PNG
�
���
IHDR�������������x����sBIT����|�d��� pHYs�������+������tEXtSoftware�www.inkscape.org<���,tEXtComment�
File Manager
File Manager
Viewing File: secureio.py
# coding=utf-8
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
# This module provides functions for secure I/O and filesystem operations
import grp
import sys
import tempfile
import contextlib
import os
from functools import lru_cache
from typing import TYPE_CHECKING
from ctypes import (cdll, c_long, Structure, c_ushort, c_ubyte, c_char, POINTER,
c_int, c_void_p, c_char_p)
from clcommon import ClPwd
from clcommon.clpwd import drop_user_privileges
def __getattr__(name):
# NOTE(vlebedev): Delay shared libraries loading until they are actually used.
# It makes module loadable even in case those shared libraries are not available
# and that is useful for e.g. unit testing on local non-CL system.
if name == 'libc':
return _load_libc()
elif name == 'liblve':
return _load_liblve()
raise AttributeError(f"module {__name__} has no attribute {name}")
def __dir__():
return ['libc', 'liblve', *globals().keys()]
# --- libc functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_libc():
libc = cdll.LoadLibrary("libc.so.6")
libc.fchown.argtypes = [c_int, c_int, c_int]
libc.fchown.restype = c_int
libc.fchmod.argtypes = [c_int, c_int]
libc.fchmod.restype = c_int
# accepts file/dir descriptor (integer)
libc.fdopendir.argtypes = [c_int]
# returns pointer to DIR structure
libc.fdopendir.restype = c_void_p
# accepts pointer to DIR structure
libc.readdir.argtypes = [c_void_p]
# returns pointer to DIRENTRY structure
libc.readdir.restype = DIRENTRY_P
# accepts pointer to DIR structure
libc.rewinddir.argtypes = [c_void_p]
# returns void
libc.rewinddir.restype = None
# accepts pointer to DIR structure
libc.closedir.argtypes = [c_void_p]
libc.closedir.restype = c_int
return libc
if TYPE_CHECKING:
libc = _load_libc()
ino_t = c_long
off_t = c_long
class DIRENTRY(Structure):
_fields_ = [
('d_ino', ino_t), # inode number
('d_off', off_t), # offset to the next dirent
('d_reclen', c_ushort), # length of this record
('d_type', c_ubyte), # type of file; not supported by all file system types
('d_name', c_char * 256), # filename
]
DIRENTRY_P = POINTER(DIRENTRY)
def fchown(fd, uid, gid):
return _load_libc().fchown(fd, uid, gid)
def fchmod(fd, mode):
return _load_libc().fchmod(fd, mode)
def fdopen(fd):
return _load_libc().fdopen(fd)
def readdir(dirp):
return _load_libc().readdir(dirp)
def rewinddir(dirp):
return _load_libc().rewinddir(dirp)
def closedir(dirp):
return _load_libc().closedir(dirp)
# --- liblve functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_liblve():
try:
liblve = cdll.LoadLibrary("libsecureio.so.0")
except OSError:
liblve = cdll.LoadLibrary("liblve.so.0")
