From users-return-117157-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Thu Mar 15 16:10:32 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id C5849180649 for ; Thu, 15 Mar 2018 16:10:31 +0100 (CET) Received: (qmail 64894 invoked by uid 500); 15 Mar 2018 15:10:25 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 64884 invoked by uid 99); 15 Mar 2018 15:10:25 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Mar 2018 15:10:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 47CA21804EC for ; Thu, 15 Mar 2018 15:10:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.102 X-Spam-Level: X-Spam-Status: No, score=-0.102 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 7qH7dRSzN66a for ; Thu, 15 Mar 2018 15:10:22 +0000 (UTC) Received: from mail-wr0-f173.google.com (mail-wr0-f173.google.com [209.85.128.173]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 428015F175 for ; Thu, 15 Mar 2018 15:10:22 +0000 (UTC) Received: by mail-wr0-f173.google.com with SMTP id l8so8666579wrg.5 for ; Thu, 15 Mar 2018 08:10:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:reply-to:to:cc:date:in-reply-to:references :mime-version; bh=Yuil4ZaPHTWzlUyNJb+zUzRAUgyUl/6o8gKIG+q6XTY=; b=IB16vwWyQPVWwAgOE/7ubhWpQ5F60o0KTkzwlwSykBz8bk4M1Iw2++5Xj60JIh4aIP pjekr90AttILPQVr9WI5KQdg7E1H9khOWRYrMOe6Br/dE52gqLRg0UT0kStXBNyJMiZw QN1mCOLUR0ubiZ4HYcRu6eG3FEnKl9/OnBxqs4158woTRaGdBXKp/FxvgcvFMVZzE7cY Wf/J9XEwB21FAHhVMgq25Lc/Jn1uwa6LMmeUC7YTp5B9CPIlY4BRPlCK390Dd8+gx3je PaOWOslAn80GTNmITad1W6Mfp2wsOgdzuOfLE5WWDHdfU0NGSWzfEi/B3BC6ZkdGiqrf vOMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:reply-to:to:cc:date :in-reply-to:references:mime-version; bh=Yuil4ZaPHTWzlUyNJb+zUzRAUgyUl/6o8gKIG+q6XTY=; b=qRVpPFv8pD23Ql+4IyxuIQlyQd8u49OM2w1M0e5NYVeZmJjHLM5q/2t/jiQBoxRGa/ 2hB3K9Bw9RVX6mJgKNprui5YD0EsI6lxnFc0gucAHph9SkyFCMJ5Np5O+8Y25NLtVijC kOBGCr5W11kOAU6T2v//t+SE3h+SvWHb5J2CH/i/KXbEzlF4WxrQ6z8pGu0FNWhaFIkR k4qvRDs76KT84Y9sn0GL9a61+OyD13RsK9HaOi4Wgh1qkPLi1BTi+F1G8QHbuxK9VWQH TAJ9yAmwdbh+kiXBgud4il6A/J9fjPags/smHVt0NlQXcFo7rCCG0PwcLBTuJYbrZFMo wZKA== X-Gm-Message-State: AElRT7Ht170Np+9sBfc8XNkUcO7JQ7QBpOItUvq+6IaPCDjhyX+q/kXB /K2SmxkohfOQ8hhjhkWVHrk= X-Google-Smtp-Source: AG47ELuX+xSV5QzmLbhYcVNYzveCNImNlp9g54nfjQYpy1OH3pPRUqefP08yKJqIb3axw6xp6dUk+w== X-Received: by 10.223.152.141 with SMTP id w13mr7730347wrb.12.1521126616181; Thu, 15 Mar 2018 08:10:16 -0700 (PDT) Received: from [10.47.1.140] ([185.40.248.10]) by smtp.gmail.com with ESMTPSA id p29sm4802057wmf.3.2018.03.15.08.10.