perl-install/pixmaps/bootdisk.png

package authentication; # $Id$

use common;

my ($authentication) = @_;

sub kinds { 
    my $no_para = @_ == 0;
    my ($do_pkgs, $_meta_class) = @_;
    my $allow_SmartCard = $no_para || $do_pkgs->is_available('castella-pam');
    (
	'LDAP',
	'KRB5',
	'winbind', 
	'NIS', 
	if_($allow_SmartCard, 'SmartCard'), 
	'local',
    );
}

sub kind2name {
    my ($kind) = @_;
    # Keep the following strings in sync with kind2description ones!!!
    ${{ local => N("Local file"), 
    LDAP => N("LDAP"), 
    NIS => N("NIS"),
    SmartCard => N("Smart Card"),
    winbind => N("Windows Domain"), 
    KRB5 => N("Kerberos 5") }}{$kind};
}

my %kind2pam_kind = (
    local     => [],
    SmartCard => ['castella'],
    LDAP      => ['ldap'], 
    NIS       => [],
    KRB5        => ['krb5'],
    winbind   => ['winbind'], 
);

my %kind2nsswitch = (
    local     => [],
    SmartCard => [],
    LDAP      => ['ldap'], 
    NIS       => ['nis'],
    KRB5        => ['ldap'],
    winbind   => ['winbind'], 
);

my %kind2packages = (
    local     => [],
    SmartCard => [ 'castella-pam' ],
    LDAP      => [ 'openldap-clients', 'nss_ldap', 'pam_ldap', 'autofs', 'nss_updatedb' ],
    KRB5       => [ 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'nss_updatedb' ],
    NIS       => [ 'ypbind', 'autofs' ],
    winbind   => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi' ],
);


sub kind2description_raw {
    my (@kinds) = @_;
    my %kind2description = (
	local     => [ N("Local file:"), N("Use local for all authentication and information user tell in local file"), ],
	LDAP      => [ N("LDAP:"), N("Tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization."), ],
	NIS       => [ N("NIS:"), N("Allows you to run a group of computers in the same Network Information Service domain with a common password and group file."), ],
	winbind   => [ N("Windows Domain:"), N("Winbind allows the system to retrieve information and authenticate users in a Windows domain."), ],
	KRB5        => [ N("Kerberos 5 :"), N("With Kerberos and Ldap for authentication in Active Directory Server "), ],
    );
    join('', map { $_ ? qq($_->[0]\n$_->[1]) : '' } map { $kind2description{$_} } @kinds);
}

sub kind2description {
    my (@kinds) = @_;
    join('', map { $_ ? qq($_\n\n) : '' } map { kind2description_raw($_) } @kinds);
}

sub to_kind {
    my ($authentication) = @_;
    (find { exists $authentication->{$_} } kinds()) || 'local';
}

sub domain_to_ldap_domain {
    my ($domain) = @_;
    join(',', map { "dc=$_" } split /\./, $domain);
}

sub ask_parameters {
    my ($in, $net, $authentication, $kind) = @_;

    #- keep only this authentication kind
    foreach (kinds()) {
	delete $authentication->{$_} if $_ ne $kind;
    }
    # do not enable ccreds unless required
    undef $authentication->{ccreds};

    if ($kind eq 'LDAP') {
	$authentication->{LDAPDOMAIN} ||= domain_to_ldap_domain($net->{resolv}{DOMAINNAME});
	#$authentication->{anonymous} = "0";
	#$authentication->{cafile} = "0";
	#$authentication->{nssgrp} = "0";
	$authentication->{ccreds} = 1;

    # this package must be installed for 'Fetch DN' button to actually work
    $in->do_pkgs->ensure_are_installed([ 'openldap-clients' ], 1) or return;
    
	$in->ask_from('', N(" "),
		     [ { label => N("Welcome to the Authentication Wizard"), title => 1 },
                     {},
                     { label => N("You have selected LDAP authentication. Please review the configuration options below "), },
                     {},
		     { label => N("LDAP Server"), val => \$authentication->{LDAP_server} },
		     { label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} },
                     { val => N("Fetch base Dn "), type  => button , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 } },
		     {},
		     { text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool' },
                     { val => N("Download CA Certificate "), type  => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 }  },
		     