# Opens path for reading not following symlinks and verifies that opened path is inside parent_path
# Returns:
# descriptor if successful
# -1 if path does not exist or is a symlink
# -2 if opened path is NOT inside parent_path or cannot be determined
# accepts path, parent_path
liblve.open_not_symlink.argtypes = [c_char_p, c_char_p]
liblve.open_not_symlink.restype = c_int
# Closes descriptor (if it is not equal -1)
# accepts file/dir descriptor (integer)
liblve.closefd.argtypes = [c_int]
# returns void
liblve.closefd.restype = None
# Tries to read first directory entry in order to ensure that descriptor is valid
# Returns 0 if reading succeeded or -1 if error has occured
# accepts descriptor
liblve.check_dir.argtypes = [c_int]
liblve.check_dir.restype = c_int
# Checks if path is a directory (in secure manner)
# Also opens path (if descriptor fd == -1) and then checks that opened path is inside parent_path
# Returns descriptor if path refers to directory
# Returns -1 if path does not exist or is not a directory
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts path, descriptor, parent_path
liblve.isdir.argtypes = [c_char_p, c_int, c_char_p]
liblve.isdir.restype = c_int
# Sets permissions to directory (in secure manner)
# Returns descriptor if successful
# Returns -1 if error has occured
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts: const char *path, mode_t perm, int fd, const char *parent_path
liblve.set_perm_dir_secure.argtypes = [c_char_p, c_int, c_int, c_char_p]
liblve.set_perm_dir_secure.restype = c_int
# Sets owner and group of directory (in secure manner)
# Returns descriptor if successful
# Returns -1 if error has occured
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts: const char *path, uid_t uid, gid_t gid, int fd, const char *parent_path
liblve.set_owner_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
liblve.set_owner_dir_secure.restype = c_int
# Creates directory if it does not exist, sets permissions/owner otherwise
# Returns descriptor if successful
# Returns -1 if error has occured
# accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, int fd, const char *parent_path
liblve.create_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_int, c_char_p]
liblve.create_dir_secure.restype = c_int
# Recursive directory creation function
# Returns 0 if successful
# Returns -1 if error has occured
# accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, const char *parent_path
liblve.makedirs_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
liblve.makedirs_secure.restype = c_int
# Writes absolute path pointed by descriptor fd to buffer *buf
# Returns buf if successful
# Returns NULL if error has occured
liblve.get_path_from_descriptor.argtypes = [c_int, c_char_p]