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Mar 2018 08:10:15 -0700 (PDT) Message-ID: <1521126614.3079.24.camel@thorstenknbl1.mgm-edv.de> From: Torsten Krah Reply-To: Torsten Krah To: Eric Covener Cc: users@httpd.apache.org Date: Thu, 15 Mar 2018 16:10:14 +0100 In-Reply-To: References: <1516790925.12679.92.camel@thorstenknbl1.mgm-edv.de> <1521125419.3079.11.camel@thorstenknbl1.mgm-edv.de> Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-SQbsXkpOLR2OZ9d/rvQN" X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 Subject: Re: [users@httpd] [mod_lua] Successful arbitrary authentication with denied access on the resource results in a core:error AH00571 message in the logs about a missing AuthType --=-SQbsXkpOLR2OZ9d/rvQN Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > Lots of things could be better. To me it is clear that the overall > system expects an AuthType to be set if you will be doing authn and > authz. Thx for clarification - this was at least not clear to me. >=20 > The error message is one indication of that But it appears only if the authorization backend does deny the access - if it let you pass, you won't get any error message. So its difficult to "know" that you should configure it. >=20 > IIUC, a normal authentication provider would check the configured > authtype. So it would not be ideal for Lua to programatically > configure it just because the hook has been implemented by a script. Hm - the lua authz provider here: https://httpd.apache.org/docs/trunk/mod/mod_lua.html#luaauthzprovider does not check that, neither any of the other examples there. So if i use that *normal* one from the example there and tweak it to my needs i would not know what other providers in general would do - *normal* makes assumptions about httpd internals on other places which not anyone has. Coming from a user perspective which wants to use the things there its hard to *know* such things - if you're a familiar httpd developer of cause it seems clear to you. ... This can be used to implement arbitrary authentication and authorization checking. ... To sum it up: I should set AuthType if i am using some of those handlers, correct? And do we agree that the docs should mention that? >=20 > > And i am curious - why its dangerous? If it is dangerous - shouldn't th= e > > docs have some note about this added? > > Reading them i was under the impression - and because httpd does not > > bail about it - that its not needed using the lua handlers. >=20 > To me It's dangerous because to me it looks like > unintended/undesigned/undefined config/behavior in the area of access > control and that