		     { text => N("Use Disconnect mode "), val => \$authentication->{ccreds}, type => 'bool' },
		     { text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool' , advanced => 1 },
		     { text => N("  "), advanced => 1 },
                     { label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} }, advanced => 1  },
                     { label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} }, advanced => 1 },
		     { text => N("  "), advanced => 1 },
		     { text => N("Advanced path for group "), val => \$authentication->{nssgrp}, type => 'bool' , advanced => 1 },
		     { text => N("  "), advanced => 1 },
                     { label => N("Password base"), val => \$authentication->{nss_pwd},  disabled => sub { !$authentication->{nssgrp} }, advanced => 1 },
                     { label => N("Group base"), val => \$authentication->{nss_grp},  disabled => sub { !$authentication->{nssgrp} }, advanced => 1 },
                     { label => N("Shadow base"), val => \$authentication->{nss_shadow},  disabled => sub { !$authentication->{nssgrp} }, advanced => 1 },
		     { text => N("  "), advanced => 1 },
		     ]) or return;
    } elsif ($kind eq 'KRB5') {
	
	$authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME};
	$in->do_pkgs->ensure_are_installed([ 'perl-Net-DNS' ], 1) or return;
	my @srvs = query_srv_names($authentication->{AD_domain}); #FIXME: update this list if the REALM has changed
	$authentication->{AD_server} ||= $srvs[0] if @srvs;
	my $AD_user = $authentication->{AD_user} =~ /(.*)\@\Q$authentication->{AD_domain}\E$/ ? $1 : $authentication->{AD_user};
	$authentication->{ccreds} = 1;

	$in->ask_from('', N(" "),
                        [ { label => N("Welcome to the Authentication Wizard"), title => 1 },
                        {},
                        { label => N("You have selected Kerberos 5 authentication. Please review the configuration options below "), },
                        {},
		       { label => N("Realm "),  val => \$authentication->{AD_domain} },
                       {},
		       { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0,  title => 1 },
                       {},
		       { text => N("Use DNS to locate KDC for the realm"), val => \$authentication->{KRB_host_lookup}, type => 'bool' },
		       { text => N("Use DNS to locate realms"), val => \$authentication->{KRB_dns_lookup}, type => 'bool' },
		       { text => N("Use Disconnect mode "), val => \$authentication->{ccreds}, type => 'bool' },
		     ]) or return;

my %level = (
             1 => N("Use local file for users information"),
             2 => N("Use Ldap for users information"),
            );

 $in->ask_from('', N(" "),
                        [ { label => N(" "), title => 1 },
                        {},
                        { label => N("You have selected Kerberos 5 for authentication, now you must choose the type of users information "), },
                        {},
			{ label => "" , val => \$authentication->{nsskrb}, type => 'list', list => [ keys %level ], format => sub { $level{$_[0]} } },
			{},	
			{ label => N("LDAP Server"), val => \$authentication->{LDAP_server}, disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} , disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ val => N("Fecth base Dn "), type  => button , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 }, disabled => sub { $authentication->{nsskrb} eq "1"  } },
			{},
                     	{ text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool',, disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ val => N("Download CA Certificate "), type  => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 }  },
                     	{ text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool', disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} } },
                     	{ label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} } },
                     	{},
			]) or return;
	
	$authentication->{AD_user} = !$AD_user || $authentication->{sub_kind} eq 'anonymous' ? '' : 
	                             $AD_user =~ /@/ ? $AD_user : "$AD_user\@$authentication->{AD_domain}";
	$authentication->{AD_password} = '' if !$authentication->{AD_user};


