DIRECTORY
Ascii USING [BS, ControlA, ControlQ, ControlW, ControlX, CR, DEL, ESC, SP],
ConvertUnsafe USING [AppendRope, ToRope],
DebuggerSwap USING [EnableSwatWatcher],
DESFace USING [Block, DecryptBlock, EncryptBlock, MakeKey],
Disk USING [DriveAttributes],
File USING [wordsPerPage],
GermSwap USING [mdsiGerm, switches],
GVBasics USING [maxRNameLength],
GVNames USING [Authenticate],
IO USING [EraseChar, GetChar, PutChar, PutRope, STREAM],
PhysicalVolume USING [
NextPhysical, Physical, PhysicalInfo, ReadCredentials, WriteCredentials],
PrincOps USING [GFT, LongNumber, SD, sGFTLength],
PrincOpsUtils USING [BITXOR],
Process USING [InitializeMonitor, Pause, SecondsToTicks],
Rope USING [Concat, Digit, Equal, Fetch, Find, FromChar, Length, Letter, ROPE, Substr],
SimpleTerminal USING [TurnOff, TurnOn],
UserCredentials USING [defaultOptions, LoginOptions, State],
VM USING [
Allocate, Free, Interval, PageCount, PageNumberToAddress, SwapIn, wordsPerPage, WordsToPages];

UserCredentialsImpl: MONITOR
IMPORTS 
ConvertUnsafe, DebuggerSwap, DESFace, Disk, GermSwap, GVNames, IO, PhysicalVolume, PrincOpsUtils, Process, Rope, SimpleTerminal, VM
EXPORTS PhysicalVolume, UserCredentials =

BEGIN

OPEN UserCredentials;

IllegalParameter: ERROR = CODE;
Bug: ERROR = CODE;



credentialsImplID: CARDINAL = 08312;
obsoleteImplID: CARDINAL = credentialsImplID - 1;  -- anything other than credentialsImplID

decryptedID: DESFace.Block = ALL[credentialsImplID];

Credentials: TYPE = LONG POINTER TO CredentialsObject;
CredentialsObject: PUBLIC TYPE = MACHINE DEPENDENT RECORD [
implementationID(0): CARDINAL _ credentialsImplID,
checksum(1): CARDINAL _ 0,
fill(2:0..13): CARDINAL[0..17777B] _ 0,
kind(2:14..14+2+6*16-1): SELECT state(2:14..15): State FROM
noCredentials => NULL,
name => [
encryptedID(3): DESFace.Block _ NULL,
userName(7): StringBody _ [length: 0, maxlength: NULL, text: NULL]
],
nameHint, nameAndPassword => [
userName(3): StringBody _ [length: 0, maxlength: NULL, text: NULL]
],
ENDCASE
];

bogusCredentials: CredentialsObject = [implementationID: obsoleteImplID, kind: noCredentials[]];

DiskNotReady: ERROR = CODE;
BrokenDisk: ERROR = CODE;



GermString: TYPE = LONG POINTER TO LONG STRING;

germMDSln: PrincOps.LongNumber = [num[highbits: GermSwap.mdsiGerm, lowbits: 0]];
germMDS: LONG POINTER = germMDSln.lp;  -- compiler coughs if combined with above.
germGFT: LONG POINTER = LOOPHOLE[germMDS+LOOPHOLE[PrincOps.GFT, CARDINAL]];
germSD: LONG POINTER TO ARRAY [0..0) OF UNSPECIFIED =
LOOPHOLE[germMDS+LOOPHOLE[PrincOps.SD, CARDINAL]];
nameInGerm: GermString =
LOOPHOLE[germGFT+LOOPHOLE[germSD[PrincOps.sGFTLength], CARDINAL]];
passwordInGerm: GermString = nameInGerm + SIZE[LONG STRING];
germFreeSpace: LONG POINTER = passwordInGerm + SIZE[LONG STRING];
germFreeSpaceCount: CARDINAL =
(germSD[PrincOps.sGFTLength] + VM.wordsPerPage - 1)/VM.wordsPerPage -
(germSD[PrincOps.sGFTLength] + 2*SIZE[LONG STRING]);

ROPE: TYPE = Rope.ROPE;



credentials: Credentials _ NIL;
credentialsBuffer: VM.Interval;

credentialsPV: PhysicalVolume.Physical;

in, out: IO.STREAM _ NIL;