liblve.get_path_from_descriptor.restype = c_char_p
# Returns 1 if subdir is subdirectory of dir, 0 otherwise
liblve.is_subdir.argtypes = [c_char_p, c_char_p]
liblve.is_subdir.restype = c_int
return liblve
if TYPE_CHECKING:
liblve = _load_liblve()
def _open_not_symlink(path, parent_path):
return _load_liblve().open_not_symlink(path, parent_path)
def check_dir(fd):
return _load_liblve().check_dir(fd)
def isdir(path, descriptor, parent_path):
return _load_liblve().isdir(path, descriptor, parent_path)
def get_path_from_descriptor(fd, buf):
return _load_liblve().get_path_from_descriptor(fd, buf)
def is_subdir(dir, subdir):
return _load_liblve().is_subdir(dir, subdir)
# True : euid/egid == 0/0
# False : euid/egid == user/user
# set by set_user_perm() and set_root_perm() functions
root_flag = True
LOGFILE = "/var/log/cagefs-update.log"
MIN_UID = 500
SILENT_FLAG = False
def open_not_symlink(path):
return os.open(path, os.O_RDONLY | os.O_NOFOLLOW)
def open_file_not_symlink(path):
return os.fdopen(open_not_symlink(path), 'r')
def flistdir(fd):
"""Returns list of entries of directory pointed by descriptor"""
# Duplicate descriptor, because closedir() closes descriptor associated with directory stream
fd2 = os.dup(fd)
# Open directory stream
dirp = fdopendir(fd2) # NOQA
if not dirp:
raise RuntimeError("fdopendir error")
# Reset position of directory stream
# (so it will be possible to read content of directory multiple times
# via other descriptors that refer to the directory)
rewinddir(dirp)
dirlist = []
while True:
entryp = readdir(dirp)
if not entryp:
break
entry = entryp.contents
dirlist.append(entry.d_name)
rewinddir(dirp)
closedir(dirp)
return dirlist
def closefd(fd):
if fd is not None:
try:
os.close(fd)
except OSError:
pass
def set_perm_dir_secure(path, perm, parent_path, fd=None, logger=None):
"""Sets permissions to directory (in secure manner)
Returns descriptor if successful
Returns None if error has occured"""
if fd is None:
fd = -1
fd = _load_liblve().set_perm_dir_secure(path.encode(), perm, fd, parent_path.encode())
if fd > 0:
return fd
if logger is not None:
logger('Error: failed to set permissions of directory ' + path, False, True)
return None
def set_owner_dir_secure(path, uid, gid, parent_path, fd=None, logger=None):
"""Sets owner and group of directory (in secure manner)
Returns descriptor if successful
Returns None if error has occured"""
if fd is None:
fd = -1
fd = _load_liblve().set_owner_dir_secure(path.encode(), uid, gid, fd, parent_path.encode())
if fd > 0:
return fd
if logger is not None:
logger('Error: failed to set owner of directory ' + path, False, True)
return None
def create_dir_secure(path, perm, uid, gid, parent_path, fd=None, logger=None):
"""Creates directory if it does not exist, sets permissions/owner otherwise
