @@ -1,4 +1,3 @@ -/* $NetBSD: ssh_api.c,v 1.2 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh_api.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. @@ -17,7 +16,6 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh_api.c,v 1.2 2015/04/03 23:58:19 christos Exp $"); #include "ssh1.h" /* For SSH_MSG_NONE */ #include "ssh_api.h" @@ -76,14 +74,16 @@ mm_choose_dh(int min, int nbits, int max) int ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) { - const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; struct ssh *ssh; - const char **proposal; + char **proposal; static int called; int r; if (!called) { +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif /* WITH_OPENSSL */ called = 1; } @@ -93,7 +93,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh_packet_set_server(ssh); /* Initialize key exchange */ - proposal = kex_params ? (const char **)(void *)kex_params->proposal : myproposal; + proposal = kex_params ? kex_params->proposal : myproposal; if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0) { ssh_free(ssh); return r; @@ -105,7 +105,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +# endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server; ssh->kex->load_host_public_key=&_ssh_host_public_key; @@ -117,7 +119,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +# endif #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; ssh->kex->verify_host_key =&_ssh_verify_host_key; @@ -515,7 +519,7 @@ _ssh_order_hostkeyalgs(struct ssh *ssh) free(orig); proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace; replace = NULL; /* owned by proposal */ - r = kex_prop2buf(ssh->kex->my, (const char **)(void *)proposal); + r = kex_prop2buf(ssh->kex->my, proposal); } out: free(oavail); diff --git a/crypto/external/bsd/openssh/dist/ssh_api.h b/crypto/external/bsd/openssh/dist/ssh_api.h index 477c427ec..642acd5b2 100644 --- a/crypto/external/bsd/openssh/dist/ssh_api.h +++ b/crypto/external/bsd/openssh/dist/ssh_api.h @@ -1,4 +1,3 @@ -/* $NetBSD: ssh_api.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. @@ -19,10 +18,11 @@ #ifndef API_H #define API_H -#include #include #include +#include "openbsd-compat/sys-queue.h" + #include "cipher.h" #include "sshkey.h" #include "kex.h" diff --git a/crypto/external/bsd/openssh/dist/ssh_config b/crypto/external/bsd/openssh/dist/ssh_config index 18a2f5e0c..03a228fbd 100644 --- a/crypto/external/bsd/openssh/dist/ssh_config +++ b/crypto/external/bsd/openssh/dist/ssh_config @@ -1,4 +1,3 @@ -# $NetBSD: ssh_config,v 1.8 2015/04/03 23:58:19 christos Exp $ # $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ # This is the ssh client system-wide configuration file. See @@ -25,6 +24,8 @@ # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any @@ -37,7 +38,7 @@ # Protocol 2,1 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,hmac-ripemd160 +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any @@ -45,10 +46,3 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h - -# If you use xorg from pkgsrc then uncomment the following line. -# XAuthLocation /usr/pkg/bin/xauth - -# NetBSD.org DNS provides SSHFP records - use them when possible -Host *.netbsd.org *.NetBSD.org - VerifyHostKeyDNS ask diff --git a/crypto/external/bsd/openssh/dist/ssh_config.5 b/crypto/external/bsd/openssh/dist/ssh_config.5 index 9d59f5d60..a47f3ca9e 100644 --- a/crypto/external/bsd/openssh/dist/ssh_config.5 +++ b/crypto/external/bsd/openssh/dist/ssh_config.5 @@ -1,5 +1,3 @@ -.\" $NetBSD: ssh_config.5,v 1.16 2015/08/21 08:20:59 christos Exp $ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,7 +34,7 @@ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ -.Dd August 14 2015 +.Dd $Mdocdate: August 14 2015 $ .Dt SSH_CONFIG 5 .Os .Sh NAME diff --git a/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c b/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c index e78964a8a..8ff8a0a28 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c +++ b/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c @@ -14,8 +14,9 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#define SSHBUF_INTERNAL #include "includes.h" -__RCSID("$NetBSD: sshbuf-getput-basic.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include #include @@ -23,7 +24,6 @@ __RCSID("$NetBSD: sshbuf-getput-basic.c,v 1.3 2015/04/03 23:58:19 christos Exp $ #include #include "ssherr.h" -#define SSHBUF_INTERNAL #include "sshbuf.h" int @@ -363,7 +363,7 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) int sshbuf_put_cstring(struct sshbuf *buf, const char *v) { - return sshbuf_put_string(buf, __UNCONST(v), v == NULL ? 0 : strlen(v)); + return sshbuf_put_string(buf, (u_char *)v, v == NULL ? 0 : strlen(v)); } int diff --git a/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c b/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c index 18b0838f8..e2e093c00 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c +++ b/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c @@ -14,8 +14,9 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#define SSHBUF_INTERNAL #include "includes.h" -__RCSID("$NetBSD: sshbuf-getput-crypto.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include #include @@ -23,10 +24,11 @@ __RCSID("$NetBSD: sshbuf-getput-crypto.c,v 1.3 2015/04/03 23:58:19 christos Exp #include #include -#include +#ifdef OPENSSL_HAS_ECC +# include +#endif /* OPENSSL_HAS_ECC */ #include "ssherr.h" -#define SSHBUF_INTERNAL #include "sshbuf.h" int @@ -69,6 +71,7 @@ sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v) return 0; } +#ifdef OPENSSL_HAS_ECC static int get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g) { @@ -138,6 +141,7 @@ sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) } return 0; } +#endif /* OPENSSL_HAS_ECC */ int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) @@ -183,6 +187,7 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) return 0; } +#ifdef OPENSSL_HAS_ECC int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) { @@ -215,4 +220,5 @@ sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v) return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v), EC_KEY_get0_group(v)); } +#endif /* OPENSSL_HAS_ECC */ diff --git a/crypto/external/bsd/openssh/dist/sshbuf-misc.c b/crypto/external/bsd/openssh/dist/sshbuf-misc.c index 6d720e699..d022065f9 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf-misc.c +++ b/crypto/external/bsd/openssh/dist/sshbuf-misc.c @@ -14,15 +14,17 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include "includes.h" -__RCSID("$NetBSD: sshbuf-misc.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); #include #include #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include diff --git a/crypto/external/bsd/openssh/dist/sshbuf.c b/crypto/external/bsd/openssh/dist/sshbuf.c index 4f1fa5d7e..dbe0c9192 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf.c +++ b/crypto/external/bsd/openssh/dist/sshbuf.c @@ -14,8 +14,9 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#define SSHBUF_INTERNAL #include "includes.h" -__RCSID("$NetBSD: sshbuf.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include /* roundup */ #include @@ -25,7 +26,6 @@ __RCSID("$NetBSD: sshbuf.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include #include "ssherr.h" -#define SSHBUF_INTERNAL #include "sshbuf.h" static inline int diff --git a/crypto/external/bsd/openssh/dist/sshbuf.h b/crypto/external/bsd/openssh/dist/sshbuf.h index 7e5fdc9eb..eb0d92e10 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf.h +++ b/crypto/external/bsd/openssh/dist/sshbuf.h @@ -21,8 +21,12 @@ #include #include #include -#include -#include +#ifdef WITH_OPENSSL +# include +# ifdef OPENSSL_HAS_ECC +# include +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ #define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ @@ -161,8 +165,7 @@ int sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v); /* Append using a printf(3) format */ int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) __attribute__((format(printf, 2, 3))); -int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) - __printflike(2, 0); +int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); /* Functions to extract or store big-endian words of various sizes */ int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp); @@ -205,17 +208,21 @@ int sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, * Functions to extract or store SSH wire encoded bignums and elliptic * curve points. */ -int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); -int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); +int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); int sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp); +#ifdef WITH_OPENSSL +int sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v); +int sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v); int sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v); int sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v); -int sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len); +# ifdef OPENSSL_HAS_ECC int sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g); int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v); int sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g); int sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v); +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ /* Dump the contents of the buffer in a human-readable format */ void sshbuf_dump(struct sshbuf *buf, FILE *f); @@ -234,22 +241,22 @@ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); /* Macros for decoding/encoding integers */ #define PEEK_U64(p) \ - (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ - ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ - ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ - ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ - ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ - ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ - ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ - (u_int64_t)(((const u_char *)(p))[7])) + (((u_int64_t)(((u_char *)(p))[0]) << 56) | \ + ((u_int64_t)(((u_char *)(p))[1]) << 48) | \ + ((u_int64_t)(((u_char *)(p))[2]) << 40) | \ + ((u_int64_t)(((u_char *)(p))[3]) << 32) | \ + ((u_int64_t)(((u_char *)(p))[4]) << 24) | \ + ((u_int64_t)(((u_char *)(p))[5]) << 16) | \ + ((u_int64_t)(((u_char *)(p))[6]) << 8) | \ + (u_int64_t)(((u_char *)(p))[7])) #define PEEK_U32(p) \ - (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ - ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ - ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ - (u_int32_t)(((const u_char *)(p))[3])) + (((u_int32_t)(((u_char *)(p))[0]) << 24) | \ + ((u_int32_t)(((u_char *)(p))[1]) << 16) | \ + ((u_int32_t)(((u_char *)(p))[2]) << 8) | \ + (u_int32_t)(((u_char *)(p))[3])) #define PEEK_U16(p) \ - (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ - (u_int16_t)(((const u_char *)(p))[1])) + (((u_int16_t)(((u_char *)(p))[0]) << 8) | \ + (u_int16_t)(((u_char *)(p))[1])) #define POKE_U64(p, v) \ do { \ diff --git a/crypto/external/bsd/openssh/dist/sshconnect.c b/crypto/external/bsd/openssh/dist/sshconnect.c index b44caf1b1..17fbe39b0 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect.c +++ b/crypto/external/bsd/openssh/dist/sshconnect.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshconnect.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -15,31 +14,37 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect.c,v 1.13 2015/08/21 08:20:59 christos Exp $"); + #include /* roundup */ #include -#include #include #include #include -#include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include -#include +#include #include #include #include #include +#ifdef HAVE_PATHS_H #include -#include +#endif #include +#include +#include #include #include #include #include #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" #include "ssh.h" #include "rsa.h" #include "buffer.h" @@ -104,7 +109,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, char *command_string; int sp[2], sock; pid_t pid; - const char *shell; + char *shell; if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; @@ -141,8 +146,8 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, * Stderr is left as it is so that error messages get * printed on the user's terminal. */ - argv[0] = __UNCONST(shell); - argv[1] = __UNCONST("-c"); + argv[0] = shell; + argv[1] = "-c"; argv[2] = command_string; argv[3] = NULL; @@ -185,7 +190,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) char *shell; if ((shell = getenv("SHELL")) == NULL || *shell == '\0') - shell = __UNCONST(_PATH_BSHELL); + shell = _PATH_BSHELL; /* Create pipes for communicating with the proxy. */ if (pipe(pin) < 0 || pipe(pout) < 0) @@ -219,7 +224,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) /* Stderr is left as it is so that error messages get printed on the user's terminal. */ argv[0] = shell; - argv[1] = __UNCONST("-c"); + argv[1] = "-c"; argv[2] = command_string; argv[3] = NULL; @@ -261,30 +266,6 @@ ssh_kill_proxy_command(void) kill(proxy_command_pid, SIGHUP); } -/* - * Set TCP receive buffer if requested. - * Note: tuning needs to happen after the socket is - * created but before the connection happens - * so winscale is negotiated properly -cjr - */ -static void -ssh_set_socket_recvbuf(int sock) -{ - void *buf = (void *)&options.tcp_rcv_buf; - int sz = sizeof(options.tcp_rcv_buf); - int socksize; - socklen_t socksizelen = sizeof(int); - - debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf); - if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) { - getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen); - debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize); - } - else - error("Couldn't set socket receive buffer to %d: %.100s", - options.tcp_rcv_buf, strerror(errno)); -} - /* * Creates a (possibly privileged) socket for use as the ssh connection. */ @@ -301,9 +282,6 @@ ssh_create_socket(int privileged, struct addrinfo *ai) } fcntl(sock, F_SETFD, FD_CLOEXEC); - if (options.tcp_rcv_buf > 0) - ssh_set_socket_recvbuf(sock); - /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL && !privileged) return sock; @@ -482,10 +460,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, /* Create a socket for connecting. */ sock = ssh_create_socket(needpriv, ai); if (sock < 0) - /* - * Any serious error is already output, - * at least in the debug case. - */ + /* Any error is already output */ continue; if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, @@ -770,6 +745,22 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, u_short port, char **hostfile_hostname, char **hostfile_ipaddr) { char ntop[NI_MAXHOST]; + socklen_t addrlen; + + switch (hostaddr == NULL ? -1 : hostaddr->sa_family) { + case -1: + addrlen = 0; + break; + case AF_INET: + addrlen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + addrlen = sizeof(struct sockaddr_in6); + break; + default: + addrlen = sizeof(struct sockaddr); + break; + } /* * We don't have the remote ip-address for connections @@ -777,7 +768,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, */ if (hostfile_ipaddr != NULL) { if (options.proxy_command == NULL) { - if (getnameinfo(hostaddr, hostaddr->sa_len, + if (getnameinfo(hostaddr, addrlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("%s: getnameinfo failed", __func__); *hostfile_ipaddr = put_host_port(ntop, port); @@ -1072,7 +1063,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, if (readonly == ROQUIET) goto fail; if (options.check_host_ip && host_ip_differ) { - const char *key_msg; + char *key_msg; if (ip_status == HOST_NEW) key_msg = "is unknown"; else if (ip_status == HOST_OK) @@ -1463,7 +1454,7 @@ warn_changed_key(Key *host_key) int ssh_local_cmd(const char *args) { - const char *shell; + char *shell; pid_t pid; int status; void (*osighand)(int); diff --git a/crypto/external/bsd/openssh/dist/sshconnect.h b/crypto/external/bsd/openssh/dist/sshconnect.h index 33df6a759..0ea6e99f6 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect.h +++ b/crypto/external/bsd/openssh/dist/sshconnect.h @@ -1,4 +1,3 @@ -/* $NetBSD: sshconnect.