Login: PUBLIC ENTRY SAFE PROC [
startInteraction: SAFE PROC RETURNS [in, out: IO.STREAM],
endInteraction: SAFE PROC [in, out: IO.STREAM],
options: LoginOptions _ defaultOptions] = TRUSTED {
ENABLE UNWIND => NULL;
dirty: BOOL _ FALSE;
terminalOn: BOOL _ FALSE;
EnsureTerminalOn: PROC = {
IF ~terminalOn THEN {[in, out] _ startInteraction[]; terminalOn _ TRUE};
};
EnsureTerminalOff: PROC = {
IF terminalOn THEN {endInteraction[in, out]; in _ out _ NIL; terminalOn _ FALSE};
};
HandleDiskNotReady: PROC = {
EnsureTerminalOn[];
out.PutRope["Disk is not ready...will retry..."];
Process.Pause[Process.SecondsToTicks[5]];
out.PutRope["retrying\N"];
};
CleanupOnAbort: PROC = {
IF options.ignoreDiskEntirely THEN FreeCredentials[]
ELSE ReleaseDiskCredentials[FALSE];
SetCredentialsInGerm[NIL, NIL];
EnsureTerminalOff[];
};
EnsureInitialized[];
IF ~options.alwaysInteract AND nameInGerm^.length > 0 THEN RETURN;  -- already logged in
AllocateCredentials[];
IF options.ignoreDiskEntirely THEN credentials^ _ bogusCredentials
ELSE AcquireDiskCredentials[ ! DiskNotReady => {HandleDiskNotReady[]; RETRY}];
IF credentials.implementationID = credentialsImplID THEN {
CheckCredentials: PROC [credentials: Credentials] RETURNS [ok: BOOL _ TRUE] = {
Downgrade: PROC [state: State] = {
[] _ ChangeStateInternal[state]; dirty _ TRUE; ok _ FALSE};
WITH cred: credentials SELECT FROM
nameHint => {
OPEN ConvertUnsafe;
diskUserName: ROPE = ToRope[@cred.userName];
EnsureTerminalOn[];
SetCredentialsInGerm[diskUserName, NIL];
[] _ GetAndAuthenticate[ ! UNWIND => CleanupOnAbort[]];
IF (dirty _ ~Rope.Equal[diskUserName, ToRope[nameInGerm^], FALSE]) THEN
[] _ ChangeStateInternal[nameHint];
};
nameAndPassword => {
OPEN ConvertUnsafe;
diskUserName: ROPE = ToRope[@cred.userName];
diskPassword: ROPE =
ToRope[@cred.userName + SIZE[StringBody[diskUserName.Length[]]]];
SetCredentialsInGerm[diskUserName, diskPassword];
SELECT GVNames.Authenticate[diskUserName, diskPassword] FROM
individual, allDown => NULL;
notFound, group => Downgrade[nameHint];
badPwd => Downgrade[name]; 
ENDCASE => ERROR Bug;
};
name => {
EnsureTerminalOn[];
SetCredentialsInGerm[ConvertUnsafe.ToRope[@cred.userName], NIL];
DO  -- loops only if GV down and password supplied doesn't work.
block: DESFace.Block;
SELECT GetAndAuthenticate[passwordOnly ! UNWIND => CleanupOnAbort[]] FROM
ok => {
DESFace.DecryptBlock[
key: DESFace.MakeKey[passwordInGerm^],
from: @cred.encryptedID, to: @block];
IF (dirty _ dirty OR (block ~= decryptedID)) THEN
[] _ ChangeStateInternal[name];
};
bogusGVName => Downgrade[nameHint];
gvDown => {
DESFace.DecryptBlock[
key: DESFace.MakeKey[passwordInGerm^],
from: @cred.encryptedID, to: @block];
IF block ~= decryptedID THEN {out.PutRope["Wrong credentials!\N"]; LOOP};
};
ENDCASE;
EXIT
ENDLOOP;
};
ENDCASE => ERROR Bug;
};
UNTIL CheckCredentials[credentials] DO ENDLOOP;
}
ELSE {
ENABLE UNWIND => CleanupOnAbort[];
RewriteDisk: PROCEDURE RETURNS [rewrite: BOOLEAN] = INLINE {
IF options.ignoreDiskEntirely THEN RETURN[FALSE];
IF ~options.confirmCredentialsOverwrite THEN RETURN[TRUE];
RETURN[~Confirm["Disk credentials missing or obsolete; shall I leave it that way? "]]
};
EnsureTerminalOn[];
IF (dirty _ RewriteDisk[]) THEN
[] _ ChangeStateInternal[
IF GetAndAuthenticate[] = ok AND ~options.prohibitDiskProtection AND
Confirm["Do you wish to prevent others from accessing your disk? "] THEN name
ELSE nameHint]
ELSE [] _ GetAndAuthenticate[];
};
IF options.ignoreDiskEntirely THEN FreeCredentials[]
ELSE
ReleaseDiskCredentials[dirty
! BrokenDisk => {
EnsureTerminalOn[];
out.PutRope["Disk error rewriting credentials file...I give up\N"];
DO ENDLOOP;
};
DiskNotReady => {HandleDiskNotReady[]; RETRY};
];
EnsureTerminalOff[];
};

