PNG
�
���
IHDR�������������x����sBIT����|�d��� pHYs�������+������tEXtSoftware�www.inkscape.org<���,tEXtComment�
File Manager
File Manager
Viewing File: complexrules.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
# Copyright 2012-2018 Oli Schacher
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
#
#TODO: do we need a "does not match regex" operator? (can curently be written as !bla=~/blubb/
#TODO: regex modifiers
#IDEA: pseudo field "senderdomain"
#IDEA: operator "blacklistlookup"
from postomaat.shared import ScannerPlugin, FileList, \
DUNNO, REJECT, DEFER, DEFER_IF_REJECT, DEFER_IF_PERMIT, \
OK, DISCARD, FILTER,HOLD, PREPEND, REDIRECT, WARN
PYPARSING_AVAILABLE=False
try:
# requires pyparsing >= 2
from pyparsing import Optional, infixNotation, opAssoc, Keyword, Word, alphas, \
oneOf, nums, alphas, Literal, restOfLine, ParseException, QuotedString
PYPARSING_AVAILABLE=True
except ImportError:
pass
RE2_AVAILABLE=False
try:
import re2 as re
RE2_AVAILABLE=True
except ImportError:
import re
import logging
import os
import time
import string
#allowed keywords at start of line
postfixfields = [
"smtpd_access_policy" , "protocol_state" , "protocol_name" , "helo_name", "queue_id" , "sender" ,
"recipient" , "recipient_count" , "client_address" , "client_name" , "reverse_client_name" ,
"instance" , "sasl_method" , "sasl_username" , "sasl_sender" , "size" , "ccert_subject" ,
"ccert_fingerprint" , "encryption_protocol" , "encryption_cipher" , "encryption_keysize" ,
"etrn_domain" , "stress" , "ccert_pubkey_fingerprint", "client_port", "policy_context",
"server_address", "server_port",
]
#what keywords return a integer value
numeric=['size', 'encryption_keysize', 'recipient_count', 'client_port', 'server_port']
if PYPARSING_AVAILABLE:
#allowed operators
AttOperator=oneOf("== != ~= > <")
#allowed actions
ACTION = oneOf([x.upper() for x in [DUNNO,REJECT,DEFER,DEFER_IF_REJECT,DEFER_IF_PERMIT,OK,DISCARD,FILTER,HOLD,PREPEND,REDIRECT,WARN]])
class ValueChecker(object):
def __init__(self,values,pfixname,op,checkval,modifiers=None):
self.debug=True
self.pfixname=pfixname
self.op=op
self.checkval=checkval
self.label="%s %s %s"%(pfixname,op,checkval)
self.values=values #all values
self.value=self.get_value() # the requested value
self.logger=logging.getLogger('postomaat.complexrules.valuecheck')
self.modifiers=modifiers
self.funcs={
'==':self.fn_equals,
'!=':self.fn_notequals,
'~=':self.fn_regexmatches,
'<':self.fn_lt,
'>':self.fn_gt,
}
def get_value(self,name=None,defval=None):
if name is None:
name=self.pfixname
if name not in self.values:
return defval
return self.values[name]
def fn_equals(self):
return self.value==self.checkval
def fn_notequals(self):
return self.value!=self.checkval
def fn_gt(self):
if self.pfixname not in numeric:
self.logger.warn("can not use use < and > comparison operator on non-numeric value %s"%self.pfixname)
return False
if self.value is None:
return False
numval=int(self.value)
return numval>self.checkval
def fn_lt(self):
if self.pfixname not in numeric:
self.logger.warn("can not use use < and > comparison operator on non-numeric value %s"%self.pfixname)
return False
if self.value is None:
return False
numval=int(self.value)
return numval<self.checkval
def fn_regexmatches(self):
v=str(self.value)
reflags=0
if self.modifiers is not None:
for flag in self.modifiers:
flag=flag.lower()
if flag=='i':
reflags|=re.I
elif flag=='m':
reflags|=re.M
else:
self.logger.warn("unknown/unsupported regex flag '%s' - ignoring this flag" % flag)
try:
match= re.search(self.checkval, v,reflags)
except Exception as e:
match = None
logging.error(e)
return match is not None
def __bool__(self):
func= self.funcs[self.op]
res=func()
#logmsg="%s %s %s ? : %s (%.4f)"%(self.pfixname,self.op,self.checkval,res,runtime)
#self.logger.debug(logmsg)
return res
def __str__(self):
return self.label
__repr__ = __str__
__nonzero__ = __bool__
class BoolBinOp(object):
reprsymbol = None
def evalop(self, arg):
raise NotImplementedError
def __init__(self,t):
self.args = t[0][0::2]
def __str__(self):
sep = " %s " % self.reprsymbol
return "(" + sep.join(map(str,self.args)) + ")"
def __bool__(self):
return self.evalop(bool(a) for a in self.args)
__nonzero__ = __bool__
__repr__ = __str__
class BoolAnd(BoolBinOp):
reprsymbol = '&&'
evalop = all
class BoolOr(BoolBinOp):
reprsymbol = ',,' # shouldn't this be || ?
