p!ranha?

#!/usr/bin/python # -*- coding: UTF-8 -*- # # Authconfig - client authentication configuration program # Copyright (c) 1999-2008 Red Hat, Inc. # # Original authors: Preston Brown <pbrown@redhat.com> # Nalin Dahyabhai <nalin@redhat.com> # Matt Wilson <msw@redhat.com> # Python rewrite and further development by: Tomas Mraz <tmraz@redhat.com> # # This is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA import authinfo, acutil import gettext, os, signal, sys _ = gettext.lgettext from optparse import OptionParser, IndentedHelpFormatter import locale try: locale.setlocale(locale.LC_ALL, '') except locale.Error: sys.stderr.write('Warning: Unsupported locale setting.\n') def runsAs(name): return sys.argv[0].find(name) >= 0 if runsAs("authconfig-tui"): import snack class UnihelpOptionParser(OptionParser): def print_help(self, file=None): if file is None: file = sys.stdout srcencoding = locale.getpreferredencoding() encoding = getattr(file, "encoding", None) if not encoding or encoding == "ascii": encoding = srcencoding file.write(self.format_help().decode(srcencoding).encode(encoding, "replace")) class NonWrapFormatter(IndentedHelpFormatter): def format_option(self, option): # The help for each option consists of two parts: # * the opt strings and metavars # eg. ("-x", or "-fFILENAME, --file=FILENAME") # * the user-supplied help string # eg. ("turn on expert mode", "read data from FILENAME") # # If possible, we write both of these on the same line: # -x turn on expert mode # # But if the opt string list is too long, we put the help # string on a second line, indented to the same column it would # start in if it fit on the first line. # -fFILENAME, --file=FILENAME # read data from FILENAME # We cannot wrap the help text as it can be in any language and # encoding and so we do not know how to wrap it correctly. result = [] opts = self.option_strings[option] opt_width = self.help_position - self.current_indent - 2 if len(opts) > opt_width: opts = "%*s%s\n" % (self.current_indent, "", opts) indent_first = self.help_position else: # start help on same line as opts opts = "%*s%-*s " % (self.current_indent, "", opt_width, opts) opts = "%*s%-*s " % (self.current_indent, "", opt_width, opts) indent_first = 0 result.append(opts) if option.help: help_text = self.expand_default(option) result.append("%*s%s\n" % (indent_first, "", help_text)) elif opts[-1] != "\n": result.append("\n") return "".join(result) class Authconfig: def __init__(self): self.nis_avail = False self.kerberos_avail = False self.ldap_avail = False self.sssd_avail = False self.cache_avail = False self.fprintd_avail = False self.retval = 0 def module(self): return "authconfig" def printError(self, error): sys.stderr.write("%s: %s\n" % (self.module(), error)) def listHelp(self, l, addidx): idx = 0 help = "<" for item in l: if idx > 0: help += "|" if addidx: help += str(idx) + "=" help += item idx += 1 help += ">" return help def parseOptions(self): usage = _("usage: %s [options]") % self.module() if self.module() == "authconfig": usage += " {--update|--updateall|--test|--probe|--restorebackup <name>|--savebackup <name>|--restorelastbackup}" parser = UnihelpOptionParser(usage, add_help_option=False, formatter=NonWrapFormatter()) parser.add_option("-h", "--help", action="help", help=_("show this help message and exit")) parser.add_option("--enableshadow", "--useshadow", action="store_true", help=_("enable shadowed passwords by default")) parser.add_option("--disableshadow", action="store_true", help=_("disable shadowed passwords by default")) parser.add_option("--enablemd5", "--usemd5", action="store_true", help=_("enable MD5 passwords by default")) parser.add_option("--disablemd5", action="store_true", help=_("disable MD5 passwords by default")) parser.add_option("--passalgo", metavar=self.listHelp(authinfo.password_algorithms, False), help=_("hash/crypt algorithm for new passwords")) parser.add_option("--enablenis", action="store_true", help=_("enable NIS for user information by default")) parser.add_option("--disablenis", action="store_true", help=_("disable NIS for user information by default")) parser.add_option("--nisdomain", metavar=_("<domain>"), help=_("default NIS domain")) parser.add_option("--nisserver", metavar=_("<server>"), help=_("default NIS server")) parser.add_option("--enableldap", action="store_true", help=_("enable LDAP for user information by default")) parser.add_option("--disableldap", action="store_true", help=_("disable LDAP for user information by default")) parser.add_option("--enableldapauth", action="store_true", help=_("enable LDAP for authentication by default")) parser.add_option("--disableldapauth", action="store_true", help=_("disable LDAP for authentication by default")) parser.add_option("--ldapserver", metavar=_("<server>"), help=_("default LDAP server hostname or URI")) parser.add_option("--ldapbasedn", metavar=_("<dn>"), help=_("default LDAP base DN")) parser.add_option("--enableldaptls", "--enableldapstarttls", action="store_true", help=_("enable use of TLS with LDAP (RFC-2830)")) parser.add_option("--disableldaptls", "--disableldapstarttls", action="store_true", help=_("disable use of TLS with LDAP (RFC-2830)")) parser.add_option("--enablerfc2307bis", action="store_true", help=_("enable use of RFC-2307bis schema for LDAP user information lookups")) parser.add_option("--disablerfc2307bis", action="store_true", help=_("disable use of RFC-2307bis schema for LDAP user information lookups")) parser.add_option("--ldaploadcacert", metavar=_("<URL>"), help=_("load CA certificate from the URL")) parser.add_option("--enablesmartcard", action="store_true", help=_("enable authentication with smart card by default")) parser.add_option("--disablesmartcard", action="store_true", help=_("disable authentication with smart card by default")) parser.add_option("--enablerequiresmartcard", action="store_true", help=_("require smart card for authentication by default")) parser.add_option("--disablerequiresmartcard", action="store_true", help=_("do not require smart card for authentication by default")) parser.add_option("--smartcardmodule", metavar=_("<module>"), help=_("default smart card module to use")) actshelp = self.listHelp(authinfo.getSmartcardActions(), True) parser.add_option("--smartcardaction", metavar=actshelp, help=_("action to be taken on smart card removal")) parser.add_option("--enablefingerprint", action="store_true", help=_("enable authentication with fingerprint readers by default")) parser.add_option("--disablefingerprint", action="store_true", help=_("disable authentication with fingerprint readers by default")) parser.add_option("--enableecryptfs", action="store_true", help=_("enable automatic per-user ecryptfs")) parser.add_option("--disableecryptfs", action="store_true", help=_("disable automatic per-user ecryptfs")) parser.add_option("--enablekrb5", action="store_true", help=_("enable kerberos authentication by