GetState: PUBLIC ENTRY SAFE PROC RETURNS [state: State] = TRUSTED {
AcquireDiskCredentials[];
state _ credentials.state;
ReleaseDiskCredentials[FALSE];
};

ChangeState: PUBLIC ENTRY SAFE PROC [new: State] RETURNS [old: State] = TRUSTED {
AcquireDiskCredentials[];
old _ ChangeStateInternal[new];
ReleaseDiskCredentials[TRUE];
};

Get: PUBLIC ENTRY SAFE PROC RETURNS [name, password: ROPE] = TRUSTED {
EnsureInitialized[];
name _ ConvertUnsafe.ToRope[nameInGerm^];
password _ ConvertUnsafe.ToRope[passwordInGerm^];
};


BreakIn: PROC = {
BreakInInternal: ENTRY PROC = INLINE {
AllocateCredentials[];
[] _ ChangeStateInternal[noCredentials];
ReleaseDiskCredentials[TRUE];
};
Process.InitializeMonitor[@LOCK];
BreakInInternal[];
};


EnsureInitialized: PROC = {
IF nameInGerm^ = NIL THEN SetCredentialsInGerm[NIL, NIL]};

SetCredentialsInGerm: PROC [name, password: ROPE] = {
nameLen: NAT = name.Length[];
passwordLen: NAT = password.Length[];
IF SIZE[StringBody[nameLen]] + SIZE[StringBody[passwordLen]] > germFreeSpaceCount OR
nameLen > GVBasics.maxRNameLength OR
passwordLen > GVBasics.maxRNameLength THEN
ERROR IllegalParameter;
nameInGerm^ _ germFreeSpace;
nameInGerm^^ _ StringBody[maxlength: nameLen, text: ];
ConvertUnsafe.AppendRope[to: nameInGerm^, from: name];
passwordInGerm^ _ nameInGerm^ + SIZE[StringBody[nameLen]];
passwordInGerm^^ _ StringBody[maxlength: passwordLen, text: ];
ConvertUnsafe.AppendRope[to: passwordInGerm^, from: password];
};