    } elsif ($kind eq 'NIS') {
	$authentication->{NIS_server} ||= 'broadcast';
	$net->{network}{NISDOMAIN} ||= $net->{resolv}{DOMAINNAME};
	$in->ask_from('', N(" "),
		[ { label => N("Welcome to the Authentication Wizard"), title => 1 },
		{},
		{ label => N("You have selected NIS authentication. Please review the configuration options below "), },
		{},
		{ label => N("NIS Domain"), val => \$net->{network}{NISDOMAIN} },
		{ label => N("NIS Server"), val => \$authentication->{NIS_server}, list => ["broadcast"], not_edit => 0 },
		{},
		     ]) or return;
    } elsif ($kind eq 'winbind') {
	#- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list 
	#- but networking is not setup yet necessarily
	#
	my @sec_domain = (
		"Windows Active Directory Domain",
		"Windows NT4 Domain",
);


	$authentication->{DNS_domain} ||= $net->{resolv}{DOMAINNAME};
	$authentication->{WINDOMAIN} ||= $net->{resolv}{DOMAINNAME};
	$in->do_pkgs->ensure_are_installed([ 'samba-client' ], 1) or return;
	my @domains=list_domains();

	$in->ask_from('', N(" "),
			[ { label => N("Welcome to the Authentication Wizard"), title => 1 },
			{},
			{ label => N("You have selected Windows Domain authentication. Please review the configuration options below "), },
		        {},
			{ label => N("Windows Domain"), val => \$authentication->{WINDOMAIN}, list => \@domains, not_edit => 1 },
		        {},
		        { label => N("Domain Model "), val => \$authentication->{model}, list => \@sec_domain , not_edit => 1 },
		        {},
			{ label => N("Active Directory Realm "), val => \$authentication->{AD_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain"  } },
			{ label => N("DNS Domain"), val => \$authentication->{DNS_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain"  } },
			{ label => N("DC Server"), val => \$authentication->{AD_server} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain"  } },
		        {},
			]) or return;
    }
    $authentication->{$kind} ||= 1;
    1;
}
sub ask_root_password_and_authentication {
    my ($in, $net, $superuser, $authentication, $meta_class, $security) = @_;

    my $kind = to_kind($authentication);
    my @kinds = kinds($in->do_pkgs, $meta_class);

    $in->ask_from_({
	 title => N("Authentication"), 
	 messages => N("Set administrator (root) password"),
	 advanced_label => N("Authentication method"),
	 advanced_messages => kind2description(@kinds),
	 interactive_help_id => "setRootPassword",
	 cancel => ($security <= 2 ? 
		    #-PO: keep this short or else the buttons will not fit in the window
		    N("No password") : ''),
	 focus_first => 1,
	 callbacks => { 
	     complete => sub {
		 check_given_password($in, $superuser, 2 * $security) or return 1,0;
		 return 0;
        } } }, [
{ label => N("Password"), val => \$superuser->{password},  hidden => 1 },
{ label => N("Password (again)"), val => \$superuser->{password2}, hidden => 1 },
{ label => N("Authentication"), val => \$kind, type => 'list', list => \@kinds, format => \&kind2name, advanced => 1 },
        ]) or delete $superuser->{password};

    ask_parameters($in, $net, $authentication, $kind) or goto &ask_root_password_and_authentication;
}

sub check_given_password {
    my ($in, $u, $min_length) = @_;
    if ($u->{password} ne $u->{password2}) {
	$in->ask_warn('', [ N("The passwords do not match"), N("Please try again") ]);
	0;
    } elsif (length $u->{password} < $min_length) {
	$in->ask_warn('', N("This password is too short (it must be at least %d characters long)", $min_length));
	0;
    } else {
	1;
    }
}

sub get() {
    my $system_auth = cat_("/etc/pam.d/system-auth");
    my $authentication = {
	blowfish => to_bool($system_auth =~ /\$2a\$/),
	md5      => to_bool($system_auth =~ /md5/), 
	shadow   => to_bool($system_auth =~ /shadow/),
    };

    my @pam_kinds = get_pam_authentication_kinds();
    if (my $kind = find { intersection(\@pam_kinds, $kind2pam_kind{$_}) } keys %kind2pam_kind) {
	$authentication->{$kind} = '';
    } else {
	#- we can't use pam to detect NIS
	if (my $yp_conf = read_yp_conf()) {
	    $authentication->{NIS} = 1;
	    map_each { $authentication->{"NIS_$::a"} = $::b } %$yp_conf;
	}
    }
    $authentication;
}