evalop = any
class BoolNot(object):
def __init__(self,t):
self.arg = t[0][1]
def __bool__(self):
v = bool(self.arg)
return not v
def __str__(self):
return "!" + str(self.arg)
__repr__ = __str__
__nonzero__ = __bool__
if PYPARSING_AVAILABLE:
PF_KEYWORD=oneOf(postfixfields)
intnum = Word(nums).setParseAction( lambda s,l,t: [ int(t[0]) ] )
charstring=QuotedString(quoteChar='"') | QuotedString(quoteChar="'") | (QuotedString(quoteChar='/') + Optional(Word("im")))
AttOperand= charstring | intnum
def makeparser(values):
SimpleExpression = PF_KEYWORD('pfvalue') + AttOperator('operator') + AttOperand('testvalue')
booleanrule = infixNotation(SimpleExpression,
[
("!", 1, opAssoc.RIGHT, BoolNot),
("&&", 2, opAssoc.LEFT, BoolAnd),
("||", 2, opAssoc.LEFT, BoolOr),
])
def evalResult(loc,pos,tokens):
del loc, pos
modifiers=None
l=len(tokens)
if l==3:
pfixname,op,checkval=tokens
elif l==4:
pfixname,op,checkval,modifiers=tokens
else:
pfixname = op = checkval = None
logging.error("Parser error, got unexpected token amount, tokens=%s"%tokens)
#print "checking %s %s %s"%(pfixname,op,checkval)
return ValueChecker(values,pfixname,op,checkval,modifiers)
SimpleExpression.setParseAction(evalResult)
#SimpleExpression.setDebug()
configline=booleanrule + ACTION + restOfLine
return configline
class ComplexRuleParser(object):
def __init__(self):
self.rules=[]
self.logger=logging.getLogger('postomaat.complexruleparser')
self.warn_rule_execution_time=0.5 #warn limit per rule
self.warn_total_execution_time=3 #warn limit for all rules
self.max_execution_time=5.0 #hard limit
def add_rule(self,rule):
try:
_=makeparser({}).parseString(rule) #test
self.rules.append(rule)
return True
except ParseException as pe:
self.logger.error("Could not parse rule -->%s<-- "%rule)
self.logger.error(str(pe))
return False
def clear_rules(self):
self.rules=[]
def rules_from_list(self,all_rules):
if all_rules is None:
return
all_ok=True
for line in all_rules:
line=line.strip()
if line=='' or line.startswith('#'):
continue
if not self.add_rule(line):
all_ok=False
return all_ok
def apply(self,values):
totalstart=time.time()
parser=makeparser(values)
ruletimes={}
for rule in self.rules:
rulestart=time.time()
try:
parsetree=parser.parseString(rule) #test
checkrule,action,message=parsetree
bmatch=bool(checkrule)
now=time.time()
ruletime=now-rulestart
ruletimes[ruletime]=rule
if self.warn_rule_execution_time>0 and ruletime>self.warn_rule_execution_time:
self.logger.warn("warning: slow complexrule execution: %.4f for %s"%(ruletime,rule))
if bmatch:
logmsg="postomaat-rulehit: sender=%s recipient=%s rule=%s %s %s"%(values.get('sender'),values.get('recipient'),checkrule,action,message)