ChangeStateInternal: PROC [new: State] RETURNS [old: State] = {
MoveString: PROC [new, old: LONG STRING] = {
ConvertUnsafe.AppendRope[to: new, from: ConvertUnsafe.ToRope[old]]};
words: CARDINAL;
old _ credentials.state;
SELECT new FROM
noCredentials => {
credentials^ _ bogusCredentials;
words _ SIZE[noCredentials CredentialsObject];
};
name => {
credentials^ _
[kind: name[encryptedID: , userName: StringBody[maxlength: nameInGerm^.length, text: ]]];
WITH cred: credentials SELECT FROM
name => {
block: DESFace.Block _ decryptedID;
DESFace.EncryptBlock[
key: DESFace.MakeKey[passwordInGerm^],
from: @block, to: @cred.encryptedID];
MoveString[@cred.userName, nameInGerm^];
};
ENDCASE => ERROR Bug;
words _ SIZE[name CredentialsObject] +
(SIZE[StringBody[nameInGerm^.length]] - SIZE[StringBody[0]]);
};
nameHint => {
credentials^ _
[kind: nameHint[userName: StringBody[maxlength: nameInGerm^.length, text: ]]];
WITH cred: credentials SELECT FROM
nameHint => MoveString[@cred.userName, nameInGerm^];
ENDCASE => ERROR Bug;
words _ SIZE[nameHint CredentialsObject] +
(SIZE[StringBody[nameInGerm^.length]] - SIZE[StringBody[0]]);
};
nameAndPassword => {
credentials^ _
[kind: nameAndPassword[userName: StringBody[maxlength: nameInGerm^.length, text: ]]];
WITH cred: credentials SELECT FROM
nameAndPassword => {
diskUserName: LONG STRING = @cred.userName;
diskPassword: LONG STRING = @cred.userName + SIZE[StringBody[nameInGerm^.length]];
MoveString[@cred.userName, nameInGerm^];
diskPassword^ _ StringBody[maxlength: passwordInGerm^.length, text: ];
MoveString[diskPassword, passwordInGerm^];
};
ENDCASE => ERROR Bug;
words _ SIZE[nameAndPassword CredentialsObject] +
(SIZE[StringBody[nameInGerm^.length]] - SIZE[StringBody[0]]) +
SIZE[StringBody[passwordInGerm^.length]];
};
ENDCASE => ERROR Bug;
credentials.checksum _ ComputeChecksum[DESCRIPTOR[credentials, words]];
};

ComputeChecksum: PROC [input: LONG DESCRIPTOR FOR ARRAY OF WORD]
RETURNS [checksum: WORD _ 0] = {
FOR i: CARDINAL IN [0..input.LENGTH) DO
checksum _ PrincOpsUtils.BITXOR[checksum, input[i]];
ENDLOOP;
};

ValidChecksum: PROC [input: LONG DESCRIPTOR FOR ARRAY OF WORD]
RETURNS [ok: BOOLEAN] = {
checksum: WORD _  0;
FOR i: CARDINAL IN [0..input.LENGTH) DO
checksum _ PrincOpsUtils.BITXOR[checksum, input[i]];
ENDLOOP;
RETURN[checksum = 0]
};

GetAndAuthenticate: PROC [askFor: {both, passwordOnly} _ both]
RETURNS [outcome: {ok, bogusGVName, gvDown} _ ok] = {
Rubout: ERROR = CODE;
GetID: PROC [default: ROPE, echo: BOOL _ TRUE] RETURNS [id: ROPE] = {
OPEN Ascii;
firstTime: BOOLEAN _ TRUE;
c: CHAR _ in.GetChar[];
EraseAll: PROC = {
IF echo THEN
FOR i: INT DECREASING IN [0..id.Length[]) DO out.EraseChar[id.Fetch[i]]; ENDLOOP;
id _ NIL;
};
Done: PROC [c: CHAR] RETURNS [BOOL] = INLINE {
IF firstTime THEN {
SELECT c FROM
ControlA, BS, ControlQ, ControlW, ControlX, CR, SP => NULL;
ENDCASE => EraseAll[];
firstTime _ FALSE;
};
RETURN[c = SP OR c = CR]
};
id _ default;
IF echo THEN out.PutRope[default];
UNTIL Done[c] DO
SELECT c FROM
DEL => ERROR Rubout;
ControlA, BS => {
len: INT _ id.Length[];
IF len > 0 THEN {
len _ len - 1;
IF echo THEN out.EraseChar[id.Fetch[len]];
id _ id.Substr[len: len];
};
};
ControlW, ControlQ => {
alpha: BOOL _ FALSE;
FOR i: INT DECREASING IN [0..id.Length[]) DO
ch: CHAR = id.Fetch[i];
IF Rope.Letter[ch] OR Rope.Digit[ch] THEN alpha _ TRUE
ELSE IF alpha THEN {id _ id.Substr[len: i + 1]; EXIT};
IF echo THEN out.EraseChar[ch];
REPEAT
FINISHED => id _ NIL;
ENDLOOP;
};
ControlX => EraseAll[];
ENDCASE => {id _ id.Concat[Rope.FromChar[c]]; IF echo THEN out.PutChar[c]};
c _ in.GetChar[];
ENDLOOP;
};
name, password: ROPE _ NIL;
defaultRegistry: ROPE = ".pa";
cancelString: ROPE = " XXX\N";
DO
ENABLE UNWIND => out.PutRope[cancelString];
name _ ConvertUnsafe.ToRope[nameInGerm^];
out.PutRope["Name: "];
IF askFor = passwordOnly THEN out.PutRope[name]
ELSE {
name _ GetID[name ! Rubout => {out.PutRope[cancelString]; LOOP}];
IF name.Find["."] = -1 THEN {
out.PutRope[defaultRegistry]; name _ name.Concat[defaultRegistry]};
};
out.PutRope["  password: "];
password _ GetID[NIL, FALSE ! Rubout => {out.PutRope[cancelString]; LOOP}];
SetCredentialsInGerm[name, password];
out.PutRope[" GV..."];
SELECT GVNames.Authenticate[name, password] FROM
individual => {out.PutRope["ok\N"]; EXIT};
notFound, group => {
out.PutRope["invalid user name"];
IF askFor = passwordOnly THEN {out.PutChar['\N]; outcome _ bogusGVName; EXIT};
};
badPwd => out.PutRope["incorrect password"];
allDown => {
out.PutRope["Grapevine down, proceeding anyway\N"]; outcome _ gvDown; EXIT};
ENDCASE;
out.PutRope[", try again.\N"];
ENDLOOP;
};