sub install_needed_packages {
    my ($do_pkgs, $kind, $ccreds) = @_;
    if (my $pkgs = $kind2packages{$kind}) {
	# install ccreds if required
	$ccreds and push(@$pkgs, 'pam_ccreds');
	#- automatic during install
	$do_pkgs->ensure_are_installed($pkgs, $::isInstall) or return;
    } else {
	log::l("ERROR: $kind not listed in kind2packages");
    }
    1;
}

sub set {
    my ($in, $net, $authentication, $o_when_network_is_up) = @_;

    install_needed_packages($in->do_pkgs, to_kind($authentication), $authentication->{ccreds}) or return;
    set_raw($net, $authentication, $o_when_network_is_up);

    require services;
    services::set_status('network-auth', to_kind($authentication) ne 'local', 'dont_apply');
}

sub set_raw {
    my ($net, $authentication, $o_when_network_is_up) = @_;

    my $conf_file = "$::prefix/etc/sysconfig/drakauth";
    my $when_network_is_up = $o_when_network_is_up || sub { my ($f) = @_; $f->() };

    enable_shadow() if $authentication->{shadow};    

    my $kind = to_kind($authentication);

    log::l("authentication::set $kind");

    my $pam_modules = $kind2pam_kind{$kind} or log::l("kind2pam_kind does not know $kind");
    $pam_modules ||= [];
    sshd_config_UsePAM(@$pam_modules > 0);
    set_pam_authentication($pam_modules, $authentication->{ccreds});

    my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does not know $kind");
    $nsswitch ||= [];
    set_nsswitch_priority($nsswitch, $authentication->{ccreds});

    if ($kind eq 'local') {

output($conf_file, <<EOF);
auth=Local File 
server=none 
realm=none
EOF


    } elsif ($kind eq 'SmartCard') {
    } elsif ($kind eq 'LDAP') {

	configure_nss_ldap($authentication);

output($conf_file, <<EOF);
auth=Ldap Directory
server=$authentication->{LDAP_server}
realm=$authentication->{LDAPDOMAIN}
EOF

    if ($authentication->{ccreds}) {
	run_program::rooted($::prefix, '/usr/sbin/nss_updatedb.cron');  # updates offline cache.
    }

    } elsif ($kind eq 'KRB5') {

	configure_krb5_for_AD($authentication);
	configure_nss_ldap($authentication);

output($conf_file, <<EOF);
auth=Kerberos 5
server=$authentication->{AD_server}
realm=$authentication->{AD_domain}
EOF

    } elsif ($kind eq 'NIS') {
	my $domain = $net->{network}{NISDOMAIN};
	my $NIS_server = $authentication->{NIS_server};
	$domain || $NIS_server ne "broadcast" or die N("Can not use broadcast with no NIS domain");
	my $t = $domain ? 
	  ($NIS_server eq 'broadcast' ? 
	     "domain $domain broadcast" : 
	     "domain $domain server $NIS_server") :
	     "server $NIS_server";

	substInFile {
	    if (/^#/) {
		$_ = '' if /^#\Q[PREVIOUS]/;
	    } else {
		$_ = "#[PREVIOUS] $_";
	    }
	    $_ .= "$t\n" if eof;
	} "$::prefix/etc/yp.conf";

	#- no need to modify system-auth for nis

	$when_network_is_up->(sub {
	    run_program::rooted($::prefix, 'nisdomainname', $domain);
	    run_program::rooted($::prefix, 'service', 'ypbind', 'restart');
	});

output($conf_file, <<EOF);
auth=$kind
server=$NIS_server
realm=$domain
EOF

#    } elsif ($kind eq 'winbind' || $kind eq 'AD' && $authentication->{subkind} eq 'winbind') {

    } elsif ($kind eq 'winbind') {

	my $domain = uc $authentication->{WINDOMAIN};
	($authentication->{winuser}, $authentication->{winpass}) = auth();

	if ($authentication->{model} eq "Windows NT4 Domain") {

	require fs::remote::smb;
	fs::remote::smb::write_smb_conf($domain);
	run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on");
	mkdir_p("$::prefix/home/$domain");
	run_program::rooted($::prefix, 'service', 'smb', 'restart');
	run_program::rooted($::prefix, 'service', 'winbind', 'restart');
	