default")) parser.add_option("--disablekrb5", action="store_true", help=_("disable kerberos authentication by default")) parser.add_option("--krb5kdc", metavar=_("<server>"), help=_("default kerberos KDC")) parser.add_option("--krb5adminserver", metavar=_("<server>"), help=_("default kerberos admin server")) parser.add_option("--krb5realm", metavar=_("<realm>"), help=_("default kerberos realm")) parser.add_option("--enablekrb5kdcdns", action="store_true", help=_("enable use of DNS to find kerberos KDCs")) parser.add_option("--disablekrb5kdcdns", action="store_true", help=_("disable use of DNS to find kerberos KDCs")) parser.add_option("--enablekrb5realmdns", action="store_true", help=_("enable use of DNS to find kerberos realms")) parser.add_option("--disablekrb5realmdns", action="store_true", help=_("disable use of DNS to find kerberos realms")) parser.add_option("--enablewinbind", action="store_true", help=_("enable winbind for user information by default")) parser.add_option("--disablewinbind", action="store_true", help=_("disable winbind for user information by default")) parser.add_option("--enablewinbindauth", action="store_true", help=_("enable winbind for authentication by default")) parser.add_option("--disablewinbindauth", action="store_true", help=_("disable winbind for authentication by default")) parser.add_option("--smbsecurity", metavar="<user|server|domain|ads>", help=_("security mode to use for samba and winbind")) parser.add_option("--smbrealm", metavar=_("<realm>"), help=_("default realm for samba and winbind when security=ads")) parser.add_option("--smbservers", metavar=_("<servers>"), help=_("names of servers to authenticate against")) parser.add_option("--smbworkgroup", metavar=_("<workgroup>"), help=_("workgroup authentication servers are in")) parser.add_option("--smbidmaprange", "--smbidmapuid", "--smbidmapgid", metavar=_("<lowest-highest>"), help=_("uid range winbind will assign to domain or ads users")) parser.add_option("--winbindseparator", metavar="<\\>", help=_("the character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enabled")) parser.add_option("--winbindtemplatehomedir", metavar="</home/%D/%U>", help=_("the directory which winbind-created users will have as home directories")) parser.add_option("--winbindtemplateshell", metavar="</bin/false>", help=_("the shell which winbind-created users will have as their login shell")) parser.add_option("--enablewinbindusedefaultdomain", action="store_true", help=_("configures winbind to assume that users with no domain in their user names are domain users")) parser.add_option("--disablewinbindusedefaultdomain", action="store_true", help=_("configures winbind to assume that users with no domain in their user names are not domain users")) parser.add_option("--enablewinbindoffline", action="store_true", help=_("configures winbind to allow offline login")) parser.add_option("--disablewinbindoffline", action="store_true", help=_("configures winbind to prevent offline login")) parser.add_option("--enablewinbindkrb5", action="store_true", help=_("winbind will use Kerberos 5 to authenticate")) parser.add_option("--disablewinbindkrb5", action="store_true", help=_("winbind will use the default authentication method")) parser.add_option("--winbindjoin", metavar="<Administrator>", help=_("join the winbind domain or ads realm now as this administrator")) parser.add_option("--enableipav2", action="store_true", help=_("enable IPAv2 for user information and authentication by default")) parser.add_option("--disableipav2", action="store_true", help=_("disable IPAv2 for user information and authentication by default")) parser.add_option("--ipav2domain", metavar=_("<domain>"), help=_("the IPAv2 domain the system should be part of")) parser.add_option("--ipav2realm", metavar=_("<realm>"), help=_("the realm for the IPAv2 domain")) parser.add_option("--ipav2server", metavar=_("<servers>"), help=_("the server for the IPAv2 domain")) parser.add_option("--enableipav2nontp", action="store_true", help=_("do not setup the NTP against the IPAv2 domain")) parser.add_option("--disableipav2nontp", action="store_true", help=_("setup the NTP against the IPAv2 domain (default)")) parser.add_option("--ipav2join", metavar="<account>", help=_("join the IPAv2 domain as this account")) parser.add_option("--enablewins", action="store_true", help=_("enable wins for hostname resolution")) parser.add_option("--disablewins", action="store_true", help=_("disable wins for hostname resolution")) parser.add_option("--enablepreferdns", action="store_true", help=_("prefer dns over wins or nis for hostname resolution")) parser.add_option("--disablepreferdns", action="store_true", help=_("do not prefer dns over wins or nis for hostname resolution")) parser.add_option("--enablehesiod", action="store_true", help=_("enable hesiod for user information by default")) parser.add_option("--disablehesiod", action="store_true", help=_("disable hesiod for user information by default")) parser.add_option("--hesiodlhs", metavar="<lhs>", help=_("default hesiod LHS")) parser.add_option("--hesiodrhs", metavar="<rhs>", help=_("default hesiod RHS")) parser.add_option("--enablesssd", action="store_true", help=_("enable SSSD for user information by default with manually managed configuration")) parser.add_option("--disablesssd", action="store_true", help=_("disable SSSD for user information by default (still used for supported configurations)")) parser.add_option("--enablesssdauth", action="store_true", help=_("enable SSSD for authentication by default with manually managed configuration")) parser.add_option("--disablesssdauth", action="store_true", help=_("disable SSSD for authentication by default (still used for supported configurations)")) parser.add_option("--enableforcelegacy", action="store_true", help=_("never use SSSD implicitly even for supported configurations")) parser.add_option("--disableforcelegacy", action="store_true", help=_("use SSSD implicitly if it supports the configuration")) parser.add_option("--enablecachecreds", action="store_true", help=_("enable caching of user credentials in SSSD by default")) parser.add_option("--disablecachecreds", action="store_true", help=_("disable caching of user credentials in SSSD by default")) parser.add_option("--enablecache", action="store_true", help=_("enable caching of user information by default (automatically disabled when SSSD is used)")) parser.add_option("--disablecache", action="store_true", help=_("disable caching of user information by default")) parser.add_option("--enablelocauthorize", action="store_true", help=_("local authorization is sufficient for local users")) parser.add_option("--disablelocauthorize", action="store_true", help=_("authorize local users also through remote service")) parser.add_option("--enablepamaccess", action="store_true", help=_("check access.conf during account authorization")) parser.add_option("--disablepamaccess", action="store_true", help=_("do