Confirm: PROCEDURE [message: ROPE _ NIL] RETURNS [BOOL] = {
DO
IF message ~= NIL THEN out.PutRope[message];
SELECT in.GetChar[ ! UNWIND => out.PutRope[" XXX\N"]] FROM
'y, 'Y, Ascii.SP, Ascii.CR, Ascii.ESC => {out.PutRope["Yes\N"]; RETURN[TRUE]};
'n, 'N, Ascii.DEL => {out.PutRope["No\N"]; RETURN[FALSE]};
ENDCASE;
ENDLOOP};

AllocateCredentials: PROC = {
diskCredentialsPages: VM.PageCount = VM.WordsToPages[File.wordsPerPage];
credentialsBuffer _ VM.Allocate[diskCredentialsPages];
credentials _ VM.PageNumberToAddress[credentialsBuffer.page];
VM.SwapIn[interval: credentialsBuffer, kill: TRUE, pin: TRUE];
};

FreeCredentials: PROC = {
VM.Free[credentialsBuffer];
credentials _ NIL;
};

AcquireDiskCredentials: PROC = {
IF credentialsPV = NIL THEN GetCredentialsVolume[];
IF credentials = NIL THEN AllocateCredentials[];
SELECT PhysicalVolume.ReadCredentials[credentialsPV, credentials] FROM
ok => {
words: CARDINAL;
WITH cred: credentials SELECT FROM
noCredentials => words _ SIZE[noCredentials CredentialsObject];
name =>
words _ SIZE[name CredentialsObject] +
(SIZE[StringBody[cred.userName.length]] - SIZE[StringBody[0]]);
nameHint =>
words _ SIZE[nameHint CredentialsObject] +
(SIZE[StringBody[cred.userName.length]] - SIZE[StringBody[0]]);
nameAndPassword => {
diskUserName: LONG STRING = @cred.userName;
diskPassword: LONG STRING = @cred.userName + SIZE[StringBody[diskUserName.length]];
words _ SIZE[nameAndPassword CredentialsObject] +
(SIZE[StringBody[diskUserName.length]] - SIZE[StringBody[0]]) +
SIZE[StringBody[diskPassword.length]];
};
ENDCASE;
IF ~ValidChecksum[DESCRIPTOR[credentials, words]] THEN
credentials^ _ bogusCredentials;
};
hardware =>
credentials^ _ bogusCredentials;
wentOffline => ERROR DiskNotReady;
ENDCASE => ERROR Bug;
};

ReleaseDiskCredentials: PROC [dirty: BOOL] = {
IF dirty THEN {
IF credentialsPV = NIL THEN GetCredentialsVolume[];
SELECT PhysicalVolume.WriteCredentials[credentialsPV, credentials] FROM
ok => NULL;
hardware => ERROR BrokenDisk;
wentOffline => ERROR DiskNotReady;
ENDCASE => ERROR Bug;
};
FreeCredentials[];
};

GetCredentialsVolume: PROC = {
UNTIL (credentialsPV _ PhysicalVolume.NextPhysical[credentialsPV]) = NIL OR
Disk.DriveAttributes[PhysicalVolume.PhysicalInfo[credentialsPV].channel].ordinal = 0 DO
ENDLOOP;
};