error message is the hint. That sounds feasible - but to users of httpd + mod_lua which just read the docs and does not study the code of other providers - how should they know that this is a undefined config / behaviour. The examples and docs imho should mention that, shouldn't it? And wouldn't it be a good idea to let httpd configtest fail if those auth handlers are used but no AuthType is set - just to omit undefined behaviour? kind regards Torsten --=-SQbsXkpOLR2OZ9d/rvQN Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCCEg0w ggVUMIIDPKADAgECAgMCtM0wDQYJKoZIhvcNAQENBQAwVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4x HjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMg Um9vdDAeFw0xNzA5MTMwODE0MzFaFw0xOTA5MTMwODE0MzFaMDkxFTATBgNVBAMTDFRvcnN0ZW4g S3JhaDEgMB4GCSqGSIb3DQEJARYRa3JhaC50bUBnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCytvYy4tGhE6Os9xYmxvWSEFM5rm0rx5EAIxAyzAMGKJ3LtwPVa4+7XSBg +5Ng0Z6P6fz70jUrj2IvXxI0zMsQUgUIPRLIRHvYsHMBmCcxM6MbA4/XhbuNL/AM8UMcd4EkQNFm 8ZafKO6j+59dOAjO0OmXaEhCelDxkhiw/gPO+pmjmaelzfkLc9yCuaT4JfKNqE5zUD5hH1lPYuDC gTcg2ErBLXzb4u7Nw//+N5J+OJTV6kbQJ8dh79B2gsK7xd2PLLQBm/6Xfye5zIYqelrgENxY/fqu ZKfY6wfGW6cNjN2pGoaLlTfN/ei+jbDBl63qWZjnjdQnkyXs8cl88uN3AgMBAAGjggFIMIIBRDAM BgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUg Zm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMC A6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3CgMEBgorBgEEAYI3CgMD BglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNl cnQub3JnMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMtcmV2 b2tlLmNybDAcBgNVHREEFTATgRFrcmFoLnRtQGdtYWlsLmNvbTANBgkqhkiG9w0BAQ0FAAOCAgEA RDobD4G50YESYF0Bg1DDihjbSuDV5cg7vIlYC4Nb3Edk3Sd335Wxrkadce/BcLLBevJaklp1ieju uk0CypSCtwBAXj56nFY+00SHkmleme6d3uzqLxKoQEKjxAwHv3jtQidsOHat6pW0uix2f6rw4pcA SeoX4Ru0Mwe86dt4Os2T+S23cJp/yPqCBfszZAUXNhi62kHsXm2BbT5yz6K4oVRKSlQ+JKBw5G4R VJHybJ/1QipeqNdV5M2OkcCUBTvtZKZL5Z6b3La4gBwTaijAPvDWg9tXsaxuzKBzjfZc9JOMns2t JNdKrr9cE66fzfU18dy6rSqoGaiqktQ3kK9a+W41lTwFkHjRT7ceOMCT+gJMtqJlHTJRcX4bRF1t xPCHYbq25FP8HbUWm3ESHJ5phinR7m8gCKGvjXywdSwuRVLoymGPdisQHKUJVkeZstsKt+BwNoBZ BzK8TUBAK6MxLERoLRVRe4WZwamQtumQpdqZYMbyCF2Gzwnf75f8KoLyksrCcYTYEowhczry8ayE 4HVZ1Jrh4kRhK9BQy8oCkabn1B03Q1iLTLh7G1xA8oaFwLuuEpyppasPzK+7VexCaYPKKGjNJG45 8FOeKpbqAQGniwG33AbN8D+UmFrLJ/CCucnOo1lEZXOsW2jUtScTDcUhY2+poeLmf7CFipDcPlcw ggVUMIIDPKADAgECAgMCtM0wDQYJKoZIhvcNAQENBQAwVDEUMBIGA1UEChMLQ0FjZXJ0IEluYy4x HjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMg Um9vdDAeFw0xNzA5MTMwODE0MzFaFw0xOTA5MTMwODE0MzFaMDkxFTATBgNVBAMTDFRvcnN0ZW4g