not check access.conf during account authorization")) parser.add_option("--enablesysnetauth", action="store_true", help=_("authenticate system accounts by network services")) parser.add_option("--disablesysnetauth", action="store_true", help=_("authenticate system accounts by local files only")) parser.add_option("--enablemkhomedir", action="store_true", help=_("create home directories for users on their first login")) parser.add_option("--disablemkhomedir", action="store_true", help=_("do not create home directories for users on their first login")) parser.add_option("--passminlen", metavar=_("<number>"), help=_("minimum length of a password")) parser.add_option("--passminclass", metavar=_("<number>"), help=_("minimum number of character classes in a password")) parser.add_option("--passmaxrepeat", metavar=_("<number>"), help=_("maximum number of same consecutive characters in a password")) parser.add_option("--passmaxclassrepeat", metavar=_("<number>"), help=_("maximum number of consecutive characters of same class in a password")) parser.add_option("--enablereqlower", action="store_true", help=_("require at least one lowercase character in a password")) parser.add_option("--disablereqlower", action="store_true", help=_("do not require lowercase characters in a password")) parser.add_option("--enablerequpper", action="store_true", help=_("require at least one uppercase character in a password")) parser.add_option("--disablerequpper", action="store_true", help=_("do not require uppercase characters in a password")) parser.add_option("--enablereqdigit", action="store_true", help=_("require at least one digit in a password")) parser.add_option("--disablereqdigit", action="store_true", help=_("do not require digits in a password")) parser.add_option("--enablereqother", action="store_true", help=_("require at least one other character in a password")) parser.add_option("--disablereqother", action="store_true", help=_("do not require other characters in a password")) parser.add_option("--enablefaillock", action="store_true", help=_("enable account locking in case of too many consecutive authentication failures")) parser.add_option("--disablefaillock", action="store_true", help=_("disable account locking on too many consecutive authentication failures")) parser.add_option("--faillockargs", metavar=_("<options>"), help=_("the pam_faillock module options")) parser.add_option("--nostart", action="store_true", help=_("do not start/stop portmap, ypbind, and nscd")) parser.add_option("--test", action="store_true", help=_("do not update the configuration files, only print new settings")) if self.module() == "authconfig-tui": parser.add_option("--back", action="store_true", help=_("display Back instead of Cancel in the main dialog of the TUI")) parser.add_option("--kickstart", action="store_true", help=_("do not display the deprecated text user interface")) else: parser.add_option("--update", "--kickstart", action="store_true", help=_("opposite of --test, update configuration files with changed settings")) parser.add_option("--updateall", action="store_true", help=_("update all configuration files")) parser.add_option("--probe", action="store_true", help=_("probe network for defaults and print them")) parser.add_option("--savebackup", metavar=_("<name>"), help=_("save a backup of all configuration files")) parser.add_option("--restorebackup", metavar=_("<name>"), help=_("restore the backup of configuration files")) parser.add_option("--restorelastbackup", action="store_true", help=_("restore the backup of configuration files saved before the previous configuration change")) (self.options, args) = parser.parse_args() if args: self.printError(_("unexpected argument")) sys.exit(2) if (not self.module() == "authconfig-tui" and not self.options.probe and not self.options.test and not self.options.update and not self.options.updateall and not self.options.savebackup and not self.options.restorebackup and not self.options.restorelastbackup): # --update (== --kickstart) or --test or --probe must be specified # this will print usage and call sys.exit() parser.print_help() sys.exit(2) def probe(self): info = authinfo.AuthInfo(self.printError) info.probe() if info.hesiodLHS and info.hesiodRHS: print "hesiod %s/%s" % (info.hesiodLHS, info.hesiodRHS) if info.ldapServer and info.ldapBaseDN: print "ldap %s/%s\n" % (info.ldapServer, info.ldapBaseDN) if info.kerberosRealm: print "krb5 %s/%s/%s\n" % (info.kerberosRealm, info.kerberosKDC or "", info.kerberosAdminServer or "") def readAuthInfo(self): self.info = authinfo.read(self.printError) # FIXME: what about printing critical errors reading individual configs? self.pristineinfo = self.info.copy() if self.info.enableLocAuthorize == None: self.info.enableLocAuthorize = True # ON by default def testAvailableSubsys(self): self.nis_avail = (os.access(authinfo.PATH_YPBIND, os.X_OK) and os.access(authinfo.PATH_LIBNSS_NIS, os.X_OK)) self.kerberos_avail = os.access(authinfo.PATH_PAM_KRB5, os.X_OK) self.ldap_avail = (os.access(authinfo.PATH_PAM_LDAP, os.X_OK) and os.access(authinfo.PATH_LIBNSS_LDAP, os.X_OK)) self.sssd_avail = (os.access(authinfo.PATH_PAM_SSS, os.X_OK) and os.access(authinfo.PATH_LIBNSS_SSS, os.X_OK)) self.cache_avail = os.access(authinfo.PATH_NSCD, os.X_OK) self.fprintd_avail = os.access(authinfo.PATH_PAM_FPRINTD, os.X_OK) def overrideSettings(self): bool_settings = {"shadow":"enableShadow", "locauthorize":"enableLocAuthorize", "pamaccess":"enablePAMAccess", "sysnetauth":"enableSysNetAuth", "mkhomedir":"enableMkHomeDir", "cache":"enableCache", "ecryptfs":"enableEcryptfs", "hesiod":"enableHesiod", "ldap":"enableLDAP", "ldaptls":"enableLDAPS", "rfc2307bis":"enableRFC2307bis", "ldapauth":"enableLDAPAuth", "krb5":"enableKerberos", "nis":"enableNIS", "krb5kdcdns":"kerberosKDCviaDNS", "krb5realmdns":"kerberosRealmviaDNS", "smartcard":"enableSmartcard", "fingerprint":"enableFprintd", "requiresmartcard":"forceSmartcard", "winbind":"enableWinbind", "winbindauth":"enableWinbindAuth", "winbindusedefaultdomain":"winbindUseDefaultDomain", "winbindoffline":"winbindOffline", "winbindkrb5":"winbindKrb5", "ipav2":"enableIPAv2", "ipav2nontp":"ipav2NoNTP", "wins":"enableWINS", "sssd":"enableSSSD", "sssdauth":"enableSSSDAuth", "forcelegacy":"enableForceLegacy", "cachecreds":"enableCacheCreds", "preferdns":"preferDNSinHosts", "reqlower":"passReqLower", "requpper":"passReqUpper", "reqdigit":"passReqDigit", "reqother":"passReqOther", "faillock":"enableFaillock"} string_settings = {"passalgo":"passwordAlgorithm", "hesiodlhs":"hesiodLHS", "hesiodrhs":"hesiodRHS", "ldapserver":"ldapServer", "ldapbasedn":"ldapBaseDN", "ldaploadcacert":"ldapCacertURL", "krb5realm":"kerberosRealm", "krb5kdc":"kerberosKDC", "krb5adminserver":"kerberosAdminServer", "smartcardmodule":"smartcardModule", "smartcardaction":"smartcardAction", "nisdomain":"nisDomain", "nisserver":"nisServer", "smbworkgroup":"smbWorkgroup", "smbservers":"smbServers", "smbsecurity":"smbSecurity", "smbrealm" : "smbRealm", "smbidmaprange":"smbIdmapRange", "winbindseparator":"winbindSeparator", "winbindtemplatehomedir":"winbindTemplateHomedir", "winbindtemplateshell":"winbindTemplateShell", "ipav2domain":"ipav2Domain", "ipav2realm":"ipav2Realm", "ipav2server":"ipav2Server", "passminlen":"passMinLen", "passminclass":"passMinClass", "passmaxrepeat":"passMaxRepeat", "passmaxclassrepeat":"passMaxClassRepeat", "faillockargs":"faillockArgs"} for opt, aival in bool_settings.iteritems(): if getattr(self.options, "enable"+opt): setattr(self.info, aival, True) if getattr(self.options, "disable"+opt): setattr(self.info, aival, False) try: if self.info.enableRFC2307bis: self.info.ldapSchema = 'rfc2307bis' else: self.info.ldapSchema = '' except AttributeError: pass if self.options.krb5realm and self.options.krb5realm != self.info.kerberosRealm: self.info.kerberosKDC = self.info.getKerberosKDC(self.options.krb5realm) self.info.kerberosAdminServer = self.info.getKerberosAdminServer(self.options.krb5realm) try: val = self.options.passminlen if val != None: val = int(val) if val < 6: self.printError(_("The passminlen minimum value is 6")) self.options.passminlen = None self.retval = 3 except ValueError: self.printError(_("The passminlen option value is not an integer")) self.options.passminlen = None self.retval = 3 try: val = self.options.passminclass if val != None: val = int(val) if val < 0: self.printError(_("The passminclass value must not be negative")) self.options.passminclass = None self.retval = 3 if val > 4: self.printError(_("The passminclass value must not be higher than 4")) self.options.passminclass = None self.retval = 3 except ValueError: self.printError(_("The passminclass option value is not an integer")) self.options.passminclass = None self.retval = 3 try: val = self.options.passmaxrepeat if val != None: val = int(val) if val < 0: self.printError(_("The passmaxrepeat value must not be negative")) self.options.passmaxrepeat = None self.retval = 3 except ValueError: self.printError(_("The passmaxrepeat option value is not an integer")) self.options.passmaxrepeat = None self.retval = 3 try: val = self.options.passmaxclassrepeat if val != None: val = int(val) if val < 0: self.printError(_("The passmaxclassrepeat value must not be negative")) self.options.passmaxclassrepeat = None self.retval = 3 except ValueError: self.printError(_("The passmaxclassrepeat option value is not an integer")) self.options.passmaxclassrepeat = None self.retval = 3 for opt, aival in string_settings.iteritems(): if getattr(self.options, opt) != None: setattr(self.info, aival, getattr(self.options, opt)) if self.options.winbindjoin: lst = self.options.winbindjoin.split("%", 1) self.info.joinUser = lst[0] if len(lst) > 1: self.info.joinPassword = lst[1] if self.options.ipav2join != None: self.info.joinUser = self.options.ipav2join if self.options.smartcardaction: try: idx = int(self.options.smartcardaction) self.info.smartcardAction = authinfo.getSmartcardActions()[idx] except (ValueError, IndexError): self.printError(_("Bad smart card removal action specified.")) self.info.smartcardAction = "" if self.options.enablerequiresmartcard and self.options.smartcardmodule == "sssd": self.printError(_("--enablerequiresmartcard is not supported for module 'sssd', option is ignored.")) self.options.enablerequiresmartcard = False if not self.options.passalgo: if self.options.enablemd5: self.info.passwordAlgorithm = "md5" if self.options.disablemd5: self.info.passwordAlgorithm = "descrypt" elif self.options.passalgo not in authinfo.password_algorithms: self.printError(_("Unknown password hashing algorithm specified, using sha256.")) self.info.passwordAlgorithm = "sha256" self.retval = 3 def doUI(self): return True def joinDomain(self): ret = True if self.options.winbindjoin: ret = self.info.joinDomain(True) if self.options.ipav2join != None: if self.info.joinIPADomain(True): # This is a hack but otherwise we cannot # get the IPAV2DOMAINJOINED saved # unfortunately the backup will be overwritten self.info.writeSysconfig() else: ret = False return ret def writeAuthInfo(self): self.info.testLDAPCACerts() if self.info.ldapCacertURL: if not self.info.downloadLDAPCACert(): self.retval = 4 self.info.rehashLDAPCACerts() if self.options.updateall: if not self.info.write(): self.retval = 5 else: if not self.info.writeChanged(self.pristineinfo): self.retval = 6 # FIXME: what about printing critical errors writing individual configs? if not self.joinDomain(): self.retval = 7 self.info.post(self.options.nostart) def run(self): self.parseOptions() if self.options.probe: self.probe() sys.exit(0) if not self.options.test and os.getuid() != 0: self.printError(_("can only be run as root")) sys.exit(2) self.readAuthInfo() if self.options.restorelastbackup: rv = self.info.restoreLast() sys.exit(int(not rv)) if self.options.restorebackup: rv = self.info.restoreBackup(self.options.restorebackup) sys.exit(int(not rv)) if self.options.savebackup: rv = self.info.saveBackup(self.options.savebackup) sys.exit(int(not rv)) self.testAvailableSubsys() self.overrideSettings() if not self.doUI(): if self.options.test: self.printError(_("dialog was cancelled")) sys.exit(1) if self.options.test: self.info.printInfo() else: self.writeAuthInfo() return self.retval class AuthconfigTUI(Authconfig): def module(self): return "authconfig-tui" def joinDomain(self): # join domain only on kickstart if self.options.kickstart and self.options.winbindjoin: self.info.joinDomain(True) def warn(self, toggle, warning): if not toggle: return while warning: path = warning[0] package = warning[2] if type(path) == tuple: if self.info.sssdSupported(): path = path[1] package = package[1] else: path = path[0] package = package[0] if not os.access(path, os.R_OK): text = (_("The %s file was not found, but it is required for %s support to work properly.\nInstall the %s package, which provides this file.") % (path, warning[1], package)) snack.ButtonChoiceWindow(self.screen, _("Warning"), text, [_("Ok")]) warning = warning[3] def getMainChoices(self): warnCache = [authinfo.PATH_NSCD, _("caching"), "nscd", None] warnFprintd = [authinfo.PATH_PAM_FPRINTD, _("Fingerprint reader"), "pam_fprintd", None] warnKerberos = [(authinfo.PATH_PAM_KRB5, authinfo.PATH_PAM_SSS), _("Kerberos"), ("pam_krb5", "sssd-client"), None] warnLDAPAuth = [(authinfo.PATH_PAM_LDAP, authinfo.PATH_PAM_SSS), _("LDAP authentication"), ("pam_ldap", "sssd-client"), None] warnLDAP = [(authinfo.PATH_LIBNSS_LDAP, authinfo.PATH_LIBNSS_SSS), _("LDAP"), ("nss-pam-ldapd", "sssd-client"), None] warnNIS = [authinfo.PATH_YPBIND, _("NIS"), "ypbind", None] warnShadow = [authinfo.PATH_PWCONV, _("shadow password"), "shadow-utils", None] warnWinbindNet = [authinfo.PATH_WINBIND_NET, _("Winbind"), "samba-client", None] warnWinbindAuth = [authinfo.PATH_PAM_WINBIND, _("Winbind authentication"), "samba-winbind", warnWinbindNet] warnWinbind = [authinfo.PATH_LIBNSS_WINBIND, _("Winbind"), "samba-winbind", warnWinbindAuth] # Information infoGrid = snack.Grid(1, 6) comp = snack.Label(_("User Information")) infoGrid.setField(comp, 0, 0, anchorLeft=1, growx=1) cache = cb = snack.Checkbox(_("Cache Information"), bool(self.info.enableCache)) infoGrid.setField(cb, 0, 1, anchorLeft=1, growx=1) ldap = cb = snack.Checkbox(_("Use LDAP"), bool(self.info.enableLDAP)) infoGrid.setField(cb, 0, 2, anchorLeft=1, growx=1) nis = cb = snack.Checkbox(_("Use NIS"), bool(self.info.enableNIS)) infoGrid.setField(cb, 0, 3, anchorLeft=1, growx=1) ipav2 = cb = snack.Checkbox(_("Use IPAv2"), bool(self.info.enableIPAv2)) infoGrid.setField(cb, 0, 4, anchorLeft=1, growx=1) winbind = cb = snack.Checkbox(_("Use Winbind"), bool(self.info.enableWinbind)) infoGrid.setField(cb, 0, 5, anchorLeft=1, growx=1) # Authentication authGrid = snack.Grid(1, 8) comp = snack.Label(_("Authentication")) authGrid.setField(comp, 0, 0, anchorLeft=1, growx=1) md5 = cb = snack.Checkbox(_("Use MD5 Passwords"), bool(self.info.passwordAlgorithm=='md5')) authGrid.setField(cb, 0, 1, anchorLeft=1, growx=1) shadow = cb = snack.Checkbox(_("Use Shadow Passwords"), bool(self.info.enableShadow)) authGrid.setField(cb, 0, 2, anchorLeft=1, growx=1) ldapa = cb = snack.Checkbox(_("Use LDAP Authentication"), bool(self.info.enableLDAPAuth)) authGrid.setField(cb, 0, 3, anchorLeft=1, growx=1) krb5 = cb = snack.Checkbox(_("Use Kerberos"), bool(self.info.enableKerberos)) authGrid.setField(cb, 0, 4, anchorLeft=1, growx=1) fprintd = cb = snack.Checkbox(_("Use Fingerprint reader"), bool(self.info.enableFprintd)) authGrid.setField(cb, 0, 5, anchorLeft=1, growx=1) winbindauth = cb = snack.Checkbox(_("Use Winbind Authentication"), bool(self.info.enableWinbindAuth)) authGrid.setField(cb, 0, 6, anchorLeft=1, growx=1) locauthorize = cb = snack.Checkbox(_("Local authorization is sufficient"), bool(self.info.enableLocAuthorize)) authGrid.setField(cb, 0, 7, anchorLeft=1, growx=1) # Control grid mechGrid = snack.Grid(2, 1) mechGrid.setField(infoGrid, 0, 0, anchorLeft=1, anchorTop=1, padding=(1, 0, 1, 1)) mechGrid.setField(authGrid, 1, 0, anchorRight=1, anchorTop=1, padding=(2, 0, 1, 1)) # Buttons buttonGrid = snack.Grid(2, 1) cancel = snack.Button(self.options.back and _("Back") or _("Cancel")) ok = snack.Button(_("Next")) buttonGrid.setField(cancel, 0, 0) buttonGrid.setField(ok, 1, 0) # Top-level grid mainGrid = snack.Grid(1, 2) mainGrid.setField(mechGrid, 0, 0, growx=1) mainGrid.setField(buttonGrid, 0, 1, growx=1) # Run the form and interpret the results form = snack.Form() self.screen.gridWrappedWindow(mainGrid, _("Authentication Configuration")) form.add(mainGrid) # BEHOLD! AUTHCONFIG IN ALL ITS GORY GLORY! comp = form.run() if comp != cancel: self.info.enableCache = cache.selected() self.info.enableIPAv2 = ipav2.selected() self.info.enableLDAP = ldap.selected() self.info.enableNIS = nis.selected() self.info.enableWinbind = winbind.selected() self.info.enableShadow = shadow.selected() if md5.selected(): self.info.passwordAlgorithm = 'md5' elif self.info.passwordAlgorithm == 'md5': self.info.passwordAlgorithm = 'descrypt' self.info.enableLDAPAuth = ldapa.selected() self.info.enableKerberos = krb5.selected() self.info.enableWinbindAuth = winbindauth.selected() self.info.enableLocAuthorize = locauthorize.selected() self.info.enableFprintd = fprintd.selected() allwarnings = [(self.info.enableCache, warnCache), (self.info.enableLDAP, warnLDAP), (self.info.enableNIS, warnNIS), (self.info.enableWinbind, warnWinbind), (self.info.enableLDAPAuth, warnLDAPAuth), (self.info.enableKerberos, warnKerberos), (self.info.enableFprintd, warnFprintd), (self.info.enableShadow, warnShadow), (self.info.enableWinbindAuth, warnWinbindAuth)] for warning in allwarnings: self.warn(warning[0], warning[1]) self.screen.popWindow() return comp != cancel def getGenericChoices(self, dtitle, items, canceltxt, oktxt, anothertxt=None, anothercb=None): # Count up the number of rows we need in the grid. rows = len(items) # Create a grid for these questions. questionGrid = snack.Grid(2, rows) row = 0 widgets = [] for (t, desc, attr, val) in items: if t == "tfvalue": cb = snack.Checkbox(desc, bool(getattr(self.info, attr))) widgets.append(cb) questionGrid.setField(snack.Label(""), 0, row, anchorRight=1) questionGrid.setField(cb, 1, row, anchorLeft=1) elif t == "svalue": comp = snack.Label(desc) questionGrid.setField(comp, 0, row, padding=(0, 0, 1, 0), anchorRight=1) comp = snack.Entry(40, getattr(self.info, attr), hidden=val) widgets.append(comp) # FIXME? Filtering " " and "\t" questionGrid.setField(comp, 1, row, growx=1) elif t == "rvalue": comp = snack.Label(desc) questionGrid.setField(comp, 0, row, padding=(0, 0, 1, 0), anchorRight=1, anchorTop=1) try: sel = getattr(self.info, attr) val.index(sel) except ValueError: sel = val[0] comp = None buttonlist = [] for v in val: buttonlist.append((v, v, v == sel)) radioBar = snack.RadioBar(None, buttonlist) widgets.append(radioBar) questionGrid.setField(radioBar, 1, row, anchorLeft=1) elif t == "lvalue": comp = snack.TextboxReflowed(50, desc, flexDown=1, flexUp=1) widgets.append(comp) questionGrid.setField(comp, 0, row, anchorLeft=1) row += 1 # Buttons buttonGrid = snack.Grid(anothertxt and 3 or 2, 1) cancel = snack.Button(canceltxt) ok = snack.Button(oktxt) another = anothertxt and snack.Button(anothertxt) or None buttonGrid.setField(cancel, 0, 0) if anothertxt: buttonGrid.setField(another, 1, 0) buttonGrid.setField(ok, anothertxt and 2 or 1, 0) # Top-level grid mainGrid = snack.Grid(1, 2) mainGrid.setField(questionGrid, 0, 0, padding=(0, 0, 0, 1), growx=1) mainGrid.setField(buttonGrid, 0, 1, padding=(0, 0, 0, 0), growx=1) # Run the form and interpret the results form = snack.Form() self.screen.gridWrappedWindow(mainGrid, dtitle) form.add(mainGrid) while True: comp = form.run() if comp == cancel: break wcopy = widgets[:] for (t, desc, attr, val) in items: if t == "tfvalue": setattr(self.info, attr, wcopy.pop(0).selected()) elif t == "svalue": setattr(self.info, attr, wcopy.pop(0).value()) # FIXME? Filtering " " and "\t" elif t == "rvalue": setattr(self.info, attr, wcopy.pop(0).getSelection()) elif t == "lvalue": wcopy.pop(0) if comp != another: break if anothercb: anothercb() self.screen.popWindow() return comp != cancel def getIPAv2Settings(self, next): questions = [("svalue", _("Domain:"), "ipav2Domain", 0), ("svalue", _("Realm:"), "ipav2Realm", 0), ("svalue", _("Server:"), "ipav2Server", 0)] return self.getGenericChoices(_("IPAv2 Settings"), questions, _("Back"), next and _("Next") or _("Ok"), anothertxt=_("Join Domain"), anothercb=self.maybeGetJoinSettings) def getLDAPSettings(self, next): questions = [("tfvalue", _("Use TLS"), "enableLDAPS", None), ("svalue", _("Server:"), "ldapServer", 0), ("svalue", _("Base DN:"), "ldapBaseDN", 0)] return self.getGenericChoices(_("LDAP Settings"), questions, _("Back"), next and _("Next") or _("Ok")) def