self.logger.info(logmsg)
return action,message.strip()
if (now-totalstart)>self.max_execution_time:
self.logger.warn("warning: complex max execution time limit reached - not all rules have been executed")
break
except ParseException as pe:
self.logger.warning("""Could not apply rule "%s" to message %s """%(rule,values))
self.logger.warning(str(pe))
totaltime=time.time()-totalstart
if self.warn_total_execution_time>0 and totaltime>self.warn_total_execution_time:
self.logger.warn("warning: complexrules are getting slow: total rule exec time: %.4f"%totaltime)
return DUNNO,''
class RulesLoader(FileList):
def __init__(self, filename=None, strip=True, skip_empty=True, skip_comments=True, lowercase=False,
additional_filters=None, minimum_time_between_reloads=5):
FileList.__init__(self, filename, strip, skip_empty, skip_comments, lowercase, additional_filters, minimum_time_between_reloads)
self.ruleparser=ComplexRuleParser()
def _reload(self):
FileList._reload(self)
self.ruleparser.clear_rules()
reloadok=self.ruleparser.rules_from_list(self.content)
numrules=len(self.ruleparser.rules)
if reloadok:
okmsg="all rules ok"
else:
okmsg="some rules failed to load"
self.logger.info("Rule reload complete, %s rules now active, (%s)"%(numrules,okmsg))
class ComplexRules(ScannerPlugin):
""" """
def __init__(self,config,section=None):
ScannerPlugin.__init__(self,config,section)
self.logger=self._logger()
self.requiredvars={
'filename':{
'default':'/etc/postomaat/complexrules.cf',
'description':'File containing rules',
},
}
self.filereloader=RulesLoader()
def examine(self,suspect):
if not PYPARSING_AVAILABLE:
return DUNNO,''
filename=self.config.get(self.section,'filename').strip()
if not os.path.exists(filename):
self.logger.error("Rulefile %s does not exist"%filename)
return DUNNO,''
self.filereloader.filename=filename
retaction,retmessage = self.filereloader.ruleparser.apply(suspect.values)
return retaction, retmessage
def lint(self):
if not PYPARSING_AVAILABLE:
print("pyparsing is not installed, can not use complex rules")
return False
if RE2_AVAILABLE:
print("Using re2(google) library")
if not self.checkConfig():
print('Error checking config')
return False
filename=self.config.get(self.section,'filename').strip()
if not os.path.exists(filename):
print("Rulefile %s does not exist"%filename)
return False
self.filereloader.filename=filename
# noinspection PyProtectedMember
assert self.filereloader._lastreload != 0
self.filereloader.ruleparser.clear_rules()
ok= self.filereloader.ruleparser.rules_from_list(self.filereloader.content)
rulecount=len(self.filereloader.ruleparser.rules)