Initialize: ENTRY PROC = {EnsureInitialized[]};

Initialize[];
IF ~GermSwap.switches[n] THEN {
turnOnProc: SAFE PROC RETURNS [in, out: IO.STREAM] = CHECKED {
[in, out] _ SimpleTerminal.TurnOn[];
out.PutRope["\NLogin please...\N"];
};
turnOffProc: SAFE PROC [in, out: IO.STREAM] = CHECKED {SimpleTerminal.TurnOff[]};
Login[startInteraction: turnOnProc, endInteraction: turnOffProc];
DebuggerSwap.EnableSwatWatcher[TRUE];
};

END.


UserCredentialsImpl.mesa
last edited by Levin on June 27, 1983 5:49 pm
Declarations for data structures on disk
The text portion of the userName follows here
The text portion of the userName follows here
If state = nameAndPassword, another StringBody follows

Declarations for data structures in memory (germ)
VM.WordsToPages[germSD[PrincOps.sGFTLength]] blows up the compiler
Global Variables (protected by the monitor)


Exports to UserCredentials
Grapevine is up, and the credentials are valid.  The password used to encrypt the information in the credentials file may not be the same one that was used (successfully) to authenticate the user to Grapevine.  After all, the user may have changed his password in the Grapevine database since this procedure was last called.  However, since the user name presented to Grapevine was forced to come from the disk and Grapevine authenticated the user, we can be confident that this is the same user who requested that the encrypted information be stored on the disk originally.  We therefore encrypt with the new password and rewrite the credentials file.  In effect, this gives us a cache of the last successful Grapevine authentication, which will be useful if Grapevine proves to be down on a subsequent Login.
Grapevine is down, so we must fall back on our cached information on the disk.  We use the password supplied by the user to decrypt then compare  it with the expected value.  If it matches, the user is assumed to be authentic, and the password he supplied is highly likely to be the one he last successfully used to authenticate himself with Grapevine.
The internal signals from AcquireDiskCredentials and ReleaseDiskCredentials are presently uncaught, since we don't have any better way of dealing with them.
*** For emergency use only ***
Internal procedures
Note: one might think that this could be done at module start time, rather than on every call to a public procedure of this module.  However, the contents of the germ mds can change after this module is started (e.g., a checkpoint is taken, then a physical boot causes a rollback).
text to be backed up is of the form ...<non-alpha><alpha><non-alpha>, the <alpha> and following <non-alpha> are to be removed.
Disk access