Returns descriptor if successful
Returns None if error has occured"""
if fd is None:
fd = -1
fd = _load_liblve().create_dir_secure(path.encode(), perm, uid, gid, fd, parent_path.encode())
if fd > 0:
return fd
if logger is not None:
logger('Error : failed to create directory ' + path, False, True)
return None
def makedirs_secure(path, perm, uid, gid, parent_path, logger=None):
"""Recursive directory creation function
Returns 0 if successful
Returns -1 if error has occured"""
res = _load_liblve().makedirs_secure(path.encode(), perm, uid, gid, parent_path.encode())
if res and logger:
logger('Error : failed to create directory ' + path, False, True)
return res
def read_file_secure(filename, uid=None, gid=None, exit_on_error=True, write_log=True):
"""read file not following symlinks"""
if (uid is None and gid is not None) or (uid is not None and gid is None):
raise RuntimeError("read_file_secure: uid and gid should be both null or be both not null")
drop_perm = (uid is not None) and (gid is not None)
if drop_perm:
set_user_perm(uid, gid)
try:
file_object = open_file_not_symlink(filename)
content = file_object.readlines()
file_object.close()
if drop_perm:
set_root_perm()
return content
except (OSError, IOError) as e:
if drop_perm:
set_root_perm()
logging('Error: failed to read ' + filename + ' : ' + str(e), SILENT_FLAG, 1, write_log)
if not exit_on_error:
raise
sys.exit(1)
def write_file_secure(content, ini_path, uid, gid, drop_perm=True, perm=0o644, write_log=True):
"""Returns True if error has occured"""
dirpath = os.path.dirname(ini_path)
if drop_perm:
set_user_perm(uid, gid)
fd = None
temp_path = None
try:
fd, temp_path = tempfile.mkstemp(prefix='cagefs_', dir=dirpath)
file_object = os.fdopen(fd, 'w')
file_object.write(''.join(content))
if not drop_perm and uid is not None and gid is not None:
if fchown(fd, uid, gid):
raise OSError('fchown failed')
if fchmod(fd, perm):
raise OSError('fchmod failed')
file_object.close()
except (IOError, OSError) as e:
try:
file_object.close()
except Exception:
pass
try:
os.close(fd)
except Exception:
pass
try:
os.unlink(temp_path)
except Exception:
pass
if drop_perm:
set_root_perm()
logging(
f"Error: failed to write file {ini_path} : {str(e).replace('Errno', 'Err code')}",
SILENT_FLAG,
1,
write_log,
)
return True
except Exception as e:
logging(f'Error: {str(e)}', SILENT_FLAG, 1)
sys.exit(1)
error = False
try:
os.rename(temp_path, ini_path)
except OSError as e:
error = True
logging('Error: failed to rename tempfile to ' + ini_path + ' : ' + str(e), SILENT_FLAG, 1, write_log)
try:
os.unlink(temp_path)
except OSError:
pass
if drop_perm:
set_root_perm()
return error
def write_file_via_tempfile(
content, dest_path, perm, prefix='', suffix='', as_user=None, copy_owner: bool = False):