print("%s rules ok" % rulecount)
return ok
def __str__(self):
return "Complex Rules"
if __name__=='__main__':
logging.basicConfig(level=logging.DEBUG)
c=ComplexRuleParser()
print("Load Rules:\n----")
rules="""
reverse_client_name == "unknown" && helo_name=="21cn.com" REJECT go away!
reverse_client_name == "unknown" && helo_name~=/^\[[0-9a-fA-F:.]+\]$/im REJECT No FcrDNS and address literal HELO - Who are you?
sender~=/^EX_.+@girlfriends.com/i && (size<100 || size>20000) REJECT say something.. but not everything
"""
print(rules)
c.rules_from_list(rules)
print("----")
print("%s rules loaded"%(len(c.rules)))
print("Tests:")
message1={'reverse_client_name':'unknown','helo_name':'21cn.com'}
message2={'reverse_client_name':'unknown','helo_name':'gmail.com','size':'5000'}
message3={'reverse_client_name':'bla.com','helo_name':'21cn.com'}
addr_literal={'reverse_client_name':'unknown','helo_name':'[1.3.3.7]'}
small_message={'size':'5','sender':'ex_8@girlfriends.com'}
large_message={'size':'100000','sender':'ex_8@girlfriends.com'}
medium_message={'size':'300','sender':'ex_8@girlfriends.com'}
tests=[
(message1,'REJECT','go away!'),
(message2,'DUNNO',''),
(message3,'DUNNO',''),
(addr_literal,'REJECT','No FcrDNS and address literal HELO - Who are you?'),
(small_message,'REJECT','say something.. but not everything'),
(large_message,'REJECT','say something.. but not everything'),
(medium_message,'DUNNO',''),
]
for test in tests:
msg,expaction,expmessage=test
print("")
print("Testing message: %s..."%msg)
retact,retmsg=c.apply(msg)
retact=retact.upper()
if retact==expaction and retmsg==expmessage:
print("Test OK (%s %s)"%(retact,retmsg))
else:
print("FAIL! : Expected '%s %s' got '%s %s'"%(expaction,expmessage,retact,retmsg))
### perftest
print("Starting perftest")
c.logger.setLevel(logging.CRITICAL)
start=time.time()
iterations=10000
for _ in range(iterations):
m=addr_literal
act,msg=c.apply(m)
end=time.time()
diff=end-start
print("Perftest: %s regex rules in %.2f seconds"%(iterations,diff))
�b�� �IDATxytVսϓ�22� ��A@�I�R�:hCi�Z[v*E:WũZA ^d�Q�e�Q @ !�jZ'>gsV仿$|?g)&x-E�IENT ;�@x�T.i%-X�}�Sv��S5.r/��UHz^_$-W"�w)Ɗ/�@Z &IoX��P$K}��JzX:;`�� �&, �ŋui,e6mX
�Եr��Kb1ԗ)����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A������݀!I*]R;I2$e�Z#ORZSrr�6mteffu*((Pu'v{����DIߔ4^pIm��'77WEEE�;vƎ�4-����$]'RI{���\I&G� ��:IHJ
�DWBB=\WRm�
��o$K(V�9��ABB.�}jѢv��`^?IOȅ}���ڶmG�}T#FJ`5��6$-���ھ}F�I&v;0(h;��Б����38CӧOWf!;�A
�i:F��_m�9s&�|��q�%=#���wZprrrl��a
�A� &��P\\СC[A#�!� {��olF}
`E2}�MK/v�V��)i�{��4BffV\|ۭX��`�b�@kɶ@��%i$K���z5zhmX���[��IXZ��` 'b%$�r5�M4º��/l
ԃ�ߖ��xhʔ)[@=}
K6IM}^��5k㏷݆z