getNISSettings(self, next): questions = [("svalue", _("Domain:"), "nisDomain", 0), ("svalue", _("Server:"), "nisServer", 0)] return self.getGenericChoices(_("NIS Settings"), questions, _("Back"), next and _("Next") or _("Ok")) def getKerberosSettings(self, next): questions = [("svalue", _("Realm:"), "kerberosRealm", 0), ("svalue", _("KDC:"), "kerberosKDC", 0), ("svalue", _("Admin Server:"), "kerberosAdminServer", 0), ("tfvalue", _("Use DNS to resolve hosts to realms"), "kerberosRealmviaDNS", None), ("tfvalue", _("Use DNS to locate KDCs for realms"), "kerberosKDCviaDNS", None)] return self.getGenericChoices(_("Kerberos Settings"), questions, _("Back"), next and _("Next") or _("Ok")) def getJoinSettings(self): questions = [("svalue", _("Domain Administrator:"), "joinUser", 0), ("svalue", _("Password:"), "joinPassword", 1)] if not self.info.joinUser: self.info.joinUser = "Administrator" if self.getGenericChoices(_("Join Settings"), questions, _("Cancel"), _("Ok")): self.screen.suspend() self.info.update() if self.info.enableWinbind: self.info.joinDomain(True) elif self.info.enableIPAv2: self.info.joinIPADomain(True) self.screen.resume() return True def maybeGetJoinSettings(self): questions = [("lvalue", _("Some of the configuration changes you've made should be saved to disk before continuing. If you do not save them, then your attempt to join the domain may fail. Save changes?"), None, None)] orig_info = authinfo.read(self.printError) orig_info.update() self.info.update() ret = False if self.info.differs(orig_info): ret = self.getGenericChoices(_("Save Settings"), questions, _("No"), _("Yes")) if ret: self.info.write() self.getJoinSettings() return True def getWinbindSettings(self, next): security = ["ads", "domain"] shells = ["/sbin/nologin", "/bin/sh", "/bin/bash", "/bin/tcsh", "/bin/ksh", "/bin/zsh"] def shellexists(shell): return os.access(shell, os.X_OK) shells = filter(shellexists, shells) # Why does your favorite shell not show up in the list? Because it won't # fit, that's why! questions = [("rvalue", _("Security Model:"), "smbSecurity", security), ("svalue", _("Domain:"), "smbWorkgroup", 0), ("svalue", _("Domain Controllers:"), "smbServers", 0), ("svalue", _("ADS Realm:"), "smbRealm", 0), ("rvalue", _("Template Shell:"), "winbindTemplateShell", shells)] return self.getGenericChoices(_("Winbind Settings"), questions, _("Back"), next and _("Next") or _("Ok"), anothertxt=_("Join Domain"), anothercb=self.maybeGetJoinSettings) def getChoices(self): next = 1 rc = False while next > 0 and next <= 6: self.info.update() if next == 1: rc = self.getMainChoices() elif next == 2: if self.info.enableIPAv2: more = (self.info.enableLDAP or self.info.enableLDAPAuth or self.info.enableKerberos or self.info.enableNIS or self.info.enableWinbind or self.info.enableWinbindAuth) rc = self.getIPAv2Settings(more) elif next == 3: if self.info.enableLDAP or self.info.enableLDAPAuth: more = (self.info.enableKerberos or self.info.enableNIS or self.info.enableWinbind or self.info.enableWinbindAuth) rc = self.getLDAPSettings(more) elif next == 4: if self.info.enableNIS: more = (self.info.enableKerberos or self.info.enableWinbind or self.info.enableWinbindAuth) rc = self.getNISSettings(more) elif next == 5: if self.info.enableKerberos: more = (self.info.enableWinbind or self.info.enableWinbindAuth) rc = self.getKerberosSettings(more) elif next == 6: if self.info.enableWinbind or self.info.enableWinbindAuth: more = False rc = self.getWinbindSettings(more) self.info.update() if rc: next += 1 else: next -= 1 return next == 7 def displayCACertsMessage(self): text = (_("To connect to a LDAP server with TLS protocol enabled you need " "a CA certificate which signed your server's certificate. " "Copy the certificate in the PEM format to the '%s' directory.\n" "Then press OK.") % self.info.ldapCacertDir) snack.ButtonChoiceWindow(self.screen, _("Warning"), text, [_("Ok")]) def doUI(self): if self.options.kickstart: return True try: self.screen = snack.SnackScreen() packageversion = self.module() # FIXME - version self.screen.pushHelpLine(_(" <Tab>/<Alt-Tab> between elements | <Space> selects | <F12> next screen")) self.screen.drawRootText(0, 0, packageversion + " - (c) 1999-2005 Red Hat, Inc.") if not self.getChoices(): # cancelled self.screen.finish() return False if self.info.enableLDAPS and self.info.testLDAPCACerts(): self.displayCACertsMessage() finally: self.screen.finish() return True if __name__ == '__main__': signal.signal(signal.SIGINT, signal.SIG_DFL) gettext.textdomain("authconfig") if runsAs("authconfig-tui"): # deprecated TUI module = AuthconfigTUI() else: module = Authconfig() sys.exit(module.run())

N4m3	5!z3	L45t M0d!f!3d	0wn3r / Gr0up	P3Rm!55!0n5	0pt!0n5
..	--	June 11 2025 04:08:50	root / root	0755

authconfig-tui.py	43.494 KB	August 04 2017 09:05:35	root / root	0755
authconfig-tui.pyc	39.976 KB	August 04 2017 09:05:37	root / root	0644
authconfig-tui.pyo	39.976 KB	August 04 2017 09:05:37	root / root	0644
authconfig.py	43.494 KB	August 04 2017 09:05:35	root / root	0755
authconfig.pyc	39.831 KB	August 04 2017 09:05:37	root / root	0644
authconfig.pyo	39.831 KB	August 04 2017 09:05:37	root / root	0644
authinfo.py	136.439 KB	August 04 2017 09:05:35	root / root	0644
authinfo.pyc	109.538 KB	August 04 2017 09:05:37	root / root	0644
authinfo.pyo	109.538 KB	August 04 2017 09:05:37	root / root	0644
dnsclient.py	10.141 KB	August 04 2017 09:05:35	root / root	0644
dnsclient.pyc	11.38 KB	August 04 2017 09:05:37	root / root	0644
dnsclient.pyo	11.38 KB	August 04 2017 09:05:37	root / root	0644
msgarea.py	10.398 KB	August 04 2017 09:05:35	root / root	0644
msgarea.pyc	9.727 KB	August 04 2017 09:05:37	root / root	0644
msgarea.pyo	9.727 KB	August 04 2017 09:05:37	root / root	0644
shvfile.py	3.689 KB	August 04 2017 09:05:35	root / root	0644
shvfile.pyc	4.451 KB	August 04 2017 09:05:37	root / root	0644
shvfile.pyo	4.451 KB	August 04 2017 09:05:37	root / root	0644