"""
Safely write string content to a file
:param content: str
:param dest_path: str -> path to a file
:param perm: int -> permissions for the file
:param prefix: str -> add to temporary file name
:param suffix: str -> add to temporary file name
:param as_user: str -> name of the user to drop privileges to
:param copy_owner: bool -> whether to copy original uid/gid to new file if original exists
"""
if as_user is not None:
old_groups = os.getgroups()
drop_user_privileges(as_user, effective_or_real=True, set_env=False)
dirpath = os.path.dirname(dest_path)
fd, temp_path = None, None
try:
fd, temp_path = tempfile.mkstemp(
prefix=prefix, suffix=suffix, dir=dirpath)
with os.fdopen(fd, 'w', errors='surrogateescape') as f_temp:
f_temp.write(content)
except (IOError, OSError):
if fd is None or temp_path is None:
raise
try:
os.close(fd)
except (IOError, OSError):
pass
try:
os.unlink(temp_path)
except (IOError, OSError):
pass
raise
try:
os.chmod(temp_path, perm)
if copy_owner and os.path.isfile(dest_path):
stat_ = os.stat(dest_path)
os.chown(temp_path, stat_.st_uid, stat_.st_gid)
os.rename(temp_path, dest_path)
except (OSError, IOError, TypeError):
try:
os.unlink(temp_path)
except (OSError, IOError):
pass
raise
if as_user is not None:
ruid = os.getuid()
os.seteuid(ruid)
os.setegid(os.getgid())
# All of the above can be called from user named as_user
if ruid == 0:
os.setgroups(old_groups)
def set_user_perm(uid, gid, exit=True):
global root_flag
try:
os.setegid(gid)
except (OSError,) as e:
if exit:
print_error('failed to set egid to ' + str(gid) + ': ' + str(e))
sys.exit(1)
else:
return -1
groups = get_groups(uid, gid)
try:
os.setgroups(groups)
except (OSError,) as e:
if exit:
print_error('failed to set supplementary groups to :', groups, str(e))
sys.exit(1)
else:
return -1
try:
os.seteuid(uid)
except (OSError,) as e:
if exit:
print_error('failed to set euid to ' + str(uid) + ': ' + str(e))
sys.exit(1)
else:
return -1
if uid == 0:
root_flag = True
else:
# If it's possible, switch on CAP_SYS_RESOURCE
_load_liblve().enable_quota_capability()
root_flag = False
def set_root_perm(exit=True):
global root_flag
try:
os.seteuid(0)
except (OSError,) as e:
if exit:
print_error('failed to set euid to 0 :', str(e))
sys.exit(1)
else:
return -1
try:
os.setegid(0)
except (OSError,) as e:
if exit:
print_error('Error: failed to set egid to 0 :', str(e))
sys.exit(1)
else:
return -1
groups = get_groups(0, 0)
try:
os.setgroups(groups)
except (OSError,) as e:
if exit:
print_error('Error: failed to set supplementary groups to :', groups, str(e))
sys.exit(1)
else:
return -1
root_flag = True
def print_error(*args):
print("Error:", end=' ', file=sys.stderr)
for a in args:
print(a, end=' ', file=sys.stderr)
print(file=sys.stderr)