ΗÿO:gdGBmyT/�@+Vɶ�纽zl.yit뭷zV��0[Y^�>Wsqs}\/�@$(T7f.Inݺi����R$푔n.�~?H))\Z��RW'Mo~v
Ov�6oԃ���xz!��S,&xm/yɞԟ?'ua�S�ѽb,�8GלKboi&3�t7Y,�)JJ�����c[nzӳd�E�&K�sZLӄ��I���?�@���&�%ӟ۶mSMMњ0�iؐSZ,���|J+N
�~�,0A�0!5%Q-�YQQa�3��}$_vVr�f9f?S��8`��z���D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����d�qP,تmMmg��1V?�rSI꒟]u|l
R�CyEf٢9�jURbztѰ!m5~tGj2DhG*{H9)꒟ר3:(+3\?/;TUݭʴ~S6lڧUJ�*�i$d(#=Yݺd{,p|3B))���q:vN0Y.jkק6;Sɶ�VzHJJЀ-utѹսk>QUU�\~]fFnK?�&ߡ�5b=z9)^|u�_k-[��y%ZNU6 7Mi�:]ۦ�tk�[n
�X(e6��Bb."8cۭ|~te��uu�w|ήI-5"~U�k;ZicEm�N/:]M>
��c�Q^uiƞ�??Ң�p�c#��TUU3UakNwA`�:�Y_V-8.KKfRi�tv*
�9S6ֿj,Ճ�NOMߤ]z^fOh|<>�@Å5���_�/Iu?{SY4hK�/2�]�4%it5�q]GGe��2%iR|
�W&�f��*^]??v�q[LgE_3f}Fxu~}qd-ږFxu~I N��>\;͗O֊:̗WJ�@���Bh�W�=y�|GgwܷH_NY�?)�Tdi'?խw�hlmQi� ��!SUUs�w4kӺe�4rfxu�-[nHt�MFj}H_u~w>)oV}(T'ebʒv3_[+vn����@Ȭ\S}ot}w=k�HFnxg�S 0eޢm�~l}u�qZf�F��oZuuEg
�`z�t~?�b;t%�>WTkķh[����2eG8LIWx,�^\thr�l^Ϊ�{�=dž�<}qV@ �⠨W�y^L�F_>0Uk��D�uʫuCs$)I��v�:IK�;��6ֲ4{^6����եm+l��3>݆�uM 9�u�����?>Zc�}g~qhKwڭ�e���FMM~pМuq�ǿz6Tb@8�@Y|jx]�(^]gf}�M"tG
����-w.@�vOqh~/HII�`���S[l.6nØXL9v�U���cOoB\�xo�Ǥ'T&I��Ǎ�Qw_wpv[kmO{w~>#=P1P�ɞa-we:iǏlHo꒟f9SzH?+shk%Fs:����q��VhqY�`jvO'ρ?PyX3lх]˾uV{ݞ]1,MzYNW~̈́�joYn}ȚF߾mS]F� z+EDxm/���d{F�{-W-4wY듏:??_gPf
^3��ecg ���ҵs�8R2מz�@T�A�N�Gj)}CNi/R~}c:5{!�ZHӋӾ�6}T]��G�]7W6^�n
9*,Y�qOZj�:P?Q� D���FL|?-^.Ɵ7��}fFhxe2Ps���cz1�&�5\��cn[=Vn�[ĶE鎀u�ˌd3GII ��k;lNmشOuuRVfBE]ۣ��e���Ӷu�
:X-[(�e�r4~LHi6�:Ѻ@ԅ��r���ST�0�trk%$Č�0���ez"� *�z�"�T/X9|8.C5Feg}�C�Q%͞�ˣJ�v�L/?�����j^��h��&��9xF`њZ�(��&��yF&Iݻf�g�����#W;3^{Wo^4'v������V[[K';+mӍִ]��AC�@��W?1^{එyh�����+^]fm~iԵ]��AB�@WTk̏t�uR?l.OIHiYyԶ]��Aˀ�7c:q}ힽaf6Z~қ�m(+sK4{^6}T�*UUu]�n.:kx{:2 ��_m=�sAߤU@?���Z-Vކе��z왍Nэ{�|5��� pڶn�b
p-@sPg]0G7fy-M{GCF'%{4`���=$-Ge\��eU:m+Zt'W�jO!O�AF�@ik&t݆�ϥ�_
e}=]��"���Wz_.͜E3leW�������Fih|t-wZۍ-uw=6���YN�{6|}��|�*={Ѽn.�S��.�z1z�jۻTH]흾 D�uD�v��mvK�.`���V]yY~sI@t?/ϓ. �����m&[�"��+P?MzovV�ЫG3-�G�RR��[�(!!\_,�^%?v�@���ҵő
m`Y)te�m8GM��x.))A]Y�i`ViW`��?^�~!�S#^+ѽ��GZj?Vģ����0.))AlzL*�]�OXrY���`DBBLOj{-MH'ii-ϰ�o�k7^��
�)쭡��b]UXS�ְmռY|5�*cֽk�0B7镹%ڽP#�8nȎq}mJr23�_>�l�E5$iwui+ ��H~F`�IjƵ�@q
��\�� ��@#qG�0"��.�0"����� l���������`������.�0!����� ,��AQ�HN6�qz�kKJ#�o;`Xv�2>,tێJJ7Z/*�A���.@fفjMzk�g�����@Tv�ZH3Zxu6Ra'%O?/�d���Q�5x�Yk�U]Rֽkق@���Da�S^RS�ּ5�|BeHNN͘p
��H�v���cYcC5:y
#`οb;�z����2��.!kr}gUWkyZn=�f ����P�v��s�n3p~�;4p˚=ē~NmI] ��¾�0lH[_L�hs�h_�ғߤ�c_њe��c)��g�7V�IZ5�yrgk̞W#IjӪv>՞y睝M8[��|�]\շ�8M�6%|@P����ZڨI-m>=k�=��'a�iRo-x�?>Q.����}�`Ȏ:Wsm�u u� ��>
.@,&;�+!!�˱tﭧD����Qw�RW\v�F\~Q7>sp���Yw�$�%A~;~}6���¾�g��&if_��=j,v+U���L�1(tW�a�ke�:�@Ș>j$Gq2t7S?v�L|]u/ .(�0�E��6Mk6hiۺzښOr�ifޱxm/Gx>� �Lal%%~{lBsR4*�}{0Z/�tN�IɚpV�^#�Lf:u@k#RS�u
=S^ZyuR/�.@n&z~B=0eg�뺆#�,Þ[����B�/?H �uUf7y