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sshconnect.h,v 1.28 2013/10/16 02:31:47 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sshconnect1.c b/crypto/external/bsd/openssh/dist/sshconnect1.c index 58bab1d31..016abbce5 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect1.c +++ b/crypto/external/bsd/openssh/dist/sshconnect1.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshconnect1.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sshconnect1.c,v 1.77 2015/01/14 20:05:27 djm Exp $ */ /* * Author: Tatu Ylonen @@ -15,31 +14,21 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect1.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); + +#ifdef WITH_SSH1 + #include #include -#include #include #include +#include #include #include #include #include #include -#include - -#ifdef KRB4 -#include -#ifdef AFS -#include -#include "radix.h" -#endif -#endif -#ifdef KRB5 -#include -#endif #include "xmalloc.h" #include "ssh.h" @@ -223,128 +212,6 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) explicit_bzero(&md, sizeof(md)); } -#ifdef KRB4 -static int -try_krb4_authentication(void) -{ - KTEXT_ST auth; /* Kerberos data */ - char *reply; - char inst[INST_SZ]; - char *realm; - CREDENTIALS cred; - int r, type; - socklen_t slen; - Key_schedule schedule; - u_long checksum, cksum; - MSG_DAT msg_data; - struct sockaddr_in local, foreign; - struct stat st; - - /* Don't do anything if we don't have any tickets. */ - if (stat(tkt_string(), &st) < 0) - return 0; - - strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)), - INST_SZ); - - realm = (char *)krb_realmofhost(get_canonical_hostname(1)); - if (!realm) { - debug("Kerberos v4: no realm for %s", get_canonical_hostname(1)); - return 0; - } - /* This can really be anything. */ - checksum = (u_long)getpid(); - - r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum); - if (r != KSUCCESS) { - debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]); - return 0; - } - /* Get session key to decrypt the server's reply with. */ - r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred); - if (r != KSUCCESS) { - debug("get_cred failed: %s", krb_err_txt[r]); - return 0; - } - des_key_sched((des_cblock *) cred.session, schedule); - - /* Send authentication info to server. */ - packet_start(SSH_CMSG_AUTH_KERBEROS); - packet_put_string((char *) auth.dat, auth.length); - packet_send(); - packet_write_wait(); - - /* Zero the buffer. */ - (void) memset(auth.dat, 0, MAX_KTXT_LEN); - - slen = sizeof(local); - memset(&local, 0, sizeof(local)); - if (getsockname(packet_get_connection_in(), - (struct sockaddr *)&local, &slen) < 0) - debug("getsockname failed: %s", strerror(errno)); - - slen = sizeof(foreign); - memset(&foreign, 0, sizeof(foreign)); - if (getpeername(packet_get_connection_in(), - (struct sockaddr *)&foreign, &slen) < 0) { - debug("getpeername failed: %s", strerror(errno)); - cleanup_exit(255); - } - /* Get server reply. */ - type = packet_read(); - switch (type) { - case SSH_SMSG_FAILURE: - /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ - debug("Kerberos v4 authentication failed."); - return 0; - break; - - case SSH_SMSG_AUTH_KERBEROS_RESPONSE: - /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ - debug("Kerberos v4 authentication accepted."); - - /* Get server's response. */ - reply = packet_get_string((u_int *) &auth.length); - if (auth.length >= MAX_KTXT_LEN) - fatal("Kerberos v4: Malformed response from server"); - memcpy(auth.dat, reply, auth.length); - free(reply); - - packet_check_eom(); - - /* - * If his response isn't properly encrypted with the session - * key, and the decrypted checksum fails to match, he's - * bogus. Bail out. - */ - r = krb_rd_priv(auth.dat, auth.length, (void *)schedule, - &cred.session, &foreign, &local, &msg_data); - if (r != KSUCCESS) { - debug("Kerberos v4 krb_rd_priv failed: %s", - krb_err_txt[r]); - packet_disconnect("Kerberos v4 challenge failed!"); - } - /* Fetch the (incremented) checksum that we supplied in the request. */ - memcpy((char *)&cksum, (char *)msg_data.app_data, - sizeof(cksum)); - cksum = ntohl(cksum); - - /* If it matches, we're golden. */ - if (cksum == checksum + 1) { - debug("Kerberos v4 challenge successful."); - return 1; - } else - packet_disconnect("Kerberos v4 challenge failed!"); - break; - - default: - packet_disconnect("Protocol error on Kerberos v4 response: %d", type); - } - return 0; -} - -#endif /* KRB4 */ - /* * Checks if the user has authentication file, and if so, tries to authenticate * the user using it. @@ -465,332 +332,6 @@ try_rsa_authentication(int idx) return 0; } -#ifdef KRB5 -static int -try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) -{ - krb5_error_code problem; - const char *tkfile; - struct stat buf; - krb5_ccache ccache = NULL; - const char *remotehost; - krb5_data ap; - int type; - krb5_ap_rep_enc_part *reply = NULL; - int ret; - const char *errtxt; - - memset(&ap, 0, sizeof(ap)); - - problem = krb5_init_context(context); - if (problem) { - debug("Kerberos v5: krb5_init_context failed"); - ret = 0; - goto out; - } - - tkfile = krb5_cc_default_name(*context); - if (strncmp(tkfile, "FILE:", 5) == 0) - tkfile += 5; - - if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) { - debug("Kerberos v5: could not get default ccache (permission denied)."); - ret = 0; - goto out; - } - - problem = krb5_cc_default(*context, &ccache); - if (problem) { - errtxt = krb5_get_error_message(*context, problem); - if (errtxt != NULL) { - debug("Kerberos v5: krb5_cc_default failed: %s", - errtxt); - krb5_free_error_message(*context, errtxt); - } else - debug("Kerberos v5: krb5_cc_default failed: %d", - problem); - ret = 0; - goto out; - } - - remotehost = get_canonical_hostname(1); - - problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED, - "host", remotehost, NULL, ccache, &ap); - if (problem) { - errtxt = krb5_get_error_message(*context, problem); - if (errtxt != NULL) { - debug("Kerberos v5: krb5_mk_req failed: %s", errtxt); - krb5_free_error_message(*context, errtxt); - } else - debug("Kerberos v5: krb5_mk_req failed: %d", problem); - ret = 0; - goto out; - } - - packet_start(SSH_CMSG_AUTH_KERBEROS); - packet_put_string((char *) ap.data, ap.length); - packet_send(); - packet_write_wait(); - - free(ap.data); - ap.length = 0; - - type = packet_read(); - switch (type) { - case SSH_SMSG_FAILURE: - /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ - debug("Kerberos v5 authentication failed."); - ret = 0; - break; - - case SSH_SMSG_AUTH_KERBEROS_RESPONSE: - /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ - debug("Kerberos v5 authentication accepted."); - - /* Get server's response. */ - ap.data = packet_get_string((unsigned int *) &ap.length); - packet_check_eom(); - /* XXX je to dobre? */ - - problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); - if (problem) { - ret = 0; - } - ret = 1; - break; - - default: - packet_disconnect("Protocol error on Kerberos v5 response: %d", - type); - ret = 0; - break; - - } - - out: - if (ccache != NULL) - krb5_cc_close(*context, ccache); - if (reply != NULL) - krb5_free_ap_rep_enc_part(*context, reply); - if (ap.length > 0) - krb5_data_free(&ap); - - return (ret); -} - -static void -send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) -{ - int fd, type; - krb5_error_code problem; - krb5_data outbuf; - krb5_ccache ccache = NULL; - krb5_creds creds; - krb5_kdc_flags flags; - const char *remotehost; - const char *errtxt; - - memset(&creds, 0, sizeof(creds)); - memset(&outbuf, 0, sizeof(outbuf)); - - fd = packet_get_connection_in(); - - problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd); - if (problem) - goto out; - - problem = krb5_cc_default(context, &ccache); - if (problem) - goto out; - - problem = krb5_cc_get_principal(context, ccache, &creds.client); - if (problem) - goto out; - - problem = krb5_build_principal(context, &creds.server, - strlen(creds.client->realm), creds.client->realm, - "krbtgt", creds.client->realm, NULL); - if (problem) - goto out; - - creds.times.endtime = 0; - - flags.i = 0; - flags.b.forwarded = 1; - flags.b.forwardable = krb5_config_get_bool(context, NULL, - "libdefaults", "forwardable", NULL); - - remotehost = get_canonical_hostname(1); - - problem = krb5_get_forwarded_creds(context, auth_context, - ccache, flags.i, remotehost, &creds, &outbuf); - if (problem) - goto out; - - packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); - packet_put_string((char *)outbuf.data, outbuf.length); - packet_send(); - packet_write_wait(); - - type = packet_read(); - - if (type == SSH_SMSG_SUCCESS) { - char *pname; - - krb5_unparse_name(context, creds.client, &pname); - debug("Kerberos v5 TGT forwarded (%s).", pname); - free(pname); - } else - debug("Kerberos v5 TGT forwarding failed."); - - return; - - out: - if (problem) { - errtxt = krb5_get_error_message(context, problem); - if (errtxt != NULL) { - debug("Kerberos v5 TGT forwarding failed: %s", errtxt); - krb5_free_error_message(context, errtxt); - } else - debug("Kerberos v5 TGT forwarding failed: %d", problem); - } - if (creds.client) - krb5_free_principal(context, creds.client); - if (creds.server) - krb5_free_principal(context, creds.server); - if (ccache) - krb5_cc_close(context, ccache); - if (outbuf.data) - free(outbuf.data); -} -#endif /* KRB5 */ - -#ifdef KRB4 -#ifdef AFS -static void -send_krb4_tgt(void) -{ - CREDENTIALS *creds; - struct stat st; - char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - int problem, type; - - /* Don't do anything if we don't have any tickets. */ - if (stat(tkt_string(), &st) < 0) - return; - - creds = xmalloc(sizeof(*creds)); - - problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm); - if (problem) - goto out; - - problem = krb_get_cred("krbtgt", prealm, prealm, creds); - if (problem) - goto out; - - if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) { - problem = RD_AP_EXP; - goto out; - } - creds_to_radix(creds, (u_char *)buffer, sizeof(buffer)); - - packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); - packet_put_cstring(buffer); - packet_send(); - packet_write_wait(); - - type = packet_read(); - - if (type == SSH_SMSG_SUCCESS) - debug("Kerberos v4 TGT forwarded (%s%s%s@%s).", - creds->pname, creds->pinst[0] ? "." : "", - creds->pinst, creds->realm); - else - debug("Kerberos v4 TGT rejected."); - - free(creds); - return; - - out: - debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]); - free(creds); -} - -static void -send_afs_tokens(void) -{ - CREDENTIALS creds; - struct ViceIoctl parms; - struct ClearToken ct; - int i, type, len; - char buf[2048], *p, *server_cell; - char buffer[8192]; - - /* Move over ktc_GetToken, here's something leaner. */ - for (i = 0; i < 100; i++) { /* just in case */ - parms.in = (char *) &i; - parms.in_size = sizeof(i); - parms.out = buf; - parms.out_size = sizeof(buf); - if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) - break; - p = buf; - - /* Get secret token. */ - memcpy(&creds.ticket_st.length, p, sizeof(u_int)); - if (creds.ticket_st.length > MAX_KTXT_LEN) - break; - p += sizeof(u_int); - memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); - p += creds.ticket_st.length; - - /* Get clear token. */ - memcpy(&len, p, sizeof(len)); - if (len != sizeof(struct ClearToken)) - break; - p += sizeof(len); - memcpy(&ct, p, len); - p += len; - p += sizeof(len); /* primary flag */ - server_cell = p; - - /* Flesh out our credentials. */ - strlcpy(creds.service, "afs", sizeof(creds.service)); - creds.instance[0] = '\0'; - strlcpy(creds.realm, server_cell, REALM_SZ); - memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); - creds.issue_date = ct.BeginTimestamp; - creds.lifetime = krb_time_to_life(creds.issue_date, - ct.EndTimestamp); - creds.kvno = ct.AuthHandle; - snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); - creds.pinst[0] = '\0'; - - /* Encode token, ship it off. */ - if (creds_to_radix(&creds, (u_char *)buffer, - sizeof(buffer)) <= 0) - break; - packet_start(SSH_CMSG_HAVE_AFS_TOKEN); - packet_put_cstring(buffer); - packet_send(); - packet_write_wait(); - - /* Roger, Roger. Clearance, Clarence. What's your vector, - Victor? */ - type = packet_read(); - - if (type == SSH_SMSG_FAILURE) - debug("AFS token for cell %s rejected.", server_cell); - else if (type != SSH_SMSG_SUCCESS) - packet_disconnect("Protocol error on AFS token response: %d", type); - } -} - -#endif /* AFS */ -#endif /* KRB4 */ - /* * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv * authentication and RSA host authentication. @@ -1147,10 +688,6 @@ void ssh_userauth1(const char *local_user, const char *server_user, char *host, Sensitive *sensitive) { -#ifdef KRB5 - krb5_context context = NULL; - krb5_auth_context auth_context = NULL; -#endif int i, type; if (supported_authentications == 0) @@ -1175,36 +712,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); -#ifdef KRB5 - if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && - options.kerberos_authentication) { - debug("Trying Kerberos v5 authentication."); - - if (try_krb5_authentication(&context, &auth_context)) { - type = packet_read(); - if (type == SSH_SMSG_SUCCESS) - goto success; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to Kerberos v5 auth", type); - } - } -#endif /* KRB5 */ - -#ifdef KRB4 - if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && - options.kerberos_authentication) { - debug("Trying Kerberos v4 authentication."); - - if (try_krb4_authentication()) { - type = packet_read(); - if (type == SSH_SMSG_SUCCESS) - goto success; - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to Kerberos v4 auth", type); - } - } -#endif /* KRB4 */ - /* * Try .rhosts or /etc/hosts.equiv authentication with RSA host * authentication. @@ -1258,38 +765,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, /* NOTREACHED */ success: -#ifdef KRB5 - /* Try Kerberos v5 TGT passing. */ - if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && - options.kerberos_tgt_passing && context && auth_context) { - if (options.cipher == SSH_CIPHER_NONE) - logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); - send_krb5_tgt(context, auth_context); - } - if (auth_context) - krb5_auth_con_free(context, auth_context); - if (context) - krb5_free_context(context); -#endif - -#ifdef KRB4 -#ifdef AFS - /* Try Kerberos v4 TGT passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && - options.kerberos_tgt_passing) { - if (options.cipher == SSH_CIPHER_NONE) - logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); - send_krb4_tgt(); - } - /* Try AFS token passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && - options.afs_token_passing && k_hasafs()) { - if (options.cipher == SSH_CIPHER_NONE) - logit("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); - send_afs_tokens(); - } -#endif /* AFS */ -#endif /* KRB4 */ - return; /* need statement after label */ } + +#endif /* WITH_SSH1 */ diff --git a/crypto/external/bsd/openssh/dist/sshconnect2.c b/crypto/external/bsd/openssh/dist/sshconnect2.c index 9ecb6a378..775103185 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect2.c +++ b/crypto/external/bsd/openssh/dist/sshconnect2.