def get_groups(uid, gid):
"""Returns supplementary groups for uid"""
gr = get_grp_dict()
pw = get_pwd_dict()
groups = set()
for group in gr:
members = gr[group].gr_mem
for user in members:
try:
member_uid = pw[user].pw_uid
except KeyError:
continue
if member_uid == uid:
groups.add(gr[group].gr_gid)
groups.add(gid)
return list(groups)
grp_dict = None
def get_grp_dict():
global grp_dict
if grp_dict is None:
grp_dict = {}
gr = grp.getgrall()
for line in gr:
grp_dict[line.gr_name] = line
return grp_dict
clpwd = ClPwd(min_uid=MIN_UID)
def get_pwd_dict():
return clpwd.get_user_dict()
log_file = None
def logging(msg, silent=False, verbose=True, write_log=True):
global log_file
if not silent:
if verbose:
print(msg)
if write_log:
root_flag_saved = root_flag
if not root_flag:
uid, gid = get_perm()
set_root_perm()
try:
if log_file is None:
umask_saved = os.umask(0o22)
# log_file is opened in "line buffered" mode
log_file = open(LOGFILE, 'w', 1) # NOQA
os.umask(umask_saved)
log_file.write(msg)
log_file.write("\n")
except (OSError, IOError) as e:
print_error("writing to ", LOGFILE, str(e))
sys.exit(1)
if not root_flag_saved:
set_user_perm(uid, gid)
def get_perm():
try:
uid = os.geteuid()
gid = os.getegid()
except (OSError,) as e:
print_error('failed to get (euid,egid)', str(e))
sys.exit(1)
return uid, gid
def set_capability(clear=False):
"""
Set CAP_SYS_RESOURCE capability
:param bool clear: Set on if it's true, set off otherwise
:return: 0 for success, -1 otherwise
:rtype: int
"""
return _load_liblve().disable_quota_capability() if clear \
else _load_liblve().enable_quota_capability()
def change_uid(uid):
"""
Change effective uid of current process and set CAP_SYS_RESOURCE capbality
to prevent "Disk quota exceeded" error
:param int euid: User ID to set it as current effective UID
:return: 0 if capability was set successfuly, -1 otherwise
:rtype: int
"""
os.seteuid(uid)
return set_capability()
def _set_quota_checks_status(enabled):
"""
Disable quota kernel check to allow us to write
more than user can by quota.
"""
if not enabled:
_load_liblve().enable_quota_capability()
else:
_load_liblve().disable_quota_capability()
@contextlib.contextmanager
def disable_quota():
_set_quota_checks_status(enabled=False)
try:
yield
finally:
_set_quota_checks_status(enabled=True)
@contextlib.contextmanager
def set_umask(umask_value):
saved_umask = os.umask(umask_value)
try:
yield
finally:
os.umask(saved_umask)
�b�� �IDATxytVսϓ�22� ��A@�I�R�:hCi�Z[v*E:WũZA ^d�Q�e�Q @ !�jZ'>gsV仿$|?g)&x-E�IENT ;�@x�T.i%-X�}�Sv��S5.r/��UHz^_$-W"�w)Ɗ/�@Z &IoX��P$K}��JzX:;`�� �&, �ŋui,e6mX
�Եr��Kb1ԗ)����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A������݀!I*]R;I2$e�Z#ORZSrr�6mteffu*((Pu'v{����DIߔ4^pIm��'77WEEE�;vƎ�4-����$]'RI{���\I&G� ��:IHJ