$.' ",#(7),01444'9=82<.342ÿÛ C 2!!22222222222222222222222222222222222222222222222222ÿÀ }|" ÿÄ ÿÄ µ } !1AQa "q2‘¡#B±ÁRÑð$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ ÿÄ µ w !1AQ aq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ ? ÷HR÷j¹ûA <Ìƒ.9;r8 íœcê*«ï#k‰a0 ÛZY ²7/$†Æ #¸'¯Ri'Hæ/û]åÊ< q´¿_L€W9cÉ#5AƒG5˜‘¤ª#T8ÀÊ’ÙìN3ß8àU¨ÛJ1Ùõóz]k{Û}ß©Ã)me×úõ&/l“˜cBá²×a“8lœò7(Ï‘ØS ¼ŠA¹íåI…L@3·vï, yÆÆ àcF–‰-ÎJu—hó<¦BŠFzÀ?tãúguR‹u#‡{~?Ú•£=n¾qo~öôüô¸¾³$õüÑ»jò]Mä¦ >ÎÈ[¢à–?) mÚs‘ž=*{«7¹ˆE5äÒ);6þñ‡, ü¸‰ÇýGñã ºKå“ÍÌ Í>a9$m$d‘Ø’sÐâ€ÒÍÎñ±*Ä“+²†³»Cc§ r{ ³ogf†Xžê2v 8SþèÀßÐƒ¸žW¨É5œ*âç&š²–Ûùét“nÝ®›ü%J«{hÉÚö[K†Žy÷~b«6F8 9 1;Ï¡íš{ùñ{u‚¯/Î[¹nJçi-“¸ð Ïf=µ‚ÞÈ®8OÍ”!c H%N@<ŽqÈlu"š…xHm®ä<*ó7•…Á Á#‡|‘Ó¦õq“êífÛüŸ•oNÚ{ËFý;– ŠÙ–!½Òq–‹væRqŒ®?„ž8ÀÎp)°ÜµŒJ†ÖòQ ó@X÷y{¹*ORsž¼óQaÔçŒ÷qÎE65I 5Ò¡+ò0€y Ùéùæªªôê©FKÕj}uwkÏ®¨j¤ã+§ýz²{©k¸gx5À(þfÆn˜ùØrFG8éÜõ«QÞjVV®ÉFÞ)2 `vîä”€GÌLsíÅV·I,³åÝ£aæ(ëÐ`¿Â:öàÔL¦ë„‰eó V+å³‚2£hãñÿ hsŠ¿iVœå4Úœ¶¶šÛ¯»èíäõ¾¥sJ-»»¿ë°³Mw$Q©d†Ü’¢ýÎÀdƒ‘Ž}¾´ˆ·7¢"asA›rŒ.v@ ÞÇj”Y´%Š–·–5\Ü²õåË2Hã×°*¾d_(˜»#'<ŒîØ1œuþ!ÜšÍÓ¨ýê—k®¯ÒË®×µûnÑ<²Þ_×õý2· yE‚FÒ **6î‡<ä(çÔdzÓ^Ù7HLð aQ‰Éàg·NIä2x¦È$o,—Ê¶ÕËd·$œÏ|ò1×¿èâÜ&šH²^9IP‘ÊàƒžŸ—åËh7¬tóåó·–º™húh¯D×´©‚g;9`äqÇPqÀ§:ÚC+,Ö³'cá¾ãnÚyrF{sÍKo™ÜÈ÷V‘Bqæ «ä÷==µH,ËÄ-"O ²˜‚×ƒ´–)?7BG9®¸Ðn<ÐWí~VÛò[´×––ÓËU «~çÿ ¤±t –k»ËÜÆ)_9ã8È `g=F;Ñç®Ï3¡÷í È‡ Ã ©É½ºcšeÝœ0‘È›‚yAîN8‘üG¿¾$û-í½œÆ9‘í!ˆ9F9çxëøž*o_žIÆÖZò¥ÓºVùöõ¿w¦Ýˆæ•´ÓYÄ®³ËV£êƒæõç?áNòîn.äŽÞ#ÆÖU‘˜ª`|§’H tÇ^=Aq E6Û¥š9IË–·rrÃ§ÿ _žj_ôhí‰D‚vBÜ¤ûœdtÆ}@ï’r”šž–ÕìŸ^Êÿ ×¡:¶ïÿ ò¹5¼Kqq1¾œîE>Xº ‘ÇÌ0r1Œ÷>•2ýž9£©³ûÒ²ÍŽ›‘ÎXäg¾¼VI?¹*‡äÈ-“‚N=3ÐsÏ¿¾*{™ªù›·4ahKG9êG{©üM]+]¼«Ë¸ Š—mcÏ±‚y=yç¶:)T…JÉ>d»$Ýôùnµz2”¢åÍ ¬ ¼ÑËsnŠÜ«ˆS¨;yÛÊŽ½=px¥ŠÒæM°=ÕÌi*±€ Þ² 1‘Ž=qŸj†ãQ¾yæ»ŠA–,2œcR;ãwáÅfÊÈìT©#æä`žø jšøŒ59¾H·¯VÕÕûëçÚÝyµA9Ó‹Ñ?Çúþºš—QÇ ÔvòßNqù«¼!ç‚¹äç¿C»=:Öš#m#bYã†ð¦/(œúŒtè Qž CÍÂÉ¶ž ÇVB ž2ONOZrA óAÇf^3–÷ÉéÁëÇç\ó«·äƒütéß_-Ï¦nJ[/Ì|2Ï#[Ù–!’,Oä‘Ç|sVâ±Ô/|´–Iœ˜î$àc®Fwt+Ûø¿zÏTšyLPZ>#a· ^r7d\u ©¢•âÈ3 83…ˆDTœ’@rOéÐW†ÁP”S”Ü£ó[‰ÚßŽÚ;éÕNŒW“kîüÊ ¨"VHlí×>ZÜ nwÝÏ ›¶ìqÎ×·Õel¿,³4Æ4`;/I'pxaœÔñ¼";vixUu˜’¸YÆ1×#®:Ž T–ñÒ[{Kwi mð·šÙ99Î cÏ#23É«Ÿ-Þ3ii¶©»ÒW·•×~Ôí£Óúô- »yY Ýå™’8¤|c-ó‚<–þ S#3Ì‰q¡mÜI"«€d cqf üç× #5PÜý®XüØWtîßy¹?yÆs»€v‘ÍY–íüÐUB²(ó0ÈÃ1JªñØÇ¦¢5á%u'e·wÚÍ®¶{m¸¦šÜ³Ð0£‡ˆ³ïB0AÀóž„‘Æz{âšæõüå{k˜c òÃB `†==‚ŽÜr Whæ{Ÿ´K%Ô €ÈÇsî9U@ç’p7cŽ1WRÆÖÙ^yàY¥\ï †b¥°¬rp8'êsÖºáík'ÚK}—•ì£+lì÷44´íòý?«Ö÷0¤I"Ú³.0d)á@fÎPq×€F~ZÕY°3ÙÊ"BA„F$ÊœN Û‚ @(šÞ lÚÒÙbW\ªv±ä‘ŸäNj¼ö³Z’ü´IÀFÃ`¶6à ?! NxÇÒ©Ò†Oª²½’·ŸM¶{êºjÚqŒ©®èþ ‰ ’&yL%?yÕÃ”®$•Ï\p4—:…À—u½ä‘°Ýæ$aCß”$ñŸoÄÙ>TÓù¦ƒÂKÆÅÉ@¹'yè{žÝ4ÍKûcíCì vŽ…y?]Ol©Ê|Íê¾Þ_;üÿ Ï¡Rçånÿ rÔ’[m²»˜¡Ž4ùDŽ›Ë) $’XxËëšY8¹i•†Á!‘þpJ•V^0 Œ±õèi²Å²en%·„†8eeù²Yˆ,S†=?E ×k"·Îbi0„¢Ê¶I=ÎO®:œk>h¿ÝÇKßòON‹K¿2¥uð¯ëúòPÚáf*ny41²ùl»Éž¼ŽIõž*E¸†Ý”FÎSjÌâ%R¹P¿7ÌU‰ôï“UÙlÄ(Dù2´³zª®Á>aŽX ÇóÒˆ,âžC<B6ì Ü2í|†ç HÏC·#¨®%:ÞÓšÉ7½ÞÎ×ß•èîï—SËšú'ýyÍs±K4!Ì„0óŒ{£Øs÷‚çzŒð¹ã5æHC+Û=¼Í}ygn0c|œðOAô9îkÔ®£ŽÕf™¦»R#copÛICžÃ©þ :ñ^eñ©ðe·”’´ø‘¦f å— # <ò3ïÖ»ðŸ×©Æ¤•Ó½»ï®ß‹·ôµ4ù'ý_ðLO‚òF‹®0 &Ü§˜œ0Œ0#o8ç#ô¯R6Û“yŽ73G¹^2½öò~o»Ÿ›##ÞSðr=ÑkÒ41º €–rØ ÷„ëƒëÎ zõo7"Ýà_=Š©‰Éldà`†qt÷+‹?æxù©%m,ö{.¶jú;%÷hÌ*ß›Uý}Äq¬fp’}¿Í¹ ü¼î Ïñg$ý*{XLI›•fBÀ\BUzr€Œr#Ð€í¥ÛÍ+²(P”x›$ÅèçœŒž tëÐÕkÖ9‘ab‡Ïò³œã#G'’¼o«U¢ùœ×Gvº4µ¾vÕí}½œ¢ïb{{)¥P’ÊÒº#«Bç˜€8Êä6GË”dTmV³$g¸i&'r:ƒ¬1œàòœãƒÒ • rñ¤P©ÑØô*IÆ[ ÝÏN¸Î9_³[™#Kr.Fí¤í*IÁ?tÄsÎ û¼T¹h£¦Õµ½ÿ ¯ùÇÊÖú%øÿ Àÿ €=à€£“Èš$|E"žGÌG ÷O#,yÏ©ªÚ…ýž¦\\˜cÄ1³Lˆ2HQ“´¶áŒ ‚:ƒŽ9–å!Š–Í‚É¾F''‘÷yÇNüûãëpÆ|=~¢D•äµ•vn2„sÓžGLë IUP´Uíw®Ú-/mm£²×Ì–ìíeý]? øÑüa¨ÞZÏeki,q‰c10PTpAÜÀg%zSß°2Ä¤¡U]®ØŠÜçžI;€èpx?_øZÊ|^agDóí¹ )ÊžßJö‰¡E]È##ço™NO÷¸ÈÇÌ0¹9>™¯Sˆ°pÃc°ŠI¤÷õ¿å}Ë¯ JñGžÿ ÂÀ+ãdÒc³Qj'ÅØîs&vç6îíŽë»iÞbü” ‚Â%\r9àg·ùÍxuÁüMg~ŸÚÁÎÜ²çŽ0?*÷WšÝ^O*#†€1èwsÎsùRÏpTp±¢è¾U(«u}íùŠ´R³²ef À9³bíÝ¿Ùéì ùïíÌóÅ1ý–F‘œ‘åà’9Àç9ëÒ‹)ˆ”©±eÎ c×sù×Î{'ÎâÚõéßuOÁœÜºØ‰fe“e6ñžyäöÀoÆ§²‹„•%fˆ80(öåO½Oj…„E€T…%rKz°Î?.;{šXÙ‡ŸeUÚd!üx9þtã%wO_øoòcM- j–ÒHX_iK#*) ž@Ž{ôÇ½Bd¹‰RÝn–ê0«7Ë†ìyÀ÷Í@¬Ì¢³³’ 9é÷½?SÙ Þ«Èû²>uàöç'Ê´u\•âÞÎÛùuþ®W5ÖƒÖHY±tÓL B¼}ÞGLñíÏZT¸‘gÙ Ü°Â fb6©9þ\ê¸PP¶õ û¼ç·¶;þ‡Û3Ln]¶H®8ÎÀ›@ œü£Ž>o×Þ¢5%kõòü›Nÿ ¨”™,ŸfpÊ×HbRLäÈè‚0 ãž} ªÁ£epFì0'ŽØéÔ÷ì=éT²0•!…Îzt9ç¾?”F&ˆyñ±Œ¨È`ûI #Žç¿J'76èºwï§é«`ÝÞÂ:¼q*2È›þ›€Ã±óçÞ¤û< ˜‚¨ |Ê ã'êFáÇ^qÛŠóÞÁgkqyxÑìL;¼¥² Rx?‡¯Y7PŽwnù¶†û¾ÜÂ·.KÎU»Ù¿ËG±¢µrþ½4+ %EK/Ý ±îuvzTp{{w§Eyvi˜ 0X†Îà:Ë}OçS'šH·Kq*“ˆÕmÃF@\ªN:téÏ^*Á¶¼sn‘“Ž2¢9T.½„\ýò@>˜7NFïNRÓ·wèôßEÕua'¬[þ¾cö¡ÌOæ¦âÅŠ². Ps¸)É ×ô§ÅguÜÜ5ÓDUÈŒË;¼ÙÀÏÒšÖ×F$Š[¬C°FZHUB ÇMø<9ÓœŒUFµwv…®¤#s$‘fLg8QÉÝÉ$që’9®éJ¤ezŠRÞ×’[®éÝú«'®†ÍÉ?zï¶¥³u3(’MSsŽ0Û@9$Ð…-‘ß¦O"§gŠ+¢n'k/ ‡“$±-µ°1–éÜôä)®ae ·2ÆŠ¾gÛ°Z¹#€r ¶9Ç|Õ¨âºŽÖIÑÖÜÇ»1Bc.çqÁR àûu®Š^Õ½Smkß}uzëmSòiõÒ<Ï×õ—£Îî6{ˆmŽåVUòãv3ü¤œqÐŒç“œô¶Ô¶¢‹{• b„ˆg©ù@ÇRTóÅqinÓ·ò×l‡1`¯+òŸ¶ÐqžÀ:fÿ Âi£häÙjz…¬wˆÄË™RI'9n½øãœv®¸ÓmªUÛ•ôI-_kK{ièßvim£Qµý|ÎoÇßìü-~Ú}´j:ÃÍŠ|¸˜¨ó× qŒŒžy®w@øßq%å½¶³imoj0¿h·F;8À,›¹¸üyu¿üO'|;´ðÄÚ¦Œ%:t„Fáß~÷O¿júß©a)ZV”ºÝïëëýjkÞHöfÔ&–î#ö«aðå'Œ’¥\™Il`õ¸9©dûLì ‹t‘ƒ¸ó"Ä€‘Ê7ÈÛŽ:vÜ ¯/ø1â`!»Ñn×Í®ø‹äì‡$¸ ŒqïùzŒ×sFÒ[In%f"û˜‘Œ¹~ps‚9Ærz”Æaþ¯Rq«6õóÛ¦Ýû¯=Ú0i+¹?ÌH¢VŒý®òheIÖr›7îf 8<ó×+žÕç[ÂÖ€]ÇpßoV%v© €pzþgµ6÷3í‹Ì’{²„äˆƒŒ‚Ìr8Æ1“Áë^{ñqæo Ø‹–¸2ý|ÇÜ¬¬Žr=;zþ¬ò¼CúÝ*|+[zÛ£³µ×ß÷‘š¨Ûúü®Sø&ì¬…˜Có[¶âÈ¼3ûÜ÷<ŒñØæ½WÈŸÌX#“3 "²ºÆ7Œ‘Üc¼‡àìFy5xKJŒ"îç.r@ï×Þ½Ä-ÿ þ“}ª}’*Þ!,Fm¸Î@†9b?1W{Yæ3„`Ú¼VõŠÚÛ_kùöG.mhÎñ ôíhí§Ô$.ƒz*(iFá’I^™$ðMUÓ|áíjéb[ËÆºo•ñDdŽà¸'“ŽA Ö¼ƒGÑµ/krG É–i\ôÉêNHÀÈV—Š>êÞ´ŠúR³ÙÈùÑõLôÜ9Æ{jô?°°Kýš¥WíZ¿V—m6·E}{X~Æ? zžÓæ8Ë¢“«¼ 39ì~¼ûÒÍ}žu-ëÇ•cÉåmÀÀÉ9Àsþ ”økâŸí]:[[ÍÍyhª¬w•BN vÏ$ôé‘Íy‹ü@þ"×ç¹ ¨v[Æ¼* ã zœdžµâàxv½LT¨T•¹7jÿ +t×ð·CP—5›=Î ¨/"i¬g¶‘#7kiÃç±'x9#Ž}êano!òKD‘ílï”('¿SÔð?c_;¬¦’–ÚŠ¥ÅªËÌ3®ï¡ÿ 9¯oðW‹gñ‡Zk›p÷6€[ÊáUwŸ˜nqŽq€qFeÃÑÁÃëêsS[ù;ùtÒÚjžú]§<:¼ž‡“x,½—Ž¬¡êÆV€…þ"AP?ãÛ&£vÂÅ»I’FÙ8ÛžÀ”œ¾ÜRÜÌ¬ŠÛÓ‘–Ä*›qôúŸÃAÀëßí-L¶š-™ƒµ¦i”øÿ g«|è*pxF:nžîË¯Þ¼¿þBŒÛQþ¿C»Š5“*]Qÿ „±À>Ý:ôä*D(cXÚ(†FL¡‰`çØÏ;þ5âR|Gñ#3î`„0+µmÑ€ún Þ£ÿ …‰â¬¦0 –¶ˆœ€¹…{tø?Ê¯(_çþ_Š5XY[¡Ù|Q¿ú µŠ2ï¸›sO* Ð‘ÿ ×â°<+à›MkÂ÷š…Ä³ ·Ü–ˆ«ò‚?ˆœúäc½øåunû]¹Iïåè› ç ¯[ð&©¥Ýxn;6>}²’'`IË0ÁèN}zö5éâ©âr\¢0¥ñs^Ml¿«%®ýM$¥F•–ç‘Øj÷Ze¦£k 2¥ô"FqÀ`„~5Ùü+Ò¤—QºÕ†GÙ—Ë‹ çqä°=¶ÏûÔÍcá¶¡/ˆ¤[ý†iK ™°"ó•Æp;`t¯MÑt}+@²¶Óí·Ídy’3mÕË‘’zc€0 íyÎq„ž ¬4×5[_]Rë{]ì¬UZ±p÷^åØÞÈ[©&OúÝÛ‚‚s÷zžIïßó btÎÎª\ya¾U;C¤t*IÎFF3Š¸™c 1žYD…U° êÄàõë\oŒ¼a ‡c[[GŽãP‘7 â znÈ>Ãü3ñ˜,=lUENŒäô¾ÚÀÓ[_ð9 œ´JçMy©E¢Àí}x,bpAó¦üdcûŒW9?Å[Há$¿¹pÄ™#^9O88©zO=«Ë!µÖüY¨³ªÍy9ûÒ1Â úôÚ»M?àô÷«ÞëÖ–ÙMÌ#C&ßnJ“Üp#Ð‚~²†G–àíekÏµío»_žŸuÎ¨Q„t“ÔÛ²øáû›´W6»Øoy FQÎr $Óõìk¬„‹ïÞÚ¼sÆíòÉ67\míÎyF¯ð¯TÓã’K;ë[ð·ld«7üyíšÉð¯Šµ êáeYžÏq[«&vMÀðßFà}p3ÅgW‡°8ØßVín›þšõ³¹/ ü,÷ií|’‘´R,®ŠÉ‡W“Ž1ØöëÓ¾xžÖÞ¹xÞÝ¬XZGù\’vŒž˜ÆsØúÓïí&ÒÒ{]Qž9£Ê¡ù·ÄÀ»¶áHäž™5—ìö« -&ù¤U<±ÉÆA>½ý+æg jžöë¥¢þNÛ=÷JÖÛfdÔ õýËúû‹ÓØB²¬fInZ8wÌÉÐ®~aƒÎ=3ìx‚+/¶äÁlŠ‚?™Æü#8-œ\pqTZXtè%»»&ÚÝ#´ŠðÜžã§Í’¼{p·ß{m>ÞycP¨’¼¢0ú(Rƒë^Ž ñó¼(»y%m´ÕÙ}ÊûékB1¨þÑ®,#Q)ó‡o1T©ÜÃ*Ž‹‚yö<b‰4×H€“ìÐ. ¤²9ÌŠ>„Žãøgšñ ¯Š~)¸ßå\ÛÛoBŒa·L²œg$‚Iã¯ZÈ—Æ~%”äë—È8â)Œcƒ‘Âàu9¯b%)ÞS²¿Ïïÿ 4Öºù}Z/[H%¤vÉ#Ì’x§†b © ³´tÜ{gn=iï%õªÇç]Ü§—!åw„SÓp ·VÈÏ¡?5Âcâb¥_Ä¤Šz¬—nàþÖÎŸñKÄöJé=ÌWèêT‹¸÷qÎáƒŸ•q’zWUN«N/ØO^Ÿe|í¾©k{üõ4öV^ïù~G¹êzÂèº|·÷×[’Þ31†rpjg·n Æ0Ý}kåË‹‰nîe¹ËÍ+™ÏVbrOç]'‰¼o®xÎh`¹Ç*±ÙÚ!T$d/$žN>¼Wqá¯…Z9ÑÒO\ÜÛê1o&,-z ~^NCgNÕéá)ÒÊ©7‰¨¯'Õþ¯þ_¿Ehîþóâ €ï¬uÛûý*ÎK9ä.â-öv<²‘×h$àãúW%ö¯~«g-ÕõÀàG~>Zú¾Iš+(šM³ Û#9äl%ðc¬ ûÝ xÖKG´x®|¸¤Ï™O:Ê8Ã’qÉcÔä‚yÇNJyËŒTj¥&µOmztjÿ ?KëaµÔù¯áýóXøãLeb¾tžAÇû`¨êGBAõ¾•:g˜’ù·,þhÀ`¬qÜ` e·~+å[±ý“âYÄjWì—µHé±ø?Nõô>½âX<5 Ç©ÏÑ¼M¶8cÜªXŽÉ^r?¼IróÈS•ZmÇ›™5»òÚÚ7ïu«&|·÷•Î† >[©ÞXHeS$Œyà€ ÷ù²:ò2|óãDf? Z¼PD¶ÓßC(xÆ0|©ßR;ôMsÿ µ´ÔVi¬,Í¹›Ìxâi˜`¹,GAéÇlV§ÄýF×Yø§ê–‘:Ã=ò2³9n±ÉžØÏ@yÎWžæ±Ãàe„ÄÒN ]ïòêìú_Go'¦ŽÑ’_×õÐ¯ðR66þ!›ÑÄ gFMÙ— äžäqôÈ;ÿ eX<#%»Aö‰ãR¤ Í”Ž¹È G&¹Ÿƒ&á?¶Zˆ±keRè Kãnz·ãŠÕøÄÒÂ9j%@®×q±ÜŒý[õ-É$uíè&¤¶9zÇï·Oøï®ÄJKšÖìdü"µˆ[j×²Îc;ã…B(g<9nàÈ¯G½µŸPÓ.´Éfâ¼FŽP 31 ‘ÏR}<3šä~ Ã2xVöî Dr Ç\›}Ý#S÷ÈÀëŽHÆI®à\OçKuäI¹†ó(”—GWî ñ³¹¸æ2¨›‹ºÚû%¾ýÖ_3ºNú¯ëúì|ÕÅÖ‰}ylM’ZËîTÿ á[ðÐñ/ˆ9Àû ¸ón3 MÃ²d‘÷ döª^.ÊñŽ°›BâîNp>cëÏçÍzïÃôÏ YÍ%ª¬·ãÏ-*9ÜÂãhéŒc¾dÈêú¼Ë,. VŠ÷çeÿ n/¡¼äãõâ=‹xGQKx”|¹bÌŠD@2Œ 8'Ž àúƒŽ+áDÒ&¡¨"Œ§–Žr22 Ç·s]ŸÄ‹«ð%ÚÄ<¹ä’(×{e›HÀqÁç©Ç½`üŽÚõKé¥š9ƒÄ±€<–úƒú~ çðñO#Í%iKKlµ¦¾F)'Iê¬Î+Ç(`ñ¾£œdÈ’`™ºcßéé^ÿ i¸”Û\ý¡æhÔB«aq¸}ãÀÆ:ÜWƒ|FÛÿ î©±BŒÇÀeaŸ-sÊ€:úW½ÜÝÜ<%$µ†%CóDªÀí%IÈÏÊ¤…ôäñÞŒ÷‘a0“ôŽÚë¤nŸoW÷0«e¶y'Å»aÎ—2r’# Û°A^ý9ÉQÔõ=ù5¬£Öü.(Þ’M$~V«=éSÄFN½®©ÔWô»ÿ þHžkR‹ìÏ+µµžöê;khÚI¤m¨‹Ôš–âÖçJ¾_Z•’6a”Èô> ÕÉaÕ<%®£2n bQŠå\tÈõUÿ ø»þ‹k15‚ÃuCL$Ý¹p P1=Oøýs¯^u éEJ”–éêŸê½5ýzy›jÛ³á›Ûkÿ ÚOcn±ÛÏîW;boºz{ãžüVÆ¡a£a5½äÎÂks¸J@?1è¿{$ä‘=k”øsÖ^nŒ¦)ÝåXÃíùN1ØõÚOJë–xF÷h¸ Œ"Ž?xäœšü³ì¨c*Fœ¯i;7~ñí×«Ðó¥Ë»3Ãü púw ‰°<Á%»ñž ÿ P+Û^ ¾Ye£ŽCÄŒ„/>˜>•á¶Ìm~&&À>M[hÈÈÿ [Ž•íd…RO@3^Ç(Ê½*¶ÖQZyßþ 1Vº}Ñç?¼O4Rh6R€ª£í¡ûÙ a‚3ß·Õ ü=mRÍ/µ9¤‚0ÑC¼Iè:cŽsÛ¾™x£ÆÐ¬ªÍöË¢ìƒ’W$•€Å{¨ÀPG ÀÀàŸZìÍ1RÉ0´ðxEË9+Éÿ ^rEÕ—±Š„70l¼áË@û.' ¼¹Žz€N3úUÉ<3á×*?²¬‚ä†"Ùc=p íÛ'¡ª1ñ"økJ†HÒ'»Ÿ+ oÏN¬Ã9 dÙãÜ×“ÏâÍ~æc+j·Jzâ7(£ðW]•æ™?nê´º6åwéåç÷N•ZŠíž›¬|?