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshconnect2.c,v 1.22 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,27 +25,27 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect2.c,v 1.22 2015/08/13 10:33:21 christos Exp $"); + #include #include #include -#include #include #include #include #include +#include +#include +#include #include #include -#include -#include #include +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) #include - -#ifdef KRB5 -#include #endif +#include "openbsd-compat/sys-queue.h" + #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" @@ -82,11 +81,6 @@ extern char *client_version_string; extern char *server_version_string; extern Options options; -/* tty_flag is set in ssh.c. use this in ssh_userauth2 */ -/* if it is set then prevent the switch to the null cipher */ - -extern int tty_flag; - /* * SSH2 key exchange */ @@ -162,7 +156,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) void ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { - const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; struct kex *kex; int r; @@ -212,7 +206,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; +# ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +# endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; @@ -281,7 +277,7 @@ struct cauthctxt { }; struct cauthmethod { - const char *name; /* string to compare against server's list */ + char *name; /* string to compare against server's list */ int (*userauth)(Authctxt *authctxt); void (*cleanup)(Authctxt *authctxt); int *enabled; /* flag in option struct that enables method */ @@ -302,7 +298,6 @@ int userauth_pubkey(Authctxt *); int userauth_passwd(Authctxt *); int userauth_kbdint(Authctxt *); int userauth_hostbased(Authctxt *); -int userauth_kerberos(Authctxt *); #ifdef GSSAPI int userauth_gssapi(Authctxt *authctxt); @@ -337,13 +332,6 @@ Authmethod authmethods[] = { NULL, &options.hostbased_authentication, NULL}, -#if KRB5 - {"kerberos-2@ssh.com", - userauth_kerberos, - NULL, - &options.kerberos_authentication, - NULL}, -#endif {"publickey", userauth_pubkey, NULL, @@ -428,29 +416,6 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); - /* if the user wants to use the none cipher do it */ - /* post authentication and only if the right conditions are met */ - /* both of the NONE commands must be true and there must be no */ - /* tty allocated */ - if ((options.none_switch == 1) && (options.none_enabled == 1)) - { - if (!tty_flag) /* no null on tty sessions */ - { - const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - debug("Requesting none rekeying..."); - myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; - myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; - kex_prop2buf(active_state->kex->my, myproposal); - ssh_packet_request_rekeying(); - fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); - } - else - { - /* requested NONE cipher when in a tty */ - debug("Cannot switch to NONE cipher with tty allocated"); - fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - } - } debug("Authentication succeeded (%s).", authctxt.method->name); } @@ -512,7 +477,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) if (len > 65536) len = 65536; msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ - strvisx(msg, raw, len, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); + strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); fprintf(stderr, "%s", msg); free(msg); } @@ -681,10 +646,8 @@ userauth_gssapi(Authctxt *authctxt) } } - if (!ok) { - ssh_gssapi_delete_ctx(&gssctxt); + if (!ok) return 0; - } authctxt->methoddata=(void *)gssctxt; @@ -1171,7 +1134,7 @@ load_identity_file(char *filename, int userprovided) "Enter passphrase for key '%.100s': ", filename); for (i = 0; i <= options.number_of_password_prompts; i++) { if (i == 0) - passphrase = xstrdup(""); + passphrase = ""; else { passphrase = read_passphrase(prompt, 0); if (*passphrase == '\0') { @@ -1547,8 +1510,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, /* Close everything but stdio and the socket */ for (i = STDERR_FILENO + 1; i < sock; i++) close(i); - if (closefrom(sock + 1) < 0) - fatal("%s: closefrom: %s", __func__, strerror(errno)); + closefrom(sock + 1); debug3("%s: [child] pid=%ld, exec %s", __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); @@ -1760,105 +1722,6 @@ userauth_hostbased(Authctxt *authctxt) return success; } -#if KRB5 -static int -ssh_krb5_helper(krb5_data *ap) -{ - krb5_context xcontext = NULL; /* XXX share with ssh1 */ - krb5_auth_context xauth_context = NULL; - - krb5_context *context; - krb5_auth_context *auth_context; - krb5_error_code problem; - const char *tkfile; - struct stat buf; - krb5_ccache ccache = NULL; - const char *remotehost; - int ret; - const char *errtxt; - - memset(ap, 0, sizeof(*ap)); - - context = &xcontext; - auth_context = &xauth_context; - - problem = krb5_init_context(context); - if (problem) { - debug("Kerberos v5: krb5_init_context failed"); - ret = 0; - goto out; - } - - tkfile = krb5_cc_default_name(*context); - if (strncmp(tkfile, "FILE:", 5) == 0) - tkfile += 5; - - if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) { - debug("Kerberos v5: could not get default ccache (permission denied)."); - ret = 0; - goto out; - } - - problem = krb5_cc_default(*context, &ccache); - if (problem) { - errtxt = krb5_get_error_message(*context, problem); - if (errtxt != NULL) { - debug("Kerberos v5: krb5_cc_default failed: %s", - errtxt); - krb5_free_error_message(*context, errtxt); - } else - debug("Kerberos v5: krb5_cc_default failed: %d", - problem); - ret = 0; - goto out; - } - - remotehost = get_canonical_hostname(1); - - problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED, - "host", remotehost, NULL, ccache, ap); - if (problem) { - errtxt = krb5_get_error_message(*context, problem); - if (errtxt != NULL) { - debug("Kerberos v5: krb5_mk_req failed: %s", errtxt); - krb5_free_error_message(*context, errtxt); - } else - debug("Kerberos v5: krb5_mk_req failed: %d", problem); - ret = 0; - goto out; - } - ret = 1; - - out: - if (ccache != NULL) - krb5_cc_close(*context, ccache); - if (*auth_context) - krb5_auth_con_free(*context, *auth_context); - if (*context) - krb5_free_context(*context); - return (ret); -} - -int -userauth_kerberos(Authctxt *authctxt) -{ - krb5_data ap; - - if (ssh_krb5_helper(&ap) == 0) - return (0); - - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_string(ap.data, ap.length); - packet_send(); - - krb5_data_free(&ap); - return (1); -} -#endif - /* find auth method */ /* diff --git a/crypto/external/bsd/openssh/dist/sshd.8 b/crypto/external/bsd/openssh/dist/sshd.8 index 70f988a13..213b5fc43 100644 --- a/crypto/external/bsd/openssh/dist/sshd.8 +++ b/crypto/external/bsd/openssh/dist/sshd.8 @@ -1,5 +1,3 @@ -.\" $NetBSD: sshd.8,v 1.15 2015/08/13 10:33:21 christos Exp $ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,7 +34,7 @@ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ -.Dd July 3 2015 +.Dd $Mdocdate: July 3 2015 $ .Dt SSHD 8 .Os .Sh NAME @@ -69,7 +67,7 @@ over an insecure network. .Nm listens for connections from clients. It is normally started at boot from -.Pa /etc/rc.d/sshd . +.Pa /etc/rc . It forks a new daemon for each incoming connection. The forked daemons handle @@ -326,6 +324,33 @@ public key authentication, challenge-response authentication, or password authentication. .Pp +Regardless of the authentication type, the account is checked to +ensure that it is accessible. An account is not accessible if it is +locked, listed in +.Cm DenyUsers +or its group is listed in +.Cm DenyGroups +\&. The definition of a locked account is system dependant. Some platforms +have their own account database (eg AIX) and some modify the passwd field ( +.Ql \&*LK\&* +on Solaris and UnixWare, +.Ql \&* +on HP-UX, containing +.Ql Nologin +on Tru64, +a leading +.Ql \&*LOCKED\&* +on FreeBSD and a leading +.Ql \&! +on most Linuxes). +If there is a requirement to disable password authentication +for the account while allowing still public-key, then the passwd field +should be set to something other than these values (eg +.Ql NP +or +.Ql \&*NP\&* +). +.Pp If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request diff --git a/crypto/external/bsd/openssh/dist/sshd.c b/crypto/external/bsd/openssh/dist/sshd.c index 0500dbae6..65ef7e850 100644 --- a/crypto/external/bsd/openssh/dist/sshd.c +++ b/crypto/external/bsd/openssh/dist/sshd.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshd.c,v 1.22 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -44,23 +43,30 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshd.c,v 1.22 2015/08/21 08:20:59 christos Exp $"); + #include -#include #include -#include -#include -#include #include -#include -#include +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include "openbsd-compat/sys-tree.h" +#include "openbsd-compat/sys-queue.h" +#include #include #include #include +#ifdef HAVE_PATHS_H #include +#endif +#include #include #include +#include #include #include #include @@ -68,7 +74,15 @@ __RCSID("$NetBSD: sshd.c,v 1.22 2015/08/21 08:20:59 christos Exp $"); #include #ifdef WITH_OPENSSL +#include #include +#include +#include "openbsd-compat/openssl-compat.h" +#endif + +#ifdef HAVE_SECUREWARE +#include +#include #endif #include "xmalloc.h" @@ -97,7 +111,6 @@ __RCSID("$NetBSD: sshd.c,v 1.22 2015/08/21 08:20:59 christos Exp $"); #include "hostfile.h" #include "auth.h" #include "authfd.h" -#include "misc.h" #include "msg.h" #include "dispatch.h" #include "channels.h" @@ -113,27 +126,10 @@ __RCSID("$NetBSD: sshd.c,v 1.22 2015/08/21 08:20:59 christos Exp $"); #include "version.h" #include "ssherr.h" -#include "pfilter.h" - -#ifdef LIBWRAP -#include -#include -int allow_severity = LOG_INFO; -int deny_severity = LOG_WARNING; -#endif /* LIBWRAP */ - -#ifdef WITH_LDAP_PUBKEY -#include "ldapauth.h" -#endif - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif -#ifndef HOST_NAME_MAX -#define HOST_NAME_MAX MAXHOSTNAMELEN -#endif - /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) @@ -146,7 +142,7 @@ extern char *__progname; ServerOptions options; /* Name of the server configuration file. */ -const char *config_file_name = _PATH_SERVER_CONFIG_FILE; +char *config_file_name = _PATH_SERVER_CONFIG_FILE; /* * Debug mode flag. This can be set on the command line. If debug @@ -170,6 +166,7 @@ int log_stderr = 0; /* Saved arguments to main(). */ char **saved_argv; +int saved_argc; /* re-exec */ int rexeced_flag = 0; @@ -253,6 +250,9 @@ Buffer cfg; /* message to be displayed after login */ Buffer loginmsg; +/* Unprivileged user */ +struct passwd *privsep_pw = NULL; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -307,10 +307,11 @@ sighup_handler(int sig) * Called from the main program after receiving SIGHUP. * Restarts the server. */ -__dead static void +static void sighup_restart(void) { logit("Received SIGHUP; restarting."); + platform_pre_restart(); close_listen_socks(); close_startup_pipes(); alarm(0); /* alarm timer persists across exec */ @@ -355,7 +356,7 @@ main_sigchld_handler(int sig) * Signal handler for the alarm after the login grace period has expired. */ /*ARGSUSED*/ -__dead static void +static void grace_alarm_handler(int sig) { if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) @@ -367,10 +368,9 @@ grace_alarm_handler(int sig) */ if (getpgid(0) == getpid()) { signal(SIGTERM, SIG_IGN); - killpg(0, SIGTERM); + kill(0, SIGTERM); } - pfilter_notify(1); /* Log error and exit. */ sigdie("Timeout before authentication for %s", get_remote_ipaddr()); } @@ -414,8 +414,7 @@ sshd_exchange_identification(int sock_in, int sock_out) int mismatch; int remote_major, remote_minor; int major, minor; - char *s; - const char *newline = "\n"; + char *s, *newline = "\n"; char buf[256]; /* Must not be larger than remote_version. */ char remote_version[256]; /* Must be at least as big as buf. */ @@ -433,7 +432,7 @@ sshd_exchange_identification(int sock_in, int sock_out) } xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", - major, minor, SSH_RELEASE, + major, minor, SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); @@ -475,7 +474,7 @@ sshd_exchange_identification(int sock_in, int sock_out) */ if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) { - s = __UNCONST("Protocol mismatch.\n"); + s = "Protocol mismatch.\n"; (void) atomicio(vwrite, sock_out, s, strlen(s)); logit("Bad protocol version identification '%.100s' " "from %s port %d", client_version_string, @@ -486,9 +485,6 @@ sshd_exchange_identification(int sock_in, int sock_out) } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); - logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s", - get_remote_ipaddr(), get_remote_port(), - remote_major, remote_minor, remote_version); active_state->compat = compat_datafellows(remote_version); @@ -547,7 +543,7 @@ sshd_exchange_identification(int sock_in, int sock_out) debug("Local version string %.200s", server_version_string); if (mismatch) { - s = __UNCONST("Protocol major versions differ.\n"); + s = "Protocol major versions differ.