S3JhaDEgMB4GCSqGSIb3DQEJARYRa3JhaC50bUBnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCytvYy4tGhE6Os9xYmxvWSEFM5rm0rx5EAIxAyzAMGKJ3LtwPVa4+7XSBg +5Ng0Z6P6fz70jUrj2IvXxI0zMsQUgUIPRLIRHvYsHMBmCcxM6MbA4/XhbuNL/AM8UMcd4EkQNFm 8ZafKO6j+59dOAjO0OmXaEhCelDxkhiw/gPO+pmjmaelzfkLc9yCuaT4JfKNqE5zUD5hH1lPYuDC gTcg2ErBLXzb4u7Nw//+N5J+OJTV6kbQJ8dh79B2gsK7xd2PLLQBm/6Xfye5zIYqelrgENxY/fqu ZKfY6wfGW6cNjN2pGoaLlTfN/ei+jbDBl63qWZjnjdQnkyXs8cl88uN3AgMBAAGjggFIMIIBRDAM BgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUg Zm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMC A6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3CgMEBgorBgEEAYI3CgMD BglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNl cnQub3JnMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMtcmV2 b2tlLmNybDAcBgNVHREEFTATgRFrcmFoLnRtQGdtYWlsLmNvbTANBgkqhkiG9w0BAQ0FAAOCAgEA RDobD4G50YESYF0Bg1DDihjbSuDV5cg7vIlYC4Nb3Edk3Sd335Wxrkadce/BcLLBevJaklp1ieju uk0CypSCtwBAXj56nFY+00SHkmleme6d3uzqLxKoQEKjxAwHv3jtQidsOHat6pW0uix2f6rw4pcA SeoX4Ru0Mwe86dt4Os2T+S23cJp/yPqCBfszZAUXNhi62kHsXm2BbT5yz6K4oVRKSlQ+JKBw5G4R VJHybJ/1QipeqNdV5M2OkcCUBTvtZKZL5Z6b3La4gBwTaijAPvDWg9tXsaxuzKBzjfZc9JOMns2t JNdKrr9cE66fzfU18dy6rSqoGaiqktQ3kK9a+W41lTwFkHjRT7ceOMCT+gJMtqJlHTJRcX4bRF1t xPCHYbq25FP8HbUWm3ESHJ5phinR7m8gCKGvjXywdSwuRVLoymGPdisQHKUJVkeZstsKt+BwNoBZ BzK8TUBAK6MxLERoLRVRe4WZwamQtumQpdqZYMbyCF2Gzwnf75f8KoLyksrCcYTYEowhczry8ayE 4HVZ1Jrh4kRhK9BQy8oCkabn1B03Q1iLTLh7G1xA8oaFwLuuEpyppasPzK+7VexCaYPKKGjNJG45 8FOeKpbqAQGniwG33AbN8D+UmFrLJ/CCucnOo1lEZXOsW2jUtScTDcUhY2+poeLmf7CFipDcPlcw ggdZMIIFQaADAgECAgMKQYowDQYJKoZIhvcNAQELBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwG A1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0 aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMTEwNTIzMTc0ODAy WhcNMjEwNTIwMTc0ODAyWjBUMRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UECxMVaHR0cDov L3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQgQ2xhc3MgMyBSb290MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAq0k1EUh80iZ+U5TPQ6ndKNdCKovzh3gZWHwPntqJfeH763KQ DXShlmSrn6AkmXPa4lV2xxd79QSsRrjDvn9kjRBsJPNhnMDykPpR5vVpAWPDD1biSkLP4kSMJSio xXkJfUa5ivPp8zQpCEXkHJ/LlAQcgagUs5hlxEPsToKNCdG9qluNktDs3pDFfwrC4+vmMVpedD6X M1nowwM9YDO/99FvR8TN7mKDUm4uCJqk2RUYkaaFkkewrkjrbbch7IUaaHI1q//wEF3A9JSnatU7 kn5MkAV+k8Esi6SOYnQVcW4LcQPqrxU4mtTSBXJvjPkr61pyJfk5RuNyGz4Ew2QnIhAqik9YpwOt vrQuE+1dqkjX1X3UKntc+kYEUOTMDkJbjO3b8s/8lpPg2xE2VGI0OI8MYJs7l1Y4rfPSW4ugW+pO lrh819WghnBA05Ept6I8rfWMu88akorkNHvA2Gxf6QrCw6cgmlrfLF1SXLpH1ZvvJChwOCAv1X8p wLJBA2iSzOCczJdLRe86EAqrcDqYlXCtNbHqhSukHIAhMamuYHqAJkgAuAHAk2NVIpE8Vuev2zol 