	#- defer running smbpassword until the network is up

	$when_network_is_up->(sub {
	    run_program::raw({ root => $::prefix, sensitive_arguments => 1 },
		    #'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass});
			     'echo', '"', 'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}, '"');
	});

output($conf_file, <<EOF);
auth=Windows NT4 Domain
server= none 
realm=$domain
EOF


	} else { 	
	# FIXME: the DC isn't named ads.domain... try to do reserve lookup?
	$authentication->{AD_server} ||= 'ads.' . $authentication->{AD_domain};
	my $domain = uc $authentication->{WINDOMAIN};
	my $realm = $authentication->{AD_domain};
	($authentication->{winuser}, $authentication->{winpass}) = auth();
	configure_krb5_for_AD($authentication);
		
	require fs::remote::smb;
	fs::remote::smb::write_smb_ads_conf($domain,$realm);
	run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on");
	mkdir_p("$::prefix/home/$domain");
	run_program::rooted($::prefix, 'net', 'time', 'set', '-S', $authentication->{AD_server});
	run_program::rooted($::prefix, 'service', 'smb', 'restart');
	
	$when_network_is_up->(sub {
	    run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, 
			     'net', 'ads', 'join', '-U', $authentication->{winuser} . '%' . $authentication->{winpass});
ofs	hex dump	ascii
0000	89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a	.PNG........IHDR.............szz
0020	f4 00 00 00 04 67 41 4d 41 00 00 d6 d8 d4 4f 58 32 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72	.....gAMA.....OX2....tEXtSoftwar
0040	65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 05 02 49 44 41 54 78 da	e.Adobe.ImageReadyq.e<....IDATx.
0060	62 fc ff ff 3f 03 2d 80 89 49 3a 0b 90 fa 0d e3 1f 3d 3a 89 91 99 99 99 81 85 85 05 45 1d 40 00	b...?.-..I:......=:.........E.@.
0080	31 d1 c8 72 46 90 e5 85 f9 5e 0c 07 17 7f 07 8b 19 1b c7 0b fd f9 f3 07 43 2d 40 00 b1 50 68 11	1..rF....^..............C-@..Ph.
00a0	cc 03 f0 60 3c 73 66 e6 ff a4 24 2f fe 79 f3 b6 31 98 2a 5f 62 e0 f8 7d 10 28 ea 01 c4 8c 9f b0	...`<sf...$/.y..1.*_b..}.(......
00c0	85 36 40 00 51 1a 02 7f a1 f8 1f 0c a7 a4 74 b3 00 2d 7f df 5e 6f cd a0 26 79 9b 81 f9 ef 4b 06	.6@.Q.........t..-..^o..&y....K.
00e0	77 93 8b 0c 1c 1c 7c bf 59 59 59 51 34 83 1c 04 10 40 2c 94 06 f7 e4 36 4d 06 c6 bf 5f 19 de 7e	w.....\|.YYYQ4....@,....6M..._..~