\n"; (void) atomicio(vwrite, sock_out, s, strlen(s)); close(sock_in); close(sock_out); @@ -612,8 +608,8 @@ demote_sensitive_data(void) static void privsep_preauth_child(void) { + u_int32_t rnd[256]; gid_t gidset[1]; - struct passwd *pw; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); @@ -624,17 +620,16 @@ privsep_preauth_child(void) ssh_gssapi_prepare_supported_oids(); #endif + arc4random_stir(); + arc4random_buf(rnd, sizeof(rnd)); +#ifdef WITH_OPENSSL + RAND_seed(rnd, sizeof(rnd)); +#endif + explicit_bzero(rnd, sizeof(rnd)); + /* Demote the private keys to public keys. */ demote_sensitive_data(); - if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd)); - endpwent(); - - pfilter_init(); - /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, @@ -643,16 +638,16 @@ privsep_preauth_child(void) fatal("chdir(\"/\"): %s", strerror(errno)); /* Drop our privileges */ - debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, - (u_int)pw->pw_gid); + debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, + (u_int)privsep_pw->pw_gid); #if 0 /* XXX not ready, too heavy after chroot */ - do_setusercontext(pw); + do_setusercontext(privsep_pw); #else - gidset[0] = pw->pw_gid; + gidset[0] = privsep_pw->pw_gid; if (setgroups(1, gidset) < 0) fatal("setgroups: %.100s", strerror(errno)); - permanently_set_uid(pw); + permanently_set_uid(privsep_pw); #endif } @@ -669,7 +664,7 @@ privsep_preauth(Authctxt *authctxt) pmonitor->m_pkex = &active_state->kex; if (use_privsep == PRIVSEP_ON) - box = ssh_sandbox_init(); + box = ssh_sandbox_init(pmonitor); pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); @@ -733,7 +728,13 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { + u_int32_t rnd[256]; + +#ifdef DISABLE_FD_PASSING + if (1) { +#else if (authctxt->pw->pw_uid == 0 || options.use_login) { +#endif /* File descriptor passing is broken or root login */ use_privsep = 0; goto skip; @@ -762,6 +763,13 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); + arc4random_stir(); + arc4random_buf(rnd, sizeof(rnd)); +#ifdef WITH_OPENSSL + RAND_seed(rnd, sizeof(rnd)); +#endif + explicit_bzero(rnd, sizeof(rnd)); + /* Drop privileges */ do_setusercontext(authctxt->pw); @@ -827,7 +835,7 @@ list_hostkey_types(void) } } buffer_append(&b, "\0", 1); - ret = xstrdup((const char *)buffer_ptr(&b)); + ret = xstrdup(buffer_ptr(&b)); buffer_free(&b); debug("list_hostkey_types: %s", ret); return ret; @@ -987,11 +995,11 @@ drop_connection(int startups) return (r < p) ? 1 : 0; } -__dead static void +static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_VERSION, + SSH_RELEASE, #ifdef WITH_OPENSSL SSLeay_version(SSLEAY_VERSION) #else @@ -1025,9 +1033,10 @@ send_rexec_state(int fd, Buffer *conf) * bignum iqmp " * bignum p " * bignum q " + * string rngseed (only if OpenSSL is not self-seeded) */ buffer_init(&m); - buffer_put_cstring(&m, (const char *)buffer_ptr(conf)); + buffer_put_cstring(&m, buffer_ptr(conf)); #ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && @@ -1043,6 +1052,10 @@ send_rexec_state(int fd, Buffer *conf) #endif buffer_put_int(&m, 0); +#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) + rexec_send_rng_seed(&m); +#endif + if (ssh_msg_send(fd, 0, &m) == -1) fatal("%s: ssh_msg_send failed", __func__); @@ -1089,6 +1102,11 @@ recv_rexec_state(int fd, Buffer *conf) "error", __func__); #endif } + +#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) + rexec_recv_rng_seed(&m); +#endif + buffer_free(&m); debug3("%s: done", __func__); @@ -1137,8 +1155,6 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - int socksize; - socklen_t socksizelen = sizeof(int); for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) @@ -1173,12 +1189,11 @@ server_listen(void) &on, sizeof(on)) == -1) error("setsockopt SO_REUSEADDR: %s", strerror(errno)); - debug("Bind to port %s on %s.", strport, ntop); + /* Only communicate in IPv6 over AF_INET6 sockets. */ + if (ai->ai_family == AF_INET6) + sock_set_v6only(listen_sock); - getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen); - debug("Server TCP RWIN socket size: %d", socksize); - debug("HPN Buffer Size: %d", options.hpn_buffer_size); + debug("Bind to port %s on %s.", strport, ntop); /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { @@ -1216,6 +1231,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) struct sockaddr_storage from; socklen_t fromlen; pid_t pid; + u_char rnd[256]; /* setup fd set for accept */ fdset = NULL; @@ -1228,7 +1244,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) for (i = 0; i < options.max_startups; i++) startup_pipes[i] = -1; - pfilter_init(); /* * Stay listening for connections until the system crashes or * the daemon is killed with a signal. @@ -1288,7 +1303,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) (struct sockaddr *)&from, &fromlen); if (*newsock < 0) { if (errno != EINTR && errno != EWOULDBLOCK && - errno != ECONNABORTED) + errno != ECONNABORTED && errno != EAGAIN) error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) @@ -1359,6 +1374,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * the child process the connection. The * parent continues listening. */ + platform_pre_fork(); if ((pid = fork()) == 0) { /* * Child. Close the listening and @@ -1368,6 +1384,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * We break out of the loop to handle * the connection. */ + platform_post_fork_child(); startup_pipe = startup_p[1]; close_startup_pipes(); close_listen_socks(); @@ -1383,6 +1400,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } /* Parent. Stay in the loop. */ + platform_post_fork_parent(pid); if (pid < 0) error("fork: %.100s", strerror(errno)); else @@ -1409,6 +1427,17 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } close(*newsock); + + /* + * Ensure that our random state differs + * from that of the child + */ + arc4random_stir(); + arc4random_buf(rnd, sizeof(rnd)); +#ifdef WITH_OPENSSL + RAND_seed(rnd, sizeof(rnd)); +#endif + explicit_bzero(rnd, sizeof(rnd)); } /* child process check (or debug mode) */ @@ -1441,9 +1470,27 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = get_connection_info(0, 0); - /* Save argv. */ - saved_argv = av; +#ifdef HAVE_SECUREWARE + (void)set_auth_parameters(ac, av); +#endif + __progname = ssh_get_progname(av[0]); + + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ + saved_argc = ac; rexec_argc = ac; + saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); + for (i = 0; i < ac; i++) + saved_argv[i] = xstrdup(av[i]); + saved_argv[i] = NULL; + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + compat_init_setproctitle(ac, av); + av = saved_argv; +#endif + + if (geteuid() == 0 && setgroups(0, NULL) == -1) + debug("setgroups(): %.200s", strerror(errno)); /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1576,11 +1623,9 @@ main(int ac, char **av) if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) fatal("sshd re-exec requires execution with an absolute path"); if (rexeced_flag) - r = closefrom(REEXEC_MIN_FREE_FD); + closefrom(REEXEC_MIN_FREE_FD); else - r = closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); - if (r == -1) - fatal("closefrom failed: %.200s", strerror(errno)); + closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); @@ -1602,6 +1647,20 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); + /* + * Unset KRB5CCNAME, otherwise the user's session may inherit it from + * root's environment + */ + if (getenv("KRB5CCNAME") != NULL) + (void) unsetenv("KRB5CCNAME"); + +#ifdef _UNICOS + /* Cray can define user privs drop all privs now! + * Not needed on PRIV_SU systems! + */ + drop_cray_privs(); +#endif + sensitive_data.server_key = NULL; sensitive_data.ssh1_host_key = NULL; sensitive_data.have_ssh1_key = 0; @@ -1629,6 +1688,8 @@ main(int ac, char **av) parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, &cfg, NULL); + seed_rng(); + /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); @@ -1677,16 +1738,6 @@ main(int ac, char **av) exit(1); } -#ifdef WITH_LDAP_PUBKEY - /* ldap_options_print(&options.lpk); */ - /* XXX initialize/check ldap connection and set *LD */ - if (options.lpk.on) { - if (options.lpk.l_conf && (ldap_parse_lconf(&options.lpk) < 0) ) - error("[LDAP] could not parse %s", options.lpk.l_conf); - if (ldap_connect(&options.lpk) < 0) - error("[LDAP] could not initialize ldap connection"); - } -#endif debug("sshd version %s, %s", SSH_VERSION, #ifdef WITH_OPENSSL SSLeay_version(SSLEAY_VERSION) @@ -1694,7 +1745,21 @@ main(int ac, char **av) "without OpenSSL" #endif ); - + + /* Store privilege separation user for later use if required. */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + explicit_bzero(privsep_pw->pw_passwd, + strlen(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + free(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); + } + endpwent(); + /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, sizeof(Key *)); @@ -1844,14 +1909,18 @@ main(int ac, char **av) if (use_privsep) { struct stat st; - if (getpwnam(SSH_PRIVSEP_USER) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + +#ifdef HAVE_CYGWIN + if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && + (st.st_uid != getuid () || + (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) +#else if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) +#endif fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); } @@ -1866,13 +1935,23 @@ main(int ac, char **av) if (test_flag) exit(0); + /* + * Clear out any supplemental groups we may have inherited. This + * prevents inadvertent creation of files with bad modes (in the + * portable version at least, it's certainly possible for PAM + * to create a file, and we can't control the code in every + * module which might be used). + */ + if (setgroups(0, NULL) < 0) + debug("setgroups() failed: %.200s", strerror(errno)); + if (rexec_flag) { rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); for (i = 0; i < rexec_argc; i++) { debug("rexec_argv[%d]='%s'", i, saved_argv[i]); rexec_argv[i] = saved_argv[i]; } - rexec_argv[rexec_argc] = __UNCONST("-R"); + rexec_argv[rexec_argc] = "-R"; rexec_argv[rexec_argc + 1] = NULL; } @@ -1891,17 +1970,20 @@ main(int ac, char **av) * exits. */ if (!(debug_flag || inetd_flag || no_daemon_flag)) { +#ifdef TIOCNOTTY int fd; - +#endif /* TIOCNOTTY */ if (daemon(0, 0) < 0) fatal("daemon() failed: %.200s", strerror(errno)); /* Disconnect from the controlling tty. */ +#ifdef TIOCNOTTY fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); if (fd >= 0) { (void) ioctl(fd, TIOCNOTTY, NULL); close(fd); } +#endif /* TIOCNOTTY */ } /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -1918,6 +2000,7 @@ main(int ac, char **av) if (inetd_flag) { server_accept_inetd(&sock_in, &sock_out); } else { + platform_pre_listen(); server_listen(); if (options.protocol & SSH_PROTO_1) @@ -1957,8 +2040,15 @@ main(int ac, char **av) * setlogin() affects the entire process group. We don't * want the child to be able to affect the parent. */ +#if !defined(SSHD_ACQUIRES_CTTY) + /* + * If setsid is called, on some platforms sshd will later acquire a + * controlling terminal which will result in "could not set + * controlling tty" errors. + */ if (!debug_flag && !inetd_flag && setsid() < 0) error("setsid: %.100s", strerror(errno)); +#endif if (rexec_flag) { int fd; @@ -1970,7 +2060,7 @@ main(int ac, char **av) if (startup_pipe == -1) close(REEXEC_STARTUP_PIPE_FD); else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) { - dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); + dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD); close(startup_pipe); startup_pipe = REEXEC_STARTUP_PIPE_FD; } @@ -2014,6 +2104,7 @@ main(int ac, char **av) signal(SIGTERM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGINT, SIG_DFL); /* * Register our connection. This turns encryption off because we do @@ -2044,22 +2135,9 @@ main(int ac, char **av) */ remote_ip = get_remote_ipaddr(); -#ifdef LIBWRAP - /* Check whether logins are denied from this host. */ - if (packet_connection_is_on_socket()) { - struct request_info req; - - request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); - fromhost(&req); - - if (!hosts_access(&req)) { - debug("Connection refused by tcp wrapper"); - refuse(&req); - /* NOTREACHED */ - fatal("libwrap refuse returns"); - } - } -#endif /* LIBWRAP */ +#ifdef SSH_AUDIT_EVENTS + audit_connection_from(remote_ip, remote_port); +#endif /* Log the connection. */ laddr = get_local_ipaddr(sock_in); @@ -2067,9 +2145,6 @@ main(int ac, char **av) remote_ip, remote_port, laddr, get_local_port()); free(laddr); - /* set the HPN options for the child */ - channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); - /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is @@ -2093,6 +2168,8 @@ main(int ac, char **av) /* allocate authentication context */ authctxt = xcalloc(1, sizeof(*authctxt)); + authctxt->loginmsg = &loginmsg; + /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; @@ -2145,6 +2222,17 @@ main(int ac, char **av) startup_pipe = -1; } +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_AUTH_SUCCESS); +#endif + +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(authctxt->pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif #ifdef USE_PAM if (options.use_pam) { do_pam_setcred(1); @@ -2173,17 +2261,22 @@ main(int ac, char **av) /* Start session. */ do_authenticated(authctxt); -#ifdef USE_PAM - if (options.use_pam) - finish_pam(); -#endif /* USE_PAM */ - /* The connection has been terminated. */ packet_get_bytes(&ibytes, &obytes); verbose("Transferred: sent %llu, received %llu bytes", (unsigned long long)obytes, (unsigned long long)ibytes); verbose("Closing connection to %.500s port %d", remote_ip, remote_port); + +#ifdef USE_PAM + if (options.use_pam) + finish_pam(); +#endif /* USE_PAM */ + +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); +#endif + packet_close(); if (use_privsep) @@ -2300,18 +2393,6 @@ do_ssh1_kex(void) auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) auth_mask |= 1 << SSH_AUTH_RSA; -#if defined(KRB4) || defined(KRB5) - if (options.kerberos_authentication) - auth_mask |= 1 << SSH_AUTH_KERBEROS; -#endif -#if defined(AFS) || defined(KRB5) - if (options.kerberos_tgt_passing) - auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; -#endif -#ifdef AFS - if (options.afs_token_passing) - auth_mask |= 1 << SSH_PASS_AFS_TOKEN; -#endif if (options.challenge_response_authentication == 1) auth_mask |= 1 << SSH_AUTH_TIS; if (options.password_authentication) @@ -2454,28 +2535,16 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, static void do_ssh2_kex(void) { - const char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; + char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; struct kex *kex; int r; myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( options.kex_algorithms); - - if (strcmp(options.ciphers, KEX_SERVER_ENCRYPT) == 0 && - options.none_enabled == 1) { - debug ("WARNING: None cipher enabled"); - myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_SERVER_ENCRYPT_INCLUDE_NONE; - } else { - myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; - } - - myproposal[PROPOSAL_ENC_ALGS_CTOS] = - compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); - myproposal[PROPOSAL_ENC_ALGS_STOC] = - compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); - + myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( + options.ciphers); + myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( + options.ciphers); myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -2503,7 +2572,9 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +# endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; @@ -2544,5 +2615,10 @@ cleanup_exit(int i) pmonitor->m_pid, strerror(errno)); } } +#ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) + audit_event(SSH_CONNECTION_ABANDON); +#endif _exit(i); } diff --git a/crypto/external/bsd/openssh/dist/sshd_config b/crypto/external/bsd/openssh/dist/sshd_config index 444fe7d52..4d77f05aa 100644 --- a/crypto/external/bsd/openssh/dist/sshd_config +++ b/crypto/external/bsd/openssh/dist/sshd_config @@ -1,9 +1,10 @@ -# $NetBSD: sshd_config,v 1.15 2015/08/13 10:33:21 christos Exp $ # $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the @@ -67,19 +68,38 @@ AuthorizedKeysFile .ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# To disable password authentication, set this and UsePam to no +# To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no -# If you use xorg from pkgsrc then uncomment the following line. -#XAuthLocation /usr/pkg/bin/xauth #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes @@ -87,8 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox -UsePam yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -103,39 +122,9 @@ UsePam yes # no default banner path #Banner none -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/crypto/external/bsd/openssh/dist/sshd_config.5 b/crypto/external/bsd/openssh/dist/sshd_config.5 index ea0859533..b18d340af 100644 --- a/crypto/external/bsd/openssh/dist/sshd_config.5 +++ b/crypto/external/bsd/openssh/dist/sshd_config.5 @@ -1,5 +1,3 @@ -.\" $NetBSD: sshd_config.5,v 1.20 2015/08/21 08:20:59 christos Exp $ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,7 +34,7 @@ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ -.Dd August 14 2015 +.Dd $Mdocdate: August 14 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -375,10 +373,9 @@ then no banner is displayed. This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication -Specifies whether challenge-response authentication is allowed. -All authentication styles from -.Xr login.conf 5 -are supported. +Specifies whether challenge-response authentication is allowed (e.g. via +PAM or through authentication styles supported in +.Xr login.conf 5 ) The default is .Dq yes . .It Cm ChrootDirectory @@ -954,9 +951,7 @@ options are permitted. The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. -The default is 120 seconds but the default -.Pa /etc/ssh/sshd_config -overwrites it to 600 seconds. +The default is 120 seconds. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Xr sshd 8 . @@ -1556,6 +1551,30 @@ cookies. If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. +.It Cm UsePAM +Enables the Pluggable Authentication Module interface. +If set to +.Dq yes +this will enable PAM authentication using +.Cm ChallengeResponseAuthentication +and +.Cm PasswordAuthentication +in addition to PAM account and session module processing for all +authentication types. +.Pp +Because PAM challenge-response authentication usually serves an equivalent +role to password authentication, you should disable either +.Cm PasswordAuthentication +or +.Cm ChallengeResponseAuthentication. +.Pp +If +.Cm UsePAM +is enabled, you will not be able to run +.Xr sshd 8 +as a non-root user. +The default is +.Dq no . .It Cm UsePrivilegeSeparation Specifies whether .Xr sshd 8 @@ -1651,62 +1670,6 @@ program, or to not use one. The default is .Pa /usr/X11R6/bin/xauth . -.It Cm UseLPK -Specifies whether LDAP public key retrieval must be used or not. It allow -an easy centralisation of public keys within an LDAP directory. The argument must be -.Dq yes -or -.Dq no . -.It Cm LpkLdapConf -Specifies whether LDAP Public keys should parse the specified ldap.conf file -instead of sshd_config Tokens. The argument must be a valid path to an ldap.conf -file like -.Pa /etc/ldap.conf -.It Cm LpkServers -Specifies LDAP one or more [:space:] separated server's url the following form may be used: -.Pp -LpkServers ldaps://127.0.0.1 ldap://127.0.0.2 ldap://127.0.0.3 -.It Cm LpkUserDN -Specifies the LDAP user DN. -.Pp -LpkUserDN ou=users,dc=phear,dc=org -.It Cm LpkGroupDN -Specifies the LDAP groups DN. -.Pp -LpkGroupDN ou=groups,dc=phear,dc=org -.It Cm LpkBindDN -Specifies the LDAP bind DN to use if necessary. -.Pp -LpkBindDN cn=Manager,dc=phear,dc=org -.It Cm LpkBindPw -Specifies the LDAP bind credential. -.Pp -LpkBindPw secret -.It Cm LpkServerGroup -Specifies one or more [:space:] separated group the server is part of. -.Pp -LpkServerGroup unix mail prod -.It Cm LpkFilter -Specifies an additional LDAP filter to use for finding SSH keys -.Pp -LpkFilter (hostAccess=master.phear.org) -.It Cm LpkForceTLS -Specifies if the LDAP server connection must be tried, forced or not used. The argument must be -.Dq yes -or -.Dq no -or -.Dq try . -.It Cm LpkSearchTimelimit -Specifies the search time limit before the search is considered over. value is -in seconds. -.Pp -LpkSearchTimelimit 3 -.It Cm LpkBindTimelimit -Specifies the bind time limit before the connection is considered dead. value is -in seconds. -.Pp -LpkBindTimelimit 3 .El .Sh TIME FORMATS .Xr sshd 8 diff --git a/crypto/external/bsd/openssh/dist/ssherr.c b/crypto/external/bsd/openssh/dist/ssherr.c index b3b07a40b..4ca793992 100644 --- a/crypto/external/bsd/openssh/dist/ssherr.c +++ b/crypto/external/bsd/openssh/dist/ssherr.c @@ -14,11 +14,8 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "includes.h" -__RCSID("$NetBSD: ssherr.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include -#include #include #include "ssherr.h" @@ -139,10 +136,6 @@ ssh_err(int n) case SSH_ERR_PROTOCOL_ERROR: return "Protocol error"; default: - { - static char buf[1024]; - snprintf(buf, sizeof(buf), "unknown error %d", n); - return buf; - } + return "unknown error"; } } diff --git a/crypto/external/bsd/openssh/dist/sshkey.c b/crypto/external/bsd/openssh/dist/sshkey.c index 091b556d6..32dd8f225 100644 --- a/crypto/external/bsd/openssh/dist/sshkey.c +++ b/crypto/external/bsd/openssh/dist/sshkey.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshkey.c,v 1.6 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -25,8 +24,8 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "includes.h" -__RCSID("$NetBSD: sshkey.c,v 1.6 2015/08/21 08:20:59 christos Exp $"); #include /* MIN MAX */ #include @@ -41,11 +40,13 @@ __RCSID("$NetBSD: sshkey.c,v 1.6 2015/08/21 08:20:59 christos Exp $"); #include "crypto_api.h" #include +#include #include #include -#include -#include #include +#ifdef HAVE_UTIL_H +#include +#endif /* HAVE_UTIL_H */ #include "ssh2.h" #include "ssherr.h" @@ -91,17 +92,25 @@ static const struct keytype keytypes[] = { { NULL, "RSA1", KEY_RSA1, 0, 0 }, { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, +# ifdef OPENSSL_HAS_ECC { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, +# ifdef OPENSSL_HAS_NISTP521 { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, +# endif /* OPENSSL_HAS_NISTP521 */ +# endif /* OPENSSL_HAS_ECC */ { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, +# ifdef OPENSSL_HAS_ECC { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", KEY_ECDSA_CERT, NID_secp384r1, 1 }, +# ifdef OPENSSL_HAS_NISTP521 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", KEY_ECDSA_CERT, NID_secp521r1, 1 }, +# endif /* OPENSSL_HAS_NISTP521 */ +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ { NULL, NULL, -1, -1, 0 } }; @@ -324,8 +333,10 @@ sshkey_curve_name_to_nid(const char *name) return NID_X9_62_prime256v1; else if (strcmp(name, "nistp384") == 0) return NID_secp384r1; +# ifdef OPENSSL_HAS_NISTP521 else if (strcmp(name, "nistp521") == 0) return NID_secp521r1; +# endif /* OPENSSL_HAS_NISTP521 */ else return -1; } @@ -338,8 +349,10 @@ sshkey_curve_nid_to_bits(int nid) return 256; case NID_secp384r1: return 384; +# ifdef OPENSSL_HAS_NISTP521 case NID_secp521r1: return 521; +# endif /* OPENSSL_HAS_NISTP521 */ default: return 0; } @@ -353,8 +366,10 @@ sshkey_ecdsa_bits_to_nid(int bits) return NID_X9_62_prime256v1; case 384: return NID_secp384r1; +# ifdef OPENSSL_HAS_NISTP521 case 521: return NID_secp521r1; +# endif /* OPENSSL_HAS_NISTP521 */ default: return -1; } @@ -368,8 +383,10 @@ sshkey_curve_nid_to_name(int nid) return "nistp256"; case NID_secp384r1: return "nistp384"; +# ifdef OPENSSL_HAS_NISTP521 case NID_secp521r1: return "nistp521"; +# endif /* OPENSSL_HAS_NISTP521 */ default: return NULL; } @@ -586,12 +603,14 @@ sshkey_free(struct sshkey *k) DSA_free(k->dsa); k->dsa = NULL; break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: if (k->ecdsa != NULL) EC_KEY_free(k->ecdsa); k->ecdsa = NULL; break; +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: @@ -639,9 +658,9 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) int sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) BN_CTX *bnctx; -#endif /* WITH_OPENSSL */ +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ if (a == NULL || b == NULL || sshkey_type_plain(a->type) != sshkey_type_plain(b->type)) @@ -662,6 +681,7 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) BN_cmp(a->dsa->q, b->dsa->q) == 0 && BN_cmp(a->dsa->g, b->dsa->g) == 0 && BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: if (a->ecdsa == NULL || b->ecdsa == NULL || @@ -680,6 +700,7 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) } BN_CTX_free(bnctx); return 1; +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: @@ -744,6 +765,7 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) return ret; break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (key->ecdsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -753,6 +775,7 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) (ret = sshbuf_put_eckey(b, key->ecdsa)) != 0) return ret; break; +# endif case KEY_RSA: if (key->rsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1035,7 +1058,7 @@ fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len, * Chars to be used after each other every time the worm * intersects with itself. Matter of taste. */ - const char *augmentation_string = " .o+=*BOX@%&#/^SE"; + char *augmentation_string = " .o+=*BOX@%&#/^SE"; char *retval, *p, title[FLDSIZE_X], hash[FLDSIZE_X]; u_char field[FLDSIZE_X][FLDSIZE_Y]; size_t i, tlen, hlen; @@ -1325,6 +1348,7 @@ sshkey_read(struct sshkey *ret, char **cpp) DSA_print_fp(stderr, ret->dsa, 8); #endif } +# ifdef OPENSSL_HAS_ECC if (sshkey_type_plain(ret->type) == KEY_ECDSA) { if (ret->ecdsa != NULL) EC_KEY_free(ret->ecdsa); @@ -1336,6 +1360,7 @@ sshkey_read(struct sshkey *ret, char **cpp) sshkey_dump_ec_key(ret->ecdsa); #endif } +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ if (sshkey_type_plain(ret->type) == KEY_ED25519) { free(ret->ed25519_pk); @@ -1543,6 +1568,7 @@ dsa_generate_private_key(u_int bits, DSA **dsap) return ret; } +# ifdef OPENSSL_HAS_ECC int sshkey_ecdsa_key_to_nid(EC_KEY *k) { @@ -1550,7 +1576,9 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k) int nids[] = { NID_X9_62_prime256v1, NID_secp384r1, +# ifdef OPENSSL_HAS_NISTP521 NID_secp521r1, +# endif /* OPENSSL_HAS_NISTP521 */ -1 }; int nid; @@ -1618,6 +1646,7 @@ ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) EC_KEY_free(private); return ret; } +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ int @@ -1645,10 +1674,12 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) case KEY_DSA: ret = dsa_generate_private_key(bits, &k->dsa); break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid, &k->ecdsa); break; +# endif /* OPENSSL_HAS_ECC */ case KEY_RSA: case KEY_RSA1: ret = rsa_generate_private_key(bits, &k->rsa); @@ -1744,6 +1775,7 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) return SSH_ERR_ALLOC_FAIL; } break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: if ((n = sshkey_new(k->type)) == NULL) @@ -1760,6 +1792,7 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) return SSH_ERR_LIBCRYPTO_ERROR; } break; +# endif /* OPENSSL_HAS_ECC */ case KEY_RSA: case KEY_RSA1: case KEY_RSA_CERT: @@ -1929,9 +1962,9 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, size_t len; u_char *pk = NULL; struct sshbuf *copy; -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) EC_POINT *q = NULL; -#endif /* WITH_OPENSSL */ +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ #ifdef DEBUG_PK /* XXX */ sshbuf_dump(b, stderr); @@ -2004,6 +2037,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, goto out; } /* FALLTHROUGH */ +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if ((key = sshkey_new(type)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; @@ -2047,6 +2081,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); #endif break; +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: /* Skip nonce */ @@ -2097,10 +2132,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, free(ktype); free(curve); free(pk); -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) if (q != NULL) EC_POINT_free(q); -#endif /* WITH_OPENSSL */ +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ return ret; } @@ -2152,9 +2187,11 @@ sshkey_sign(const struct sshkey *key, case KEY_DSA_CERT: case KEY_DSA: return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); +# endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); @@ -2182,9 +2219,11 @@ sshkey_verify(const struct sshkey *key, case KEY_DSA_CERT: case KEY_DSA: return ssh_dss_verify(key, sig, siglen, data, dlen, compat); +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); +# endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); @@ -2251,6 +2290,7 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid); if (pk->ecdsa == NULL) { @@ -2263,6 +2303,7 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) goto fail; } break; +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) @@ -2370,6 +2411,7 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca) (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) goto out; break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: if ((ret = sshbuf_put_cstring(cert, sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || @@ -2378,6 +2420,7 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca) EC_KEY_get0_group(k->ecdsa))) != 0) goto out; break; +# endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) @@ -2542,6 +2585,7 @@ sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) goto out; break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if ((r = sshbuf_put_cstring(b, sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || @@ -2560,6 +2604,7 @@ sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) EC_KEY_get0_private_key(key->ecdsa))) != 0) goto out; break; +# endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519: if ((r = sshbuf_put_string(b, key->ed25519_pk, @@ -2627,6 +2672,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) goto out; break; +# ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if ((k = sshkey_new_private(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -2677,6 +2723,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshkey_ec_validate_private(k->ecdsa)) != 0) goto out; break; +# endif /* OPENSSL_HAS_ECC */ case KEY_RSA: if ((k = sshkey_new_private(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -2774,7 +2821,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) return r; } -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) int sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) { @@ -2937,7 +2984,7 @@ sshkey_dump_ec_key(const EC_KEY *key) BN_print_fp(stderr, EC_KEY_get0_private_key(key)); fputs("\n", stderr); } -#endif /* WITH_OPENSSL */ +#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ static int sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, @@ -3158,7 +3205,7 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, } /* decode base64 */ - if ((r = sshbuf_b64tod(decoded, (const char *)sshbuf_ptr(encoded))) != 0) + if ((r = sshbuf_b64tod(decoded, (char *)sshbuf_ptr(encoded))) != 0) goto out; /* check magic */ @@ -3424,8 +3471,12 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, { int success, r; int blen, len = strlen(_passphrase); - u_char *passphrase = (len > 0) ? __UNCONST(_passphrase) : NULL; - const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; + u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) + const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; +#else + const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; +#endif const u_char *bptr; BIO *bio = NULL; @@ -3439,10 +3490,12 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, cipher, passphrase, len, NULL, NULL); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, cipher, passphrase, len, NULL, NULL); break; +#endif case KEY_RSA: success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, cipher, passphrase, len, NULL, NULL); @@ -3706,7 +3759,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, } if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, - __UNCONST(passphrase))) == NULL) { + (char *)passphrase)) == NULL) { r = SSH_ERR_KEY_WRONG_PASSPHRASE; goto out; } @@ -3736,6 +3789,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, #ifdef DEBUG_PK DSA_print_fp(stderr, prv->dsa, 8); #endif +#ifdef OPENSSL_HAS_ECC } else if (pk->type == EVP_PKEY_EC && (type == KEY_UNSPEC || type == KEY_ECDSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { @@ -3753,10 +3807,11 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, r = SSH_ERR_INVALID_FORMAT; goto out; } -#ifdef DEBUG_PK +# ifdef DEBUG_PK if (prv != NULL && prv->ecdsa != NULL) sshkey_dump_ec_key(prv->ecdsa); -#endif +# endif +#endif /* OPENSSL_HAS_ECC */ } else { r = SSH_ERR_INVALID_FORMAT; goto out; diff --git a/crypto/external/bsd/openssh/dist/sshkey.h b/crypto/external/bsd/openssh/dist/sshkey.h index 0deee640b..c8d3cddca 100644 --- a/crypto/external/bsd/openssh/dist/sshkey.h +++ b/crypto/external/bsd/openssh/dist/sshkey.h @@ -31,13 +31,19 @@ #ifdef WITH_OPENSSL #include #include -#include -#else /* OPENSSL */ -#define RSA void -#define DSA void -#define EC_KEY void -#define EC_GROUP void -#define EC_POINT void +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define RSA void +# define DSA void +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void #endif /* WITH_OPENSSL */ #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 @@ -208,12 +214,16 @@ int ssh_ed25519_verify(const struct sshkey *key, const u_char *data, size_t datalen, u_int compat); #endif -#ifndef WITH_OPENSSL -#undef RSA -#undef DSA -#undef EC_KEY -#undef EC_GROUP -#undef EC_POINT -#endif /* WITH_OPENSSL */ +#if !defined(WITH_OPENSSL) +# undef RSA +# undef DSA +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#elif !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif #endif /* SSHKEY_H */ diff --git a/crypto/external/bsd/openssh/dist/sshlogin.c b/crypto/external/bsd/openssh/dist/sshlogin.c index 45b7f8e72..818312ff1 100644 --- a/crypto/external/bsd/openssh/dist/sshlogin.c +++ b/crypto/external/bsd/openssh/dist/sshlogin.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshlogin.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sshlogin.c,v 1.31 2015/01/20 23:14:00 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -41,37 +40,27 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshlogin.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); -#include + #include #include +#include + #include #include +#include #include #include #include #include -#include -#ifdef SUPPORT_UTMP -#include -#endif -#ifdef SUPPORT_UTMPX -#include -#endif -#include #include -#include "sshlogin.h" +#include "loginrec.h" #include "log.h" #include "buffer.h" #include "misc.h" #include "servconf.h" -#ifndef HOST_NAME_MAX -#define HOST_NAME_MAX MAXHOSTNAMELEN -#endif - extern Buffer loginmsg; extern ServerOptions options; @@ -84,55 +73,11 @@ time_t get_last_login_time(uid_t uid, const char *logname, char *buf, size_t bufsize) { -#ifdef SUPPORT_UTMPX - struct lastlogx llx, *llxp; -#endif -#ifdef SUPPORT_UTMP - struct lastlog ll; - int fd; -#endif - off_t pos, r; + struct logininfo li; - buf[0] = '\0'; -#ifdef SUPPORT_UTMPX - if ((llxp = getlastlogx(_PATH_LASTLOGX, uid, &llx)) != NULL) { - if (bufsize > sizeof(llxp->ll_host) + 1) - bufsize = sizeof(llxp->ll_host) + 1; - strncpy(buf, llxp->ll_host, bufsize - 1); - buf[bufsize - 1] = 0; - return llxp->ll_tv.tv_sec; - } -#endif -#ifdef SUPPORT_UTMP - fd = open(_PATH_LASTLOG, O_RDONLY); - if (fd < 0) - return 0; - - pos = (long) uid * sizeof(ll); - r = lseek(fd, pos, SEEK_SET); - if (r == -1) { - error("%s: lseek: %s", __func__, strerror(errno)); - close(fd); - return (0); - } - if (r != pos) { - debug("%s: truncated lastlog", __func__); - close(fd); - return (0); - } - if (read(fd, &ll, sizeof(ll)) != sizeof(ll)) { - close(fd); - return 0; - } - close(fd); - if (bufsize > sizeof(ll.ll_host) + 1) - bufsize = sizeof(ll.ll_host) + 1; - strncpy(buf, ll.ll_host, bufsize - 1); - buf[bufsize - 1] = '\0'; - return (time_t)ll.ll_time; -#else - return 0; -#endif + login_get_lastlog(&li, uid); + strlcpy(buf, li.hostname, bufsize); + return (time_t)li.tv_sec; } /* @@ -142,18 +87,26 @@ get_last_login_time(uid_t uid, const char *logname, static void store_lastlog_message(const char *user, uid_t uid) { +#ifndef NO_SSH_LASTLOG char *time_string, hostname[HOST_NAME_MAX+1] = "", buf[512]; time_t last_login_time; if (!options.print_lastlog) return; +# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG + time_string = sys_auth_get_lastlogin_msg(user, uid); + if (time_string != NULL) { + buffer_append(&loginmsg, time_string, strlen(time_string)); + free(time_string); + } +# else last_login_time = get_last_login_time(uid, user, hostname, sizeof(hostname)); if (last_login_time != 0) { - if ((time_string = ctime(&last_login_time)) != NULL) - time_string[strcspn(time_string, "\n")] = '\0'; + time_string = ctime(&last_login_time); + time_string[strcspn(time_string, "\n")] = '\0'; if (strcmp(hostname, "") == 0) snprintf(buf, sizeof(buf), "Last login: %s\r\n", time_string); @@ -162,6 +115,8 @@ store_lastlog_message(const char *user, uid_t uid) time_string, hostname); buffer_append(&loginmsg, buf, strlen(buf)); } +# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ +#endif /* NO_SSH_LASTLOG */ } /* @@ -172,120 +127,38 @@ void record_login(pid_t pid, const char *tty, const char *user, uid_t uid, const char *host, struct sockaddr *addr, socklen_t addrlen) { -#if defined(SUPPORT_UTMP) || defined(SUPPORT_UTMPX) - int fd; -#endif - struct timeval tv; -#ifdef SUPPORT_UTMP - struct utmp u; - struct lastlog ll; -#endif -#ifdef SUPPORT_UTMPX - struct utmpx ux, *uxp = &ux; - struct lastlogx llx; -#endif - (void)gettimeofday(&tv, NULL); - /* - * XXX: why do we need to handle logout cases here? - * Isn't the function below taking care of this? - */ + struct logininfo *li; + /* save previous login details before writing new */ store_lastlog_message(user, uid); -#ifdef SUPPORT_UTMP - /* Construct an utmp/wtmp entry. */ - memset(&u, 0, sizeof(u)); - strncpy(u.ut_line, tty + 5, sizeof(u.ut_line)); - u.ut_time = (time_t)tv.tv_sec; - strncpy(u.ut_name, user, sizeof(u.ut_name)); - strncpy(u.ut_host, host, sizeof(u.ut_host)); - - login(&u); - - /* Update lastlog unless actually recording a logout. */ - if (*user != '\0') { - /* - * It is safer to memset the lastlog structure first because - * some systems might have some extra fields in it (e.g. SGI) - */ - memset(&ll, 0, sizeof(ll)); - - /* Update lastlog. */ - ll.ll_time = time(NULL); - strncpy(ll.ll_line, tty + 5, sizeof(ll.ll_line)); - strncpy(ll.ll_host, host, sizeof(ll.ll_host)); - fd = open(_PATH_LASTLOG, O_RDWR); - if (fd >= 0) { - lseek(fd, (off_t) ((long) uid * sizeof(ll)), SEEK_SET); - if (write(fd, &ll, sizeof(ll)) != sizeof(ll)) - logit("Could not write %.100s: %.100s", _PATH_LASTLOG, strerror(errno)); - close(fd); - } - } -#endif -#ifdef SUPPORT_UTMPX - /* Construct an utmpx/wtmpx entry. */ - memset(&ux, 0, sizeof(ux)); - strncpy(ux.ut_line, tty + 5, sizeof(ux.ut_line)); - if (*user) { - ux.ut_pid = pid; - ux.ut_type = USER_PROCESS; - ux.ut_tv = tv; - strncpy(ux.ut_name, user, sizeof(ux.ut_name)); - strncpy(ux.ut_host, host, sizeof(ux.ut_host)); - /* XXX: need ut_id, use last 4 char of tty */ - if (strlen(tty) > sizeof(ux.ut_id)) { - strncpy(ux.ut_id, - tty + strlen(tty) - sizeof(ux.ut_id), - sizeof(ux.ut_id)); - } else - strncpy(ux.ut_id, tty, sizeof(ux.ut_id)); - /* XXX: It would be better if we had sockaddr_storage here */ - if (addrlen > sizeof(ux.ut_ss)) - addrlen = sizeof(ux.ut_ss); - (void)memcpy(&ux.ut_ss, addr, addrlen); - if (pututxline(&ux) == NULL) - logit("could not add utmpx line: %.100s", - strerror(errno)); - /* Update lastlog. */ - (void)gettimeofday(&llx.ll_tv, NULL); - strncpy(llx.ll_line, tty + 5, sizeof(llx.ll_line)); - strncpy(llx.ll_host, host, sizeof(llx.ll_host)); - (void)memcpy(&llx.ll_ss, addr, addrlen); - if (updlastlogx(_PATH_LASTLOGX, uid, &llx) == -1) - logit("Could not update %.100s: %.100s", - _PATH_LASTLOGX, strerror(errno)); - } else { - if ((uxp = getutxline(&ux)) == NULL) - logit("could not find utmpx line for %.100s", tty); - else { - uxp->ut_type = DEAD_PROCESS; - uxp->ut_tv = tv; - /* XXX: we don't record exit info yet */ - if (pututxline(&ux) == NULL) - logit("could not replace utmpx line: %.100s", - strerror(errno)); - } - } - endutxent(); - updwtmpx(_PATH_WTMPX, uxp); -#endif + li = login_alloc_entry(pid, user, host, tty); + login_set_addr(li, addr, addrlen); + login_login(li); + login_free_entry(li); } +#ifdef LOGIN_NEEDS_UTMPX +void +record_utmp_only(pid_t pid, const char *ttyname, const char *user, + const char *host, struct sockaddr *addr, socklen_t addrlen) +{ + struct logininfo *li; + + li = login_alloc_entry(pid, user, host, ttyname); + login_set_addr(li, addr, addrlen); + login_utmp_only(li); + login_free_entry(li); +} +#endif + /* Records that the user has logged out. */ void -record_logout(pid_t pid, const char *tty) +record_logout(pid_t pid, const char *tty, const char *user) { -#if defined(SUPPORT_UTMP) || defined(SUPPORT_UTMPX) - const char *line = tty + 5; /* /dev/ttyq8 -> ttyq8 */ -#endif -#ifdef SUPPORT_UTMP - if (logout(line)) - logwtmp(line, "", ""); -#endif -#ifdef SUPPORT_UTMPX - /* XXX: no exit info yet */ - if (logoutx(line, 0, DEAD_PROCESS)) - logwtmpx(line, "", "", 0, DEAD_PROCESS); -#endif + struct logininfo *li; + + li = login_alloc_entry(pid, user, NULL, tty); + login_logout(li); + login_free_entry(li); } diff --git a/crypto/external/bsd/openssh/dist/sshlogin.h b/crypto/external/bsd/openssh/dist/sshlogin.h index a2d38be36..52119a979 100644 --- a/crypto/external/bsd/openssh/dist/sshlogin.h +++ b/crypto/external/bsd/openssh/dist/sshlogin.h @@ -1,4 +1,3 @@ -/* $NetBSD: sshlogin.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sshlogin.h,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ /* @@ -13,8 +12,12 @@ * called by a name other than "ssh" or "Secure Shell". */ -void -record_login(pid_t, const char *, const char *, uid_t, +void record_login(pid_t, const char *, const char *, uid_t, const char *, struct sockaddr *, socklen_t); -void record_logout(pid_t, const char *); -time_t get_last_login_time(uid_t, const char *, char *, size_t); +void record_logout(pid_t, const char *, const char *); +time_t get_last_login_time(uid_t, const char *, char *, size_t); + +#ifdef LOGIN_NEEDS_UTMPX +void record_utmp_only(pid_t, const char *, const char *, const char *, + struct sockaddr *, socklen_t); +#endif diff --git a/crypto/external/bsd/openssh/dist/sshpty.c b/crypto/external/bsd/openssh/dist/sshpty.c index 8e1f5c82b..15da8c649 100644 --- a/crypto/external/bsd/openssh/dist/sshpty.c +++ b/crypto/external/bsd/openssh/dist/sshpty.