Wy}Bw�egל`�Wh(||`l`.;Ws�?V@"�c:iɍL֯PGv�6z�ctM̠':wuW��;d=;E�veD}9J�@���B(�0iհ���bvP1{\P&G7DIy�_$-Q��jm~Yrr&]C�Dv%��bh|�Yzni�_���R�;kg}nJOIIw��y�u�L}{ЌNj}:+3Y?:W�J/N+Rzd=hb�;d�j͒suݔ@NKMԄ�jqzC5�@y°h�L�m;*5ezᕏ=ep
�XL�n?מ:r`��۵�tŤZ|1v`V뽧_csج'ߤ%oTuumk%%%h)uy]Nk�[n
�'b2 ��l.=�͜E%�gf$[c;s:�V-͞WߤWh-j7]4��=F-X]>ZLSi[Y*We;�Zan(Ӈ�W|e(HNNP�5[=
r4tP�
�&0<�p�c#�`vTNV
GFqvTi�*�Tyam$ߏWyE*�VJKMTfF�w�����>'�$-ؽ.Ho.8c�"@���D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A~�j*�֘,��N;Pi3599h=g�oض��L��giJ5փy~�}&Zd9�p֚
e:|hL`�`b/d9�p?�fgg+%%hMg�Xosج�, �ΩOl0Zh=x�djL���mhݻ��o��O��[g_l,�8a]٭+ӧ0�$I�]����c]:粹:Teꢢ"5a^Kgh,&�=��=�՟�^߶ߢE�ܹS J}I%:8��
IDAT~,9/ʃ�PW'Mo�}zNƍ쨓zPb��NZ~^z�=4mswg;5 Y�~�SVMR��XUյڱRf?s:w
;�6��H:º���i�5�-maM�&O�3�;�1IKeam��Zh͛7+##v+c� ~u~ca]�GnF'ټL~����PPPbn
v�oC���4R,�ӟgg��%hq}�@#M4IÇ��� �Oy^xM��Zx
) ���yO�w��@HkN˖-Sǎ�mb]X�@�n+i͖��!++K3gd\��$mt$^���Yf��J�\�8PRF��)77Wא!Cl����$i:��@@_o�G��� I{$# ��8磌ŋ9�1A�(�Im7��֭>}ߴJq�7ޗt^� -[ԩSj*�}�%]&'
-��ɓ'ꫯVzzvB#;�a
�7@GxI{�jƌ�.LÇ�WBB7�`O"I$�/@R���@�eee@���۷��>}0���,ɒ2$53Xs|cS~r�pTYYY}� k�Hc��%&k�.], �@��A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A������@lT<%''*Lo^={رc5h %$�+CnܸQ3fҥK}vUVVs9G�
R,_{�xˇ�3��o߾;TTTd�}�馛]uuuG~iԩ�@4����bn�vmv�fϞ�/Peeeq}}�z���a
�I~,誫{UWW뮻}_~YƍSMMMYχ��֝waw��\�ď�cxꩧtE�ƍ�կ_?۷5�@u���?�1kNׯWzz/wy>}zj3 k��(ٺu�q_Zvf̘:~��AB�Q&r|��!�%KҥKg�����Ԟ={<_X-z� !�C�yFUUz~��AB�QIIIjݺ�W��$���UXXDٳZ~��AB�Qƍec�W��$<�(~<��RSSvZujjjԧO�ZQu�@4 8m&&&jԩg��$�ď�1h ͟?_{768��@��g
�=�@���`)))5o6m�3����)��ѣƌ�J;wҿUTT��/KZR{��~a=�@��0o<*狔�iFɶ[ˎ�;T]]��OX�@�?K.ۈxN ����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������pP���fl߾]��,{ァk۶mڿo5�����BTӦMӴiӴ|r D����B2e�|An�!D��y'tkΝ[A��� $***t5'
"���!駟�oa�D�����nΝ�:t֭[g�D����ШQ�0����6qD;@���� x M6v�(����Piizm�Z����4e�w��"��@��������̴ixf������[~-F���ٱc�&I�Z����2|n�!�?�$��@{[�HTɏ����#@h�����Ȏ����I�#�_m��(���F��/6Z3�z'\r,�����r!;�w2Z3j=~�G���Y�7"I$i����I.����p_"����?���p�����N`�����y�D���D�����?:��� �_����������������������� �G����ÿa���b7�����J�!���Bx���@0 ���Bo�����
����cG���������@`1C�����[���@0G����
����@`0C�����_���u�����V1 ���aC���X����>���W�` ���|�������`!���<�����S�`"���<�.�����`#���c�����`�?�����c�A����������C���4
?����c���� �p#����~���@0����?:���0���8&����_�M���Q1���J�h#����?���/`���7;����I����������q�7���a�w���Q����A����1�H���p
�!��#�<���8/#��@1Ul7��=S=K.4Z�?�E����_$i�@��������!���1�!E���4�?���`����P_�� ��������@��B���ă�1���0#���:�"����a�U,xb��F�Y1
[n��|��n
���#'��v��EH:`�x��b
��#��v����D��4�Y hi.i&�EΖv#��O�� H��4�IŶ�}:Ik��h��@�tZRF���#�(tXҙ��zZ ?�I3l7��q��@õ|ۍ�1,�G��puY�� �Ꮿ@�hJv#��x��xk$
v#�9��5�}_$��c �S#=+"K�{F�*m7`#�%H:NRS��p6I?sIՖ{A�p$I�$�I:QRv2$Z�@UJ*$]<��F�O4�����IENDB`