0100	64 62 78 f0 8c 9b 61 fe b2 ab bf d3 92 ac 18 ac 34 6f 32 30 fc ba c9 f0 fb d7 6f 06 79 f1 6f 90	dbx...a.........4o20......o.y.o.
0120	e0 46 8b 7f 46 46 46 06 80 00 62 34 36 4e 13 00 b2 7f 00 f1 2f 1c a1 f2 0f e6 60 50 f0 a2 45 c1	.F..FFF...b46N....../.....`P..E.
0140	7f 57 5b 21 86 aa d8 43 0c bc 3c ec 0c 0c cc fc 0c 7f 18 f9 19 58 98 80 ca 7e 3d 66 60 f8 7e 95	.W[!...C..<..........X...~=f`.~.
0160	e1 df 9f d7 0c 37 1e 4b 30 14 cd 88 61 78 f3 e6 23 58 9f 97 97 05 f3 b6 6d 27 40 66 31 02 04 10	.....7.K0...ax..#X......m'@f1...
0180	c8 01 64 67 03 6f 6f 8b 3f 97 2f df 63 31 50 ba c9 50 97 70 16 e8 d4 9f 88 98 f9 f7 1d 8c c1 b6	..dg.oo.?./.c1P..P.p............
01a0	30 f1 30 bc f8 aa c5 70 ed a9 36 c3 93 37 32 0c 93 e6 3d 86 9b 01 10 40 60 07 14 16 46 30 7c fd	0.0....p..6..72...=....@`...F0\|.
01c0	0a d1 fc ef df 3f 0c 8b 40 41 85 4c 83 d4 fc fa f5 87 e1 db b7 9f 0c 1f 3f 7e 05 d3 d1 4e 67 18	.....?..@A.L............?~...Ng.
01e0	cc e4 57 02 ed fe 82 94 26 19 41 b6 33 fc 67 64 03 d2 1c 40 26 1b 58 ea c7 6f 66 86 23 40 f7 56	..W.....&.A.3.gd...@&.X..of.#@.V
0200	cc f6 61 00 08 20 70 a4 68 68 68 33 f0 f3 ff 66 78 f4 e8 3f 83 ac ac 0c 49 a1 00 4a d8 7f ff fe	..a...p.hhh3...fx..?....I..J....
0220	07 e2 74 86 eb 0f 2e 31 68 4a 9e 46 96 05 3a f6 2f c3 8f 9f df 19 de 7d fe ce f0 e2 2d 03 c3 83	..t....1hJ.F..:./......}....-...
0240	a7 6c 0c 3b 4e 2b 33 1c bd 28 ca c0 cd c7 c0 00 10 40 60 07 30 33 73 32 3c 7c f8 95 81 89 89 1f	.l.;N+3..(.......@`.03s2<\|......
0260	e8 1b d2 a3 e2 ff 7f 46 86 65 cb 56 30 b4 44 bc 45 ca 90 10 f0 1b 58 14 3d 7f cd c0 70 f3 11 03	.......F.e.V0.D.E.....X.=...p...
0280	c3 b6 13 f2 0c 7b ce 2a 32 f0 f0 aa 81 2d 7f fb f6 26 2b 40 00 81 1d c0 c5 c5 03 24 79 81 be 60	.....{.*2....-...&+@.......$y..`
02a0	60 00 95 15 6f df be 05 06 f1 5b 92 1c c1 f6 fb 08 03 db ff bb 98 f9 14 18 a3 1f 81 b1 32 77 9b	`...o.....[..................2w.
02c0	31 c3 c3 37 c6 40 cb 19 18 5e bf be ca ba 60 41 f3 1f 31 31 31 06 80 00 c2 9a 0d 39 39 df 32 b8	1..7.@...^....`A..111......99.2.
02e0	b9 a9 11 6d f9 de bd 67 19 1c 35 b7 63 95 03 25 1b 76 60 06 01 59 fe e9 d3 13 a0 c5 d5 7f 78 78	...m...g..5.c..%.v`..Y........xx
0300	78 18 44 45 45 19 f8 f8 f8 18 00 02 08 ab 03 b8 b8 48 8b 82 b3 47 d6 32 94 f9 dc 03 b3 67 ef f4	x.DEE............H...G.2.....g..
0320	67 78 f8 0e e8 db a7 df 18 e6 15 cd 00 46 cf 07 06 1e 2e 46 06 23 95 cb 0c e7 ee e8 fe 96 92 92	gx...........F.....F.#..........