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshpty.c,v 1.5 2015/08/13 10:33:21 christos Exp $ */ /* $OpenBSD: sshpty.c,v 1.30 2015/07/30 23:09:15 djm Exp $ */ /* * Author: Tatu Ylonen @@ -14,29 +13,46 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshpty.c,v 1.5 2015/08/13 10:33:21 christos Exp $"); + #include #include #include +#include #include #include #include -#include +#ifdef HAVE_PATHS_H +# include +#endif #include #include #include #include +#ifdef HAVE_UTIL_H +# include +#endif #include -#include #include "sshpty.h" #include "log.h" +#include "misc.h" + +#ifdef HAVE_PTY_H +# include +#endif #ifndef O_NOCTTY #define O_NOCTTY 0 #endif +#ifdef __APPLE__ +# include +# if (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_5) +# define __APPLE_PRIVPTY__ +# endif +#endif + /* * Allocates and opens a pty. Returns 0 if no pty could be allocated, or * nonzero if a pty was successfully allocated. On success, open file @@ -47,15 +63,20 @@ __RCSID("$NetBSD: sshpty.c,v 1.5 2015/08/13 10:33:21 christos Exp $"); int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { - char buf[64]; + /* openpty(3) exists in OSF/1 and some other os'es */ + char *name; int i; - i = openpty(ptyfd, ttyfd, buf, NULL, NULL); + i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); if (i < 0) { error("openpty: %.100s", strerror(errno)); return 0; } - strlcpy(namebuf, buf, namebuflen); /* possible truncation */ + name = ttyname(*ttyfd); + if (!name) + fatal("openpty returns device for which ttyname fails."); + + strlcpy(namebuf, name, namebuflen); /* possible truncation */ return 1; } @@ -64,10 +85,12 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) void pty_release(const char *tty) { +#if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY) if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); if (chmod(tty, (mode_t) 0666) < 0) error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); +#endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */ } /* Makes the tty the process's controlling tty and sets it to sane modes. */ @@ -77,6 +100,30 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) { int fd; +#ifdef _UNICOS + if (setsid() < 0) + error("setsid: %.100s", strerror(errno)); + + fd = open(tty, O_RDWR|O_NOCTTY); + if (fd != -1) { + signal(SIGHUP, SIG_IGN); + ioctl(fd, TCVHUP, (char *)NULL); + signal(SIGHUP, SIG_DFL); + setpgid(0, 0); + close(fd); + } else { + error("Failed to disconnect from controlling tty."); + } + + debug("Setting controlling tty using TCSETCTTY."); + ioctl(*ttyfd, TCSETCTTY, NULL); + fd = open("/dev/tty", O_RDWR); + if (fd < 0) + error("%.100s: %.100s", tty, strerror(errno)); + close(*ttyfd); + *ttyfd = fd; +#else /* _UNICOS */ + /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); @@ -103,12 +150,16 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); #endif /* TIOCSCTTY */ +#ifdef NEED_SETPGRP + if (setpgrp(0,0) < 0) + error("SETPGRP %s",strerror(errno)); +#endif /* NEED_SETPGRP */ fd = open(tty, O_RDWR); - if (fd < 0) + if (fd < 0) { error("%.100s: %.100s", tty, strerror(errno)); - else + } else { close(fd); - + } /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); if (fd < 0) @@ -116,6 +167,7 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) strerror(errno)); else close(fd); +#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ @@ -156,6 +208,10 @@ pty_setowner(struct passwd *pw, const char *tty) fatal("stat(%.100s) failed: %.100s", tty, strerror(errno)); +#ifdef WITH_SELINUX + ssh_selinux_setup_pty(pw->pw_name, tty); +#endif + if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(tty, pw->pw_uid, gid) < 0) { if (errno == EROFS && diff --git a/crypto/external/bsd/openssh/dist/sshpty.h b/crypto/external/bsd/openssh/dist/sshpty.h index d2677e56e..cfa322480 100644 --- a/crypto/external/bsd/openssh/dist/sshpty.h +++ b/crypto/external/bsd/openssh/dist/sshpty.h @@ -1,4 +1,3 @@ -/* $NetBSD: sshpty.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sshpty.h,v 1.12 2010/01/09 05:04:24 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sshtty.c b/crypto/external/bsd/openssh/dist/sshtty.c index 14f6a7e22..d214ce3bb 100644 --- a/crypto/external/bsd/openssh/dist/sshtty.c +++ b/crypto/external/bsd/openssh/dist/sshtty.c @@ -1,4 +1,3 @@ -/* $NetBSD: sshtty.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: sshtty.c,v 1.14 2010/01/09 05:04:24 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshtty.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); + #include #include #include diff --git a/crypto/external/bsd/openssh/dist/ttymodes.c b/crypto/external/bsd/openssh/dist/ttymodes.c index 5338138d4..6f51b8a70 100644 --- a/crypto/external/bsd/openssh/dist/ttymodes.c +++ b/crypto/external/bsd/openssh/dist/ttymodes.c @@ -1,4 +1,3 @@ -/* $NetBSD: ttymodes.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ttymodes.c,v 1.29 2008/11/02 00:16:16 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -45,7 +44,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ttymodes.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); + #include #include @@ -259,6 +258,7 @@ special_char_encode(cc_t c) #endif /* _POSIX_VDISABLE */ return c; } + /* * Decode a special character from SSH line format. */ diff --git a/crypto/external/bsd/openssh/dist/ttymodes.h b/crypto/external/bsd/openssh/dist/ttymodes.h index 17def5572..4d848fe3a 100644 --- a/crypto/external/bsd/openssh/dist/ttymodes.h +++ b/crypto/external/bsd/openssh/dist/ttymodes.h @@ -1,4 +1,3 @@ -/* $NetBSD: ttymodes.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: ttymodes.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */ /* @@ -157,7 +156,9 @@ TTYMODE(OPOST, c_oflag, 70) #if defined(OLCUC) TTYMODE(OLCUC, c_oflag, 71) #endif +#ifdef ONLCR TTYMODE(ONLCR, c_oflag, 72) +#endif #ifdef OCRNL TTYMODE(OCRNL, c_oflag, 73) #endif diff --git a/crypto/external/bsd/openssh/dist/uidswap.c b/crypto/external/bsd/openssh/dist/uidswap.c index fc11ffc04..0702e1d9e 100644 --- a/crypto/external/bsd/openssh/dist/uidswap.c +++ b/crypto/external/bsd/openssh/dist/uidswap.c @@ -1,4 +1,3 @@ -/* $NetBSD: uidswap.c,v 1.5 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: uidswap.c,v 1.39 2015/06/24 01:49:19 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -14,8 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: uidswap.c,v 1.5 2015/07/03 01:00:00 christos Exp $"); -#include + #include #include #include @@ -24,8 +22,11 @@ __RCSID("$NetBSD: uidswap.c,v 1.5 2015/07/03 01:00:00 christos Exp $"); #include #include +#include + #include "log.h" #include "uidswap.h" +#include "xmalloc.h" /* * Note: all these functions must work in all of the following cases: @@ -36,15 +37,19 @@ __RCSID("$NetBSD: uidswap.c,v 1.5 2015/07/03 01:00:00 christos Exp $"); * POSIX saved uids or not. */ +#if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS) /* Lets assume that posix saved ids also work with seteuid, even though that is not part of the posix specification. */ +#define SAVED_IDS_WORK_WITH_SETEUID +/* Saved effective uid. */ +static uid_t saved_euid = 0; +static gid_t saved_egid = 0; +#endif /* Saved effective uid. */ static int privileged = 0; static int temporarily_use_uid_effective = 0; -static uid_t saved_euid = 0; -static gid_t saved_egid; -static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; +static gid_t *saved_egroups = NULL, *user_groups = NULL; static int saved_egroupslen = -1, user_groupslen = -1; /* @@ -55,33 +60,69 @@ void temporarily_use_uid(struct passwd *pw) { /* Save the current euid, and egroups. */ +#ifdef SAVED_IDS_WORK_WITH_SETEUID saved_euid = geteuid(); saved_egid = getegid(); debug("temporarily_use_uid: %u/%u (e=%u/%u)", (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid, (u_int)saved_egid); +#ifndef HAVE_CYGWIN if (saved_euid != 0) { privileged = 0; return; } +#endif +#else + if (geteuid() != 0) { + privileged = 0; + return; + } +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ + privileged = 1; temporarily_use_uid_effective = 1; - saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); + + saved_egroupslen = getgroups(0, NULL); if (saved_egroupslen < 0) fatal("getgroups: %.100s", strerror(errno)); + if (saved_egroupslen > 0) { + saved_egroups = xreallocarray(saved_egroups, + saved_egroupslen, sizeof(gid_t)); + if (getgroups(saved_egroupslen, saved_egroups) < 0) + fatal("getgroups: %.100s", strerror(errno)); + } else { /* saved_egroupslen == 0 */ + free(saved_egroups); + } /* set and save the user's groups */ if (user_groupslen == -1) { if (initgroups(pw->pw_name, pw->pw_gid) < 0) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); - user_groupslen = getgroups(NGROUPS_MAX, user_groups); + + user_groupslen = getgroups(0, NULL); if (user_groupslen < 0) fatal("getgroups: %.100s", strerror(errno)); + if (user_groupslen > 0) { + user_groups = xreallocarray(user_groups, + user_groupslen, sizeof(gid_t)); + if (getgroups(user_groupslen, user_groups) < 0) + fatal("getgroups: %.100s", strerror(errno)); + } else { /* user_groupslen == 0 */ + free(user_groups); + } } /* Set the effective uid to the given (unprivileged) uid. */ if (setgroups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); +#ifndef SAVED_IDS_WORK_WITH_SETEUID + /* Propagate the privileged gid to all of our gids. */ + if (setgid(getegid()) < 0) + debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); + /* Propagate the privileged uid to all of our uids. */ + if (setuid(geteuid()) < 0) + debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); @@ -90,6 +131,31 @@ temporarily_use_uid(struct passwd *pw) strerror(errno)); } +void +permanently_drop_suid(uid_t uid) +{ +#ifndef HAVE_CYGWIN + uid_t old_uid = getuid(); +#endif + + debug("permanently_drop_suid: %u", (u_int)uid); + if (setresuid(uid, uid, uid) < 0) + fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); + +#ifndef HAVE_CYGWIN + /* Try restoration of UID if changed (test clearing of saved uid) */ + if (old_uid != uid && + (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) + fatal("%s: was able to restore old [e]uid", __func__); +#endif + + /* Verify UID drop was successful */ + if (getuid() != uid || geteuid() != uid) { + fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", + __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)uid); + } +} + /* * Restores to the original (privileged) uid. */ @@ -103,14 +169,26 @@ restore_uid(void) } if (!temporarily_use_uid_effective) fatal("restore_uid: temporarily_use_uid not effective"); + +#ifdef SAVED_IDS_WORK_WITH_SETEUID debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); /* Set the effective uid back to the saved privileged uid. */ if (seteuid(saved_euid) < 0) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (setgroups(saved_egroupslen, saved_egroups) < 0) - fatal("setgroups: %.100s", strerror(errno)); if (setegid(saved_egid) < 0) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); +#else /* SAVED_IDS_WORK_WITH_SETEUID */ + /* + * We are unable to restore the real uid to its unprivileged value. + * Propagate the real uid (usually more privileged) to effective uid + * as well. + */ + setuid(getuid()); + setgid(getgid()); +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ + + if (setgroups(saved_egroupslen, saved_egroups) < 0) + fatal("setgroups: %.100s", strerror(errno)); temporarily_use_uid_effective = 0; } @@ -121,6 +199,11 @@ restore_uid(void) void permanently_set_uid(struct passwd *pw) { +#ifndef HAVE_CYGWIN + uid_t old_uid = getuid(); + gid_t old_gid = getgid(); +#endif + if (pw == NULL) fatal("permanently_set_uid: no user given"); if (temporarily_use_uid_effective) @@ -128,15 +211,28 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); - if (setgid(pw->pw_gid) < 0) - fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); - if (setegid(pw->pw_gid) < 0) - fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) + fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); - if (setuid(pw->pw_uid) < 0) - fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); - if (seteuid(pw->pw_uid) < 0) - fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); +#ifdef __APPLE__ + /* + * OS X requires initgroups after setgid to opt back into + * memberd support for >16 supplemental groups. + */ + if (initgroups(pw->pw_name, pw->pw_gid) < 0) + fatal("initgroups %.100s %u: %.100s", + pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); +#endif + + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) + fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); + +#ifndef HAVE_CYGWIN + /* Try restoration of GID if changed (test clearing of saved gid) */ + if (old_gid != pw->pw_gid && pw->pw_uid != 0 && + (setgid(old_gid) != -1 || setegid(old_gid) != -1)) + fatal("%s: was able to restore old [e]gid", __func__); +#endif /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { @@ -145,6 +241,13 @@ permanently_set_uid(struct passwd *pw) (u_int)pw->pw_gid); } +#ifndef HAVE_CYGWIN + /* Try restoration of UID if changed (test clearing of saved uid) */ + if (old_uid != pw->pw_uid && + (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) + fatal("%s: was able to restore old [e]uid", __func__); +#endif + /* Verify UID drop was successful */ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", @@ -152,19 +255,3 @@ permanently_set_uid(struct passwd *pw) (u_int)pw->pw_uid); } } - -void -permanently_drop_suid(uid_t uid) -{ - debug("permanently_drop_suid: %u", (u_int)uid); - if (seteuid(uid) < 0) - fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno)); - if (setuid(uid) < 0) - fatal("setuid %u: %.100s", (u_int)uid, strerror(errno)); - - /* Verify UID drop was successful */ - if (getuid() != uid || geteuid() != uid) { - fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", - __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)uid); - } -} diff --git a/crypto/external/bsd/openssh/dist/uidswap.h b/crypto/external/bsd/openssh/dist/uidswap.h index 056a17390..1c1163d75 100644 --- a/crypto/external/bsd/openssh/dist/uidswap.h +++ b/crypto/external/bsd/openssh/dist/uidswap.h @@ -1,4 +1,3 @@ -/* $NetBSD: uidswap.