�DWBB=\WRm�
��o$K(V�9��ABB.�}jѢv��`^?IOȅ}���ڶmG�}T#FJ`5��6$-���ھ}F�I&v;0(h;��Б����38CӧOWf!;�A
�i:F��_m�9s&�|��q�%=#���wZprrrl��a
�A� &��P\\СC[A#�!� {��olF}
`E2}�MK/v�V��)i�{��4BffV\|ۭX��`�b�@kɶ@��%i$K���z5zhmX���[��IXZ��` 'b%$�r5�M4º��/l
ԃ�ߖ��xhʔ)[@=}
K6IM}^��5k㏷݆z
ΗÿO:gdGBmyT/�@+Vɶ�纽zl.yit뭷zV��0[Y^�>Wsqs}\/�@$(T7f.Inݺi����R$푔n.�~?H))\Z��RW'Mo~v
Ov�6oԃ���xz!��S,&xm/yɞԟ?'ua�S�ѽb,�8GלKboi&3�t7Y,�)JJ�����c[nzӳd�E�&K�sZLӄ��I���?�@���&�%ӟ۶mSMMњ0�iؐSZ,���|J+N
�~�,0A�0!5%Q-�YQQa�3��}$_vVr�f9f?S��8`��z���D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����d�qP,تmMmg��1V?�rSI꒟]u|l
R�CyEf٢9�jURbztѰ!m5~tGj2DhG*{H9)꒟ר3:(+3\?/;TUݭʴ~S6lڧUJ�*�i$d(#=Yݺd{,p|3B))���q:vN0Y.jkק6;Sɶ�VzHJJЀ-utѹսk>QUU�\~]fFnK?�&ߡ�5b=z9)^|u�_k-[��y%ZNU6 7Mi�:]ۦ�tk�[n
�X(e6��Bb."8cۭ|~te��uu�w|ήI-5"~U�k;ZicEm�N/:]M>
��c�Q^uiƞ�??Ң�p�c#��TUU3UakNwA`�:�Y_V-8.KKfRi�tv*
�9S6ֿj,Ճ�NOMߤ]z^fOh|<>�@Å5���_�/Iu?{SY4hK�/2�]�4%it5�q]GGe��2%iR|
�W&�f��*^]??v�q[LgE_3f}Fxu~}qd-ږFxu~I N��>\;͗O֊:̗WJ�@���Bh�W�=y�|GgwܷH_NY�?)�Tdi'?խw�hlmQi� ��!SUUs�w4kӺe�4rfxu�-[nHt�MFj}H_u~w>)oV}(T'ebʒv3_[+vn����@Ȭ\S}ot}w=k�HFnxg�S 0eޢm�~l}u�qZf�F��oZuuEg
�`z�t~?�b;t%�>WTkķh[����2eG8LIWx,�^\thr�l^Ϊ�{�=dž�<}qV@ �⠨W�y^L�F_>0Uk��D�uʫuCs$)I��v�:IK�;��6ֲ4{^6����եm+l��3>݆�uM 9�u�����?>Zc�}g~qhKwڭ�e���FMM~pМuq�ǿz6Tb@8�@Y|jx]�(^]gf}�M"tG
����-w.@�vOqh~/HII�`���S[l.6nØXL9v�U���cOoB\�xo�Ǥ'T&I��Ǎ�Qw_wpv[kmO{w~>#=P1P�ɞa-we:iǏlHo꒟f9SzH?+shk%Fs:����q��VhqY�`jvO'ρ?PyX3lх]˾uV{ݞ]1,MzYNW~̈́�joYn}ȚF߾mS]F� z+EDxm/���d{F�{-W-4wY듏:??_gPf
^3��ecg ���ҵs�8R2מz�@T�A�N�Gj)}CNi/R~}c:5{!�ZHӋӾ�6}T]��G�]7W6^�n
9*,Y�qOZj�:P?Q� D���FL|?-^.Ɵ7��}fFhxe2Ps���cz1�&�5\��cn[=Vn�[ĶE鎀u�ˌd3GII ��k;lNmشOuuRVfBE]ۣ��e���Ӷu�
:X-[(�e�r4~LHi6�:Ѻ@ԅ��r���ST�0�trk%$Č�0���ez"� *�z�"�T/X9|8.C5Feg}�C�Q%͞�ˣJ�v�L/?�����j^��h��&��9xF`њZ�(��&��yF&Iݻf�g�����#W;3^{Wo^4'v������V[[K';+mӍִ]��AC�@��W?1^{එyh�����+^]fm~iԵ]��AB�@WTk̏t�uR?l.OIHiYyԶ]��Aˀ�7c:q}ힽaf6Z~қ�m(+sK4{^6}T�*UUu]�n.:kx{:2 ��_m=�sAߤU@?���Z-Vކе��z왍Nэ{�|5��� pڶn�b
p-@sPg]0G7fy-M{GCF'%{4`���=$-Ge\��eU:m+Zt'W�jO!O�AF�@ik&t݆�ϥ�_
e}=]��"���Wz_.͜E3leW�������Fih|t-wZۍ-uw=6���YN�{6|}��|�*={Ѽn.�S��.�z1z�jۻTH]흾 D�uD�v��mvK�.`���V]yY~sI@t?/ϓ. �����m&[�"��+P?MzovV�ЫG3-�G�RR��[�(!!\_,�^%?v�@���ҵő
m`Y)te�m8GM��x.))A]Y�i`ViW`��?^�~!�S#^+ѽ��GZj?Vģ����0.))AlzL*�]�OXrY���`DBBLOj{-MH'ii-ϰ�o�k7^��
�)쭡��b]UXS�ְmռY|5�*cֽk�0B7镹%ڽP#�8nȎq}mJr23�_>�l�E5$iwui+ ��H~F`�IjƵ�@q
��\�� ��@#qG�0"��.�0"����� l���������`������.�0!����� ,��AQ�HN6�qz�kKJ#�o;`Xv�2>,tێJJ7Z/*�A���.@fفjMzk�g�����@Tv�ZH3Zxu6Ra'%O?/�d���Q�5x�Yk�U]Rֽkق@���Da�S^RS�ּ5�|BeHNN͘p
��H�v���cYcC5:y
#`οb;�z����2��.!kr}gUWkyZn=�f ����P�v��s�n3p~�;4p˚=ē~NmI] ��¾�0lH[_L�hs�h_�ғߤ�c_њe��c)��g�7V�IZ5�yrgk̞W#IjӪv>՞y睝M8[��|�]\շ�8M�6%|@P����ZڨI-m>=k�=��'a�iRo-x�?>Q.����}�`Ȏ:Wsm�u u� ��>