848xVOomi4FZ+aHRUxHFe50D9nQR4G2xLD8shpGZcZqmd4s0YNEUtCysna+MENOfxGr4bxP8c1n3 ZkJ0Horj+NzSb5icy0eYlUAF++kCAwEAAaOCAg0wggIJMB0GA1UdDgQWBBR1qHFgTIgT8HjZiXe1 bcWJ37yxejCBowYDVR0jBIGbMIGYgBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBD ZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmeC AQAwDwYDVR0TAQH/BAUwAwEB/zBdBggrBgEFBQcBAQRRME8wIwYIKwYBBQUHMAGGF2h0dHA6Ly9v Y3NwLkNBY2VydC5vcmcvMCgGCCsGAQUFBzAChhxodHRwOi8vd3d3LkNBY2VydC5vcmcvY2EuY3J0 MEoGA1UdIARDMEEwPwYIKwYBBAGBkEowMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5DQWNlcnQu b3JnL2luZGV4LnBocD9pZD0xMDA0BglghkgBhvhCAQgEJxYlaHR0cDovL3d3dy5DQWNlcnQub3Jn L2luZGV4LnBocD9pZD0xMDBQBglghkgBhvhCAQ0EQxZBVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmlj YXRlIGZvciBGUkVFLCBnbyB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDQYJKoZIhvcNAQELBQAD ggIBACkoha5EqbmvpHkT8KijK5dg81zu4y/B9uJmoBGuNjc6dhUEU+pC9fnqwBXYpoLZ5GGucgsp XJBD6EGy4XfbAhNEeEdVr1j8zJj2RbnRIPjYIQf+bapz1LPGB+kJhcw78ra+LBwl1XGMObUu6r4Y gbqwk7gP4+bXJowxWnIDhFLmpvUzIkUKyAsNirg2b5AJoau919VOLnGi1K76p1Qr6zWNWrdUiC/u dJ/tSBbKDUjQlNOspKL2JN+S473rQ0CRbhwYjla0ghLzqZOf1LycrZx17lqXG5XndC0cD7Asl5/7 qTM5eucDOpKOIvaMDeTZfg12GPcB+e+WlqJVc8A8cbQdGlZDt8MKjXL84hAJC0HOjJSg+QP9cXNL ilcz5Y50fhUBAObMShznf5UZLcWlDIu7te2Fs1zT37i58srHDQEUrHBYxYyNM9SdZqMaUJUj/Ejg BkMS2c2nhjkvNnKjgBDk4fPRy1sawOSAmnwTcwZP26NrJAq6sxy8Sni75eN1OKVIp6Ier3bUXvc4 hlZaic7Ww6d5slKgxvGFtCWM8j+WsxDZjWxXO59vhjoYgiI2yLCRONsqoZOqhD/1J2Wuc9XI1dN3 6kudx0G7x8DjoD/kfaSNc+YSS9+hc3NzOoDo1cuOL8vqE6fWQYus+jyJ1yT1TrTgYZK38zeYxL6W o7eKMYIC7TCCAukCAQEwWzBUMRQwEgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UECxMVaHR0cDov L3d3dy5DQWNlcnQub3JnMRwwGgYDVQQDExNDQWNlcnQgQ2xhc3MgMyBSb290AgMCtM0wDQYJYIZI AWUDBAIDBQCgggFjMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE4 MDMxNTE1MTAxNFowTwYJKoZIhvcNAQkEMUIEQF76q0pRQkKYv0gc0HBrLmcAM1KkIvrqcSEMMY9w 4d19Y2nbIvG4/b1SeXpeFAkhLm/geWJ6ZIvcNvW12ADSEK0wagYJKwYBBAGCNxAEMV0wWzBUMRQw EgYDVQQKEwtDQWNlcnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYD VQQDExNDQWNlcnQgQ2xhc3MgMyBSb290AgMCtM0wbAYLKoZIhvcNAQkQAgsxXaBbMFQxFDASBgNV BAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNVBAMT E0NBY2VydCBDbGFzcyAzIFJvb3QCAwK0zTANBgkqhkiG9w0BAQEFAASCAQCBbW4BVFXXm0LUnY5t x6MVtdmrziPKwigLZTfxTchMIorAvHh8qgjmSdXwpHViHUlLqoxMcW3otQNrd8VbGirUQK+vsp0g 2rlBExtf6Ic1BqLHZ71Iy5ZwwVqOVZLoaCf/BSSD0QxMCOBnK4/JHrc17UZB7kK8jukpVofDYDF7 UgO7bB/ray5XNd0lYM5GPSpELlK+poWZtn5shyZv4f9ZACLWfPI7wjaHIxz2Lm1L73ehUgB8hWyk Ku0vprnaqeRbgJcJJBQJtMmEgGnTfXdtjPdlSkhdSc98GHSrd3TQZgU8BVOWkSpjIneam0eA34V8 W88DDE76otRXanAKr3DgAAAAAAAA --=-SQbsXkpOLR2OZ9d/rvQN--