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/umac.c b/crypto/external/bsd/openssh/dist/umac.c index f433a2fa5..6eb55b26e 100644 --- a/crypto/external/bsd/openssh/dist/umac.c +++ b/crypto/external/bsd/openssh/dist/umac.c @@ -1,4 +1,3 @@ -/* $NetBSD: umac.c,v 1.9 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ /* ----------------------------------------------------------------------- * @@ -56,6 +55,12 @@ #ifndef UMAC_OUTPUT_LEN #define UMAC_OUTPUT_LEN 8 /* Alowable: 4, 8, 12, 16 */ #endif + +#if UMAC_OUTPUT_LEN != 4 && UMAC_OUTPUT_LEN != 8 && \ + UMAC_OUTPUT_LEN != 12 && UMAC_OUTPUT_LEN != 16 +# error UMAC_OUTPUT_LEN must be defined to 4, 8, 12 or 16 +#endif + /* #define FORCE_C_ONLY 1 ANSI C and 64-bit integers req'd */ /* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ /* #define SSE2 0 Is SSE2 is available? */ @@ -67,14 +72,11 @@ /* ---------------------------------------------------------------------- */ #include "includes.h" -__RCSID("$NetBSD: umac.c,v 1.9 2015/04/03 23:58:19 christos Exp $"); #include -#include #include #include #include #include -#include #include "xmalloc.h" #include "umac.h" @@ -131,22 +133,16 @@ typedef unsigned int UWORD; /* Register */ /* --- Endian Conversion --- Forcing assembly on some platforms */ /* ---------------------------------------------------------------------- */ -/* The following definitions use the above reversal-primitives to do the right - * thing on endian specific load and stores. - */ - -#if BYTE_ORDER == LITTLE_ENDIAN +#if (__LITTLE_ENDIAN__) #define LOAD_UINT32_REVERSED(p) get_u32(p) -#define STORE_UINT32_REVERSED(p,v) put_u32(p,v) +#define STORE_UINT32_REVERSED(p,v) put_u32(p,v) #else #define LOAD_UINT32_REVERSED(p) get_u32_le(p) -#define STORE_UINT32_REVERSED(p,v) put_u32_le(p,v) +#define STORE_UINT32_REVERSED(p,v) put_u32_le(p,v) #endif -#define LOAD_UINT32_LITTLE(p) (get_u32_le(p)) -#define STORE_UINT32_BIG(p,v) put_u32(p, v) - - +#define LOAD_UINT32_LITTLE(p) (get_u32_le(p)) +#define STORE_UINT32_BIG(p,v) put_u32(p, v) /* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */ @@ -157,8 +153,12 @@ typedef unsigned int UWORD; /* Register */ /* UMAC uses AES with 16 byte block and key lengths */ #define AES_BLOCK_LEN 16 +/* OpenSSL's AES */ #ifdef WITH_OPENSSL -#include +#include "openbsd-compat/openssl-compat.h" +#ifndef USE_BUILTIN_RIJNDAEL +# include +#endif typedef AES_KEY aes_int_key[1]; #define aes_encryption(in,out,int_key) \ AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) @@ -178,14 +178,14 @@ typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ /* The user-supplied UMAC key is stretched using AES in a counter * mode to supply all random bits needed by UMAC. The kdf function takes * an AES internal key representation 'key' and writes a stream of - * 'nbytes' bytes to the memory pointed at by 'buffer_ptr'. Each distinct + * 'nbytes' bytes to the memory pointed at by 'bufp'. Each distinct * 'ndx' causes a distinct byte stream. */ -static void kdf(void *buffer_ptr, aes_int_key key, UINT8 ndx, int nbytes) +static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) { UINT8 in_buf[AES_BLOCK_LEN] = {0}; UINT8 out_buf[AES_BLOCK_LEN]; - UINT8 *dst_buf = (UINT8 *)buffer_ptr; + UINT8 *dst_buf = (UINT8 *)bufp; int i; /* Setup the initial value */ @@ -229,26 +229,6 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) aes_encryption(pc->nonce, pc->cache, pc->prf_key); } -static inline void -xor64(uint8_t *dp, int di, uint8_t *sp, int si) -{ - uint64_t dst, src; - memcpy(&dst, dp + sizeof(dst) * di, sizeof(dst)); - memcpy(&src, sp + sizeof(src) * si, sizeof(src)); - dst ^= src; - memcpy(dp + sizeof(dst) * di, &dst, sizeof(dst)); -} - -__unused static inline void -xor32(uint8_t *dp, int di, uint8_t *sp, int si) -{ - uint32_t dst, src; - memcpy(&dst, dp + sizeof(dst) * di, sizeof(dst)); - memcpy(&src, sp + sizeof(src) * si, sizeof(src)); - dst ^= src; - memcpy(dp + sizeof(dst) * di, &dst, sizeof(dst)); -} - static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) { /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes @@ -270,27 +250,27 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) #if LOW_BIT_MASK != 0 int ndx = nonce[7] & LOW_BIT_MASK; #endif - memcpy(t.tmp_nonce_lo, nonce + 4, sizeof(t.tmp_nonce_lo)); + *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ - if (memcmp(t.tmp_nonce_lo, pc->nonce + 1, sizeof(t.tmp_nonce_lo)) != 0 || - memcmp(nonce, pc->nonce, sizeof(t.tmp_nonce_lo)) != 0) + if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || + (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) { - memcpy(pc->nonce, nonce, sizeof(t.tmp_nonce_lo)); - memcpy(pc->nonce + 4, t.tmp_nonce_lo, sizeof(t.tmp_nonce_lo)); + ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0]; + ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; aes_encryption(pc->nonce, pc->cache, pc->prf_key); } #if (UMAC_OUTPUT_LEN == 4) - xor32(buf, 0, pc->cache, ndx); + *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; #elif (UMAC_OUTPUT_LEN == 8) - xor64(buf, 0, pc->cache, ndx); + *((UINT64 *)buf) ^= ((UINT64 *)pc->cache)[ndx]; #elif (UMAC_OUTPUT_LEN == 12) - xor64(buf, 0, pc->cache, 0); - xor32(buf, 2, pc->cache, 2); + ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0]; + ((UINT32 *)buf)[2] ^= ((UINT32 *)pc->cache)[2]; #elif (UMAC_OUTPUT_LEN == 16) - xor64(buf, 0, pc->cache, 0); - xor64(buf, 1, pc->cache, 1); + ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0]; + ((UINT64 *)buf)[1] ^= ((UINT64 *)pc->cache)[1]; #endif } diff --git a/crypto/external/bsd/openssh/dist/umac.h b/crypto/external/bsd/openssh/dist/umac.h index 71d56bab2..7fb770f8a 100644 --- a/crypto/external/bsd/openssh/dist/umac.h +++ b/crypto/external/bsd/openssh/dist/umac.h @@ -1,4 +1,3 @@ -/* $NetBSD: umac.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ /* ----------------------------------------------------------------------- * diff --git a/crypto/external/bsd/openssh/dist/uuencode.c b/crypto/external/bsd/openssh/dist/uuencode.c index 2c5e2f397..7fc867a11 100644 --- a/crypto/external/bsd/openssh/dist/uuencode.c +++ b/crypto/external/bsd/openssh/dist/uuencode.c @@ -1,4 +1,3 @@ -/* $NetBSD: uuencode.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: uuencode.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); + #include #include #include diff --git a/crypto/external/bsd/openssh/dist/uuencode.h b/crypto/external/bsd/openssh/dist/uuencode.h index 5f18eca55..4d9888126 100644 --- a/crypto/external/bsd/openssh/dist/uuencode.h +++ b/crypto/external/bsd/openssh/dist/uuencode.h @@ -1,4 +1,3 @@ -/* $NetBSD: uuencode.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ /* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/verify.c b/crypto/external/bsd/openssh/dist/verify.c index 73e3f3096..1671a4132 100644 --- a/crypto/external/bsd/openssh/dist/verify.c +++ b/crypto/external/bsd/openssh/dist/verify.c @@ -4,8 +4,8 @@ * Public Domain, Author: Daniel J. Bernstein * Copied from nacl-20110221/crypto_verify/32/ref/verify.c */ + #include "includes.h" -__RCSID("$NetBSD: verify.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); #include "crypto_api.h" diff --git a/crypto/external/bsd/openssh/dist/version.h b/crypto/external/bsd/openssh/dist/version.h index 4e177aefc..d917ca1f6 100644 --- a/crypto/external/bsd/openssh/dist/version.h +++ b/crypto/external/bsd/openssh/dist/version.h @@ -1,13 +1,6 @@ -/* $NetBSD: version.h,v 1.17 2015/08/21 08:20:59 christos Exp $ */ /* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */ -#define __OPENSSH_VERSION "OpenSSH_7.1" -#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20150821" -#define SSH_HPN "-hpn13v14" -#define SSH_LPK "-lpk" -/* - * it is important to retain OpenSSH version identification part, it is - * used for bug compatibility operation. present NetBSD SSH version as comment - */ -#define SSH_VERSION __OPENSSH_VERSION " " __NETBSDSSH_VERSION -#define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK +#define SSH_VERSION "OpenSSH_7.1" + +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/crypto/external/bsd/openssh/dist/xmalloc.c b/crypto/external/bsd/openssh/dist/xmalloc.c index 35c3485bd..98cbf8776 100644 --- a/crypto/external/bsd/openssh/dist/xmalloc.c +++ b/crypto/external/bsd/openssh/dist/xmalloc.c @@ -1,4 +1,3 @@ -/* $NetBSD: xmalloc.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: xmalloc.c,v 1.32 2015/04/24 01:36:01 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -15,10 +14,11 @@ */ #include "includes.h" -__RCSID("$NetBSD: xmalloc.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); -#include + #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include diff --git a/crypto/external/bsd/openssh/dist/xmalloc.h b/crypto/external/bsd/openssh/dist/xmalloc.h index 2633fb693..2bec77ba8 100644 --- a/crypto/external/bsd/openssh/dist/xmalloc.h +++ b/crypto/external/bsd/openssh/dist/xmalloc.h @@ -1,4 +1,3 @@ -/* $NetBSD: xmalloc.h,v 1.6 2015/07/03 01:00:00 christos Exp $ */ /* $OpenBSD: xmalloc.h,v 1.15 2015/04/24 01:36:01 deraadt Exp $ */ /* diff --git a/crypto/external/bsd/openssh/lib/Makefile b/crypto/external/bsd/openssh/lib/Makefile index 8d3988921..5eefa7ee5 100644 --- a/crypto/external/bsd/openssh/lib/Makefile +++ b/crypto/external/bsd/openssh/lib/Makefile @@ -5,15 +5,49 @@ .include "../Makefile.inc" LIB= ssh + +.if defined(__MINIX) +SRCS= ssh_api.c \ + ssherr.c \ + sshbuf.c \ + sshkey.c \ + sshbuf-getput-basic.c \ + sshbuf-misc.c \ + sshbuf-getput-crypto.c \ + krl.c \ + bitmap.c + +SRCS+= authfd.c authfile.c bufaux.c bufbn.c bufec.c buffer.c \ + canohost.c channels.c cipher.c cipher-aes.c cipher-aesctr.c \ + cipher-bf1.c cipher-ctr.c cipher-3des1.c cleanup.c \ + compat.c crc32.c deattack.c fatal.c hostfile.c \ + log.c match.c md-sha256.c moduli.c nchan.c packet.c opacket.c \ + readpass.c rsa.c ttymodes.c xmalloc.c addrmatch.c \ + atomicio.c key.c dispatch.c mac.c uidswap.c uuencode.c misc.c \ + monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \ + msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c umac128.c \ + ssh-pkcs11.c smult_curve25519_ref.c \ + poly1305.c chacha.c cipher-chachapoly.c \ + ssh-ed25519.c digest-openssl.c digest-libc.c hmac.c \ + sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c \ + kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c \ + kexdhc.c kexgexc.c kexecdhc.c kexc25519c.c \ + kexdhs.c kexgexs.c kexecdhs.c kexc25519s.c + +SRCS+= fmt_scaled.c bcrypt_pbkdf.c blowfish.c readpassphrase.c getrrsetbyname.c +SRCS+= explicit_bzero.c timingsafe_bcmp.c bsd-misc.c reallocarray.c strtonum.c +SRCS+= bsd-setres_id.c openssl-compat.c bindresvport.c xcrypt.c xmmap.c realpath.c +SRCS+= roaming_common.c roaming_serv.c + +.else + SRCS=\ addrmatch.c \ atomicio.c \ authfd.c \ authfile.c \ -bcrypt_pbkdf.c \ bitmap.c \ blocks.c \ -blowfish.c \ bufaux.c \ bufbn.c \ bufec.c \ @@ -80,6 +114,10 @@ uuencode.c \ verify.c \ xmalloc.c +SRCS+= fmt_scaled.c bcrypt_pbkdf.c blowfish.c +SRCS+= readpassphrase.c getpeereid.c getrrsetbyname.c +.endif + OPENSSL_SRCS=\ digest-openssl.c \ kexc25519.c \ @@ -89,8 +127,6 @@ ssh-dss.c \ ssh-ecdsa.c \ ssh-rsa.c -SRCS+= fmt_scaled.c -SRCS+= readpassphrase.c getpeereid.c getrrsetbyname.c COPTS.monitor_fdpass.c = -Wno-stack-protector .if WITH_OPENSSL diff --git a/distrib/sets/lists/minix-base/mi b/distrib/sets/lists/minix-base/mi index d976c05da..7a9c73e39 100644 --- a/distrib/sets/lists/minix-base/mi +++ b/distrib/sets/lists/minix-base/mi @@ -108,6 +108,7 @@ ./etc/man.conf minix-base ./etc/master.passwd minix-base ./etc/mk.conf minix-base +./etc/moduli minix-base crypto ./etc/motd minix-base ./etc/mtab minix-base ./etc/mtree minix-base @@ -191,6 +192,9 @@ ./etc/skel/.profile minix-base ./etc/skel/.shrc minix-base ./etc/spwd.db minix-base +./etc/ssh minix-base +./etc/ssh/ssh_config minix-base crypto +./etc/ssh/sshd_config minix-base crypto ./etc/syslog.conf minix-base ./etc/system.conf minix-base ./etc/system.conf.d minix-base @@ -550,15 +554,18 @@ ./usr/bin/rput minix-base obsolete ./usr/bin/rsh minix-base ./usr/bin/rz minix-base +./usr/bin/scp minix-base crypto ./usr/bin/screendump minix-base ./usr/bin/sdiff minix-base ./usr/bin/sed minix-base ./usr/bin/seq minix-base +./usr/bin/sftp minix-base crypto ./usr/bin/sha1 minix-base ./usr/bin/shar minix-base ./usr/bin/shlock minix-base ./usr/bin/shuffle minix-base ./usr/bin/slip minix-base +./usr/bin/slogin minix-base crypto ./usr/bin/soelim minix-base ./usr/bin/sort minix-base ./usr/bin/spell minix-base @@ -567,6 +574,11 @@ ./usr/bin/sprofdiff minix-base ./usr/bin/sqlite3 minix-base ./usr/bin/srccrc minix-base +./usr/bin/ssh-add minix-base crypto +./usr/bin/ssh-agent minix-base crypto +./usr/bin/ssh-keygen minix-base crypto +./usr/bin/ssh-keyscan minix-base crypto +./usr/bin/ssh minix-base crypto ./usr/bin/stat minix-base ./usr/bin/su minix-base ./usr/bin/sum minix-base @@ -984,6 +996,11 @@ ./usr/lib/libsqlite3.so.1 minix-base ./usr/lib/libsqlite3.so.1.1 minix-base obsolete ./usr/lib/libsqlite3.so.1.2 minix-base +./usr/lib/libssh.a minix-base crypto +./usr/lib/libssh.so.26.0 minix-base crypto +./usr/lib/libssh.so.26 minix-base crypto +./usr/lib/libssh.so minix-base crypto +./usr/lib/libssh_pic.a minix-base crypto ./usr/lib/libssl.a minix-base crypto ./usr/lib/libssl.so.10.1 minix-base crypto,obsolete ./usr/lib/libssl.so.10.5 minix-base crypto @@ -1071,6 +1088,9 @@ ./usr/libexec/ld.elf_so minix-base ./usr/libexec/makewhatis minix-base ./usr/libexec/rshd minix-base +./usr/libexec/sftp-server minix-base crypto +./usr/libexec/ssh-keysign minix-base crypto +./usr/libexec/ssh-pkcs11-helper minix-base crypto ./usr/libexec/telnetd minix-base ./usr/libexec/virecover minix-base ./usr/log minix-base @@ -1142,6 +1162,7 @@ ./usr/sbin/rtadvd minix-base use_inet6 ./usr/sbin/service minix-base ./usr/sbin/services_mkdb minix-base +./usr/sbin/sshd minix-base crypto ./usr/sbin/syslogd minix-base ./usr/sbin/tcpdump minix-base ./usr/sbin/traceroute minix-base diff --git a/distrib/sets/lists/minix-comp/mi b/distrib/sets/lists/minix-comp/mi index e0cc28825..454ac5606 100644 --- a/distrib/sets/lists/minix-comp/mi +++ b/distrib/sets/lists/minix-comp/mi @@ -2132,6 +2132,8 @@ ./usr/lib/libsockevent_pic.a minix-comp ./usr/lib/libsqlite3.a minix-comp ./usr/lib/libsqlite3_pic.a minix-comp +./usr/lib/libssh.a minix-comp crypto +./usr/lib/libssh_pic.a minix-comp crypto ./usr/lib/libstdc++.a minix-comp libstdcxx ./usr/lib/libstdc++_pic.a minix-comp libstdcxx ./usr/lib/libsupc++.a minix-comp libstdcxx diff --git a/distrib/sets/lists/minix-man/mi b/distrib/sets/lists/minix-man/mi index 170fe7300..0f25e91a7 100644 --- a/distrib/sets/lists/minix-man/mi +++ b/distrib/sets/lists/minix-man/mi @@ -337,11 +337,13 @@ ./usr/man/man1/rmdir.1 minix-man ./usr/man/man1/rsh.1 minix-man ./usr/man/man1/rz.1 minix-man +./usr/man/man1/scp.1 minix-man crypto ./usr/man/man1/sdiff.1 minix-man ./usr/man/man1/sed.1 minix-man ./usr/man/man1/seq.1 minix-man ./usr/man/man1/set.1 minix-man obsolete ./usr/man/man1/setvar.1 minix-man obsolete +./usr/man/man1/sftp.1 minix-man crypto ./usr/man/man1/sh.1 minix-man ./usr/man/man1/sha1.1 minix-man ./usr/man/man1/shar.1 minix-man @@ -350,12 +352,18 @@ ./usr/man/man1/shuffle.1 minix-man ./usr/man/man1/size.1 minix-man binutils ./usr/man/man1/sleep.1 minix-man +./usr/man/man1/slogin.1 minix-man crypto ./usr/man/man1/soelim.1 minix-man ./usr/man/man1/sort.1 minix-man ./usr/man/man1/source.1 minix-man ./usr/man/man1/spell.1 minix-man ./usr/man/man1/split.1 minix-man ./usr/man/man1/sqlite3.1 minix-man +./usr/man/man1/ssh-add.1 minix-man crypto +./usr/man/man1/ssh-agent.1 minix-man crypto +./usr/man/man1/ssh-keygen.1 minix-man crypto +./usr/man/man1/ssh-keyscan.1 minix-man crypto +./usr/man/man1/ssh.1 minix-man crypto ./usr/man/man1/stat.1 minix-man ./usr/man/man1/stop.1 minix-man ./usr/man/man1/strings.1 minix-man binutils @@ -3377,6 +3385,7 @@ ./usr/man/man5/locale.alias.5 minix-man ./usr/man/man5/magic.5 minix-man ./usr/man/man5/man.conf.5 minix-man +./usr/man/man5/moduli.5 minix-man crypto ./usr/man/man5/mtree.5 minix-man ./usr/man/man5/named.conf.5 minix-man ./usr/man/man5/nsswitch.conf.5 minix-man @@ -3394,6 +3403,8 @@ ./usr/man/man5/route.conf.5 minix-man ./usr/man/man5/rtadvd.conf.5 minix-man use_inet6 ./usr/man/man5/serv.access.5 minix-man obsolete +./usr/man/man5/ssh_config.5 minix-man crypto +./usr/man/man5/sshd_config.5 minix-man crypto ./usr/man/man5/statvfs.5 minix-man ./usr/man/man5/syslog.conf.5 minix-man ./usr/man/man5/system.conf.5 minix-man @@ -3574,11 +3585,15 @@ ./usr/man/man8/service.8 minix-man ./usr/man/man8/services_mkdb.8 minix-man ./usr/man/man8/setup.8 minix-man +./usr/man/man8/sftp-server.8 minix-man crypto ./usr/man/man8/shutdown.8 minix-man ./usr/man/man8/slip.8 minix-man ./usr/man/man8/sprofalyze.8 minix-man ./usr/man/man8/sprofdiff.8 minix-man ./usr/man/man8/srccrc.8 minix-man +./usr/man/man8/ssh-keysign.8 minix-man crypto +./usr/man/man8/ssh-pkcs11-helper.8 minix-man crypto +./usr/man/man8/sshd.8 minix-man crypto ./usr/man/man8/strfile.8 minix-man ./usr/man/man8/sync.8 minix-man ./usr/man/man8/sysctl.8 minix-man