.@,&;�+!!�˱tﭧD����Qw�RW\v�F\~Q7>sp���Yw�$�%A~;~}6���¾�g��&if_��=j,v+U���L�1(tW�a�ke�:�@Ș>j$Gq2t7S?v�L|]u/ .(�0�E��6Mk6hiۺzښOr�ifޱxm/Gx>� �Lal%%~{lBsR4*�}{0Z/�tN�IɚpV�^#�Lf:u@k#RS�u
=S^ZyuR/�.@n&z~B=0eg�뺆#�,Þ[����B�/?H �uUf7y
Wy}Bw�egל`�Wh(||`l`.;Ws�?V@"�c:iɍL֯PGv�6z�ctM̠':wuW��;d=;E�veD}9J�@���B(�0iհ���bvP1{\P&G7DIy�_$-Q��jm~Yrr&]C�Dv%��bh|�Yzni�_���R�;kg}nJOIIw��y�u�L}{ЌNj}:+3Y?:W�J/N+Rzd=hb�;d�j͒suݔ@NKMԄ�jqzC5�@y°h�L�m;*5ezᕏ=ep
�XL�n?מ:r`��۵�tŤZ|1v`V뽧_csج'ߤ%oTuumk%%%h)uy]Nk�[n
�'b2 ��l.=�͜E%�gf$[c;s:�V-͞WߤWh-j7]4��=F-X]>ZLSi[Y*We;�Zan(Ӈ�W|e(HNNP�5[=
r4tP�
�&0<�p�c#�`vTNV
GFqvTi�*�Tyam$ߏWyE*�VJKMTfF�w�����>'�$-ؽ.Ho.8c�"@���D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A~�j*�֘,��N;Pi3599h=g�oض��L��giJ5փy~�}&Zd9�p֚
e:|hL`�`b/d9�p?�fgg+%%hMg�Xosج�, �ΩOl0Zh=x�djL���mhݻ��o��O��[g_l,�8a]٭+ӧ0�$I�]����c]:粹:Teꢢ"5a^Kgh,&�=��=�՟�^߶ߢE�ܹS J}I%:8��
IDAT~,9/ʃ�PW'Mo�}zNƍ쨓zPb��NZ~^z�=4mswg;5 Y�~�SVMR��XUյڱRf?s:w
;�6��H:º���i�5�-maM�&O�3�;�1IKeam��Zh͛7+##v+c� ~u~ca]�GnF'ټL~����PPPbn
v�oC���4R,�ӟgg��%hq}�@#M4IÇ��� �Oy^xM��Zx
) ���yO�w��@HkN˖-Sǎ�mb]X�@�n+i͖��!++K3gd\��$mt$^���Yf��J�\�8PRF��)77Wא!Cl����$i:��@@_o�G��� I{$# ��8磌ŋ9�1A�(�Im7��֭>}ߴJq�7ޗt^� -[ԩSj*�}�%]&'
-��ɓ'ꫯVzzvB#;�a
�7@GxI{�jƌ�.LÇ�WBB7�`O"I$�/@R���@�eee@���۷��>}0���,ɒ2$53Xs|cS~r�pTYYY}� k�Hc��%&k�.], �@��A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A������@lT<%''*Lo^={رc5h %$�+CnܸQ3fҥK}vUVVs9G�
R,_{�xˇ�3��o߾;TTTd�}�馛]uuuG~iԩ�@4����bn�vmv�fϞ�/Peeeq}}�z���a
�I~,誫{UWW뮻}_~YƍSMMMYχ��֝waw��\�ď�cxꩧtE�ƍ�կ_?۷5�@u���?�1kNׯWzz/wy>}zj3 k��(ٺu�q_Zvf̘:~��AB�Q&r|��!�%KҥKg�����Ԟ={<_X-z� !�C�yFUUz~��AB�QIIIjݺ�W��$���UXXDٳZ~��AB�Qƍec�W��$<�(~<��RSSvZujjjԧO�ZQu�@4 8m&&&jԩg��$�ď�1h ͟?_{768��@��g
�=�@���`)))5o6m�3����)��ѣƌ�J;wҿUTT��/KZR{��~a=�@��0o<*狔�iFɶ[ˎ�;T]]��OX�@�?K.ۈxN ����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������pP���fl߾]��,{ァk۶mڿo5�����BTӦMӴiӴ|r D����B2e�|An�!D��y'tkΝ[A��� $***t5'
"���!駟�oa�D�����nΝ�:t֭[g�D����ШQ�0����6qD;@���� x M6v�(����Piizm�Z����4e�w��"��@��������̴ixf������[~-F���ٱc�&I�Z����2|n�!�?�$��@{[�HTɏ����#@h�����Ȏ����I�#�_m��(���F��/6Z3�z'\r,�����r!;�w2Z3j=~�G���Y�7"I$i����I.����p_"����?���p�����N`�����y�D���D�����?:��� �_����������������������� �G����ÿa���b7�����J�!���Bx���@0 ���Bo�����
����cG���������@`1C�����[���@0G����
����@`0C�����_���u�����V1 ���aC���X����>���W�` ���|�������`!���<�����S�`"���<�.�����`#���c�����`�?�����c�A����������C���4
?����c���� �p#����~���@0����?:���0���8&����_�M���Q1���J�h#����?���/`���7;����I����������q�7���a�w���Q����A����1�H���p
�!��#�<���8/#��@1Ul7��=S=K.4Z�?�E����_$i�@��������!���1�!E���4�?���`����P_�� ��������@��B���ă�1���0#���:�"����a�U,xb��F�Y1
[n��|��n
���#'��v��EH:`�x��b
��#��v����D��4�Y hi.i&�EΖv#��O�� H��4�IŶ�}:Ik��h��@�tZRF���#�(tXҙ��zZ ?�I3l7��q��@õ|ۍ�1,�G��puY�� �Ꮿ@�hJv#��x��xk$
v#�9��5�}_$��c �S#=+"K�{F�*m7`#�%H:NRS��p6I?sIՖ{A�p$I�$�I:QRv2$Z�@UJ*$]<��F�O4�����IENDB`