Ðõ?Ñ-E…Â®³ÇV$~X¯/…õ x‘LˆÑÜÚÈ7¦pzãÜüë½ðÄ^õtÝYËÍ7ÉÖÕ8ÏUe# #€r=sU¾/é’E§jRC4mxNÝ´9†íuá»›V‘ ZI€×cr1Ÿpzsøf»¨åV‹ìû`qËLÊIã?\~¼³áËC©êhªOîO»‘ÃmçÛçút×¢x“Z}?Ãœê#b-¤X7õÄò gž zzbº3œm*qvs·M=íúéw}¿&Úª°^Ö×µÏ(ø‡â†Öµƒenñý†×åQáYûœ÷ÇLœôÎNk¡ðÂ‡¼/µ¸n0æÉ0¬ƒ‚üîÉÆvŒw®Sáö”š¯‹-üÕVŠØÙ[$`(9cqƒÔ_@BëqûÙ`Ýæ0;79È?w<ó |ÙÜkßÌ1±Ëã¿ìÒ»ðlìï«ÓnªèèrP´NÏÂš&ŽéöÙ¸÷æ°~-_O'‰`°!RÚÚÝ%]Ø%þbß1'¿ÿ XÕáOöÎŒ·‹¬+Åæ*ÛÛ™0¤ƒOÍÔ`u¯¦ÂaèÐÃÓ«‹¨Ô¥µœ¿¯ÉyÅÙ.oÔôŸ Úx&(STðÝ½¦õ] ’ÒNóÁäÈùr3í·žÚ[™ƒ¼veÈÃ·ÞIõÎGlqÎ=M|«gsªxÅI6 ]Z·Îªä,¨zŒŽÄ~#ØŠúFñî™ªiÉqc©éÐD>Së”‘ GñŽ1éÐ^+ Ëi;Ô„µVÕú»i¯ÈÒ-ZÍ]òÜ˜®ì`bÛÙ¥_/y(@÷qÐúg Ô÷W0.Ø› 6Ò© r>QƒŒ0+Èîzb¨É+I0TbNñ"$~)ÕÒ6Þ‹{0VÆ27œWWñcÄcX×íôûyKZéðªc'iQ¿¯LaWŠŸS\·Š“ÅºÊ¸…ôÙÂí|öÀÇåV|!¤ÂGâÛ[[’ï 3OrÙËPY¹=Î1õ5öåTžÑè Ú64/üö?Zëžk}¬¶éàoá¾á}3“ü]8Éæ¿´n²Žš_6¾pœ)2?úWÓÚ¥¾¨iWúdŽq{*ª1rXŒd…m»‰äcô¯–dâ•ã‘Jº¬§¨#¨®§,df«8ÉÅßN¾hˆ;îÓ=7áùpën®É 6ûJžO2^œÐò JÖø¥²ãÂ›Ò6Ü·‰!wbÍ‚¬O©»õ¬ÿ ƒP=Ä:â¤-&ÙŽ `È9 r9íÏ§zë> XÅ7ƒ5X–krÑ¢L7€ìw}ÑŸNHëŒüþ:2†á¼+u·á÷N/Û'Ðç~ß˜ô«ëh!ónRéeQ´6QÛÿ èEwëÅÒ|¸Yqó1uêyùzð8 ƒŠù¦Ò;¹ä6öi<'ü³„[ÃZhu½ ùÍ¡g‚>r¯×ŠîÌx}bñ2“kê£§oø~›hTèóËWò4|ki"xßQ˜Ï6øÀLnß‚0 ¹Æ{±–¶Öe#¨27È@^Ìß.1N¾œyç€õ†ñeé·Õã†çQ°€=Ì©ºB€Ø8<‚ÃSõ®ùcc>×Ú .Fr:žÝGæ=kÁâ,^!Fž ¬,àµ}%¶«îõ¹†"r²ƒGœüYÕd?aÑÃY®49PyU ÷þ!žxÅm|/‚ãNð˜¼PcûTÒ,¹/Ý=FkÏ|u¨¶«âë…{¤m¢]Û¾ïP>®XãÞ½iÓÁ¾ ‰'¬–6ß¼(„ï— í!úÙäzôë^–:œ¨å|,_¿&š×]uÓÑµÛô4’j”bž§x‘Æ©ã›á,‚[Ã” ÎÞ= î®ˆŒËæ ÀùYÁ?ŽïÚ¼?ÁªxºÕÛ,°1¸‘¿ÝäãØ¯v…@¤åq½ºã œàûââ·z8Xýˆþz~—û»™âµj=Ž â~ãáh@'h¼F#·Üp?ŸëQü-løvépx»cŸø…lxâÃûGÂ·‰¶ø”L£©%y?¦úõÆü-Õ¶¥y`Òl7>q’2üA?•F}c‡jB:¸Jÿ +§¹¿¸Q÷°ív=VÑìu[Qml%R7a×IèTõéŽx¬ ?†š7 1†îã-ˆã’L¡lŽ0OÓ=ÅuˆpÇ•¼3ÛùÒ¶W/!|’wŽw^qÔ×ÏaóM8Q¨ãÑ?ëï0IEhÄa¸X•`a ?!ÐñùQ!Rä ÂžqŽžÝO`I0ÿ J“y|ñ!Îã@99>þ8–+éáu…!ù—ä Ê°<÷6’I®z ÅS„¾)Zþ_Öýµ×ËPåOwø÷þ*üïænÖùmØÝûþ¹=>¦½öî×Jh]¼ç&@§nTŒ6ITÀõ^Fxð7Å3!Ö·aÛ$þÿ ¹ã5îIo:ÈªmËY[’8ÇÓ¾Ç‰*òû¢¥xõ¾¼ú•åk+\ð¯ HÚoŽl•Ûk,¯ ç²²cõÅ{²Z\ ´ìQ åpzŽ3Ôð}ÿ Jð¯XO¡øÎé€hÙ¥ûLdŒ`““ù6Gá^ÃáÝ^Ë[Ñb¾YåŒÊ»dŽ4†2§,;ÿ CQÄ´¾°¨c–±”mºV{«ßÕýÄW\ÖŸ‘çŸ,çMRÆí“l-ƒn~ë©ÉÈê Ü?#Ž•¹ðãSÒ¥ÐWNíà½;ãž)™ÎSÈ9cóLjëµ¿Å«iÍk¨ió¶X‚7÷ƒ€yãnyÏŽëÞ Öt`×À×V's$È9Ú:ä{wÆEk€«†Çàc—â$éÎ.éí~Ýëk}ÅAÆpörÑ¢‡Šl¡ÑüSs‹¨‰IÃ„óÀ×wñ&eºðf™pŒÆ9gŽTø£lñëÀçŽ NkÊUK0U’p ï^¡ãÈ¥´ø{£ÙHp`’ØåbqÏ©äó^Æ: Ž' ÊóM«õz+ß×ó5Ÿ»('¹ð¦C„$˜Å¢_ºÈI?»^äã'ñêzž+ë€ñ-½»´}¡Ë*õ?.xÇ^1ŽMyÇÂ¸&“Â—L–îëöâ7…' bqéÎGé]Ëªâ1$o²¸R8Ã`.q€}sÖ¾C98cêÆÞíïóòvÓòùœÕfÔÚéýuèÖ·Ú Å‚_¤³ÜÛºÆ‘ÃŸ”à×¨ý:×ƒxPþÅÕî-/üØmnQìïGÎŠÙRqê=>¢½õnæ·r!—h`+’;ò3È<“Û©éšóŸx*÷V¹¸×tÈiˆßwiÔÿ |cŒñÏ®3Ö½Ì°‰Ë Qr©ö½®¼ÛoÑÙZÅÑ«Oàµ¯ýw8;k›ÿ x†;ˆJa;‘º9÷÷R+¡ñgŽí|Iáë{ôáo2Ê²9 029ÉÏLí\‰¿¸Ÿb˜ "Bv$£&#ßiê>=ªª©f ’N ëí>¡NXW~5×úíø\‰»½Ï^ø(—wÖú¥¤2íŽÞXæÁ$°eÈ888^nÝë²ñÝÔ^ ÖÚ9Q~Ëå7ï DC¶ÑµƒsËÇè9®Wáþƒ6‡£´·°2\Ý:ÈÑ?(#¨'$õèGJ¥ñW\ÿ ‰E¶—¸™g˜ÌÀ¹;Pv ú±ÎNs·ëŸ’–"Ž/:té+ûË]öJöÓM»ëø˜*‘•^Uý—êd|‰åñMæÔÝ‹23å™6æHùÛ‚ëüñ^…ñ1¢oêûÑEØ.õ7*ÅHtÎp{g<·Á«+¸c¿¿pÓ¾Æby=8É_ÄsÆk¬ñB\jÞÔì••Ë[9Píb‹Bãƒ… =93§ð§LšÛáÖšÆæXÌÞdÛP.0\ãïÛ0?™úJ¸™Ë ”•œº+=<µI£¦í¯õêt¬d‹T¬P=ËFêT>ÍØØ@Ï9<÷AQÌ×»Õ¡xùk",JÎæù±Éç$œŽŸZWH®¯"·UÌQÂ ’ÙÈ]ÅXg<ã ß¨g3-Üqe€0¢¨*Œ$Üƒ ’Sû 8ãŽ¼_/e'+Ï–-èÓ¶¶Õíß[·ÙÙ½îì—¼sk%§µxä‰â-pÒeÆCrú ôÏƒžû=”šÅô(QW‚Õd\ƒæ. \àö¹¯F½°³½0M>‘gr÷q+œ¶NïºHO— ¤ Ü¥Ý”n·J|ÆP6Kµc=Isó}Ò çGš)a=—#vK›åoK§ßóÙ¤¶¿õú…ÄRÚ[ËsöÙ¼Ë•Ë ópw®qœŒ·Ø ùÇâ‹ý‡ãKèS&ÞvûDAù‘É9ŒîqÅ} $SnIV[]Ñ´Ó}ØÜ¾A Ü|½kÅþÓ|EMuR¼.I¼¶däò‚ÃkÆ}ðy¹vciUœZ…Õõ»z¾÷¿n¦*j-É/àœHã\y5 Û ß™ó0—äŸnzôã#Ô¯,†¥ÚeÔ÷ÜÅ´„“'c…<íÝ€<·SŠ¥k§Ã¢éÆÆÙna‚8–=«Êª[Ÿ™°pNî02z“ÔÙ–K8.È’Þî(vƒ2®@ äÈûãçžxäÇf¯ˆu¹yUÕîýWšÙ|›ëÒ%Q^í[æ|éo5ï‚¼ZY•^{96ˆY‚§v*x>âº_|U¹Ö´©tûMÒÂ9PÇ#«£#€ éÉñ‘ƒÍz/‰´-Ä¯¹°dd,Ð‘›p03ƒœ{ç9=+ Ûá§‡¬¦[‡‚êå©º¸#±ß=³ý¿•Õµjñ½HÙh›Û[§ÚýÊöô÷{˜?ô÷·Ô.u©–_%còcAÀ˜’ }0x9Î>žñÇáÍ9,ahï¦Ì2òÓ ñÛAäry$V²Nð ]=$Ž ‚#Ù‚1ƒƒødõMax‡ÂÖ^!±KkÛ‘ «“Çó²FN8+ëÎ{Ò¼oí§[«ÕMRoËeç×[_m/¦¦k.kôgŽxsSÓ´ý`êzªÜÜKo‰cPC9ÎY‰#§^üý9¹âïÞx£Ë·Ú`±‰‹¤;³–=ÏaôÕAð‚÷kêÁNBéÎælcõö®£Fð†ô2Ò¬]ßÂK$ÓÜ®•”/ÊHàã$ä¸÷ëf¹Oµúâ“”’²øè´µþöjçNü÷üÌ¿ xNïFÒd»¼·h®îT9ŽAµÖ>qÁçÔœtïÒ»\È¶ÎîcÞäîó3¶@#ÉIÎ ÔñW.<´’¥–ÑÑ€ÕšA‚ ;†qÓë‚2q ÒÂó$# Çí‡ !Ë}Õ9ÈÎÑÉã=;ŒÇÎuñ+ÉûÏ¥öíeÙ+$úíÜå¨¯'+êZH4ƒq¶FV‹gïŒ208ÆÌ)íÐ±>M|÷âÍãÂ¾"iì‹¥£Jd´™OÝç;sÈúr+ÜäˆË)DŒ¥šF°*3Õ”d{zÔwºQ¿·UžÉf†~>I+ŒqÔ`ð3œ“Ü×f]œTÁÔn4“ƒø’Ýßõ_«*5šzGCÊ,þ+ê1Ã²÷O¶¸cœºb2yÇ;cùÕ£ñh¬›áÑŠr¤ÝäNBk¥—á—†gxšX/ì‘˜hŸ*Tçn =ûã¦2|(ð¿e·ºÖ$ ýìŸ!'åÎ°yîî+×öœ=Y:²¦ÓÞ×iü’—ü -BK™£˜›âÆ¡&véðõ-ûÉY¹=Onj¹ø¯¯yf4·±T Pó`çœ7={×mÃ/¢˜ZÚòK…G½¥b„’G AãÜœ*í¯Ã¿ IoæI¦NU8‘RwÈã;·€ Û×ëÒ”1Y •£E»ÿ Oyto¢<£Áö·šï,ä‰§ûA¼sû»Nò}¹üE{ÜÖªò1’õÞr0â}ÎØ#>à/8ïéÎ~—áÍ#Ã±Îlí§³2f'h”?C÷YËdð:qëõÓ·‚ïeÄ© ÔÈØÜRL+žAÎ3¼g=åšó³Œt3 ÑQ¦ùRÙßE®¼±w_;þhš’Sirÿ ^ˆã¼ià©‡|RòO„m°J/“$·l“ ÇÓ¿ÿ [ÑŠÆ“„†Õø>cFÆ6Ø1ƒ– àz7Ldòxäüwá‹ÝAXùO•Úý’é®ähm •NÀ±ÌTÈç ƒ‘I$pGž:‚ÄbêW¢®œ´|¦nÍ>¶ÖÏ¢§ÎÜ¢ºö¹•%ÄqL^öÛKpNA<ã¡ …î==ª¸óffËF‡yÌcÉ ©ç$ð=ñÏYþÊ’Ú]—¥‚¬‚eDïÎH>Ÿ_ÌTP™aÂ‰ch['çÆÜò7a‡?w°Ïn§âÎ5”’¨¹uÚÛ|´ÓÓc§{O—ü1•ªxsÃZ…ÊÏy¡Ã3¸Ë2Èé» ‘ƒÎ äžÜðA§cáOéúÛ4ý5-fŒï„ù¬ûô.Ç Üsž•Ò¾•wo<¶Ÿ"¬¡º|£ î2sÇ¡éE²ÉFÑ±rU°dÜ6œ¨ mc†Îxë×ºÞ'0²¡Rr„{j¾í·è›µ÷)º·å–‹î2|I®Y¼ºÍË·–ÃÆàã£'óÆxƒOÆÞ&>\lóÌxP Xc¸ì Sþ5§qà/ê>#žÞW¸if$\3 ® ûÄ“ùŽÕê¾ð<Ó‹H¶óÏ" å·( á‘€:ã†8Ï=+ê¨¬UA×ÃËÚT’ÑÞöù¥¢]{»ms¥F0\ÑÕ—ô}&ÛB´ƒOŽÚ+›xíÄÀ1 ,v± žIëíZ0Ç§™3í2®0à¸—p9öÝÔž)ÓZËoq/Ú“‘L ²ŒmùŽï‘Ó9§[Û#Ä‘\ÞB¬Çs [;à à«g‚2ôòªœÝV§»·¯/[uó½õÛï¾ /šÍ}öüÿ «=x»HŸÂÞ.™ ÌQùŸh´‘#a$‚'¡u<Š›Æ>2>+ƒLSiöwµFó1!eg`£åœ ÷ëÛö}Á¿ÛVÙêv $¬ƒ|,s÷z€ðÎƒ¨x÷ÅD\ÜŒÞmåÔ„ ˆ o| :{ÇÓ¶–òÁn!´0Ål€, ƒ ( ÛŒŒc¶rsšæ,4‹MÛOH!@¢ ÇŽ„`å²9ÝÃw;AÍt0®¤¡…¯ØÄ.Àìí´ƒ‘ßñ5Í,Óëu-ÈÔc¢KÃÓ£òÖÌºU.õL¯0…%2È—"~x ‚[`có±nHàŽyàö™¥keˆìŒÛFç{(Ø©†`Jã#Žwg<“:ÚÉ;M ^\yhûX‡vB·÷zrF?§BÊÔ/s<ÐÈB)Û± ·ÍÔwç5Âã:så§e{mÑ¤ï«Òíh—]Wm4âí¿ùþW4bC3¶ª¾Ùr$pw`àädzt!yŠI„hÂîàM)!edŒm'æ>Ç?wzºKìcŒ´¯Ìq6fp$)ãw¡éUl`µ»ARAˆÝÕgr:äŒgƒéé[Ôö±”iYs5Ýï«ÙG—K=þF’æMG«óÿ `ŠKÉ¦uOQ!ÕåŒ/ÎGÞ`@ËqÕzdõâ«Ê/Ö(ƒK´%ŽbMüåÜŸö—>¤óŒŒV‘°„I¢Yž#™¥ùÏÊ@8 œgqöö5ª4v×“[¬(q cò¨À!FGaÁõõ¯?§†¥ÏU½í¿WªZ$úyú½Žz×§Éþ?>Ã×È•6°{™™ŽÙ.$`ÎUœ…çè ' ¤r$1Ø(y7 ðV<ž:È ÁÎMw¾Â'Øb§øxb7gãÐž½óÉÊë²,i„FÈ¹£§8ãäÂ½k¹¥¦ê/ç{ïêï¦‡2œ/«ü?¯Ô›ìñÜ$þeýœRIåŒg9Ác’zrrNO bÚi¢ ÑºË/$,“ª¯Ýä;Œ× ´<ÛÑn³IvŸb™¥ nm–ÄŸ—nÝÀãŽ3ëÍG,.öó³˜Ù£¹uÊÌrŠ[<±!@Æ:c9ÅZh ì’M5ÄìÌ-‚¼ëÉùqŽGì9¬á ;¨A-ž—évþÖ–^ON·Ô”ŸEý}ú×PO&e[]ÒG¸˜Ûp ƒÃà/Ë·8ûÀ€1ž@¿ÚB*²¼ñì8@p™8Q“žÆH'8«I-%¸‚ F»“åó6°Uù|¶Ú¸ã ò^Äw¥ŠÖK–1ÜÝK,Žddlí²0PÀü“×ükG…¯U«·¶–´w¶ŽÍ¾©yÞú[Zös•¯Á[™6° ¨¼ÉVæq·,# ìãï‘×8îry®A››¨,ãc66»Ë´ã'æÉù?t}¢æH--Òá"›|ˆ¬[í 7¶ö#¸9«––‹$,+Ëqœ\Êøc€yê^Ý¸Äa°«™B-9%«×®‹V´w~vÜTéê¢·þ¼ˆ%·¹• ’[xç•÷2gØS?6åÀÚ õ9É#š@÷bT¸º²C*3Bá¤òÎA9 =úU§Ó"2Ãlá0iÝIc‚2Î@%öç94ùô»'»HÄ¥Ô¾@à Tp£šíx:úÊ:5eºßMý×wµ›Ó_+šº3Ýyvÿ "ºÇ<ÂI>Õ1G·Ë«È«É# àÈÇ øp Jv·šæDûE¿›†Ë’NFr2qŸ½ÇAÜšu•´éí#Ä¦8£2”Ú2Ã/€[ÎTr;qŠz*ý’Îþ(â‰ ;¡TÆâ›;ºÿ àçœk‘Þ8¾Uª¾íé{^×IZéwÓkXÉûÑZo¯_øo×È¡¬ â–ÞR§2„‚Àœü½ùç® SVa†Âüª¼±D‘ŒísŸàä|ä2 æ[‹z”¯s{wn„ÆmáóCO+†GO8Ïeçåº`¯^¼ðG5f{Xžä,k‰<á y™¥voÆ éÛõëI=œ1‹éíÔÀÑ)R#;AÂncäŽ:tÏ#¶TkB.0Œ-ÖÞZÛgumß}fÎJÉ+#2êÔP£žùÈÅi¢%œ3P*Yƒò‚Aì“Ž2r:ƒÐúñiRUQq‰H9!”={~¼“JŽV¥»×²m.ÛßºiYl¾òk˜gL³·rT• ’…wHÁ6ä`–Î3ùÌ4Øe³†&òL‘•%clyÃ®AÂäà0 žüç$[3uÅ˜î¹•pNOÀÉ=† cï{rYK ååä~FÁ •a»"Lär1Ó¯2Äõæ<™C•.fÕ»è¥~½-¿g½Â4¡{[ør¨¶·Žõäx¥’l®qpwÇ»8ärF \cŽ¸ÜÆÓ-g‚yciÏÀ¾rÎwèØÈ#o°Á9ã5¢šfÔxÞæfGusÏÌJÿ µ×œ/LtãÅT7²¶w,l É³;”eúà·¨çîŒsÜgTÃS¦^ '~‹®›¯+k÷ZÖd©Æ*Ó[Ü«%Œk0ŽXƒ”$k#È¨ P2bv‘ƒŸáÇ™ÆÕb)m$É*8óLE‘8'–ÜN Úyàúô+{uº±I'wvš4fÜr íì½=úuú sFlìV$‘ö†HÑù€$§ õ=½¸«Ž] :Ž+•¦ïmRþ½l´îÊT#nkiøÿ _ðÆT¶7Ò½ºÒ£Î¸d\ã8=yãŽÜäR{x]ZâÚé#¸r²#»ÎHÆ6õ ç® ÎFkr;sºÄ.&;só±Ç9êH÷ýSšÕtÐU¢-n Ì| vqœ„{gŒt§S.P‹’Ž‰_[;m¥ÞZýRûÂX{+¥úü¼ú•-àÓ7!„G"“´‹žƒnrYXã¸îp éœ!ÓoPÌtÑ (‰Þ¹é€sÓ#GLçÕšÑnJý¡!‘Tä#“ß?îýp}xÇ‚I¥Õn#·¸–y'qó@r[ Êô÷<ÔWÃÓ¢áN¥4Ô’I&Ý¼¬¬¼ÞºvéÆ FQV~_ÒüJÖÚt¥¦Xá3BÄP^%ÈÎW-×c¡ú©¤·Iþèk¥š?–UQåIR[’O 5x\ÉhÆI¶K4«2ùªŠŒ<¼óœçØ`u«‚Í.VHä€ Ëgfx''9ÆI#±®Z8 sISºku¢ßÞ]úk»Jößl¡B.Ü»ÿ MWe °·Ž%šêÉ†¼»Âù³´œ O¿cÐÓÄh©"ÛÜÏ.ÖV’3nüÄmnq[ŒòznšÖ>J¬òˆæ…qýØP Ž:ä7^0yëWšÍ_79äoaÈ °#q0{ää×mœy”R{vÒÞ¶ÚÏe¥“ÚÆÐ¥Ì®—õýjR •íç›Ìb„+JyÜØÙ•Ç]¿Ôd þËOL²”9-Œ—õÃc'æÝ×œçÚ²ìejP“½ âù°¨†ðqòädÐƒÉäÖÜj÷PÇp“ÍšŠå«‘î <iWNsmª»¶vÓz5»ûì:Rs\Ðßôû×uÔÿÙ