PhysicalVolume assumes that the credentials occupy a maximum of File.wordsPerPage words.  We assert that:
File.wordsPerPage >= SIZE[nameAndPassword CredentialsObject] - SIZE[StringBody[0]] +
2*SIZE[StringBody[GVBasics.maxRNameLength]]];
The disk is there, but it doesn't seem to work, treat as "no credentials" now.
Start code
Κ ˜Jš
œ™Jš
œ-™-J˜š
Οk	˜	Jš
œœœ*œœœœ˜KJšœœ˜)Jšœ
œ˜'Jšœœ.˜;Jšœœ˜Jšœœ˜Jšœ	œ˜$Jšœ	œ˜ Jšœœ˜Jšœ
œ(œ˜8šœœ˜Jš
œI˜I—Jšœ	œœœ˜1Jšœœœ˜Jšœœ,˜9Jšœœ?œ
˜WJšœœ˜'Jšœœ'˜<šœ
œ˜
Jš
œ^˜^—J˜—šœ˜šœ
˜Jšœ?œ@˜ƒ
—Jšœ"˜)J˜—Jš
˜J˜Jšœ˜J˜Jšœœœ
˜Jšœœœ
˜J˜J˜Jš
œ(™(J˜Jšœœ	˜$JšœœΟc(˜[J˜Jšœœ˜4J˜Jš	œ
œœ
œ
œ˜6š	œœœ
	œ
œ˜;Jšœœ˜2Jšœ
œ˜Jšœœ˜'šœœ˜;Jšœœ
˜˜	Jšœ œ
˜%Jšœ1œœ
˜BJš
œ-™-J˜—˜Jšœ1œœ
˜BJš
œ-™-Jš
œ6™6J˜—Jš
˜—J˜J˜—J˜`J˜Jšœœœ
˜Jšœœœ
˜J˜J™Jš
œ1™1J˜J˜Jš
œœœ
œ
œ
œ
œ
˜/J˜J˜PJšœ	œ
œž*˜QJš
œ	œ
œœ	œ
œœ˜Kš
œœ
œ
œ
œœ
œ˜5Jšœ	œ
œœ˜2—š
œ˜Jšœ	œœ˜B—Jšœ*œ
œ
œ˜<Jšœœ
œœ
œ
œ˜Ašœœ˜Jš
œB™BJšœœœ˜EJšœ!œ
œ
œ˜4J˜—Jšœœœ
˜J˜J˜J™+J˜Jšœœ
˜Jšœœ
˜J˜J˜'J˜Jšœ	œ
œœ
˜J™J™Jš
œ™J˜šΟnœœ
œ
	œ˜Iprocš	œ	œ
œœ
œ˜9Kšœ	œœ
œ˜/Kšœ*œ˜3Jšœ
œœ
˜Jšœœœ
˜Jšœœœ
˜šŸœœ˜Jšœ
œ/œ˜HJš
œ˜—šŸœœ˜Jšœœ&œœ˜QJš
œ˜—šŸœœ˜J˜J˜1J˜)J˜J˜—šŸœœ˜Jšœœ˜4Jšœœ˜#Jšœœœ˜J˜J˜—J˜Jš	œœœ
œž˜XJ˜Jšœœ ˜BJšœBœ˜Nšœ2œ˜:š
Ÿœœœœœ˜OšŸ	œœ˜"Jšœ)œœ˜;—šœœ
˜"˜
Jšœ˜Jšœœ˜,J˜Jšœ#œ˜(Jšœœ˜7šœ9œ˜GJ˜#—J˜—˜Jšœ˜Jšœœ˜,šœœ˜Jšœœ%˜A—J˜1šœ2˜<Jšœœ
˜J˜'J˜Jšœœ˜—J˜—˜	J˜Jšœ;œ˜@šœž<˜@J˜šœ#œ˜I˜Jš
œͺ™ͺ˜J˜&J˜%—šœœ˜1J˜—J˜—J˜#˜Jš
œΰ™ΰ˜J˜&J˜%—Jšœœ'œ˜IJ˜—Jšœ
˜—Jš
˜Jšœ
˜—J˜—Jšœœ˜—J˜—Jšœœ
œ
˜/J˜
—šœ˜Jšœ
œ˜"š
Ÿœ	œ
œœœ˜<Jšœœ
œ
œ˜1Jšœ&œ
œ
œ˜:JšœO˜UJ˜—J˜šœ˜˜šœœ!˜DJšœDœ˜M—Jšœ
˜——Jšœ˜J˜—Jšœœ˜4š
˜˜˜J˜J˜CJšœ
œ
˜J˜—Jšœ'œ˜.J˜——J˜J˜J˜—šŸœœ
œ
œ
œ
œœ˜CJ˜J˜Jšœœ˜J˜J˜—šŸœœ
œ
	œœœ˜QJš
œœ
™œ
J˜J˜Jšœœ˜J˜J˜—šŸœœ
œ
œœœ˜FJ˜Jš
œ)˜)Jš
œ1˜1J˜J˜—Jš
œ™J˜šŸœœ˜šŸœœ
œœ˜&J˜J˜(Jšœœ˜J˜—Jšœœ˜!J˜J˜J˜—Jš
œ™J˜šŸœœ˜Jš
œ™™™Jš
œœ
œœœ˜:J˜—šŸœœœ˜5Jšœ	œ˜Jšœ
œ˜%šœ
œœ/˜TJšœ"˜$Jšœ&˜*Jšœ˜—J˜Jš
œ6˜6J˜6Jšœ œ˜:Jš
œ>˜>J˜>J˜J˜—šŸœœ
œ˜?šŸ
œœœ
œ˜,Jš
œD˜D—Jšœœ
˜J˜šœ˜˜J˜ Jšœœ"˜.J˜—˜	˜J˜Y—šœœ
˜"˜	J˜#˜J˜&J˜%—J˜(J˜—Jšœœ˜—šœœ˜&Jšœ
œ#œ˜=—J˜—˜
˜J˜N—šœœ
˜"J˜4Jšœœ˜—šœœ˜*Jšœ
œ#œ˜=—J˜—˜˜J˜U—šœœ
˜"˜Jšœœ
œ˜+Jšœœ
œœ!˜RJ˜(J˜FJ˜*J˜—Jšœœ˜—šœœ%˜1Jšœ
œ#œ˜>Jšœ%˜)—J˜—Jšœœ˜—Jšœ'
œ˜GJ˜J˜—šŸœœ	œ