0340	62 14 12 12 02 da c1 c5 00 aa 1b 00 02 88 85 1a 65 ff 9b 97 8f 19 ba 36 15 30 3c 78 29 cb e0 e1	b...............e......6.0<x)...
0360	15 ce 60 24 2d 0d 8c ce 3f 0c 95 4b f9 19 42 8d bb 18 f8 b9 3f 30 08 f1 7e 85 44 09 30 9e 91 2b	..`$-...?..K..B.....?0..~.D.0..+
0380	25 80 00 a2 d8 01 a0 e0 d7 b1 88 61 88 8b 73 67 d8 b2 e5 16 83 a4 a4 34 3c ab ba 79 c5 31 cc 5a	%..........a..sg.......4<..y.1.Z
03a0	f4 80 c1 c7 60 3e c3 9b f7 90 72 ee 1b 30 95 83 1c 01 03 00 01 44 b1 03 9c 9d 8d 71 e4 8c ff c0	....`>....r..0.......D.....q....
03c0	1c f0 8b e1 c9 6b 0e 86 9e 95 66 0c 3f ff 6b 81 c5 d1 6b 44 80 00 62 61 a0 31 00 95 03 20 cb df	.....k....f.?.k...kD..ba.1......
03e0	be bd c5 cc c4 c4 02 49 78 48 75 02 40 00 61 75 00 52 08 51 04 c0 95 0d 23 a4 6a 59 bd ba fb 9f	.......IxHu.@.au.R.Q....#.jY....
0400	b8 b8 38 03 28 01 b2 b1 b1 c1 d5 00 04 10 56 07 7c f8 c0 c9 70 e0 c0 2d 92 2d e4 e4 14 c6 59 8c	..8.(.........V.\|...p..-.-....Y.
0420	83 52 bd 80 80 00 98 46 06 00 01 84 d5 01 c2 c2 b2 34 8b 12 98 83 60 00 20 80 98 70 55 40 f4 02	.R.....F.........4....`....pU@..
0440	00 01 c4 82 3d 6b ed 05 e7 55 52 01 2f 2f 2f b0 ed 67 4c 92 1e 80 00 c2 ea 80 0b 17 2e 80 0d 03	....=k...UR.///..gL.............
0460	61 6c 79 97 9a 0e 00 08 20 b0 03 98 98 30 9b 86 6a 6a 6a 0c 0e 0e 0e 60 f6 ad 5b b7 80 89 f2 00	aly..........0..jjj....`..[.....
0480	4d a2 00 20 80 98 e8 15 d7 71 71 13 19 b1 89 03 04 10 13 c3 00 03 80 00 62 82 b5 6a d0 9a f7 74	M........qq.............b..j...t
04a0	03 00 01 04 76 c0 f7 ef bf 80 59 f1 3f 03 a4 e3 40 5f 47 00 04 10 13 24 db 1d 04 56 12 bf 07 a4	....v.....Y.?...@_G....$...V....
04c0	3c 00 08 20 70 2e 58 ba 74 05 b0 f4 13 61 50 50 90 07 bb e9 d7 af ef 0c 4f 9f 3e 62 38 7f fe 0c	<...p.X.t....aPP........O.>b8...
04e0	58 d1 d3 a7 4f 19 7e fe 24 dc 58 64 65 65 62 f8 fc f9 3d b4 2d f8 1b 18 b2 df 80 a1 8a df 53 00	X...O.~.$.Xdeeb...=.-.........S.
0500	01 04 72 00 b0 96 62 fd 3b 6f de 0c 06 4f 4f 17 a0 86 bf 0c cf 9e dd 00 d6 07 0f 19 2e 5d 3a 4c	..r...b.;o...OO..............]:L
0520	92 6f 38 38 38 18 0e 1f e6 82 16 b9 ff c0 8d 92 2f 5f de 01 79 dc 60 a1 ff 58 3a 87 00 01 c4 f8	.o888.........../_..y.`..X:.....
0540	e1 c3 07 06 1b 9b 0c 2e 76 76 be af 34 0e 6d e6 7d fb ba ff 81 aa 63 64 00 10 60 00 fe 40 c7 db	........vv..4.m.}.....cd..`..@..
0560	2d d8 a3 3a 00 00 00 00 49 45 4e 44 ae 42 60 82	-..:....IEND.B`.