œ
œ
œ
œ
œ
˜@Jšœœ	˜ š	œœ
œœ˜'Jšœœ˜4Jšœ
˜—J˜J˜—šŸ
œœ	œ

œ
œ
œ
œ
œ
˜>Jšœœ˜Jšœ
œ˜š	œœ
œœ˜'Jšœœ˜4Jšœ
˜—Jšœ˜J˜J˜—šŸœœ&˜>Jšœ.˜5Jšœœœ
˜šŸœœœœœœœ˜EJšœ˜Jšœœœ
˜Jšœœ˜šŸœœ˜šœ˜Jšœœ

œ
œœœ
˜Q—Jšœœ
˜	J˜—šŸœœœœœœ˜.šœœ˜šœ˜
Jš	œ
œ œœœ
˜;Jšœ˜—Jšœœ
˜Jš
œ˜—Jšœœ
œœ
˜J˜—J˜
Jšœœ˜"šœ	˜šœ˜
Jšœœ˜šœ
œ˜Jšœœ˜šœ	œ˜J˜Jšœœ˜*Jš
œ˜Jš
œ˜—J˜—š
œ˜Jš
œ~™~Jšœœœ
˜š	œœ

œ
œ˜,Jšœœ˜Jšœœœ	˜6Jšœ
œœœ˜6Jšœœ˜š
˜Jšœ	œ
˜—Jšœ
˜—J˜—Jšœž
˜Jšœ'œœ˜K—J˜Jšœ
˜—Jš
œ˜—Jšœœœ
˜Jšœœ	˜Jšœœ˜š
˜Jšœ
œ˜+Jš
œ)˜)J˜Jšœœ˜/šœ˜Jšœ:œ˜Ašœœ˜J˜C—J˜—J˜Jšœœœ)œ˜KJ˜%J˜šœ&˜0Jšœ$œ˜*˜J˜!Jšœœ+œ˜NJ˜—J˜,š
œ˜JšœFœ˜L—Jšœ
˜—J˜Jšœ
˜—J˜J˜—šŸœ	œœœœœ˜;š
˜Jšœœ
œ˜,šœœ˜:Jšœœœœœ
œ˜NJšœœœ
œ˜:Jšœ
˜—Jšœ˜	J˜——Jš
œ™J™šŸœœ˜šœœ
œ!˜Hš
œi™iš
œT™TJš
œ-™-———Jšœœ ˜6Jšœœ-˜=Jšœ+œœ˜>J˜J˜—šŸœœ˜Jšœ˜Jšœœ
˜J˜J˜—šŸœœ˜ Jšœœ
œ˜3Jšœœ
œ˜0šœ<˜F˜Jšœœ
˜šœœ
˜"Jšœœ"˜?˜šœœ˜&Jšœ
œ%œ˜?——˜šœœ˜*Jšœ
œ%œ˜?——˜Jšœœ
œ˜+Jšœœ
œœ"˜Sšœœ%˜1Jšœ
œ$œ˜?Jšœ"˜&—J˜—Jšœ
˜—šœ
œ˜6Jš
œ ˜ —J˜—š
œ˜Jš
œN™NJ˜ —Jšœœ˜"Jšœœ˜—J˜J˜—šŸœœ	œ˜.šœœ˜Jšœœ
œ˜3šœ=˜GJšœœ
˜Jšœœ˜Jšœœ˜"Jšœœ˜—J˜—J˜J˜J˜—šŸœœ˜šœ@œ
˜KJšœU˜WJšœ
˜—J˜J˜—Jš
œ
™
J˜JšŸ
œœ
œ˜/J˜J˜
šœœ˜š
œœ
œ
œœ
œœ˜>Jš
œ$˜$J˜#J˜—Jšœ
œ
œœ
œœ˜QJ˜AJšœœ˜%J˜—J˜Jšœ
˜J˜—…—<ΤZ†